Merge pull request #476 from Sovereign-Engineering/includeAllNetworks2

kevincox · web-flow · commit 55633ffba938 · 2025-04-10T09:27:43.000-04:00
Add option to use `includeAllNetworks`.
diff --git a/apple/client/OsStatus.swift b/apple/client/OsStatus.swift
@@ -10,16 +10,29 @@ class OsStatus: Encodable {
     var internetAvailable: Bool = false
     var osVpnStatus: NEVPNStatus
     let srcVersion = sourceVersion()
+    var strictLeakPrevention: Bool
     var updaterStatus = UpdaterStatus()
     var debugBundleStatus = DebugBundleStatus()
 
-    init(osVpnStatus: NEVPNStatus) {
+    init(
+        strictLeakPrevention: Bool,
+        osVpnStatus: NEVPNStatus,
+    ) {
         self.osVpnStatus = osVpnStatus
+        self.strictLeakPrevention = strictLeakPrevention
     }
 
-    static func watchable(connection: NEVPNConnection) -> WatchableValue<OsStatus> {
-        let notifications = NotificationCenter.default.notifications(named: .NEVPNStatusDidChange, object: connection)
-        let w = WatchableValue(OsStatus(osVpnStatus: connection.status))
+    static func watchable(
+        manager: NEVPNManager,
+    ) -> WatchableValue<OsStatus> {
+        var lastIncludeAllNetworks = switch manager.protocolConfiguration {
+        case let .some(proto): proto.includeAllNetworks
+        case nil: false // Report safe default.
+        }
+        let w = WatchableValue(OsStatus(
+            strictLeakPrevention: lastIncludeAllNetworks,
+            osVpnStatus: manager.connection.status
+        ))
         Task {
             for await path in NWPathMonitor().stream() {
                 logger.info("NWPathMonitor event: \(path.debugDescription, privacy: .public)")
@@ -29,16 +42,44 @@ class OsStatus: Encodable {
                 }
             }
         }
+
+        let vpnConfigNotifications = NotificationCenter.default.notifications(named: .NEVPNConfigurationChange, object: manager)
         Task {
-            for await _ in notifications {
-                let osVpnStatus = connection.status
+            for await _ in vpnConfigNotifications {
+                let includeAllNetworks: Bool
+                if let proto = manager.protocolConfiguration {
+                    includeAllNetworks = proto.includeAllNetworks
+                } else {
+                    logger.warning("NEVPNManager.protocolConfiguration is nil")
+                    includeAllNetworks = false // Safe default
+                }
+
+                logger.info("NEVPNConfigurationChangeNotification includeAllNetworks \(includeAllNetworks, privacy: .public)")
+
+                if includeAllNetworks == lastIncludeAllNetworks {
+                    continue
+                }
+
+                lastIncludeAllNetworks = includeAllNetworks
+                _ = w.update { value in
+                    value.strictLeakPrevention = includeAllNetworks
+                    value.version = UUID()
+                }
+            }
+        }
+
+        let vpnStatusNotifications = NotificationCenter.default.notifications(named: .NEVPNStatusDidChange, object: manager.connection)
+        Task {
+            for await _ in vpnStatusNotifications {
+                let osVpnStatus = manager.connection.status
                 logger.info("NEVPNStatus event: \(osVpnStatus, privacy: .public)")
                 _ = w.update { value in
                     value.osVpnStatus = osVpnStatus
                     value.version = UUID()
                 }
             }
         }
+
         return w
     }
 }
diff --git a/apple/client/TunnelProvider.swift b/apple/client/TunnelProvider.swift
@@ -77,6 +77,7 @@ class TunnelProviderInit {
             let proto = NETunnelProviderProtocol()
             proto.providerBundleIdentifier = extensionBundleID()
             proto.serverAddress = "obscura.net"
+            proto.includeAllNetworks = manager.protocolConfiguration?.includeAllNetworks ?? false
             manager.protocolConfiguration = proto
             manager.isEnabled = true
 
diff --git a/apple/client/app_state.swift b/apple/client/app_state.swift
@@ -16,7 +16,7 @@ class AppState: ObservableObject {
     ) {
         self.manager = manager
         self.status = initialStatus
-        self.osStatus = OsStatus.watchable(connection: manager.connection)
+        self.osStatus = OsStatus.watchable(manager: manager)
 
         Task { @MainActor in
             var version: UUID = initialStatus.version
@@ -63,6 +63,36 @@ class AppState: ObservableObject {
         }
     }
 
+    func setIncludeAllNetworks(enable: Bool) async throws {
+        guard let proto = self.manager.protocolConfiguration else {
+            throw "NEVPNManager.protocolConfiguration is nil"
+        }
+
+        Self.logger.info("setIncludeAllNetworks \(proto.includeAllNetworks, privacy: .public) → \(enable, privacy: .public)")
+
+        if proto.includeAllNetworks == enable { return }
+
+        proto.includeAllNetworks = enable
+        do {
+            try await self.manager.saveToPreferences()
+            return
+        } catch {
+            Self.logger.error("Failed to save NEVPNManager: \(error.localizedDescription)")
+        }
+
+        do {
+            try await self.manager.loadFromPreferences()
+            return
+        } catch {
+            Self.logger.error("Failed to reload NEVPNManager: \(error.localizedDescription)")
+        }
+
+        proto.includeAllNetworks = false
+        Self.logger.warning("Marking local includeAllNetworks to false as a safe default.")
+
+        throw "Unable to save VPN configuration."
+    }
+
     func enableTunnel(_ tunnelArgs: TunnelArgs) async throws(String) {
         for _ in 1 ..< 3 {
             // Checking the status to decide whether to use `startVPNTunnel` or the `setTunnelArgs` command is not necessary for correct behavior. Handling of the `errorCodeTunnelInactive` error code is sufficient to always do the right thing eventually. However, this does require an app message round-trip to the NE, which can be a little slow at times.
diff --git a/apple/client/command.swift b/apple/client/command.swift
@@ -10,6 +10,7 @@ enum Command: Codable {
     case stopTunnel
     case debuggingArchive
     case revealItemInDir(path: String)
+    case setStrictLeakPrevention(enable: Bool)
     case registerAsLoginItem
     case unregisterAsLoginItem
     case isRegisteredAsLoginItem
@@ -55,6 +56,13 @@ func handleWebViewCommand(command: Command) async throws(String) -> String {
     case .resetUserDefaults:
         // NOTE: only shown in the Developer View
         appState.resetUserDefaults()
+    case .setStrictLeakPrevention(let enable):
+        do {
+            try await appState.setIncludeAllNetworks(enable: enable)
+        } catch {
+            logger.error("Could not set includeAllNetworks \(error, privacy: .public)")
+            throw errorCodeOther
+        }
     case .jsonFfiCmd(cmd: let jsonCmd, let timeoutMs):
         let attemptTimeout: Duration? = switch timeoutMs {
         case .some(let ms): .milliseconds(ms)
diff --git a/obscura-ui/src/bridge/commands.ts b/obscura-ui/src/bridge/commands.ts
@@ -73,6 +73,10 @@ export function logout() {
     return jsonFfiCmd('logout');
 }
 
+export async function setStrictLeakPrevention(enable: boolean): Promise<void> {
+    await invoke('setStrictLeakPrevention', { enable });
+}
+
 export function connect(exit: string | null = null) {
     let jsonTunnelArgs = JSON.stringify(({ exit }));
     return invoke('startTunnel', { tunnelArgs: jsonTunnelArgs });
diff --git a/obscura-ui/src/common/appContext.ts b/obscura-ui/src/common/appContext.ts
@@ -38,6 +38,7 @@ export interface OsStatus {
     internetAvailable: boolean,
     osVpnStatus: NEVPNStatus,
     srcVersion: string
+    strictLeakPrevention: boolean,
     updaterStatus: UpdaterStatus,
     debugBundleStatus: {
         inProgress?: boolean,
diff --git a/obscura-ui/src/common/utils.ts b/obscura-ui/src/common/utils.ts
@@ -110,6 +110,14 @@ export function percentEncodeQuery(params: Record<string, string>) {
 
 const DEFAULT_ERROR_MSG = "An unexpected error has occurred.";
 
+export function errMsg(error: unknown): string {
+    if (error instanceof Error) {
+        return error.message;
+    }
+    console.warn(fmt`errMsg: error = ${error} is not an instance of Error`);
+    return DEFAULT_ERROR_MSG;
+}
+
 export function normalizeError(error: unknown): Error {
     if (error instanceof Error) {
         return error;
diff --git a/obscura-ui/src/views/DeveloperView.tsx b/obscura-ui/src/views/DeveloperView.tsx
@@ -1,4 +1,4 @@
-import { Accordion, Autocomplete, Button, Group, JsonInput, Stack, Text, TextInput, Title } from '@mantine/core';
+import { Accordion, Autocomplete, Button, Group, JsonInput, Stack, Switch, Text, TextInput, Title } from '@mantine/core';
 import { useInterval } from '@mantine/hooks';
 import { notifications } from '@mantine/notifications';
 import Cookies from 'js-cookie';
@@ -8,7 +8,7 @@ import * as commands from '../bridge/commands';
 import { Exit } from '../common/api';
 import { AppContext } from '../common/appContext';
 import { localStorageGet, LocalStorageKey } from '../common/localStorage';
-import { IS_WK_WEB_VIEW } from '../common/utils';
+import { errMsg, IS_WK_WEB_VIEW } from '../common/utils';
 import DevSendCommand from '../components/DevSendCommand';
 import DevSetApiUrl from '../components/DevSetApiUrl';
 
@@ -36,6 +36,9 @@ export default function DeveloperViewer() {
 
     const [accordionValues, setAccordionValues] = useState<string[]>([]);
 
+    const [strictLeakLoading, setStrictLeakLoading] = useState(false);
+    const [strictLeakError, setStrictLeakError] = useState<string>();
+
     return <Stack p={20} mb={50}>
         <Title order={3}>Developer View</Title>
         <Title order={4}>Statuses</Title>
@@ -78,6 +81,22 @@ export default function DeveloperViewer() {
           <Autocomplete onChange={setLocalStorageKey} label='local storage key' data={Object.values(LocalStorageKey)} />
           <Button onClick={() => setLocalStorageValue(localStorageGet(localStorageKey as LocalStorageKey))}>Get</Button>
         </Group>
+        <Switch
+          error={strictLeakError}
+          checked={osStatus.strictLeakPrevention}
+          disabled={strictLeakLoading}
+          onChange={async event => {
+            try {
+              setStrictLeakLoading(true);
+              setStrictLeakError(undefined);
+              await commands.setStrictLeakPrevention(event.currentTarget.checked);
+            } catch (err) {
+              setStrictLeakError(errMsg(err));
+            } finally {
+              setStrictLeakLoading(false);
+            }
+          }}
+          label="Enable Strict Leak Prevention" />
         <JsonInput value={localStorageValue ?? 'null'} contentEditable={false} />
     </Stack>;
 }
