hook up cors for the controller/builder get config/data tab working

sawka · sawka · commit 14bd4ee47db2 · 2025-11-20T21:31:40.000-08:00
diff --git a/frontend/builder/tabs/builder-configdatatab.tsx b/frontend/builder/tabs/builder-configdatatab.tsx
@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { BuilderAppPanelModel } from "@/builder/store/builder-apppanel-model";
+import { CopyButton } from "@/element/copybutton";
 import { atoms } from "@/store/global";
 import { cn } from "@/util/util";
 import { useAtomValue } from "jotai";
@@ -130,6 +131,18 @@ const BuilderConfigDataTab = memo(() => {
         await fetchData();
     }, [fetchData]);
 
+    const handleCopyConfig = useCallback(() => {
+        if (state.config) {
+            navigator.clipboard.writeText(JSON.stringify(state.config, null, 2));
+        }
+    }, [state.config]);
+
+    const handleCopyData = useCallback(() => {
+        if (state.data) {
+            navigator.clipboard.writeText(JSON.stringify(state.data, null, 2));
+        }
+    }, [state.data]);
+
     useEffect(() => {
         if (isRunning) {
             fetchData();
@@ -174,23 +187,29 @@ const BuilderConfigDataTab = memo(() => {
             <div className="flex-1 overflow-auto p-4">
                 <div className="flex flex-col gap-6">
                     <div className="flex flex-col gap-2">
-                        <h4 className="text-base font-semibold text-primary flex items-center gap-2">
-                            <i className="fa fa-gear" />
-                            Config
-                        </h4>
+                        <div className="flex items-center justify-between">
+                            <h4 className="text-base font-semibold text-primary flex items-center gap-2">
+                                <i className="fa fa-gear" />
+                                Config
+                            </h4>
+                            <CopyButton title="Copy Config" onClick={handleCopyConfig} />
+                        </div>
                         <div className="bg-panel border border-border rounded-lg p-4 overflow-auto">
-                            <pre className="text-sm text-primary font-mono whitespace-pre">
+                            <pre className="text-xs text-primary font-mono whitespace-pre">
                                 {JSON.stringify(state.config, null, 2)}
                             </pre>
                         </div>
                     </div>
                     <div className="flex flex-col gap-2">
-                        <h4 className="text-base font-semibold text-primary flex items-center gap-2">
-                            <i className="fa fa-database" />
-                            Data
-                        </h4>
+                        <div className="flex items-center justify-between">
+                            <h4 className="text-base font-semibold text-primary flex items-center gap-2">
+                                <i className="fa fa-database" />
+                                Data
+                            </h4>
+                            <CopyButton title="Copy Data" onClick={handleCopyData} />
+                        </div>
                         <div className="bg-panel border border-border rounded-lg p-4 overflow-auto">
-                            <pre className="text-sm text-primary font-mono whitespace-pre">
+                            <pre className="text-xs text-primary font-mono whitespace-pre">
                                 {JSON.stringify(state.data, null, 2)}
                             </pre>
                         </div>
diff --git a/pkg/blockcontroller/tsunamicontroller.go b/pkg/blockcontroller/tsunamicontroller.go
@@ -292,6 +292,10 @@ func runTsunamiAppBinary(ctx context.Context, appBinPath string, appPath string,
 	cmd := exec.Command(appBinPath)
 	cmd.Env = append(os.Environ(), "TSUNAMI_CLOSEONSTDIN=1")
 
+	if wavebase.IsDevMode() {
+		cmd.Env = append(cmd.Env, "TSUNAMI_CORS=http://localhost:5173,http://localhost:5174")
+	}
+
 	// Add TsunamiEnv variables if configured
 	tsunamiEnv := blockMeta.GetMap(waveobj.MetaKey_TsunamiEnv)
 	for key, value := range tsunamiEnv {
diff --git a/pkg/buildercontroller/buildercontroller.go b/pkg/buildercontroller/buildercontroller.go
@@ -324,6 +324,10 @@ func (bc *BuilderController) runBuilderApp(ctx context.Context, appId string, ap
 	cmd := exec.Command(appBinPath)
 	cmd.Env = append(os.Environ(), "TSUNAMI_CLOSEONSTDIN=1")
 
+	if wavebase.IsDevMode() {
+		cmd.Env = append(cmd.Env, "TSUNAMI_CORS=http://localhost:5173,http://localhost:5174")
+	}
+
 	for key, value := range builderEnv {
 		cmd.Env = append(cmd.Env, key+"="+value)
 	}
diff --git a/tsunami/engine/serverhandlers.go b/tsunami/engine/serverhandlers.go
@@ -50,6 +50,31 @@ func setNoCacheHeaders(w http.ResponseWriter) {
 	w.Header().Set("Expires", "0")
 }
 
+func setCORSHeaders(w http.ResponseWriter, r *http.Request) bool {
+	corsOriginsStr := os.Getenv("TSUNAMI_CORS")
+	if corsOriginsStr == "" {
+		return false
+	}
+
+	origin := r.Header.Get("Origin")
+	if origin == "" {
+		return false
+	}
+
+	allowedOrigins := strings.Split(corsOriginsStr, ",")
+	for _, allowedOrigin := range allowedOrigins {
+		allowedOrigin = strings.TrimSpace(allowedOrigin)
+		if allowedOrigin == origin {
+			w.Header().Set("Access-Control-Allow-Origin", origin)
+			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
+			w.Header().Set("Access-Control-Allow-Credentials", "true")
+			return true
+		}
+	}
+	return false
+}
+
 func (h *httpHandlers) registerHandlers(mux *http.ServeMux, opts handlerOpts) {
 	mux.HandleFunc("/api/render", h.handleRender)
 	mux.HandleFunc("/api/updates", h.handleSSE)
@@ -200,8 +225,14 @@ func (h *httpHandlers) handleData(w http.ResponseWriter, r *http.Request) {
 		}
 	}()
 
+	setCORSHeaders(w, r)
 	setNoCacheHeaders(w)
 
+	if r.Method == http.MethodOptions {
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+
 	if r.Method != http.MethodGet {
 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
 		return
@@ -224,8 +255,14 @@ func (h *httpHandlers) handleConfig(w http.ResponseWriter, r *http.Request) {
 		}
 	}()
 
+	setCORSHeaders(w, r)
 	setNoCacheHeaders(w)
 
+	if r.Method == http.MethodOptions {
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+
 	switch r.Method {
 	case http.MethodGet:
 		h.handleConfigGet(w, r)
@@ -293,8 +330,14 @@ func (h *httpHandlers) handleSchemas(w http.ResponseWriter, r *http.Request) {
 		}
 	}()
 
+	setCORSHeaders(w, r)
 	setNoCacheHeaders(w)
 
+	if r.Method == http.MethodOptions {
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+
 	if r.Method != http.MethodGet {
 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
 		return
@@ -506,8 +549,14 @@ func (h *httpHandlers) handleManifest(manifestFileBytes []byte) http.HandlerFunc
 			}
 		}()
 
+		setCORSHeaders(w, r)
 		setNoCacheHeaders(w)
 
+		if r.Method == http.MethodOptions {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
 		if r.Method != http.MethodGet {
 			http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
 			return
