@cappitolian/http-local-server-swifter 0.0.22 → 0.0.23

package/ios/Sources/HttpLocalServerSwifterPlugin/LocalNetworkPermission.swift

@@ -6,19 +6,14 @@ import UIKit
 ///
 /// IMPORTANT: iOS Local Network permission does NOT block TCP sockets.
 /// It only blocks mDNS/Bonjour service discovery. This means Swifter's
-/// server.start() will always succeed regardless of permission status —
-/// the denial is only detectable via Bonjour/mDNS probes.
+/// server.start() will always succeed regardless of permission status.
 ///
-/// Detection strategy (dual-probe):
-///   1. NWBrowser with the app's registered Bonjour service type (_ssspos._tcp).
-///      This is the authoritative source — if Bonjour is denied, the local
-///      network permission is denied. The service type MUST match NSBonjourServices
-///      in Info.plist, otherwise iOS returns NoAuth even when permission is granted.
-///   2. UDP probe to 224.0.0.251:5353 (mDNS multicast) as a secondary signal
-///      to trigger the system dialog on first launch.
+/// Detection strategy — NWListener with Bonjour advertising:
+///   NWBrowser returns .ready even when permission is revoked (iOS bug).
+///   NWListener advertising a Bonjour service correctly fails with PolicyDenied
+///   when Local Network permission is OFF, including previously-revoked cases.
 ///
-///   The first probe that resolves wins. If both time out, we assume .unknown
-///   and allow the server to start (covers simulator and edge cases).
+///   The service type MUST match NSBonjourServices in Info.plist exactly.
 @objc public class LocalNetworkPermission: NSObject {
 
     // MARK: - Types
@@ -32,116 +27,97 @@ import UIKit
     // MARK: - Constants
 
     /// Must match the NSBonjourServices entry in Info.plist exactly.
-    /// NWBrowser will return NoAuth(-65555) for any type NOT listed there,
-    /// even when the user has granted Local Network permission.
     private static let bonjourServiceType = "_ssspos._tcp"
 
     // MARK: - Private state
 
-    private var browser: NWBrowser?
-    private var udpConnection: NWConnection?
+    private var listener: NWListener?
 
     // MARK: - Permission check
 
-    /// Checks Local Network permission using a dual-probe approach.
+    /// Checks Local Network permission by advertising a Bonjour service via NWListener.
     ///
-    /// - Parameter completion: Called on the main thread with the result.
-    ///   `.granted` / `.denied` once a probe resolves, or `.unknown` on timeout.
+    /// NWListener is the only iOS API that correctly detects a revoked Local Network
+    /// permission. NWBrowser incorrectly returns .ready in that case (iOS bug).
     ///
-    /// - Note: iOS shows the permission dialog only once. On subsequent calls
-    ///   the OS returns the cached decision immediately without showing a dialog.
+    /// - Parameter completion: Called on the main thread with the permission status.
+    ///   `.granted` / `.denied` once iOS responds, or `.unknown` on timeout.
+    ///
+    /// - Note: iOS shows the system dialog only on the first call. Subsequent calls
+    ///   return the cached decision immediately without prompting the user.
     public func checkPermission(completion: @escaping (PermissionStatus) -> Void) {
         var completed = false
 
         let finish: (PermissionStatus) -> Void = { [weak self] status in
             guard !completed else { return }
             completed = true
-            self?.browser?.cancel()
-            self?.browser = nil
-            self?.udpConnection?.cancel()
-            self?.udpConnection = nil
-            DispatchQueue.main.async { completion(status) }
+            self?.listener?.cancel()
+            self?.listener = nil
+            DispatchQueue.main.async {
+                print("✅ LocalNetworkPermission resolved: \(status)")
+                completion(status)
+            }
         }
 
-        // Timeout fallback — if neither probe resolves, allow startup.
-        // Covers: simulator, already-granted permission where iOS skips the callback.
-        // 6s gives iOS enough time to evaluate a previously-revoked permission,
-        // which can take longer than a first-time denial.
+        // Timeout fallback — allow startup if iOS never calls the state handler.
+        // Covers: simulator, and rare edge cases where the OS skips the callback.
         let timeout = DispatchWorkItem {
-            print("⚠️ LocalNetworkPermission: timeout reached — resolving as .unknown")
+            print("⚠️ LocalNetworkPermission: timeout — resolving as .unknown")
             finish(.unknown)
         }
-        DispatchQueue.main.asyncAfter(deadline: .now() + 6.0, execute: timeout)
-
-        // --- Probe 1: NWBrowser (authoritative for permission status) ---
-        // Uses the app's registered Bonjour type so iOS evaluates the real permission.
-        // .failed with PolicyDenied/NoAuth = denied. .ready = granted.
-        let parameters = NWParameters()
-        parameters.includePeerToPeer = true
-
-        let browser = NWBrowser(
-            for: .bonjour(type: Self.bonjourServiceType, domain: "local."),
-            using: parameters
-        )
-        self.browser = browser
-
-        browser.stateUpdateHandler = { state in
-            print("🔍 LocalNetworkPermission NWBrowser state: \(state)")
+        DispatchQueue.main.asyncAfter(deadline: .now() + 5.0, execute: timeout)
+
+        // Create a TCP listener and advertise it as a Bonjour service.
+        // iOS evaluates the Local Network permission at advertisement time,
+        // not at socket bind time — which is why server.start() always succeeds.
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+
+        guard let listener = try? NWListener(using: params) else {
+            print("⚠️ LocalNetworkPermission: could not create NWListener — resolving as .unknown")
+            timeout.cancel()
+            finish(.unknown)
+            return
+        }
+
+        // Advertising this service type triggers the system dialog on first launch
+        // and also immediately returns PolicyDenied when permission is revoked.
+        listener.service = NWListener.Service(type: Self.bonjourServiceType)
+        self.listener = listener
+
+        listener.stateUpdateHandler = { state in
+            print("🔍 LocalNetworkPermission NWListener state: \(state)")
             switch state {
             case .ready:
+                // Bonjour advertisement succeeded — permission is granted.
                 timeout.cancel()
                 finish(.granted)
+
             case .failed(let error):
-                print("🔍 LocalNetworkPermission NWBrowser error code: \((error as NSError).code) — \(error.localizedDescription)")
+                let code = (error as NSError).code
+                print("🔍 LocalNetworkPermission NWListener error code: \(code) — \(error.localizedDescription)")
+
                 if Self.isPolicyDenied(error) {
+                    // PolicyDenied or NoAuth — user has denied Local Network permission.
                     timeout.cancel()
                     finish(.denied)
                 } else {
-                    // Non-policy failure (e.g. no Wi-Fi) — let UDP probe or timeout decide
-                    print("⚠️ LocalNetworkPermission: NWBrowser failed (non-policy): \(error)")
-                }
-            case .cancelled:
-                break
-            default:
-                break
-            }
-        }
-        browser.start(queue: .main)
-
-        // --- Probe 2: UDP mDNS multicast (dialog trigger + secondary signal) ---
-        // Sending to 224.0.0.251:5353 triggers the system dialog on first launch.
-        // Also catches policy denials that surface at the UDP layer.
-        let host = NWEndpoint.Host("224.0.0.251")
-        let port = NWEndpoint.Port(rawValue: 5353)!
-        let conn = NWConnection(host: host, port: port, using: .udp)
-        self.udpConnection = conn
-
-        conn.stateUpdateHandler = { state in
-            print("🔍 LocalNetworkPermission UDP state: \(state)")
-            switch state {
-            case .waiting(let error):
-                print("🔍 LocalNetworkPermission UDP waiting error code: \((error as NSError).code) — \(error.localizedDescription)")
-                if Self.isPolicyDenied(error) {
+                    // Port conflict or other non-permission error — treat as unknown
+                    // and allow the server to start rather than blocking the user.
+                    print("⚠️ LocalNetworkPermission: NWListener failed (non-policy): \(error)")
                     timeout.cancel()
-                    finish(.denied)
+                    finish(.unknown)
                 }
-                // Other .waiting errors (no route, offline) are transient — ignore
-            case .failed(let error):
-                print("🔍 LocalNetworkPermission UDP failed error code: \((error as NSError).code) — \(error.localizedDescription)")
-                if Self.isPolicyDenied(error) {
-                    timeout.cancel()
-                    finish(.denied)
-                }
-                // Non-policy UDP failure — let NWBrowser or timeout decide
+
             case .cancelled:
-                break
+                break // Expected — we cancelled it ourselves in finish()
+
             default:
-                break
-                // Note: UDP .ready does NOT confirm permission — we rely on NWBrowser for that.
-                // A UDP socket can reach .ready even when Bonjour is blocked.
+                break // .setup, .waiting — keep waiting
             }
         }
-        conn.start(queue: .main)
+
+        listener.start(queue: .main)
     }
 
     // MARK: - Recovery

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cappitolian/http-local-server-swifter",
-  "version": "0.0.22",
+  "version": "0.0.23",
   "description": "Runs a local HTTP server on your device, accessible over LAN. Supports connect, disconnect, GET, and POST methods with IP and port discovery.",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",