Application

To make use of the catchup mechanic clone the labs repository and fetch all tags. You’ll then be able to checkout a tagged commit per step in each track using the format git checkout TRACK_PART_STEP. Checking out a step takes you to the solved version of the step. Checking out the branch takes you to the finished version.

git clone https://github.com/simonhyll/tauri-by-simon-labs labs
cd labs
git fetch origin --tags
git checkout chatgpt_1_0

Create a project

For this project we’re going to be using Nuxt, a framework that CTA doesn’t support. So, we’re going to have to create it manually. It’s much simpler than you might think thanks to the tauri init command.

If you feel confident you’re certainly allowed to use something else, but it’s just a lab, I recommend you just go with what I recommend so you can easily copy-paste my solutions.

Simply create a new Nuxt project and run tauri init in it. Try running it when you’re done with tauri dev.
npx nuxi init # Pick pnpm # Initialize a git repo if you want mv nuxt-app chatgpt-lab cd chatgpt-lab pnpm add -D @tauri-apps/cli@next pnpm tauri init # call it "chatgpt-lab" # call the window "ChatGPT" # Use the default ../dist # Use the default http://localhost:3000 # Change to pnpm dev # Change to pnpm generate pnpm tauri dev # Optional: Use Git LFS to handle formats you won't be code reviewing git lfs track "*.png" "*.ico" "*.incs" "*.jpg" "*.jpeg"

Configure the frontend

When developing Tauri apps there are certain demands on the project your frontend creates, such as that it’s a statically compiled frontend. To make sure your Nuxt project is compatible with Tauri and follows best practices follow the official guide.

Note that even if we could run the previous step without these configurations it’s when you actually build the app that you may notice things breaking if your configurations haven’t been set up right. This is true for most frameworks. Always try compiling your app in production mode early on and run it before you develop your app for several months only to realize it doesn’t work at a fundamental level (based on a true story).

diff --git a/chatgpt/nuxt.config.ts b/chatgpt/nuxt.config.ts
index 8851e77..e68fe3a 100644
--- a/chatgpt/nuxt.config.ts
+++ b/chatgpt/nuxt.config.ts
@@ -1,4 +1,28 @@
-// https://nuxt.com/docs/api/configuration/nuxt-config
export default defineNuxtConfig({
-  devtools: { enabled: true }
-})
+  // (optional) Enable the Nuxt devtools
+  devtools: { enabled: true },
+  // Enable SSG
+  ssr: false,
+  vite: {
+    // Better support for Tauri CLI output
+    clearScreen: false,
+    // Enable environment variables
+    // Additional environment variables can be found at
+    // https://tauri.app/2/reference/environment-variables/
+    envPrefix: ["VITE_", "TAURI_"],
+    server: {
+      // Tauri requires a consistent port
+      strictPort: true,
+      // Enables the development server to be discoverable by other devices for mobile development
+      host: "0.0.0.0",
+      hmr: {
+        // Use websocket for mobile hot reloading
+        protocol: "ws",
+        // Make sure it's available on the network
+        host: "0.0.0.0",
+        // Use a specific port for hmr
+        port: 5183,
+      },
+    },
+  },
+});

Add the Tauri JS API

While it’s possible to develop Tauri apps without adding this package it’s heavily encouraged for JavaScript projects to use it. An alternative is to get the full api exposed at all times in the window variable using "withGlobalTauri": true in tauri.conf.json, but it causes a bit of bloat and isn’t as nice.

The most simplified explanation of what the JS API is is a set of premade Tauri commands you can use. You don’t need to have it, but there’s also little point in not making use of it.
pnpm add @tauri-apps/api@next
diff --git a/chatgpt/package.json b/chatgpt/package.json index f417166..e193d9f 100644 --- a/chatgpt/package.json +++ b/chatgpt/package.json @@ -10,6 +10,7 @@ "postinstall": "nuxt prepare" }, "dependencies": { + "@tauri-apps/api": "2.0.0-beta.5", "@tauri-apps/cli": "2.0.0-beta.9", "nuxt": "^3.10.3", "vue": "^3.4.21",
Develop a basic frontend

This is where you can let your artistic side out and go nuts. If you don’t want to make the frontend yourself feel free to just use the solution below.

What you should have at the end of this step is a basic website capable of making use of the Tauri JS API. You should be showing some manner of HTML <form> for getting a submit event that you can use to send your message to the BE. Then you’ll need some manner of <ul><li><p> or other appropriate set of elements that you can reactively create as you receive events with messages from the BE. Additionally there should be some manner of <input> somewhere that you can enter your API token into to send to the BE.

I’ll be using Vuetify since it has a lot of components we can use and I’m quite familiar with it. If you don’t want to copy-paste your way to the solution feel free to git checkout chatgpt_1_4 now. I’ll be having a couple extras, like selecting which model to use and markdown rendering, but don’t feel like you need to overkill this, a minimal example could technically be a single HTML file with 10-20 lines of code.

You’re done when you have the following features implemented:
- An async saveToken function with access to a token: string variable
- Some manner of <input> where users can enter the aforementioned token value
- An async sendMessage function with access to a message: string variable
- Some manner of <input> where users can enter the aforementioned message value
- Data reactivity for a messages array so that when new messages are pushed to it they show up in the FE, each message in the format {from: string, text: string}
Add dependencies.
pnpm add -D vuetify vite-plugin-vuetify pnpm add @mdi/font
Update your Nuxt config.
nuxt.config.ts
import vuetify, { transformAssetUrls } from 'vite-plugin-vuetify' export default defineNuxtConfig({ //... build: { transpile: ['vuetify'], }, modules: [ (_options, nuxt) => { nuxt.hooks.hook('vite:extendConfig', (config) => { // @ts-expect-error config.plugins.push(vuetify({ autoImport: true })) }) }, ], vite: { vue: { template: { transformAssetUrls, }, }, //... }, })
Add a plugin for loading Vuetify.
plugins/vuetify.ts
import '@mdi/font/css/materialdesignicons.css' import 'vuetify/styles' import { createVuetify } from 'vuetify' export default defineNuxtPlugin((app) => { const vuetify = createVuetify({}) app.vueApp.use(vuetify) })
Now Vuetify and the material design icons are set up and available to use! You can find a list of all the components at your disposal here to develop your UI. Or you can simply keep reading and we’ll set up something basic together.
Modify app.vue to use NuxtLayout.
app.vue
<template> <NuxtLayout /> </template>
Create a default layout.
layouts/default.vue
<template> <v-app theme="dark"> <v-navigation-drawer /> <NuxtPage /> </v-app> </template>
Create a main page.
pages/index.vue
<template> <v-main> <h1>Hello World!</h1> </v-main> </template>
Set up logging

To get some nicer looking logging going in the terminal as well as get the logs to propagate to the frontend we’re gonna add the tauri-plugin-log crate to our project, which is essentially a wrapper around the more well known log crate.
pnpm add https://github.com/tauri-apps/tauri-plugin-log#v2 cd src-tauri cargo add tauri-plugin-log --git https://github.com/tauri-apps/plugins-workspace --branch v2 cargo add log
At a global level attach the logging so you can see it in your devtools.
Register the plugin in lib.rs.
Add the Tauri commands

To begin with we’re just going to be adding the placeholders for the basic Tauri commands we want to have. We’re not going to be going into the specifics of error handling here, so just use the standard library’s std::result::Result and don’t return the error to the frontend. For this lab I’ve chosen the following commands:
- struct Message {role: String, content: String}: Represents a single message to/from the API.
- async fn get_messages(app: AppHandle) -> Result<Vec<Message>, ()>: Retrieves the current list of messages.
- async fn connect(app: AppHandle, token: String) -> Result<(), ()>: Stores the token in the BE so that we can use it when we query the ChatGPT API.
- async fn prompt(app: AppHandle, message: String) -> Result<(), ()>: Sends a message to the ChatGPT API. This will also set up an emitter for message events carrying payloads from the API response, so we can listen to them in the FE.
Set up the commands and register them in the app. We also need to make sure the Manager trait is in scope so we extend the capabilities of the AppHandle struct.
src-tauri/src/lib.rs
use log::LevelFilter; use tauri_plugin_log::{Target, TargetKind}; use tauri::{AppHandle, Manager}; #[tauri::command] async fn prompt(app: AppHandle, msg: String) -> Result<(), ()> { log::info!("Received message!"); Ok(()) } #[tauri::command] async fn connect(app: AppHandle, token: String) -> Result<(), ()> { log::info!("Connecting!"); Ok(()) } #[cfg_attr(mobile, tauri::mobile_entry_point)] pub fn run() { tauri::Builder::default() .plugin( tauri_plugin_log::Builder::new() .level(LevelFilter::Info) .targets([ Target::new(TargetKind::Stdout), Target::new(TargetKind::Webview), ]) .build(), ) .invoke_handler(tauri::generate_handler![prompt, connect]) .run(tauri::generate_context!()) .expect("error while running tauri application"); }
Connect the FE with the BE

Now that we have a basic FE and BE going it’s time to connect them so we can see what’s going on.
- Make your token input send its value to the BE: invoke('connect', {'token': 'abc123'})
- Make the messaging form submit its value to the BE: invoke('prompt': {'message': 'Hello!'})
- Create an event listener that listens to message payloads from the BE: const unlisten = listen('message')
TODO: Develop this part
Store data in a State

Tauri has concept called “states”, something you’ll find in most frameworks out there. They’re a form of singleton value that is accessible throughout your entire app for the entirety of its runtime. Note that they don’t persist after the app exits, something that can be manually implemented but we won’t be going into how to do that here.

We’ll be creating a ChatGPT struct here that stores all our messages as well as the API token. In a real application you’d want to store the messages on the filesystem instead of in-memory, but this will do just fine for the lab.
TODO: Develop this part
Get yourself a ChatGPT API token

If you don’t have one already now is the time to get yourself a ChatGPT API token. Log onto your ChatGPT account and create one now. Make sure you set a spending limit on it just in case, and use the cheaper models during development so you don’t waste money.
TODO: Develop this part
Create a ChatGPT API client

Now that we have somewhere to store our data and a token for the API we’ll be setting up a client that we can use for sending our requests.
TODO: Develop this part
Prompt the API

Now that we have somewhere to store our data and a token for the API we’ll be setting up a client that we can use for sending our requests.
TODO: Develop this part
BONUS: Mobile support

Thanks to the way we’ve developed this application it’s very easy to add mobile support to it. Simply run pnpm tauri android init and pnpm tauri ios init depending on which target you want to start working on. These commands will set up new projects in gen/android and gen/ios as well as sanity check your dev environment setup. Note that choosing to .gitignore the gen/ folder is a project specific decision, in general if you don’t have advanced requirements it’s best to ignore it and rely on developing plugins instead of directly modifying the projects, though direct modification can in rare cases be necessary.

This lab doesn’t show off nearly all the capabilities we have at our disposal for making the perfect project. There are things both in the code itself and outside it that we could do to improve it. Figure out what some of those are!

While a PWA (persistent web app) shares a lot of similarities with a Tauri app, there are features that Tauri provides that you wouldn’t have access to in a basic PWA. Lets take a moment to appreciate what it is that Tauri has to offer!

While we haven’t actively tried to make an insecure solution there are some potential risks involved with how we’ve developed this little lab. Which ones did you spot?

The best defense is a strong offense. It’s a good practice to take some time to think about how you might go about attacking your own solutions. Don’t just consider potential attacks against your users, you are also very much a potential target to attack. Can you figure out some ways of defending against the attacks?

Application

Create a project

Configure the frontend

Add the Tauri JS API

Develop a basic frontend

Set up logging

Add the Tauri commands

Connect the FE with the BE

Store data in a State

Get yourself a ChatGPT API token

Create a ChatGPT API client

Prompt the API

BONUS: Mobile support

Questions

How can we improve our solution?

What is Tauri providing us with that we don’t have in a PWA?

What are some potential security issues?

How would you attack this project?