npm - @cappitolian/http-local-server-swifter - Versions diffs - 0.0.20 → 0.0.21 - Mend

@cappitolian/http-local-server-swifter 0.0.20 → 0.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/ios/Sources/HttpLocalServerSwifterPlugin/LocalNetworkPermission.swift CHANGED Viewed

@@ -6,15 +6,19 @@ import UIKit
 ///
 /// IMPORTANT: iOS Local Network permission does NOT block TCP sockets.
 /// It only blocks mDNS/Bonjour service discovery. This means Swifter's
-/// server.start() will always succeed regardless of permission status.
+/// server.start() will always succeed regardless of permission status —
+/// the denial is only detectable via Bonjour/mDNS probes.
 ///
-/// Detection strategy:
-///   - Send a UDP probe to the mDNS multicast address (224.0.0.251:5353).
-///   - This triggers the system permission dialog without requiring any
-///     NSBonjourServices entry in Info.plist.
-///   - NWBrowser was avoided because it requires the browsed service type
-///     to be declared in NSBonjourServices, causing false NoAuth(-65555)
-///     failures even when the permission is actually granted.
+/// Detection strategy (dual-probe):
+///   1. NWBrowser with the app's registered Bonjour service type (_ssspos._tcp).
+///      This is the authoritative source — if Bonjour is denied, the local
+///      network permission is denied. The service type MUST match NSBonjourServices
+///      in Info.plist, otherwise iOS returns NoAuth even when permission is granted.
+///   2. UDP probe to 224.0.0.251:5353 (mDNS multicast) as a secondary signal
+///      to trigger the system dialog on first launch.
+///
+///   The first probe that resolves wins. If both time out, we assume .unknown
+///   and allow the server to start (covers simulator and edge cases).
 @objc public class LocalNetworkPermission: NSObject {
     // MARK: - Types
@@ -25,84 +29,108 @@ import UIKit
         case unknown
     }
+    // MARK: - Constants
+    /// Must match the NSBonjourServices entry in Info.plist exactly.
+    /// NWBrowser will return NoAuth(-65555) for any type NOT listed there,
+    /// even when the user has granted Local Network permission.
+    private static let bonjourServiceType = "_ssspos._tcp"
     // MARK: - Private state
-    private var connection: NWConnection?
+    private var browser: NWBrowser?
+    private var udpConnection: NWConnection?
     // MARK: - Permission check
-    /// Probes the local network to trigger the permission dialog and detect the result.
+    /// Checks Local Network permission using a dual-probe approach.
     ///
-    /// Sends a UDP packet to the mDNS multicast address. iOS intercepts this at the
-    /// network layer and either allows it (granted) or blocks it with a policy error (denied).
+    /// - Parameter completion: Called on the main thread with the result.
+    ///   `.granted` / `.denied` once a probe resolves, or `.unknown` on timeout.
     ///
-    /// - Parameter completion: Called on the main thread with the permission status.
-    ///   `.granted` / `.denied` once iOS responds, or `.unknown` on timeout
-    ///   (simulator, permission already granted and cached by the OS, etc.).
-    ///
-    /// - Note: iOS shows the dialog only once. Subsequent calls return the cached decision.
+    /// - Note: iOS shows the permission dialog only once. On subsequent calls
+    ///   the OS returns the cached decision immediately without showing a dialog.
     public func checkPermission(completion: @escaping (PermissionStatus) -> Void) {
-        // mDNS multicast address — probing this triggers the Local Network permission dialog.
-        // This approach does NOT require NSBonjourServices in Info.plist.
-        let host = NWEndpoint.Host("224.0.0.251")
-        let port = NWEndpoint.Port(rawValue: 5353)!
-        let conn = NWConnection(host: host, port: port, using: .udp)
-        self.connection = conn
         var completed = false
-        // Timeout fallback — treat unresolved state as unknown and allow server startup.
-        // This covers: simulator, permission already granted (OS may skip the callback),
-        // and edge cases where iOS doesn't fire stateUpdateHandler promptly.
-        let timeout = DispatchWorkItem { [weak self] in
+        let finish: (PermissionStatus) -> Void = { [weak self] status in
             guard !completed else { return }
             completed = true
-            self?.connection?.cancel()
-            self?.connection = nil
-            DispatchQueue.main.async { completion(.unknown) }
+            self?.browser?.cancel()
+            self?.browser = nil
+            self?.udpConnection?.cancel()
+            self?.udpConnection = nil
+            DispatchQueue.main.async { completion(status) }
         }
+        // Timeout fallback — if neither probe resolves, allow startup.
+        // Covers: simulator, already-granted permission where iOS skips the callback.
+        let timeout = DispatchWorkItem { finish(.unknown) }
         DispatchQueue.main.asyncAfter(deadline: .now() + 3.0, execute: timeout)
-        conn.stateUpdateHandler = { [weak self] state in
-            guard !completed else { return }
+        // --- Probe 1: NWBrowser (authoritative for permission status) ---
+        // Uses the app's registered Bonjour type so iOS evaluates the real permission.
+        // .failed with PolicyDenied/NoAuth = denied. .ready = granted.
+        let parameters = NWParameters()
+        parameters.includePeerToPeer = true
+        let browser = NWBrowser(
+            for: .bonjour(type: Self.bonjourServiceType, domain: "local."),
+            using: parameters
+        )
+        self.browser = browser
+        browser.stateUpdateHandler = { state in
             switch state {
             case .ready:
-                // UDP connection reached the network layer — permission is granted.
-                completed = true
                 timeout.cancel()
-                self?.connection?.cancel()
-                self?.connection = nil
-                DispatchQueue.main.async { completion(.granted) }
+                finish(.granted)
+            case .failed(let error):
+                if Self.isPolicyDenied(error) {
+                    timeout.cancel()
+                    finish(.denied)
+                } else {
+                    // Non-policy failure (e.g. no Wi-Fi) — let UDP probe or timeout decide
+                    print("⚠️ LocalNetworkPermission: NWBrowser failed (non-policy): \(error)")
+                }
+            case .cancelled:
+                break
+            default:
+                break
+            }
+        }
+        browser.start(queue: .main)
+        // --- Probe 2: UDP mDNS multicast (dialog trigger + secondary signal) ---
+        // Sending to 224.0.0.251:5353 triggers the system dialog on first launch.
+        // Also catches policy denials that surface at the UDP layer.
+        let host = NWEndpoint.Host("224.0.0.251")
+        let port = NWEndpoint.Port(rawValue: 5353)!
+        let conn = NWConnection(host: host, port: port, using: .udp)
+        self.udpConnection = conn
+        conn.stateUpdateHandler = { state in
+            switch state {
             case .waiting(let error):
-                // .waiting with a policy error = permission denied.
-                // Other .waiting errors (no route, offline) are transient — keep waiting.
                 if Self.isPolicyDenied(error) {
-                    completed = true
                     timeout.cancel()
-                    self?.connection?.cancel()
-                    self?.connection = nil
-                    DispatchQueue.main.async { completion(.denied) }
+                    finish(.denied)
                 }
+                // Other .waiting errors (no route, offline) are transient — ignore
             case .failed(let error):
-                let status: PermissionStatus = Self.isPolicyDenied(error) ? .denied : .unknown
-                completed = true
-                timeout.cancel()
-                self?.connection?.cancel()
-                self?.connection = nil
-                DispatchQueue.main.async { completion(status) }
+                if Self.isPolicyDenied(error) {
+                    timeout.cancel()
+                    finish(.denied)
+                }
+                // Non-policy UDP failure — let NWBrowser or timeout decide
             case .cancelled:
-                break // Expected — we cancelled it ourselves above
+                break
             default:
-                break // .setup, .preparing — keep waiting
+                break
+                // Note: UDP .ready does NOT confirm permission — we rely on NWBrowser for that.
+                // A UDP socket can reach .ready even when Bonjour is blocked.
             }
         }
         conn.start(queue: .main)
     }
@@ -125,9 +153,9 @@ import UIKit
     /// Returns true if the NWError indicates a Local Network policy denial.
     ///
-    /// Known denial error codes:
-    ///   - kDNSServiceErr_PolicyDenied = -65570
-    ///   - kDNSServiceErr_NoAuth       = -65555
+    /// Known denial codes:
+    ///   kDNSServiceErr_PolicyDenied = -65570
+    ///   kDNSServiceErr_NoAuth       = -65555
     private static func isPolicyDenied(_ error: NWError) -> Bool {
         let nsError = error as NSError
         if nsError.code == -65570 || nsError.code == -65555 { return true }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cappitolian/http-local-server-swifter",
-  "version": "0.0.20",
+  "version": "0.0.21",
   "description": "Runs a local HTTP server on your device, accessible over LAN. Supports connect, disconnect, GET, and POST methods with IP and port discovery.",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",