chore: clear session on launch if vpn unconfigured (#76)

ethanndickson · web-flow · commit 98c184da3068 · 2025-02-25T21:20:44.000+11:00
diff --git a/Coder Desktop/Coder Desktop/Coder_DesktopApp.swift b/Coder Desktop/Coder Desktop/Coder_DesktopApp.swift
@@ -49,6 +49,14 @@ class AppDelegate: NSObject, NSApplicationDelegate {
             name: .NEVPNStatusDidChange,
             object: nil
         )
+        Task {
+            // If there's no NE config, then the user needs to sign in.
+            // However, they might have a session from a previous install, so we
+            // need to clear it.
+            if await !vpn.loadNetworkExtensionConfig() {
+                state.clearSession()
+            }
+        }
     }
 
     // This function MUST eventually call `NSApp.reply(toApplicationShouldTerminate: true)`
diff --git a/Coder Desktop/Coder Desktop/NetworkExtension.swift b/Coder Desktop/Coder Desktop/NetworkExtension.swift
@@ -24,13 +24,16 @@ enum NetworkExtensionState: Equatable {
 /// An actor that handles configuring, enabling, and disabling the VPN tunnel via the
 /// NetworkExtension APIs.
 extension CoderVPNService {
-    func loadNetworkExtensionConfig() async {
+    // Attempts to load the NetworkExtension configuration, returning true if successful.
+    func loadNetworkExtensionConfig() async -> Bool {
         do {
             let tm = try await getTunnelManager()
             neState = .disabled
             serverAddress = tm.protocolConfiguration?.serverAddress
+            return true
         } catch {
             neState = .unconfigured
+            return false
         }
     }
 
diff --git a/Coder Desktop/Coder Desktop/VPNService.swift b/Coder Desktop/Coder Desktop/VPNService.swift
@@ -35,6 +35,8 @@ enum VPNServiceError: Error, Equatable {
             state.description
         }
     }
+
+    var localizedDescription: String { description }
 }
 
 @MainActor
@@ -67,9 +69,6 @@ final class CoderVPNService: NSObject, VPNService {
     override init() {
         super.init()
         installSystemExtension()
-        Task {
-            await loadNetworkExtensionConfig()
-        }
     }
 
     deinit {
diff --git a/Coder Desktop/Coder Desktop/Views/LoginForm.swift b/Coder Desktop/Coder Desktop/Views/LoginForm.swift
@@ -204,6 +204,8 @@ enum LoginError: Error {
             "Could not authenticate with Coder deployment:\n\(err.description)"
         }
     }
+
+    var localizedDescription: String { description }
 }
 
 enum LoginPage {
diff --git a/Coder Desktop/Coder Desktop/Views/VPNMenu.swift b/Coder Desktop/Coder Desktop/Views/VPNMenu.swift
@@ -89,6 +89,7 @@ struct VPNMenu<VPN: VPNService>: View {
         !state.hasSession ||
             vpn.state == .connecting ||
             vpn.state == .disconnecting ||
+            // Prevent starting the VPN before the user has approved the system extension.
             vpn.state == .failed(.systemExtensionError(.needsUserApproval))
     }
 }
diff --git a/Coder Desktop/CoderSDK/Client.swift b/Coder Desktop/CoderSDK/Client.swift
@@ -134,4 +134,6 @@ public enum ClientError: Error {
             "Failed to encode body: \(error)"
         }
     }
+
+    public var localizedDescription: String { description }
 }
diff --git a/Coder Desktop/VPN/Manager.swift b/Coder Desktop/VPN/Manager.swift
@@ -276,6 +276,8 @@ enum ManagerError: Error {
             "Failed to communicate with dylib over tunnel: \(err)"
         }
     }
+
+    var localizedDescription: String { description }
 }
 
 func writeVpnLog(_ log: Vpn_Log) {
diff --git a/Coder Desktop/VPN/TunnelHandle.swift b/Coder Desktop/VPN/TunnelHandle.swift
@@ -82,6 +82,8 @@ enum TunnelHandleError: Error {
         case let .close(errs): "close tunnel: \(errs.map(\.localizedDescription).joined(separator: ", "))"
         }
     }
+
+    var localizedDescription: String { description }
 }
 
 enum OpenTunnelError: Int32 {
diff --git a/Coder Desktop/VPNLib/Download.swift b/Coder Desktop/VPNLib/Download.swift
@@ -11,7 +11,7 @@ public enum ValidationError: Error {
     case missingInfoPList
     case invalidVersion(version: String?)
 
-    public var errorDescription: String? {
+    public var description: String {
         switch self {
         case .fileNotFound:
             "The file does not exist."
@@ -31,6 +31,8 @@ public enum ValidationError: Error {
             "Info.plist is not embedded within the dylib."
         }
     }
+
+    public var localizedDescription: String { description }
 }
 
 public class SignatureValidator {
@@ -156,7 +158,7 @@ public enum DownloadError: Error {
     case networkError(any Error)
     case fileOpError(any Error)
 
-    var localizedDescription: String {
+    public var description: String {
         switch self {
         case let .unexpectedStatusCode(code):
             "Unexpected HTTP status code: \(code)"
@@ -168,4 +170,6 @@ public enum DownloadError: Error {
             "Received non-HTTP response"
         }
     }
+
+    public var localizedDescription: String { description }
 }
diff --git a/Coder Desktop/VPNLib/Receiver.swift b/Coder Desktop/VPNLib/Receiver.swift
@@ -75,9 +75,18 @@ actor Receiver<RecvMsg: Message> {
     }
 }
 
-enum ReceiveError: Error {
+public enum ReceiveError: Error {
     case readError(String)
     case invalidLength
+
+    public var description: String {
+        switch self {
+        case let .readError(err): "read error: \(err)"
+        case .invalidLength: "invalid message length"
+        }
+    }
+
+    public var localizedDescription: String { description }
 }
 
 func deserializeLen(_ data: Data) throws -> UInt32 {
diff --git a/Coder Desktop/VPNLib/Speaker.swift b/Coder Desktop/VPNLib/Speaker.swift
@@ -290,6 +290,19 @@ public enum HandshakeError: Error {
     case wrongRole(String)
     case invalidVersion(String)
     case unsupportedVersion([ProtoVersion])
+
+    public var description: String {
+        switch self {
+        case let .readError(err): "read error: \(err)"
+        case let .writeError(err): "write error: \(err)"
+        case let .invalidHeader(err): "invalid header: \(err)"
+        case let .wrongRole(err): "wrong role: \(err)"
+        case let .invalidVersion(err): "invalid version: \(err)"
+        case let .unsupportedVersion(versions): "unsupported version: \(versions)"
+        }
+    }
+
+    public var localizedDescription: String { description }
 }
 
 public struct RPCRequest<SendMsg: RPCMessage & Message, RecvMsg: RPCMessage & Sendable>: Sendable {
@@ -314,6 +327,18 @@ enum RPCError: Error {
     case notAResponse
     case unknownResponseID(UInt64)
     case shutdown
+
+    var description: String {
+        switch self {
+        case .missingRPC: "missing RPC field"
+        case .notARequest: "not a request"
+        case .notAResponse: "not a response"
+        case let .unknownResponseID(id): "unknown response ID: \(id)"
+        case .shutdown: "RPC secretary has been shutdown"
+        }
+    }
+
+    var localizedDescription: String { description }
 }
 
 /// An actor to record outgoing RPCs and route their replies to the original sender

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,14 @@ class AppDelegate: NSObject, NSApplicationDelegate {`
`49`	`49`	`name: .NEVPNStatusDidChange,`
`50`	`50`	`object: nil`
`51`	`51`	`)`
	`52`	`+ Task {`
	`53`	`+ // If there's no NE config, then the user needs to sign in.`
	`54`	`+ // However, they might have a session from a previous install, so we`
	`55`	`+ // need to clear it.`
	`56`	`+ if await !vpn.loadNetworkExtensionConfig() {`
	`57`	`+ state.clearSession()`
	`58`	`+ }`
	`59`	`+ }`
`52`	`60`	`}`
`53`	`61`
`54`	`62`	// This function MUST eventually call `NSApp.reply(toApplicationShouldTerminate: true)`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,8 @@ enum VPNServiceError: Error, Equatable {`
`35`	`35`	`state.description`
`36`	`36`	`}`
`37`	`37`	`}`
	`38`	`+`
	`39`	`+ var localizedDescription: String { description }`
`38`	`40`	`}`
`39`	`41`
`40`	`42`	`@MainActor`
`@@ -67,9 +69,6 @@ final class CoderVPNService: NSObject, VPNService {`
`67`	`69`	`override init() {`
`68`	`70`	`super.init()`
`69`	`71`	`installSystemExtension()`
`70`		`- Task {`
`71`		`- await loadNetworkExtensionConfig()`
`72`		`- }`
`73`	`72`	`}`
`74`	`73`
`75`	`74`	`deinit {`
Original file line number	Diff line number	Diff line change
`@@ -204,6 +204,8 @@ enum LoginError: Error {`
`204`	`204`	`"Could not authenticate with Coder deployment:\n\(err.description)"`
`205`	`205`	`}`
`206`	`206`	`}`
	`207`	`+`
	`208`	`+ var localizedDescription: String { description }`
`207`	`209`	`}`
`208`	`210`
`209`	`211`	`enum LoginPage {`
Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,7 @@ struct VPNMenu<VPN: VPNService>: View {`
`89`	`89`	`!state.hasSession \|\|`
`90`	`90`	`vpn.state == .connecting \|\|`
`91`	`91`	`vpn.state == .disconnecting \|\|`
	`92`	`+ // Prevent starting the VPN before the user has approved the system extension.`
`92`	`93`	`vpn.state == .failed(.systemExtensionError(.needsUserApproval))`
`93`	`94`	`}`
`94`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -134,4 +134,6 @@ public enum ClientError: Error {`
`134`	`134`	`"Failed to encode body: \(error)"`
`135`	`135`	`}`
`136`	`136`	`}`
	`137`	`+`
	`138`	`+ public var localizedDescription: String { description }`
`137`	`139`	`}`
Original file line number	Diff line number	Diff line change
`@@ -276,6 +276,8 @@ enum ManagerError: Error {`
`276`	`276`	`"Failed to communicate with dylib over tunnel: \(err)"`
`277`	`277`	`}`
`278`	`278`	`}`
	`279`	`+`
	`280`	`+ var localizedDescription: String { description }`
`279`	`281`	`}`
`280`	`282`
`281`	`283`	`func writeVpnLog(_ log: Vpn_Log) {`
Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,8 @@ enum TunnelHandleError: Error {`
`82`	`82`	`case let .close(errs): "close tunnel: \(errs.map(\.localizedDescription).joined(separator: ", "))"`
`83`	`83`	`}`
`84`	`84`	`}`
	`85`	`+`
	`86`	`+ var localizedDescription: String { description }`
`85`	`87`	`}`
`86`	`88`
`87`	`89`	`enum OpenTunnelError: Int32 {`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ public enum ValidationError: Error {`
`11`	`11`	`case missingInfoPList`
`12`	`12`	`case invalidVersion(version: String?)`
`13`	`13`
`14`		`- public var errorDescription: String? {`
	`14`	`+ public var description: String {`
`15`	`15`	`switch self {`
`16`	`16`	`case .fileNotFound:`
`17`	`17`	`"The file does not exist."`
`@@ -31,6 +31,8 @@ public enum ValidationError: Error {`
`31`	`31`	`"Info.plist is not embedded within the dylib."`
`32`	`32`	`}`
`33`	`33`	`}`
	`34`	`+`
	`35`	`+ public var localizedDescription: String { description }`
`34`	`36`	`}`
`35`	`37`
`36`	`38`	`public class SignatureValidator {`
`@@ -156,7 +158,7 @@ public enum DownloadError: Error {`
`156`	`158`	`case networkError(any Error)`
`157`	`159`	`case fileOpError(any Error)`
`158`	`160`
`159`		`- var localizedDescription: String {`
	`161`	`+ public var description: String {`
`160`	`162`	`switch self {`
`161`	`163`	`case let .unexpectedStatusCode(code):`
`162`	`164`	`"Unexpected HTTP status code: \(code)"`
`@@ -168,4 +170,6 @@ public enum DownloadError: Error {`
`168`	`170`	`"Received non-HTTP response"`
`169`	`171`	`}`
`170`	`172`	`}`
	`173`	`+`
	`174`	`+ public var localizedDescription: String { description }`
`171`	`175`	`}`
Original file line number	Diff line number	Diff line change
`@@ -75,9 +75,18 @@ actor Receiver<RecvMsg: Message> {`
`75`	`75`	`}`
`76`	`76`	`}`
`77`	`77`
`78`		`-enum ReceiveError: Error {`
	`78`	`+public enum ReceiveError: Error {`
`79`	`79`	`case readError(String)`
`80`	`80`	`case invalidLength`
	`81`	`+`
	`82`	`+ public var description: String {`
	`83`	`+ switch self {`
	`84`	`+ case let .readError(err): "read error: \(err)"`
	`85`	`+ case .invalidLength: "invalid message length"`
	`86`	`+ }`
	`87`	`+ }`
	`88`	`+`
	`89`	`+ public var localizedDescription: String { description }`
`81`	`90`	`}`
`82`	`91`
`83`	`92`	`func deserializeLen(_ data: Data) throws -> UInt32 {`