Verify tunnel profile periodically (#1047)

Eligibility may have changed during connection. Repeat verification every 10 minutes.
2025-02-01 21:42:10 +00:00 · 2024-12-31 00:48:54 +01:00 · 2024-12-31 00:48:54 +01:00 · fabb4c664c
commit fabb4c664c
parent 34495e88f1
3 changed files with 18 additions and 4 deletions
--- a/Library/Sources/CommonLibrary/Domain/Constants.swift
+++ b/Library/Sources/CommonLibrary/Domain/Constants.swift
@ -101,6 +101,8 @@ public struct Constants: Decodable, Sendable {
        public let refreshInterval: TimeInterval

        public let betaReceiptPath: String
+
+        public let eligibilityCheckInterval: TimeInterval
    }

    public struct API: Decodable, Sendable {
--- a/Library/Sources/CommonLibrary/Resources/Constants.json
+++ b/Library/Sources/CommonLibrary/Resources/Constants.json
@ -26,7 +26,8 @@
    "tunnel": {
        "profileTitleFormat": "Passepartout: %@",
        "refreshInterval": 3.0,
-        "betaReceiptPath": "beta-receipt"
+        "betaReceiptPath": "beta-receipt",
+        "eligibilityCheckInterval": 600.0
    },
    "api": {
        "timeoutInterval": 5.0
--- a/Passepartout/Tunnel/PacketTunnelProvider.swift
+++ b/Passepartout/Tunnel/PacketTunnelProvider.swift
@ -89,17 +89,28 @@ final class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {

 // MARK: - Eligibility

-@MainActor
 private extension PacketTunnelProvider {
    func checkEligibility(of profile: Profile, environment: TunnelEnvironment) async throws {
-        await context.iapManager.reloadReceipt()
        do {
-            try context.iapManager.verify(profile)
+            pp_log(.app, .info, "Verify profile")
+            await context.iapManager.reloadReceipt()
+            try await context.iapManager.verify(profile)
        } catch {
            let error = PassepartoutError(.App.ineligibleProfile)
            environment.setEnvironmentValue(error.code, forKey: TunnelEnvironmentKeys.lastErrorCode)
            pp_log(.app, .fault, "Verification failed for profile \(profile.id), shutting down: \(error)")
            throw error
        }
+
+        Task {
+            let interval = Constants.shared.tunnel.eligibilityCheckInterval
+            pp_log(.app, .info, "Will verify profile again in \(interval) seconds...")
+            try await Task.sleep(interval: interval)
+            do {
+                try await checkEligibility(of: profile, environment: environment)
+            } catch {
+                cancelTunnelWithError(error)
+            }
+        }
    }
 }