// /var/root/Downloads

// /var/root/Downloads/coder-darwin-{arm64,amd64}

privateletdest=FileManager.default.urls(for:.downloadsDirectory, in:.userDomainMask)

.first!.appending(path:"coder-vpn.dylib")

.first!.appending(path:binaryName)

privateletlogger=Logger(subsystem:Bundle.main.bundleIdentifier!, category:"manager")

// swiftlint:disable:next function_body_length

init(cfg:ManagerConfig)asyncthrows(ManagerError){

self.cfg= cfg

telemetryEnricher=TelemetryEnricher()

letdylibPath= cfg.serverUrl.appending(path:"bin/coder-vpn-darwin-arm64.dylib")

letdylibPath= cfg.serverUrl.appending(path:"bin/coder-vpn-darwin-amd64.dylib")

letclient=Client(url: cfg.serverUrl)

buildInfo=tryawait client.buildInfo()

throw.serverInfo(error.description)

guardlet serverSemver= buildInfo.semverelse{

throw.serverInfo("invalid version:\(buildInfo.version)")

guardSignatureValidator.minimumCoderVersion

.compare(serverSemver, options:.numeric)!=.orderedDescending

throw.belowMinimumCoderVersion(actualVersion: serverSemver)

letbinaryPath= cfg.serverUrl.appending(path:"bin").appending(path:Manager.binaryName)

letsessionConfig=URLSessionConfiguration.default

// The tunnel might be asked to start before the network interfaces have woken up from sleep

sessionConfig.timeoutIntervalForRequest=60

sessionConfig.timeoutIntervalForResource=300

src:dylibPath,

src:binaryPath,

dest: dest,

urlSession:URLSession(configuration: sessionConfig)

){ progressin

throw.download(error)

pushProgress(stage:.validating)

letclient=Client(url: cfg.serverUrl)

throw.serverInfo(error.description)

guardlet semver= buildInfo.semverelse{

throw.serverInfo("invalid version:\(buildInfo.version)")

throw.validation(error)

// Without this, the TUN fd isn't recognised as a socket in the

// spawned process, and the tunnel fails to start.

throw.validation(error)

throw.cloexec(error)

try tunnelHandle=TunnelHandle(dylibPath: dest)

try tunnelDaemon=awaitTunnelDaemon(binaryPath: dest){ errin

Task{try?awaitNEXPCServerDelegate.cancelProvider(error:

makeNSError(suffix:"TunnelDaemon", desc:"Tunnel daemon:\(err.description)")

throw.tunnelSetup(error)

speaker=awaitSpeaker<Vpn_ManagerMessage,Vpn_TunnelMessage>(

writeFD:tunnelHandle.writeHandle,

readFD:tunnelHandle.readHandle

writeFD:tunnelDaemon.writeHandle,

readFD:tunnelDaemon.readHandle

tryawait speaker.handshake()

throw.handshake(error)

tryawait tunnelHandle.openTunnelTask?.value

}catchlet error asTunnelHandleError{

logger.error("failed to wait for dylib to open tunnel:\(error, privacy:.public)")

throw.tunnelSetup(error)

readLoop=Task{tryawaitrun()}

deinit{ logger.debug("manager deinit")}

func run()asyncthrows{

fortryawaitmin speaker{

logger.error("tunnel read loop failed:\(error.localizedDescription, privacy:.public)")

tryawaitNEXPCServerDelegate.cancelProvider(error:

makeNSError(suffix:"Manager", desc:"Tunnel read loop failed:\(error.localizedDescription)")

logger.info("tunnel read loop exited")

tryawaitNEXPCServerDelegate.cancelProvider(error:nil)

if !stopResp.success{

throw.errorResponse(msg: stopResp.errorMessage)

tryawait tunnelDaemon.close()

throw.tunnelFail(error)

readLoop.cancel()

// Retrieves the current state of all peers,

case download(DownloadError)

case tunnelSetup(TunnelHandleError)

case tunnelSetup(TunnelDaemonError)

case handshake(HandshakeError)

case validation(ValidationError)

case incorrectResponse(Vpn_TunnelMessage)

case cloexec(POSIXError)

case failedRPC(anyError)

case serverInfo(String)

case errorResponse(msg:String)

case noTunnelFileDescriptor

case noApp

case permissionDenied

case tunnelFail(anyError)

case belowMinimumCoderVersion(actualVersion:String)

"Handshake error:\(err.localizedDescription)"

caselet.validation(err):

"Validation error:\(err.localizedDescription)"

caselet.cloexec(err):

"Failed to mark TUN fd as non-cloexec:\(err.localizedDescription)"

case.incorrectResponse:

caselet.failedRPC(err):

msg

caselet.errorResponse(msg):

msg

case.noTunnelFileDescriptor:

case.noApp:

case.permissionDenied:

caselet.tunnelFail(err):

"Failed to communicate with dylib over tunnel:\(err.localizedDescription)"

"Failed to communicate with daemon over tunnel:\(err.localizedDescription)"

caselet.belowMinimumCoderVersion(actualVersion):

The Coder deployment must be version\(SignatureValidator.minimumCoderVersion)

or higher to use Coder Desktop. Current version:\(actualVersion)

case.UNRECOGNIZED:.info

subsystem:"\(Bundle.main.bundleIdentifier!).dylib",

subsystem:"\(Bundle.main.bundleIdentifier!).daemon",

category: log.loggerNames.joined(separator:".")

letfields= log.fields.map{"\($0.name):\($0.value)"}.joined(separator:",")

username:"admin"

version:"v2.20.0"

version:"v2.24.2"

guard httpResponse.statusCode!=304else{

// We already have the latestdylib downloaded in dest

// We already have the latestbinary downloaded in dest

continuation.resume()

onCancel:{

self.logger.debug("async stream canceled")

self.dispatch.close()

self.dispatch.close(flags:[.stop])

deinit{ logger.debug("speaker deinit")}

/// Does the VPN Protocol handshake and validates the result

publicfunc handshake()asyncthrows(HandshakeError){

lethndsh=Handshaker(writeFD: writeFD, dispatch: dispatch, queue: queue, role: role,

returntryvalidateHeader(theirsString)

writeFD.closeFile()

dispatch.close()

dispatch.close(flags:[.stop])

throw error