coder/coder-desktop-macosPublic

NotificationsYou must be signed in to change notification settings
Fork5
Star20

Commit4bb3a24

committed

fix: add toggle for Coder deployments behind a VPN

1 parent5bf788f commit4bb3a24Copy full SHA for 4bb3a24

File tree

12 files changed

+109

-20

lines changed

Coder-Desktop
- Coder-DesktopHelper
  - HelperXPCListeners.swift
  - Manager.swift
- Coder-Desktop
  - State.swift
  - Views/Settings
    - NetworkTab.swift
- VPNLib
- VPN
  - HelperXPCSpeaker.swift
  - PacketTunnelProvider.swift
- project.yml

12 files changed

+109

-20

lines changed

`‎Coder-Desktop/Coder-Desktop/State.swift‎`

Lines changed: 23 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ import KeychainAccess`
`4`	`4`	`import NetworkExtension`
`5`	`5`	`import os`
`6`	`6`	`import SwiftUI`
	`7`	`+import VPNLib`
`7`	`8`
`8`	`9`	`@MainActor`
`9`	`10`	`classAppState:ObservableObject{`
`@@ -70,6 +71,14 @@ class AppState: ObservableObject {`
`70`	`71`	`}`
`71`	`72`	`}`
`72`	`73`
	`74`	`+@PublishedvaruseSoftNetIsolation:Bool=UserDefaults.standard.bool(forKey:Keys.useSoftNetIsolation){`
	`75`	`+ didSet{`
	`76`	`+reconfigure()`
	`77`	`+guard persistentelse{return}`
	`78`	`+UserDefaults.standard.set(useSoftNetIsolation, forKey:Keys.useSoftNetIsolation)`
	`79`	`+}`
	`80`	`+}`
	`81`	`+`
`73`	`82`	`@PublishedvarskipHiddenIconAlert:Bool=UserDefaults.standard.bool(forKey:Keys.skipHiddenIconAlert){`
`74`	`83`	`didSet{`
`75`	`84`	`guard persistentelse{return}`
`@@ -81,11 +90,18 @@ class AppState: ObservableObject {`
`81`	`90`	`if !hasSession{returnnil}`
`82`	`91`	`letproto=NETunnelProviderProtocol()`
`83`	`92`	`proto.providerBundleIdentifier="\(appId).VPN"`
`84`		`- // HACK: We can't write to the system keychain, and the user keychain`
`85`		`- // isn't accessible, so we'll use providerConfiguration, which is over XPC.`
`86`		`- proto.providerConfiguration=["token": sessionToken!]`
`87`		`-if useLiteralHeaders,let headers=try?JSONEncoder().encode(literalHeaders){`
`88`		`- proto.providerConfiguration?["literalHeaders"]= headers`
	`93`	`+`
	`94`	`+ proto.providerConfiguration=[`
	`95`	`+ // HACK: We can't write to the system keychain, and the user keychain`
	`96`	`+ // isn't accessible, so we'll use providerConfiguration, which`
	`97`	`+ // writes to disk.`
	`98`	`+VPNConfigurationKeys.token: sessionToken!,`
	`99`	`+VPNConfigurationKeys.useSoftNetIsolation: useSoftNetIsolation,`
	`100`	`+]`
	`101`	`+if useLiteralHeaders{`
	`102`	`+ proto.providerConfiguration?[`
	`103`	`+VPNConfigurationKeys.literalHeaders`
	`104`	`+]= literalHeaders.map{($0.name, $0.value)}`
`89`	`105`	`}`
`90`	`106`	`proto.serverAddress= baseAccessURL!.absoluteString`
`91`	`107`	`return proto`
`@@ -188,6 +204,7 @@ class AppState: ObservableObject {`
`188`	`204`	`}`
`189`	`205`
`190`	`206`	`publicfunc clearSession(){`
	`207`	`+ logger.info("clearing session")`
`191`	`208`	`hasSession=false`
`192`	`209`	`sessionToken=nil`
`193`	`210`	`refreshTask?.cancel()`
`@@ -216,6 +233,7 @@ class AppState: ObservableObject {`
`216`	`233`
`217`	`234`	`staticletuseLiteralHeaders="UseLiteralHeaders"`
`218`	`235`	`staticletliteralHeaders="LiteralHeaders"`
	`236`	`+staticletuseSoftNetIsolation="UseSoftNetIsolation"`
`219`	`237`	`staticletstopVPNOnQuit="StopVPNOnQuit"`
`220`	`238`	`staticletstartVPNOnLaunch="StartVPNOnLaunch"`
`221`	`239`

`‎Coder-Desktop/Coder-Desktop/Views/Settings/NetworkTab.swift‎`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,11 +4,30 @@ struct NetworkTab<VPN: VPNService>: View {`
`4`	`4`	`varbody:someView{`
`5`	`5`	`Form{`
`6`	`6`	`LiteralHeadersSection<VPN>()`
	`7`	`+SoftNetIsolationSection<VPN>()`
`7`	`8`	`}`
`8`	`9`	`.formStyle(.grouped)`
`9`	`10`	`}`
`10`	`11`	`}`
`11`	`12`
	`13`	`+structSoftNetIsolationSection<VPN:VPNService>:View{`
	`14`	`+@EnvironmentObjectvarstate:AppState`
	`15`	`+@EnvironmentObjectvarvpn:VPN`
	`16`	`+varbody:someView{`
	`17`	`+Section{`
	`18`	`+Toggle(isOn: $state.useSoftNetIsolation){`
	`19`	`+Text("Enable support for corporate VPNs")`
	`20`	`+if !vpn.state.canBeStarted{Text("Cannot be modified while Coder Connect is enabled.")}`
	`21`	`+}`
	`22`	`+Text("This setting loosens the VPN loop protection in Coder Connect, allowing traffic to flow to a"+`
	`23`	`+"Coder deployment behind a corporate VPN. We only recommend enabling this option if Coder Connect"+`
	`24`	`+"doesn't work with your Coder deployment behind a corporate VPN.")`
	`25`	`+.font(.subheadline)`
	`26`	`+.foregroundStyle(.secondary)`
	`27`	`+}.disabled(!vpn.state.canBeStarted)`
	`28`	`+}`
	`29`	`+}`
	`30`	`+`
`12`	`31`	`#if DEBUG`
`13`	`32`	`#Preview{`
`14`	`33`	`NetworkTab<PreviewVPN>()`

`‎Coder-Desktop/Coder-DesktopHelper/HelperXPCListeners.swift‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -40,11 +40,13 @@ class HelperNEXPCListener: NSObject, NSXPCListenerDelegate, HelperNEXPCInterface`
`40`	`40`
`41`	`41`	`letstartSymbol="OpenTunnel"`
`42`	`42`
	`43`	`+ // swiftlint:disable:next function_parameter_count`
`43`	`44`	`func startDaemon(`
`44`	`45`	`accessURL:URL,`
`45`	`46`	`token:String,`
`46`	`47`	`tun:FileHandle,`
`47`	`48`	`headers:Data?,`
	`49`	`+ useSoftNetIsolation:Bool,`
`48`	`50`	`reply:@escaping(Error?)->Void`
`49`	`51`	`){`
`50`	`52`	`logger.info("startDaemon called")`
`@@ -57,6 +59,7 @@ class HelperNEXPCListener: NSObject, NSXPCListenerDelegate, HelperNEXPCInterface`
`57`	`59`	`apiToken: token,`
`58`	`60`	`serverUrl: accessURL,`
`59`	`61`	`tunFd: tun.fileDescriptor,`
	`62`	`+ useSoftNetIsolation: useSoftNetIsolation,`
`60`	`63`	`literalHeaders: headers.flatMap{try?JSONDecoder().decode([HTTPHeader].self, from: $0)}??[]`
`61`	`64`	`)`
`62`	`65`	`)`

`‎Coder-Desktop/Coder-DesktopHelper/Manager.swift‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -160,6 +160,7 @@ actor Manager {`
`160`	`160`	`resp=tryawait speaker.unaryRPC(`
`161`	`161`	`.with{ msgin`
`162`	`162`	`msg.start=.with{ reqin`
	`163`	`+ req.tunnelUseSoftNetIsolation= cfg.useSoftNetIsolation`
`163`	`164`	`req.tunnelFileDescriptor= cfg.tunFd`
`164`	`165`	`req.apiToken= cfg.apiToken`
`165`	`166`	`req.coderURL= cfg.serverUrl.absoluteString`
`@@ -234,6 +235,7 @@ struct ManagerConfig {`
`234`	`235`	`letapiToken:String`
`235`	`236`	`letserverUrl:URL`
`236`	`237`	`lettunFd:Int32`
	`238`	`+letuseSoftNetIsolation:Bool`
`237`	`239`	`letliteralHeaders:[HTTPHeader]`
`238`	`240`	`}`
`239`	`241`

`‎Coder-Desktop/VPN/HelperXPCSpeaker.swift‎`

Lines changed: 14 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,13 @@ final class HelperXPCSpeaker: NEXPCInterface, @unchecked Sendable {`
`58`	`58`
`59`	`59`	`// These methods are called to start and stop the daemon run by the Helper.`
`60`	`60`	`extensionHelperXPCSpeaker{`
`61`		`-func startDaemon(accessURL:URL, token:String, tun:FileHandle, headers:Data?)asyncthrows{`
	`61`	`+func startDaemon(`
	`62`	`+ accessURL:URL,`
	`63`	`+ token:String,`
	`64`	`+ tun:FileHandle,`
	`65`	`+ headers:Data?,`
	`66`	`+ useSoftNetIsolation:Bool`
	`67`	`+)asyncthrows{`
`62`	`68`	`letconn=connect()`
`63`	`69`	`returntryawaitwithCheckedThrowingContinuation{ continuationin`
`64`	`70`	`guardlet proxy= conn.remoteObjectProxyWithErrorHandler({ errin`
`@@ -69,7 +75,13 @@ extension HelperXPCSpeaker {`
`69`	`75`	`continuation.resume(throwing:XPCError.wrongProxyType)`
`70`	`76`	`return`
`71`	`77`	`}`
`72`		`- proxy.startDaemon(accessURL: accessURL, token: token, tun: tun, headers: headers){ errin`
	`78`	`+ proxy.startDaemon(`
	`79`	`+ accessURL: accessURL,`
	`80`	`+ token: token,`
	`81`	`+ tun: tun,`
	`82`	`+ headers: headers,`
	`83`	`+ useSoftNetIsolation: useSoftNetIsolation`
	`84`	`+){ errin`
`73`	`85`	`iflet error= err{`
`74`	`86`	`self.logger.error("Failed to start daemon:\(error.localizedDescription, privacy:.public)")`
`75`	`87`	`continuation.resume(throwing: error)`

`‎Coder-Desktop/VPN/PacketTunnelProvider.swift‎`

Lines changed: 10 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -48,27 +48,31 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {`
`48`	`48`	`)asyncthrows{`
`49`	`49`	`globalHelperXPCSpeaker.ptp=self`
`50`	`50`	`guardlet proto= protocolConfigurationas?NETunnelProviderProtocol,`
`51`		`-letbaseAccessURL= proto.serverAddress`
	`51`	`+letaccessURL= proto.serverAddress`
`52`	`52`	`else{`
`53`	`53`	`logger.error("startTunnel called with nil protocolConfiguration")`
`54`	`54`	`throwmakeNSError(suffix:"PTP", desc:"Missing Configuration")`
`55`	`55`	`}`
`56`	`56`	`// HACK: We can't write to the system keychain, and the NE can't read the user keychain.`
`57`		`-guardlet token= proto.providerConfiguration?["token"]as?Stringelse{`
	`57`	`+guardlet token= proto.providerConfiguration?[VPNConfigurationKeys.token]as?Stringelse{`
`58`	`58`	`logger.error("startTunnel called with nil token")`
`59`	`59`	`throwmakeNSError(suffix:"PTP", desc:"Missing Token")`
`60`	`60`	`}`
`61`		`-letheaders= proto.providerConfiguration?["literalHeaders"]as?Data`
`62`		`- logger.debug("retrieved token & access URL")`
	`61`	`+letheaders= proto.providerConfiguration?[VPNConfigurationKeys.literalHeaders]as?Data`
	`62`	`+letuseSoftNetIsolation= proto.providerConfiguration?[`
	`63`	`+VPNConfigurationKeys.useSoftNetIsolation`
	`64`	`+]as?Bool??false`
	`65`	`+ logger.debug("retrieved vpn configuration settings")`
`63`	`66`	`guardlet tunFd= tunnelFileDescriptorelse{`
`64`	`67`	`logger.error("startTunnel called with nil tunnelFileDescriptor")`
`65`	`68`	`throwmakeNSError(suffix:"PTP", desc:"Missing Tunnel File Descriptor")`
`66`	`69`	`}`
`67`	`70`	`tryawait globalHelperXPCSpeaker.startDaemon(`
`68`		`- accessURL:.init(string:baseAccessURL)!,`
	`71`	`+ accessURL:.init(string:accessURL)!,`
`69`	`72`	`token: token,`
`70`	`73`	`tun:FileHandle(fileDescriptor: tunFd),`
`71`		`- headers: headers`
	`74`	`+ headers: headers,`
	`75`	`+ useSoftNetIsolation: useSoftNetIsolation`
`72`	`76`	`)`
`73`	`77`	`}`
`74`	`78`

`‎Coder-Desktop/VPNLib/Configuration.swift‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,9 @@`
	`1`	+// Keys for the `providerConfiguration` dictionary in the VPN configuration plist.
	`2`	`+publicenumVPNConfigurationKeys{`
	`3`	`+ // String`
	`4`	`+publicstaticlettoken="token"`
	`5`	`+ // [(String, String)]`
	`6`	`+publicstaticletliteralHeaders="literalHeaders"`
	`7`	`+ // Bool`
	`8`	`+publicstaticletuseSoftNetIsolation="useSoftNetIsolation"`
	`9`	`+}`

`‎Coder-Desktop/VPNLib/Download.swift‎`

Lines changed: 9 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -150,15 +150,15 @@ extension DownloadManager: URLSessionDownloadDelegate {`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`publicrequiredconvenienceinit?(coder:NSCoder){`
`153`		`-letwritten= coder.decodeInt64(forKey:"written")`
`154`		`-lettotal= coder.containsValue(forKey:"total")? coder.decodeInt64(forKey:"total"):nil`
	`153`	`+letwritten= coder.decodeInt64(forKey:Keys.written)`
	`154`	`+lettotal= coder.containsValue(forKey:Keys.total)? coder.decodeInt64(forKey:Keys.total):nil`
`155`	`155`	`self.init(totalBytesWritten: written, totalBytesToWrite: total)`
`156`	`156`	`}`
`157`	`157`
`158`	`158`	`publicfunc encode(with coder:NSCoder){`
`159`		`- coder.encode(totalBytesWritten, forKey:"written")`
	`159`	`+ coder.encode(totalBytesWritten, forKey:Keys.written)`
`160`	`160`	`iflet total= totalBytesToWrite{`
`161`		`- coder.encode(total, forKey:"total")`
	`161`	`+ coder.encode(total, forKey:Keys.total)`
`162`	`162`	`}`
`163`	`163`	`}`
`164`	`164`
`@@ -169,4 +169,9 @@ extension DownloadManager: URLSessionDownloadDelegate {`
`169`	`169`	`lettotal= totalBytesToWrite.map{ fmt.string(fromByteCount: $0)}??"Unknown"`
`170`	`170`	`return"\(done) /\(total)"`
`171`	`171`	`}`
	`172`	`+`
	`173`	`+enumKeys{`
	`174`	`+staticletwritten="written"`
	`175`	`+staticlettotal="total"`
	`176`	`+}`
`172`	`177`	`}`

`‎Coder-Desktop/VPNLib/XPC.swift‎`

Lines changed: 10 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,8 +25,16 @@ public let helperNEMachServiceName = "4399GN35BJ.com.coder.Coder-Desktop.HelperN`
`25`	`25`	`// This is the XPC interface the Helper exposes to the Network Extension.`
`26`	`26`	`@preconcurrency`
`27`	`27`	`@objcpublicprotocolHelperNEXPCInterface{`
`28`		- // headers is a JSON `[HTTPHeader]`
`29`		`-func startDaemon(accessURL:URL, token:String, tun:FileHandle, headers:Data?, reply:@escaping(Error?)->Void)`
	`28`	`+ // swiftlint:disable:next function_parameter_count`
	`29`	`+func startDaemon(`
	`30`	`+ accessURL:URL,`
	`31`	`+ token:String,`
	`32`	`+ tun:FileHandle,`
	`33`	+ // headers is a JSON encoded `[HTTPHeader]`
	`34`	`+ headers:Data?,`
	`35`	`+ useSoftNetIsolation:Bool,`
	`36`	`+ reply:@escaping(Error?)->Void`
	`37`	`+)`
`30`	`38`	`func stopDaemon(reply:@escaping(Error?)->Void)`
`31`	`39`	`}`
`32`	`40`

`‎Coder-Desktop/VPNLib/vpn.pb.swift‎`

Lines changed: 8 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4bb3a24

File tree

12 files changed

12 files changed

`‎Coder-Desktop/Coder-Desktop/State.swift‎`

`‎Coder-Desktop/Coder-Desktop/Views/Settings/NetworkTab.swift‎`

`‎Coder-Desktop/Coder-DesktopHelper/HelperXPCListeners.swift‎`

`‎Coder-Desktop/Coder-DesktopHelper/Manager.swift‎`

`‎Coder-Desktop/VPN/HelperXPCSpeaker.swift‎`

`‎Coder-Desktop/VPN/PacketTunnelProvider.swift‎`

`‎Coder-Desktop/VPNLib/Configuration.swift‎`

`‎Coder-Desktop/VPNLib/Download.swift‎`

`‎Coder-Desktop/VPNLib/XPC.swift‎`

`‎Coder-Desktop/VPNLib/vpn.pb.swift‎`

0 commit comments