build_log sent with executables, use Same-Site = None in dev, partitioned cookies, CORS OPTIONS

2025-12-06 01:14:55 -06:00 · 2025-01-02 13:32:34 -06:00
parent 3de98ca7e2
commit 4ae4e2c64e
2 changed files with 23 additions and 7 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -97,6 +97,7 @@ async fn handle_socket(session_id: u32, websocket: WebSocket) {
    // Create the executable message first, borrow issues
    let executable_message = OutgoingMessage::Executables {
        executables: store.executable_json(),
+        build_log: store.build_log.clone(),
    };

    let session = store
@@ -316,6 +317,9 @@ async fn main() {
        )))
        .init();

+    // Add the build log & executables to the store
+    let mut store = STORE.lock().await;
+
    // Check if we are deployed on Railway
    let is_railway = env::var("RAILWAY_PROJECT_ID").is_ok();
    if is_railway {
@@ -328,12 +332,13 @@ async fn main() {
        );

        tracing::info!("Build logs available here: {}", build_logs);
+        store.build_log = Some(build_logs);
    }

-    // Add the executables to the store
-    let mut store = STORE.lock().await;
-    store.add_executable("windows", "./demo.exe");
-    store.add_executable("linux", "./demo-linux");
+    store.add_executable("Windows", "./demo.exe");
+    store.add_executable("Linux", "./demo-linux");
+    // store.add_executable("MacOS", "./demo-macos");
+
    drop(store); // critical: Drop the lock to avoid deadlock, otherwise the server will hang

    // Allow all origins if: debug mode or RAILWAY_PUBLIC_DOMAIN is not set
@@ -351,7 +356,7 @@ async fn main() {

    let cors = Cors::new()
        .allow_origin(&origin)
-        .allow_methods(vec![Method::GET])
+        .allow_methods(vec![Method::GET, Method::OPTIONS])
        .into_handler();
    tracing::debug!("CORS Allowed Origin: {}", &origin);

--- a/src/models.rs
+++ b/src/models.rs
@@ -92,11 +92,14 @@ pub struct State<'a> {
    pub executables: HashMap<&'a str, Executable>,
    // A map of sessions, keyed by their identifier (a random number)
    pub sessions: HashMap<u32, Session>,
+    // Provided on startup, the URL to the build log of the current deployment
+    pub build_log: Option<String>,
 }

 impl<'a> State<'a> {
    pub fn new() -> Mutex<Self> {
        Mutex::new(Self {
+            build_log: None,
            executables: HashMap::new(),
            sessions: HashMap::new(),
        })
@@ -149,8 +152,15 @@ impl<'a> State<'a> {
        res.add_cookie(
            Cookie::build(("Session", id.to_string()))
                .http_only(true)
+                .partitioned(true)
+                .secure(cfg!(debug_assertions) == false)
                .path("/")
-                .same_site(salvo::http::cookie::SameSite::Lax)
+                // Use SameSite=None only in development
+                .same_site(if cfg!(debug_assertions) {
+                    salvo::http::cookie::SameSite::None
+                } else {
+                    salvo::http::cookie::SameSite::Strict
+                })
                .permanent()
                .build(),
        );
@@ -204,7 +214,7 @@ impl Executable {
 }

 #[derive(Debug, Deserialize)]
-#[serde(tag = "type")]
+#[serde(tag = "type", rename_all = "kebab-case")]
 pub enum IncomingMessage {
    // A request from the client to delete a download token
    DeleteDownloadToken { id: u32 },
@@ -223,6 +233,7 @@ pub enum OutgoingMessage {
        session: Session,
    },
    Executables {
+        build_log: Option<String>,
        executables: Vec<ExecutableJson>,
    },
 }