From a4c5a3f0ca6b764986fd265f0109937c140a036f Mon Sep 17 00:00:00 2001 From: nessi Date: Tue, 17 Mar 2026 21:24:50 +0100 Subject: [PATCH] feat: add profile sync functionality and redesign desktop client UI Add sync_profile command to fetch latest profile from backend without re-enrollment. Add DeviceView struct to EnrollResponse. Replace hardcoded "just now" timestamp with now_label helper using Unix epoch seconds. Add sync button to UI with loading state. Redesign client interface with top strip containing brand lockup and action buttons, hero surface with profile metadata tiles, body grid with login/status panels and resources sidebar --- desktop-client/src-tauri/src/lib.rs | 85 +++++- desktop-client/src/App.tsx | 243 +++++++++++----- desktop-client/src/styles.css | 338 +++++++++++++++++++---- desktop-client/tunnel-helper/src/main.rs | 58 +++- 4 files changed, 585 insertions(+), 139 deletions(-) diff --git a/desktop-client/src-tauri/src/lib.rs b/desktop-client/src-tauri/src/lib.rs index 90bdd28..27e205b 100644 --- a/desktop-client/src-tauri/src/lib.rs +++ b/desktop-client/src-tauri/src/lib.rs @@ -1,6 +1,6 @@ mod tunnel_manager; -use std::{fs, path::PathBuf, sync::Mutex}; +use std::{fs, path::PathBuf, sync::Mutex, time::{SystemTime, UNIX_EPOCH}}; use base64::{engine::general_purpose::STANDARD, Engine as _}; use rand_core::OsRng; @@ -9,7 +9,7 @@ use serde::{Deserialize, Serialize}; use tauri::{ menu::{MenuBuilder, MenuItemBuilder}, tray::{MouseButton, MouseButtonState, TrayIconBuilder, TrayIconEvent}, - AppHandle, Manager, State, WebviewWindow, WindowEvent, + AppHandle, Manager, State, WebviewWindow, Window, WindowEvent, }; use x25519_dalek::{PublicKey, StaticSecret}; @@ -80,11 +80,17 @@ struct EnrollRequest<'a> { #[derive(Debug, Deserialize)] struct EnrollResponse { + device: DeviceView, peer: PeerView, profile: ProfileView, resources: Vec, } +#[derive(Debug, Deserialize)] +struct DeviceView { + id: String, +} + #[derive(Debug, Deserialize)] struct PeerView { #[serde(rename = "assigned_ip")] @@ -180,7 +186,7 @@ async fn enroll_device( profile_revision: enroll.peer.profile_revision, gateway_endpoint: enroll.peer.gateway.endpoint, profile_path: profile_path.display().to_string(), - last_sync_time: "just now".into(), + last_sync_time: now_label(), tunnel_strategy: tunnel_manager::current_tunnel_strategy().into(), }; @@ -207,6 +213,65 @@ fn load_state(app: AppHandle, state: State<'_, AppState>) -> Result) -> Result { + let existing = { + let session = state.session.lock().map_err(|_| "Unable to read client state".to_string())?; + session.clone().ok_or_else(|| "No enrolled profile is available yet".to_string())? + }; + + let client = Client::builder() + .use_rustls_tls() + .build() + .map_err(|err| err.to_string())?; + + let response = client + .get(format!("{}/api/v1/me/profile", existing.server_url.trim_end_matches('/'))) + .bearer_auth(&existing.access_token) + .send() + .await + .map_err(|err| format!("Profile sync failed: {}", err))?; + + if !response.status().is_success() { + let status = response.status(); + let body = response + .text() + .await + .unwrap_or_else(|_| "".into()); + return Err(format!("Profile sync failed with status {}: {}", status, body)); + } + + let enroll = response + .json::() + .await + .map_err(|err| format!("Unable to decode profile sync response: {}", err))?; + + let profile_path = write_profile(&app, &enroll.profile.content)?; + let result = EnrollmentResult { + assigned_ip: enroll.peer.assigned_ip, + resources: enroll.resources.into_iter().map(|resource| resource.value).collect(), + profile_revision: enroll.peer.profile_revision, + gateway_endpoint: enroll.peer.gateway.endpoint, + profile_path: profile_path.display().to_string(), + last_sync_time: now_label(), + tunnel_strategy: tunnel_manager::current_tunnel_strategy().into(), + }; + + let session_state = SessionState { + access_token: existing.access_token, + refresh_token: existing.refresh_token, + server_url: existing.server_url, + profile_path: result.profile_path.clone(), + enrollment: result.clone(), + }; + + write_session_state(&app, &session_state)?; + let mut session = state.session.lock().map_err(|_| "Unable to store client state".to_string())?; + *session = Some(session_state); + + Ok(result) +} + #[tauri::command] fn connect_tunnel(app: AppHandle, state: State<'_, AppState>) -> Result<(), String> { let session = state.session.lock().map_err(|_| "Unable to read client state".to_string())?; @@ -230,6 +295,14 @@ fn generate_keypair() -> (String, String) { ) } +fn now_label() -> String { + let seconds = SystemTime::now() + .duration_since(UNIX_EPOCH) + .map(|duration| duration.as_secs()) + .unwrap_or(0); + format!("synced at {}", seconds) +} + fn build_fingerprint(server_url: &str, username: &str, public_key: &str) -> String { format!("nexavpn:{}:{}:{}", server_url, username, public_key) } @@ -268,13 +341,13 @@ fn ensure_app_dir(app: &AppHandle) -> Result { Ok(dir) } -fn restore_main_window(window: &WebviewWindow) { +fn restore_main_window(window: &Window) { let _ = window.show(); let _ = window.unminimize(); let _ = window.set_focus(); } -fn hide_main_window(window: &WebviewWindow) { +fn hide_main_window(window: &Window) { let _ = window.hide(); } @@ -335,7 +408,7 @@ pub fn run() { } _ => {} }) - .invoke_handler(tauri::generate_handler![load_state, enroll_device, connect_tunnel, disconnect_tunnel]) + .invoke_handler(tauri::generate_handler![load_state, enroll_device, sync_profile, connect_tunnel, disconnect_tunnel]) .run(tauri::generate_context!()) .expect("error while running tauri application"); } diff --git a/desktop-client/src/App.tsx b/desktop-client/src/App.tsx index de93e8a..cdc58b2 100644 --- a/desktop-client/src/App.tsx +++ b/desktop-client/src/App.tsx @@ -1,4 +1,4 @@ -import { FormEvent, useEffect, useState } from "react"; +import { FormEvent, useEffect, useMemo, useState } from "react"; import { invoke } from "@tauri-apps/api/core"; type EnrollmentState = { @@ -23,11 +23,28 @@ function formatInvokeError(err: unknown, fallback: string) { return fallback; } +function currentProfileLabel(state: EnrollmentState | null) { + if (!state) { + return "No profile provisioned"; + } + + if (state.resources.includes("0.0.0.0/0")) { + return "Full tunnel"; + } + + if (state.resources.length === 1) { + return "Single resource access"; + } + + return `Split tunnel (${state.resources.length} resources)`; +} + export function App() { const [serverUrl, setServerUrl] = useState("http://localhost"); const [username, setUsername] = useState(""); const [password, setPassword] = useState(""); const [loading, setLoading] = useState(false); + const [syncing, setSyncing] = useState(false); const [error, setError] = useState(null); const [connected, setConnected] = useState(false); const [state, setState] = useState(null); @@ -42,6 +59,8 @@ export function App() { .catch(() => undefined); }, []); + const profileLabel = useMemo(() => currentProfileLabel(state), [state]); + async function onSubmit(event: FormEvent) { event.preventDefault(); setLoading(true); @@ -59,6 +78,20 @@ export function App() { } } + async function onSyncProfile() { + setSyncing(true); + setError(null); + + try { + const result = await invoke("sync_profile"); + setState(result); + } catch (err) { + setError(formatInvokeError(err, "Profile sync failed")); + } finally { + setSyncing(false); + } + } + async function toggleConnection() { const command = connected ? "disconnect_tunnel" : "connect_tunnel"; try { @@ -72,81 +105,161 @@ export function App() { return (
-
-

NexaVPN

-

Private access without manual WireGuard setup.

-

- Enter your VPN address, username, and password. NexaVPN provisions and stores the profile for you. -

-
+
+
+
+ NexaVPN +
+

NexaVPN

+

Desktop Access Client

+

Provisioned WireGuard access with profile sync and one-click reconnect.

+
+
+
+ {state ? ( + + ) : null} + +
+
- {!state ? ( -
- - - - {error ?
{error}
: null} - -
- ) : ( -
-
-
-

Connection

-

{connected ? "Connected" : "Disconnected"}

-
- +
+
+

Managed Tunnel

+

Private access with fewer moving parts.

+

+ NexaVPN signs you in, enrolls the device, stores the WireGuard profile locally, and lets you resync the + assigned access profile after policy changes. +

-
-
- Assigned VPN IP - {state.assignedIp} +
+
+ Current profile + {profileLabel}
-
- Gateway - {state.gatewayEndpoint} -
-
- Profile revision - {state.profileRevision} -
-
- Last sync - {state.lastSyncTime} +
+ Last sync + {state?.lastSyncTime ?? "Not synced yet"}
-
-
- Profile path - {state.profilePath} +
+ +
+ {!state ? ( +
+
+
+

Onboarding

+

Sign in and provision this device

+
+
+
+ + + + {error ?
{error}
: null} +
+ +
+
+
+ ) : ( +
+
+
+

Connection

+

{connected ? "Connected" : "Disconnected"}

+
+ + {connected ? "Tunnel active" : "Ready to connect"} +
+
+
+ +
+
+
+

Session

+

Provisioned device state

+
+
+
+
+ Assigned VPN IP + {state.assignedIp} +
+
+ Gateway endpoint + {state.gatewayEndpoint} +
+
+ Profile revision + {state.profileRevision} +
+
+ Last sync + {state.lastSyncTime} +
+
+
+ +
+
+
+

Profile

+

Assigned access profile

+
+
+
+
+ Profile path + {state.profilePath} +
+
+ Tunnel strategy + {state.tunnelStrategy} +
+
+
+ + {error ?
{error}
: null} +
+ )} + +
- {error ?
{error}
: null} -
-

Allowed resources

+

+ The current backend issues one effective profile per device. After policy changes, use Sync + profile to pull the latest assigned access. +

    - {state.resources.map((resource) => ( + {(state?.resources ?? ["No resources assigned yet"]).map((resource) => (
  • {resource}
    • ))}
-
+
- )} +
); } diff --git a/desktop-client/src/styles.css b/desktop-client/src/styles.css index 6c0a8d1..c8ebc81 100644 --- a/desktop-client/src/styles.css +++ b/desktop-client/src/styles.css @@ -1,111 +1,329 @@ :root { - font-family: "Segoe UI", "SF Pro Text", sans-serif; - color: #f5f7fb; + font-family: "Segoe UI", "SF Pro Text", "Helvetica Neue", sans-serif; + color: #eef4ff; background: - radial-gradient(circle at top, rgba(79, 208, 164, 0.18), transparent 25%), - linear-gradient(180deg, #08111f 0%, #0d1727 100%); + radial-gradient(circle at 12% 10%, rgba(50, 196, 167, 0.2), transparent 24%), + radial-gradient(circle at 90% 18%, rgba(89, 133, 255, 0.16), transparent 22%), + linear-gradient(180deg, #07101c 0%, #0c1524 100%); } * { box-sizing: border-box; } +html, +body, +#root { + min-height: 100vh; +} + body { margin: 0; } +button, +input { + font: inherit; +} + .client-shell { min-height: 100vh; + padding: 28px; +} + +.app-frame { + width: min(1120px, 100%); + margin: 0 auto; display: grid; - place-items: center; - gap: 24px; - padding: 32px 20px; + gap: 22px; } -.hero, -.panel { - width: min(560px, 100%); +.top-strip { + display: flex; + align-items: center; + justify-content: space-between; + gap: 16px; } -.hero { - text-align: center; +.brand-lockup { + display: flex; + align-items: center; + gap: 14px; +} + +.brand-lockup img { + width: 54px; + height: 54px; + border-radius: 16px; + box-shadow: 0 18px 48px rgba(0, 0, 0, 0.28); +} + +.brand-copy { + display: grid; + gap: 4px; } .eyebrow { - color: #74e0b8; + margin: 0; + color: #75e3ba; letter-spacing: 0.18em; text-transform: uppercase; - font-size: 0.78rem; + font-size: 0.74rem; } -.lede { - color: #a9b8d3; +.brand-copy h1, +.hero-copy h2, +.status-panel h3 { + margin: 0; } -.panel { +.brand-copy p, +.hero-copy p, +.status-panel p, +.surface-header p, +.detail-card span, +.profile-card span { + margin: 0; + color: #9eb1d1; +} + +.top-actions { + display: flex; + gap: 10px; + flex-wrap: wrap; +} + +.shell-button, +.shell-button-secondary { + border: 0; + border-radius: 999px; + padding: 12px 18px; + font-weight: 700; + cursor: pointer; + transition: 160ms ease; +} + +.shell-button { + background: linear-gradient(135deg, #74e0b8 0%, #1fb67a 100%); + color: #04131a; +} + +.shell-button-secondary { + background: rgba(255, 255, 255, 0.04); + color: #eef4ff; + border: 1px solid rgba(177, 197, 229, 0.16); +} + +.shell-button:disabled, +.shell-button-secondary:disabled { + opacity: 0.58; + cursor: default; +} + +.hero-surface, +.surface, +.status-panel, +.login-panel { + background: rgba(11, 20, 35, 0.78); + border: 1px solid rgba(177, 197, 229, 0.12); + box-shadow: 0 24px 70px rgba(2, 8, 18, 0.32); + backdrop-filter: blur(18px); +} + +.hero-surface { + border-radius: 30px; + padding: 28px; + display: grid; + grid-template-columns: 1.2fr 0.8fr; + gap: 20px; + align-items: center; +} + +.hero-copy { + display: grid; + gap: 14px; +} + +.hero-copy h2 { + font-size: clamp(2rem, 4vw, 3.6rem); + line-height: 1.04; + max-width: 10ch; +} + +.hero-copy p { + max-width: 56ch; + font-size: 1.03rem; + line-height: 1.6; +} + +.hero-meta { + display: grid; + gap: 14px; +} + +.meta-tile { + padding: 18px; + border-radius: 22px; + background: linear-gradient(180deg, rgba(117, 227, 186, 0.08), rgba(117, 227, 186, 0.02)); + border: 1px solid rgba(117, 227, 186, 0.16); +} + +.meta-tile strong { + display: block; + margin-top: 8px; + font-size: 1.1rem; +} + +.body-grid { + display: grid; + grid-template-columns: 1.3fr 0.7fr; + gap: 22px; +} + +.login-panel, +.status-panel { + border-radius: 28px; padding: 24px; - border-radius: 24px; - background: rgba(12, 22, 38, 0.84); - border: 1px solid rgba(167, 185, 219, 0.14); - box-shadow: 0 24px 60px rgba(2, 8, 18, 0.36); - backdrop-filter: blur(16px); + display: grid; + gap: 20px; } -form { +.status-top { + display: flex; + align-items: center; + justify-content: space-between; + gap: 16px; +} + +.status-state { + display: inline-flex; + align-items: center; + gap: 8px; + padding: 8px 12px; + border-radius: 999px; + background: rgba(255, 255, 255, 0.04); + color: #c8d6ee; +} + +.status-dot { + width: 10px; + height: 10px; + border-radius: 999px; + background: #ff8a7d; +} + +.status-dot.online { + background: #74e0b8; +} + +.surface { + border-radius: 24px; + padding: 18px; + display: grid; + gap: 14px; +} + +.surface-header { + display: flex; + align-items: center; + justify-content: space-between; + gap: 12px; +} + +.surface-header h4 { + margin: 0; + font-size: 1rem; +} + +.status-grid, +.profile-grid { + display: grid; + grid-template-columns: repeat(2, minmax(0, 1fr)); + gap: 12px; +} + +.detail-card, +.profile-card { + padding: 14px; + border-radius: 18px; + background: rgba(255, 255, 255, 0.03); + border: 1px solid rgba(177, 197, 229, 0.1); + display: grid; + gap: 6px; +} + +.detail-card strong, +.profile-card strong { + font-size: 1rem; + word-break: break-word; +} + +.resource-list { + margin: 0; + padding: 0; + list-style: none; + display: flex; + flex-wrap: wrap; + gap: 10px; +} + +.resource-list li { + padding: 10px 12px; + border-radius: 999px; + background: rgba(117, 227, 186, 0.08); + border: 1px solid rgba(117, 227, 186, 0.15); + color: #dffaf0; +} + +.login-panel form { display: grid; gap: 16px; } -label { +.login-panel label { display: grid; gap: 8px; color: #c2cfe5; } -input { - border: 1px solid rgba(167, 185, 219, 0.16); - background: rgba(7, 14, 27, 0.85); +.login-panel input { + border: 1px solid rgba(177, 197, 229, 0.16); + background: rgba(7, 14, 27, 0.9); color: #f5f7fb; - border-radius: 14px; - padding: 14px 16px; + border-radius: 16px; + padding: 15px 16px; } -button { - border: 0; - border-radius: 999px; - padding: 13px 18px; - font-weight: 700; - background: linear-gradient(135deg, #74e0b8 0%, #1fb67a 100%); - color: #04141a; -} - -.error { - color: #ffb7b7; -} - -.status { - display: grid; - gap: 18px; -} - -.status-row, -.details { +.login-card-actions { display: flex; - justify-content: space-between; - gap: 16px; + gap: 12px; flex-wrap: wrap; } -.details div { - display: grid; - gap: 6px; +.error { + padding: 12px 14px; + border-radius: 16px; + background: rgba(255, 115, 115, 0.08); + border: 1px solid rgba(255, 115, 115, 0.16); + color: #ffc3c3; + white-space: pre-wrap; } -.details span { - color: #9db0cf; -} +@media (max-width: 960px) { + .hero-surface, + .body-grid { + grid-template-columns: 1fr; + } -.resource-list { - margin: 0; - padding-left: 18px; + .top-strip, + .status-top, + .surface-header { + align-items: flex-start; + flex-direction: column; + } + + .status-grid, + .profile-grid { + grid-template-columns: 1fr; + } } diff --git a/desktop-client/tunnel-helper/src/main.rs b/desktop-client/tunnel-helper/src/main.rs index 318e215..c24a420 100644 --- a/desktop-client/tunnel-helper/src/main.rs +++ b/desktop-client/tunnel-helper/src/main.rs @@ -4,6 +4,12 @@ use std::{ process::{Command, ExitCode}, }; +#[cfg(target_os = "windows")] +use std::os::windows::process::CommandExt; + +#[cfg(target_os = "windows")] +const CREATE_NO_WINDOW: u32 = 0x08000000; + fn main() -> ExitCode { match run() { Ok(()) => ExitCode::SUCCESS, @@ -33,14 +39,16 @@ fn run() -> Result<(), String> { fn connect(profile: &Path) -> Result<(), String> { #[cfg(target_os = "windows")] { + ensure_windows_admin()?; let wireguard = find_windows_wireguard()?; - let status = Command::new(wireguard) + let output = Command::new(wireguard) .arg("/installtunnelservice") .arg(profile) - .status() + .creation_flags(CREATE_NO_WINDOW) + .output() .map_err(|err| format!("unable to launch WireGuard runtime: {err}"))?; - if !status.success() { - return Err(format!("WireGuard runtime connect failed with status {status}")); + if !output.status.success() { + return Err(format_windows_runtime_error("connect", &output)); } return Ok(()); } @@ -66,18 +74,20 @@ fn connect(profile: &Path) -> Result<(), String> { fn disconnect(profile: &Path) -> Result<(), String> { #[cfg(target_os = "windows")] { + ensure_windows_admin()?; let wireguard = find_windows_wireguard()?; let tunnel_name = profile .file_stem() .and_then(|value| value.to_str()) .ok_or_else(|| "invalid profile filename".to_string())?; - let status = Command::new(wireguard) + let output = Command::new(wireguard) .arg("/uninstalltunnelservice") .arg(tunnel_name) - .status() + .creation_flags(CREATE_NO_WINDOW) + .output() .map_err(|err| format!("unable to launch WireGuard runtime: {err}"))?; - if !status.success() { - return Err(format!("WireGuard runtime disconnect failed with status {status}")); + if !output.status.success() { + return Err(format_windows_runtime_error("disconnect", &output)); } return Ok(()); } @@ -112,3 +122,35 @@ fn find_windows_wireguard() -> Result { .find(|path| path.exists()) .ok_or_else(|| "required Windows tunnel runtime is not available".to_string()) } + +#[cfg(target_os = "windows")] +fn ensure_windows_admin() -> Result<(), String> { + let status = Command::new("net") + .arg("session") + .creation_flags(CREATE_NO_WINDOW) + .status() + .map_err(|err| format!("unable to determine Windows privilege level: {err}"))?; + + if status.success() { + return Ok(()); + } + + Err("Administrator rights are required to activate the VPN tunnel on Windows. Start NexaVPN as Administrator for now.".into()) +} + +#[cfg(target_os = "windows")] +fn format_windows_runtime_error(action: &str, output: &std::process::Output) -> String { + let stderr = String::from_utf8_lossy(&output.stderr); + let stdout = String::from_utf8_lossy(&output.stdout); + let details = if !stderr.trim().is_empty() { + stderr.trim() + } else { + stdout.trim() + }; + + if details.is_empty() { + return format!("WireGuard runtime {} failed with status {}", action, output.status); + } + + format!("WireGuard runtime {} failed: {}", action, details) +}