Phase 18: internet realtime collaboration (GM-authoritative) + server
- Shared Zod wire protocol (src/lib/sync/messages.ts): hosted/joined/snapshot/ mapImage/error; player-safe projections only (enemy HP masked on the GM before broadcast via src/lib/combat/playerProjection.ts). - wsSync adapter (src/lib/sync/wsSync.ts) behind the existing SyncAdapter seam: GM hostSession + debounced snapshot broadcast (useSessionBroadcaster), player joinSession into an ephemeral playerSessionStore, exponential-backoff reconnect with seamless room resume (GM secret). localSync remains the offline default. - buildSnapshot (src/lib/sync/snapshot.ts) reuses the same projection as the local /play view, guaranteeing parity. Player view refactored into shared PlayerBoards; /play?room=CODE = networked read-only mode. - SessionControl in the header: Host (optional password) → shareable room code/link. - Server (server/): Fastify + @fastify/websocket + @fastify/static, in-memory GM-authoritative rooms (crypto room id/secret hashed, optional join password, TTL sweep, players strictly read-only), origin allowlist, per-frame size cap + rate limit, Zod validation. esbuild bundle (server/build.mjs), tsconfig.server.json. - Dockerfile (multi-stage) + deploy/ttrpg.compose.yml (own project on external 'proxy' net, Traefik labels for ttrpg.briggen.dev, non-root, no-new-privileges). CSP connect-src now allows same-origin wss:. Tests: protocol round-trip, room hub (auth/password/resume/TTL/read-only), enemy masking, Fastify+ws integration (host→join→snapshot, player push rejected), and a two-context Playwright realtime spec (separate config) — GM hosts, player device sees live combat with masked enemy HP. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,30 @@
|
||||
# Self-contained compose project for ttrpg.briggen.dev.
|
||||
# Deploy: rsync the repo to /root/briggen-dev/ttrpg/, place this file there as
|
||||
# docker-compose.yml, then `docker compose up -d --build`.
|
||||
# Joins the EXISTING external `proxy` network — the shared Traefik stack is untouched.
|
||||
name: ttrpg
|
||||
|
||||
services:
|
||||
ttrpg:
|
||||
build: .
|
||||
container_name: ttrpg
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- PORT=8787
|
||||
- STATIC_DIR=/app/dist
|
||||
- NODE_ENV=production
|
||||
- ALLOWED_ORIGINS=https://ttrpg.briggen.dev
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.ttrpg.rule=Host(`ttrpg.briggen.dev`)"
|
||||
- "traefik.http.routers.ttrpg.entrypoints=websecure"
|
||||
- "traefik.http.routers.ttrpg.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.services.ttrpg.loadbalancer.server.port=8787"
|
||||
networks:
|
||||
- proxy
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
Reference in New Issue
Block a user