First, rename `force` parameter of ProfileManager.save() to `isLocal`,
because it's meant to be used when saving local profiles. In such
scenario, a profile that is also remotely shared _must_ be re-saved to
the remote repository.
This was not being done when selecting a provider server, and it could
be noticed because the other devices would only receive the iCloud
update after editing the profile and re-doing a manual "Save". Only at
that point would the new profile be re-shared on iCloud.
With some housekeeping.
Bugfixing:
- Do NOT skip empty remote profiles, allow removal when mirroring
- Look up profile in all profiles, not just filtered
- Posptone non-included profile removal
Refactoring:
- Rename ProfileProcessor to InAppProcessor
- Provides ProfileProcessor + TunnelProcessor protocols
- willSave -> willRebuild (because not always called on save)
- Notify ProfileManager import events
If the profile is ineligible for features other than .interactiveLogin,
the interactive prompt would still be presented, but the user would hit
the paywall right afterwards.
StoreKit ProductView performs the purchases internally without calling
IAPManager.purchase(), which causes the IAPManager state to be
momentarily outdated.
Leverage PaywallView.onComplete() to reload the receipt and eventually
trigger IAPManager.objectWillChange, so that the app is immediately
unlocked on a successful purchase.
Visually clarify that a profile requires a purchase to be enabled.
- Implement AppFeatureRequiring in Profile
- Refactor IAPManager.verify() accordingly
- Pre-compute required features in ProfileManager via ProfileProcessor
- Allow unrestricted save, but show PurchaseRequiredButton
- Warn however about paid features (FIXME)
- Redesign features in paywall
- Strip already eligible features from paywall
- List required features in restricted alert
- Localize feature descriptions
- Review propagation of paywall modifiers/reasons
Extra:
- Move more domain entities from UILibrary to CommonLibrary
- Default on-demand policy to .any (free feature)
- Fix modals not reappearing after closing with gesture
- Extend UILibrary start-up assertions
Optimize ProfileManager in several ways:
- Refine control over objectWillChange
- Observe search separately
- Store subscriptions separately (local, remote, search)
- Fix multiple local updates on save/remove/foreground (updating
allProfiles manually)
- Update the library with more optimized NE reloads
- Cancel pending remote import before a new one
- Yield 100ms between imports
- Reorganize code
Extras:
- Only use background context in provider repositories
- Externalize tunnel receipt URL, do not hardcode BundleConfiguration
- Improve some logging
Self-reminder: NEVER use a Core Data background context to observe
changes in CloudKit containers. They just won't be notified (e.g. in
NSFetchedResultsController).
Fixes#857
- Drop the .importing / .imported steps
- Animate rows re-sorting during process
- Rephrase some strings better
- Test fake migration with launch argument
Finalize migration flow:
- Add entry to "Add" menu
- Suggest to migrate old profiles when there are no profiles
- Add informational message
- Keep included profiles on top
- Allow deletion of migratable profiles
- Fix duplicated Form in preview
- Rename views and models
Improve some Theme modifiers:
- Empty message with full screen option
- Progress modifier with custom view
- Confirmation dialog with custom message
For some reason, Table doesn't seem to inherit the environment in some
cases. Reapply environment to each TableColumn (only Theme is required).
Work around what clearly seems to be a SwiftUI bug.
Fixes#872
- Define separate IAPManager instances for app and tunnel (different
receipt URLs)
- Copy app receipt URL over to tunnel before install/connect
- Use AppTransaction to get original build number so that
FallbackReceiptReader is also much simpler now
Fixes#869
Otherwise, it would never import remote profiles w/o a fingerprint.
Scenarios (must test in #570):
- No local profile → Import
- Local profile has no fingerprint → Import
- Local profile has fingerprint
- Remote profile has no fingerprint → Skip
- Remote profile has same fingerprint → Skip
- Remote profile has different fingerprint → Import
The Library package offers the PassepartoutImplementations target for
OpenVPN/OpenSSL and WireGuard/Go, but it doesn't need it itself. Only
the main app does, so move the dependency there.
On the other side, drop the potentially problematic AppUI meta target.
Move platform filters to the Xcode project.
Indirectly fixes a crash with Xcode 16 Previews on iOS (forced to use
legacy previews before):
https://forums.developer.apple.com/forums/thread/756681
- Address further restrictions on actor-isolation by using `nonisolated`
on:
- Combine subjects
- Core Data context/controller
- Blocks
- In previews using inline `@State`, create a custom view instead
- Use `@retroactive` in l10n extensions
- Fix compile error in WireGuardKit
Move Core Data tests out of the Library package so that we can still use
the more efficient `swift test` for most tests.
Create a PassepartoutTests target only for tests that require
`xcodebuild`, like Core Data tests.
Eventually:
- PRs only run SwiftPM tests
- Releases run ALL tests with `scan` before `gym`
- Do not observe tunnel in grid/list
- Only observe .$currentProfile for grid selection
- Move row tunnel updates to MarkerView
- Debug InstalledProfileView
Regression in #839 due to how NSFetchedResultsController was refactored.
Duplicated entities were not excluded from mapping.
Could "crash" the app with these easy steps:
- Pick a profile
- Unshare the profile on iOS
- Unshare the profile on macOS
- Re-share the profile on iCloud on both iOS and macOS
- Save the profile simultaneously on iOS/macOS
- Assertion failure due to duplicates in
ProfileManager.reloadRemoteProfiles() → "Remote repository must not have
duplicates"
Loading remote profiles before local profiles may cause duplicated NE
managers. This happened because if local profiles are empty, any remote
profile is imported regardless of their former existence in the local
store. The importer just doesn't know.
Therefore, revisit the sequence of AppContext registrations:
- First off
- Skip Tunnel prepare() because NEProfileRepository.fetch() does it
already
- NE is both Tunnel and ProfileRepository, so calling tunnel.prepare()
loads local NE profiles twice
- onLaunch() - **run this once and before anything else**
- Read local profiles
- Reload in-app receipt
- Observe in-app eligibility → Triggers onEligibleFeatures()
- Observe profile save → Triggers onSaveProfile()
- Fetch providers index
- onForeground()
- Read local profiles
- Read remote profiles, and toggle CloudKit sync based on eligibility
- onEligibleFeatures()
- Read remote profiles, and toggle CloudKit sync based on eligibility
- onSaveProfile()
- Reconnect if necessary
1. ThemeProgressViewModifier to replace content with a progress view
while a condition is active
2. ThemeEmptyContentModifier to replace content with a message if an
empty condition is met
3. Replace .opacity(bool ? 1.0 : 0.0) with .opaque(bool)
Reuse:
- 1 in PaywallView and DonateView
- 2 in ProfileContainerView
Restore .sharing feature:
- Merge "Apple TV" into "iCloud" section
- "Enabled", disabled if ineligible for .sharing
- "Apple TV", disabled if ineligible for .appleTV || !isShared
- Footer about TV restrictions
Paywalls:
- "Share on iCloud" if ineligible for .sharing
- "Drop TV restriction" if eligible for .sharing but not for .appleTV
- Applies to full version products (user level 2)
- Suggest Apple TV product
Restrictions:
- Toggle CloudKit sync on remote repository based on .sharing
eligibility
- Do not start tunnel on Apple TV if ineligible for .appleTV
Fixes:
- Incorrect zip() publishers in remote repository
- Resolve duplicates in Core Data, first profile wins sorted by
lastUpdate descending
- Reload receipt on OOB IAPManager events
Move the following dependencies:
- OpenVPN/OpenSSL
- WireGuard/Go
up the chain until the main App/Tunnel targets, so that UILibrary and
CommonLibrary can abstract from these unnecessary details. Instead, give
module views access to generic implementations via Registry.
Incidentally, this fixes an issue preventing TV previews from working
due to OpenSSL linkage.
- Use StoreKit views when available
- Offer one-time purchase
- Recurring subscriptions for all features
- Restore purchases
Remove .siri (Shortcuts), now free.
Closes#819Closes#469
Do not delete CloudKit zone. Instead, delete Core Data entities and let
sync do the rest. It's also a "more standard" approach.
Deleting the zone right after the entities legitimately makes deletion
ineffective, because it probably spoils sync.
The condition came from v2, but the flow was different. Drop the
condition because it would always fail in TestFlight for macOS, where
sandbox and release receipts have the same URL.
- Centralize context initialization/refresh in platform-specific app
delegates
- Prevent multiple calls to .onApplicationActive()
- Simplify local/remote profile fingerprint comparison
- Revert to always replacing Core Data entities
- The remote store somehow ended up having duplicates, which caused
repeated imports of remote profiles due to randomly different
fingerprints
- Optimize reload of in-app receipt
Refactoring:
- Get receipts from StoreKit Transaction.currentEntitlements
- Search for the originally purchased build in the local receipt anyway
(Kvitto)
- Fall back to release receipt (Kvitto), if any, for feature eligibility
in TestFlight builds
- Parse and verify expiration date in subscriptions
- Decouple in-app identifier composition from BundleConfiguration
- Fix user level features only applied when a receipt was not found
Testing:
- Add StoreKit configuration
- Fake purchases with PP_FAKE_IAP
- Fake user level with PP_USER_LEVEL
Then for reactive receipt reload, detect app activation differently:
- iOS/tvOS on .scenePhase
- macOS on launch and NSWorkspace.didActivateApplicationNotification
As to features:
- Credit former "Full version" purchasers with all current AND future
features, except the Apple TV
Revisit the use of informational footers in forms because:
- iOS uses Section footers
- macOS uses a secondary label below the main row label
Therefore:
- Add .themeRow() modifier to accomplish macOS behavior
- iOS: leave .themeSection() as is, and add a dummy .themeRow() that
does nothing
- macOS: make footer ineffective in .themeSection(), but add .themeRow()
modifiers to move footers to rows
Based on in-app eligibility, expire TV profiles after 10 minutes.
Refactor/redesign general sections and offer .sharing feature for free,
it makes it simpler to focus on Apple TV product.