Merge pull request #392 from DefGuard/dev

Merge dev -> main (v1.2.2)

Author: t-aleksander

flake.lock

@@ -0,0 +1,68 @@
+{
+  inputs = {
+    nixpkgs.url = "nixpkgs";
+    flake-utils.url = "github:numtide/flake-utils";
+    rust-overlay.url = "github:oxalica/rust-overlay";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, rust-overlay }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs {
+          inherit system;
+          overlays = [ rust-overlay.overlays.default ];
+        };
+
+      toolchain = pkgs.rust-bin.stable.latest.default.override {
+        extensions = ["rust-analyzer" "rust-src" "rustfmt" "clippy"];
+        targets = ["wasm32-unknown-unknown"];
+      };
+        packages = with pkgs; [
+          cargo
+          cargo-tauri
+          toolchain
+          rust-analyzer-unwrapped
+          nodejs_18
+          nodePackages.pnpm
+          trunk
+        ];
+        nativeBuildPackages = with pkgs; [
+          pkg-config
+          dbus
+          openssl
+          glib
+          gtk3
+          libsoup
+          webkitgtk_4_0
+          librsvg
+          protobuf
+          libayatana-appindicator
+        ];
+        libraries = with pkgs; [
+          gtk3
+          cairo
+          gdk-pixbuf
+          glib
+          dbus
+          openssl
+          librsvg
+          libsoup_3
+          webkitgtk_4_0
+          libayatana-appindicator
+        ];
+      in {
+        devShells.default = pkgs.mkShell {
+          buildInputs = packages;
+          nativeBuildInputs = nativeBuildPackages;
+          shellHook = with pkgs; ''
+            export LD_LIBRARY_PATH="${
+              lib.makeLibraryPath libraries
+            }:$LD_LIBRARY_PATH"
+            export OPENSSL_INCLUDE_DIR="${openssl.dev}/include/openssl"
+            export OPENSSL_LIB_DIR="${openssl.out}/lib"
+            export OPENSSL_ROOT_DIR="${openssl.out}"
+            export RUST_SRC_PATH="${toolchain}/lib/rustlib/src/rust/library"
+          '';
+        };
+      });
+}

flake.nix

@@ -1,7 +1,7 @@
 {
   "name": "defguard-client",
   "private": false,
-  "version": "1.2.1",
+  "version": "1.2.2",
   "type": "module",
   "scripts": {
     "dev": "npm-run-all --parallel vite typesafe-i18n",

package.json

@@ -11,7 +11,7 @@ edition = "2021"
 homepage = "https://github.com/DefGuard/client"
 license-file = "../LICENSE.md"
 rust-version = "1.80"
-version = "1.2.1"
+version = "1.2.2"
 
 [package]
 name = "defguard-client"

src-tauri/Cargo.lock

@@ -134,17 +134,28 @@ pub async fn verify_active_connections(app_handle: AppHandle) {
                                 latest_stat.collected_at,
                                 peer_alive_period,
                             ) {
-                                // Check if there was any traffic since the connection was established.
-                                // If not, consider the location dead and disconnect it later without reconnecting.
+                                // Check if there was any traffic since the connection was established
+                                // If not and the connection was established longer than the peer_alive_period,
+                                // consider the location dead and disconnect it later without reconnecting.
+                                let time_since_connection = Utc::now() - con.start.and_utc();
                                 if latest_stat.collected_at < con.start {
-                                    debug!(
-                                        "There wasn't any activity for Location {} since its \
-                                        connection at {}; considering it being dead and possibly \
-                                        broken. It will be disconnected without a further automatic \
-                                        reconnect.",
-                                        con.location_id, con.start
-                                    );
-                                    locations_to_disconnect.push((con.location_id, false));
+                                    if time_since_connection > peer_alive_period {
+                                        debug!(
+                                          "There wasn't any activity for Location {} since its \
+                                          connection at {}; considering it being dead and possibly \
+                                          broken. It will be terminated without a further automatic \
+                                          reconnect.",
+                                          con.location_id, con.start
+                                        );
+                                        locations_to_disconnect.push((con.location_id, false));
+                                    } else {
+                                        debug!(
+                                          "There wasn't any activity for Location {} since its \
+                                          connection at {}; The amount of time passed since the connection \
+                                          is {time_since_connection}, the connection will be terminated when it reaches \
+                                          {peer_alive_period}", 
+                                        con.location_id, con.start);
+                                    }
                                 } else {
                                     debug!(
                                         "There wasn't any activity for Location {} for the last \

src-tauri/Cargo.toml

@@ -842,8 +842,8 @@ async fn check_connection(
 ) -> Result<(), Error> {
     let appstate = app_handle.state::<AppState>();
     let interface_name = get_interface_name(name);
-    let service_name = format!("WireGuardTunnel${}", name);
-    let service = match service_manager.open_service(&service_name, ServiceAccess::QUERY_CONFIG) {
+    let service_name = format!("WireGuardTunnel${}", interface_name);
+    let service = match service_manager.open_service(&service_name, ServiceAccess::QUERY_STATUS) {
         Ok(service) => service,
         Err(windows_service::Error::Winapi(err))
             if err.raw_os_error() == Some(ERROR_SERVICE_DOES_NOT_EXIST as i32) =>

src-tauri/src/periodic/connection.rs

@@ -8,7 +8,7 @@
   },
   "package": {
     "productName": "defguard-client",
-    "version": "1.2.1"
+    "version": "1.2.2"
   },
   "tauri": {
     "systemTray": {

src-tauri/src/utils.rs

@@ -54,6 +54,7 @@ const en = {
         'Configuration for instance {instance: string} has changed. Disconnect from all locations to apply changes.',
       deadConDropped:
         'Detected that the {con_type: string} {interface_name: string} has disconnected, trying to reconnect...',
+      noCookie: 'No defguard_proxy set-cookie received',
     },
   },
   components: {

src-tauri/tauri.conf.json

@@ -165,6 +165,10 @@ type RootTranslation = {
 			 * @param {string} interface_name
 			 */
 			deadConDropped: RequiredParams<'con_type' | 'interface_name'>
+			/**
+			 * N​o​ ​d​e​f​g​u​a​r​d​_​p​r​o​x​y​ ​s​e​t​-​c​o​o​k​i​e​ ​r​e​c​e​i​v​e​d
+			 */
+			noCookie: string
 		}
 	}
 	components: {
@@ -1762,6 +1766,10 @@ export type TranslationFunctions = {
 			 * Detected that the {con_type} {interface_name} has disconnected, trying to reconnect...
 			 */
 			deadConDropped: (arg: { con_type: string, interface_name: string }) => LocalizedString
+			/**
+			 * No defguard_proxy set-cookie received
+			 */
+			noCookie: () => LocalizedString
 		}
 	}
 	components: {

src/i18n/en/index.ts

@@ -102,7 +102,6 @@ export const AddInstanceInitForm = ({ nextStep }: Props) => {
       body: Body.json(data),
     })
       .then(async (res: Response<EnrollmentStartResponse | EnrollmentError>) => {
-        const authCookie = res.headers['set-cookie'];
         if (!res.ok) {
           setIsLoading(false);
           error(JSON.stringify(res.data));
@@ -122,6 +121,24 @@ export const AddInstanceInitForm = ({ nextStep }: Props) => {
             }
           }
         }
+        // There may be other set-cookies, set by e.g. a proxy
+        // Get only the defguard_proxy cookie
+        const authCookie = res.rawHeaders['set-cookie'].find((cookie) =>
+          cookie.startsWith('defguard_proxy='),
+        );
+        if (!authCookie) {
+          setIsLoading(false);
+          error(
+            LL.common.messages.errorWithMessage({
+              message: LL.common.messages.noCookie(),
+            }),
+          );
+          throw Error(
+            LL.common.messages.errorWithMessage({
+              message: LL.common.messages.noCookie(),
+            }),
+          );
+        }
         debug('Response received with status OK');
         const r = res.data as EnrollmentStartResponse;
         // get client registered instances

src/i18n/i18n-types.ts

@@ -108,7 +108,17 @@ export const UpdateInstanceModalForm = () => {
       proxy_api_url = proxy_api_url + '/api/v1';
       const instance = clientInstances.find((i) => i.uuid === enrollmentData.instance.id);
       if (instance) {
-        const authCookie = res.headers['set-cookie'];
+        const authCookie = res.rawHeaders['set-cookie'].find((cookie) =>
+          cookie.startsWith('defguard_proxy='),
+        );
+        if (!authCookie) {
+          toaster.error(
+            LL.common.messages.errorWithMessage({
+              message: LL.common.messages.noCookie(),
+            }),
+          );
+          return;
+        }
         headers['Cookie'] = authCookie;
         const instanceInfoResponse = await fetch<CreateDeviceResponse>(
           `${proxy_api_url}/enrollment/network_info`,