feat: unify recommend anonymous runtime guest auth

- Route recommended runtime launches through shared runtime guest token handling - Extend recommend-page anonymous play beyond jump-hop - Add regression coverage for runtime guest launch clients - Update docs to reflect the full anonymous-play matrix
2026-05-25 14:03:38 +08:00
parent 9a0bc6b129
commit c1dcf074bb
23 changed files with 820 additions and 236 deletions
--- a/server-rs/crates/api-server/src/work_play_tracking.rs
+++ b/server-rs/crates/api-server/src/work_play_tracking.rs
@@ -2,7 +2,7 @@ use module_runtime::RuntimeTrackingScopeKind;
 use serde_json::{Value, json};

 use crate::{
-    auth::AuthenticatedAccessToken,
+    auth::{AuthenticatedAccessToken, RuntimePrincipal},
    request_context::RequestContext,
    state::{AppState, PuzzleApiState},
    tracking::{TrackingEventDraft, record_tracking_event_after_success},
@@ -36,12 +36,28 @@ impl WorkPlayTrackingDraft {
        )
    }

-    pub(crate) fn anonymous(
+    pub(crate) fn runtime_principal(
        play_type: &'static str,
        work_id: impl Into<String>,
+        principal: &RuntimePrincipal,
        source_route: &'static str,
    ) -> Self {
-        Self::with_user_id(play_type, work_id, None, source_route)
+        match principal {
+            RuntimePrincipal::User(authenticated) => {
+                Self::new(play_type, work_id, authenticated, source_route)
+            }
+            RuntimePrincipal::Guest(claims) => Self::with_user_id(
+                play_type,
+                work_id,
+                Some(claims.subject().to_string()),
+                source_route,
+            )
+            .extra(json!({
+                "principalKind": "guest",
+                "guestSubject": claims.subject(),
+                "guestScope": claims.scope(),
+            })),
+        }
    }

    fn with_user_id(