diff --git a/packages/root-cms/core/app.tsx b/packages/root-cms/core/app.tsx index 2f7be3895..be0230687 100644 --- a/packages/root-cms/core/app.tsx +++ b/packages/root-cms/core/app.tsx @@ -226,10 +226,27 @@ export async function renderSignIn( res: Response, options: RenderOptions ) { - const ctx = { + const ctx: any = { name: options.cmsConfig.name || options.cmsConfig.id || '', firebaseConfig: options.cmsConfig.firebaseConfig, }; + + // If the session cookie secret is missing, users will be forced to re-login + // whenever a new server spins up or restarts. On dev, show the warning + // directly on the sign in page. On prod, suggest the user to check server + // logs. + if (!options.rootConfig.server?.sessionCookieSecret) { + const warning = + 'Dev warning: `server.sessionCookieSecret` is missing in `root.config.ts`. Configure this secret in production to secure CMS sessions.'; + console.warn(warning); + if (process.env.NODE_ENV === 'development') { + ctx.warning = warning; + } else { + ctx.warning = + 'Dev warning: Server may be misconfigured. See logs for more information.'; + } + } + const mainHtml = renderToString( ); diff --git a/packages/root-cms/signin/signin.tsx b/packages/root-cms/signin/signin.tsx index b97910fb3..f25c870dc 100644 --- a/packages/root-cms/signin/signin.tsx +++ b/packages/root-cms/signin/signin.tsx @@ -11,6 +11,7 @@ declare global { __ROOT_CTX: { name: string; firebaseConfig: Record; + warning: string; }; firebase: { app: FirebaseApp; @@ -22,6 +23,7 @@ declare global { function SignIn() { const [errorMsg, setErrorMsg] = useState(''); const title = window.__ROOT_CTX.name; + const warning = window.__ROOT_CTX.warning; function onError(msg: string) { setErrorMsg(msg); @@ -35,6 +37,7 @@ function SignIn() { {title ? `Sign in to continue to ${title}` : 'Sign in to continue'}

+ {warning &&
{warning}
} {errorMsg &&

{errorMsg}

} diff --git a/packages/root-cms/signin/styles/signin.css b/packages/root-cms/signin/styles/signin.css index b197c6d1e..e175a85b5 100644 --- a/packages/root-cms/signin/styles/signin.css +++ b/packages/root-cms/signin/styles/signin.css @@ -43,6 +43,18 @@ transition: all 0.218s ease; } +.signin__warning { + max-width: 520px; + margin: 0 auto 40px; + padding: 12px; + border: 1px solid #fbbc04; + border-radius: 8px; + background: #fff9db; + color: #5f370e; + font-size: 14px; + line-height: 1.5; +} + .signin__button:hover { border-color: #d2e3fc; background-color: rgba(66, 133, 244, 0.04);