fix: pass configured http headers to network extension

ethanndickson · ethanndickson · commit 67ea6168fc3b · 2025-02-18T22:57:45.000+11:00
diff --git a/Coder Desktop/Coder Desktop/State.swift b/Coder Desktop/Coder Desktop/State.swift
@@ -31,13 +31,15 @@ class AppState: ObservableObject {
 
     @Published var useLiteralHeaders: Bool = UserDefaults.standard.bool(forKey: Keys.useLiteralHeaders) {
         didSet {
+            if let onChange { onChange(tunnelProviderProtocol()) }
             guard persistent else { return }
             UserDefaults.standard.set(useLiteralHeaders, forKey: Keys.useLiteralHeaders)
         }
     }
 
     @Published var literalHeaders: [LiteralHeader] {
         didSet {
+            if let onChange { onChange(tunnelProviderProtocol()) }
             guard persistent else { return }
             try? UserDefaults.standard.set(JSONEncoder().encode(literalHeaders), forKey: Keys.literalHeaders)
         }
@@ -57,13 +59,17 @@ class AppState: ObservableObject {
         // HACK: We can't write to the system keychain, and the user keychain
         // isn't accessible, so we'll use providerConfiguration, which is over XPC.
         proto.providerConfiguration = ["token": sessionToken!]
+        if useLiteralHeaders, let headers = try? JSONEncoder().encode(literalHeaders) {
+            proto.providerConfiguration?["literalHeaders"] = headers
+        }
         proto.serverAddress = baseAccessURL!.absoluteString
         return proto
     }
 
     private let keychain: Keychain
     private let persistent: Bool
 
+    // This closure must be called when any property used to configure the VPN changes
     let onChange: ((NETunnelProviderProtocol?) -> Void)?
 
     public init(onChange: ((NETunnelProviderProtocol?) -> Void)? = nil,
@@ -125,20 +131,20 @@ class AppState: ObservableObject {
 }
 
 struct LiteralHeader: Hashable, Identifiable, Equatable, Codable {
-    var header: String
+    var name: String
     var value: String
     var id: String {
-        "\(header):\(value)"
+        "\(name):\(value)"
     }
 
-    init(header: String, value: String) {
-        self.header = header
+    init(name: String, value: String) {
+        self.name = name
         self.value = value
     }
 }
 
 extension LiteralHeader {
     func toSDKHeader() -> HTTPHeader {
-        .init(header: header, value: value)
+        .init(name: name, value: value)
     }
 }
diff --git a/Coder Desktop/Coder Desktop/Views/Settings/LiteralHeaderModal.swift b/Coder Desktop/Coder Desktop/Views/Settings/LiteralHeaderModal.swift
@@ -26,7 +26,7 @@ struct LiteralHeaderModal: View {
             }.padding(20)
         }.onAppear {
             if let existingHeader {
-                header = existingHeader.header
+                header = existingHeader.name
                 value = existingHeader.value
             }
         }
@@ -37,7 +37,7 @@ struct LiteralHeaderModal: View {
         if let existingHeader {
             state.literalHeaders.removeAll { $0 == existingHeader }
         }
-        let newHeader = LiteralHeader(header: header, value: value)
+        let newHeader = LiteralHeader(name: header, value: value)
         if !state.literalHeaders.contains(newHeader) {
             state.literalHeaders.append(newHeader)
         }
diff --git a/Coder Desktop/Coder Desktop/Views/Settings/LiteralHeadersSection.swift b/Coder Desktop/Coder Desktop/Views/Settings/LiteralHeadersSection.swift
@@ -20,7 +20,7 @@ struct LiteralHeadersSection<VPN: VPNService>: View {
             .controlSize(.large)
 
             Table(state.literalHeaders, selection: $selectedHeader) {
-                TableColumn("Header", value: \.header)
+                TableColumn("Header", value: \.name)
                 TableColumn("Value", value: \.value)
             }.opacity(state.useLiteralHeaders ? 1 : 0.5)
                 .frame(minWidth: 400, minHeight: 200)
diff --git a/Coder Desktop/CoderSDK/Client.swift b/Coder Desktop/CoderSDK/Client.swift
@@ -33,7 +33,7 @@ public struct Client {
         if let token { req.addValue(token, forHTTPHeaderField: Headers.sessionToken) }
         req.httpMethod = method.rawValue
         for header in headers {
-            req.addValue(header.value, forHTTPHeaderField: header.header)
+            req.addValue(header.value, forHTTPHeaderField: header.name)
         }
         req.httpBody = body
         let data: Data
diff --git a/Coder Desktop/CoderSDK/HTTP.swift b/Coder Desktop/CoderSDK/HTTP.swift
@@ -6,11 +6,11 @@ public struct HTTPResponse {
     let req: URLRequest
 }
 
-public struct HTTPHeader: Sendable {
-    public let header: String
+public struct HTTPHeader: Sendable, Codable {
+    public let name: String
     public let value: String
-    public init(header: String, value: String) {
-        self.header = header
+    public init(name: String, value: String) {
+        self.name = name
         self.value = value
     }
 }
diff --git a/Coder Desktop/CoderSDKTests/CoderSDKTests.swift b/Coder Desktop/CoderSDKTests/CoderSDKTests.swift
@@ -28,7 +28,7 @@ struct CoderSDKTests {
 
         let url = URL(string: "https://example.com")!
         let token = "fake-token"
-        let client = Client(url: url, token: token, headers: [.init(header: "X-Test-Header", value: "foo")])
+        let client = Client(url: url, token: token, headers: [.init(name: "X-Test-Header", value: "foo")])
         var mock = try Mock(
             url: url.appending(path: "api/v2/users/johndoe"),
             contentType: .json,
diff --git a/Coder Desktop/VPN/Manager.swift b/Coder Desktop/VPN/Manager.swift
@@ -54,7 +54,6 @@ actor Manager {
         do {
             try tunnelHandle = TunnelHandle(dylibPath: dest)
         } catch {
-            logger.error("couldn't open dylib \(error, privacy: .public)")
             throw .tunnelSetup(error)
         }
         speaker = await Speaker<Vpn_ManagerMessage, Vpn_TunnelMessage>(
@@ -164,6 +163,12 @@ actor Manager {
                         req.tunnelFileDescriptor = tunFd
                         req.apiToken = cfg.apiToken
                         req.coderURL = cfg.serverUrl.absoluteString
+                        req.headers = cfg.literalHeaders.map { header in
+                            .with { req in
+                                req.name = header.name
+                                req.value = header.value
+                            }
+                        }
                     }
                 })
         } catch {
@@ -223,6 +228,7 @@ actor Manager {
 struct ManagerConfig {
     let apiToken: String
     let serverUrl: URL
+    let literalHeaders: [HTTPHeader]
 }
 
 enum ManagerError: Error {
diff --git a/Coder Desktop/VPN/PacketTunnelProvider.swift b/Coder Desktop/VPN/PacketTunnelProvider.swift
@@ -1,3 +1,4 @@
+import CoderSDK
 import NetworkExtension
 import os
 import VPNLib
@@ -65,6 +66,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {
             completionHandler(makeNSError(suffix: "PTP", desc: "Missing Token"))
             return
         }
+        let headers: [HTTPHeader] = (proto.providerConfiguration?["literalHeaders"] as? Data)
+            .flatMap { try? JSONDecoder().decode([HTTPHeader].self, from: $0) } ?? []
         logger.debug("retrieved token & access URL")
         let completionHandler = CallbackWrapper(completionHandler)
         Task {
@@ -73,7 +76,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {
                 let manager = try await Manager(
                     with: self,
                     cfg: .init(
-                        apiToken: token, serverUrl: .init(string: baseAccessURL)!
+                        apiToken: token, serverUrl: .init(string: baseAccessURL)!,
+                        literalHeaders: headers
                     )
                 )
                 globalXPCListenerDelegate.vpnXPCInterface.manager = manager

Original file line number	Diff line number	Diff line change
`@@ -31,13 +31,15 @@ class AppState: ObservableObject {`
`31`	`31`
`32`	`32`	`@Published var useLiteralHeaders: Bool = UserDefaults.standard.bool(forKey: Keys.useLiteralHeaders) {`
`33`	`33`	`didSet {`
	`34`	`+ if let onChange { onChange(tunnelProviderProtocol()) }`
`34`	`35`	`guard persistent else { return }`
`35`	`36`	`UserDefaults.standard.set(useLiteralHeaders, forKey: Keys.useLiteralHeaders)`
`36`	`37`	`}`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`@Published var literalHeaders: [LiteralHeader] {`
`40`	`41`	`didSet {`
	`42`	`+ if let onChange { onChange(tunnelProviderProtocol()) }`
`41`	`43`	`guard persistent else { return }`
`42`	`44`	`try? UserDefaults.standard.set(JSONEncoder().encode(literalHeaders), forKey: Keys.literalHeaders)`
`43`	`45`	`}`
`@@ -57,13 +59,17 @@ class AppState: ObservableObject {`
`57`	`59`	`// HACK: We can't write to the system keychain, and the user keychain`
`58`	`60`	`// isn't accessible, so we'll use providerConfiguration, which is over XPC.`
`59`	`61`	`proto.providerConfiguration = ["token": sessionToken!]`
	`62`	`+ if useLiteralHeaders, let headers = try? JSONEncoder().encode(literalHeaders) {`
	`63`	`+ proto.providerConfiguration?["literalHeaders"] = headers`
	`64`	`+ }`
`60`	`65`	`proto.serverAddress = baseAccessURL!.absoluteString`
`61`	`66`	`return proto`
`62`	`67`	`}`
`63`	`68`
`64`	`69`	`private let keychain: Keychain`
`65`	`70`	`private let persistent: Bool`
`66`	`71`
	`72`	`+ // This closure must be called when any property used to configure the VPN changes`
`67`	`73`	`let onChange: ((NETunnelProviderProtocol?) -> Void)?`
`68`	`74`
`69`	`75`	`public init(onChange: ((NETunnelProviderProtocol?) -> Void)? = nil,`
`@@ -125,20 +131,20 @@ class AppState: ObservableObject {`
`125`	`131`	`}`
`126`	`132`
`127`	`133`	`struct LiteralHeader: Hashable, Identifiable, Equatable, Codable {`
`128`		`- var header: String`
	`134`	`+ var name: String`
`129`	`135`	`var value: String`
`130`	`136`	`var id: String {`
`131`		`- "\(header):\(value)"`
	`137`	`+ "\(name):\(value)"`
`132`	`138`	`}`
`133`	`139`
`134`		`- init(header: String, value: String) {`
`135`		`- self.header = header`
	`140`	`+ init(name: String, value: String) {`
	`141`	`+ self.name = name`
`136`	`142`	`self.value = value`
`137`	`143`	`}`
`138`	`144`	`}`
`139`	`145`
`140`	`146`	`extension LiteralHeader {`
`141`	`147`	`func toSDKHeader() -> HTTPHeader {`
`142`		`- .init(header: header, value: value)`
	`148`	`+ .init(name: name, value: value)`
`143`	`149`	`}`
`144`	`150`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ struct LiteralHeaderModal: View {`
`26`	`26`	`}.padding(20)`
`27`	`27`	`}.onAppear {`
`28`	`28`	`if let existingHeader {`
`29`		`- header = existingHeader.header`
	`29`	`+ header = existingHeader.name`
`30`	`30`	`value = existingHeader.value`
`31`	`31`	`}`
`32`	`32`	`}`
`@@ -37,7 +37,7 @@ struct LiteralHeaderModal: View {`
`37`	`37`	`if let existingHeader {`
`38`	`38`	`state.literalHeaders.removeAll { $0 == existingHeader }`
`39`	`39`	`}`
`40`		`- let newHeader = LiteralHeader(header: header, value: value)`
	`40`	`+ let newHeader = LiteralHeader(name: header, value: value)`
`41`	`41`	`if !state.literalHeaders.contains(newHeader) {`
`42`	`42`	`state.literalHeaders.append(newHeader)`
`43`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public struct Client {`
`33`	`33`	`if let token { req.addValue(token, forHTTPHeaderField: Headers.sessionToken) }`
`34`	`34`	`req.httpMethod = method.rawValue`
`35`	`35`	`for header in headers {`
`36`		`- req.addValue(header.value, forHTTPHeaderField: header.header)`
	`36`	`+ req.addValue(header.value, forHTTPHeaderField: header.name)`
`37`	`37`	`}`
`38`	`38`	`req.httpBody = body`
`39`	`39`	`let data: Data`
Original file line number	Diff line number	Diff line change
`@@ -6,11 +6,11 @@ public struct HTTPResponse {`
`6`	`6`	`let req: URLRequest`
`7`	`7`	`}`
`8`	`8`
`9`		`-public struct HTTPHeader: Sendable {`
`10`		`- public let header: String`
	`9`	`+public struct HTTPHeader: Sendable, Codable {`
	`10`	`+ public let name: String`
`11`	`11`	`public let value: String`
`12`		`- public init(header: String, value: String) {`
`13`		`- self.header = header`
	`12`	`+ public init(name: String, value: String) {`
	`13`	`+ self.name = name`
`14`	`14`	`self.value = value`
`15`	`15`	`}`
`16`	`16`	`}`