fix: start coder connect on launch after SE is installed (#113)

This is a fix for #108. Previously we would start the VPN immediately on launch if the config option was true. This starting of the VPN raced with any concurrent upgrades of the network extension, causing the VPN to be started with a VPN config belonging to the older network extension, and producing a consistent error message: 
![image](https://github.com/user-attachments/assets/a69932cb-4c86-4d45-8ab5-5843e255f395)

Instead, we should only start the VPN once we know that the system extension and VPN configuration are installed.

Author: ethanndickson

Coder-Desktop/Coder-Desktop/Coder_DesktopApp.swift

@@ -37,6 +37,10 @@ class AppDelegate: NSObject, NSApplicationDelegate {
         vpn = CoderVPNService()
         state = AppState(onChange: vpn.configureTunnelProviderProtocol)
         fileSyncDaemon = MutagenDaemon()
+        if state.startVPNOnLaunch {
+            vpn.startWhenReady = true
+        }
+        vpn.installSystemExtension()
     }
 
     func applicationDidFinishLaunching(_: Notification) {
@@ -68,16 +72,17 @@ class AppDelegate: NSObject, NSApplicationDelegate {
             if await !vpn.loadNetworkExtensionConfig() {
                 state.reconfigure()
             }
-            if state.startVPNOnLaunch {
-                await vpn.start()
-            }
         }
         // TODO: Start the daemon only once a file sync is configured
         Task {
             await fileSyncDaemon.start()
         }
     }
 
+    deinit {
+        NotificationCenter.default.removeObserver(self)
+    }
+
     // This function MUST eventually call `NSApp.reply(toApplicationShouldTerminate: true)`
     // or return `.terminateNow`
     func applicationShouldTerminate(_: NSApplication) -> NSApplication.TerminateReply {

Coder-Desktop/Coder-Desktop/VPN/VPNService.swift

@@ -18,6 +18,16 @@ enum VPNServiceState: Equatable {
     case disconnecting
     case connected
     case failed(VPNServiceError)
+
+    var canBeStarted: Bool {
+        switch self {
+        // A tunnel failure should not prevent a reconnect attempt
+        case .disabled, .failed:
+            true
+        default:
+            false
+        }
+    }
 }
 
 enum VPNServiceError: Error, Equatable {
@@ -54,11 +64,18 @@ final class CoderVPNService: NSObject, VPNService {
         guard neState == .enabled || neState == .disabled else {
             return .failed(.networkExtensionError(neState))
         }
+        if startWhenReady, tunnelState.canBeStarted {
+            startWhenReady = false
+            Task { await start() }
+        }
         return tunnelState
     }
 
     @Published var menuState: VPNMenuState = .init()
 
+    // Whether the VPN should start as soon as possible
+    var startWhenReady: Bool = false
+
     // systemExtnDelegate holds a reference to the SystemExtensionDelegate so that it doesn't get
     // garbage collected while the OSSystemExtensionRequest is in flight, since the OS framework
     // only stores a weak reference to the delegate.
@@ -68,11 +85,6 @@ final class CoderVPNService: NSObject, VPNService {
 
     override init() {
         super.init()
-        installSystemExtension()
-    }
-
-    deinit {
-        NotificationCenter.default.removeObserver(self)
     }
 
     func start() async {

Coder-Desktop/Coder-DesktopTests/LoginFormTests.swift

@@ -107,6 +107,12 @@ struct LoginTests {
             data: [.get: Client.encoder.encode(buildInfo)]
         ).register()
 
+        try Mock(
+            url: url.appendingPathComponent("/api/v2/users/me"),
+            statusCode: 200,
+            data: [.get: Client.encoder.encode(User(id: UUID(), username: "username"))]
+        ).register()
+
         try await ViewHosting.host(view) {
             try await sut.inspection.inspect { view in
                 try view.find(ViewType.TextField.self).setInput(url.absoluteString)