@cappitolian/http-local-server-swifter 0.0.18 → 0.0.19

package/ios/Sources/HttpLocalServerSwifterPlugin/HttpLocalServerSwifter.swift

@@ -25,45 +25,49 @@ public protocol HttpLocalServerSwifterDelegate: AnyObject {
     }
 
     @objc public func connect(_ call: CAPPluginCall) {
-        // Trigger the Local Network permission dialog before doing any network work.
-        // iOS only shows the dialog once; subsequent calls are no-ops.
-        // We fire it here so the prompt appears at a predictable moment for the user.
-        networkPermission.requestPermissionIfNeeded()
-
-        // Move execution to a background thread immediately.
-        DispatchQueue.global(qos: .userInitiated).async { [weak self] in
+        // Check Local Network permission first via NWBrowser callback.
+        // iOS only shows the system dialog once — subsequent calls return the stored decision.
+        // We must do this BEFORE starting the server because Swifter uses plain TCP sockets
+        // which iOS never blocks — the denial only surfaces through Bonjour/mDNS errors,
+        // not through server.start() failures.
+        networkPermission.checkPermission { [weak self] status in
             guard let self = self else { return }
 
-            self.disconnect()
-            let server = HttpServer()
-            self.webServer = server
-
-            // Use middleware to catch ALL requests and avoid route misses.
-            server.middleware.append { [weak self] request in
-                if request.method == "OPTIONS" {
-                    return self?.corsResponse() ?? .raw(204, "No Content", nil, nil)
-                }
-                return self?.processRequest(request) ?? .raw(500, "Internal Server Error", nil, nil)
+            if status == .denied {
+                print("❌ SWIFTER: Local Network permission denied by user")
+                call.reject("LOCAL_NETWORK_PERMISSION_DENIED")
+                return
             }
 
-            do {
-                try server.start(self.defaultPort, forceIPv4: true)
-                let ip = Self.getWiFiAddress() ?? "127.0.0.1"
+            // .granted or .unknown — proceed with server startup.
+            // .unknown means iOS didn't respond within the timeout (simulator, already granted, etc.)
+            DispatchQueue.global(qos: .userInitiated).async { [weak self] in
+                guard let self = self else { return }
+
+                self.disconnect()
+                let server = HttpServer()
+                self.webServer = server
+
+                // Use middleware to catch ALL requests and avoid route misses.
+                server.middleware.append { [weak self] request in
+                    if request.method == "OPTIONS" {
+                        return self?.corsResponse() ?? .raw(204, "No Content", nil, nil)
+                    }
+                    return self?.processRequest(request) ?? .raw(500, "Internal Server Error", nil, nil)
+                }
 
-                print("🚀 SWIFTER: Server running on http://\(ip):\(self.defaultPort)")
+                do {
+                    try server.start(self.defaultPort, forceIPv4: true)
+                    let ip = Self.getWiFiAddress() ?? "127.0.0.1"
 
-                call.resolve([
-                    "ip": ip,
-                    "port": Int(self.defaultPort)
-                ])
-            } catch {
-                print("❌ SWIFTER ERROR: \(error)")
+                    print("🚀 SWIFTER: Server running on http://\(ip):\(self.defaultPort)")
 
-                // Check if the failure is caused by a denied Local Network permission
-                // and surface a specific error code so the JS layer can handle it distinctly.
-                if self.networkPermission.isPermissionDenied(error) {
-                    call.reject("LOCAL_NETWORK_PERMISSION_DENIED")
-                } else {
+                    call.resolve([
+                        "ip": ip,
+                        "port": Int(self.defaultPort)
+                    ])
+                } catch {
+                    print("❌ SWIFTER ERROR: \(error)")
                     call.reject("Could not start server")
                 }
             }

package/ios/Sources/HttpLocalServerSwifterPlugin/LocalNetworkPermission.swift

@@ -4,26 +4,41 @@ import UIKit
 
 /// Handles Local Network permission lifecycle on iOS.
 ///
-/// iOS does not provide a direct API to query Local Network permission status.
-/// The only available approach is:
-///   1. Trigger the system dialog once by starting a NWBrowser with a Bonjour service.
-///   2. Infer denial from DNS/network errors (kDNSServiceErr_PolicyDenied = -65570).
-///   3. Redirect the user to Settings if denied — re-requesting programmatically is not possible.
+/// IMPORTANT: iOS Local Network permission does NOT block TCP sockets.
+/// It only blocks mDNS/Bonjour service discovery. This means Swifter's
+/// server.start() will always succeed regardless of permission status.
+///
+/// Detection strategy:
+///   - Trigger the system dialog by starting a NWBrowser.
+///   - Listen to the browser's state change callback to detect denial.
+///   - Surface the result via a completion handler so the plugin can
+///     reject the Capacitor call with LOCAL_NETWORK_PERMISSION_DENIED.
 @objc public class LocalNetworkPermission: NSObject {
 
-    // MARK: - Constants
+    // MARK: - Types
+
+    public enum PermissionStatus {
+        case granted
+        case denied
+        case unknown
+    }
 
-    /// kDNSServiceErr_PolicyDenied — returned by the system when Local Network access is denied.
-    private static let policyDeniedErrorCode = -65570
+    // MARK: - Private state
 
-    // MARK: - Permission trigger
+    private var browser: NWBrowser?
 
-    /// Triggers the Local Network permission dialog by briefly starting a Bonjour browser.
+    // MARK: - Permission check
+
+    /// Triggers the Local Network permission dialog and returns the result
+    /// asynchronously via the completion handler.
+    ///
+    /// - Parameter completion: Called on the main thread with the permission status.
+    ///   Will be called with `.granted` or `.denied` once iOS responds,
+    ///   or `.unknown` if the result could not be determined within the timeout.
     ///
-    /// - Important: iOS shows this dialog only once. On subsequent calls it is a no-op.
-    ///   Call this before starting the HTTP server so the dialog appears in a controlled moment,
-    ///   not mid-request when the user least expects it.
-    public func requestPermissionIfNeeded() {
+    /// - Note: iOS shows the dialog only once. On subsequent calls this method
+    ///   will return the previously stored decision immediately (no dialog shown).
+    public func checkPermission(completion: @escaping (PermissionStatus) -> Void) {
         let parameters = NWParameters()
         parameters.includePeerToPeer = true
 
@@ -31,42 +46,62 @@ import UIKit
             for: .bonjour(type: "_http._tcp", domain: "local."),
             using: parameters
         )
+        self.browser = browser
 
-        browser.start(queue: .main)
-
-        // We only need to fire the dialog — cancel shortly after.
-        DispatchQueue.main.asyncAfter(deadline: .now() + 0.5) {
+        // Timeout fallback — if iOS doesn't respond in 3 seconds, assume unknown
+        // (e.g. on simulator or when the user has already granted permission)
+        var completed = false
+        let timeout = DispatchWorkItem {
+            guard !completed else { return }
+            completed = true
             browser.cancel()
+            DispatchQueue.main.async { completion(.unknown) }
         }
-    }
+        DispatchQueue.main.asyncAfter(deadline: .now() + 3.0, execute: timeout)
 
-    // MARK: - Error detection
+        browser.stateUpdateHandler = { state in
+            guard !completed else { return }
 
-    /// Returns `true` if the given error indicates the user denied Local Network permission.
-    ///
-    /// - Parameter error: Any `Error` thrown during server start or network operations.
-    public func isPermissionDenied(_ error: Error) -> Bool {
-        let nsError = error as NSError
-        return nsError.code == Self.policyDeniedErrorCode
-    }
+            switch state {
+            case .ready:
+                // Browser started successfully — permission is granted
+                completed = true
+                timeout.cancel()
+                browser.cancel()
+                DispatchQueue.main.async { completion(.granted) }
 
-    /// Returns `true` if an error string representation contains known denial markers.
-    ///
-    /// Useful when the original `Error` object is unavailable and only a string is at hand
-    /// (e.g. errors arriving from JavaScript or serialized logs).
-    public func isPermissionDeniedString(_ errorString: String) -> Bool {
-        let lower = errorString.lowercased()
-        return lower.contains("policydenied")
-            || lower.contains("-65570")
-            || lower.contains("policy denied")
+            case .failed(let error):
+                // Check for policy denial errors:
+                //   kDNSServiceErr_PolicyDenied = -65570
+                //   kDNSServiceErr_NoAuth       = -65555
+                let nsError = error as NSError
+                let isDenied = nsError.code == -65570
+                    || nsError.code == -65555
+                    || error.localizedDescription.lowercased().contains("policy")
+
+                completed = true
+                timeout.cancel()
+                browser.cancel()
+                DispatchQueue.main.async {
+                    completion(isDenied ? .denied : .unknown)
+                }
+
+            case .cancelled:
+                break // Expected when we cancel it ourselves
+
+            default:
+                break // .setup, .waiting — keep waiting
+            }
+        }
+
+        browser.start(queue: .main)
     }
 
     // MARK: - Recovery
 
     /// Opens the app's page in iOS Settings so the user can manually grant Local Network access.
     ///
-    /// - Note: This is the only recovery path available. iOS does not allow re-prompting
-    ///   after the user denies the permission.
+    /// - Note: This is the only recovery path available after the user denies the permission.
     /// - Warning: On iOS 17, the user may need to restart the device after granting
     ///   the permission for it to take effect. This is a known iOS 17 bug.
     public func openAppSettings() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cappitolian/http-local-server-swifter",
-  "version": "0.0.18",
+  "version": "0.0.19",
   "description": "Runs a local HTTP server on your device, accessible over LAN. Supports connect, disconnect, GET, and POST methods with IP and port discovery.",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",