From 4ae4e2c64eea9f8bc9e1df9b573122088b2cec2b Mon Sep 17 00:00:00 2001
From: Xevion <xevion@xevion.dev>
Date: Thu, 2 Jan 2025 13:32:34 -0600
Subject: [PATCH] build_log sent with executables, use Same-Site = None in dev,
 partitioned cookies, CORS OPTIONS

---
 src/main.rs   | 15 ++++++++++-----
 src/models.rs | 15 +++++++++++++--
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 037ce08..af4b881 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -97,6 +97,7 @@ async fn handle_socket(session_id: u32, websocket: WebSocket) {
     // Create the executable message first, borrow issues
     let executable_message = OutgoingMessage::Executables {
         executables: store.executable_json(),
+        build_log: store.build_log.clone(),
     };
 
     let session = store
@@ -316,6 +317,9 @@ async fn main() {
         )))
         .init();
 
+    // Add the build log & executables to the store
+    let mut store = STORE.lock().await;
+
     // Check if we are deployed on Railway
     let is_railway = env::var("RAILWAY_PROJECT_ID").is_ok();
     if is_railway {
@@ -328,12 +332,13 @@ async fn main() {
         );
 
         tracing::info!("Build logs available here: {}", build_logs);
+        store.build_log = Some(build_logs);
     }
 
-    // Add the executables to the store
-    let mut store = STORE.lock().await;
-    store.add_executable("windows", "./demo.exe");
-    store.add_executable("linux", "./demo-linux");
+    store.add_executable("Windows", "./demo.exe");
+    store.add_executable("Linux", "./demo-linux");
+    // store.add_executable("MacOS", "./demo-macos");
+
     drop(store); // critical: Drop the lock to avoid deadlock, otherwise the server will hang
 
     // Allow all origins if: debug mode or RAILWAY_PUBLIC_DOMAIN is not set
@@ -351,7 +356,7 @@ async fn main() {
 
     let cors = Cors::new()
         .allow_origin(&origin)
-        .allow_methods(vec![Method::GET])
+        .allow_methods(vec![Method::GET, Method::OPTIONS])
         .into_handler();
     tracing::debug!("CORS Allowed Origin: {}", &origin);
 
diff --git a/src/models.rs b/src/models.rs
index 12f12fa..b6bb2b3 100644
--- a/src/models.rs
+++ b/src/models.rs
@@ -92,11 +92,14 @@ pub struct State<'a> {
     pub executables: HashMap<&'a str, Executable>,
     // A map of sessions, keyed by their identifier (a random number)
     pub sessions: HashMap<u32, Session>,
+    // Provided on startup, the URL to the build log of the current deployment
+    pub build_log: Option<String>,
 }
 
 impl<'a> State<'a> {
     pub fn new() -> Mutex<Self> {
         Mutex::new(Self {
+            build_log: None,
             executables: HashMap::new(),
             sessions: HashMap::new(),
         })
@@ -149,8 +152,15 @@ impl<'a> State<'a> {
         res.add_cookie(
             Cookie::build(("Session", id.to_string()))
                 .http_only(true)
+                .partitioned(true)
+                .secure(cfg!(debug_assertions) == false)
                 .path("/")
-                .same_site(salvo::http::cookie::SameSite::Lax)
+                // Use SameSite=None only in development
+                .same_site(if cfg!(debug_assertions) {
+                    salvo::http::cookie::SameSite::None
+                } else {
+                    salvo::http::cookie::SameSite::Strict
+                })
                 .permanent()
                 .build(),
         );
@@ -204,7 +214,7 @@ impl Executable {
 }
 
 #[derive(Debug, Deserialize)]
-#[serde(tag = "type")]
+#[serde(tag = "type", rename_all = "kebab-case")]
 pub enum IncomingMessage {
     // A request from the client to delete a download token
     DeleteDownloadToken { id: u32 },
@@ -223,6 +233,7 @@ pub enum OutgoingMessage {
         session: Session,
     },
     Executables {
+        build_log: Option<String>,
         executables: Vec<ExecutableJson>,
     },
 }