Merge branch 'dev' of github.com:amnezia-vpn/amnezia-client into HEAD

client/android/protocolApi/src/main/kotlin/ProtocolConfig.kt

@@ -128,8 +128,7 @@ open class ProtocolConfig protected constructor(
         }
 
         private fun processExcludedRoutes() {
-            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU && excludedRoutes.isNotEmpty()) {
-                // todo: rewrite, taking into account the current routes
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU) {
                 // for older versions of Android, build a list of subnets without excluded routes
                 // and add them to routes
                 val ipRangeSet = IpRangeSet()

client/configurators/wireguard_configurator.h

@@ -31,11 +31,11 @@ public:
     QString processConfigWithLocalSettings(QString config);
     QString processConfigWithExportSettings(QString config);
 
-    static ConnectionData genClientKeys();
-
 private:
     ConnectionData prepareWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
                                           const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+
+    ConnectionData genClientKeys();
     
     bool m_isAwg;
     QString m_serverConfigPath;

client/core/defs.h

@@ -4,77 +4,92 @@
 #include <QMetaEnum>
 #include <QObject>
 
-namespace amnezia {
-
-constexpr const qint16 qrMagicCode = 1984;
-
-struct ServerCredentials
+namespace amnezia
 {
-    QString hostName;
-    QString userName;
-    QString secretData;
-    int port = 22;
 
-    bool isValid() const { return !hostName.isEmpty() && !userName.isEmpty() && !secretData.isEmpty() && port > 0; }
-};
+    constexpr const qint16 qrMagicCode = 1984;
 
-enum ErrorCode
-{
-    // General error codes
-    NoError = 0,
-    UnknownError,
-    InternalError,
-    NotImplementedError,
+    struct ServerCredentials
+    {
+        QString hostName;
+        QString userName;
+        QString secretData;
+        int port = 22;
 
-    // Server errors
-    ServerCheckFailed,
-    ServerPortAlreadyAllocatedError,
-    ServerContainerMissingError,
-    ServerDockerFailedError,
-    ServerCancelInstallation,
-    ServerUserNotInSudo,
-    ServerPacketManagerError,
+        bool isValid() const
+        {
+            return !hostName.isEmpty() && !userName.isEmpty() && !secretData.isEmpty() && port > 0;
+        }
+    };
 
-    // Ssh connection errors
-    SshRequestDeniedError, SshInterruptedError, SshInternalError,
-    SshPrivateKeyError, SshPrivateKeyFormatError, SshTimeoutError,
+    enum ErrorCode {
+        // General error codes
+        NoError = 0,
+        UnknownError = 100,
+        InternalError = 101,
+        NotImplementedError = 102,
 
-    // Ssh sftp errors
-    SshSftpEofError, SshSftpNoSuchFileError, SshSftpPermissionDeniedError,
-    SshSftpFailureError, SshSftpBadMessageError, SshSftpNoConnectionError,
-    SshSftpConnectionLostError, SshSftpOpUnsupportedError, SshSftpInvalidHandleError,
-    SshSftpNoSuchPathError, SshSftpFileAlreadyExistsError, SshSftpWriteProtectError,
-    SshSftpNoMediaError,
+        // Server errors
+        ServerCheckFailed = 200,
+        ServerPortAlreadyAllocatedError = 201,
+        ServerContainerMissingError = 202,
+        ServerDockerFailedError = 203,
+        ServerCancelInstallation = 204,
+        ServerUserNotInSudo = 205,
+        ServerPacketManagerError = 206,
 
-    // Local errors
-    OpenVpnConfigMissing,
-    OpenVpnManagementServerError,
-    ConfigMissing,
+        // Ssh connection errors
+        SshRequestDeniedError = 300,
+        SshInterruptedError = 301,
+        SshInternalError = 302,
+        SshPrivateKeyError = 303,
+        SshPrivateKeyFormatError = 304,
+        SshTimeoutError = 305,
 
-    // Distro errors
-    OpenVpnExecutableMissing,
-    ShadowSocksExecutableMissing,
-    CloakExecutableMissing,
-    AmneziaServiceConnectionFailed,
-    ExecutableMissing,
+        // Ssh sftp errors
+        SshSftpEofError = 400,
+        SshSftpNoSuchFileError = 401,
+        SshSftpPermissionDeniedError = 402,
+        SshSftpFailureError = 403,
+        SshSftpBadMessageError = 404,
+        SshSftpNoConnectionError = 405,
+        SshSftpConnectionLostError = 406,
+        SshSftpOpUnsupportedError = 407,
+        SshSftpInvalidHandleError = 408,
+        SshSftpNoSuchPathError = 409,
+        SshSftpFileAlreadyExistsError = 410,
+        SshSftpWriteProtectError = 411,
+        SshSftpNoMediaError = 412,
 
-    // VPN errors
-    OpenVpnAdaptersInUseError,
-    OpenVpnUnknownError,
-    OpenVpnTapAdapterError,
-    AddressPoolError,
+        // Local errors
+        OpenVpnConfigMissing = 500,
+        OpenVpnManagementServerError = 501,
+        ConfigMissing = 502,
 
-    // 3rd party utils errors
-    OpenSslFailed,
-    ShadowSocksExecutableCrashed,
-    CloakExecutableCrashed,
+        // Distro errors
+        OpenVpnExecutableMissing = 600,
+        ShadowSocksExecutableMissing = 601,
+        CloakExecutableMissing = 602,
+        AmneziaServiceConnectionFailed = 603,
+        ExecutableMissing = 604,
 
-    // import and install errors
-    ImportInvalidConfigError,
+        // VPN errors
+        OpenVpnAdaptersInUseError = 700,
+        OpenVpnUnknownError = 701,
+        OpenVpnTapAdapterError = 702,
+        AddressPoolError = 703,
 
-    // Android errors
-    AndroidError
-};
+        // 3rd party utils errors
+        OpenSslFailed = 800,
+        ShadowSocksExecutableCrashed = 801,
+        CloakExecutableCrashed = 802,
+
+        // import and install errors
+        ImportInvalidConfigError = 900,
+
+        // Android errors
+        AndroidError = 1000
+    };
 
 } // namespace amnezia
 

client/core/errorstrings.cpp

@@ -2,70 +2,74 @@
 
 using namespace amnezia;
 
-QString errorString(ErrorCode code){
+QString errorString(ErrorCode code) {
+    QString errorMessage;
+
     switch (code) {
 
     // General error codes
-    case(NoError): return QObject::tr("No error");
-    case(UnknownError): return QObject::tr("Unknown Error");
-    case(NotImplementedError): return QObject::tr("Function not implemented");
+    case(NoError): errorMessage = QObject::tr("No error"); break;
+    case(UnknownError): errorMessage = QObject::tr("Unknown Error"); break;
+    case(NotImplementedError): errorMessage = QObject::tr("Function not implemented"); break;
 
     // Server errors
-    case(ServerCheckFailed): return QObject::tr("Server check failed");
-    case(ServerPortAlreadyAllocatedError): return QObject::tr("Server port already used. Check for another software");
-    case(ServerContainerMissingError): return QObject::tr("Server error: Docker container missing");
-    case(ServerDockerFailedError): return QObject::tr("Server error: Docker failed");
-    case(ServerCancelInstallation): return QObject::tr("Installation canceled by user");
-    case(ServerUserNotInSudo): return QObject::tr("The user does not have permission to use sudo");
+    case(ServerCheckFailed): errorMessage = QObject::tr("Server check failed"); break;
+    case(ServerPortAlreadyAllocatedError): errorMessage = QObject::tr("Server port already used. Check for another software"); break;
+    case(ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
+    case(ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
+    case(ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
+    case(ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
 
     // Libssh errors
-    case(SshRequestDeniedError): return QObject::tr("Ssh request was denied");
-    case(SshInterruptedError): return QObject::tr("Ssh request was interrupted");
-    case(SshInternalError): return QObject::tr("Ssh internal error");
-    case(SshPrivateKeyError): return QObject::tr("Invalid private key or invalid passphrase entered");
-    case(SshPrivateKeyFormatError): return QObject::tr("The selected private key format is not supported, use openssh ED25519 key types or PEM key types");
-    case(SshTimeoutError): return QObject::tr("Timeout connecting to server");
+    case(SshRequestDeniedError): errorMessage = QObject::tr("Ssh request was denied"); break;
+    case(SshInterruptedError): errorMessage = QObject::tr("Ssh request was interrupted"); break;
+    case(SshInternalError): errorMessage = QObject::tr("Ssh internal error"); break;
+    case(SshPrivateKeyError): errorMessage = QObject::tr("Invalid private key or invalid passphrase entered"); break;
+    case(SshPrivateKeyFormatError): errorMessage = QObject::tr("The selected private key format is not supported, use openssh ED25519 key types or PEM key types"); break;
+    case(SshTimeoutError): errorMessage = QObject::tr("Timeout connecting to server"); break;
 
     // Libssh sftp errors
-    case(SshSftpEofError): return QObject::tr("Sftp error: End-of-file encountered");
-    case(SshSftpNoSuchFileError): return QObject::tr("Sftp error: File does not exist");
-    case(SshSftpPermissionDeniedError): return QObject::tr("Sftp error: Permission denied");
-    case(SshSftpFailureError): return QObject::tr("Sftp error: Generic failure");
-    case(SshSftpBadMessageError): return QObject::tr("Sftp error: Garbage received from server");
-    case(SshSftpNoConnectionError): return QObject::tr("Sftp error: No connection has been set up");
-    case(SshSftpConnectionLostError): return QObject::tr("Sftp error: There was a connection, but we lost it");
-    case(SshSftpOpUnsupportedError): return QObject::tr("Sftp error: Operation not supported by libssh yet");
-    case(SshSftpInvalidHandleError): return QObject::tr("Sftp error: Invalid file handle");
-    case(SshSftpNoSuchPathError): return QObject::tr("Sftp error: No such file or directory path exists");
-    case(SshSftpFileAlreadyExistsError): return QObject::tr("Sftp error: An attempt to create an already existing file or directory has been made");
-    case(SshSftpWriteProtectError): return QObject::tr("Sftp error: Write-protected filesystem");
-    case(SshSftpNoMediaError): return QObject::tr("Sftp error: No media was in remote drive");
+    case(SshSftpEofError): errorMessage = QObject::tr("Sftp error: End-of-file encountered"); break;
+    case(SshSftpNoSuchFileError): errorMessage = QObject::tr("Sftp error: File does not exist"); break;
+    case(SshSftpPermissionDeniedError): errorMessage = QObject::tr("Sftp error: Permission denied"); break;
+    case(SshSftpFailureError): errorMessage = QObject::tr("Sftp error: Generic failure"); break;
+    case(SshSftpBadMessageError): errorMessage = QObject::tr("Sftp error: Garbage received from server"); break;
+    case(SshSftpNoConnectionError): errorMessage = QObject::tr("Sftp error: No connection has been set up"); break;
+    case(SshSftpConnectionLostError): errorMessage = QObject::tr("Sftp error: There was a connection, but we lost it"); break;
+    case(SshSftpOpUnsupportedError): errorMessage = QObject::tr("Sftp error: Operation not supported by libssh yet"); break;
+    case(SshSftpInvalidHandleError): errorMessage = QObject::tr("Sftp error: Invalid file handle"); break;
+    case(SshSftpNoSuchPathError): errorMessage = QObject::tr("Sftp error: No such file or directory path exists"); break;
+    case(SshSftpFileAlreadyExistsError): errorMessage = QObject::tr("Sftp error: An attempt to create an already existing file or directory has been made"); break;
+    case(SshSftpWriteProtectError): errorMessage = QObject::tr("Sftp error: Write-protected filesystem"); break;
+    case(SshSftpNoMediaError): errorMessage = QObject::tr("Sftp error: No media was in remote drive"); break;
 
     // Local errors
-    case (OpenVpnConfigMissing): return QObject::tr("OpenVPN config missing");
-    case (OpenVpnManagementServerError): return QObject::tr("OpenVPN management server error");
+    case (OpenVpnConfigMissing): errorMessage = QObject::tr("OpenVPN config missing"); break;
+    case (OpenVpnManagementServerError): errorMessage = QObject::tr("OpenVPN management server error"); break;
 
     // Distro errors
-    case (OpenVpnExecutableMissing): return QObject::tr("OpenVPN executable missing");
-    case (ShadowSocksExecutableMissing): return QObject::tr("ShadowSocks (ss-local) executable missing");
-    case (CloakExecutableMissing): return QObject::tr("Cloak (ck-client) executable missing");
-    case (AmneziaServiceConnectionFailed): return QObject::tr("Amnezia helper service error");
-    case (OpenSslFailed): return QObject::tr("OpenSSL failed");
+    case (OpenVpnExecutableMissing): errorMessage = QObject::tr("OpenVPN executable missing"); break;
+    case (ShadowSocksExecutableMissing): errorMessage = QObject::tr("ShadowSocks (ss-local) executable missing"); break;
+    case (CloakExecutableMissing): errorMessage = QObject::tr("Cloak (ck-client) executable missing"); break;
+    case (AmneziaServiceConnectionFailed): errorMessage = QObject::tr("Amnezia helper service error"); break;
+    case (OpenSslFailed): errorMessage = QObject::tr("OpenSSL failed"); break;
 
     // VPN errors
-    case (OpenVpnAdaptersInUseError): return QObject::tr("Can't connect: another VPN connection is active");
-    case (OpenVpnTapAdapterError): return QObject::tr("Can't setup OpenVPN TAP network adapter");
-    case (AddressPoolError): return QObject::tr("VPN pool error: no available addresses");
+    case (OpenVpnAdaptersInUseError): errorMessage = QObject::tr("Can't connect: another VPN connection is active"); break;
+    case (OpenVpnTapAdapterError): errorMessage = QObject::tr("Can't setup OpenVPN TAP network adapter"); break;
+    case (AddressPoolError): errorMessage = QObject::tr("VPN pool error: no available addresses"); break;
 
-    case (ImportInvalidConfigError): return QObject::tr("The config does not contain any containers and credentials for connecting to the server");
+    case (ImportInvalidConfigError): errorMessage = QObject::tr("The config does not contain any containers and credentials for connecting to the server"); break;
 
     // Android errors
-    case (AndroidError): return QObject::tr("VPN connection error");
+    case (AndroidError): errorMessage = QObject::tr("VPN connection error"); break;
 
     case(InternalError):
     default:
-        return QObject::tr("Internal error");
+        errorMessage = QObject::tr("Internal error"); break;
     }
+
+    return QObject::tr("ErrorCode: %1. ").arg(code) + errorMessage;
 }
 
 QDebug operator<<(QDebug debug, const ErrorCode &e)

client/ui/controllers/apiController.cpp

@@ -5,14 +5,12 @@
 #include <QNetworkReply>
 
 #include "configurators/openvpn_configurator.h"
-#include "configurators/wireguard_configurator.h"
 
 namespace
 {
     namespace configKey
     {
         constexpr char cloak[] = "cloak";
-        constexpr char awg[] = "awg";
 
         constexpr char apiEdnpoint[] = "api_endpoint";
         constexpr char accessToken[] = "api_key";
@@ -28,42 +26,33 @@ ApiController::ApiController(const QSharedPointer<ServersModel> &serversModel,
 {
 }
 
-void ApiController::processCloudConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config)
+QString ApiController::genPublicKey(const QString &protocol)
+{
+    if (protocol == configKey::cloak) {
+        return ".";
+    }
+    return QString();
+}
+
+QString ApiController::genCertificateRequest(const QString &protocol)
+{
+    if (protocol == configKey::cloak) {
+        m_certRequest = OpenVpnConfigurator::createCertRequest();
+        return m_certRequest.request;
+    }
+    return QString();
+}
+
+void ApiController::processCloudConfig(const QString &protocol, QString &config)
 {
     if (protocol == configKey::cloak) {
         config.replace("<key>", "<key>\n");
-        config.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
+        config.replace("$OPENVPN_PRIV_KEY", m_certRequest.privKey);
         return;
-    } else if (protocol == configKey::awg) {
-        config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
     }
     return;
 }
 
-ApiController::ApiPayloadData ApiController::generateApiPayloadData(const QString &protocol)
-{
-    ApiController::ApiPayloadData apiPayload;
-    if (protocol == configKey::cloak) {
-        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
-    } else if (protocol == configKey::awg) {
-        auto connData = WireguardConfigurator::genClientKeys();
-        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
-        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
-    }
-    return apiPayload;
-}
-
-QJsonObject ApiController::fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData)
-{
-    QJsonObject obj;
-    if (protocol == configKey::cloak) {
-        obj[configKey::certificate] = apiPayloadData.certRequest.request;
-    } else if (protocol == configKey::awg) {
-        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
-    }
-    return obj;
-}
-
 bool ApiController::updateServerConfigFromApi()
 {
     auto serverConfig = m_serversModel->getDefaultServerConfig();
@@ -82,9 +71,13 @@ bool ApiController::updateServerConfigFromApi()
 
         QString protocol = serverConfig.value(configKey::protocol).toString();
 
-        auto apiPayloadData = generateApiPayloadData(protocol);
+        QJsonObject obj;
 
-        QByteArray requestBody = QJsonDocument(fillApiPayload(protocol, apiPayloadData)).toJson();
+        obj[configKey::publicKey] = genPublicKey(protocol);
+        obj[configKey::certificate] = genCertificateRequest(protocol);
+
+        QByteArray requestBody = QJsonDocument(obj).toJson();
+        qDebug() << requestBody;
 
         QScopedPointer<QNetworkReply> reply;
         reply.reset(manager.post(request, requestBody));
@@ -107,7 +100,7 @@ bool ApiController::updateServerConfigFromApi()
             }
 
             QString configStr = ba;
-            processCloudConfig(protocol, apiPayloadData, configStr);
+            processCloudConfig(protocol, configStr);
 
             QJsonObject cloudConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
 

client/ui/controllers/apiController.h

@@ -22,19 +22,15 @@ signals:
     void errorOccurred(const QString &errorMessage);
 
 private:
-    struct ApiPayloadData {
-        OpenVpnConfigurator::ConnectionData certRequest;
+    QString genPublicKey(const QString &protocol);
+    QString genCertificateRequest(const QString &protocol);
 
-        QString wireGuardClientPrivKey;
-        QString wireGuardClientPubKey;
-    };
-
-    ApiPayloadData generateApiPayloadData(const QString &protocol);
-    QJsonObject fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData);
-    void processCloudConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config);
+    void processCloudConfig(const QString &protocol, QString &config);
 
     QSharedPointer<ServersModel> m_serversModel;
     QSharedPointer<ContainersModel> m_containersModel;
+
+    OpenVpnConfigurator::ConnectionData m_certRequest;
 };
 
 #endif // APICONTROLLER_H

client/vpnconnection.cpp

@@ -388,25 +388,6 @@ void VpnConnection::createProtocolConnections()
 
 void VpnConnection::appendSplitTunnelingConfig()
 {
-    if (m_vpnConfiguration.value(config_key::configVersion).toInt()) {
-        auto protocolName = m_vpnConfiguration.value(config_key::vpnproto).toString();
-        if (protocolName == ProtocolProps::protoToString(Proto::Awg)) {
-            auto configData = m_vpnConfiguration.value(protocolName + "_config_data").toObject();
-            QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configData.value("allowed_ips").toString().split(","));
-            QJsonArray defaultAllowedIP = QJsonArray::fromStringList(QString("0.0.0.0/0, ::/0").split(","));
-
-            if (allowedIpsJsonArray != defaultAllowedIP) {
-                allowedIpsJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString());
-                allowedIpsJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString());
-
-                m_vpnConfiguration.insert(config_key::splitTunnelType, Settings::RouteMode::VpnOnlyForwardSites);
-                m_vpnConfiguration.insert(config_key::splitTunnelSites, allowedIpsJsonArray);
-
-                return;
-            }
-        }
-    }
-
     auto routeMode = m_settings->routeMode();
     auto sites = m_settings->getVpnIps(routeMode);
 
@@ -416,7 +397,7 @@ void VpnConnection::appendSplitTunnelingConfig()
     }
 
     // Allow traffic to Amezia DNS
-    if (routeMode == Settings::VpnOnlyForwardSites) {
+    if (routeMode == Settings::VpnOnlyForwardSites){
         sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString());
         sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString());
     }