@cappitolian/http-local-server-swifter 0.0.22 → 0.0.24

package/ios/Sources/HttpLocalServerSwifterPlugin/LocalNetworkPermission.swift

@@ -6,19 +6,13 @@ import UIKit
 ///
 /// IMPORTANT: iOS Local Network permission does NOT block TCP sockets.
 /// It only blocks mDNS/Bonjour service discovery. This means Swifter's
-/// server.start() will always succeed regardless of permission status —
-/// the denial is only detectable via Bonjour/mDNS probes.
+/// server.start() will always succeed regardless of permission status.
 ///
-/// Detection strategy (dual-probe):
-///   1. NWBrowser with the app's registered Bonjour service type (_ssspos._tcp).
-///      This is the authoritative source — if Bonjour is denied, the local
-///      network permission is denied. The service type MUST match NSBonjourServices
-///      in Info.plist, otherwise iOS returns NoAuth even when permission is granted.
-///   2. UDP probe to 224.0.0.251:5353 (mDNS multicast) as a secondary signal
-///      to trigger the system dialog on first launch.
-///
-///   The first probe that resolves wins. If both time out, we assume .unknown
-///   and allow the server to start (covers simulator and edge cases).
+/// Detection strategy — NWListener with serviceRegistrationUpdateHandler:
+///   The PolicyDenied error for a revoked Local Network permission surfaces
+///   in NWListener.serviceRegistrationUpdateHandler, not in stateUpdateHandler.
+///   A connection handler must also be set or NWListener fails with error 22
+///   before iOS even evaluates the permission.
 @objc public class LocalNetworkPermission: NSObject {
 
     // MARK: - Types
@@ -32,128 +26,112 @@ import UIKit
     // MARK: - Constants
 
     /// Must match the NSBonjourServices entry in Info.plist exactly.
-    /// NWBrowser will return NoAuth(-65555) for any type NOT listed there,
-    /// even when the user has granted Local Network permission.
     private static let bonjourServiceType = "_ssspos._tcp"
 
     // MARK: - Private state
 
-    private var browser: NWBrowser?
-    private var udpConnection: NWConnection?
+    private var listener: NWListener?
 
     // MARK: - Permission check
 
-    /// Checks Local Network permission using a dual-probe approach.
+    /// Checks Local Network permission by advertising a Bonjour service via NWListener.
     ///
-    /// - Parameter completion: Called on the main thread with the result.
-    ///   `.granted` / `.denied` once a probe resolves, or `.unknown` on timeout.
+    /// The permission denial for a revoked permission surfaces in
+    /// serviceRegistrationUpdateHandler — not in stateUpdateHandler.
+    /// A dummy connection handler is required to prevent error 22 (Invalid argument).
     ///
-    /// - Note: iOS shows the permission dialog only once. On subsequent calls
-    ///   the OS returns the cached decision immediately without showing a dialog.
+    /// - Parameter completion: Called on the main thread with the permission status.
     public func checkPermission(completion: @escaping (PermissionStatus) -> Void) {
         var completed = false
 
         let finish: (PermissionStatus) -> Void = { [weak self] status in
             guard !completed else { return }
             completed = true
-            self?.browser?.cancel()
-            self?.browser = nil
-            self?.udpConnection?.cancel()
-            self?.udpConnection = nil
-            DispatchQueue.main.async { completion(status) }
+            self?.listener?.cancel()
+            self?.listener = nil
+            DispatchQueue.main.async {
+                print("✅ LocalNetworkPermission resolved: \(status)")
+                completion(status)
+            }
         }
 
-        // Timeout fallback — if neither probe resolves, allow startup.
-        // Covers: simulator, already-granted permission where iOS skips the callback.
-        // 6s gives iOS enough time to evaluate a previously-revoked permission,
-        // which can take longer than a first-time denial.
         let timeout = DispatchWorkItem {
-            print("⚠️ LocalNetworkPermission: timeout reached — resolving as .unknown")
+            print("⚠️ LocalNetworkPermission: timeout — resolving as .unknown")
             finish(.unknown)
         }
-        DispatchQueue.main.asyncAfter(deadline: .now() + 6.0, execute: timeout)
-
-        // --- Probe 1: NWBrowser (authoritative for permission status) ---
-        // Uses the app's registered Bonjour type so iOS evaluates the real permission.
-        // .failed with PolicyDenied/NoAuth = denied. .ready = granted.
-        let parameters = NWParameters()
-        parameters.includePeerToPeer = true
-
-        let browser = NWBrowser(
-            for: .bonjour(type: Self.bonjourServiceType, domain: "local."),
-            using: parameters
-        )
-        self.browser = browser
-
-        browser.stateUpdateHandler = { state in
-            print("🔍 LocalNetworkPermission NWBrowser state: \(state)")
-            switch state {
-            case .ready:
+        DispatchQueue.main.asyncAfter(deadline: .now() + 5.0, execute: timeout)
+
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+
+        guard let listener = try? NWListener(using: params) else {
+            print("⚠️ LocalNetworkPermission: could not create NWListener")
+            timeout.cancel()
+            finish(.unknown)
+            return
+        }
+
+        listener.service = NWListener.Service(type: Self.bonjourServiceType)
+        self.listener = listener
+
+        // Required: NWListener fails with error 22 (Invalid argument) if no
+        // connection handler is set. This dummy handler satisfies the requirement.
+        listener.newConnectionHandler = { connection in
+            connection.cancel()
+        }
+
+        // This is where iOS reports PolicyDenied for a revoked Local Network permission.
+        // stateUpdateHandler only reports generic listener errors, not Bonjour policy errors.
+        listener.serviceRegistrationUpdateHandler = { change in
+            print("🔍 LocalNetworkPermission serviceRegistration: \(change)")
+            switch change {
+            case .add:
+                // Service registered successfully — permission is granted.
                 timeout.cancel()
                 finish(.granted)
-            case .failed(let error):
-                print("🔍 LocalNetworkPermission NWBrowser error code: \((error as NSError).code) — \(error.localizedDescription)")
-                if Self.isPolicyDenied(error) {
-                    timeout.cancel()
-                    finish(.denied)
-                } else {
-                    // Non-policy failure (e.g. no Wi-Fi) — let UDP probe or timeout decide
-                    print("⚠️ LocalNetworkPermission: NWBrowser failed (non-policy): \(error)")
-                }
-            case .cancelled:
-                break
-            default:
+
+            case .remove:
+                // Service was removed. On permission denial this fires immediately
+                // after the _NWAdvertiser PolicyDenied error in the system logs.
+                // We treat an immediate remove (before .add) as denied.
+                timeout.cancel()
+                finish(.denied)
+
+            @unknown default:
                 break
             }
         }
-        browser.start(queue: .main)
-
-        // --- Probe 2: UDP mDNS multicast (dialog trigger + secondary signal) ---
-        // Sending to 224.0.0.251:5353 triggers the system dialog on first launch.
-        // Also catches policy denials that surface at the UDP layer.
-        let host = NWEndpoint.Host("224.0.0.251")
-        let port = NWEndpoint.Port(rawValue: 5353)!
-        let conn = NWConnection(host: host, port: port, using: .udp)
-        self.udpConnection = conn
-
-        conn.stateUpdateHandler = { state in
-            print("🔍 LocalNetworkPermission UDP state: \(state)")
+
+        // stateUpdateHandler still needed to catch non-permission listener failures.
+        listener.stateUpdateHandler = { state in
+            print("🔍 LocalNetworkPermission NWListener state: \(state)")
             switch state {
-            case .waiting(let error):
-                print("🔍 LocalNetworkPermission UDP waiting error code: \((error as NSError).code) — \(error.localizedDescription)")
-                if Self.isPolicyDenied(error) {
-                    timeout.cancel()
-                    finish(.denied)
-                }
-                // Other .waiting errors (no route, offline) are transient — ignore
             case .failed(let error):
-                print("🔍 LocalNetworkPermission UDP failed error code: \((error as NSError).code) — \(error.localizedDescription)")
-                if Self.isPolicyDenied(error) {
-                    timeout.cancel()
-                    finish(.denied)
-                }
-                // Non-policy UDP failure — let NWBrowser or timeout decide
+                let code = (error as NSError).code
+                print("🔍 LocalNetworkPermission NWListener error: \(code) — \(error.localizedDescription)")
+                // Only treat explicit policy errors as denied; other failures are unknown.
+                timeout.cancel()
+                finish(Self.isPolicyDenied(error) ? .denied : .unknown)
+
             case .cancelled:
                 break
+
             default:
                 break
-                // Note: UDP .ready does NOT confirm permission — we rely on NWBrowser for that.
-                // A UDP socket can reach .ready even when Bonjour is blocked.
             }
         }
-        conn.start(queue: .main)
+
+        listener.start(queue: .main)
     }
 
     // MARK: - Recovery
 
     /// Opens the app's page in iOS Settings so the user can manually grant Local Network access.
     ///
-    /// - Note: This is the only recovery path available after the user denies the permission.
-    /// - Warning: On iOS 17, the user may need to restart the device after granting
-    ///   the permission for it to take effect. This is a known iOS 17 bug.
+    /// - Note: This is the only recovery path after denial — iOS cannot re-prompt.
+    /// - Warning: On iOS 17, a device restart may be needed after granting the permission.
     public func openAppSettings() {
         guard let url = URL(string: UIApplication.openSettingsURLString) else { return }
-
         DispatchQueue.main.async {
             UIApplication.shared.open(url)
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cappitolian/http-local-server-swifter",
-  "version": "0.0.22",
+  "version": "0.0.24",
   "description": "Runs a local HTTP server on your device, accessible over LAN. Supports connect, disconnect, GET, and POST methods with IP and port discovery.",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",