npm - @cappitolian/http-local-server-swifter - Versions diffs - 0.0.19 → 0.0.21 - Mend

@cappitolian/http-local-server-swifter 0.0.19 → 0.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/ios/Sources/HttpLocalServerSwifterPlugin/LocalNetworkPermission.swift CHANGED Viewed

@@ -6,13 +6,19 @@ import UIKit
 ///
 /// IMPORTANT: iOS Local Network permission does NOT block TCP sockets.
 /// It only blocks mDNS/Bonjour service discovery. This means Swifter's
-/// server.start() will always succeed regardless of permission status.
+/// server.start() will always succeed regardless of permission status —
+/// the denial is only detectable via Bonjour/mDNS probes.
 ///
-/// Detection strategy:
-///   - Trigger the system dialog by starting a NWBrowser.
-///   - Listen to the browser's state change callback to detect denial.
-///   - Surface the result via a completion handler so the plugin can
-///     reject the Capacitor call with LOCAL_NETWORK_PERMISSION_DENIED.
+/// Detection strategy (dual-probe):
+///   1. NWBrowser with the app's registered Bonjour service type (_ssspos._tcp).
+///      This is the authoritative source — if Bonjour is denied, the local
+///      network permission is denied. The service type MUST match NSBonjourServices
+///      in Info.plist, otherwise iOS returns NoAuth even when permission is granted.
+///   2. UDP probe to 224.0.0.251:5353 (mDNS multicast) as a secondary signal
+///      to trigger the system dialog on first launch.
+///
+///   The first probe that resolves wins. If both time out, we assume .unknown
+///   and allow the server to start (covers simulator and edge cases).
 @objc public class LocalNetworkPermission: NSObject {
     // MARK: - Types
@@ -23,78 +29,109 @@ import UIKit
         case unknown
     }
+    // MARK: - Constants
+    /// Must match the NSBonjourServices entry in Info.plist exactly.
+    /// NWBrowser will return NoAuth(-65555) for any type NOT listed there,
+    /// even when the user has granted Local Network permission.
+    private static let bonjourServiceType = "_ssspos._tcp"
     // MARK: - Private state
     private var browser: NWBrowser?
+    private var udpConnection: NWConnection?
     // MARK: - Permission check
-    /// Triggers the Local Network permission dialog and returns the result
-    /// asynchronously via the completion handler.
+    /// Checks Local Network permission using a dual-probe approach.
     ///
-    /// - Parameter completion: Called on the main thread with the permission status.
-    ///   Will be called with `.granted` or `.denied` once iOS responds,
-    ///   or `.unknown` if the result could not be determined within the timeout.
+    /// - Parameter completion: Called on the main thread with the result.
+    ///   `.granted` / `.denied` once a probe resolves, or `.unknown` on timeout.
     ///
-    /// - Note: iOS shows the dialog only once. On subsequent calls this method
-    ///   will return the previously stored decision immediately (no dialog shown).
+    /// - Note: iOS shows the permission dialog only once. On subsequent calls
+    ///   the OS returns the cached decision immediately without showing a dialog.
     public func checkPermission(completion: @escaping (PermissionStatus) -> Void) {
+        var completed = false
+        let finish: (PermissionStatus) -> Void = { [weak self] status in
+            guard !completed else { return }
+            completed = true
+            self?.browser?.cancel()
+            self?.browser = nil
+            self?.udpConnection?.cancel()
+            self?.udpConnection = nil
+            DispatchQueue.main.async { completion(status) }
+        }
+        // Timeout fallback — if neither probe resolves, allow startup.
+        // Covers: simulator, already-granted permission where iOS skips the callback.
+        let timeout = DispatchWorkItem { finish(.unknown) }
+        DispatchQueue.main.asyncAfter(deadline: .now() + 3.0, execute: timeout)
+        // --- Probe 1: NWBrowser (authoritative for permission status) ---
+        // Uses the app's registered Bonjour type so iOS evaluates the real permission.
+        // .failed with PolicyDenied/NoAuth = denied. .ready = granted.
         let parameters = NWParameters()
         parameters.includePeerToPeer = true
         let browser = NWBrowser(
-            for: .bonjour(type: "_http._tcp", domain: "local."),
+            for: .bonjour(type: Self.bonjourServiceType, domain: "local."),
             using: parameters
         )
         self.browser = browser
-        // Timeout fallback — if iOS doesn't respond in 3 seconds, assume unknown
-        // (e.g. on simulator or when the user has already granted permission)
-        var completed = false
-        let timeout = DispatchWorkItem {
-            guard !completed else { return }
-            completed = true
-            browser.cancel()
-            DispatchQueue.main.async { completion(.unknown) }
-        }
-        DispatchQueue.main.asyncAfter(deadline: .now() + 3.0, execute: timeout)
         browser.stateUpdateHandler = { state in
-            guard !completed else { return }
             switch state {
             case .ready:
-                // Browser started successfully — permission is granted
-                completed = true
                 timeout.cancel()
-                browser.cancel()
-                DispatchQueue.main.async { completion(.granted) }
+                finish(.granted)
             case .failed(let error):
-                // Check for policy denial errors:
-                //   kDNSServiceErr_PolicyDenied = -65570
-                //   kDNSServiceErr_NoAuth       = -65555
-                let nsError = error as NSError
-                let isDenied = nsError.code == -65570
-                    || nsError.code == -65555
-                    || error.localizedDescription.lowercased().contains("policy")
-                completed = true
-                timeout.cancel()
-                browser.cancel()
-                DispatchQueue.main.async {
-                    completion(isDenied ? .denied : .unknown)
+                if Self.isPolicyDenied(error) {
+                    timeout.cancel()
+                    finish(.denied)
+                } else {
+                    // Non-policy failure (e.g. no Wi-Fi) — let UDP probe or timeout decide
+                    print("⚠️ LocalNetworkPermission: NWBrowser failed (non-policy): \(error)")
                 }
             case .cancelled:
-                break // Expected when we cancel it ourselves
+                break
             default:
-                break // .setup, .waiting — keep waiting
+                break
             }
         }
         browser.start(queue: .main)
+        // --- Probe 2: UDP mDNS multicast (dialog trigger + secondary signal) ---
+        // Sending to 224.0.0.251:5353 triggers the system dialog on first launch.
+        // Also catches policy denials that surface at the UDP layer.
+        let host = NWEndpoint.Host("224.0.0.251")
+        let port = NWEndpoint.Port(rawValue: 5353)!
+        let conn = NWConnection(host: host, port: port, using: .udp)
+        self.udpConnection = conn
+        conn.stateUpdateHandler = { state in
+            switch state {
+            case .waiting(let error):
+                if Self.isPolicyDenied(error) {
+                    timeout.cancel()
+                    finish(.denied)
+                }
+                // Other .waiting errors (no route, offline) are transient — ignore
+            case .failed(let error):
+                if Self.isPolicyDenied(error) {
+                    timeout.cancel()
+                    finish(.denied)
+                }
+                // Non-policy UDP failure — let NWBrowser or timeout decide
+            case .cancelled:
+                break
+            default:
+                break
+                // Note: UDP .ready does NOT confirm permission — we rely on NWBrowser for that.
+                // A UDP socket can reach .ready even when Bonjour is blocked.
+            }
+        }
+        conn.start(queue: .main)
     }
     // MARK: - Recovery
@@ -111,4 +148,19 @@ import UIKit
             UIApplication.shared.open(url)
         }
     }
+    // MARK: - Private helpers
+    /// Returns true if the NWError indicates a Local Network policy denial.
+    ///
+    /// Known denial codes:
+    ///   kDNSServiceErr_PolicyDenied = -65570
+    ///   kDNSServiceErr_NoAuth       = -65555
+    private static func isPolicyDenied(_ error: NWError) -> Bool {
+        let nsError = error as NSError
+        if nsError.code == -65570 || nsError.code == -65555 { return true }
+        let desc = error.localizedDescription.lowercased()
+        return desc.contains("policy") || desc.contains("denied") || desc.contains("noauth")
+    }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cappitolian/http-local-server-swifter",
-  "version": "0.0.19",
+  "version": "0.0.21",
   "description": "Runs a local HTTP server on your device, accessible over LAN. Supports connect, disconnect, GET, and POST methods with IP and port discovery.",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",