build out docs

stumpapp · Jan 10, 2025 · dbe586c · dbe586c
1 parent 8c95ab0
commit dbe586c
Show file tree

Hide file tree

Showing 8 changed files with 114 additions and 17 deletions.
diff --git a/apps/desktop/package.json b/apps/desktop/package.json
@@ -7,15 +7,15 @@
 		"lint": "eslint .",
 		"tauri": "tauri",
 		"start": "tauri dev --no-watch",
-		"start-bundled": "yarn tauri dev  --no-watch -- --features bundled-server",
+		"start-bundled": "yarn tauri dev --no-watch",
 		"vite": "vite --",
 		"dev": "tauri dev",
 		"build": "tauri build",
-		"build:mac-universal": "tauri build --target universal-apple-darwin -- --features bundled-server",
-		"build:mac-x64": "tauri build --target x86_64-apple-darwin -- --features bundled-server",
-		"build:mac-arm": "tauri build --target aarch64-apple-darwin -- --features bundled-server",
-		"build:win": "tauri build --target x86_64-pc-windows-msvc -- --features bundled-server",
-		"build:linux": "tauri build --target x86_64-unknown-linux-gnu -- --features bundled-server",
+		"build:mac-universal": "tauri build --target universal-apple-darwin",
+		"build:mac-x64": "tauri build --target x86_64-apple-darwin",
+		"build:mac-arm": "tauri build --target aarch64-apple-darwin",
+		"build:win": "tauri build --target x86_64-pc-windows-msvc",
+		"build:linux": "tauri build --target x86_64-unknown-linux-gnu",
 		"nuke": "yarn exec rimraf node_modules"
 	},
 	"dependencies": {

diff --git a/apps/desktop/src-tauri/Cargo.toml b/apps/desktop/src-tauri/Cargo.toml
@@ -30,6 +30,7 @@ tauri-plugin-shell = "2"
 tokio = { workspace = true, features = ["full"] }
 
 [features]
+default = ["bundled-server"]
 # This feature will bundle the Stump server with the desktop app, allowing the user to use the desktop app
 # as their dedicated server instance.
-bundled-server = [ "dep:stump_server" ] 
+bundled-server = [ "dep:stump_server" ]
diff --git a/docs/pages/guides/desktop/_meta.ts b/docs/pages/guides/desktop/_meta.ts
@@ -1,5 +1,7 @@
 import { Meta } from 'nextra'
 
 export default {
-	index: 'Overview',
+	index: 'App',
+	'bundled-server': 'Bundled Server',
+	security: 'Security',
 } satisfies Meta
diff --git a/docs/pages/guides/desktop/bundled-server.mdx b/docs/pages/guides/desktop/bundled-server.mdx
@@ -0,0 +1,42 @@
+import { Callout } from 'nextra/components'
+
+# Bundled Server
+
+The desktop app comes with a fully functional Stump server built-in. This is a convenience feature to make it easier to get started with Stump without needing to set up a server separately.
+
+## Friction Points
+
+There are some compromises made to make this feature work:
+
+- The bundled server comes with a cost of about 70-80MB, arguably bloating the app size for those who perhaps don't need or want it.
+- The server does not come with a web-compatible client by default, so you have to download the web client separately if you want to use it in a browser
+- When you close the app the server will also exit. The current plan is to implement a tray functionality which keeps the server running in the background when the app is closed
+
+These pain points are very much on my radar, rest assured they are not planned to be permanent fixtures.
+
+The bundled server is not currently optional due to resource constraints, namely the lack of development time to adjust CI pipelines to build two separate versions of the app. I will happily accept contributions to make this possible, otherwise it is possible to build the app locally without the server if you so desire.
+
+There are a few thoughts on improving the requirement for the web client, such as bundling it directly in the server (which would bloat further) or developing an installer that will download and install the web client for you alongside the app.
+
+<Callout emoji="📣">
+	Please share your thoughts on how to improve the bundled server feature(s) and the pain points
+	outlined above. I'm always open to suggestions!
+</Callout>
+
+## Enabling the Server
+
+The server, while bundled by default, will not be enabled unless explicitly turned on. The setting for enabling the server is in multiple places, depending on the context, however it will always appear the same:
+
+### First Run
+
+When you first run the app, you will be greeted with a setup screen that prompts you to add a server. Instead, hit the "Bundled server" switch and restart the app. The server will be enabled on the next launch, and you will be presented with the same screen to connect to it.
+
+<Callout emoji="ℹ️" type="info">
+	The default options for the bundled server can be configured by editing the `~/.stump/Stump.toml`
+	file. For additional configuration options, see the [server
+	configuration](/guides/configuration/server-options) guide.
+</Callout>
+
+### Desktop Settings
+
+If you have already configured a server with the desktop application, launching will either take you directly into the app or the login screen for the actively connected server. The bundled server setting can be found in the settings menu, under the "Desktop" tab, in addition to the setup screen. As with the setup screen, toggling the switch will require a restart to take effect.
diff --git a/docs/pages/guides/desktop/index.mdx b/docs/pages/guides/desktop/index.mdx
@@ -2,16 +2,31 @@ import { Callout } from 'nextra/components'
 
 # Desktop App
 
+The desktop is almost identical to the web app which you're already familiar with, but with some added features unique to a native application:
+
+- **Standalone**: No need to open a browser to use Stump
+- **Discord Rich Presence**: Show off what you're doing in Stump to your friends
+- **Bundled Server**: Run your Stump server from the app itself, so you don't need to configure one separately
+- **Multiple Instances**: Connect to as many Stump instances as you want
+
+## Installation
+
 <Callout emoji="🚧">
 	At the time of writing, the desktop app has a **nightly** release available on
 	[GitHub](https://github.com/stumpapp/stump/releases/tag/untagged-dcf8ed03bb6a19b142e0). It is not
 	stable, will contain bugs, and not feature complete. However if you decide to try it, please
 	report any issues you encounter!
 </Callout>
 
-The very same app you use in your browser, but with added features:
+The desktop app is available for Windows, macOS, and Linux. Once stable releases are available, this page will be updated with the appropriate download links.
 
-- **Standalone**: No need to keep a browser tab open
-- **Discord Rich Presence**: Show off what you're doing in Stump to your friends
-- **Bundled Server**: Run your Stump server from the app itself, so you don't need to configure one separately
-- **Multiple Instances**: Connect to as many Stump instances as you want
+## Planned Features
+
+The desktop app is still in its infancy, and as such there are other features planned for the future. Some of these include:
+
+- **Offline Mode**: Read your books offline without needing to connect to a server
+- **Granular Discord Rich Presence**: Choose exactly what you want to show off to your friends. At the time of writing, it only shows that you are in the app
+
+<Callout emoji="📣" type="info">
+	Please share your thoughts on what you would like to see in the desktop app!
+</Callout>
diff --git a/docs/pages/guides/desktop/security.md b/docs/pages/guides/desktop/security.md
@@ -0,0 +1,37 @@
+# Security
+
+An overview of security-related topcis unique to the desktop app
+
+## Authentication
+
+The desktop app uses token-based authentication when authenticating against and communicating with the Stump server. The web app which you're accustomed to in the browser uses session-based authentication. Due to platform inconsistencies with cookies, this was a necessary change to ensure the desktop app could communicate with the server.
+
+### Token Storage
+
+The token is stored using your native platform's secure storage mechanism. On Windows, this is the Credential Manager, on macOS it is the Keychain, and on Linux it is the Secret Service. Because of this, you might be prompted to give Stump permission to access these services. The [keyring](https://docs.rs/keyring/latest/keyring/) library is used to interact with these secure stores.
+
+This is a necessary step to ensure your token is stored securely, as opposed to storing it somewhere in app memory. This helps to mitigate some of the common attack vectors that could be used to steal and maliciously use your token, such as JavaScript exploitation from crafted ebooks.
+
+## Debug Builds
+
+At the moment, all desktop builds are debug. This means that a developer console is available to you, which while convenient for debugging, could be used maliciously to exploit the app. This is a known issue, however will be resolved when the app is stable and non-debug builds are available.
+
+## macOS Quirks
+
+macOS has some unique security features that are worth mentioning:
+
+### Remote Access
+
+macOS has hardened restrictions on what URLs an app can successfully connect to. This means that non-local IP addresses are **actively blocked** by the app. This is unfortunately an unavoidable limitation imposed by Apple, and is not something that can be worked around. So if you are running a server and wish to connect to it **remotely**, you will have to configure a domain with the appropriate SSL certificates to connect to it.
+
+### App Signing (lack thereof)
+
+The desktop app is not signed, which means that macOS will likely flat out refuse to run it. This will hopefully be resolved in the future by signing the app, however since that comes at a cost it is not a priority or feasible at the moment.
+
+To get around this, you can force macOS to accept the risk by running the following command in Terminal:
+
+```bash
+xattr -c /Applications/Stump.app
+```
+
+While I obviously don't have malicious intent, I still have to say: **do at your own risk**.
diff --git a/packages/browser/src/components/savedServer/configuredServers/ConfiguredServersList.tsx b/packages/browser/src/components/savedServer/configuredServers/ConfiguredServersList.tsx
@@ -8,6 +8,7 @@ import { useCallback, useMemo, useState } from 'react'
 import { useLocation, useNavigate } from 'react-router'
 
 import { useTauriRPC } from '@/hooks/useTauriRPC'
+import BundledServer from '@/scenes/settings/app/desktop/features/BundledServer'
 import { useAppStore, useTauriStore, useUserStore } from '@/stores'
 
 import AddServerModal from './AddServerModal'
@@ -31,6 +32,7 @@ export default function ConfiguredServersSection() {
 	const navigate = useNavigate()
 
 	const isOnboarding = location.pathname === '/'
+	const isAuthScreen = location.pathname === '/auth'
 
 	const { t } = useLocaleContext()
 	const {
@@ -230,6 +232,8 @@ export default function ConfiguredServersSection() {
 					</Card>
 				)}
 
+				{(isOnboarding || isAuthScreen) && <BundledServer />}
+
 				<div
 					className={cn('flex flex-col gap-y-6', {
 						'pointer-events-none opacity-50': connected_servers.length === 0,

diff --git a/packages/browser/src/scenes/settings/app/desktop/features/BundledServer.tsx b/packages/browser/src/scenes/settings/app/desktop/features/BundledServer.tsx
@@ -4,8 +4,6 @@ import { useCallback } from 'react'
 import PreferenceToggle from '@/scenes/settings/PreferenceToggle'
 import { useTauriStore } from '@/stores'
 
-const IS_PRODUCTION = import.meta.env.PROD
-
 export default function BundledServer() {
 	const { t } = useLocaleContext()
 	const { run_bundled_server, setRunBundledServer } = useTauriStore()
@@ -17,12 +15,10 @@ export default function BundledServer() {
 
 	return (
 		<PreferenceToggle
-			title={IS_PRODUCTION ? t('common.notReady') : undefined}
 			label={t(getKey('label'))}
 			description={t(getKey('description'))}
 			isChecked={run_bundled_server}
 			onToggle={handleChange}
-			isDisabled={IS_PRODUCTION}
 		/>
 	)
 }