feat(gui): force Administrator privileges via manifest and automate WebView2 loopback exemption for dev environment

2026-05-15 22:57:33 +03:00 · 2026-05-15 22:57:33 +03:00 · 5d9034ca1e
parent 57596143fa
commit 5d9034ca1e
2 changed files with 43 additions and 1 deletions
--- a/ostp-gui/src-tauri/build.rs
+++ b/ostp-gui/src-tauri/build.rs
@ -1,3 +1,30 @@
 fn main() {
-    tauri_build::build()
+    let mut windows = tauri_build::WindowsAttributes::new();
+    
+    // Define the manifest with requireAdministrator to allow TUN mode without terminal
+    // and include Common-Controls v6 for modern UI elements/dialogs.
+    let manifest = r#"
+        <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
+            <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
+                <security>
+                    <requestedPrivileges>
+                        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
+                    </requestedPrivileges>
+                </security>
+            </trustInfo>
+            <dependency>
+                <dependentAssembly>
+                    <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
+                </dependentAssembly>
+            </dependency>
+        </assembly>
+    "#;
+
+    windows = windows.app_manifest(manifest);
+
+    tauri_build::try_build(
+        tauri_build::Attributes::new()
+            .windows_attributes(windows)
+    )
+    .expect("failed to run build script");
 }
--- a/ostp-gui/src-tauri/src/lib.rs
+++ b/ostp-gui/src-tauri/src/lib.rs
@ -262,8 +262,23 @@ async fn start_tunnel(state: tauri::State<'_, AppState>) -> Result<bool, String>
    Ok(true)
 }

+#[cfg(target_os = "windows")]
+fn apply_webview_loopback_exemption() {
+    use std::os::windows::process::CommandExt;
+    if ostp_client::runner::is_admin() {
+        // Silently whitelist the standard WebView2 sandbox to communicate with elevated localhost/dev server
+        let _ = std::process::Command::new("CheckNetIsolation.exe")
+            .args(["LoopbackExempt", "-a", "-n=Microsoft.Win32WebView2Sandbox_cw5n1h2txyewy"])
+            .creation_flags(0x08000000)
+            .output();
+    }
+}
+
 #[cfg_attr(mobile, tauri::mobile_entry_point)]
 pub fn run() {
+    #[cfg(target_os = "windows")]
+    apply_webview_loopback_exemption();
+
    let state = AppState(Mutex::new(AppStateInner {
        shutdown_tx: None,
        metrics: None,