coder/coder-desktop-windowsPublic

NotificationsYou must be signed in to change notification settings
Fork8
Star19

Commit814b412

ibetitsmike

and

deansheather

authored

fix: opt-in tailscale vpn loop prevention (#148)

Co-authored-by: Dean Sheather <dean@deansheather.com>

1 parentd7f4ac8 commit814b412Copy full SHA for 814b412

File tree

10 files changed

+62

-34

lines changed

App
- App.xaml.cs
- Models
  - Settings.cs
- Services
  - CredentialManager.cs
  - RpcController.cs
- ViewModels
  - SettingsViewModel.cs
- Views
Tests.App/Services
- CredentialManagerTest.cs
Vpn.Proto
- vpn.proto

10 files changed

+62

-34

lines changed

`‎App/App.xaml.cs‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -92,6 +92,7 @@ public App()`
`92`	`92`
`93`	`93`	`services.AddSingleton<IDispatcherQueueManager>(_=>this);`
`94`	`94`	`services.AddSingleton<IDefaultNotificationHandler>(_=>this);`
	`95`	`+services.AddSingleton<ISettingsManager<CoderConnectSettings>,SettingsManager<CoderConnectSettings>>();`
`95`	`96`	`services.AddSingleton<ICredentialBackend>(_=>`
`96`	`97`	`newWindowsCredentialBackend(WindowsCredentialBackend.CoderCredentialsTargetName));`
`97`	`98`	`services.AddSingleton<ICredentialManager,CredentialManager>();`
`@@ -120,7 +121,6 @@ public App()`
`120`	`121`	`// FileSyncListMainPage is created by FileSyncListWindow.`
`121`	`122`	`services.AddTransient<FileSyncListWindow>();`
`122`	`123`
`123`		`-services.AddSingleton<ISettingsManager<CoderConnectSettings>,SettingsManager<CoderConnectSettings>>();`
`124`	`124`	`services.AddSingleton<IStartupManager,StartupManager>();`
`125`	`125`	`// SettingsWindow views and view models`
`126`	`126`	`services.AddTransient<SettingsViewModel>();`

`‎App/Models/Settings.cs‎`

Lines changed: 11 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,11 @@ public class CoderConnectSettings : ISettings<CoderConnectSettings>`
`34`	`34`	`/// </summary>`
`35`	`35`	`publicboolConnectOnLaunch{get;set;}`
`36`	`36`
	`37`	`+/// <summary>`
	`38`	`+/// When this is true Coder Connect will not attempt to protect against Tailscale loopback issues.`
	`39`	`+/// </summary>`
	`40`	`+publicboolEnableCorporateVpnSupport{get;set;}`
	`41`	`+`
`37`	`42`	`/// <summary>`
`38`	`43`	`/// CoderConnect current settings version. Increment this when the settings schema changes.`
`39`	`44`	`/// In future iterations we will be able to handle migrations when the user has`
`@@ -46,17 +51,21 @@ public CoderConnectSettings()`
`46`	`51`	`Version=VERSION;`
`47`	`52`
`48`	`53`	`ConnectOnLaunch=false;`
	`54`	`+`
	`55`	`+EnableCorporateVpnSupport=false;`
`49`	`56`	`}`
`50`	`57`
`51`		`-publicCoderConnectSettings(int?version,boolconnectOnLaunch)`
	`58`	`+publicCoderConnectSettings(int?version,boolconnectOnLaunch,boolenableCorporateVpnSupport)`
`52`	`59`	`{`
`53`	`60`	`Version=version??VERSION;`
`54`	`61`
`55`	`62`	`ConnectOnLaunch=connectOnLaunch;`
	`63`	`+`
	`64`	`+EnableCorporateVpnSupport=enableCorporateVpnSupport;`
`56`	`65`	`}`
`57`	`66`
`58`	`67`	`publicCoderConnectSettingsClone()`
`59`	`68`	`{`
`60`		`-returnnewCoderConnectSettings(Version,ConnectOnLaunch);`
	`69`	`+returnnewCoderConnectSettings(Version,ConnectOnLaunch,EnableCorporateVpnSupport);`
`61`	`70`	`}`
`62`	`71`	`}`

`‎App/Services/CredentialManager.cs‎`

Lines changed: 4 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -223,8 +223,9 @@ private async Task<CredentialModel> LoadCredentialsInner(CancellationToken ct)`
`223`	`223`	`};`
`224`	`224`	`}`
`225`	`225`
`226`		`-// Grab the lock again so we can update the state.`
`227`		`-using(await_opLock.LockAsync(ct))`
	`226`	`+// Grab the lock again so we can update the state. Don't use the CT`
	`227`	`+// here as it may have already been canceled.`
	`228`	`+using(await_opLock.LockAsync(TimeSpan.FromSeconds(5),CancellationToken.None))`
`228`	`229`	`{`
`229`	`230`	`// Prevent new LoadCredentials calls from returning this task.`
`230`	`231`	`if(_loadCts!=null)`
`@@ -242,11 +243,8 @@ private async Task<CredentialModel> LoadCredentialsInner(CancellationToken ct)`
`242`	`243`	`if(latestCredsis notnull)returnlatestCreds;`
`243`	`244`	`}`
`244`	`245`
`245`		`-// If there aren't any latest credentials after a cancellation, we`
`246`		`-// most likely timed out and should throw.`
`247`		`-ct.ThrowIfCancellationRequested();`
`248`		`-`
`249`	`246`	`UpdateState(model);`
	`247`	`+ct.ThrowIfCancellationRequested();`
`250`	`248`	`returnmodel;`
`251`	`249`	`}`
`252`	`250`	`}`

`‎App/Services/RpcController.cs‎`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -69,16 +69,18 @@ public interface IRpcController : IAsyncDisposable`
`69`	`69`	`publicclassRpcController:IRpcController`
`70`	`70`	`{`
`71`	`71`	`privatereadonlyICredentialManager_credentialManager;`
	`72`	`+privatereadonlyISettingsManager<CoderConnectSettings>_settingsManager;`
`72`	`73`
`73`	`74`	`privatereadonlyRaiiSemaphoreSlim_operationLock=new(1,1);`
`74`	`75`	`privateSpeaker<ClientMessage,ServiceMessage>?_speaker;`
`75`	`76`
`76`	`77`	`privatereadonlyRaiiSemaphoreSlim_stateLock=new(1,1);`
`77`	`78`	`privatereadonlyRpcModel_state=new();`
`78`	`79`
`79`		`-publicRpcController(ICredentialManagercredentialManager)`
	`80`	`+publicRpcController(ICredentialManagercredentialManager,ISettingsManager<CoderConnectSettings>settingsManager)`
`80`	`81`	`{`
`81`	`82`	`_credentialManager=credentialManager;`
	`83`	`+_settingsManager=settingsManager;`
`82`	`84`	`}`
`83`	`85`
`84`	`86`	`publiceventEventHandler<RpcModel>?StateChanged;`
`@@ -156,6 +158,7 @@ public async Task StartVpn(CancellationToken ct = default)`
`156`	`158`	`usingvar_=awaitAcquireOperationLockNowAsync();`
`157`	`159`	`AssertRpcConnected();`
`158`	`160`
	`161`	`+varcoderConnectSettings=await_settingsManager.Read(ct);`
`159`	`162`	`varcredentials=_credentialManager.GetCachedCredentials();`
`160`	`163`	`if(credentials.State!=CredentialState.Valid)`
`161`	`164`	`thrownewRpcOperationException(`
`@@ -175,6 +178,7 @@ public async Task StartVpn(CancellationToken ct = default)`
`175`	`178`	`{`
`176`	`179`	`CoderUrl=credentials.CoderUrl?.ToString(),`
`177`	`180`	`ApiToken=credentials.ApiToken,`
	`181`	`+TunnelUseSoftNetIsolation=coderConnectSettings.EnableCorporateVpnSupport,`
`178`	`182`	`},`
`179`	`183`	`},ct);`
`180`	`184`	`}`

`‎App/ViewModels/SettingsViewModel.cs‎`

Lines changed: 20 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,9 @@ public partial class SettingsViewModel : ObservableObject`
`13`	`13`	`[ObservableProperty]`
`14`	`14`	`publicpartialboolConnectOnLaunch{get;set;}`
`15`	`15`
	`16`	`+[ObservableProperty]`
	`17`	`+publicpartialboolDisableTailscaleLoopProtection{get;set;}`
	`18`	`+`
`16`	`19`	`[ObservableProperty]`
`17`	`20`	`publicpartialboolStartOnLoginDisabled{get;set;}`
`18`	`21`
`@@ -31,6 +34,7 @@ public SettingsViewModel(ILogger<SettingsViewModel> logger, ISettingsManager<Cod`
`31`	`34`	`_connectSettings=settingsManager.Read().GetAwaiter().GetResult();`
`32`	`35`	`StartOnLogin=startupManager.IsEnabled();`
`33`	`36`	`ConnectOnLaunch=_connectSettings.ConnectOnLaunch;`
	`37`	`+DisableTailscaleLoopProtection=_connectSettings.EnableCorporateVpnSupport;`
`34`	`38`
`35`	`39`	`// Various policies can disable the "Start on login" option.`
`36`	`40`	`// We disable the option in the UI if the policy is set.`
`@@ -43,6 +47,21 @@ public SettingsViewModel(ILogger<SettingsViewModel> logger, ISettingsManager<Cod`
`43`	`47`	`}`
`44`	`48`	`}`
`45`	`49`
	`50`	`+partialvoidOnDisableTailscaleLoopProtectionChanged(boololdValue,boolnewValue)`
	`51`	`+{`
	`52`	`+if(oldValue==newValue)`
	`53`	`+return;`
	`54`	`+try`
	`55`	`+{`
	`56`	`+_connectSettings.EnableCorporateVpnSupport=DisableTailscaleLoopProtection;`
	`57`	`+_connectSettingsManager.Write(_connectSettings);`
	`58`	`+}`
	`59`	`+catch(Exceptionex)`
	`60`	`+{`
	`61`	`+_logger.LogError($"Error saving Coder Connect{nameof(DisableTailscaleLoopProtection)} settings:{ex.Message}");`
	`62`	`+}`
	`63`	`+}`
	`64`	`+`
`46`	`65`	`partialvoidOnConnectOnLaunchChanged(boololdValue,boolnewValue)`
`47`	`66`	`{`
`48`	`67`	`if(oldValue==newValue)`
`@@ -54,7 +73,7 @@ partial void OnConnectOnLaunchChanged(bool oldValue, bool newValue)`
`54`	`73`	`}`
`55`	`74`	`catch(Exceptionex)`
`56`	`75`	`{`
`57`		`-_logger.LogError($"Error saving Coder Connect settings:{ex.Message}");`
	`76`	`+_logger.LogError($"Error saving Coder Connect{nameof(ConnectOnLaunch)}settings:{ex.Message}");`
`58`	`77`	`}`
`59`	`78`	`}`
`60`	`79`

`‎App/Views/Pages/SettingsMainPage.xaml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,12 @@`
`44`	`44`	`>`
`45`	`45`	`<ToggleSwitchIsOn="{x:Bind ViewModel.ConnectOnLaunch, Mode=TwoWay}" />`
`46`	`46`	`</controls:SettingsCard>`
	`47`	`+ <controls:SettingsCardDescription="This setting loosens some VPN loop protection checks in Coder Connect, allowing traffic to flow to a Coder deployment behind a corporate VPN. We only recommend enabling this option if Coder Connect doesn't work with your Coder deployment behind a corporate VPN."`
	`48`	`+Header="Enable support for corporate VPNs"`
	`49`	`+HeaderIcon="{ui:FontIcon Glyph=}"`
	`50`	`+ >`
	`51`	`+ <ToggleSwitchIsOn="{x:Bind ViewModel.DisableTailscaleLoopProtection, Mode=TwoWay}" />`
	`52`	`+ </controls:SettingsCard>`
`47`	`53`	`</StackPanel>`
`48`	`54`	`</Grid>`
`49`	`55`	`</ScrollViewer>`

`‎App/Views/SettingsWindow.xaml‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,8 @@`
`9`	`9`	`xmlns:winuiex="using:WinUIEx"`
`10`	`10`	`mc:Ignorable="d"`
`11`	`11`	`Title="Coder Settings"`
`12`		`-Width="600"Height="350"`
`13`		`-MinWidth="600"MinHeight="350">`
	`12`	`+Width="600"Height="500"`
	`13`	`+MinWidth="600"MinHeight="500">`
`14`	`14`
`15`	`15`	`<Window.SystemBackdrop>`
`16`	`16`	`<MicaBackdrop/>`

`‎App/Views/TrayWindow.xaml.cs‎`

Lines changed: 6 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,11 +5,9 @@`
`5`	`5`	`usingCoder.Desktop.App.Views.Pages;`
`6`	`6`	`usingCommunityToolkit.Mvvm.Input;`
`7`	`7`	`usingMicrosoft.UI;`
`8`		`-usingMicrosoft.UI.Input;`
`9`	`8`	`usingMicrosoft.UI.Windowing;`
`10`	`9`	`usingMicrosoft.UI.Xaml;`
`11`	`10`	`usingMicrosoft.UI.Xaml.Controls;`
`12`		`-usingMicrosoft.UI.Xaml.Documents;`
`13`	`11`	`usingMicrosoft.UI.Xaml.Media.Animation;`
`14`	`12`	`usingSystem;`
`15`	`13`	`usingSystem.Collections.Generic;`
`@@ -19,6 +17,7 @@`
`19`	`17`	`usingWindows.Graphics;`
`20`	`18`	`usingWindows.System;`
`21`	`19`	`usingWindows.UI.Core;`
	`20`	`+usingMicrosoft.UI.Input;`
`22`	`21`	`usingWinRT.Interop;`
`23`	`22`	`usingWindowActivatedEventArgs=Microsoft.UI.Xaml.WindowActivatedEventArgs;`
`24`	`23`
`@@ -41,7 +40,6 @@ public sealed partial class TrayWindow : Window`
`41`	`40`
`42`	`41`	`privatereadonlyIRpcController_rpcController;`
`43`	`42`	`privatereadonlyICredentialManager_credentialManager;`
`44`		`-privatereadonlyISyncSessionController_syncSessionController;`
`45`	`43`	`privatereadonlyIUpdateController_updateController;`
`46`	`44`	`privatereadonlyIUserNotifier_userNotifier;`
`47`	`45`	`privatereadonlyTrayWindowLoadingPage_loadingPage;`
`@@ -51,15 +49,13 @@ public sealed partial class TrayWindow : Window`
`51`	`49`
`52`	`50`	`publicTrayWindow(`
`53`	`51`	`IRpcControllerrpcController,ICredentialManagercredentialManager,`
`54`		`-ISyncSessionControllersyncSessionController,IUpdateControllerupdateController,`
`55`		`-IUserNotifieruserNotifier,`
	`52`	`+IUpdateControllerupdateController,IUserNotifieruserNotifier,`
`56`	`53`	`TrayWindowLoadingPageloadingPage,`
`57`	`54`	`TrayWindowDisconnectedPagedisconnectedPage,TrayWindowLoginRequiredPageloginRequiredPage,`
`58`	`55`	`TrayWindowMainPagemainPage)`
`59`	`56`	`{`
`60`	`57`	`_rpcController=rpcController;`
`61`	`58`	`_credentialManager=credentialManager;`
`62`		`-_syncSessionController=syncSessionController;`
`63`	`59`	`_updateController=updateController;`
`64`	`60`	`_userNotifier=userNotifier;`
`65`	`61`	`_loadingPage=loadingPage;`
`@@ -74,9 +70,7 @@ public TrayWindow(`
`74`	`70`
`75`	`71`	`_rpcController.StateChanged+=RpcController_StateChanged;`
`76`	`72`	`_credentialManager.CredentialsChanged+=CredentialManager_CredentialsChanged;`
`77`		`-_syncSessionController.StateChanged+=SyncSessionController_StateChanged;`
`78`		`-SetPageByState(_rpcController.GetState(),_credentialManager.GetCachedCredentials(),`
`79`		`-_syncSessionController.GetState());`
	`73`	`+SetPageByState(_rpcController.GetState(),_credentialManager.GetCachedCredentials());`
`80`	`74`
`81`	`75`	`// Setting these directly in the .xaml doesn't seem to work for whatever reason.`
`82`	`76`	`TrayIcon.OpenCommand=Tray_OpenCommand;`
`@@ -127,8 +121,7 @@ public TrayWindow(`
`127`	`121`	`};`
`128`	`122`	`}`
`129`	`123`
`130`		`-privatevoidSetPageByState(RpcModelrpcModel,CredentialModelcredentialModel,`
`131`		`-SyncSessionControllerStateModelsyncSessionModel)`
	`124`	`+privatevoidSetPageByState(RpcModelrpcModel,CredentialModelcredentialModel)`
`132`	`125`	`{`
`133`	`126`	`if(credentialModel.State==CredentialState.Unknown)`
`134`	`127`	`{`
`@@ -201,18 +194,13 @@ private void MaybeNotifyUser(RpcModel rpcModel)`
`201`	`194`
`202`	`195`	`privatevoidRpcController_StateChanged(object?_,RpcModelmodel)`
`203`	`196`	`{`
`204`		`-SetPageByState(model,_credentialManager.GetCachedCredentials(),_syncSessionController.GetState());`
	`197`	`+SetPageByState(model,_credentialManager.GetCachedCredentials());`
`205`	`198`	`MaybeNotifyUser(model);`
`206`	`199`	`}`
`207`	`200`
`208`	`201`	`privatevoidCredentialManager_CredentialsChanged(object?_,CredentialModelmodel)`
`209`	`202`	`{`
`210`		`-SetPageByState(_rpcController.GetState(),model,_syncSessionController.GetState());`
`211`		`-}`
`212`		`-`
`213`		`-privatevoidSyncSessionController_StateChanged(object?_,SyncSessionControllerStateModelmodel)`
`214`		`-{`
`215`		`-SetPageByState(_rpcController.GetState(),_credentialManager.GetCachedCredentials(),model);`
	`203`	`+SetPageByState(_rpcController.GetState(),model);`
`216`	`204`	`}`
`217`	`205`
`218`	`206`	`// Sadly this is necessary because Window.Content.SizeChanged doesn't`

`‎Tests.App/Services/CredentialManagerTest.cs‎`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -317,7 +317,10 @@ public async Task SetDuringLoad(CancellationToken ct)`
`317`	`317`	`varloadTask=manager.LoadCredentials(ct);`
`318`	`318`	`// Then fully perform a set.`
`319`	`319`	`awaitmanager.SetCredentials(TestServerUrl,TestApiToken,ct).WaitAsync(ct);`
`320`		`-// The load should have been cancelled.`
`321`		`-Assert.ThrowsAsync<TaskCanceledException>(()=>loadTask);`
	`320`	`+`
	`321`	`+// The load should complete with the new valid credentials`
	`322`	`+varresult=awaitloadTask;`
	`323`	`+Assert.That(result.State,Is.EqualTo(CredentialState.Valid));`
	`324`	`+Assert.That(result.CoderUrl?.ToString(),Is.EqualTo(TestServerUrl));`
`322`	`325`	`}`
`323`	`326`	`}`

`‎Vpn.Proto/vpn.proto‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ message ServiceMessage {`
`62`	`62`	`StartResponsestart=2;`
`63`	`63`	`StopResponsestop=3;`
`64`	`64`	`Statusstatus=4;// either in reply to a StatusRequest or broadcasted`
`65`		`-StartProgressstart_progress=5;// broadcasted during startup`
	`65`	`+StartProgressstart_progress=5;// broadcasted during startup (used exclusively by Windows)`
`66`	`66`	`}`
`67`	`67`	`}`
`68`	`68`
`@@ -214,6 +214,7 @@ message NetworkSettingsResponse {`
`214`	`214`	`// StartResponse.`
`215`	`215`	`messageStartRequest {`
`216`	`216`	`int32tunnel_file_descriptor=1;`
	`217`	`+booltunnel_use_soft_net_isolation=8;`
`217`	`218`	`stringcoder_url=2;`
`218`	`219`	`stringapi_token=3;`
`219`	`220`	`// Additional HTTP headers added to all requests`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit814b412

File tree

10 files changed

10 files changed

`‎App/App.xaml.cs‎`

`‎App/Models/Settings.cs‎`

`‎App/Services/CredentialManager.cs‎`

`‎App/Services/RpcController.cs‎`

`‎App/ViewModels/SettingsViewModel.cs‎`

`‎App/Views/Pages/SettingsMainPage.xaml‎`

`‎App/Views/SettingsWindow.xaml‎`

`‎App/Views/TrayWindow.xaml.cs‎`

`‎Tests.App/Services/CredentialManagerTest.cs‎`

`‎Vpn.Proto/vpn.proto‎`

0 commit comments