passepartout-apple/Passepartout/Shared/Shared.swift

//
//  Shared.swift
//  Passepartout
//
//  Created by Davide De Rosa on 2/25/24.
//  Copyright (c) 2024 Davide De Rosa. All rights reserved.
//
//  https://github.com/passepartoutvpn
//
//  This file is part of Passepartout.
//
//  Passepartout is free software: you can redistribute it and/or modify
//  it under the terms of the GNU General Public License as published by
//  the Free Software Foundation, either version 3 of the License, or
//  (at your option) any later version.
//
//  Passepartout is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//  GNU General Public License for more details.
//
//  You should have received a copy of the GNU General Public License
//  along with Passepartout.  If not, see <http://www.gnu.org/licenses/>.
//

import CommonLibrary
import CommonUtils
import CPassepartoutOpenVPNOpenSSL
import Foundation
import PassepartoutKit
import PassepartoutWireGuardGo

// MARK: Registry

extension Registry {
    static let shared = Registry(
        withKnownHandlers: true,
        allImplementations: [
            OpenVPNModule.Implementation(
                prng: SecureRandom(),
                dns: CFDNSResolver(),
                importer: StandardOpenVPNParser(decrypter: OSSLTLSBox()),
                sessionBlock: { _, module in
                    guard let configuration = module.configuration else {
                        fatalError("Creating session without OpenVPN configuration?")
                    }
                    return try OpenVPNSession(
                        configuration: configuration,
                        credentials: module.credentials,
                        prng: SecureRandom(),
                        tlsFactory: {
                            OSSLTLSBox()
                        },
                        cryptoFactory: {
                            OSSLCryptoBox()
                        },
                        cachesURL: FileManager.default.temporaryDirectory
                    )
                }
            ),
            WireGuardModule.Implementation(
                keyGenerator: StandardWireGuardKeyGenerator(),
                importer: StandardWireGuardParser(),
                connectionBlock: { parameters, module in
                    try GoWireGuardConnection(parameters: parameters, module: module)
                }
            )
        ]
    )

    static var sharedProtocolCoder: KeychainNEProtocolCoder {
        KeychainNEProtocolCoder(
            tunnelBundleIdentifier: BundleConfiguration.mainString(for: .tunnelId),
            registry: .shared,
            coder: CodableProfileCoder(),
            keychain: AppleKeychain(group: BundleConfiguration.mainString(for: .keychainGroupId))
        )
    }
}

// MARK: TunnelEnvironment

extension TunnelEnvironment where Self == AppGroupEnvironment {
    static var shared: Self {
        AppGroupEnvironment(
            appGroup: BundleConfiguration.mainString(for: .groupId),
            prefix: "PassepartoutKit."
        )
    }
}

// MARK: IAPManager

extension IAPManager {
    static let shared: IAPManager = {
        let iapHelpers = Configuration.IAPManager.helpers
        return IAPManager(
            customUserLevel: Configuration.Environment.userLevel,
            inAppHelper: iapHelpers.productHelper,
            receiptReader: iapHelpers.receiptReader,
            productsAtBuild: Configuration.IAPManager.productsAtBuild
        )
    }()

    static let sharedProcessor = ProfileProcessor(
        iapManager: shared,
        title: {
            Configuration.ProfileManager.sharedTitle($0)
        },
        isIncluded: {
            Configuration.ProfileManager.isIncluded($0, $1)
        },
        willSave: {
            $1
        },
        willConnect: { iap, profile in
            var builder = profile.builder()

            // ineligible, suppress on-demand rules
            if !iap.isEligible(for: .onDemand) {
                pp_log(.app, .notice, "Ineligible, suppress on-demand rules")

                if let onDemandModuleIndex = builder.modules.firstIndex(where: { $0 is OnDemandModule }),
                   let onDemandModule = builder.modules[onDemandModuleIndex] as? OnDemandModule {

                    var onDemandBuilder = onDemandModule.builder()
                    onDemandBuilder.policy = .any
                    builder.modules[onDemandModuleIndex] = onDemandBuilder.tryBuild()
                }
            }

            // validate provider modules
            let profile = try builder.tryBuild()
            do {
                _ = try profile.withProviderModules()
                return profile
            } catch {
                pp_log(.app, .error, "Unable to inject provider modules: \(error)")
                throw error
            }
        }
    )
}

// MARK: - Configuration

enum Configuration {
    enum Environment {
    }

    enum ProfileManager {
    }

    enum IAPManager {
    }
}

// MARK: Environment

private extension Configuration.Environment {
    static var isFakeIAP: Bool {
        ProcessInfo.processInfo.environment["PP_FAKE_IAP"] == "1"
    }

    static var userLevel: AppUserLevel? {
        if let envString = ProcessInfo.processInfo.environment["PP_USER_LEVEL"],
           let envValue = Int(envString),
           let testAppType = AppUserLevel(rawValue: envValue) {

            return testAppType
        }
        if let infoValue = BundleConfiguration.mainIntegerIfPresent(for: .userLevel),
           let testAppType = AppUserLevel(rawValue: infoValue) {

            return testAppType
        }
        return nil
    }
}

// MARK: ProfileManager

extension Configuration.ProfileManager {
    static let sharedTitle: @Sendable (Profile) -> String = {
        String(format: Constants.shared.tunnel.profileTitleFormat, $0.name)
    }

#if os(tvOS)
    static let mirrorsRemoteRepository = true

    static let isIncluded: @MainActor @Sendable (CommonLibrary.IAPManager, Profile) -> Bool = {
        $1.attributes.isAvailableForTV == true
    }
#else
    static let mirrorsRemoteRepository = false

    static let isIncluded: @MainActor @Sendable (CommonLibrary.IAPManager, Profile) -> Bool = { _, _ in
        true
    }
#endif
}

// MARK: IAPManager

private extension Configuration.IAPManager {

    @MainActor
    static var helpers: (productHelper: any AppProductHelper, receiptReader: AppReceiptReader) {
        guard !Configuration.Environment.isFakeIAP else {
            let mockHelper = MockAppProductHelper()
            return (mockHelper, mockHelper.receiptReader)
        }
        let productHelper = StoreKitHelper(
            products: AppProduct.all,
            inAppIdentifier: {
                let prefix = BundleConfiguration.mainString(for: .iapBundlePrefix)
                return "\(prefix).\($0.rawValue)"
            }
        )
        let receiptReader = FallbackReceiptReader(
            reader: StoreKitReceiptReader(),
            localReader: {
                KvittoReceiptReader(url: $0)
            }
        )
        return (productHelper, receiptReader)
    }

    static let productsAtBuild: BuildProducts<AppProduct> = {
#if os(iOS)
        if $0 <= 2016 {
            return [.Full.iOS]
        } else if $0 <= 3000 {
            return [.Features.networkSettings]
        }
        return []
#elseif os(macOS)
        if $0 <= 3000 {
            return [.Features.networkSettings]
        }
        return []
#else
        return []
#endif
    }
}
Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`//`
			`// Shared.swift`
			`// Passepartout`
			`//`
			`// Created by Davide De Rosa on 2/25/24.`
			`// Copyright (c) 2024 Davide De Rosa. All rights reserved.`
			`//`
			`// https://github.com/passepartoutvpn`
			`//`
			`// This file is part of Passepartout.`
			`//`
			`// Passepartout is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// Passepartout is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU General Public License`
			`// along with Passepartout. If not, see <http://www.gnu.org/licenses/>.`
			`//`

Revisit in-app eligibility for iCloud sharing (#837) Restore .sharing feature: - Merge "Apple TV" into "iCloud" section - "Enabled", disabled if ineligible for .sharing - "Apple TV", disabled if ineligible for .appleTV \|\| !isShared - Footer about TV restrictions Paywalls: - "Share on iCloud" if ineligible for .sharing - "Drop TV restriction" if eligible for .sharing but not for .appleTV - Applies to full version products (user level 2) - Suggest Apple TV product Restrictions: - Toggle CloudKit sync on remote repository based on .sharing eligibility - Do not start tunnel on Apple TV if ineligible for .appleTV Fixes: - Incorrect zip() publishers in remote repository - Resolve duplicates in Core Data, first profile wins sorted by lastUpdate descending - Reload receipt on OOB IAPManager events 2024-11-09 14:20:59 +00:00			`import CommonLibrary`
			`import CommonUtils`
Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`import CPassepartoutOpenVPNOpenSSL`
			`import Foundation`
			`import PassepartoutKit`
			`import PassepartoutWireGuardGo`

Revisit in-app eligibility for iCloud sharing (#837) Restore .sharing feature: - Merge "Apple TV" into "iCloud" section - "Enabled", disabled if ineligible for .sharing - "Apple TV", disabled if ineligible for .appleTV \|\| !isShared - Footer about TV restrictions Paywalls: - "Share on iCloud" if ineligible for .sharing - "Drop TV restriction" if eligible for .sharing but not for .appleTV - Applies to full version products (user level 2) - Suggest Apple TV product Restrictions: - Toggle CloudKit sync on remote repository based on .sharing eligibility - Do not start tunnel on Apple TV if ineligible for .appleTV Fixes: - Incorrect zip() publishers in remote repository - Resolve duplicates in Core Data, first profile wins sorted by lastUpdate descending - Reload receipt on OOB IAPManager events 2024-11-09 14:20:59 +00:00			`// MARK: Registry`

Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`extension Registry {`
			`static let shared = Registry(`
			`withKnownHandlers: true,`
			`allImplementations: [`
			`OpenVPNModule.Implementation(`
			`prng: SecureRandom(),`
			`dns: CFDNSResolver(),`
			`importer: StandardOpenVPNParser(decrypter: OSSLTLSBox()),`
			`sessionBlock: { _, module in`
Create OpenVPN module without a configuration (#729) Update library to allow optional VPN configurations. This in turn allows a module to be used with a provider, where the configuration is generated on the fly. 2024-10-11 17:11:42 +00:00			`guard let configuration = module.configuration else {`
			`fatalError("Creating session without OpenVPN configuration?")`
			`}`
			`return try OpenVPNSession(`
			`configuration: configuration,`
Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`credentials: module.credentials,`
			`prng: SecureRandom(),`
			`tlsFactory: {`
			`OSSLTLSBox()`
			`},`
			`cryptoFactory: {`
			`OSSLCryptoBox()`
			`},`
			`cachesURL: FileManager.default.temporaryDirectory`
			`)`
			`}`
			`),`
			`WireGuardModule.Implementation(`
Decouple library from PassepartoutKit implementations (#834) Move the following dependencies: - OpenVPN/OpenSSL - WireGuard/Go up the chain until the main App/Tunnel targets, so that UILibrary and CommonLibrary can abstract from these unnecessary details. Instead, give module views access to generic implementations via Registry. Incidentally, this fixes an issue preventing TV previews from working due to OpenSSL linkage. 2024-11-08 11:37:09 +00:00			`keyGenerator: StandardWireGuardKeyGenerator(),`
Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`importer: StandardWireGuardParser(),`
			`connectionBlock: { parameters, module in`
			`try GoWireGuardConnection(parameters: parameters, module: module)`
			`}`
			`)`
			`]`
			`)`
In-place NetworkExtension profiles (#715) Profiles are being maintained in two places: - Core Data - NetworkExtension Core Data is redundant for local profiles, so make NetworkExtension the only source of truth. 2024-10-10 14:03:02 +00:00
			`static var sharedProtocolCoder: KeychainNEProtocolCoder {`
			`KeychainNEProtocolCoder(`
			`tunnelBundleIdentifier: BundleConfiguration.mainString(for: .tunnelId),`
			`registry: .shared,`
			`coder: CodableProfileCoder(),`
			`keychain: AppleKeychain(group: BundleConfiguration.mainString(for: .keychainGroupId))`
			`)`
			`}`
Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`}`

Revisit in-app eligibility for iCloud sharing (#837) Restore .sharing feature: - Merge "Apple TV" into "iCloud" section - "Enabled", disabled if ineligible for .sharing - "Apple TV", disabled if ineligible for .appleTV \|\| !isShared - Footer about TV restrictions Paywalls: - "Share on iCloud" if ineligible for .sharing - "Drop TV restriction" if eligible for .sharing but not for .appleTV - Applies to full version products (user level 2) - Suggest Apple TV product Restrictions: - Toggle CloudKit sync on remote repository based on .sharing eligibility - Do not start tunnel on Apple TV if ineligible for .appleTV Fixes: - Incorrect zip() publishers in remote repository - Resolve duplicates in Core Data, first profile wins sorted by lastUpdate descending - Reload receipt on OOB IAPManager events 2024-11-09 14:20:59 +00:00			`// MARK: TunnelEnvironment`
Reorganize shared objects (#716) Mainly: - Aggregate shared/mock entities in less scattered files - Review package dependencies Also: - Decouple ProfileRepository from Core Data Repository in UtilsLibrary (filters done by ProfileManager) 2024-10-10 14:20:36 +00:00
Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`extension TunnelEnvironment where Self == AppGroupEnvironment {`
			`static var shared: Self {`
			`AppGroupEnvironment(`
Decouple Constants from BundleConfiguration (#635) Fixes #619 2024-09-28 17:05:47 +00:00			`appGroup: BundleConfiguration.mainString(for: .groupId),`
Import v3 code (#597) Closes #565 2024-09-23 13:02:26 +00:00			`prefix: "PassepartoutKit."`
			`)`
			`}`
			`}`
Revisit in-app eligibility for iCloud sharing (#837) Restore .sharing feature: - Merge "Apple TV" into "iCloud" section - "Enabled", disabled if ineligible for .sharing - "Apple TV", disabled if ineligible for .appleTV \|\| !isShared - Footer about TV restrictions Paywalls: - "Share on iCloud" if ineligible for .sharing - "Drop TV restriction" if eligible for .sharing but not for .appleTV - Applies to full version products (user level 2) - Suggest Apple TV product Restrictions: - Toggle CloudKit sync on remote repository based on .sharing eligibility - Do not start tunnel on Apple TV if ineligible for .appleTV Fixes: - Incorrect zip() publishers in remote repository - Resolve duplicates in Core Data, first profile wins sorted by lastUpdate descending - Reload receipt on OOB IAPManager events 2024-11-09 14:20:59 +00:00
			`// MARK: IAPManager`

			`extension IAPManager {`
			`static let shared: IAPManager = {`
			`let iapHelpers = Configuration.IAPManager.helpers`
			`return IAPManager(`
			`customUserLevel: Configuration.Environment.userLevel,`
			`inAppHelper: iapHelpers.productHelper,`
			`receiptReader: iapHelpers.receiptReader,`
			`productsAtBuild: Configuration.IAPManager.productsAtBuild`
			`)`
			`}()`

			`static let sharedProcessor = ProfileProcessor(`
			`iapManager: shared,`
			`title: {`
			`Configuration.ProfileManager.sharedTitle($0)`
			`},`
			`isIncluded: {`
			`Configuration.ProfileManager.isIncluded($0, $1)`
			`},`
			`willSave: {`
			`$1`
			`},`
			`willConnect: { iap, profile in`
			`var builder = profile.builder()`

			`// ineligible, suppress on-demand rules`
			`if !iap.isEligible(for: .onDemand) {`
			`pp_log(.app, .notice, "Ineligible, suppress on-demand rules")`

			`if let onDemandModuleIndex = builder.modules.firstIndex(where: { $0 is OnDemandModule }),`
			`let onDemandModule = builder.modules[onDemandModuleIndex] as? OnDemandModule {`

			`var onDemandBuilder = onDemandModule.builder()`
			`onDemandBuilder.policy = .any`
			`builder.modules[onDemandModuleIndex] = onDemandBuilder.tryBuild()`
			`}`
			`}`

			`// validate provider modules`
			`let profile = try builder.tryBuild()`
			`do {`
			`_ = try profile.withProviderModules()`
			`return profile`
			`} catch {`
			`pp_log(.app, .error, "Unable to inject provider modules: \(error)")`
			`throw error`
			`}`
			`}`
			`)`
			`}`

			`// MARK: - Configuration`

			`enum Configuration {`
			`enum Environment {`
			`}`

			`enum ProfileManager {`
			`}`

			`enum IAPManager {`
			`}`
			`}`

			`// MARK: Environment`

			`private extension Configuration.Environment {`
			`static var isFakeIAP: Bool {`
			`ProcessInfo.processInfo.environment["PP_FAKE_IAP"] == "1"`
			`}`

			`static var userLevel: AppUserLevel? {`
			`if let envString = ProcessInfo.processInfo.environment["PP_USER_LEVEL"],`
			`let envValue = Int(envString),`
			`let testAppType = AppUserLevel(rawValue: envValue) {`

			`return testAppType`
			`}`
			`if let infoValue = BundleConfiguration.mainIntegerIfPresent(for: .userLevel),`
			`let testAppType = AppUserLevel(rawValue: infoValue) {`

			`return testAppType`
			`}`
			`return nil`
			`}`
			`}`

			`// MARK: ProfileManager`

			`extension Configuration.ProfileManager {`
			`static let sharedTitle: @Sendable (Profile) -> String = {`
			`String(format: Constants.shared.tunnel.profileTitleFormat, $0.name)`
			`}`

			`#if os(tvOS)`
			`static let mirrorsRemoteRepository = true`

			`static let isIncluded: @MainActor @Sendable (CommonLibrary.IAPManager, Profile) -> Bool = {`
			`$1.attributes.isAvailableForTV == true`
			`}`
			`#else`
			`static let mirrorsRemoteRepository = false`

			`static let isIncluded: @MainActor @Sendable (CommonLibrary.IAPManager, Profile) -> Bool = { _, _ in`
			`true`
			`}`
			`#endif`
			`}`

			`// MARK: IAPManager`

			`private extension Configuration.IAPManager {`

			`@MainActor`
			`static var helpers: (productHelper: any AppProductHelper, receiptReader: AppReceiptReader) {`
			`guard !Configuration.Environment.isFakeIAP else {`
			`let mockHelper = MockAppProductHelper()`
			`return (mockHelper, mockHelper.receiptReader)`
			`}`
			`let productHelper = StoreKitHelper(`
			`products: AppProduct.all,`
			`inAppIdentifier: {`
			`let prefix = BundleConfiguration.mainString(for: .iapBundlePrefix)`
			`return "\(prefix).\($0.rawValue)"`
			`}`
			`)`
			`let receiptReader = FallbackReceiptReader(`
			`reader: StoreKitReceiptReader(),`
			`localReader: {`
			`KvittoReceiptReader(url: $0)`
			`}`
			`)`
			`return (productHelper, receiptReader)`
			`}`

			`static let productsAtBuild: BuildProducts<AppProduct> = {`
			`#if os(iOS)`
			`if $0 <= 2016 {`
			`return [.Full.iOS]`
			`} else if $0 <= 3000 {`
			`return [.Features.networkSettings]`
			`}`
			`return []`
			`#elseif os(macOS)`
			`if $0 <= 3000 {`
			`return [.Features.networkSettings]`
			`}`
			`return []`
			`#else`
			`return []`
			`#endif`
			`}`
			`}`