nessi/NexaVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add profile sync functionality and redesign desktop client UI

Browse Source 
Add sync_profile command to fetch latest profile from backend without re-enrollment. Add DeviceView struct to EnrollResponse. Replace hardcoded "just now" timestamp with now_label helper using Unix epoch seconds. Add sync button to UI with loading state. Redesign client interface with top strip containing brand lockup and action buttons, hero surface with profile metadata tiles, body grid with login/status panels and resources sidebar
This commit is contained in:
Sascha Nesterovic
2026-03-17 21:24:50 +01:00
parent 72c5bb6f55
commit a4c5a3f0ca
4 changed files with 585 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
desktop-client/src-tauri/src/lib.rs
View File

@@ -1,6 +1,6 @@
mod tunnel_manager;
use std::{fs, path::PathBuf, sync::Mutex};
use std::{fs, path::PathBuf, sync::Mutex, time::{SystemTime, UNIX_EPOCH}};
use base64::{engine::general_purpose::STANDARD, Engine as _};
use rand_core::OsRng;
@@ -9,7 +9,7 @@ use serde::{Deserialize, Serialize};
use tauri::{
menu::{MenuBuilder, MenuItemBuilder},
tray::{MouseButton, MouseButtonState, TrayIconBuilder, TrayIconEvent},
AppHandle, Manager, State, WebviewWindow, WindowEvent,
AppHandle, Manager, State, WebviewWindow, Window, WindowEvent,
};
use x25519_dalek::{PublicKey, StaticSecret};
@@ -80,11 +80,17 @@ struct EnrollRequest<'a> {
#[derive(Debug, Deserialize)]
struct EnrollResponse {
device: DeviceView,
peer: PeerView,
profile: ProfileView,
resources: Vec<ResourceView>,
}
#[derive(Debug, Deserialize)]
struct DeviceView {
id: String,
}
#[derive(Debug, Deserialize)]
struct PeerView {
#[serde(rename = "assigned_ip")]
@@ -180,7 +186,7 @@ async fn enroll_device(
profile_revision: enroll.peer.profile_revision,
gateway_endpoint: enroll.peer.gateway.endpoint,
profile_path: profile_path.display().to_string(),
last_sync_time: "just now".into(),
last_sync_time: now_label(),
tunnel_strategy: tunnel_manager::current_tunnel_strategy().into(),
};
@@ -207,6 +213,65 @@ fn load_state(app: AppHandle, state: State<'_, AppState>) -> Result<Option<Enrol
Ok(loaded.map(|value| value.enrollment))
}
#[tauri::command]
async fn sync_profile(app: AppHandle, state: State<'_, AppState>) -> Result<EnrollmentResult, String> {
let existing = {
let session = state.session.lock().map_err(|_| "Unable to read client state".to_string())?;
session.clone().ok_or_else(|| "No enrolled profile is available yet".to_string())?
};
let client = Client::builder()
.use_rustls_tls()
.build()
.map_err(|err| err.to_string())?;
let response = client
.get(format!("{}/api/v1/me/profile", existing.server_url.trim_end_matches('/')))
.bearer_auth(&existing.access_token)
.send()
.await
.map_err(|err| format!("Profile sync failed: {}", err))?;
if !response.status().is_success() {
let status = response.status();
let body = response
.text()
.await
.unwrap_or_else(|_| "<unable to read response body>".into());
return Err(format!("Profile sync failed with status {}: {}", status, body));
}
let enroll = response
.json::<EnrollResponse>()
.await
.map_err(|err| format!("Unable to decode profile sync response: {}", err))?;
let profile_path = write_profile(&app, &enroll.profile.content)?;
let result = EnrollmentResult {
assigned_ip: enroll.peer.assigned_ip,
resources: enroll.resources.into_iter().map(|resource| resource.value).collect(),
profile_revision: enroll.peer.profile_revision,
gateway_endpoint: enroll.peer.gateway.endpoint,
profile_path: profile_path.display().to_string(),
last_sync_time: now_label(),
tunnel_strategy: tunnel_manager::current_tunnel_strategy().into(),
};
let session_state = SessionState {
access_token: existing.access_token,
refresh_token: existing.refresh_token,
server_url: existing.server_url,
profile_path: result.profile_path.clone(),
enrollment: result.clone(),
};
write_session_state(&app, &session_state)?;
let mut session = state.session.lock().map_err(|_| "Unable to store client state".to_string())?;
*session = Some(session_state);
Ok(result)
}
#[tauri::command]
fn connect_tunnel(app: AppHandle, state: State<'_, AppState>) -> Result<(), String> {
let session = state.session.lock().map_err(|_| "Unable to read client state".to_string())?;
@@ -230,6 +295,14 @@ fn generate_keypair() -> (String, String) {
)
}
fn now_label() -> String {
let seconds = SystemTime::now()
.duration_since(UNIX_EPOCH)
.map(|duration| duration.as_secs())
.unwrap_or(0);
format!("synced at {}", seconds)
}
fn build_fingerprint(server_url: &str, username: &str, public_key: &str) -> String {
format!("nexavpn:{}:{}:{}", server_url, username, public_key)
}
@@ -268,13 +341,13 @@ fn ensure_app_dir(app: &AppHandle) -> Result<PathBuf, String> {
Ok(dir)
}
fn restore_main_window(window: &WebviewWindow) {
fn restore_main_window(window: &Window) {
let _ = window.show();
let _ = window.unminimize();
let _ = window.set_focus();
}
fn hide_main_window(window: &WebviewWindow) {
fn hide_main_window(window: &Window) {
let _ = window.hide();
}
@@ -335,7 +408,7 @@ pub fn run() {
}
_ => {}
})
.invoke_handler(tauri::generate_handler![load_state, enroll_device, connect_tunnel, disconnect_tunnel])
.invoke_handler(tauri::generate_handler![load_state, enroll_device, sync_profile, connect_tunnel, disconnect_tunnel])
.run(tauri::generate_context!())
.expect("error while running tauri application");
}

157
desktop-client/src/App.tsx
View File

@@ -1,4 +1,4 @@
import { FormEvent, useEffect, useState } from "react";
import { FormEvent, useEffect, useMemo, useState } from "react";
import { invoke } from "@tauri-apps/api/core";
type EnrollmentState = {
@@ -23,11 +23,28 @@ function formatInvokeError(err: unknown, fallback: string) {
return fallback;
}
function currentProfileLabel(state: EnrollmentState | null) {
if (!state) {
return "No profile provisioned";
}
if (state.resources.includes("0.0.0.0/0")) {
return "Full tunnel";
}
if (state.resources.length === 1) {
return "Single resource access";
}
return `Split tunnel (${state.resources.length} resources)`;
}
export function App() {
const [serverUrl, setServerUrl] = useState("http://localhost");
const [username, setUsername] = useState("");
const [password, setPassword] = useState("");
const [loading, setLoading] = useState(false);
const [syncing, setSyncing] = useState(false);
const [error, setError] = useState<string | null>(null);
const [connected, setConnected] = useState(false);
const [state, setState] = useState<EnrollmentState | null>(null);
@@ -42,6 +59,8 @@ export function App() {
.catch(() => undefined);
}, []);
const profileLabel = useMemo(() => currentProfileLabel(state), [state]);
async function onSubmit(event: FormEvent) {
event.preventDefault();
setLoading(true);
@@ -59,6 +78,20 @@ export function App() {
}
}
async function onSyncProfile() {
setSyncing(true);
setError(null);
try {
const result = await invoke<EnrollmentState>("sync_profile");
setState(result);
} catch (err) {
setError(formatInvokeError(err, "Profile sync failed"));
} finally {
setSyncing(false);
}
}
async function toggleConnection() {
const command = connected ? "disconnect_tunnel" : "connect_tunnel";
try {
@@ -72,16 +105,59 @@ export function App() {
return (
<div className="client-shell">
<div className="hero">
<div className="app-frame">
<div className="top-strip">
<div className="brand-lockup">
<img src="/icon.png" alt="NexaVPN" />
<div className="brand-copy">
<p className="eyebrow">NexaVPN</p>
<h1>Private access without manual WireGuard setup.</h1>
<p className="lede">
Enter your VPN address, username, and password. NexaVPN provisions and stores the profile for you.
</p>
<h1>Desktop Access Client</h1>
<p>Provisioned WireGuard access with profile sync and one-click reconnect.</p>
</div>
</div>
<div className="top-actions">
{state ? (
<button className="shell-button-secondary" disabled={syncing} onClick={onSyncProfile} type="button">
{syncing ? "Syncing..." : "Sync profile"}
</button>
) : null}
<button className="shell-button" disabled={!state} onClick={toggleConnection} type="button">
{!state ? "Provision first" : connected ? "Disconnect" : "Connect"}
</button>
</div>
</div>
<section className="hero-surface">
<div className="hero-copy">
<p className="eyebrow">Managed Tunnel</p>
<h2>Private access with fewer moving parts.</h2>
<p>
NexaVPN signs you in, enrolls the device, stores the WireGuard profile locally, and lets you resync the
assigned access profile after policy changes.
</p>
</div>
<div className="hero-meta">
<div className="meta-tile">
<span className="eyebrow">Current profile</span>
<strong>{profileLabel}</strong>
</div>
<div className="meta-tile">
<span className="eyebrow">Last sync</span>
<strong>{state?.lastSyncTime ?? "Not synced yet"}</strong>
</div>
</div>
</section>
<div className="body-grid">
{!state ? (
<form className="panel" onSubmit={onSubmit}>
<section className="login-panel">
<div className="surface-header">
<div>
<p className="eyebrow">Onboarding</p>
<h3>Sign in and provision this device</h3>
</div>
</div>
<form onSubmit={onSubmit}>
<label>
VPN server address
<input value={serverUrl} onChange={(event) => setServerUrl(event.target.value)} />
@@ -95,58 +171,95 @@ export function App() {
<input type="password" value={password} onChange={(event) => setPassword(event.target.value)} />
</label>
{error ? <div className="error">{error}</div> : null}
<button disabled={loading} type="submit">
<div className="login-card-actions">
<button className="shell-button" disabled={loading} type="submit">
{loading ? "Provisioning..." : "Sign in"}
</button>
</div>
</form>
</section>
) : (
<div className="panel status">
<div className="status-row">
<section className="status-panel">
<div className="status-top">
<div>
<p className="eyebrow">Connection</p>
<h2>{connected ? "Connected" : "Disconnected"}</h2>
<h3>{connected ? "Connected" : "Disconnected"}</h3>
<div className="status-state">
<span className={`status-dot ${connected ? "online" : ""}`} />
{connected ? "Tunnel active" : "Ready to connect"}
</div>
<button onClick={toggleConnection}>{connected ? "Disconnect" : "Connect"}</button>
</div>
<div className="details">
</div>
<div className="surface">
<div className="surface-header">
<div>
<p className="eyebrow">Session</p>
<h4>Provisioned device state</h4>
</div>
</div>
<div className="status-grid">
<div className="detail-card">
<span>Assigned VPN IP</span>
<strong>{state.assignedIp}</strong>
</div>
<div>
<span>Gateway</span>
<div className="detail-card">
<span>Gateway endpoint</span>
<strong>{state.gatewayEndpoint}</strong>
</div>
<div>
<div className="detail-card">
<span>Profile revision</span>
<strong>{state.profileRevision}</strong>
</div>
<div>
<div className="detail-card">
<span>Last sync</span>
<strong>{state.lastSyncTime}</strong>
</div>
</div>
<div className="details">
</div>
<div className="surface">
<div className="surface-header">
<div>
<p className="eyebrow">Profile</p>
<h4>Assigned access profile</h4>
</div>
</div>
<div className="profile-grid">
<div className="profile-card">
<span>Profile path</span>
<strong>{state.profilePath}</strong>
</div>
<div>
<div className="profile-card">
<span>Tunnel strategy</span>
<strong>{state.tunnelStrategy}</strong>
</div>
</div>
</div>
{error ? <div className="error">{error}</div> : null}
</section>
)}
<aside className="status-panel">
<div className="surface-header">
<div>
<p className="eyebrow">Allowed resources</p>
<p className="eyebrow">Resources</p>
<h4>Allowed destinations</h4>
</div>
</div>
<p>
The current backend issues one effective profile per device. After policy changes, use <strong>Sync
profile</strong> to pull the latest assigned access.
</p>
<ul className="resource-list">
{state.resources.map((resource) => (
{(state?.resources ?? ["No resources assigned yet"]).map((resource) => (
<li key={resource}>{resource}</li>
))}
</ul>
</aside>
</div>
</div>
)}
</div>
);
}

338
desktop-client/src/styles.css
View File

@@ -1,111 +1,329 @@
:root {
font-family: "Segoe UI", "SF Pro Text", sans-serif;
color: #f5f7fb;
font-family: "Segoe UI", "SF Pro Text", "Helvetica Neue", sans-serif;
color: #eef4ff;
background:
radial-gradient(circle at top, rgba(79, 208, 164, 0.18), transparent 25%),
linear-gradient(180deg, #08111f 0%, #0d1727 100%);
radial-gradient(circle at 12% 10%, rgba(50, 196, 167, 0.2), transparent 24%),
radial-gradient(circle at 90% 18%, rgba(89, 133, 255, 0.16), transparent 22%),
linear-gradient(180deg, #07101c 0%, #0c1524 100%);
}
* {
box-sizing: border-box;
}
html,
body,
#root {
min-height: 100vh;
}
body {
margin: 0;
}
button,
input {
font: inherit;
}
.client-shell {
min-height: 100vh;
padding: 28px;
}
.app-frame {
width: min(1120px, 100%);
margin: 0 auto;
display: grid;
place-items: center;
gap: 24px;
padding: 32px 20px;
gap: 22px;
}
.hero,
.panel {
width: min(560px, 100%);
.top-strip {
display: flex;
align-items: center;
justify-content: space-between;
gap: 16px;
}
.hero {
text-align: center;
.brand-lockup {
display: flex;
align-items: center;
gap: 14px;
}
.brand-lockup img {
width: 54px;
height: 54px;
border-radius: 16px;
box-shadow: 0 18px 48px rgba(0, 0, 0, 0.28);
}
.brand-copy {
display: grid;
gap: 4px;
}
.eyebrow {
color: #74e0b8;
margin: 0;
color: #75e3ba;
letter-spacing: 0.18em;
text-transform: uppercase;
font-size: 0.78rem;
font-size: 0.74rem;
}
.lede {
color: #a9b8d3;
.brand-copy h1,
.hero-copy h2,
.status-panel h3 {
margin: 0;
}
.panel {
.brand-copy p,
.hero-copy p,
.status-panel p,
.surface-header p,
.detail-card span,
.profile-card span {
margin: 0;
color: #9eb1d1;
}
.top-actions {
display: flex;
gap: 10px;
flex-wrap: wrap;
}
.shell-button,
.shell-button-secondary {
border: 0;
border-radius: 999px;
padding: 12px 18px;
font-weight: 700;
cursor: pointer;
transition: 160ms ease;
}
.shell-button {
background: linear-gradient(135deg, #74e0b8 0%, #1fb67a 100%);
color: #04131a;
}
.shell-button-secondary {
background: rgba(255, 255, 255, 0.04);
color: #eef4ff;
border: 1px solid rgba(177, 197, 229, 0.16);
}
.shell-button:disabled,
.shell-button-secondary:disabled {
opacity: 0.58;
cursor: default;
}
.hero-surface,
.surface,
.status-panel,
.login-panel {
background: rgba(11, 20, 35, 0.78);
border: 1px solid rgba(177, 197, 229, 0.12);
box-shadow: 0 24px 70px rgba(2, 8, 18, 0.32);
backdrop-filter: blur(18px);
}
.hero-surface {
border-radius: 30px;
padding: 28px;
display: grid;
grid-template-columns: 1.2fr 0.8fr;
gap: 20px;
align-items: center;
}
.hero-copy {
display: grid;
gap: 14px;
}
.hero-copy h2 {
font-size: clamp(2rem, 4vw, 3.6rem);
line-height: 1.04;
max-width: 10ch;
}
.hero-copy p {
max-width: 56ch;
font-size: 1.03rem;
line-height: 1.6;
}
.hero-meta {
display: grid;
gap: 14px;
}
.meta-tile {
padding: 18px;
border-radius: 22px;
background: linear-gradient(180deg, rgba(117, 227, 186, 0.08), rgba(117, 227, 186, 0.02));
border: 1px solid rgba(117, 227, 186, 0.16);
}
.meta-tile strong {
display: block;
margin-top: 8px;
font-size: 1.1rem;
}
.body-grid {
display: grid;
grid-template-columns: 1.3fr 0.7fr;
gap: 22px;
}
.login-panel,
.status-panel {
border-radius: 28px;
padding: 24px;
border-radius: 24px;
background: rgba(12, 22, 38, 0.84);
border: 1px solid rgba(167, 185, 219, 0.14);
box-shadow: 0 24px 60px rgba(2, 8, 18, 0.36);
backdrop-filter: blur(16px);
display: grid;
gap: 20px;
}
form {
.status-top {
display: flex;
align-items: center;
justify-content: space-between;
gap: 16px;
}
.status-state {
display: inline-flex;
align-items: center;
gap: 8px;
padding: 8px 12px;
border-radius: 999px;
background: rgba(255, 255, 255, 0.04);
color: #c8d6ee;
}
.status-dot {
width: 10px;
height: 10px;
border-radius: 999px;
background: #ff8a7d;
}
.status-dot.online {
background: #74e0b8;
}
.surface {
border-radius: 24px;
padding: 18px;
display: grid;
gap: 14px;
}
.surface-header {
display: flex;
align-items: center;
justify-content: space-between;
gap: 12px;
}
.surface-header h4 {
margin: 0;
font-size: 1rem;
}
.status-grid,
.profile-grid {
display: grid;
grid-template-columns: repeat(2, minmax(0, 1fr));
gap: 12px;
}
.detail-card,
.profile-card {
padding: 14px;
border-radius: 18px;
background: rgba(255, 255, 255, 0.03);
border: 1px solid rgba(177, 197, 229, 0.1);
display: grid;
gap: 6px;
}
.detail-card strong,
.profile-card strong {
font-size: 1rem;
word-break: break-word;
}
.resource-list {
margin: 0;
padding: 0;
list-style: none;
display: flex;
flex-wrap: wrap;
gap: 10px;
}
.resource-list li {
padding: 10px 12px;
border-radius: 999px;
background: rgba(117, 227, 186, 0.08);
border: 1px solid rgba(117, 227, 186, 0.15);
color: #dffaf0;
}
.login-panel form {
display: grid;
gap: 16px;
}
label {
.login-panel label {
display: grid;
gap: 8px;
color: #c2cfe5;
}
input {
border: 1px solid rgba(167, 185, 219, 0.16);
background: rgba(7, 14, 27, 0.85);
.login-panel input {
border: 1px solid rgba(177, 197, 229, 0.16);
background: rgba(7, 14, 27, 0.9);
color: #f5f7fb;
border-radius: 14px;
padding: 14px 16px;
border-radius: 16px;
padding: 15px 16px;
}
button {
border: 0;
border-radius: 999px;
padding: 13px 18px;
font-weight: 700;
background: linear-gradient(135deg, #74e0b8 0%, #1fb67a 100%);
color: #04141a;
}
.error {
color: #ffb7b7;
}
.status {
display: grid;
gap: 18px;
}
.status-row,
.details {
.login-card-actions {
display: flex;
justify-content: space-between;
gap: 16px;
gap: 12px;
flex-wrap: wrap;
}
.details div {
display: grid;
gap: 6px;
.error {
padding: 12px 14px;
border-radius: 16px;
background: rgba(255, 115, 115, 0.08);
border: 1px solid rgba(255, 115, 115, 0.16);
color: #ffc3c3;
white-space: pre-wrap;
}
.details span {
color: #9db0cf;
}
@media (max-width: 960px) {
.hero-surface,
.body-grid {
grid-template-columns: 1fr;
}
.resource-list {
margin: 0;
padding-left: 18px;
.top-strip,
.status-top,
.surface-header {
align-items: flex-start;
flex-direction: column;
}
.status-grid,
.profile-grid {
grid-template-columns: 1fr;
}
}

58
desktop-client/tunnel-helper/src/main.rs
View File

@@ -4,6 +4,12 @@ use std::{
process::{Command, ExitCode},
};
#[cfg(target_os = "windows")]
use std::os::windows::process::CommandExt;
#[cfg(target_os = "windows")]
const CREATE_NO_WINDOW: u32 = 0x08000000;
fn main() -> ExitCode {
match run() {
Ok(()) => ExitCode::SUCCESS,
@@ -33,14 +39,16 @@ fn run() -> Result<(), String> {
fn connect(profile: &Path) -> Result<(), String> {
#[cfg(target_os = "windows")]
{
ensure_windows_admin()?;
let wireguard = find_windows_wireguard()?;
let status = Command::new(wireguard)
let output = Command::new(wireguard)
.arg("/installtunnelservice")
.arg(profile)
.status()
.creation_flags(CREATE_NO_WINDOW)
.output()
.map_err(|err| format!("unable to launch WireGuard runtime: {err}"))?;
if !status.success() {
return Err(format!("WireGuard runtime connect failed with status {status}"));
if !output.status.success() {
return Err(format_windows_runtime_error("connect", &output));
}
return Ok(());
}
@@ -66,18 +74,20 @@ fn connect(profile: &Path) -> Result<(), String> {
fn disconnect(profile: &Path) -> Result<(), String> {
#[cfg(target_os = "windows")]
{
ensure_windows_admin()?;
let wireguard = find_windows_wireguard()?;
let tunnel_name = profile
.file_stem()
.and_then(|value| value.to_str())
.ok_or_else(|| "invalid profile filename".to_string())?;
let status = Command::new(wireguard)
let output = Command::new(wireguard)
.arg("/uninstalltunnelservice")
.arg(tunnel_name)
.status()
.creation_flags(CREATE_NO_WINDOW)
.output()
.map_err(|err| format!("unable to launch WireGuard runtime: {err}"))?;
if !status.success() {
return Err(format!("WireGuard runtime disconnect failed with status {status}"));
if !output.status.success() {
return Err(format_windows_runtime_error("disconnect", &output));
}
return Ok(());
}
@@ -112,3 +122,35 @@ fn find_windows_wireguard() -> Result<PathBuf, String> {
.find(|path| path.exists())
.ok_or_else(|| "required Windows tunnel runtime is not available".to_string())
}
#[cfg(target_os = "windows")]
fn ensure_windows_admin() -> Result<(), String> {
let status = Command::new("net")
.arg("session")
.creation_flags(CREATE_NO_WINDOW)
.status()
.map_err(|err| format!("unable to determine Windows privilege level: {err}"))?;
if status.success() {
return Ok(());
}
Err("Administrator rights are required to activate the VPN tunnel on Windows. Start NexaVPN as Administrator for now.".into())
}
#[cfg(target_os = "windows")]
fn format_windows_runtime_error(action: &str, output: &std::process::Output) -> String {
let stderr = String::from_utf8_lossy(&output.stderr);
let stdout = String::from_utf8_lossy(&output.stdout);
let details = if !stderr.trim().is_empty() {
stderr.trim()
} else {
stdout.trim()
};
if details.is_empty() {
return format!("WireGuard runtime {} failed with status {}", action, output.status);
}
format!("WireGuard runtime {} failed: {}", action, details)
}