anlicheng/punchnet-macos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: anlicheng:quic_mst
Branches Tags
anlicheng:main
anlicheng:quic_mst
anlicheng:202601_v2_mst
anlicheng:actor_mst
anlicheng:async_mst
..
compare: anlicheng:main
Branches Tags
anlicheng:quic_mst
anlicheng:202601_v2_mst
anlicheng:main
anlicheng:actor_mst
anlicheng:async_mst

No commits in common. "quic_mst" and "main" have entirely different histories.
quic_mst ... main

111 changed files with 3441 additions and 11584 deletions
Show Stats Expand all files Collapse all files

65
Tun/NetworkInterface.swift
View File

@ -14,7 +14,6 @@
// //
import Foundation import Foundation
import Network
public struct NetworkInterface { public struct NetworkInterface {
public let name: String public let name: String
@ -73,68 +72,4 @@ public struct NetworkInterfaceManager {
return interfaces return interfaces
} }
// IPv6
public static func getPublicIPv6Address() -> String? {
return self.getPublicIPv6Interface()?.ip
}
// IPv6
public static func getPublicIPv6Interface() -> NetworkInterface? {
let interfaces = self.getInterfaces()
return interfaces.first { interface in
!interface.name.hasPrefix("utun")
&& self.isPublicIPv6(interface.ip)
}
}
/// IPv6 IPv6
public static func isPublicIPv6(_ ipString: String) -> Bool {
let normalizedIp = String(ipString.split(separator: "%", maxSplits: 1, omittingEmptySubsequences: false).first ?? "")
guard let ipv6 = IPv6Address(normalizedIp) else {
return false
}
return self.isPublicIPv6(ipv6.rawValue)
}
/// 16 IPv6 IPv6
public static func isPublicIPv6(_ raw: Data) -> Bool {
guard raw.count == 16 else {
return false
}
let bytes = [UInt8](raw)
// 1. unspecified ::
if bytes.allSatisfy({ $0 == 0 }) {
return false
}
// 2. loopback ::1
if bytes.dropLast().allSatisfy({ $0 == 0 }) && bytes[15] == 1 {
return false
}
// 3. multicast ff00::/8
if bytes[0] == 0xFF {
return false
}
// 4. link-local fe80::/10
// 0xFE 10
if bytes[0] == 0xFE && (bytes[1] & 0xC0) == 0x80 {
return false
}
// 5. ULA fc00::/7
// 7 1111110
if (bytes[0] & 0xFE) == 0xFC {
return false
}
// 6. 2000::/3
// 3 001
return (bytes[0] & 0xE0) == 0x20
}
} }

187
Tun/PacketTunnelProvider.swift
View File

@ -5,72 +5,107 @@
// Created by on 2025/8/3. // Created by on 2025/8/3.
// //
//
// PacketTunnelProvider.swift
// Tun
//
// Created by on 2024/1/17.
//
import NetworkExtension import NetworkExtension
enum TunnelError: Error {
case invalidConfiguration
case invalidContext
}
class PacketTunnelProvider: NEPacketTunnelProvider { class PacketTunnelProvider: NEPacketTunnelProvider {
var contextActor: SDLContextActor? var context: SDLContext?
private var rootTask: Task<Void, Error>? private var rootTask: Task<Void, Error>?
override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) { override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
// // host: "192.168.0.101", port: 1265
SDLTunnelAppNotifier.shared.clear() guard let options else {
return
}
// //
guard self.contextActor == nil else { guard self.context == nil else {
completionHandler(TunnelError.invalidContext)
return return
} }
// let token = options["token"] as! String
let installed_channel = options["installed_channel"] as! String
let superIp = options["super_ip"] as! String
let superPort = options["super_port"] as! Int
let stunServersStr = options["stun_servers"] as! String
let noticePort = options["notice_port"] as! Int
let token = options["token"] as! String
let networkCode = options["network_code"] as! String
let clientId = options["client_id"] as! String
let remoteDnsServer = options["remote_dns_server"] as! String
let hostname = options["hostname"] as! String
let stunServers = stunServersStr.split(separator: ";").compactMap { server -> SDLConfiguration.StunServer? in
let parts = server.split(separator: ":", maxSplits: 2)
guard parts.count == 2 else {
return nil
}
let ports = parts[1].split(separator: ",", maxSplits: 2)
guard ports.count == 2, let port1 = Int(String(ports[0])), let port2 = Int(String(ports[1])) else {
return nil
}
return .init(host: String(parts[0]), ports: [port1, port2])
}
guard stunServers.count >= 2 else {
NSLog("stunServers配置错误")
return
}
NSLog("[PacketTunnelProvider] client_id: \(clientId), token: \(token), network_code: \(networkCode)")
let config = SDLConfiguration(version: 1,
installedChannel: installed_channel,
superHost: superIp,
superPort: superPort,
stunServers: stunServers,
clientId: clientId,
noticePort: noticePort,
token: token,
networkCode: networkCode,
remoteDnsServer: remoteDnsServer,
hostname: hostname)
// //
let rsaCipher = try! CCRSACipher(keySize: 1024) let rsaCipher = try! CCRSACipher(keySize: 1024)
let aesChiper = CCAESChiper()
self.rootTask = Task { self.rootTask = Task {
// host: "192.168.0.101", port: 1265 do {
guard let options, let config = await SDLConfiguration.parse(options: options) else { self.context = SDLContext(provider: self, config: config, rsaCipher: rsaCipher, aesCipher: aesChiper, logger: SDLLogger(level: .debug))
completionHandler(TunnelError.invalidConfiguration) try await self.context?.start()
return } catch let err {
NSLog("[PacketTunnelProvider] exit with error: \(err)")
exit(-1)
}
} }
self.contextActor = SDLContextActor(provider: self, config: config, rsaCipher: rsaCipher)
await self.contextActor?.start()
try await self.contextActor?.waitForReady()
completionHandler(nil) completionHandler(nil)
} }
}
override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
// Add code here to start the process of stopping the tunnel. // Add code here to start the process of stopping the tunnel.
Task {
await self.contextActor?.stop()
self.contextActor = nil
self.rootTask?.cancel() self.rootTask?.cancel()
Task {
await self.context?.stop()
}
self.context = nil
self.rootTask = nil self.rootTask = nil
completionHandler() completionHandler()
} }
}
override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)?) { override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)?) {
// Add code here to handle the message. // Add code here to handle the message.
Task { if let handler = completionHandler {
do { handler(messageData)
let message = try AppRequest(serializedBytes: messageData)
let replyData = try await self.handleAppRequest(message: message)
completionHandler?(replyData)
} catch let err {
var reply = TunnelResponse()
reply.code = 1
reply.message = err.localizedDescription
let errorReplyData = try? reply.serializedData()
completionHandler?(errorReplyData)
}
} }
} }
@ -83,33 +118,61 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
// Add code here to wake up. // Add code here to wake up.
} }
private func handleAppRequest(message: AppRequest) async throws -> Data? { }
guard let contextActor = self.contextActor else {
throw TunnelError.invalidContext // ip
extension PacketTunnelProvider {
public static var viaInterface: NetworkInterface? = {
let interfaces = NetworkInterfaceManager.getInterfaces()
return interfaces.first {$0.name == "en0"}
}()
struct CCRSACipher: RSACipher {
var pubKey: String
let privateKeyDER: Data
init(keySize: Int) throws {
let (privateKey, publicKey) = try Self.loadKeys(keySize: keySize)
let privKeyStr = SwKeyConvert.PrivateKey.derToPKCS1PEM(privateKey)
self.pubKey = SwKeyConvert.PublicKey.derToPKCS8PEM(publicKey)
self.privateKeyDER = try SwKeyConvert.PrivateKey.pemToPKCS1DER(privKeyStr)
} }
switch message.command { public func decode(data: Data) throws -> Data {
case .changeExitNode(let changeExitNode): let tag = Data()
let exitNodeIp = changeExitNode.ip let (decryptedData, _) = try CC.RSA.decrypt(data, derKey: self.privateKeyDER, tag: tag, padding: .pkcs1, digest: .none)
do {
try await contextActor.updateExitNode(exitNodeIp: exitNodeIp)
var reply = TunnelResponse()
reply.code = 0
reply.message = "操作成功"
return try reply.serializedData()
} catch let err { return decryptedData
var reply = TunnelResponse()
reply.code = 1
reply.message = err.localizedDescription
return try reply.serializedData()
} }
case .none:
var reply = TunnelResponse() private static func loadKeys(keySize: Int) throws -> (Data, Data) {
reply.code = 1 if let privateKey = UserDefaults.standard.data(forKey: "privateKey"),
reply.message = "无效请求" let publicKey = UserDefaults.standard.data(forKey: "publicKey") {
return try reply.serializedData()
return (privateKey, publicKey)
} else {
let (privateKey, publicKey) = try CC.RSA.generateKeyPair(keySize)
UserDefaults.standard.setValue(privateKey, forKey: "privateKey")
UserDefaults.standard.setValue(publicKey, forKey: "publicKey")
return (privateKey, publicKey)
}
}
}
struct CCAESChiper: AESCipher {
func decypt(aesKey: Data, data: Data) throws -> Data {
let ivData = Data(aesKey.prefix(16))
return try CC.crypt(.decrypt, blockMode: .cbc, algorithm: .aes, padding: .pkcs7Padding, data: data, key: aesKey, iv: ivData)
}
func encrypt(aesKey: Data, data: Data) throws -> Data {
let ivData = Data(aesKey.prefix(16))
return try CC.crypt(.encrypt, blockMode: .cbc, algorithm: .aes, padding: .pkcs7Padding, data: data, key: aesKey, iv: ivData)
} }
} }

13
Tun/Punchnet/AESCipher.swift Normal file
View File

@ -0,0 +1,13 @@
//
// AESCipher.swift
// sdlan
//
// Created by on 2025/7/14.
//
import Foundation
public protocol AESCipher {
func decypt(aesKey: Data, data: Data) throws -> Data
func encrypt(aesKey: Data, data: Data) throws -> Data
}

0
Tun/Punchnet/NetworkStack/ARPPacket.swift → Tun/Punchnet/ARPPacket.swift
View File

105
Tun/Punchnet/Actors/ArpServer.swift
View File

@ -1,105 +0,0 @@
//
// ArpServer.swift
// sdlan
// 1. ipmac
// 2. ip
// Created by on 2025/7/14.
//
import Foundation
import Darwin
actor ArpServer {
//
struct ArpEntry {
var mac: Data
var expireTime: TimeInterval
}
private var coolingDown: [UInt32: Date] = [:]
private var known_macs: [UInt32: ArpEntry] = [:]
private let arpTTL: TimeInterval
private var cleanupTask: Task<Void, Never>?
init(arpTTL: TimeInterval = 300) {
self.arpTTL = arpTTL
}
func start() {
guard self.cleanupTask == nil else {
return
}
self.cleanupTask = Task {
while !Task.isCancelled {
try? await Task.sleep(for: .seconds(1))
self.cleanup()
}
}
}
func query(ip: UInt32) -> Data? {
guard let entry = known_macs[ip] else {
return nil
}
if entry.expireTime < Date().timeIntervalSince1970 {
known_macs.removeValue(forKey: ip)
return nil
}
return entry.mac
}
func append(ip: UInt32, mac: Data) {
let expireAt = Date().timeIntervalSince1970 + arpTTL
self.known_macs[ip] = ArpEntry(mac: mac, expireTime: expireAt)
}
func remove(ip: UInt32) {
self.known_macs.removeValue(forKey: ip)
}
func dropMacs(macs: [Data]) {
self.known_macs = self.known_macs.filter { !macs.contains($0.value.mac) }
}
func clear() {
self.known_macs = [:]
}
func arpRequest(targetIp: UInt32, use quicClient: SDLQUICClient?) throws {
guard let quicClient, self.coolingDown[targetIp] == nil else {
return
}
//
self.coolingDown[targetIp] = Date().addingTimeInterval(3)
// arp
var arpRequest = SDLArpRequest()
arpRequest.targetIp = targetIp
quicClient.send(type: .arpRequest, data: try arpRequest.serializedData())
}
func handleArpResponse(arpResponse: SDLArpResponse) {
let targetIp = arpResponse.targetIp
let targetMac = arpResponse.targetMac
if !targetMac.isEmpty {
let expireAt = Date().timeIntervalSince1970 + arpTTL
self.known_macs[targetIp] = ArpEntry(mac: targetMac, expireTime: expireAt)
}
}
private func cleanup() {
let now = Date()
self.coolingDown = self.coolingDown.filter { $0.value > now }
}
deinit {
self.cleanupTask?.cancel()
}
}

1056
Tun/Punchnet/Actors/SDLContextActor.swift
View File

File diff suppressed because it is too large Load Diff

117
Tun/Punchnet/Actors/SDLDNSClientActor.swift Normal file
View File

@ -0,0 +1,117 @@
//
// DNSClient.swift
// Tun
//
// Created by on 2025/12/10.
//
import Foundation
import NIOCore
import NIOPosix
// sn-server
@available(macOS 14, *)
actor SDLDNSClientActor {
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<AddressedEnvelope<ByteBuffer>, AddressedEnvelope<ByteBuffer>>
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
private let logger: SDLLogger
private let dnsServerAddress: SocketAddress
public let packetFlow: AsyncStream<Data>
private let packetContinuation: AsyncStream<Data>.Continuation
//
init(dnsServerAddress: SocketAddress, logger: SDLLogger) async throws {
self.dnsServerAddress = dnsServerAddress
self.logger = logger
(self.packetFlow, self.packetContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
self.asyncChannel = try await bootstrap.bind(host: "0.0.0.0", port: 0)
.flatMapThrowing { channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: AddressedEnvelope<ByteBuffer>.self,
outboundType: AddressedEnvelope<ByteBuffer>.self
))
}
.get()
}
func start() async throws {
try await withTaskCancellationHandler {
try await self.asyncChannel.executeThenClose {inbound, outbound in
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
defer {
self.logger.log("[DNSClient] inbound closed", level: .warning)
}
for try await envelope in inbound {
try Task.checkCancellation()
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
self.logger.log("[DNSClient] read data: \(buffer), from: \(remoteAddress)", level: .debug)
let len = buffer.readableBytes
if let bytes = buffer.readBytes(length: len) {
self.packetContinuation.yield(Data(bytes))
}
}
}
group.addTask {
defer {
self.logger.log("[DNSClient] outbound closed", level: .warning)
}
for await message in self.writeStream {
try Task.checkCancellation()
let buffer = self.asyncChannel.channel.allocator.buffer(bytes: message)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: self.dnsServerAddress, data: buffer)
try await outbound.write(envelope)
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
} onCancel: {
self.writeContinuation.finish()
self.packetContinuation.finish()
self.logger.log("[DNSClient] withTaskCancellationHandler cancel")
}
}
func forward(ipPacket: IPPacket) {
self.writeContinuation.yield(ipPacket.data)
}
deinit {
try? self.group.syncShutdownGracefully()
self.writeContinuation.finish()
}
}
extension SDLDNSClientActor {
struct Helper {
static let dnsServer: String = "100.100.100.100"
// dns
static let dnsDestIpAddr: UInt32 = 1684300900
// dns
static func isDnsRequestPacket(ipPacket: IPPacket) -> Bool {
return ipPacket.header.destination == dnsDestIpAddr
}
}
}

143
Tun/Punchnet/Actors/SDLHoleDataProcessor.swift
View File

@ -1,143 +0,0 @@
//
// SDLHoleDataProcessor.swift
// Tun
//
// Created by on 2026/4/14.
//
import Foundation
final class SDLHoleDataProcessor {
enum ProcessingAction {
case sendARPReply(dstMac: Data, data: Data)
case appendARP(ip: UInt32, mac: Data)
case writeToTun(packetData: Data, identityID: UInt32)
case requestPolicy(srcIdentityID: UInt32)
case none
}
struct ProcessingPlan {
let inboundBytes: Int
let action: ProcessingAction
}
private let networkAddress: SDLConfiguration.NetworkAddress
private let dataCipher: CCDataCipher?
private let snapshotPublisher: SnapshotPublisher<IdentitySnapshot>
private let flowSessionManager: SDLFlowSessionManager
init(networkAddress: SDLConfiguration.NetworkAddress,
dataCipher: CCDataCipher?,
snapshotPublisher: SnapshotPublisher<IdentitySnapshot>,
flowSessionManager: SDLFlowSessionManager) {
self.networkAddress = networkAddress
self.dataCipher = dataCipher
self.snapshotPublisher = snapshotPublisher
self.flowSessionManager = flowSessionManager
}
func makeProcessingPlan(data: SDLData) throws -> ProcessingPlan? {
guard let dataCipher = self.dataCipher else {
return nil
}
let mac = LayerPacket.MacAddress(data: data.dstMac)
guard (data.dstMac == self.networkAddress.mac || mac.isBroadcast() || mac.isMulticast()) else {
return nil
}
let decryptedData = try dataCipher.decrypt(cipherText: Data(data.data))
let layerPacket = try LayerPacket(layerData: decryptedData)
let inboundBytes = decryptedData.count
// arp
switch layerPacket.type {
case .arp:
return self.makeARPPlan(layerData: layerPacket.data, inboundBytes: inboundBytes)
case .ipv4:
return self.makeIPv4Plan(layerData: layerPacket.data, identityID: data.identityID, inboundBytes: inboundBytes)
default:
SDLLogger.log("[SDLContext] get invalid packet", for: .debug)
return .init(inboundBytes: inboundBytes, action: .none)
}
}
private func makeARPPlan(layerData: Data, inboundBytes: Int) -> ProcessingPlan {
// arp
if let arpPacket = ARPPacket(data: layerData) {
if arpPacket.targetIP == self.networkAddress.ip {
switch arpPacket.opcode {
case .request:
let response = ARPPacket.arpResponse(for: arpPacket, mac: self.networkAddress.mac, ip: self.networkAddress.ip)
return .init(
inboundBytes: inboundBytes,
action: .sendARPReply(dstMac: arpPacket.senderMAC, data: response.marshal())
)
case .response:
return .init(
inboundBytes: inboundBytes,
action: .appendARP(ip: arpPacket.senderIP, mac: arpPacket.senderMAC)
)
}
} else {
SDLLogger.log("[SDLContext] get invalid arp packet: \(arpPacket), target_ip: \(SDLUtil.int32ToIp(arpPacket.targetIP)), net ip: \(SDLUtil.int32ToIp(self.networkAddress.ip))")
}
} else {
SDLLogger.log("[SDLContext] get invalid arp packet")
}
return .init(inboundBytes: inboundBytes, action: .none)
}
private func makeIPv4Plan(layerData: Data, identityID: UInt32, inboundBytes: Int) -> ProcessingPlan {
// ip
guard let ipPacket = IPPacket(layerData) else {
return .init(inboundBytes: inboundBytes, action: .none)
}
//
let identitySnapshot = self.snapshotPublisher.current()
let ruleMap = identitySnapshot.lookup(identityID)
if true || self.checkPolicy(ipPacket: ipPacket, ruleMap: ruleMap) {
return .init(
inboundBytes: inboundBytes,
action: .writeToTun(packetData: ipPacket.data, identityID: identityID)
)
}
return .init(
inboundBytes: inboundBytes,
action: .requestPolicy(srcIdentityID: identityID)
)
}
private func checkPolicy(ipPacket: IPPacket, ruleMap: IdentityRuleMap?) -> Bool {
//
if let reverseFlowSession = ipPacket.flowSession()?.reverse(),
self.flowSessionManager.hasSession(reverseFlowSession) {
self.flowSessionManager.updateSession(reverseFlowSession)
return true
}
//
let proto = ipPacket.header.proto
// 访
switch ipPacket.transportPacket {
case .tcp(let tcpPacket):
if let ruleMap, ruleMap.isAllow(proto: proto, port: tcpPacket.header.dstPort) {
return true
}
case .udp(let udpPacket):
if let ruleMap, ruleMap.isAllow(proto: proto, port: udpPacket.dstPort) {
return true
}
case .icmp(_):
return true
default:
return false
}
return false
}
}

66
Tun/Punchnet/Actors/SDLLayerPacketForwarder.swift
View File

@ -1,66 +0,0 @@
//
// SDLLayerPacketForwarder.swift
// Tun
//
// Created by on 2026/4/14.
//
import Foundation
struct SDLLayerPacketForwarder {
enum DeliveryPlan {
case superNode(payload: Data)
case peer(payload: Data, session: Session)
case superNodeAndPunch(payload: Data, request: SDLPuncherActor.RegisterRequest)
}
let networkAddress: SDLConfiguration.NetworkAddress
let identityID: UInt32
let dataCipher: CCDataCipher?
let sessionManager: SessionManager
func makeDeliveryPlan(dstMac: Data, type: LayerPacket.PacketType, data: Data) async throws -> DeliveryPlan? {
guard let payload = try self.makePayload(dstMac: dstMac, type: type, data: data) else {
return nil
}
if ARPPacket.isBroadcastMac(dstMac) {
return .superNode(payload: payload)
}
if let session = await self.sessionManager.getSession(toAddress: dstMac) {
return .peer(payload: payload, session: session)
}
return .superNodeAndPunch(
payload: payload,
request: .init(
srcMac: self.networkAddress.mac,
dstMac: dstMac,
networkId: self.networkAddress.networkId
)
)
}
private func makePayload(dstMac: Data, type: LayerPacket.PacketType, data: Data) throws -> Data? {
// 2
let layerPacket = LayerPacket(dstMac: dstMac, srcMac: self.networkAddress.mac, type: type, data: data)
guard let dataCipher = self.dataCipher else {
return nil
}
let encodedPacket = try dataCipher.encrypt(plainText: layerPacket.marshal())
//
var dataPacket = SDLData()
dataPacket.networkID = self.networkAddress.networkId
dataPacket.srcMac = self.networkAddress.mac
dataPacket.dstMac = dstMac
dataPacket.ttl = 255
dataPacket.identityID = self.identityID
dataPacket.data = encodedPacket
return try dataPacket.serializedData()
}
}

176
Tun/Punchnet/Actors/SDLNATProberActor.swift
View File

@ -1,176 +0,0 @@
//
// SDLNATProberActor.swift
// punchnet
//
// Created by on 2026/1/28.
//
import Foundation
import NIOCore
actor SDLNATProberActor {
// MARK: - NAT Type
enum NatType: UInt8, Encodable {
case blocked = 0
case noNat = 1
case fullCone = 2
case portRestricted = 3
case coneRestricted = 4
case symmetric = 5
}
// MARK: - Internal State
class ProbeSession {
var cookieId: UInt32
// step -> SDLStunProbeReply
var replies: [UInt32: SDLStunProbeReply]
var timeoutTask: Task<Void, Never>?
var continuation: CheckedContinuation<NatType, Never>
private var isFinished: Bool = false
init(cookieId: UInt32, timeoutTask: Task<Void, Never>? = nil, continuation: CheckedContinuation<NatType, Never>) {
self.cookieId = cookieId
self.replies = [:]
self.timeoutTask = timeoutTask
self.continuation = continuation
}
func finished(with type: NatType) {
guard !isFinished else {
return
}
self.continuation.resume(returning: type)
//
self.timeoutTask?.cancel()
self.isFinished = true
}
}
// MARK: - Dependencies
nonisolated private let addressArray: [[SocketAddress]]
// MARK: - Completion
private var cookieId: UInt32 = 1
private var sessions: [UInt32: ProbeSession] = [:]
// MARK: - Init
init(addressArray: [[SocketAddress]]) {
self.addressArray = addressArray
}
// MARK: - Public API
func probeNatType(using udpHole: SDLUDPHole) async -> NatType {
let cookieId = self.cookieId
self.cookieId &+= 1
return await withCheckedContinuation { continuation in
let timeoutTask = Task {
try? await Task.sleep(nanoseconds: 5_000_000_000)
await self.handleTimeout(cookie: cookieId)
}
let session = ProbeSession(
cookieId: cookieId,
timeoutTask: timeoutTask,
continuation: continuation
)
self.sessions[cookieId] = session
Task {
await self.sendProbe(using: udpHole, cookie: cookieId)
}
}
}
/// UDP STUN
func handleProbeReply(localAddress: SocketAddress?, reply: SDLStunProbeReply) async {
guard let session = self.sessions[reply.cookie] else {
return
}
session.replies[reply.step] = reply
// 退nat
if session.replies[1] != nil {
if await reply.socketAddress() == localAddress {
finish(cookie: session.cookieId, .noNat)
return
}
}
if let step1 = session.replies[1], let step2 = session.replies[2] {
// natAddress2 IPIPNAT;
// ip{dstIp, dstPort, srcIp, srcPort}, ip
if let addr1 = await step1.socketAddress(), let addr2 = await step2.socketAddress(), addr1 != addr2 {
finish(cookie: session.cookieId, .symmetric)
return
}
}
// ,
if session.replies[1] != nil && session.replies[2] != nil && session.replies[3] != nil && session.replies[4] != nil {
// step3: ip2:port2 <---- ip1:port1 (ipport)
// IPNAT
if session.replies[3] != nil {
finish(cookie: session.cookieId, .fullCone)
return
}
// step3: ip1:port1 <---- ip1:port2 (port)
// IPNAT
if session.replies[4] != nil {
finish(cookie: session.cookieId, .coneRestricted)
return
}
}
}
/// Timer / Task
private func handleTimeout(cookie: UInt32) async {
guard let session = self.sessions[cookie] else {
return
}
if session.replies[1] == nil {
finish(cookie: cookie, .blocked)
} else if session.replies[3] != nil {
finish(cookie: cookie, .fullCone)
} else if session.replies[4] != nil {
finish(cookie: cookie, .coneRestricted)
} else {
finish(cookie: cookie, .portRestricted)
}
}
private func finish(cookie: UInt32, _ type: NatType) {
if let session = self.sessions.removeValue(forKey: cookie) {
session.finished(with: type)
}
}
// MARK: - Internal helpers
private func sendProbe(using udpHole: SDLUDPHole, cookie: UInt32) async {
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 1, attr: .none), remoteAddress: addressArray[0][0])
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 2, attr: .none), remoteAddress: addressArray[1][1])
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 3, attr: .peer), remoteAddress: addressArray[0][0])
udpHole.send(type: .stunProbe, data: makeProbePacket(cookieId: cookie, step: 4, attr: .port), remoteAddress: addressArray[0][0])
}
private func makeProbePacket(cookieId: UInt32, step: UInt32, attr: SDLProbeAttr) -> Data {
var stunProbe = SDLStunProbe()
stunProbe.cookie = cookieId
stunProbe.step = step
stunProbe.attr = UInt32(attr.rawValue)
return try! stunProbe.serializedData()
}
}

181
Tun/Punchnet/Actors/SDLPuncherActor.swift
View File

@ -6,13 +6,17 @@
// //
import Foundation import Foundation
import NIOCore
actor SDLPuncherActor { actor SDLPuncherActor {
// 10 // dstMac
nonisolated private let cooldownInterval: TimeInterval = 10 private var coolingDown: Set<Data> = []
// peerInfo private let cooldown: Duration = .seconds(5)
nonisolated private let peerInfoTimeout: TimeInterval = 3
private var superClientActor: SDLSuperClientActor?
private var udpHoleActor: SDLUDPHoleActor?
// holer
private var logger: SDLLogger
struct RegisterRequest { struct RegisterRequest {
let srcMac: Data let srcMac: Data
@ -20,165 +24,66 @@ actor SDLPuncherActor {
let networkId: UInt32 let networkId: UInt32
} }
private enum RequestPhase { init(logger: SDLLogger) {
case waitingPeerInfo(deadline: Date) self.logger = logger
case coolingDown
} }
private struct RequestEntry { func setSuperClientActor(superClientActor: SDLSuperClientActor?) {
let request: RegisterRequest self.superClientActor = superClientActor
let cooldownUntil: Date
var phase: RequestPhase
func canSubmit(at now: Date) -> Bool {
return cooldownUntil <= now
} }
func isWaitingPeerInfo(at now: Date) -> Bool { func setUDPHoleActor(udpHoleActor: SDLUDPHoleActor?) {
guard case .waitingPeerInfo(let deadline) = self.phase else { self.udpHoleActor = udpHoleActor
return false
} }
return deadline > now func submitRegisterRequest(request: RegisterRequest) {
} let dstMac = request.dstMac
mutating func markCoolingDown() { guard !coolingDown.contains(dstMac) else {
self.phase = .coolingDown
}
}
// dstMac
private var requestEntries: [Data: RequestEntry] = [:]
private var cleanupTask: Task<Void, Never>?
func start() {
guard self.cleanupTask == nil else {
return return
} }
self.cleanupTask = Task { [weak self] in //
while !Task.isCancelled { coolingDown.insert(dstMac)
try? await Task.sleep(for: .seconds(1))
await self?.cleanupExpiredEntries() Task {
} await self.tryHole(request: request)
//
try? await Task.sleep(for: .seconds(5))
self.endCooldown(for: dstMac)
} }
} }
func submitRegisterRequest(quicClient: SDLQUICClient?, request: RegisterRequest) { private func endCooldown(for key: Data) {
guard let quicClient else { self.coolingDown.remove(key)
return
}
let now = Date()
self.cleanupExpiredEntries(now: now)
if let entry = self.requestEntries[request.dstMac], !entry.canSubmit(at: now) {
return
} }
private func tryHole(request: RegisterRequest) async {
var queryInfo = SDLQueryInfo() var queryInfo = SDLQueryInfo()
queryInfo.dstMac = request.dstMac queryInfo.dstMac = request.dstMac
guard let message = try? await self.superClientActor?.request(type: .queryInfo, data: try queryInfo.serializedData()) else {
guard let queryData = try? queryInfo.serializedData() else {
SDLLogger.log("[SDLPuncherActor] failed to encode queryInfo", for: .debug)
return
}
self.requestEntries[request.dstMac] = RequestEntry(
request: request,
cooldownUntil: now.addingTimeInterval(self.cooldownInterval),
phase: .waitingPeerInfo(deadline: now.addingTimeInterval(self.peerInfoTimeout))
)
quicClient.send(type: .queryInfo, data: queryData)
}
func handlePeerInfo(using udpHole: SDLUDPHole?, udpHoleV6: SDLUDPHoleV6?, peerInfo: SDLPeerInfo) async {
let now = Date()
self.cleanupExpiredEntries(now: now)
guard var entry = self.requestEntries[peerInfo.dstMac] else {
return
}
guard entry.isWaitingPeerInfo(at: now) else {
return
}
entry.markCoolingDown()
self.requestEntries[peerInfo.dstMac] = entry
guard udpHole != nil || udpHoleV6 != nil else {
SDLLogger.log("[SDLPuncherActor] udpHole and udpHoleV6 are nil when peerInfo arrived", for: .debug)
return return
} }
switch message.packet {
case .empty:
self.logger.log("[SDLContext] hole query_info get empty: \(message)", level: .debug)
case .peerInfo(let peerInfo):
if let remoteAddress = peerInfo.v4Info.socketAddress() {
self.logger.log("[SDLContext] hole sock address: \(remoteAddress)", level: .debug)
// register
var register = SDLRegister() var register = SDLRegister()
register.networkID = entry.request.networkId register.networkID = request.networkId
register.srcMac = entry.request.srcMac register.srcMac = request.srcMac
register.dstMac = entry.request.dstMac register.dstMac = request.dstMac
guard let registerData = try? register.serializedData() else { await self.udpHoleActor?.send(type: .register, data: try! register.serializedData(), remoteAddress: remoteAddress)
SDLLogger.log("[SDLPuncherActor] failed to encode register", for: .debug)
return
}
// register
if peerInfo.hasV4Info {
if let remoteAddress = try? await peerInfo.v4Info.socketAddress() {
SDLLogger.log("[SDLContext] hole sock address: \(remoteAddress)", for: .debug)
self.sendRegister(using: udpHole, udpHoleV6: udpHoleV6, registerData: registerData, remoteAddress: remoteAddress)
} else { } else {
SDLLogger.log("[SDLPuncherActor] failed to resolve peerInfo.v4Info", for: .debug) self.logger.log("[SDLContext] hole sock address is invalid: \(peerInfo.v4Info)", level: .warning)
} }
}
if peerInfo.hasV6Info {
if let remoteAddress = try? await peerInfo.v6Info.socketAddress() {
SDLLogger.log("[SDLContext] hole sock address v6: \(remoteAddress)", for: .debug)
self.sendRegister(using: udpHole, udpHoleV6: udpHoleV6, registerData: registerData, remoteAddress: remoteAddress)
} else {
SDLLogger.log("[SDLPuncherActor] failed to resolve peerInfo.v6Info", for: .debug)
}
}
}
func stop() {
self.cleanupTask?.cancel()
self.cleanupTask = nil
self.requestEntries.removeAll()
}
private func cleanupExpiredEntries(now: Date = Date()) {
self.requestEntries = self.requestEntries.filter { _, entry in
!entry.canSubmit(at: now)
}
}
private func sendRegister(using udpHole: SDLUDPHole?,
udpHoleV6: SDLUDPHoleV6?,
registerData: Data,
remoteAddress: SocketAddress) {
switch remoteAddress {
case .v4:
guard let udpHole else {
SDLLogger.log("[SDLPuncherActor] udpHole is nil when v4 peerInfo arrived", for: .debug)
return
}
udpHole.send(type: .register, data: registerData, remoteAddress: remoteAddress)
case .v6:
guard let udpHoleV6 else {
SDLLogger.log("[SDLPuncherActor] udpHoleV6 is nil when v6 peerInfo arrived", for: .debug)
return
}
udpHoleV6.send(type: .register, data: registerData, remoteAddress: remoteAddress)
default: default:
SDLLogger.log("[SDLPuncherActor] unsupported peer address family: \(remoteAddress)", for: .debug) self.logger.log("[SDLContext] hole query_info is packet: \(message)", level: .warning)
} }
} }
deinit {
self.cleanupTask?.cancel()
}
} }

317
Tun/Punchnet/Actors/SDLQuicClient.swift
View File

@ -1,317 +0,0 @@
//
// SDLQuicClient.swift
// Tun
//
// Created by on 2026/2/13.
//
import Foundation
import NIOCore
import Network
import CryptoKit
import Security
// 便
enum SDLQUICError: Error {
case connectionFailed(Error)
case connectionCancelled
case timeout
case decodeError(String)
case packetTooLarge
}
final class SDLQUICClient {
private let allocator = ByteBufferAllocator()
// 64K
private let maxPacketSize: Int
// 2M
private let maxBufferSize: Int
public var messageStream: AsyncStream<SDLQUICInboundMessage>
private let messageCont: AsyncStream<SDLQUICInboundMessage>.Continuation
private var readTask: Task<Void, Never>?
private var pingTask: Task<Void, Never>?
private let connection: NWConnection
private let queue = DispatchQueue(label: "com.sdl.QUICClient.queue") // 线
private let (closeStream, closeCont) = AsyncStream.makeStream(of: Void.self)
private let (readyStream, readyCont) = AsyncStream.makeStream(of: Void.self)
init(host: String, port: UInt16, maxPacketSize: Int = 64 * 1024, maxBufferSize: Int = 2 * 1024 * 1024) {
let options = NWProtocolQUIC.Options(alpn: ["punchnet/1.0"])
self.maxBufferSize = maxBufferSize
self.maxPacketSize = maxPacketSize
(self.messageStream, self.messageCont) = AsyncStream.makeStream(of: SDLQUICInboundMessage.self)
// TODO
sec_protocol_options_set_verify_block(
options.securityProtocolOptions,
{ metadata, trust, complete in
//
complete(QUICVerifier.verify(trust: trust, host: host))
},
self.queue
)
let params = NWParameters(quic: options)
self.connection = NWConnection(host: .init(host), port: .init(rawValue: port)!, using: params)
}
func start() {
connection.stateUpdateHandler = { state in
SDLLogger.log("[SDLQUICClient] new state: \(state)", for: .debug)
switch state {
case .ready:
self.readyCont.yield()
self.readyCont.finish()
case .failed(_), .cancelled:
self.closeCont.yield()
self.closeCont.finish()
default:
()
}
}
connection.start(queue: self.queue)
//
self.readTask = Task {
var buffer = allocator.buffer(capacity: self.maxBufferSize)
let threshold = self.maxBufferSize / 10 * 6
do {
while !Task.isCancelled {
let (isComplete, data) = try await self.readOnce()
if let data, !data.isEmpty {
buffer.writeBytes(data)
let frames = try parseFrames(buffer: &buffer)
if buffer.readerIndex > threshold {
buffer.discardReadBytes()
}
for frame in frames {
if let message = decode(frame: frame) {
self.messageCont.yield(message)
}
}
}
if isComplete {
break
}
}
self.messageCont.finish()
} catch {
self.messageCont.finish()
}
}
//
self.pingTask = Task {
let timerStream = SDLAsyncTimerStream()
timerStream.start(interval: .seconds(5))
for await _ in timerStream.stream {
if Task.isCancelled {
break
}
self.send(type: .ping, data: Data())
}
SDLLogger.log("[SDLQUICClient] udp pingTask cancel", for: .debug)
}
}
func send(type: SDLPacketType, data: Data) {
var len = UInt16(data.count + 1).bigEndian
var packet = Data(Data(bytes: &len, count: 2))
packet.append(type.rawValue)
packet.append(data)
connection.send(content: packet, completion: .contentProcessed { error in
if let error {
SDLLogger.log("[SDLQUICClient] send data get error: \(error)", for: .debug)
}
})
}
func waitReady() async throws {
for await _ in readyStream {}
}
func waitClose() async {
for await _ in closeStream {}
}
func stop() {
self.connection.cancel()
}
//
private func parseFrames(buffer: inout ByteBuffer) throws -> [ByteBuffer] {
guard buffer.readableBytes >= 2 else {
return []
}
var frames: [ByteBuffer] = []
while true {
guard let len = buffer.getInteger(at: buffer.readerIndex, endianness: .big, as: UInt16.self) else {
break
}
if len > self.maxPacketSize {
throw SDLQUICError.packetTooLarge
}
guard buffer.readableBytes >= len + 2 else {
break
}
buffer.moveReaderIndex(forwardBy: 2)
if let buf = buffer.readSlice(length: Int(len)) {
frames.append(buf)
}
}
return frames
}
//
private func readOnce() async throws -> (Bool, Data?) {
return try await withCheckedThrowingContinuation { cont in
self.connection.receive(minimumIncompleteLength: 1, maximumLength: maxPacketSize) { data, _, isComplete, error in
if let error {
cont.resume(throwing: error)
return
}
cont.resume(returning: (isComplete, data))
}
}
}
// --MARK:
private func decode(frame: ByteBuffer) -> SDLQUICInboundMessage? {
var buffer = frame
guard let type = buffer.readInteger(as: UInt8.self),
let packetType = SDLPacketType(rawValue: type) else {
return nil
}
switch packetType {
case .welcome:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let welcome = try? SDLWelcome(serializedBytes: bytes) else {
return nil
}
return .welcome(welcome)
case .registerSuperAck:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperAck = try? SDLRegisterSuperAck(serializedBytes: bytes) else {
return nil
}
return .registerSuperAck(registerSuperAck)
case .registerSuperNak:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperNak = try? SDLRegisterSuperNak(serializedBytes: bytes) else {
return nil
}
return .registerSuperNak(registerSuperNak)
case .peerInfo:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let peerInfo = try? SDLPeerInfo(serializedBytes: bytes) else {
return nil
}
return .peerInfo(peerInfo)
case .policyResponse:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let policyResponse = try? SDLPolicyResponse(serializedBytes: bytes) else {
return nil
}
return .policyReponse(policyResponse)
case .arpResponse:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let arpResponse = try? SDLArpResponse(serializedBytes: bytes) else {
return nil
}
return .arpResponse(arpResponse)
case .event:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let event = try? SDLEvent(serializedBytes: bytes) else {
SDLLogger.log("SDLQUICClient decode Event Error", for: .debug)
return nil
}
return .event(event)
case .pong:
return .pong
default:
SDLLogger.log("SDLQUICClient decode miss type: \(type)", for: .debug)
return nil
}
}
deinit {
self.readTask?.cancel()
self.pingTask?.cancel()
self.messageCont.finish()
}
}
extension SDLQUICClient {
enum QUICVerifier {
// Base64
static let pinnedPublicKeyHashes = [
"Q41r6hbMWEVyxo6heNAH4Wx/TH5NNOWlNif9bewcJ3E="
]
static func verify(trust: sec_trust_t, host: String) -> Bool {
let secTrust = sec_trust_copy_ref(trust).takeRetainedValue()
// --- Step 1: ---
var error: CFError?
guard SecTrustEvaluateWithError(secTrust, &error) else {
SDLLogger.log("❌ 系统证书验证失败: \(error?.localizedDescription ?? "未知错误")", for: .debug)
return false
}
// --- Step 2: ---
let policy = SecPolicyCreateSSL(true, host as CFString)
SecTrustSetPolicies(secTrust, policy)
guard SecTrustEvaluateWithError(secTrust, &error) else {
SDLLogger.log("❌ 主机名校验失败: \(error?.localizedDescription ?? "未知错误")", for: .debug)
return false
}
// --- Step 3: ---
guard let chain = SecTrustCopyCertificateChain(secTrust) as? [SecCertificate],
let leafCertificate = chain.first else {
SDLLogger.log("❌ 无法获取证书链或叶子证书", for: .debug)
return false
}
// --- Step 4: ---
guard let publicKey = SecCertificateCopyKey(leafCertificate),
let publicKeyData = SecKeyCopyExternalRepresentation(publicKey, nil) as Data? else {
SDLLogger.log("❌ 无法提取公钥", for: .debug)
return false
}
// --- Step 5: SHA256 ---
let hash = SHA256.hash(data: publicKeyData)
let hashBase64 = Data(hash).base64EncodedString()
if pinnedPublicKeyHashes.contains(hashBase64) {
SDLLogger.log("✅ 公钥校验通过", for: .debug)
return true
} else {
SDLLogger.log("⚠️ 公钥不匹配! 收到: \(hashBase64)", for: .debug)
return false
}
}
}
}

312
Tun/Punchnet/Actors/SDLSuperClientActor.swift Normal file
View File

@ -0,0 +1,312 @@
//
// SDLWebsocketClient.swift
// Tun
//
// Created by on 2024/3/28.
//
import Foundation
import NIOCore
import NIOPosix
// --MARK: SuperNode
actor SDLSuperClientActor {
//
private typealias TcpMessage = (packetId: UInt32, type: SDLPacketType, data: Data)
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<ByteBuffer,ByteBuffer>
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: TcpMessage.self, bufferingPolicy: .unbounded)
private var continuations: [UInt32:CheckedContinuation<SDLSuperInboundMessage, Error>] = [:]
public let eventFlow: AsyncStream<SuperEvent>
private let inboundContinuation: AsyncStream<SuperEvent>.Continuation
// id
var idGenerator = SDLIdGenerator(seed: 1)
private let logger: SDLLogger
//
enum SuperEvent {
case ready
case event(SDLEvent)
case command(UInt32, SDLCommand)
}
enum SuperClientError: Error {
case timeout
case connectionClosed
case cancelled
}
init(host: String, port: Int, logger: SDLLogger) async throws {
self.logger = logger
(self.eventFlow, self.inboundContinuation) = AsyncStream.makeStream(of: SuperEvent.self, bufferingPolicy: .unbounded)
let bootstrap = ClientBootstrap(group: self.group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
.channelInitializer { channel in
return channel.pipeline.addHandlers([
ByteToMessageHandler(FixedHeaderDecoder()),
MessageToByteHandler(FixedHeaderEncoder())
])
}
self.asyncChannel = try await bootstrap.connect(host: host, port: port)
.flatMapThrowing { channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: ByteBuffer.self,
outboundType: ByteBuffer.self
))
}
.get()
}
func start() async throws {
try await withTaskCancellationHandler {
try await self.asyncChannel.executeThenClose { inbound, outbound in
self.inboundContinuation.yield(.ready)
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
defer {
self.logger.log("[SDLSuperClient] inbound closed", level: .warning)
}
for try await var packet in inbound {
try Task.checkCancellation()
if let message = SDLSuperClientDecoder.decode(buffer: &packet) {
if !message.isPong() {
self.logger.log("[SDLSuperClient] read message: \(message)", level: .debug)
}
switch message.packet {
case .event(let event):
self.inboundContinuation.yield(.event(event))
case .command(let command):
self.inboundContinuation.yield(.command(message.msgId, command))
default:
await self.fireCallback(message: message)
}
}
}
}
group.addTask {
defer {
self.logger.log("[SDLSuperClient] outbound closed", level: .warning)
}
for await (packetId, type, data) in self.writeStream {
try Task.checkCancellation()
var buffer = self.asyncChannel.channel.allocator.buffer(capacity: data.count + 5)
buffer.writeInteger(packetId, as: UInt32.self)
buffer.writeBytes([type.rawValue])
buffer.writeBytes(data)
try await outbound.write(buffer)
}
}
// --MARK:
group.addTask {
defer {
self.logger.log("[SDLSuperClient] ping task closed", level: .warning)
}
while true {
try Task.checkCancellation()
await self.ping()
try await Task.sleep(nanoseconds: 5 * 1_000_000_000)
}
}
// 退,
if let _ = try await group.next() {
group.cancelAll()
}
}
}
} onCancel: {
self.inboundContinuation.finish()
self.writeContinuation.finish()
self.logger.log("[SDLSuperClient] withTaskCancellationHandler cancel")
Task {
await self.failAllContinuations(SuperClientError.cancelled)
}
}
}
// -- MARK: apis
func unregister() throws {
self.send(type: .unregisterSuper, packetId: 0, data: Data())
}
private func ping() {
self.send(type: .ping, packetId: 0, data: Data())
}
func request(type: SDLPacketType, data: Data, timeout: Duration = .seconds(5)) async throws -> SDLSuperInboundMessage {
let packetId = idGenerator.nextId()
return try await withCheckedThrowingContinuation { cont in
self.continuations[packetId] = cont
self.writeContinuation.yield(TcpMessage(packetId: packetId, type: type, data: data))
Task {
try? await Task.sleep(for: timeout)
self.timeout(packetId: packetId)
}
}
}
func send(type: SDLPacketType, packetId: UInt32, data: Data) {
self.writeContinuation.yield(TcpMessage(packetId: packetId, type: type, data: data))
}
//
private func fireCallback(message: SDLSuperInboundMessage) {
guard let cont = self.continuations.removeValue(forKey: message.msgId) else {
return
}
cont.resume(returning: message)
}
private func failAllContinuations(_ error: Error) {
let all = continuations
continuations.removeAll()
for (_, cont) in all {
cont.resume(throwing: error)
}
}
private func timeout(packetId: UInt32) {
guard let cont = self.continuations.removeValue(forKey: packetId) else {
return
}
cont.resume(throwing: SuperClientError.timeout)
}
deinit {
try! group.syncShutdownGracefully()
}
}
// --MARK:
private struct SDLSuperClientDecoder {
// : <<MsgId:32, Type:8, Body/binary>>
static func decode(buffer: inout ByteBuffer) -> SDLSuperInboundMessage? {
guard let msgId = buffer.readInteger(as: UInt32.self),
let type = buffer.readInteger(as: UInt8.self),
let messageType = SDLPacketType(rawValue: type) else {
return nil
}
switch messageType {
case .empty:
return .init(msgId: msgId, packet: .empty)
case .registerSuperAck:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperAck = try? SDLRegisterSuperAck(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .registerSuperAck(registerSuperAck))
case .registerSuperNak:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerSuperNak = try? SDLRegisterSuperNak(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .registerSuperNak(registerSuperNak))
case .peerInfo:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let peerInfo = try? SDLPeerInfo(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .peerInfo(peerInfo))
case .pong:
return .init(msgId: msgId, packet: .pong)
case .command:
guard let commandVal = buffer.readInteger(as: UInt8.self),
let command = SDLCommandType(rawValue: commandVal),
let bytes = buffer.readBytes(length: buffer.readableBytes) else {
return nil
}
switch command {
case .changeNetwork:
guard let changeNetworkCommand = try? SDLChangeNetworkCommand(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .command(.changeNetwork(changeNetworkCommand)))
}
case .event:
guard let eventVal = buffer.readInteger(as: UInt8.self),
let event = SDLEventType(rawValue: eventVal),
let bytes = buffer.readBytes(length: buffer.readableBytes) else {
return nil
}
switch event {
case .natChanged:
guard let natChangedEvent = try? SDLNatChangedEvent(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .event(.natChanged(natChangedEvent)))
case .sendRegister:
guard let sendRegisterEvent = try? SDLSendRegisterEvent(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .event(.sendRegister(sendRegisterEvent)))
case .networkShutdown:
guard let networkShutdownEvent = try? SDLNetworkShutdownEvent(serializedBytes: bytes) else {
return nil
}
return .init(msgId: msgId, packet: .event(.networkShutdown(networkShutdownEvent)))
}
default:
return nil
}
}
}
private final class FixedHeaderEncoder: MessageToByteEncoder, @unchecked Sendable {
typealias InboundIn = ByteBuffer
typealias InboundOut = ByteBuffer
func encode(data: ByteBuffer, out: inout ByteBuffer) throws {
let len = data.readableBytes
out.writeInteger(UInt16(len))
out.writeBytes(data.readableBytesView)
}
}
private final class FixedHeaderDecoder: ByteToMessageDecoder, @unchecked Sendable {
typealias InboundIn = ByteBuffer
typealias InboundOut = ByteBuffer
func decode(context: ChannelHandlerContext, buffer: inout ByteBuffer) throws -> DecodingState {
guard let len = buffer.getInteger(at: buffer.readerIndex, endianness: .big, as: UInt16.self) else {
return .needMoreData
}
if buffer.readableBytes >= len + 2 {
buffer.moveReaderIndex(forwardBy: 2)
if let bytes = buffer.readBytes(length: Int(len)) {
context.fireChannelRead(self.wrapInboundOut(ByteBuffer(bytes: bytes)))
}
return .continue
} else {
return .needMoreData
}
}
}

72
Tun/Punchnet/Actors/SDLSuperEventProcessor.swift
View File

@ -1,72 +0,0 @@
//
// SDLSuperEventProcessor.swift
// Tun
//
// Created by on 2026/4/15.
//
import Foundation
import NIOCore
final class SDLSuperEventProcessor {
enum ProcessingAction {
case removeSession(dstMac: Data)
case sendRegister(data: Data, remoteAddresses: [SocketAddress])
case shutdown(message: String)
case none
}
struct ProcessingPlan {
let logMessage: String?
let action: ProcessingAction
}
private let networkAddress: SDLConfiguration.NetworkAddress
init(networkAddress: SDLConfiguration.NetworkAddress) {
self.networkAddress = networkAddress
}
func makeProcessingPlan(event: SDLEvent) async -> ProcessingPlan {
switch event.event {
case .natChanged(let natChangedEvent):
let dstMac = natChangedEvent.mac
return .init(
logMessage: "[SDLContext] natChangedEvent, dstMac: \(dstMac)",
action: .removeSession(dstMac: dstMac)
)
case .sendRegister(let sendRegisterEvent):
return await self.makeSendRegisterPlan(sendRegisterEvent)
case .shutdown(let shutdownEvent):
return .init(logMessage: nil, action: .shutdown(message: shutdownEvent.message))
case .none:
return .init(logMessage: nil, action: .none)
}
}
private func makeSendRegisterPlan(_ event: SDLEvent.SendRegister) async -> ProcessingPlan {
// register
var register = SDLRegister()
register.networkID = self.networkAddress.networkId
register.srcMac = self.networkAddress.mac
register.dstMac = event.dstMac
let registerData = try! register.serializedData()
var remoteAddresses: [SocketAddress] = []
if event.natIp > 0 && event.natPort > 0 {
let address = SDLUtil.int32ToIp(event.natIp)
if let remoteAddress = try? SocketAddress.makeAddressResolvingHost(address, port: Int(event.natPort)) {
remoteAddresses.append(remoteAddress)
}
}
if event.hasV6Info, let remoteAddress = try? await event.v6Info.socketAddress() {
remoteAddresses.append(remoteAddress)
}
return .init(
logMessage: "[SDLContext] sendRegisterEvent, ip: \(event)",
action: .sendRegister(data: registerData, remoteAddresses: remoteAddresses)
)
}
}

76
Tun/Punchnet/Actors/SDLSuperRegistrationStateMachine.swift
View File

@ -1,76 +0,0 @@
//
// SDLSuperRegistrationStateMachine.swift
// Tun
//
// Created by on 2026/4/15.
//
import Foundation
final class SDLSuperRegistrationStateMachine {
enum State: Equatable {
case idle
case registering
case registered
case failed
}
enum LoopAction {
case sendRegister
case stop
}
enum WaitDecision {
case retry
case registered
case stop
}
private(set) var state: State = .idle
func beginLoop() -> Bool {
guard self.state != .registering else {
return false
}
self.state = .registering
return true
}
func makeLoopAction() -> LoopAction {
switch self.state {
case .registering:
return .sendRegister
case .idle, .registered, .failed:
return .stop
}
}
func makeWaitDecision() -> WaitDecision {
switch self.state {
case .registering:
return .retry
case .registered:
return .registered
case .idle, .failed:
return .stop
}
}
func handleRegisterSuperAck() {
self.state = .registered
}
func handleRetryableNak() {
self.state = .failed
}
func handleFailure() {
self.state = .failed
}
func reset() {
self.state = .idle
}
}

32
Tun/Punchnet/Actors/SDLSupervisor.swift
View File

@ -1,32 +0,0 @@
//
// SDLSupervisor.swift
// punchnet
//
// Created by on 2026/3/10.
//
actor SDLSupervisor {
private var loopChildWorkers: [Task<Void, Never>] = []
func addWorker(name: String, _ body: @escaping () async throws -> Void, retryDelay: Duration = .seconds(2)) {
let worker = Task(name: name) {
while !Task.isCancelled {
do {
try await body()
} catch is CancellationError {
break
} catch let err {
SDLLogger.log("[Supervisor] worker \(name) crashed: \(err.localizedDescription)", for: .debug)
try? await Task.sleep(for: retryDelay)
}
}
}
self.loopChildWorkers.append(worker)
}
func stop() {
self.loopChildWorkers.forEach { $0.cancel() }
self.loopChildWorkers.removeAll()
}
}

114
Tun/Punchnet/Actors/SDLTunPacketRouter.swift
View File

@ -1,114 +0,0 @@
//
// SDLTunPacketRouter.swift
// Tun
//
// Created by on 2026/4/14.
//
import Foundation
struct SDLTunPacketRouter {
enum DropReason: String {
case invalidDNSRequest
case noRoute
}
enum ForwardKind {
case sameNetwork
case exitNode
case dnsExitNode
}
enum RouteDecision {
case loopback(ipPacketData: Data)
case cloudDNS(name: String, ipPacketData: Data)
case localDNS(name: String, payload: Data, tracker: DNSLocalClient.DNSTracker)
case forwardToNextHop(ip: UInt32, type: LayerPacket.PacketType, data: Data, kind: ForwardKind)
case drop(reason: DropReason)
}
let networkAddress: SDLConfiguration.NetworkAddress
let exitNode: SDLConfiguration.ExitNode?
func route(packet: IPPacket, now: Date = Date()) -> RouteDecision {
let dstIp = packet.header.destination
// , ip
if dstIp == self.networkAddress.ip {
return .loopback(ipPacketData: packet.data)
}
// dns
if let dnsDecision = self.routeDNS(packet: packet, now: now) {
return dnsDecision
}
//
// ip
if SDLUtil.inSameNetwork(ip: dstIp, compareIp: self.networkAddress.ip, maskLen: self.networkAddress.maskLen) {
return .forwardToNextHop(ip: dstIp, type: .ipv4, data: packet.data, kind: .sameNetwork)
}
// ,
if let exitNode = self.exitNode {
return .forwardToNextHop(ip: exitNode.exitNodeIp, type: .ipv4, data: packet.data, kind: .exitNode)
}
return .drop(reason: .noRoute)
}
private func routeDNS(packet: IPPacket, now: Date) -> RouteDecision? {
guard DNSHelper.isDnsRequestPacket(ipPacket: packet) else {
return nil
}
guard case .udp(let udpPacket) = packet.transportPacket else {
return .drop(reason: .invalidDNSRequest)
}
// offset, dnsudp
let payloadOffset = udpPacket.payloadOffset
let dnsParser = DNSParser(data: packet.data, offset: payloadOffset)
guard let dnsMessage = dnsParser.parse(), let name = dnsMessage.questions.first?.name else {
return .drop(reason: .invalidDNSRequest)
}
// ip
if name.contains(self.networkAddress.networkDomain) {
return .cloudDNS(name: name, ipPacketData: packet.data)
}
//
if let exitNode = self.exitNode {
return .forwardToNextHop(ip: exitNode.exitNodeIp, type: .ipv4, data: packet.data, kind: .dnsExitNode)
}
// dnsudppayload
let dnsPayload = Data(packet.data[payloadOffset..<packet.data.count])
let tracker = DNSLocalClient.DNSTracker(
transactionID: dnsMessage.transactionID,
clientIP: packet.header.source,
clientPort: udpPacket.srcPort,
createdAt: now
)
return .localDNS(name: name, payload: dnsPayload, tracker: tracker)
}
}
extension SDLTunPacketRouter.RouteDecision {
var shouldTrackFlow: Bool {
switch self {
case .forwardToNextHop(_, _, _, let kind):
switch kind {
case .sameNetwork, .exitNode:
return true
case .dnsExitNode:
return false
}
default:
return false
}
}
}

89
Tun/Punchnet/Actors/SDLTunnelProviderActor.swift Normal file
View File

@ -0,0 +1,89 @@
//
// SDLContext.swift
// Tun
//
// Created by on 2024/2/29.
//
import Foundation
import NetworkExtension
import NIOCore
import Combine
//
/*
1. rsa的加解密逻辑
*/
actor SDLTunnelProviderActor {
//
struct Route {
let dstAddress: String
let subnetMask: String
var debugInfo: String {
return "\(dstAddress):\(subnetMask)"
}
}
//
private var readTask: Task<(), Never>?
let provider: NEPacketTunnelProvider
let logger: SDLLogger
public init(provider: NEPacketTunnelProvider, logger: SDLLogger) {
self.logger = logger
self.provider = provider
}
func writePackets(packets: [NEPacket]) {
//let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
self.provider.packetFlow.writePacketObjects(packets)
}
//
func setNetworkSettings(devAddr: SDLDevAddr, dnsServer: String) async throws -> String {
let netAddress = SDLNetAddress(ip: devAddr.netAddr, maskLen: UInt8(devAddr.netBitLen))
let routes = [
Route(dstAddress: netAddress.networkAddress, subnetMask: netAddress.maskAddress),
Route(dstAddress: dnsServer, subnetMask: "255.255.255.255")
]
// Add code here to start the process of connecting the tunnel.
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
networkSettings.mtu = 1460
// DNS
let networkDomain = devAddr.networkDomain
let dnsSettings = NEDNSSettings(servers: [dnsServer])
dnsSettings.searchDomains = [networkDomain]
dnsSettings.matchDomains = [networkDomain]
dnsSettings.matchDomainsNoSearch = false
networkSettings.dnsSettings = dnsSettings
self.logger.log("[SDLContext] Tun started at network ip: \(netAddress.ipAddress), mask: \(netAddress.maskAddress)", level: .info)
let ipv4Settings = NEIPv4Settings(addresses: [netAddress.ipAddress], subnetMasks: [netAddress.maskAddress])
//
//NEIPv4Route.default()
ipv4Settings.includedRoutes = routes.map { route in
NEIPv4Route(destinationAddress: route.dstAddress, subnetMask: route.subnetMask)
}
networkSettings.ipv4Settings = ipv4Settings
//
try await self.provider.setTunnelNetworkSettings(networkSettings)
return netAddress.ipAddress
}
// , 线packetFlow
func readPackets() async -> [Data] {
let (packets, numbers) = await self.provider.packetFlow.readPackets()
return zip(packets, numbers).compactMap { (data, number) in
return number == 2 ? data : nil
}
}
}

210
Tun/Punchnet/Actors/SDLUDPHoleActor.swift Normal file
View File

@ -0,0 +1,210 @@
//
// SDLanServer.swift
// Tun
//
// Created by on 2024/1/31.
//
import Foundation
import NIOCore
import NIOPosix
// sn-server
actor SDLUDPHoleActor {
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<AddressedEnvelope<ByteBuffer>, AddressedEnvelope<ByteBuffer>>
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: UDPMessage.self, bufferingPolicy: .unbounded)
private var cookieGenerator = SDLIdGenerator(seed: 1)
private var promises: [UInt32:EventLoopPromise<SDLStunProbeReply>] = [:]
public var localAddress: SocketAddress?
public let eventFlow: AsyncStream<UDPEvent>
private let eventContinuation: AsyncStream<UDPEvent>.Continuation
private let logger: SDLLogger
//
struct Capabilities {
let logger: @Sendable (String) async -> Void
}
struct UDPMessage {
let remoteAddress: SocketAddress
let type: SDLPacketType
let data: Data
}
//
enum UDPEvent {
case ready
case message(SocketAddress, SDLHoleInboundMessage)
case data(SDLData)
}
//
init(logger: SDLLogger) async throws {
self.logger = logger
(self.eventFlow, self.eventContinuation) = AsyncStream.makeStream(of: UDPEvent.self, bufferingPolicy: .unbounded)
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
self.asyncChannel = try await bootstrap.bind(host: "0.0.0.0", port: 0)
.flatMapThrowing { channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: AddressedEnvelope<ByteBuffer>.self,
outboundType: AddressedEnvelope<ByteBuffer>.self
))
}
.get()
self.localAddress = self.asyncChannel.channel.localAddress
self.logger.log("[UDPHole] started and listening on: \(self.localAddress!)", level: .debug)
}
func start() async throws {
try await withTaskCancellationHandler {
try await self.asyncChannel.executeThenClose {inbound, outbound in
self.eventContinuation.yield(.ready)
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
defer {
self.logger.log("[SDLUDPHole] inbound closed", level: .warning)
}
for try await envelope in inbound {
try Task.checkCancellation()
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
do {
if let message = try Self.decode(buffer: &buffer) {
switch message {
case .data(let data):
self.logger.log("[SDLUDPHole] read data: \(data.format()), from: \(remoteAddress)", level: .debug)
self.eventContinuation.yield(.data(data))
case .stunProbeReply(let probeReply):
//
await self.trigger(probeReply: probeReply)
default:
self.eventContinuation.yield(.message(remoteAddress, message))
}
} else {
self.logger.log("[SDLUDPHole] decode message, get null", level: .warning)
}
} catch let err {
self.logger.log("[SDLUDPHole] decode message, get error: \(err)", level: .warning)
throw err
}
}
}
group.addTask {
defer {
self.logger.log("[SDLUDPHole] outbound closed", level: .warning)
}
for await message in self.writeStream {
try Task.checkCancellation()
var buffer = self.asyncChannel.channel.allocator.buffer(capacity: message.data.count + 1)
buffer.writeBytes([message.type.rawValue])
buffer.writeBytes(message.data)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: message.remoteAddress, data: buffer)
try await outbound.write(envelope)
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
} onCancel: {
self.writeContinuation.finish()
self.eventContinuation.finish()
self.logger.log("[SDLUDPHole] withTaskCancellationHandler cancel")
}
}
func getCookieId() -> UInt32 {
return self.cookieGenerator.nextId()
}
// tun
func stunProbe(remoteAddress: SocketAddress, attr: SDLProbeAttr = .none, timeout: Int = 5) async throws -> SDLStunProbeReply {
return try await self._stunProbe(remoteAddress: remoteAddress, attr: attr, timeout: timeout).get()
}
private func _stunProbe(remoteAddress: SocketAddress, attr: SDLProbeAttr = .none, timeout: Int) -> EventLoopFuture<SDLStunProbeReply> {
let cookie = self.cookieGenerator.nextId()
var stunProbe = SDLStunProbe()
stunProbe.cookie = cookie
stunProbe.attr = UInt32(attr.rawValue)
self.send( type: .stunProbe, data: try! stunProbe.serializedData(), remoteAddress: remoteAddress)
self.logger.log("[SDLUDPHole] stunProbe: \(remoteAddress)", level: .debug)
let promise = self.asyncChannel.channel.eventLoop.makePromise(of: SDLStunProbeReply.self)
self.promises[cookie] = promise
return promise.futureResult
}
private func trigger(probeReply: SDLStunProbeReply) {
let id = probeReply.cookie
//
if let promise = self.promises[id] {
self.asyncChannel.channel.eventLoop.execute {
promise.succeed(probeReply)
}
self.promises.removeValue(forKey: id)
}
}
// MARK: client-client apis
//
func send(type: SDLPacketType, data: Data, remoteAddress: SocketAddress) {
let message = UDPMessage(remoteAddress: remoteAddress, type: type, data: data)
self.writeContinuation.yield(message)
}
//--MARK:
private static func decode(buffer: inout ByteBuffer) throws -> SDLHoleInboundMessage? {
guard let type = buffer.readInteger(as: UInt8.self),
let packetType = SDLPacketType(rawValue: type),
let bytes = buffer.readBytes(length: buffer.readableBytes) else {
return nil
}
switch packetType {
case .data:
let dataPacket = try SDLData(serializedBytes: bytes)
return .data(dataPacket)
case .register:
let registerPacket = try SDLRegister(serializedBytes: bytes)
return .register(registerPacket)
case .registerAck:
let registerAck = try SDLRegisterAck(serializedBytes: bytes)
return .registerAck(registerAck)
case .stunReply:
let stunReply = try SDLStunReply(serializedBytes: bytes)
return .stunReply(stunReply)
case .stunProbeReply:
let stunProbeReply = try SDLStunProbeReply(serializedBytes: bytes)
return .stunProbeReply(stunProbeReply)
default:
return nil
}
}
deinit {
try? self.group.syncShutdownGracefully()
self.writeContinuation.finish()
self.eventContinuation.finish()
}
}

31
Tun/Punchnet/ArpServer.swift Normal file
View File

@ -0,0 +1,31 @@
//
// ArpServer.swift
// sdlan
//
// Created by on 2025/7/14.
//
import Foundation
actor ArpServer {
private var known_macs: [UInt32:Data] = [:]
init(known_macs: [UInt32:Data]) {
self.known_macs = known_macs
}
func query(ip: UInt32) -> Data? {
return self.known_macs[ip]
}
func append(ip: UInt32, mac: Data) {
self.known_macs[ip] = mac
}
func remove(ip: UInt32) {
self.known_macs.removeValue(forKey: ip)
}
func clear() {
self.known_macs = [:]
}
}

27
Tun/Punchnet/Cipher/CCAESChiper.swift
View File

@ -1,27 +0,0 @@
//
// CCAESChiper.swift
// punchnet
//
// Created by on 2026/3/17.
//
import Foundation
struct CCAESChiper: CCDataCipher {
private let aesKey: Data
init(key: Data) {
self.aesKey = key
}
func decrypt(cipherText: Data) throws -> Data {
let ivData = Data(aesKey.prefix(16))
return try CC.crypt(.decrypt, blockMode: .cbc, algorithm: .aes, padding: .pkcs7Padding, data: cipherText, key: aesKey, iv: ivData)
}
func encrypt(plainText: Data) throws -> Data {
let ivData = Data(aesKey.prefix(16))
return try CC.crypt(.encrypt, blockMode: .cbc, algorithm: .aes, padding: .pkcs7Padding, data: plainText, key: aesKey, iv: ivData)
}
}

77
Tun/Punchnet/Cipher/CCChaCha20Cipher.swift
View File

@ -1,77 +0,0 @@
//
// NonceGenerator.swift
// punchnet
//
// Created by on 2026/3/17.
//
import Foundation
import CryptoKit
/// ChaCha20-Poly1305
struct CCChaCha20Cipher: CCDataCipher {
private let key: SymmetricKey
private let nonceGenerator: NonceGenerator
init(regionId: UInt32, keyData: Data) {
self.key = SymmetricKey(data: keyData)
self.nonceGenerator = NonceGenerator(regionId: regionId)
}
///
func encrypt(plainText: Data) throws -> Data {
let nonce = nonceGenerator.nextNonceData()
let sealedBox = try ChaChaPoly.seal(plainText, using: key, nonce: .init(data: nonce))
return sealedBox.combined
}
///
func decrypt(cipherText: Data) throws -> Data {
let sealedBox = try ChaChaPoly.SealedBox(combined: cipherText)
return try ChaChaPoly.open(sealedBox, using: key)
}
}
extension CCChaCha20Cipher {
/// NonceServerRange + + counter
final class NonceGenerator {
private let locker = NSLock()
private let regionId: UInt32 // 32-bit
private var counter: UInt64 = 0 // counter
init(regionId: UInt32) {
self.regionId = regionId
}
/// 64-bit Nonce
func nextNonceData() -> Data {
locker.lock()
defer {
locker.unlock()
}
let nowMillis = UInt64(Date().timeIntervalSince1970 * 1000)
// 40bit, id24
let timeMask: UInt64 = (1 << 40) - 1
let timeLow = nowMillis & timeMask
// Nonce
let counterMask: UInt64 = (1 << 24) - 1
let nonce = (timeLow << 24) | (counter & counterMask)
// counter
self.counter = (self.counter + 1) & counterMask // 0
var data = Data()
// region: UInt32 -> 4
data.append(contentsOf: withUnsafeBytes(of: regionId.bigEndian, Array.init))
// nonce: UInt64 -> 8
data.append(contentsOf: withUnsafeBytes(of: nonce.bigEndian, Array.init))
return data
}
}
}

13
Tun/Punchnet/Cipher/CCDataCipher.swift
View File

@ -1,13 +0,0 @@
//
// AESCipher.swift
// sdlan
//
// Created by on 2025/7/14.
//
import Foundation
public protocol CCDataCipher {
func decrypt(cipherText: Data) throws -> Data
func encrypt(plainText: Data) throws -> Data
}

41
Tun/Punchnet/Cipher/CCRSACipher.swift
View File

@ -1,41 +0,0 @@
//
// CCRSACipher.swift
// punchnet
//
// Created by on 2026/3/17.
//
import Foundation
struct CCRSACipher: RSACipher {
var pubKey: String
let privateKeyDER: Data
init(keySize: Int) throws {
let (privateKey, publicKey) = try Self.loadKeys(keySize: keySize)
let privKeyStr = SwKeyConvert.PrivateKey.derToPKCS1PEM(privateKey)
self.pubKey = SwKeyConvert.PublicKey.derToPKCS8PEM(publicKey)
self.privateKeyDER = try SwKeyConvert.PrivateKey.pemToPKCS1DER(privKeyStr)
}
public func decode(data: Data) throws -> Data {
let tag = Data()
let (decryptedData, _) = try CC.RSA.decrypt(data, derKey: self.privateKeyDER, tag: tag, padding: .pkcs1, digest: .none)
return decryptedData
}
private static func loadKeys(keySize: Int) throws -> (Data, Data) {
if let privateKey = UserDefaults.standard.data(forKey: "privateKey"),
let publicKey = UserDefaults.standard.data(forKey: "publicKey") {
return (privateKey, publicKey)
} else {
let (privateKey, publicKey) = try CC.RSA.generateKeyPair(keySize)
UserDefaults.standard.setValue(privateKey, forKey: "privateKey")
UserDefaults.standard.setValue(publicKey, forKey: "publicKey")
return (privateKey, publicKey)
}
}
}

206
Tun/Punchnet/DNS/DNSCloudClient.swift
View File

@ -1,206 +0,0 @@
//
// SDLDNSClient 2.swift
// punchnet
//
// Created by on 2026/4/9.
//
import Foundation
import Network
actor DNSCloudClient {
private enum State {
case idle
case running
case stopped
}
private var state: State = .idle
private var connection: NWConnection?
private var receiveTask: Task<Void, Never>?
private let dnsServerAddress: NWEndpoint
// DNS
public let packetFlow: AsyncStream<Data>
private let packetContinuation: AsyncStream<Data>.Continuation
private var didFinishPacketFlow = false
//
private let closeStream: AsyncStream<Void>
private let closeContinuation: AsyncStream<Void>.Continuation
private var didFinishCloseStream = false
/// - Parameter host: sn-server ( "8.8.8.8")
/// - Parameter port: ( 53)
init(host: String, port: UInt16 ) {
self.dnsServerAddress = .hostPort(host: NWEndpoint.Host(host), port: NWEndpoint.Port(integerLiteral: port))
let (packetStream, packetContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .bufferingNewest(256))
self.packetFlow = packetStream
self.packetContinuation = packetContinuation
let (closeStream, closeContinuation) = AsyncStream.makeStream(of: Void.self, bufferingPolicy: .bufferingNewest(1))
self.closeStream = closeStream
self.closeContinuation = closeContinuation
}
func start() {
guard case .idle = self.state else {
return
}
self.state = .running
// 1.
let parameters = NWParameters.udp
// TUN NE TUN .other
parameters.prohibitedInterfaceTypes = [.other]
// 2. pathSelectionOptions
parameters.multipathServiceType = .handover
// 2.
let connection = NWConnection(to: self.dnsServerAddress, using: parameters)
self.connection = connection
connection.stateUpdateHandler = { [weak self] state in
Task {
await self?.handleConnectionStateUpdate(state, for: connection)
}
}
//
connection.start(queue: .global())
}
public func waitClose() async {
for await _ in self.closeStream { }
}
///
private static func makeReceiveStream(for connection: NWConnection) -> AsyncStream<Data> {
return AsyncStream(bufferingPolicy: .bufferingNewest(256)) { continuation in
func receiveNext() {
connection.receiveMessage { content, _, _, error in
if let data = content, !data.isEmpty {
// DNS AsyncStream
continuation.yield(data)
}
if error == nil && connection.state == .ready {
receiveNext() //
} else {
continuation.finish()
}
}
}
receiveNext()
}
}
/// DNS TUN IP
func forward(ipPacketData: Data) {
guard case .running = self.state, let connection = self.connection, connection.state == .ready else {
return
}
connection.send(content: ipPacketData, completion: .contentProcessed { error in
if let error = error {
SDLLogger.log("[DNSClient] Send error: \(error)", for: .debug)
}
})
}
func stop() {
guard self.state != .stopped else {
return
}
self.state = .stopped
self.receiveTask?.cancel()
self.receiveTask = nil
self.connection?.cancel()
self.connection = nil
self.finishPacketFlowIfNeeded()
self.finishCloseStreamIfNeeded()
}
private func handleConnectionStateUpdate(_ state: NWConnection.State, for connection: NWConnection) {
guard case .running = self.state else {
return
}
switch state {
case .ready:
SDLLogger.log("[DNSClient] Connection ready", for: .debug)
self.startReceiveTask(for: connection)
case .failed(let error):
SDLLogger.log("[DNSClient] Connection failed: \(error)", for: .debug)
self.stop()
case .cancelled:
self.stop()
default:
break
}
}
private func startReceiveTask(for connection: NWConnection) {
guard self.receiveTask == nil else {
return
}
let stream = Self.makeReceiveStream(for: connection)
self.receiveTask = Task { [weak self] in
for await data in stream {
guard let self else {
break
}
await self.handleReceivedPacket(data)
}
await self?.didFinishReceiving(for: connection)
}
}
private func handleReceivedPacket(_ data: Data) {
guard case .running = self.state else {
return
}
self.packetContinuation.yield(data)
}
private func didFinishReceiving(for connection: NWConnection) {
guard case .running = self.state else {
return
}
if self.connection === connection, connection.state != .ready {
self.stop()
} else {
self.receiveTask = nil
}
}
private func finishPacketFlowIfNeeded() {
guard !self.didFinishPacketFlow else {
return
}
self.didFinishPacketFlow = true
self.packetContinuation.finish()
}
private func finishCloseStreamIfNeeded() {
guard !self.didFinishCloseStream else {
return
}
self.didFinishCloseStream = true
self.closeContinuation.finish()
}
deinit {
self.connection?.cancel()
}
}

19
Tun/Punchnet/DNS/DNSHelper.swift
View File

@ -1,19 +0,0 @@
//
// Helper.swift
// punchnet
//
// Created by on 2026/4/10.
//
import Foundation
struct DNSHelper {
static let dnsServer: String = "100.100.100.100"
// dns
static let dnsDestIpAddr: UInt32 = 1684300900
// dns
static func isDnsRequestPacket(ipPacket: IPPacket) -> Bool {
return ipPacket.header.destination == dnsDestIpAddr
}
}

324
Tun/Punchnet/DNS/DNSLocalClient.swift
View File

@ -1,324 +0,0 @@
import Foundation
import Network
actor DNSLocalClient {
struct DNSTracker {
let transactionID: UInt16
let clientIP: UInt32
let clientPort: UInt16
let createdAt: Date
}
private struct PendingRequest {
let tracker: DNSTracker
}
private enum State {
case idle
case running
case stopped
}
private var state: State = .idle
private var connections: [NWConnection] = []
private var receiveTasks: [ObjectIdentifier: Task<Void, Never>] = [:]
private let dnsServers = ["223.5.5.5", "119.29.29.29"]
let packetFlow: AsyncStream<Data>
private let packetContinuation: AsyncStream<Data>.Continuation
private var pendingRequests: [UInt16: PendingRequest] = [:]
private var nextTransactionID: UInt16 = 1
private var cleanupTask: Task<Void, Never>?
private let timeoutInterval: TimeInterval = 3.0
private var didFinishPacketFlow = false
init() {
let (stream, continuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .bufferingNewest(256))
self.packetFlow = stream
self.packetContinuation = continuation
}
func start() {
guard case .idle = self.state else {
return
}
self.state = .running
for server in self.dnsServers {
let endpoint = NWEndpoint.hostPort(host: NWEndpoint.Host(server), port: 53)
let parameters = NWParameters.udp
parameters.prohibitedInterfaceTypes = [.other]
let conn = NWConnection(to: endpoint, using: parameters)
conn.stateUpdateHandler = { [weak self] state in
Task {
await self?.handleConnectionStateUpdate(state, for: conn)
}
}
conn.start(queue: .global())
self.connections.append(conn)
}
self.cleanupTask = Task { [weak self] in
while !Task.isCancelled {
try? await Task.sleep(nanoseconds: 3 * 1_000_000_000)
await self?.performCleanup()
}
}
}
func query(tracker: DNSTracker, dnsPayload: Data) {
guard case .running = self.state, dnsPayload.count >= 2 else {
return
}
guard let transactionID = self.allocateTransactionID() else {
SDLLogger.log("[DNSLocalClient] no available transaction id", for: .debug)
return
}
self.pendingRequests[transactionID] = PendingRequest(tracker: tracker)
let rewrittenPayload = Self.rewriteTransactionID(in: dnsPayload, to: transactionID)
var hasReadyConnection = false
for conn in self.connections where conn.state == .ready {
hasReadyConnection = true
conn.send(content: rewrittenPayload, completion: .contentProcessed({ error in
if let error {
SDLLogger.log("[DNSLocalClient] send error: \(error.localizedDescription)", for: .debug)
}
}))
}
if !hasReadyConnection {
self.pendingRequests.removeValue(forKey: transactionID)
}
}
func stop() {
guard self.state != .stopped else {
return
}
self.state = .stopped
self.receiveTasks.values.forEach { $0.cancel() }
self.receiveTasks.removeAll()
self.connections.forEach { $0.cancel() }
self.connections.removeAll()
self.cleanupTask?.cancel()
self.cleanupTask = nil
self.pendingRequests.removeAll()
self.nextTransactionID = 1
self.finishPacketFlowIfNeeded()
}
private func handleConnectionStateUpdate(_ state: NWConnection.State, for conn: NWConnection) {
guard case .running = self.state else {
return
}
switch state {
case .ready:
self.startReceiveTask(for: conn)
case .failed(let error):
SDLLogger.log("[DNSLocalClient] failed with error: \(error.localizedDescription)", for: .debug)
self.stop()
case .cancelled:
let key = ObjectIdentifier(conn)
self.receiveTasks.removeValue(forKey: key)?.cancel()
self.connections.removeAll { $0 === conn }
if self.connections.isEmpty {
self.stop()
}
default:
()
}
}
private func startReceiveTask(for conn: NWConnection) {
let key = ObjectIdentifier(conn)
guard self.receiveTasks[key] == nil else {
return
}
let stream = Self.makeReceiveStream(for: conn)
self.receiveTasks[key] = Task { [weak self] in
for await data in stream {
guard let self else {
break
}
await self.handleResponse(data: data)
}
await self?.didFinishReceiving(for: conn)
}
}
private func didFinishReceiving(for conn: NWConnection) {
let key = ObjectIdentifier(conn)
self.receiveTasks.removeValue(forKey: key)
}
private func handleResponse(data: Data) {
guard case .running = self.state,
let rewrittenTransactionID = Self.readTransactionID(from: data),
let pendingRequest = self.pendingRequests.removeValue(forKey: rewrittenTransactionID) else {
return
}
let restoredPayload = Self.rewriteTransactionID(in: data, to: pendingRequest.tracker.transactionID)
let packet = Self.createDNSResponse(
payload: restoredPayload,
srcIP: DNSHelper.dnsDestIpAddr,
srcPort: 53,
destIP: pendingRequest.tracker.clientIP,
destPort: pendingRequest.tracker.clientPort
)
self.packetContinuation.yield(packet)
}
private func performCleanup() {
guard case .running = self.state else {
return
}
let now = Date()
self.pendingRequests = self.pendingRequests.filter { _, request in
now.timeIntervalSince(request.tracker.createdAt) < self.timeoutInterval
}
}
private func allocateTransactionID() -> UInt16? {
var candidate = self.nextTransactionID == 0 ? 1 : self.nextTransactionID
let start = candidate
repeat {
if self.pendingRequests[candidate] == nil {
self.nextTransactionID = Self.nextTransactionID(after: candidate)
return candidate
}
candidate = Self.nextTransactionID(after: candidate)
} while candidate != start
return nil
}
private func finishPacketFlowIfNeeded() {
guard !self.didFinishPacketFlow else {
return
}
self.didFinishPacketFlow = true
self.packetContinuation.finish()
}
private static func nextTransactionID(after id: UInt16) -> UInt16 {
return id == UInt16.max ? 1 : id &+ 1
}
private static func readTransactionID(from payload: Data) -> UInt16? {
guard payload.count >= 2 else {
return nil
}
return UInt16(payload[0]) << 8 | UInt16(payload[1])
}
private static func rewriteTransactionID(in payload: Data, to transactionID: UInt16) -> Data {
guard payload.count >= 2 else {
return payload
}
var rewrittenPayload = payload
rewrittenPayload[0] = UInt8((transactionID >> 8) & 0xFF)
rewrittenPayload[1] = UInt8(transactionID & 0xFF)
return rewrittenPayload
}
private static func makeReceiveStream(for conn: NWConnection) -> AsyncStream<Data> {
return AsyncStream(bufferingPolicy: .bufferingNewest(256)) { continuation in
func receiveNext() {
conn.receiveMessage { content, _, _, error in
if let data = content, !data.isEmpty {
continuation.yield(data)
}
if error == nil && conn.state == .ready {
receiveNext()
} else {
continuation.finish()
}
}
}
receiveNext()
}
}
}
extension DNSLocalClient {
static func createDNSResponse(payload: Data, srcIP: UInt32, srcPort: UInt16, destIP: UInt32, destPort: UInt16) -> Data {
let udpLen = 8 + payload.count
let ipLen = 20 + udpLen
var ipHeader = Data(count: 20)
ipHeader[0] = 0x45
ipHeader[2...3] = withUnsafeBytes(of: UInt16(ipLen).bigEndian) { Data($0) }
ipHeader[8] = 64
ipHeader[9] = 17
ipHeader[12...15] = withUnsafeBytes(of: srcIP.bigEndian) { Data($0) }
ipHeader[16...19] = withUnsafeBytes(of: destIP.bigEndian) { Data($0) }
let ipChecksum = calculateChecksum(data: ipHeader)
ipHeader[10...11] = withUnsafeBytes(of: ipChecksum.bigEndian) { Data($0) }
var udpHeader = Data(count: 8)
udpHeader[0...1] = withUnsafeBytes(of: srcPort.bigEndian) { Data($0) }
udpHeader[2...3] = withUnsafeBytes(of: destPort.bigEndian) { Data($0) }
udpHeader[4...5] = withUnsafeBytes(of: UInt16(udpLen).bigEndian) { Data($0) }
udpHeader[6...7] = Data([0, 0])
var packet = Data(capacity: ipLen)
packet.append(ipHeader)
packet.append(udpHeader)
packet.append(payload)
return packet
}
static func calculateChecksum(data: Data) -> UInt16 {
var sum: UInt32 = 0
let count = data.count
data.withUnsafeBytes { (ptr: UnsafeRawBufferPointer) in
guard let baseAddress = ptr.baseAddress else { return }
let wordCount = count / 2
let words = baseAddress.bindMemory(to: UInt16.self, capacity: wordCount)
for i in 0..<wordCount {
sum += UInt32(UInt16(bigEndian: words[i]))
}
if count % 2 != 0 {
let lastByte = ptr[count - 1]
sum += UInt32(lastByte) << 8
}
}
while (sum >> 16) != 0 {
sum = (sum & 0xffff) + (sum >> 16)
}
return UInt16(~sum & 0xffff)
}
}

137
Tun/Punchnet/DNS/DNSParser.swift
View File

@ -1,137 +0,0 @@
//
// DNSQuestion.swift
// punchnet
//
// Created by on 2026/4/10.
//
import Foundation
import Network
// MARK: - DNS
struct DNSQuestion {
let name: String
let type: UInt16
let qclass: UInt16
}
struct DNSResourceRecord {
let name: String
let type: UInt16
let rclass: UInt16
let ttl: UInt32
let rdLength: UInt16
let rdata: Data
}
struct DNSMessage {
var transactionID: UInt16
var flags: UInt16
var questions: [DNSQuestion] = []
var answers: [DNSResourceRecord] = []
var isResponse: Bool {
(flags & 0x8000) != 0
}
}
// MARK: - DNS
final class DNSParser {
private let data: Data
private var offset: Int = 0
init(data: Data, offset: Int) {
self.data = data
self.offset = offset
}
func parse() -> DNSMessage? {
guard data.count >= 12 + self.offset else {
return nil
}
let id = readUInt16()
let flags = readUInt16()
let qdCount = readUInt16()
let anCount = readUInt16()
let _ = readUInt16() // NSCount
let _ = readUInt16() // ARCount
var message = DNSMessage(transactionID: id, flags: flags)
for _ in 0..<qdCount {
if let q = parseQuestion() {
message.questions.append(q)
}
}
for _ in 0..<anCount {
if let rr = parseRR() {
message.answers.append(rr)
}
}
return message
}
private func parseName() -> String {
var parts: [String] = []
var jumped = false
var nextOffset = 0
var currentOffset = self.offset
while currentOffset < data.count {
let length = Int(data[currentOffset])
if length == 0 {
currentOffset += 1
break
}
if (length & 0xC0) == 0xC0 {
let pointer = Int(UInt16(data[currentOffset] & 0x3F) << 8 | UInt16(data[currentOffset + 1]))
if !jumped {
nextOffset = currentOffset + 2
jumped = true
}
currentOffset = pointer
} else {
currentOffset += 1
if let label = String(data: data.subdata(in: currentOffset..<currentOffset+length), encoding: .ascii) {
parts.append(label)
}
currentOffset += length
}
}
self.offset = jumped ? nextOffset : currentOffset
return parts.joined(separator: ".")
}
private func parseQuestion() -> DNSQuestion? {
let name = parseName()
return DNSQuestion(name: name, type: readUInt16(), qclass: readUInt16())
}
private func parseRR() -> DNSResourceRecord? {
let name = parseName()
let type = readUInt16()
let rclass = readUInt16()
let ttl = readUInt32()
let rdLength = readUInt16()
guard offset + Int(rdLength) <= data.count else { return nil }
let rdata = data.subdata(in: offset..<offset + Int(rdLength))
offset += Int(rdLength)
return DNSResourceRecord(name: name, type: type, rclass: rclass, ttl: ttl, rdLength: rdLength, rdata: rdata)
}
private func readUInt16() -> UInt16 {
guard offset + 2 <= data.count else { return 0 }
let val = UInt16(data[offset]) << 8 | UInt16(data[offset + 1])
offset += 2
return val
}
private func readUInt32() -> UInt32 {
guard offset + 4 <= data.count else { return 0 }
let val = UInt32(data[offset]) << 24 | UInt32(data[offset+1]) << 16 | UInt32(data[offset+2]) << 8 | UInt32(data[offset+3])
offset += 4
return val
}
}

86
Tun/Punchnet/IPPacket.swift Normal file
View File

@ -0,0 +1,86 @@
//
// IPPacket.swift
// Tun
//
// Created by on 2024/1/18.
//
import Foundation
struct IPHeader {
let version: UInt8
let headerLength: UInt8
let typeOfService: UInt8
let totalLength: UInt16
let id: UInt16
let offset: UInt16
let timeToLive: UInt8
let proto:UInt8
let checksum: UInt16
let source: UInt32
let destination: UInt32
var source_ip: String {
return intToIp(source)
}
var destination_ip: String {
return intToIp(destination)
}
private func intToIp(_ num: UInt32) -> String {
let ip0 = (UInt8) (num >> 24 & 0xFF)
let ip1 = (UInt8) (num >> 16 & 0xFF)
let ip2 = (UInt8) (num >> 8 & 0xFF)
let ip3 = (UInt8) (num & 0xFF)
return "\(ip0).\(ip1).\(ip2).\(ip3)"
}
public var description: String {
"""
IPHeader version: \(version), header length: \(headerLength), type of service: \(typeOfService), total length: \(totalLength),
id: \(id), offset: \(offset), time ot live: \(timeToLive), proto: \(proto), checksum: \(checksum), source ip: \(source_ip), destination ip:\(destination_ip)
"""
}
}
enum IPVersion: UInt8 {
case ipv4 = 4
case ipv6 = 6
}
enum TransportProtocol: UInt8 {
case icmp = 1
case tcp = 6
case udp = 17
}
struct IPPacket {
let header: IPHeader
let data: Data
init?(_ data: Data) {
guard data.count >= 20 else {
return nil
}
self.header = IPHeader(version: data[0] >> 4,
headerLength: (data[0] & 0b1111) * 4,
typeOfService: data[1],
totalLength: UInt16(bytes: (data[2], data[3])),
id: UInt16(bytes: (data[4], data[5])),
offset: 1,
timeToLive: data[8],
proto: data[9],
checksum: UInt16(bytes: (data[10], data[11])),
source: UInt32(bytes: (data[12], data[13], data[14], data[15])),
destination: UInt32(bytes: (data[16], data[17], data[18], data[19])))
self.data = data
}
//
func getPayload() -> Data {
return data.subdata(in: 20..<data.count)
}
}

0
Tun/Punchnet/NetworkStack/LayerPacket.swift → Tun/Punchnet/LayerPacket.swift
View File

237
Tun/Punchnet/NetworkStack/IPPacket.swift
View File

@ -1,237 +0,0 @@
//
// IPPacket.swift
// Tun
//
// Created by on 2024/1/18.
//
import Foundation
enum IPVersion: UInt8 {
case ipv4 = 4
case ipv6 = 6
}
enum TransportProtocol: UInt8 {
case icmp = 1
case tcp = 6
case udp = 17
}
// MARK: - IP Header
struct IPHeader {
let version: UInt8
let headerLength: UInt8
let typeOfService: UInt8
let totalLength: UInt16
let id: UInt16
let offset: UInt16
let ttl: UInt8
let proto: UInt8
let checksum: UInt16
let source: UInt32
let destination: UInt32
var headerBytes: Int {
Int(headerLength)
}
}
// MARK: - IP Packet
struct IPPacket {
let header: IPHeader
let data: Data
let transportPacket: TransportPacket
enum TransportPacket {
case tcp(TCPPacket)
case udp(UDPPacket)
case icmp(ICMPPacket)
case unsupported(UInt8)
case malformed
}
init?(_ data: Data) {
guard data.count >= 20 else {
return nil
}
let version = data[0] >> 4
let headerLen = (data[0] & 0x0F) * 4
guard data.count >= headerLen else {
return nil
}
self.header = IPHeader(
version: version,
headerLength: headerLen,
typeOfService: data[1],
totalLength: UInt16(bytes: (data[2], data[3])),
id: UInt16(bytes: (data[4], data[5])),
offset: UInt16(bytes: (data[6], data[7])),
ttl: data[8],
proto: data[9],
checksum: UInt16(bytes: (data[10], data[11])),
source: UInt32(bytes: (data[12], data[13], data[14], data[15])),
destination: UInt32(bytes: (data[16], data[17], data[18], data[19]))
)
self.data = data
self.transportPacket = Self.parseTransportPacket(proto: data[9], offset: Int(headerLen), data: data)
}
private static func parseTransportPacket(proto: UInt8, offset: Int, data: Data) -> TransportPacket {
guard let proto = TransportProtocol(rawValue: proto) else {
return .unsupported(proto)
}
switch proto {
case .tcp:
guard let tcp = TCPPacket(data, offset: offset) else {
return .malformed
}
return .tcp(tcp)
case .udp:
guard let udp = UDPPacket(data, offset: offset) else {
return .malformed
}
return .udp(udp)
case .icmp:
guard let icmp = ICMPPacket(data, offset: offset) else {
return .malformed
}
return .icmp(icmp)
}
}
}
// MARK: - TCP Flags
struct TCPFlags: OptionSet {
let rawValue: UInt16
static let fin = TCPFlags(rawValue: 1 << 0)
static let syn = TCPFlags(rawValue: 1 << 1)
static let rst = TCPFlags(rawValue: 1 << 2)
static let psh = TCPFlags(rawValue: 1 << 3)
static let ack = TCPFlags(rawValue: 1 << 4)
static let urg = TCPFlags(rawValue: 1 << 5)
static let ece = TCPFlags(rawValue: 1 << 6)
static let cwr = TCPFlags(rawValue: 1 << 7)
}
// MARK: - TCP Header
struct TCPHeader {
let srcPort: UInt16
let dstPort: UInt16
let seq: UInt32
let ack: UInt32
let dataOffset: UInt8
let flags: TCPFlags
let window: UInt16
let checksum: UInt16
let urgentPointer: UInt16
var headerLength: Int {
Int(dataOffset) * 4
}
}
// MARK: - TCP Packet
struct TCPPacket {
let header: TCPHeader
init?(_ data: Data, offset: Int) {
guard data.count >= offset + 20 else {
return nil
}
let srcPort = UInt16(bytes: (data[offset], data[offset + 1]))
let dstPort = UInt16(bytes: (data[offset + 2], data[offset + 3]))
let seq = UInt32(bytes: (data[offset + 4], data[offset + 5], data[offset + 6], data[offset + 7]))
let ack = UInt32(bytes: (data[offset + 8], data[offset + 9], data[offset + 10], data[offset + 11]))
let offsetAndFlags = UInt16(bytes: (data[offset + 12], data[offset + 13]))
let dataOffset = UInt8(offsetAndFlags >> 12)
let flags = TCPFlags(rawValue: offsetAndFlags & 0x01FF)
let window = UInt16(bytes: (data[offset + 14], data[offset + 15]))
let checksum = UInt16(bytes: (data[offset + 16], data[offset + 17]))
let urgent = UInt16(bytes: (data[offset + 18], data[offset + 19]))
let header = TCPHeader(
srcPort: srcPort,
dstPort: dstPort,
seq: seq,
ack: ack,
dataOffset: dataOffset,
flags: flags,
window: window,
checksum: checksum,
urgentPointer: urgent
)
let headerLen = header.headerLength
guard data.count >= offset + headerLen else {
return nil
}
self.header = header
}
}
// MARK: - UDP Packet
struct UDPPacket {
let srcPort: UInt16
let dstPort: UInt16
let length: UInt16
let checksum: UInt16
let payloadOffset: Int
init?(_ data: Data, offset: Int) {
guard data.count >= offset + 8 else {
return nil
}
self.srcPort = UInt16(bytes: (data[offset], data[offset + 1]))
self.dstPort = UInt16(bytes: (data[offset + 2], data[offset + 3]))
self.length = UInt16(bytes: (data[offset + 4], data[offset + 5]))
self.checksum = UInt16(bytes: (data[offset + 6], data[offset + 7]))
self.payloadOffset = offset + 8
}
}
// MARK: - ICMP Packet
struct ICMPPacket {
let type: UInt8
let code: UInt8
let checksum: UInt16
init?(_ data: Data, offset: Int) {
guard data.count >= offset + 4 else {
return nil
}
self.type = data[offset]
self.code = data[offset + 1]
self.checksum = UInt16(bytes: (data[offset + 2], data[offset + 3]))
}
}

41
Tun/Punchnet/NetworkStack/SDLAddressResolver.swift
View File

@ -1,41 +0,0 @@
//
// SDLAddressResolverPool.swift
// Tun
//
// Created by on 2026/2/3.
//
import Foundation
import NIOCore
import NIOPosix
actor SDLAddressResolver {
static let shared = SDLAddressResolver(threads: System.coreCount)
private let pool: NIOThreadPool
private var cache: [String: SocketAddress] = [:]
private init(threads: Int = 2) {
self.pool = NIOThreadPool(numberOfThreads: threads)
self.pool.start()
}
func resolve(host: String, port: Int) async throws -> SocketAddress {
let key = "\(host):\(port)"
if let cached = cache[key] {
return cached
}
let address = try await pool.runIfActive {
try SocketAddress.makeAddressResolvingHost(host, port: port)
}
cache[key] = address
return address
}
deinit {
pool.shutdownGracefully { _ in }
}
}

27
Tun/Punchnet/Policy/IdentityRuleMap.swift
View File

@ -1,27 +0,0 @@
//
// RuleMap.swift
// punchnet
//
// Created by on 2026/2/5.
//
struct IdentityRuleMap {
let version: UInt32
// map[proto][port]
let ruleMap: [UInt8: [UInt16: Bool]]
init(version: UInt32, ruleMap: [UInt8: [UInt16: Bool]]) {
self.version = version
self.ruleMap = ruleMap
}
func isAllow(proto: UInt8, port: UInt16) -> Bool {
if let portMap = self.ruleMap[proto],
let allowed = portMap[port] {
return allowed
} else {
return false
}
}
}

25
Tun/Punchnet/Policy/IdentitySnapshot.swift
View File

@ -1,25 +0,0 @@
//
// IdentitySnapshot.swift
// punchnet
//
// Created by on 2026/2/5.
//
final class IdentitySnapshot {
typealias IdentityID = UInt32
private let identityMap: [IdentityID: IdentityRuleMap]
init(identityMap: [IdentityID : IdentityRuleMap]) {
self.identityMap = identityMap
}
func lookup(_ id: IdentityID) -> IdentityRuleMap? {
return self.identityMap[id]
}
static func empty() -> IdentitySnapshot {
return IdentitySnapshot(identityMap: [:])
}
}

113
Tun/Punchnet/Policy/IdentityStore.swift
View File

@ -1,113 +0,0 @@
//
// IdentityStore.swift
// punchnet
// 1.
// Created by on 2026/2/5.
//
import Foundation
import NIO
actor IdentityStore {
//
nonisolated private let cooldown: Duration = .seconds(5)
// identityId
private var coolingDown: Set<UInt32> = []
// , map[identityId] = version
private var versions: [UInt32: UInt32] = [:]
nonisolated private let alloctor = ByteBufferAllocator()
private let publisher: SnapshotPublisher<IdentitySnapshot>
private var identityMap: [UInt32: IdentityRuleMap] = [:]
init(publisher: SnapshotPublisher<IdentitySnapshot>) {
self.publisher = publisher
}
// , quicClient
func batUpdatePolicy(using quicClient: SDLQUICClient?, dstIdentityID: UInt32) {
guard let quicClient else {
return
}
self.identityMap.keys.forEach { identityId in
var policyRequest = SDLPolicyRequest()
policyRequest.srcIdentityID = identityId
policyRequest.dstIdentityID = dstIdentityID
policyRequest.version = self.nextVersion(identityId: identityId)
//
if let queryData = try? policyRequest.serializedData() {
quicClient.send(type: .policyRequest, data: queryData)
}
}
}
//
func policyRequest(srcIdentityId: UInt32, dstIdentityId: UInt32, using quicClient: SDLQUICClient?) {
guard let quicClient, !coolingDown.contains(srcIdentityId) else {
return
}
var policyRequest = SDLPolicyRequest()
policyRequest.srcIdentityID = srcIdentityId
policyRequest.dstIdentityID = dstIdentityId
policyRequest.version = self.nextVersion(identityId: srcIdentityId)
//
coolingDown.insert(srcIdentityId)
//
if let queryData = try? policyRequest.serializedData() {
quicClient.send(type: .policyRequest, data: queryData)
}
Task {
//
try? await Task.sleep(for: .seconds(5))
self.endCooldown(for: srcIdentityId)
}
}
//
func applyPolicyResponse(_ policyResponse: SDLPolicyResponse) {
let id = policyResponse.srcIdentityID
let version = policyResponse.version
guard self.identityMap[id] == nil || ((self.identityMap[id]?.version ?? 0) < version) else {
return
}
//
var buffer = alloctor.buffer(bytes: policyResponse.rules)
var ruleMap: [UInt8: [UInt16: Bool]] = [:]
while true {
guard let proto = buffer.readInteger(endianness: .big, as: UInt8.self),
let port = buffer.readInteger(endianness: .big, as: UInt16.self) else {
break
}
ruleMap[proto, default: [:]][port] = true
}
self.identityMap[id] = IdentityRuleMap(version: version, ruleMap: ruleMap)
//
let snapshot = compileSnapshot()
publisher.publish(snapshot)
}
private func compileSnapshot() -> IdentitySnapshot {
return IdentitySnapshot(identityMap: identityMap)
}
private func endCooldown(for key: UInt32) {
self.coolingDown.remove(key)
}
private func nextVersion(identityId: UInt32) -> UInt32 {
let version = self.versions[identityId, default: 1]
//
self.versions[identityId] = version + 1
return version
}
}

32
Tun/Punchnet/Policy/SnapshotPublisher.swift
View File

@ -1,32 +0,0 @@
//
// SnapshotPublisher.swift
// punchnet
//
// Created by on 2026/2/5.
//
import Atomics
final class SnapshotPublisher<IdentitySnapshot: AnyObject> {
private let atomic: ManagedAtomic<Unmanaged<IdentitySnapshot>>
init(initial snapshot: IdentitySnapshot) {
self.atomic = ManagedAtomic(.passRetained(snapshot))
}
func publish(_ snapshot: IdentitySnapshot) {
let newRef = Unmanaged.passRetained(snapshot)
let oldRef = atomic.exchange(newRef, ordering: .acquiring)
oldRef.release()
}
@inline(__always)
func current() -> IdentitySnapshot {
atomic.load(ordering: .relaxed).takeUnretainedValue()
}
deinit {
let ref = atomic.load(ordering: .relaxed)
ref.release()
}
}

262
Tun/Punchnet/Protobuf/TunMessage.pb.swift
View File

@ -1,262 +0,0 @@
// DO NOT EDIT.
// swift-format-ignore-file
// swiftlint:disable all
//
// Generated by the Swift generator plugin for the protocol buffer compiler.
// Source: tun.proto
//
// For information on using the generated types, please see the documentation:
// https://github.com/apple/swift-protobuf/
import SwiftProtobuf
// If the compiler emits an error on this type, it is because this file
// was generated by a version of the `protoc` Swift plug-in that is
// incompatible with the version of SwiftProtobuf to which you are linking.
// Please ensure that you are building against the same version of the API
// that was used to generate this file.
fileprivate struct _GeneratedWithProtocGenSwiftVersion: SwiftProtobuf.ProtobufAPIVersionCheck {
struct _2: SwiftProtobuf.ProtobufAPIVersion_2 {}
typealias Version = _2
}
/// AppNE
struct AppRequest: Sendable {
// SwiftProtobuf.Message conformance is added in an extension below. See the
// `Message` and `Message+*Additions` files in the SwiftProtobuf library for
// methods supported on all messages.
var command: AppRequest.OneOf_Command? = nil
var changeExitNode: AppRequest.ChangeExitNodeRequest {
get {
if case .changeExitNode(let v)? = command {return v}
return AppRequest.ChangeExitNodeRequest()
}
set {command = .changeExitNode(newValue)}
}
var unknownFields = SwiftProtobuf.UnknownStorage()
enum OneOf_Command: Equatable, Sendable {
case changeExitNode(AppRequest.ChangeExitNodeRequest)
}
struct ChangeExitNodeRequest: Sendable {
// SwiftProtobuf.Message conformance is added in an extension below. See the
// `Message` and `Message+*Additions` files in the SwiftProtobuf library for
// methods supported on all messages.
///
var ip: String = String()
var unknownFields = SwiftProtobuf.UnknownStorage()
init() {}
}
init() {}
}
struct TunnelResponse: Sendable {
// SwiftProtobuf.Message conformance is added in an extension below. See the
// `Message` and `Message+*Additions` files in the SwiftProtobuf library for
// methods supported on all messages.
var code: Int32 = 0
var message: String = String()
var unknownFields = SwiftProtobuf.UnknownStorage()
init() {}
}
struct TunnelEvent: Sendable {
// SwiftProtobuf.Message conformance is added in an extension below. See the
// `Message` and `Message+*Additions` files in the SwiftProtobuf library for
// methods supported on all messages.
var id: String = String()
var timestampMs: UInt64 = 0
var code: Int32 = 0
var message: String = String()
var unknownFields = SwiftProtobuf.UnknownStorage()
init() {}
}
// MARK: - Code below here is support for the SwiftProtobuf runtime.
extension AppRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
static let protoMessageName: String = "AppRequest"
static let _protobuf_nameMap: SwiftProtobuf._NameMap = [
1: .standard(proto: "change_exit_node"),
]
mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
while let fieldNumber = try decoder.nextFieldNumber() {
// The use of inline closures is to circumvent an issue where the compiler
// allocates stack space for every case branch when no optimizations are
// enabled. https://github.com/apple/swift-protobuf/issues/1034
switch fieldNumber {
case 1: try {
var v: AppRequest.ChangeExitNodeRequest?
var hadOneofValue = false
if let current = self.command {
hadOneofValue = true
if case .changeExitNode(let m) = current {v = m}
}
try decoder.decodeSingularMessageField(value: &v)
if let v = v {
if hadOneofValue {try decoder.handleConflictingOneOf()}
self.command = .changeExitNode(v)
}
}()
default: break
}
}
}
func traverse<V: SwiftProtobuf.Visitor>(visitor: inout V) throws {
// The use of inline closures is to circumvent an issue where the compiler
// allocates stack space for every if/case branch local when no optimizations
// are enabled. https://github.com/apple/swift-protobuf/issues/1034 and
// https://github.com/apple/swift-protobuf/issues/1182
try { if case .changeExitNode(let v)? = self.command {
try visitor.visitSingularMessageField(value: v, fieldNumber: 1)
} }()
try unknownFields.traverse(visitor: &visitor)
}
static func ==(lhs: AppRequest, rhs: AppRequest) -> Bool {
if lhs.command != rhs.command {return false}
if lhs.unknownFields != rhs.unknownFields {return false}
return true
}
}
extension AppRequest.ChangeExitNodeRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
static let protoMessageName: String = AppRequest.protoMessageName + ".ChangeExitNodeRequest"
static let _protobuf_nameMap: SwiftProtobuf._NameMap = [
1: .same(proto: "ip"),
]
mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
while let fieldNumber = try decoder.nextFieldNumber() {
// The use of inline closures is to circumvent an issue where the compiler
// allocates stack space for every case branch when no optimizations are
// enabled. https://github.com/apple/swift-protobuf/issues/1034
switch fieldNumber {
case 1: try { try decoder.decodeSingularStringField(value: &self.ip) }()
default: break
}
}
}
func traverse<V: SwiftProtobuf.Visitor>(visitor: inout V) throws {
if !self.ip.isEmpty {
try visitor.visitSingularStringField(value: self.ip, fieldNumber: 1)
}
try unknownFields.traverse(visitor: &visitor)
}
static func ==(lhs: AppRequest.ChangeExitNodeRequest, rhs: AppRequest.ChangeExitNodeRequest) -> Bool {
if lhs.ip != rhs.ip {return false}
if lhs.unknownFields != rhs.unknownFields {return false}
return true
}
}
extension TunnelResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
static let protoMessageName: String = "TunnelResponse"
static let _protobuf_nameMap: SwiftProtobuf._NameMap = [
1: .same(proto: "code"),
2: .same(proto: "message"),
]
mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
while let fieldNumber = try decoder.nextFieldNumber() {
// The use of inline closures is to circumvent an issue where the compiler
// allocates stack space for every case branch when no optimizations are
// enabled. https://github.com/apple/swift-protobuf/issues/1034
switch fieldNumber {
case 1: try { try decoder.decodeSingularInt32Field(value: &self.code) }()
case 2: try { try decoder.decodeSingularStringField(value: &self.message) }()
default: break
}
}
}
func traverse<V: SwiftProtobuf.Visitor>(visitor: inout V) throws {
if self.code != 0 {
try visitor.visitSingularInt32Field(value: self.code, fieldNumber: 1)
}
if !self.message.isEmpty {
try visitor.visitSingularStringField(value: self.message, fieldNumber: 2)
}
try unknownFields.traverse(visitor: &visitor)
}
static func ==(lhs: TunnelResponse, rhs: TunnelResponse) -> Bool {
if lhs.code != rhs.code {return false}
if lhs.message != rhs.message {return false}
if lhs.unknownFields != rhs.unknownFields {return false}
return true
}
}
extension TunnelEvent: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
static let protoMessageName: String = "TunnelEvent"
static let _protobuf_nameMap: SwiftProtobuf._NameMap = [
1: .same(proto: "id"),
2: .standard(proto: "timestamp_ms"),
3: .same(proto: "code"),
4: .same(proto: "message"),
]
mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
while let fieldNumber = try decoder.nextFieldNumber() {
// The use of inline closures is to circumvent an issue where the compiler
// allocates stack space for every case branch when no optimizations are
// enabled. https://github.com/apple/swift-protobuf/issues/1034
switch fieldNumber {
case 1: try { try decoder.decodeSingularStringField(value: &self.id) }()
case 2: try { try decoder.decodeSingularUInt64Field(value: &self.timestampMs) }()
case 3: try { try decoder.decodeSingularInt32Field(value: &self.code) }()
case 4: try { try decoder.decodeSingularStringField(value: &self.message) }()
default: break
}
}
}
func traverse<V: SwiftProtobuf.Visitor>(visitor: inout V) throws {
if !self.id.isEmpty {
try visitor.visitSingularStringField(value: self.id, fieldNumber: 1)
}
if self.timestampMs != 0 {
try visitor.visitSingularUInt64Field(value: self.timestampMs, fieldNumber: 2)
}
if self.code != 0 {
try visitor.visitSingularInt32Field(value: self.code, fieldNumber: 3)
}
if !self.message.isEmpty {
try visitor.visitSingularStringField(value: self.message, fieldNumber: 4)
}
try unknownFields.traverse(visitor: &visitor)
}
static func ==(lhs: TunnelEvent, rhs: TunnelEvent) -> Bool {
if lhs.id != rhs.id {return false}
if lhs.timestampMs != rhs.timestampMs {return false}
if lhs.code != rhs.code {return false}
if lhs.message != rhs.message {return false}
if lhs.unknownFields != rhs.unknownFields {return false}
return true
}
}

0
Tun/Punchnet/Cipher/RSACipher.swift → Tun/Punchnet/RSACipher.swift
View File

32
Tun/Punchnet/SDLAsyncTimerStream.swift
View File

@ -1,32 +0,0 @@
//
// SDLAsyncTimerStream.swift
// Tun
//
// Created by on 2026/2/3.
//
import Foundation
class SDLAsyncTimerStream {
let timer: DispatchSourceTimer
let stream: AsyncStream<Void>
private let cont: AsyncStream<Void>.Continuation
init() {
self.timer = DispatchSource.makeTimerSource(queue: .global())
(stream, cont) = AsyncStream.makeStream(of: Void.self)
}
func start(interval: DispatchTimeInterval) {
timer.schedule(deadline: .now(), repeating: interval)
timer.setEventHandler {
self.cont.yield()
}
timer.resume()
}
deinit {
self.timer.cancel()
}
}

149
Tun/Punchnet/SDLConfiguration.swift
View File

@ -10,148 +10,63 @@ import NIOCore
// //
public class SDLConfiguration { public class SDLConfiguration {
// public struct StunServer {
public struct NetworkAddress { public let host: String
public let networkId: UInt32 public let ports: [Int]
public let ip: UInt32
public let maskLen: UInt8
public let mac: Data
public let networkDomain: String
// ip public init(host: String, ports: [Int]) {
var ipAddress: String { self.host = host
return SDLUtil.int32ToIp(self.ip) self.ports = ports
} }
//
var maskAddress: String {
let len0 = 32 - maskLen
let num: UInt32 = (0xFFFFFFFF >> len0) << len0
return SDLUtil.int32ToIp(num)
}
//
var netAddress: String {
let len0 = 32 - maskLen
let mask: UInt32 = (0xFFFFFFFF >> len0) << len0
return SDLUtil.int32ToIp(self.ip & mask)
}
}
//
public struct ExitNode {
let exitNodeIp: UInt32
} }
// //
let version: Int let version: UInt8
let serverHost: String //
let serverIp: String let installedChannel: String
let stunServers: [String]
let superHost: String
let superPort: Int
let stunServers: [StunServer]
let remoteDnsServer: String
let hostname: String
let noticePort: Int
lazy var stunSocketAddress: SocketAddress = { lazy var stunSocketAddress: SocketAddress = {
let stunServer = stunServers[0] let stunServer = stunServers[0]
return try! SocketAddress.makeAddressResolvingHost(stunServer, port: 1365) return try! SocketAddress.makeAddressResolvingHost(stunServer.host, port: stunServer.ports[0])
}() }()
// //
lazy var stunProbeSocketAddressArray: [[SocketAddress]] = { lazy var stunProbeSocketAddressArray: [[SocketAddress]] = {
return stunServers.map { stunServer in return stunServers.map { stunServer in
[ [
try! SocketAddress.makeAddressResolvingHost(stunServer, port: 1365), try! SocketAddress.makeAddressResolvingHost(stunServer.host, port: stunServer.ports[0]),
try! SocketAddress.makeAddressResolvingHost(stunServer, port: 1366) try! SocketAddress.makeAddressResolvingHost(stunServer.host, port: stunServer.ports[1])
] ]
} }
}() }()
let clientId: String let clientId: String
let networkAddress: NetworkAddress let token: String
let hostname: String let networkCode: String
let accessToken: String
let identityId: UInt32
var exitNode: ExitNode? public init(version: UInt8, installedChannel: String, superHost: String, superPort: Int, stunServers: [StunServer], clientId: String, noticePort: Int, token: String, networkCode: String, remoteDnsServer: String, hostname: String) {
public init(version: Int,
serverHost: String,
serverIp: String,
stunServers: [String],
clientId: String,
networkAddress: NetworkAddress,
hostname: String,
accessToken: String,
identityId: UInt32,
exitNode: ExitNode?) {
self.version = version self.version = version
self.serverHost = serverHost self.installedChannel = installedChannel
self.serverIp = serverIp self.superHost = superHost
self.superPort = superPort
self.stunServers = stunServers self.stunServers = stunServers
self.clientId = clientId self.clientId = clientId
self.networkAddress = networkAddress self.noticePort = noticePort
self.accessToken = accessToken self.token = token
self.identityId = identityId self.networkCode = networkCode
self.remoteDnsServer = remoteDnsServer
self.hostname = hostname self.hostname = hostname
self.exitNode = exitNode
}
}
//
extension SDLConfiguration {
static func parse(options: [String: NSObject]) async -> SDLConfiguration? {
guard let version = options["version"] as? Int,
let serverHost = options["server_host"] as? String,
let stunAssistHost = options["stun_assist_host"] as? String,
let accessToken = options["access_token"] as? String,
let identityId = options["identity_id"] as? UInt32,
let clientId = options["client_id"] as? String,
let hostname = options["hostname"] as? String,
let networkAddressDict = options["network_address"] as? [String: NSObject] else {
return nil
}
guard let networkAddress = parseNetworkAddress(networkAddressDict) else {
return nil
}
// dns
guard let serverIp = await SDLUtil.resolveHostname(host: serverHost) else {
return nil
}
//
var exitNode: ExitNode? = nil
if let exitNodeIpStr = options["exit_node_ip"] as? String, let exitNodeIp = SDLUtil.ipv4StrToInt32(exitNodeIpStr) {
exitNode = .init(exitNodeIp: exitNodeIp)
}
return SDLConfiguration(version: version,
serverHost: serverHost,
serverIp: serverIp,
stunServers: [serverHost, stunAssistHost],
clientId: clientId,
networkAddress: networkAddress,
hostname: hostname,
accessToken: accessToken,
identityId: identityId,
exitNode: exitNode)
}
private static func parseNetworkAddress(_ config: [String: NSObject]) -> SDLConfiguration.NetworkAddress? {
guard let networkId = config["network_id"] as? UInt32,
let ipStr = config["ip"] as? String,
let ip = SDLUtil.ipv4StrToInt32(ipStr),
let maskLen = config["mask_len"] as? UInt8,
let mac = config["mac"] as? Data,
let networkDomain = config["network_domain"] as? String else {
return nil
}
return .init(networkId: networkId, ip: ip, maskLen: maskLen, mac: mac, networkDomain: networkDomain)
} }
} }

715
Tun/Punchnet/SDLContext.swift Normal file
View File

@ -0,0 +1,715 @@
//
// SDLContext.swift
// Tun
//
// Created by on 2024/2/29.
//
import Foundation
import NetworkExtension
import NIOCore
import Combine
//
/*
1. rsa的加解密逻辑
*/
@available(macOS 14, *)
public class SDLContext {
//
struct Route {
let dstAddress: String
let subnetMask: String
var debugInfo: String {
return "\(dstAddress):\(subnetMask)"
}
}
let config: SDLConfiguration
// tun
var devAddr: SDLDevAddr
// nat,
//var natAddress: SDLNatAddress?
// nat
var natType: NatType = .blocked
// AES
var aesCipher: AESCipher
// aes
var aesKey: Data = Data()
// rsa, public_key
let rsaCipher: RSACipher
//
var udpHoleActor: SDLUDPHoleActor?
var superClientActor: SDLSuperClientActor?
var providerActor: SDLTunnelProviderActor
var puncherActor: SDLPuncherActor
// dnsclient
var dnsClientActor: SDLDNSClientActor?
//
private var readTask: Task<(), Never>?
private var sessionManager: SessionManager
private var arpServer: ArpServer
// stunRequestcookie
private var lastCookie: UInt32? = 0
//
private var monitor: SDLNetworkMonitor?
// socket
private var noticeClient: SDLNoticeClient?
//
private var flowTracer = SDLFlowTracerActor()
private var flowTracerCancel: AnyCancellable?
private let logger: SDLLogger
private var rootTask: Task<Void, Error>?
public init(provider: NEPacketTunnelProvider, config: SDLConfiguration, rsaCipher: RSACipher, aesCipher: AESCipher, logger: SDLLogger) {
self.logger = logger
self.config = config
self.rsaCipher = rsaCipher
self.aesCipher = aesCipher
// mac
var devAddr = SDLDevAddr()
devAddr.mac = Self.getMacAddress()
self.devAddr = devAddr
self.sessionManager = SessionManager()
self.arpServer = ArpServer(known_macs: [:])
self.providerActor = SDLTunnelProviderActor(provider: provider, logger: logger)
self.puncherActor = SDLPuncherActor(logger: logger)
}
public func start() async throws {
self.rootTask = Task {
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
while !Task.isCancelled {
do {
try await self.startDnsClient()
} catch let err {
self.logger.log("[SDLContext] UDPHole get err: \(err)", level: .warning)
try await Task.sleep(for: .seconds(2))
}
}
}
group.addTask {
while !Task.isCancelled {
do {
try await self.startUDPHole()
} catch let err {
self.logger.log("[SDLContext] UDPHole get err: \(err)", level: .warning)
try await Task.sleep(for: .seconds(2))
}
}
}
group.addTask {
while !Task.isCancelled {
do {
try await self.startSuperClient()
} catch let err {
self.logger.log("[SDLContext] SuperClient get error: \(err), will restart", level: .warning)
await self.arpServer.clear()
try await Task.sleep(for: .seconds(2))
}
}
}
group.addTask {
await self.startMonitor()
}
group.addTask {
while !Task.isCancelled {
do {
try await self.startNoticeClient()
} catch let err {
self.logger.log("[SDLContext] noticeClient get err: \(err)", level: .warning)
try await Task.sleep(for: .seconds(2))
}
}
}
try await group.waitForAll()
}
}
try await self.rootTask?.value
}
public func stop() async {
self.rootTask?.cancel()
self.superClientActor = nil
self.udpHoleActor = nil
self.noticeClient = nil
self.readTask?.cancel()
}
private func startNoticeClient() async throws {
self.noticeClient = try await SDLNoticeClient(noticePort: self.config.noticePort, logger: self.logger)
try await self.noticeClient?.start()
self.logger.log("[SDLContext] notice_client task cancel", level: .warning)
}
private func startUDPHole() async throws {
self.udpHoleActor = try await SDLUDPHoleActor(logger: self.logger)
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
try await self.udpHoleActor?.start()
}
group.addTask {
while !Task.isCancelled {
try Task.checkCancellation()
try await Task.sleep(nanoseconds: 5 * 1_000_000_000)
try Task.checkCancellation()
if let udpHoleActor = self.udpHoleActor {
let cookie = await udpHoleActor.getCookieId()
var stunRequest = SDLStunRequest()
stunRequest.cookie = cookie
stunRequest.clientID = self.config.clientId
stunRequest.networkID = self.devAddr.networkID
stunRequest.ip = self.devAddr.netAddr
stunRequest.mac = self.devAddr.mac
stunRequest.natType = UInt32(self.natType.rawValue)
let remoteAddress = self.config.stunSocketAddress
await udpHoleActor.send(type: .stunRequest, data: try stunRequest.serializedData(), remoteAddress: remoteAddress)
self.lastCookie = cookie
}
}
}
group.addTask {
if let eventFlow = self.udpHoleActor?.eventFlow {
for try await event in eventFlow {
try Task.checkCancellation()
try await self.handleUDPEvent(event: event)
}
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
private func startSuperClient() async throws {
self.superClientActor = try await SDLSuperClientActor(host: self.config.superHost, port: self.config.superPort, logger: self.logger)
try await withThrowingTaskGroup(of: Void.self) { group in
defer {
self.logger.log("[SDLContext] super client task cancel", level: .warning)
}
group.addTask {
try await self.superClientActor?.start()
}
group.addTask {
if let eventFlow = self.superClientActor?.eventFlow {
for try await event in eventFlow {
try await self.handleSuperEvent(event: event)
}
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
private func startMonitor() async {
self.monitor = SDLNetworkMonitor()
for await event in self.monitor!.eventStream {
switch event {
case .changed:
// nat
self.natType = await self.getNatType()
self.logger.log("didNetworkPathChanged, nat type is: \(self.natType)", level: .info)
case .unreachable:
self.logger.log("didNetworkPathUnreachable", level: .warning)
}
}
}
private func startDnsClient() async throws {
let remoteDnsServer = config.remoteDnsServer
let dnsSocketAddress = try SocketAddress.makeAddressResolvingHost(remoteDnsServer, port: 15353)
self.dnsClientActor = try await SDLDNSClientActor(dnsServerAddress: dnsSocketAddress, logger: self.logger)
try await withThrowingTaskGroup(of: Void.self) { group in
defer {
self.logger.log("[SDLContext] dns client task cancel", level: .warning)
}
group.addTask {
try await self.dnsClientActor?.start()
}
group.addTask {
if let packetFlow = self.dnsClientActor?.packetFlow {
for await packet in packetFlow {
let nePacket = NEPacket(data: packet, protocolFamily: 2)
await self.providerActor.writePackets(packets: [nePacket])
}
}
}
if let _ = try await group.next() {
group.cancelAll()
}
}
}
private func handleSuperEvent(event: SDLSuperClientActor.SuperEvent) async throws {
switch event {
case .ready:
await self.puncherActor.setSuperClientActor(superClientActor: self.superClientActor)
self.logger.log("[SDLContext] get registerSuper, mac address: \(SDLUtil.formatMacAddress(mac: self.devAddr.mac))", level: .debug)
var registerSuper = SDLRegisterSuper()
registerSuper.version = UInt32(self.config.version)
registerSuper.clientID = self.config.clientId
registerSuper.devAddr = self.devAddr
registerSuper.pubKey = self.rsaCipher.pubKey
registerSuper.token = self.config.token
registerSuper.networkCode = self.config.networkCode
registerSuper.hostname = self.config.hostname
guard let message = try await self.superClientActor?.request(type: .registerSuper, data: try registerSuper.serializedData()) else {
return
}
switch message.packet {
case .registerSuperAck(let registerSuperAck):
// rsa
let aesKey = try! self.rsaCipher.decode(data: Data(registerSuperAck.aesKey))
let upgradeType = SDLUpgradeType(rawValue: registerSuperAck.upgradeType)
self.logger.log("[SDLContext] get registerSuperAck, aes_key len: \(aesKey.count), network_id:\(registerSuperAck.devAddr.networkID)", level: .info)
self.devAddr = registerSuperAck.devAddr
if upgradeType == .force {
let forceUpgrade = NoticeMessage.upgrade(prompt: registerSuperAck.upgradePrompt, address: registerSuperAck.upgradeAddress)
await self.noticeClient?.send(data: forceUpgrade)
exit(-1)
}
// tun
do {
let ipAddress = try await self.providerActor.setNetworkSettings(devAddr: self.devAddr, dnsServer: SDLDNSClientActor.Helper.dnsServer)
await self.noticeClient?.send(data: NoticeMessage.ipAdress(ip: ipAddress))
self.startReader()
} catch let err {
self.logger.log("[SDLContext] setTunnelNetworkSettings get error: \(err)", level: .error)
exit(-1)
}
self.aesKey = aesKey
if upgradeType == .normal {
let normalUpgrade = NoticeMessage.upgrade(prompt: registerSuperAck.upgradePrompt, address: registerSuperAck.upgradeAddress)
await self.noticeClient?.send(data: normalUpgrade)
}
case .registerSuperNak(let nakPacket):
let errorMessage = nakPacket.errorMessage
guard let errorCode = SDLNAKErrorCode(rawValue: UInt8(nakPacket.errorCode)) else {
return
}
switch errorCode {
case .invalidToken, .nodeDisabled:
let alertNotice = NoticeMessage.alert(alert: errorMessage)
await self.noticeClient?.send(data: alertNotice)
exit(-1)
case .noIpAddress, .networkFault, .internalFault:
let alertNotice = NoticeMessage.alert(alert: errorMessage)
await self.noticeClient?.send(data: alertNotice)
}
self.logger.log("[SDLContext] Get a SuperNak message exit", level: .warning)
default:
()
}
case .event(let evt):
switch evt {
case .natChanged(let natChangedEvent):
let dstMac = natChangedEvent.mac
self.logger.log("[SDLContext] natChangedEvent, dstMac: \(dstMac)", level: .info)
await sessionManager.removeSession(dstMac: dstMac)
case .sendRegister(let sendRegisterEvent):
self.logger.log("[SDLContext] sendRegisterEvent, ip: \(sendRegisterEvent)", level: .debug)
let address = SDLUtil.int32ToIp(sendRegisterEvent.natIp)
if let remoteAddress = try? SocketAddress.makeAddressResolvingHost(address, port: Int(sendRegisterEvent.natPort)) {
// register
var register = SDLRegister()
register.networkID = self.devAddr.networkID
register.srcMac = self.devAddr.mac
register.dstMac = sendRegisterEvent.dstMac
await self.udpHoleActor?.send(type: .register, data: try register.serializedData(), remoteAddress: remoteAddress)
}
case .networkShutdown(let shutdownEvent):
let alertNotice = NoticeMessage.alert(alert: shutdownEvent.message)
await self.noticeClient?.send(data: alertNotice)
exit(-1)
}
case .command(let packetId, let command):
switch command {
case .changeNetwork(let changeNetworkCommand):
// rsa
let aesKey = try! self.rsaCipher.decode(data: Data(changeNetworkCommand.aesKey))
self.logger.log("[SDLContext] change network command get aes_key len: \(aesKey.count)", level: .info)
self.devAddr = changeNetworkCommand.devAddr
// tun
do {
let ipAddress = try await self.providerActor.setNetworkSettings(devAddr: self.devAddr, dnsServer: SDLDNSClientActor.Helper.dnsServer)
await self.noticeClient?.send(data: NoticeMessage.ipAdress(ip: ipAddress))
self.startReader()
} catch let err {
self.logger.log("[SDLContext] setTunnelNetworkSettings get error: \(err)", level: .error)
exit(-1)
}
self.aesKey = aesKey
var commandAck = SDLCommandAck()
commandAck.status = true
await self.superClientActor?.send(type: .commandAck, packetId: packetId, data: try commandAck.serializedData())
}
}
}
private func handleUDPEvent(event: SDLUDPHoleActor.UDPEvent) async throws {
switch event {
case .ready:
await self.puncherActor.setUDPHoleActor(udpHoleActor: self.udpHoleActor)
//
self.natType = await getNatType()
self.logger.log("[SDLContext] broadcast is: \(self.natType)", level: .debug)
case .message(let remoteAddress, let message):
switch message {
case .register(let register):
self.logger.log("register packet: \(register), dev_addr: \(self.devAddr)", level: .debug)
// tun,
if register.dstMac == self.devAddr.mac && register.networkID == self.devAddr.networkID {
// ack
var registerAck = SDLRegisterAck()
registerAck.networkID = self.devAddr.networkID
registerAck.srcMac = self.devAddr.mac
registerAck.dstMac = register.srcMac
await self.udpHoleActor?.send(type: .registerAck, data: try registerAck.serializedData(), remoteAddress: remoteAddress)
// , super-nodenatudpnat
let session = Session(dstMac: register.srcMac, natAddress: remoteAddress)
await self.sessionManager.addSession(session: session)
} else {
self.logger.log("SDLContext didReadRegister get a invalid packet, because dst_ip not matched: \(register.dstMac)", level: .warning)
}
case .registerAck(let registerAck):
// tun,
if registerAck.dstMac == self.devAddr.mac && registerAck.networkID == self.devAddr.networkID {
let session = Session(dstMac: registerAck.srcMac, natAddress: remoteAddress)
await self.sessionManager.addSession(session: session)
} else {
self.logger.log("SDLContext didReadRegisterAck get a invalid packet, because dst_mac not matched: \(registerAck.dstMac)", level: .warning)
}
case .stunReply(let stunReply):
let cookie = stunReply.cookie
if cookie == self.lastCookie {
// nat
//self.natAddress = stunReply.natAddress
self.logger.log("[SDLContext] get a stunReply: \(try! stunReply.jsonString())", level: .debug)
}
default:
()
}
case .data(let data):
let mac = LayerPacket.MacAddress(data: data.dstMac)
guard (data.dstMac == self.devAddr.mac || mac.isBroadcast() || mac.isMulticast()) else {
return
}
guard let decyptedData = try? self.aesCipher.decypt(aesKey: self.aesKey, data: Data(data.data)) else {
return
}
do {
let layerPacket = try LayerPacket(layerData: decyptedData)
await self.flowTracer.inc(num: decyptedData.count, type: .inbound)
// arp
switch layerPacket.type {
case .arp:
// arp
if let arpPacket = ARPPacket(data: layerPacket.data) {
if arpPacket.targetIP == self.devAddr.netAddr {
switch arpPacket.opcode {
case .request:
self.logger.log("[SDLContext] get arp request packet", level: .debug)
let response = ARPPacket.arpResponse(for: arpPacket, mac: self.devAddr.mac, ip: self.devAddr.netAddr)
await self.routeLayerPacket(dstMac: arpPacket.senderMAC, type: .arp, data: response.marshal())
case .response:
self.logger.log("[SDLContext] get arp response packet", level: .debug)
await self.arpServer.append(ip: arpPacket.senderIP, mac: arpPacket.senderMAC)
}
} else {
self.logger.log("[SDLContext] get invalid arp packet: \(arpPacket), target_ip: \(SDLUtil.int32ToIp(arpPacket.targetIP)), net ip: \(SDLUtil.int32ToIp(self.devAddr.netAddr))", level: .debug)
}
} else {
self.logger.log("[SDLContext] get invalid arp packet", level: .debug)
}
case .ipv4:
guard let ipPacket = IPPacket(layerPacket.data), ipPacket.header.destination == self.devAddr.netAddr else {
return
}
let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
await self.providerActor.writePackets(packets: [packet])
default:
self.logger.log("[SDLContext] get invalid packet", level: .debug)
}
} catch let err {
self.logger.log("[SDLContext] didReadData err: \(err)", level: .warning)
}
}
}
//
// public func flowReportTask() {
// Task {
// //
// self.flowTracerCancel = Timer.publish(every: 60.0, on: .main, in: .common).autoconnect()
// .sink { _ in
// Task {
// let (forwardNum, p2pNum, inboundNum) = await self.flowTracer.reset()
// await self.superClient?.flowReport(forwardNum: forwardNum, p2pNum: p2pNum, inboundNum: inboundNum)
// }
// }
// }
// }
// , 线packetFlow
private func startReader() {
//
self.readTask?.cancel()
//
self.readTask = Task(priority: .high) {
repeat {
let packets = await self.providerActor.readPackets()
for packet in packets {
await self.dealPacket(data: packet)
}
} while true
}
}
//
private func dealPacket(data: Data) async {
guard let packet = IPPacket(data) else {
return
}
if SDLDNSClientActor.Helper.isDnsRequestPacket(ipPacket: packet) {
let destIp = packet.header.destination_ip
self.logger.log("[DNSQuery] destIp: \(destIp), int: \(packet.header.destination.asIpAddress())", level: .debug)
await self.dnsClientActor?.forward(ipPacket: packet)
}
else {
Task.detached {
let dstIp = packet.header.destination
// , ip
if dstIp == self.devAddr.netAddr {
let nePacket = NEPacket(data: packet.data, protocolFamily: 2)
await self.providerActor.writePackets(packets: [nePacket])
return
}
// arpmac
if let dstMac = await self.arpServer.query(ip: dstIp) {
await self.routeLayerPacket(dstMac: dstMac, type: .ipv4, data: packet.data)
}
else {
self.logger.log("[SDLContext] dstIp: \(dstIp.asIpAddress()) arp query not found, broadcast", level: .debug)
// arp广
let arpReqeust = ARPPacket.arpRequest(senderIP: self.devAddr.netAddr, senderMAC: self.devAddr.mac, targetIP: dstIp)
await self.routeLayerPacket(dstMac: ARPPacket.broadcastMac , type: .arp, data: arpReqeust.marshal())
}
}
}
}
private func routeLayerPacket(dstMac: Data, type: LayerPacket.PacketType, data: Data) async {
// 2
let layerPacket = LayerPacket(dstMac: dstMac, srcMac: self.devAddr.mac, type: type, data: data)
guard let encodedPacket = try? self.aesCipher.encrypt(aesKey: self.aesKey, data: layerPacket.marshal()) else {
return
}
//
var dataPacket = SDLData()
dataPacket.networkID = self.devAddr.networkID
dataPacket.srcMac = self.devAddr.mac
dataPacket.dstMac = dstMac
dataPacket.ttl = 255
dataPacket.data = encodedPacket
let data = try! dataPacket.serializedData()
// 广
if ARPPacket.isBroadcastMac(dstMac) {
// super_node
await self.udpHoleActor?.send(type: .data, data: data, remoteAddress: self.config.stunSocketAddress)
}
else {
// session
if let session = await self.sessionManager.getSession(toAddress: dstMac) {
self.logger.log("[SDLContext] send packet by session: \(session)", level: .debug)
await self.udpHoleActor?.send(type: .data, data: data, remoteAddress: session.natAddress)
await self.flowTracer.inc(num: data.count, type: .p2p)
}
else {
// super_node
await self.udpHoleActor?.send(type: .data, data: data, remoteAddress: self.config.stunSocketAddress)
//
await self.flowTracer.inc(num: data.count, type: .forward)
//
await self.puncherActor.submitRegisterRequest(request: .init(srcMac: self.devAddr.mac, dstMac: dstMac, networkId: self.devAddr.networkID))
}
}
}
deinit {
self.rootTask?.cancel()
self.udpHoleActor = nil
self.superClientActor = nil
self.dnsClientActor = nil
}
// mac
public static func getMacAddress() -> Data {
let key = "gMacAddress2"
let userDefaults = UserDefaults.standard
if let mac = userDefaults.value(forKey: key) as? Data {
return mac
}
else {
let mac = generateMacAddress()
userDefaults.setValue(mac, forKey: key)
return mac
}
}
// mac
private static func generateMacAddress() -> Data {
var macAddress = [UInt8](repeating: 0, count: 6)
for i in 0..<6 {
macAddress[i] = UInt8.random(in: 0...255)
}
return Data(macAddress)
}
}
//
extension SDLContext {
// nat
enum NatType: UInt8, Encodable {
case blocked = 0
case noNat = 1
case fullCone = 2
case portRestricted = 3
case coneRestricted = 4
case symmetric = 5
}
// nat
func getNatType() async -> NatType {
guard let udpHole = self.udpHoleActor else {
return .blocked
}
let addressArray = config.stunProbeSocketAddressArray
// step1: ip1:port1 <---- ip1:port1
guard let natAddress1 = await getNatAddress(udpHole, remoteAddress: addressArray[0][0], attr: .none) else {
return .blocked
}
// nat
if await natAddress1 == udpHole.localAddress {
return .noNat
}
// step2: ip2:port2 <---- ip2:port2
guard let natAddress2 = await getNatAddress(udpHole, remoteAddress: addressArray[1][1], attr: .none) else {
return .blocked
}
// natAddress2 IPIPNAT;
// ip{dstIp, dstPort, srcIp, srcPort}, ip
logger.log("[SDLNatProber] nat_address1: \(natAddress1), nat_address2: \(natAddress2)", level: .debug)
if let ipAddress1 = natAddress1.ipAddress, let ipAddress2 = natAddress2.ipAddress, ipAddress1 != ipAddress2 {
return .symmetric
}
// step3: ip1:port1 <---- ip2:port2 (ipport)
// IPNAT
if let natAddress3 = await getNatAddress(udpHole, remoteAddress: addressArray[0][0], attr: .peer) {
logger.log("[SDLNatProber] nat_address1: \(natAddress1), nat_address2: \(natAddress2), nat_address3: \(natAddress3)", level: .debug)
return .fullCone
}
// step3: ip1:port1 <---- ip1:port2 (port)
// IPNAT
if let natAddress4 = await getNatAddress(udpHole, remoteAddress: addressArray[0][0], attr: .port) {
logger.log("[SDLNatProber] nat_address1: \(natAddress1), nat_address2: \(natAddress2), nat_address4: \(natAddress4)", level: .debug)
return .coneRestricted
} else {
return .portRestricted
}
}
private func getNatAddress(_ udpHole: SDLUDPHoleActor, remoteAddress: SocketAddress, attr: SDLProbeAttr) async -> SocketAddress? {
let stunProbeReply = try? await udpHole.stunProbe(remoteAddress: remoteAddress, attr: attr, timeout: 5)
return stunProbeReply?.socketAddress()
}
}
private extension UInt32 {
// ip
func asIpAddress() -> String {
return SDLUtil.int32ToIp(self)
}
}

3
Tun/Punchnet/SDLError.swift
View File

@ -8,7 +8,4 @@
enum SDLError: Error { enum SDLError: Error {
case socketClosed case socketClosed
case socketError case socketError
case invalidKey
case unsupportedAlgorithm(algorithm: String)
} }

126
Tun/Punchnet/SDLFlowSessionManager.swift
View File

@ -1,126 +0,0 @@
//
// FiveTuple.swift
// punchnet
// tcp/udp Flow
// Created by on 2026/3/10.
//
import Foundation
// MARK: - key
struct FlowSession: Hashable {
let srcIP: UInt32
let dstIP: UInt32
let srcPort: UInt16
let dstPort: UInt16
let proto: UInt8
func hash(into hasher: inout Hasher) {
// hash
hasher.combine(srcIP)
hasher.combine(dstIP)
hasher.combine(UInt32(srcPort) << 16 | UInt32(dstPort))
hasher.combine(proto)
}
static func ==(lhs: Self, rhs: Self) -> Bool {
return lhs.srcIP == rhs.srcIP &&
lhs.dstIP == rhs.dstIP &&
lhs.srcPort == rhs.srcPort &&
lhs.dstPort == rhs.dstPort &&
lhs.proto == rhs.proto
}
func reverse() -> FlowSession {
return FlowSession(
srcIP: dstIP,
dstIP: srcIP,
srcPort: dstPort,
dstPort: srcPort,
proto: proto
)
}
}
// MARK: -
final class SDLFlowSessionManager {
private var sessions: [FlowSession: TimeInterval] = [:]
private let lock = NSLock()
private let sessionTimeout: TimeInterval
/// - Parameter sessionTimeout:
init(sessionTimeout: TimeInterval = 300) {
self.sessionTimeout = sessionTimeout
}
//
func updateSession(_ key: FlowSession) {
lock.lock()
defer {
lock.unlock()
}
sessions[key] = Date().timeIntervalSince1970 + sessionTimeout
}
//
func hasSession(_ key: FlowSession) -> Bool {
lock.lock()
defer {
lock.unlock()
}
if let expireTs = sessions[key] {
if expireTs >= Date().timeIntervalSince1970 {
return true
}
self.sessions.removeValue(forKey: key)
}
return false
}
//
func removeSession(_ key: FlowSession) {
lock.lock()
defer {
lock.unlock()
}
sessions.removeValue(forKey: key)
}
//
func cleanupExpiredSessions() {
lock.lock()
defer {
lock.unlock()
}
let now = Date().timeIntervalSince1970
self.sessions = self.sessions.filter { $0.value >= now }
}
// /
var count: Int {
lock.lock()
defer {
lock.unlock()
}
return sessions.count
}
}
extension IPPacket {
func flowSession() -> FlowSession? {
switch self.transportPacket {
case .tcp(let tcpPacket):
return FlowSession(srcIP: header.source, dstIP: header.destination, srcPort: tcpPacket.header.srcPort, dstPort: tcpPacket.header.dstPort, proto: header.proto)
case .udp(let udpPacket):
return FlowSession(srcIP: header.source, dstIP: header.destination, srcPort: udpPacket.srcPort, dstPort: udpPacket.dstPort, proto: header.proto)
default:
return nil
}
}
}

13
Tun/Punchnet/SDLFlowTracer.swift → Tun/Punchnet/SDLFlowTracerActor.swift
View File

@ -6,10 +6,9 @@
// //
import Foundation import Foundation
import Darwin
// //
final class SDLFlowTracer { actor SDLFlowTracerActor {
enum FlowType { enum FlowType {
case forward case forward
case p2p case p2p
@ -20,14 +19,7 @@ final class SDLFlowTracer {
private var p2pFlowBytes: UInt32 = 0 private var p2pFlowBytes: UInt32 = 0
private var inFlowBytes: UInt32 = 0 private var inFlowBytes: UInt32 = 0
private let lock = NSLock()
func inc(num: Int, type: FlowType) { func inc(num: Int, type: FlowType) {
lock.lock()
defer {
lock.unlock()
}
switch type { switch type {
case .inbound: case .inbound:
self.inFlowBytes += UInt32(num) self.inFlowBytes += UInt32(num)
@ -39,14 +31,13 @@ final class SDLFlowTracer {
} }
func reset() -> (UInt32, UInt32, UInt32) { func reset() -> (UInt32, UInt32, UInt32) {
lock.lock()
defer { defer {
self.forwardFlowBytes = 0 self.forwardFlowBytes = 0
self.inFlowBytes = 0 self.inFlowBytes = 0
self.p2pFlowBytes = 0 self.p2pFlowBytes = 0
lock.unlock()
} }
return (forwardFlowBytes, p2pFlowBytes, inFlowBytes) return (forwardFlowBytes, p2pFlowBytes, inFlowBytes)
} }
} }

246
Tun/Punchnet/SDLIPV6AssistClient.swift
View File

@ -1,246 +0,0 @@
//
// SDLDNSClient 2.swift
// punchnet
//
// Created by on 2026/4/9.
//
import Foundation
import Network
enum SDLIPV6AssistError: Error {
case lostConnection
case requestTimeout
}
actor SDLIPV6AssistClient {
private struct PendingRequest {
let continuation: CheckedContinuation<SDLV6AssistProbeReply, Error>
let timeoutTask: Task<Void, Never>
}
private enum State {
case idle
case running
case stopped
}
private var state: State = .idle
private var connection: NWConnection?
private var receiveTask: Task<Void, Never>?
private let assistServerAddress: NWEndpoint
private var packetId: UInt32 = 1
private var pendingRequests: [UInt32: PendingRequest] = [:]
init?(assistServerInfo: SDLV6Info) {
guard assistServerInfo.port <= UInt32(UInt16.max), let host = SDLUtil.ipv6DataToString(assistServerInfo.v6) else {
return nil
}
self.assistServerAddress = .hostPort(host: NWEndpoint.Host(host), port: NWEndpoint.Port(integerLiteral: UInt16(assistServerInfo.port)))
}
func start() {
guard case .idle = self.state else {
return
}
self.state = .running
// 1.
let parameters = NWParameters.udp
// TUN NE TUN .other
parameters.prohibitedInterfaceTypes = [.other]
// 2. pathSelectionOptions
parameters.multipathServiceType = .handover
// IPv6 assist 退 IPv4
if let ipOptions = parameters.defaultProtocolStack.internetProtocol as? NWProtocolIP.Options {
ipOptions.version = .v6
}
// 2.
let connection = NWConnection(to: self.assistServerAddress, using: parameters)
self.connection = connection
connection.stateUpdateHandler = { [weak self] state in
Task {
await self?.handleConnectionStateUpdate(state, for: connection)
}
}
//
connection.start(queue: .global())
}
///
private static func makeReceiveStream(for connection: NWConnection) -> AsyncStream<Data> {
return AsyncStream(bufferingPolicy: .bufferingNewest(256)) { continuation in
func receiveNext() {
connection.receiveMessage { content, _, _, error in
if let data = content, !data.isEmpty {
// DNS AsyncStream
continuation.yield(data)
}
if error == nil && connection.state == .ready {
receiveNext() //
} else {
continuation.finish()
}
}
}
receiveNext()
}
}
func probe(requestTimeout: Duration = .seconds(5)) async throws -> SDLV6AssistProbeReply {
guard case .running = self.state, let connection = self.connection, connection.state == .ready else {
throw SDLIPV6AssistError.lostConnection
}
let pktId = self.nextPacketId()
var assistProbe = SDLV6AssistProbe()
assistProbe.pktID = pktId
let data = try assistProbe.serializedData()
return try await withCheckedThrowingContinuation { cont in
let timeoutTask = Task { [weak self] in
try? await Task.sleep(for: requestTimeout)
await self?.handleRequestTimeout(packetId: pktId)
}
self.pendingRequests[pktId] = .init(continuation: cont, timeoutTask: timeoutTask)
connection.send(content: data, completion: .contentProcessed { error in
if let error {
Task {
await self.handleProcessError(packetId: pktId, error: error)
}
}
})
}
}
private func handleProcessError(packetId: UInt32, error: NWError) {
if let request = self.takePendingRequest(packetId: packetId) {
request.continuation.resume(throwing: error)
}
}
private func handleRequestTimeout(packetId: UInt32) {
if let request = self.takePendingRequest(packetId: packetId) {
request.continuation.resume(throwing: SDLIPV6AssistError.requestTimeout)
}
}
func stop() {
self.stop(pendingError: SDLIPV6AssistError.lostConnection)
}
private func stop(pendingError: any Error) {
guard self.state != .stopped else {
return
}
self.state = .stopped
self.receiveTask?.cancel()
self.receiveTask = nil
self.connection?.cancel()
self.connection = nil
self.failAllPendingRequests(error: pendingError)
}
private func handleConnectionStateUpdate(_ state: NWConnection.State, for connection: NWConnection) {
guard case .running = self.state else {
return
}
switch state {
case .ready:
SDLLogger.log("[SDLIPV6AssistClient] Connection ready", for: .debug)
self.startReceiveTask(for: connection)
case .failed(let error):
SDLLogger.log("[SDLIPV6AssistClient] Connection failed: \(error)", for: .debug)
self.stop(pendingError: error)
case .cancelled:
self.stop()
default:
break
}
}
private func startReceiveTask(for connection: NWConnection) {
guard self.receiveTask == nil else {
return
}
let stream = Self.makeReceiveStream(for: connection)
self.receiveTask = Task { [weak self] in
for await data in stream {
guard let self else {
break
}
await self.handleReceivedPacket(data)
}
await self?.didFinishReceiving(for: connection)
}
}
private func handleReceivedPacket(_ data: Data) {
do {
let packet = try SDLV6AssistProbeReply(serializedBytes: data)
let pktId = packet.pktID
if let request = self.takePendingRequest(packetId: pktId) {
request.continuation.resume(returning: packet)
}
} catch {
SDLLogger.log("[SDLIPV6AssistClient] Receive error: \(error)", for: .debug)
}
}
private func didFinishReceiving(for connection: NWConnection) {
guard case .running = self.state else {
return
}
if self.connection === connection, connection.state != .ready {
self.stop()
} else {
self.receiveTask = nil
}
}
private func nextPacketId() -> UInt32 {
let packetId = self.packetId
self.packetId &+= 1
return packetId
}
private func takePendingRequest(packetId: UInt32) -> PendingRequest? {
guard let request = self.pendingRequests.removeValue(forKey: packetId) else {
return nil
}
request.timeoutTask.cancel()
return request
}
private func failAllPendingRequests(error: any Error) {
let pendingRequests = self.pendingRequests
self.pendingRequests.removeAll()
pendingRequests.values.forEach { request in
request.timeoutTask.cancel()
request.continuation.resume(throwing: error)
}
}
deinit {
self.connection?.cancel()
}
}

52
Tun/Punchnet/SDLLogger.swift
View File

@ -5,36 +5,42 @@
// Created by on 2024/3/13. // Created by on 2024/3/13.
// //
import Foundation import Foundation
import os import os.log
public class SDLLogger: @unchecked Sendable { public class SDLLogger: @unchecked Sendable {
public enum Level: Int8, CustomStringConvertible {
case debug = 0
case info = 1
case warning = 2
case error = 3
public enum Subsystem: String, CaseIterable { public var description: String {
case debug = "com.jihe.punchnet.debug" switch self {
case trace = "com.jihe.punchnet.trace" case .debug:
return "Debug"
case .info:
return "Info"
case .warning:
return "Warning"
case .error:
return "Error"
}
}
} }
private static var loggers: [String: SDLLogger] { private let level: Level
var loggers: [String: SDLLogger] = [:] private let log: OSLog
for sub in Subsystem.allCases {
loggers[sub.rawValue] = .init(subsystem: sub) public init(level: Level) {
} self.level = level
return loggers self.log = OSLog(subsystem: "com.jihe.punchnet", category: "punchnet")
} }
private let log: Logger public func log(_ message: String, level: Level = .debug) {
if self.level.rawValue <= level.rawValue {
private init(subsystem: Subsystem) { //os_log("%{public}@: %{public}@", log: self.log, type: .debug, level.description, message)
self.log = Logger(subsystem: subsystem.rawValue, category: "punchnet") NSLog("\(level.description): \(message)")
}
} }
public func _log(_ message: String) {
self.log.info("\(message, privacy: .public)")
}
public static func log(_ message: String, for system: Subsystem = .debug) {
if let logger = loggers[system.rawValue] {
logger._log(message)
}
}
} }

1454
Tun/Punchnet/Protobuf/SDLMessage.pb.swift → Tun/Punchnet/SDLMessage.pb.swift
View File

File diff suppressed because it is too large Load Diff

121
Tun/Punchnet/Protobuf/SDLMessage.swift → Tun/Punchnet/SDLMessage.swift
View File

@ -21,13 +21,19 @@ enum SDLPacketType: UInt8 {
case queryInfo = 0x06 case queryInfo = 0x06
case peerInfo = 0x07 case peerInfo = 0x07
//
case ping = 0x08 case ping = 0x08
case pong = 0x09 case pong = 0x09
// //
case event = 0x10 case event = 0x10
// ,
case command = 0x11
case commandAck = 0x12
//
case flowTracer = 0x15
case register = 0x20 case register = 0x20
case registerAck = 0x21 case registerAck = 0x21
@ -37,20 +43,16 @@ enum SDLPacketType: UInt8 {
case stunProbe = 0x32 case stunProbe = 0x32
case stunProbeReply = 0x33 case stunProbeReply = 0x33
// arp
case arpRequest = 0x50
case arpResponse = 0x51
//
case policyRequest = 0xb0
case policyResponse = 0xb1
//
case welcome = 0x4F
case data = 0xFF case data = 0xFF
} }
//
enum SDLUpgradeType: UInt32 {
case none = 0
case normal = 1
case force = 2
}
// Id // Id
struct SDLIdGenerator: Sendable { struct SDLIdGenerator: Sendable {
// id // id
@ -69,6 +71,29 @@ struct SDLIdGenerator: Sendable {
// //
//
enum SDLEventType: UInt8 {
case natChanged = 0x03
case sendRegister = 0x04
case networkShutdown = 0xFF
}
enum SDLEvent {
case natChanged(SDLNatChangedEvent)
case sendRegister(SDLSendRegisterEvent)
case networkShutdown(SDLNetworkShutdownEvent)
}
// --MARK:
enum SDLCommandType: UInt8 {
case changeNetwork = 0x01
}
enum SDLCommand {
case changeNetwork(SDLChangeNetworkCommand)
}
// --MARK: // --MARK:
// Attr // Attr
enum SDLProbeAttr: UInt8 { enum SDLProbeAttr: UInt8 {
@ -87,63 +112,55 @@ enum SDLNAKErrorCode: UInt8 {
} }
extension SDLV4Info { extension SDLV4Info {
func socketAddress() async throws -> SocketAddress? { func socketAddress() -> SocketAddress? {
guard self.v4.count == 4 else {
return nil
}
let address = "\(v4[0]).\(v4[1]).\(v4[2]).\(v4[3])" let address = "\(v4[0]).\(v4[1]).\(v4[2]).\(v4[3])"
return try await SDLAddressResolver.shared.resolve(host: address, port: Int(port))
return try? SocketAddress.makeAddressResolvingHost(address, port: Int(port))
} }
} }
extension SDLV6Info {
func socketAddress() async throws -> SocketAddress? {
guard let address = SDLUtil.ipv6DataToString(self.v6) else {
return nil
}
return try await SDLAddressResolver.shared.resolve(host: address, port: Int(port))
}
}
extension SDLData {
func format() -> String {
return "network_id: \(self.networkID), src_mac: \(LayerPacket.MacAddress.description(data: self.srcMac)), dst_mac: \(LayerPacket.MacAddress.description(data: self.dstMac)), data: \([UInt8](self.data))"
}
}
extension SDLStunProbeReply { extension SDLStunProbeReply {
func socketAddress() async -> SocketAddress? { func socketAddress() -> SocketAddress? {
let address = SDLUtil.int32ToIp(self.ip) let address = SDLUtil.int32ToIp(self.ip)
return try? await SDLAddressResolver.shared.resolve(host: address, port: Int(port)) return try? SocketAddress.makeAddressResolvingHost(address, port: Int(port))
} }
} }
// --MARK: ,
enum SDLQUICInboundMessage { enum SDLHoleInboundMessage {
// case stunReply(SDLStunReply)
case welcome(SDLWelcome) case stunProbeReply(SDLStunProbeReply)
case pong case data(SDLData)
case register(SDLRegister)
case registerAck(SDLRegisterAck)
}
// // --MARK:
struct SDLSuperInboundMessage {
let msgId: UInt32
let packet: InboundPacket
enum InboundPacket {
case empty
case registerSuperAck(SDLRegisterSuperAck) case registerSuperAck(SDLRegisterSuperAck)
case registerSuperNak(SDLRegisterSuperNak) case registerSuperNak(SDLRegisterSuperNak)
case peerInfo(SDLPeerInfo) case peerInfo(SDLPeerInfo)
case pong
case event(SDLEvent) case event(SDLEvent)
case policyReponse(SDLPolicyResponse) case command(SDLCommand)
}
case arpResponse(SDLArpResponse) func isPong() -> Bool {
} switch self.packet {
case .pong:
return true
default:
return false
}
}
//
enum SDLEventType: UInt8 {
case natChanged = 0x03
case sendRegister = 0x04
case networkShutdown = 0xFF
} }

49
Tun/Punchnet/SDLNetAddress.swift Normal file
View File

@ -0,0 +1,49 @@
//
// SDLIPAddress.swift
// Tun
//
// Created by on 2024/3/4.
//
import Foundation
struct SDLNetAddress {
let ip: UInt32
let maskLen: UInt8
// ip
var ipAddress: String {
return intToIpAddress(self.ip)
}
//
var maskAddress: String {
let len0 = 32 - maskLen
let num: UInt32 = (0xFFFFFFFF >> len0) << len0
return intToIpAddress(num)
}
//
var networkAddress: String {
let len0 = 32 - maskLen
let mask: UInt32 = (0xFFFFFFFF >> len0) << len0
return intToIpAddress(self.ip & mask)
}
init(ip: UInt32, maskLen: UInt8) {
self.ip = ip
self.maskLen = maskLen
}
private func intToIpAddress(_ num: UInt32) -> String {
let ip0 = (UInt8) (num >> 24 & 0xFF)
let ip1 = (UInt8) (num >> 16 & 0xFF)
let ip2 = (UInt8) (num >> 8 & 0xFF)
let ip3 = (UInt8) (num & 0xFF)
return "\(ip0).\(ip1).\(ip2).\(ip3)"
}
}

12
Tun/Punchnet/SDLNetworkMonitor.swift
View File

@ -15,7 +15,6 @@ class SDLNetworkMonitor: @unchecked Sendable {
private var interfaceType: NWInterface.InterfaceType? private var interfaceType: NWInterface.InterfaceType?
private let publisher = PassthroughSubject<NWInterface.InterfaceType, Never>() private let publisher = PassthroughSubject<NWInterface.InterfaceType, Never>()
private var cancel: AnyCancellable? private var cancel: AnyCancellable?
private var isStopped = false
public let eventStream: AsyncStream<MonitorEvent> public let eventStream: AsyncStream<MonitorEvent>
private let eventContinuation: AsyncStream<MonitorEvent>.Continuation private let eventContinuation: AsyncStream<MonitorEvent>.Continuation
@ -56,19 +55,10 @@ class SDLNetworkMonitor: @unchecked Sendable {
} }
} }
func stop() { deinit {
guard !self.isStopped else {
return
}
self.isStopped = true
self.monitor.cancel() self.monitor.cancel()
self.cancel?.cancel() self.cancel?.cancel()
self.eventContinuation.finish() self.eventContinuation.finish()
} }
deinit {
self.stop()
}
} }

88
Tun/Punchnet/SDLNoticeClient.swift Normal file
View File

@ -0,0 +1,88 @@
//
// SDLNoticeClient.swift
// Tun
//
// Created by on 2024/5/20.
//
import Foundation
//
// SDLanServer.swift
// Tun
//
// Created by on 2024/1/31.
//
import Foundation
import NIOCore
import NIOPosix
// sn-server
actor SDLNoticeClient {
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private let asyncChannel: NIOAsyncChannel<AddressedEnvelope<ByteBuffer>, AddressedEnvelope<ByteBuffer>>
private let remoteAddress: SocketAddress
private let (writeStream, writeContinuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
private let logger: SDLLogger
//
init(noticePort: Int, logger: SDLLogger) async throws {
self.logger = logger
self.remoteAddress = try! SocketAddress(ipAddress: "127.0.0.1", port: noticePort)
let bootstrap = DatagramBootstrap(group: self.group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
self.asyncChannel = try await bootstrap.bind(host: "0.0.0.0", port: 0)
.flatMapThrowing {channel in
return try NIOAsyncChannel(wrappingChannelSynchronously: channel, configuration: .init(
inboundType: AddressedEnvelope<ByteBuffer>.self,
outboundType: AddressedEnvelope<ByteBuffer>.self
))
}
.get()
self.logger.log("[SDLNoticeClient] started and listening on: \(self.asyncChannel.channel.localAddress!)", level: .debug)
}
func start() async throws {
try await self.asyncChannel.executeThenClose { inbound, outbound in
try await withThrowingTaskGroup(of: Void.self) { group in
group.addTask {
try await self.asyncChannel.channel.closeFuture.get()
throw SDLError.socketClosed
}
group.addTask {
defer {
self.writeContinuation.finish()
}
for try await message in self.writeStream {
let buf = self.asyncChannel.channel.allocator.buffer(bytes: message)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: self.remoteAddress, data: buf)
try await outbound.write(envelope)
}
}
for try await _ in group {
}
}
}
}
//
func send(data: Data) {
self.writeContinuation.yield(data)
}
deinit {
try? self.group.syncShutdownGracefully()
self.writeContinuation.finish()
}
}

16
Tun/Punchnet/SDLProtoMessageExtension.swift Normal file
View File

@ -0,0 +1,16 @@
//
// SDLProtoMessageExtension.swift
// Tun
//
// Created by on 2024/10/24.
//
import Foundation
extension SDLData {
func format() -> String {
return "network_id: \(self.networkID), src_mac: \(LayerPacket.MacAddress.description(data: self.srcMac)), dst_mac: \(LayerPacket.MacAddress.description(data: self.dstMac)), data: \([UInt8](self.data))"
}
}

51
Tun/Punchnet/SDLTunnelAppNotifier.swift
View File

@ -1,51 +0,0 @@
//
// SDLTunnelAppNotifier.swift
// Tun
//
// Created by on 2026/4/15.
//
import Foundation
final class SDLTunnelAppNotifier {
static let shared = SDLTunnelAppNotifier()
private let suiteName: String
private let eventKey: String
init(suiteName: String = SDLNotificationCenter.Configuration.appGroupSuiteName,
eventKey: String = SDLNotificationCenter.Configuration.latestEventKey) {
self.suiteName = suiteName
self.eventKey = eventKey
}
func publish(code: Int? = nil, message: String) {
var event = TunnelEvent()
event.id = UUID().uuidString
event.timestampMs = UInt64(Date().timeIntervalSince1970 * 1000)
event.code = Int32(clamping: code ?? 0)
event.message = message
self.publish(event)
}
func publish(_ event: TunnelEvent) {
guard let shared = UserDefaults(suiteName: self.suiteName),
let data = try? event.serializedData() else {
return
}
shared.set(data, forKey: self.eventKey)
shared.synchronize()
SDLNotificationCenter.shared.post(.tunnelEventChanged)
}
func clear() {
guard let shared = UserDefaults(suiteName: self.suiteName) else {
return
}
shared.removeObject(forKey: self.eventKey)
shared.synchronize()
SDLNotificationCenter.shared.post(.tunnelEventChanged)
}
}

89
Tun/Punchnet/SDLUtil.swift
View File

@ -6,9 +6,6 @@
// //
import Foundation import Foundation
import SystemConfiguration
import Network
import Darwin
struct SDLUtil { struct SDLUtil {
@ -33,54 +30,6 @@ struct SDLUtil {
return "\(ip0).\(ip1).\(ip2).\(ip3)" return "\(ip0).\(ip1).\(ip2).\(ip3)"
} }
public static func ipv4StrToInt32(_ ip: String) -> UInt32? {
let parts = ip.split(separator: ".")
guard parts.count == 4 else {
return nil
}
var result: UInt32 = 0
for part in parts {
guard let byte = UInt8(part) else { return nil }
result = (result << 8) | UInt32(byte)
}
return result
}
public static func ipv6DataToString(_ data: Data) -> String? {
guard data.count == 16 else {
return nil
}
return data.withUnsafeBytes { rawBuffer in
guard let baseAddress = rawBuffer.baseAddress else {
return nil
}
var hostBuffer = [CChar](repeating: 0, count: Int(INET6_ADDRSTRLEN))
guard inet_ntop(AF_INET6, baseAddress, &hostBuffer, socklen_t(INET6_ADDRSTRLEN)) != nil else {
return nil
}
return String(cString: hostBuffer)
}
}
public static func ipv6StrToData(_ ip: String) -> Data? {
let normalizedIp = String(ip.split(separator: "%", maxSplits: 1, omittingEmptySubsequences: false).first ?? "")
guard !normalizedIp.isEmpty else {
return nil
}
var address = in6_addr()
guard inet_pton(AF_INET6, normalizedIp, &address) == 1 else {
return nil
}
return withUnsafeBytes(of: &address) { Data($0) }
}
// ip // ip
public static func inSameNetwork(ip: UInt32, compareIp: UInt32, maskLen: UInt8) -> Bool { public static func inSameNetwork(ip: UInt32, compareIp: UInt32, maskLen: UInt8) -> Bool {
if ip == compareIp { if ip == compareIp {
@ -100,42 +49,4 @@ struct SDLUtil {
return bytes.map { String(format: "%02X", $0) }.joined(separator: ":").lowercased() return bytes.map { String(format: "%02X", $0) }.joined(separator: ":").lowercased()
} }
public static func getMacOSSystemDnsServers() -> [String] {
var results = [String]()
// DNS
if let dict = SCDynamicStoreCopyValue(nil, "State:/Network/Global/DNS" as CFString) as? [String: Any] {
if let servers = dict["ServerAddresses"] as? [String] {
results = servers
}
}
return results
}
//
static func resolveHostname(host: String) async -> String? {
let endpoint = NWEndpoint.hostPort(host: NWEndpoint.Host(host), port: 53)
let parameters = NWParameters.udp
// 使 utun
parameters.prohibitedInterfaceTypes = [.other]
let connection = NWConnection(to: endpoint, using: parameters)
return await withCheckedContinuation { continuation in
connection.stateUpdateHandler = { state in
if case .ready = state {
if let path = connection.currentPath,
case .hostPort(let resolvedHost, _) = path.remoteEndpoint {
let ip = String(describing: resolvedHost)
continuation.resume(returning: ip)
connection.cancel()
}
} else if case .failed = state {
continuation.resume(returning: nil)
}
}
connection.start(queue: .global())
}
}
} }

58
Tun/Punchnet/SessionManager.swift
View File

@ -1,33 +1,24 @@
// //
// Session.swift // Session.swift
// sdlan // sdlan
// Session //
// Created by on 2025/7/14. // Created by on 2025/7/14.
// //
import Foundation import Foundation
import NIOCore import NIOCore
import Darwin
struct Session { struct Session {
enum AddressType: String, Hashable {
case v4
case v6
}
// ip, // ip,
let dstMac: Data let dstMac: Data
// nat // nat
let natAddress: SocketAddress let natAddress: SocketAddress
//
let addressType: AddressType
// 使 // 使
var lastTimestamp: Int32 var lastTimestamp: Int32
init?(dstMac: Data, natAddress: SocketAddress, addressType: AddressType) { init(dstMac: Data, natAddress: SocketAddress) {
self.dstMac = dstMac self.dstMac = dstMac
self.natAddress = natAddress self.natAddress = natAddress
self.addressType = addressType
self.lastTimestamp = Int32(Date().timeIntervalSince1970) self.lastTimestamp = Int32(Date().timeIntervalSince1970)
} }
@ -37,55 +28,30 @@ struct Session {
} }
actor SessionManager { actor SessionManager {
private var sessions: [Data: [Session.AddressType: Session]] = [:] private var sessions: [Data:Session] = [:]
// session // session
private let ttl: Int32 = 10 private let ttl: Int32 = 10
func getSession(toAddress: Data) -> Session? { func getSession(toAddress: Data) -> Session? {
let timestamp = Int32(Date().timeIntervalSince1970) let timestamp = Int32(Date().timeIntervalSince1970)
if let session = self.sessions[toAddress] {
guard var peerSessions = self.sessions[toAddress] else { if session.lastTimestamp >= timestamp + ttl {
return nil self.sessions[toAddress]?.updateLastTimestamp(timestamp)
}
peerSessions = peerSessions.filter { $0.value.lastTimestamp + ttl >= timestamp }
guard !peerSessions.isEmpty else {
self.sessions.removeValue(forKey: toAddress)
return nil
}
guard var session = self.selectSession(in: peerSessions) else {
self.sessions[toAddress] = peerSessions
return nil
}
session.updateLastTimestamp(timestamp)
peerSessions[session.addressType] = session
self.sessions[toAddress] = peerSessions
return session return session
} else {
self.sessions.removeValue(forKey: toAddress)
}
}
return nil
} }
func addSession(session: Session) { func addSession(session: Session) {
let timestamp = Int32(Date().timeIntervalSince1970) self.sessions[session.dstMac] = session
var sessions = self.sessions[session.dstMac, default: [:]]
sessions = sessions.filter {
$0.value.lastTimestamp + ttl >= timestamp && $0.key != session.addressType
}
sessions[session.addressType] = session
self.sessions[session.dstMac] = sessions
} }
func removeSession(dstMac: Data) { func removeSession(dstMac: Data) {
self.sessions.removeValue(forKey: dstMac) self.sessions.removeValue(forKey: dstMac)
} }
private func selectSession(in sessions: [Session.AddressType: Session]) -> Session? {
return sessions.values.max(by: { $0.lastTimestamp < $1.lastTimestamp })
}
} }

96
Tun/Punchnet/UDPHole/SDLHoleMessage.swift
View File

@ -1,96 +0,0 @@
//
// SDLHoleMessageDecoder.swift
// punchnet
//
// Created by on 2026/4/15.
//
import Foundation
import NIOCore
import NIOPosix
import SwiftProtobuf
// --MARK: ,
enum SDLHoleMessage {
case data(SDLData)
case register(SDLRegister)
case registerAck(SDLRegisterAck)
case stunProbeReply(SDLStunProbeReply)
case stunReply(SDLStunReply)
}
enum SDLHoleControlMessage {
case register(SDLRegister)
case registerAck(SDLRegisterAck)
case stunProbeReply(SDLStunProbeReply)
case stunReply(SDLStunReply)
}
enum SDLHoleInboundMessage {
case control(SDLHoleControlMessage)
case data(SDLData)
}
extension SDLHoleMessage {
var inboundMessage: SDLHoleInboundMessage {
switch self {
case .data(let data):
return .data(data)
case .register(let register):
return .control(.register(register))
case .registerAck(let registerAck):
return .control(.registerAck(registerAck))
case .stunProbeReply(let stunProbeReply):
return .control(.stunProbeReply(stunProbeReply))
case .stunReply(let stunReply):
return .control(.stunReply(stunReply))
}
}
}
extension SDLHoleMessage {
static func decode(buffer: inout ByteBuffer) throws -> SDLHoleMessage? {
guard let type = buffer.readInteger(as: UInt8.self),
let packetType = SDLPacketType(rawValue: type) else {
return nil
}
switch packetType {
case .data:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let dataPacket = try? SDLData(serializedBytes: bytes) else {
return nil
}
return .data(dataPacket)
case .register:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerPacket = try? SDLRegister(serializedBytes: bytes) else {
return nil
}
return .register(registerPacket)
case .registerAck:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let registerAck = try? SDLRegisterAck(serializedBytes: bytes) else {
return nil
}
return .registerAck(registerAck)
case .stunProbeReply:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let stunProbeReply = try? SDLStunProbeReply(serializedBytes: bytes) else {
return nil
}
return .stunProbeReply(stunProbeReply)
case .stunReply:
guard let bytes = buffer.readBytes(length: buffer.readableBytes),
let stunReply = try? SDLStunReply(serializedBytes: bytes) else {
return nil
}
return .stunReply(stunReply)
default:
SDLLogger.log("[SDLUDPHole] decode miss type: \(type)", for: .debug)
return nil
}
}
}

163
Tun/Punchnet/UDPHole/SDLUDPHole.swift
View File

@ -1,163 +0,0 @@
//
// SDLanServer.swift
// Tun
//
// Created by on 2024/1/31.
//
import Foundation
import NIOCore
import NIOPosix
import SwiftProtobuf
// sn-server
final class SDLUDPHole: ChannelInboundHandler {
typealias InboundIn = AddressedEnvelope<ByteBuffer>
private enum State: Equatable {
case idle
case ready
case stopping
case stopped
}
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private var channel: Channel?
private var closeFuture: EventLoopFuture<Void>?
private var state: State = .idle
private var didFinishMessageStream: Bool = false
public let messageStream: AsyncStream<(SocketAddress, SDLHoleMessage)>
private let messageContinuation: AsyncStream<(SocketAddress, SDLHoleMessage)>.Continuation
//
init() throws {
let (stream, continuation) = AsyncStream.makeStream(of: (SocketAddress, SDLHoleMessage).self, bufferingPolicy: .bufferingNewest(2048))
self.messageStream = stream
self.messageContinuation = continuation
}
func start() throws -> SocketAddress {
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
.channelInitializer { channel in
channel.pipeline.addHandler(self)
}
// IPv4IPv4
let channel = try bootstrap.bind(host: "0.0.0.0", port: 0).wait()
self.channel = channel
self.closeFuture = channel.closeFuture
self.state = .ready
precondition(channel.localAddress != nil, "UDP channel has no localAddress after bind")
return channel.localAddress!
}
func waitClose() async throws {
switch self.state {
case .idle:
SDLLogger.log("[SDLUDPHole] waitClose11", for: .debug)
return
case .ready, .stopping, .stopped:
guard let closeFuture = self.closeFuture else {
SDLLogger.log("[SDLUDPHole] waitClose22", for: .debug)
return
}
try await closeFuture.get()
SDLLogger.log("[SDLUDPHole] waitClose33", for: .debug)
}
}
func stop() {
SDLLogger.log("[SDLUDPHole] waitClose stop", for: .debug)
switch self.state {
case .stopping, .stopped:
return
case .idle:
self.state = .stopped
self.finishMessageStream()
return
case .ready:
self.state = .stopping
}
self.finishMessageStream()
self.channel?.close(promise: nil)
}
// --MARK: ChannelInboundHandler delegate
func channelRead(context: ChannelHandlerContext, data: NIOAny) {
guard case .ready = self.state else {
return
}
let envelope = unwrapInboundIn(data)
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
if let rawBytes = buffer.getBytes(at: buffer.readerIndex, length: buffer.readableBytes) {
SDLLogger.log("[SDLUDPHole] get raw bytes: \(rawBytes.count), from: \(remoteAddress)", for: .debug)
}
do {
if let message = try SDLHoleMessage.decode(buffer: &buffer) {
self.messageContinuation.yield((remoteAddress, message))
} else {
SDLLogger.log("[SDLUDPHole] decode message, get null", for: .debug)
}
} catch let err {
SDLLogger.log("[SDLUDPHole] decode message, get error: \(err)", for: .debug)
}
}
func channelInactive(context: ChannelHandlerContext) {
self.finishMessageStream()
self.channel = nil
self.state = .stopped
SDLLogger.log("[SDLUDPHole] channelInactive", for: .debug)
}
func errorCaught(context: ChannelHandlerContext, error: any Error) {
SDLLogger.log("[SDLUDPHole] channel error: \(error)", for: .debug)
self.finishMessageStream()
if self.state != .stopped {
self.state = .stopping
}
context.close(promise: nil)
SDLLogger.log("[SDLUDPHole] errorCaught", for: .debug)
}
// MARK:
func send(type: SDLPacketType, data: Data, remoteAddress: SocketAddress) {
guard case .ready = self.state, let channel = self.channel else {
return
}
var buffer = channel.allocator.buffer(capacity: data.count + 1)
buffer.writeBytes([type.rawValue])
buffer.writeBytes(data)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: remoteAddress, data: buffer)
_ = channel.eventLoop.submit {
channel.writeAndFlush(envelope, promise: nil)
}
}
private func finishMessageStream() {
guard !self.didFinishMessageStream else {
return
}
self.didFinishMessageStream = true
self.messageContinuation.finish()
}
deinit {
SDLLogger.log("[SDLUDPHole] closeWait deinit", for: .debug)
self.stop()
try? self.group.syncShutdownGracefully()
}
}

160
Tun/Punchnet/UDPHole/SDLUDPHoleV6.swift
View File

@ -1,160 +0,0 @@
//
// SDLUDPHoleV6.swift
// Tun
//
// Created by on 2026/4/15.
//
import Foundation
import NIOCore
import NIOPosix
import SwiftProtobuf
// sn-server
final class SDLUDPHoleV6: ChannelInboundHandler {
typealias InboundIn = AddressedEnvelope<ByteBuffer>
private enum State: Equatable {
case idle
case ready
case stopping
case stopped
}
private let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
private var channel: Channel?
private var closeFuture: EventLoopFuture<Void>?
private var state: State = .idle
private var didFinishMessageStream: Bool = false
public let messageStream: AsyncStream<(SocketAddress, SDLHoleMessage)>
private let messageContinuation: AsyncStream<(SocketAddress, SDLHoleMessage)>.Continuation
//
init() throws {
let (stream, continuation) = AsyncStream.makeStream(of: (SocketAddress, SDLHoleMessage).self, bufferingPolicy: .bufferingNewest(2048))
self.messageStream = stream
self.messageContinuation = continuation
}
func start() throws -> SocketAddress {
let bootstrap = DatagramBootstrap(group: group)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
.channelInitializer { channel in
channel.pipeline.addHandler(self)
}
// IPv6IPv6
let channel = try bootstrap.bind(host: "::", port: 0).wait()
self.channel = channel
self.closeFuture = channel.closeFuture
self.state = .ready
precondition(channel.localAddress != nil, "UDP v6 channel has no localAddress after bind")
return channel.localAddress!
}
func waitClose() async throws {
switch self.state {
case .idle:
SDLLogger.log("[SDLUDPHoleV6] waitClose11", for: .debug)
return
case .ready, .stopping, .stopped:
guard let closeFuture = self.closeFuture else {
SDLLogger.log("[SDLUDPHoleV6] waitClose22", for: .debug)
return
}
try await closeFuture.get()
SDLLogger.log("[SDLUDPHoleV6] waitClose33", for: .debug)
}
}
func stop() {
switch self.state {
case .stopping, .stopped:
return
case .idle:
self.state = .stopped
self.finishMessageStream()
return
case .ready:
self.state = .stopping
}
self.finishMessageStream()
self.channel?.close(promise: nil)
}
// --MARK: ChannelInboundHandler delegate
func channelRead(context: ChannelHandlerContext, data: NIOAny) {
guard case .ready = self.state else {
return
}
let envelope = unwrapInboundIn(data)
var buffer = envelope.data
let remoteAddress = envelope.remoteAddress
if let rawBytes = buffer.getBytes(at: buffer.readerIndex, length: buffer.readableBytes) {
SDLLogger.log("[SDLUDPHoleV6] get raw bytes: \(rawBytes.count), from: \(remoteAddress)", for: .debug)
}
do {
if let message = try SDLHoleMessage.decode(buffer: &buffer) {
self.messageContinuation.yield((remoteAddress, message))
} else {
SDLLogger.log("[SDLUDPHoleV6] decode message, get null", for: .debug)
}
} catch let err {
SDLLogger.log("[SDLUDPHoleV6] decode message, get error: \(err)", for: .debug)
}
}
func channelInactive(context: ChannelHandlerContext) {
self.finishMessageStream()
self.channel = nil
self.state = .stopped
}
func errorCaught(context: ChannelHandlerContext, error: any Error) {
SDLLogger.log("[SDLUDPHoleV6] channel error: \(error)", for: .debug)
self.finishMessageStream()
if self.state != .stopped {
self.state = .stopping
}
context.close(promise: nil)
}
// MARK:
func send(type: SDLPacketType, data: Data, remoteAddress: SocketAddress) {
guard case .ready = self.state, let channel = self.channel else {
return
}
var buffer = channel.allocator.buffer(capacity: data.count + 1)
buffer.writeBytes([type.rawValue])
buffer.writeBytes(data)
let envelope = AddressedEnvelope<ByteBuffer>(remoteAddress: remoteAddress, data: buffer)
_ = channel.eventLoop.submit {
channel.writeAndFlush(envelope, promise: nil)
}
}
private func finishMessageStream() {
guard !self.didFinishMessageStream else {
return
}
self.didFinishMessageStream = true
self.messageContinuation.finish()
}
deinit {
self.stop()
try? self.group.syncShutdownGracefully()
}
}

38
Tun/Punchnet/UDPPacket.swift Normal file
View File

@ -0,0 +1,38 @@
//
// UDPPacket.swift
// Tun
//
// Created by on 2025/12/13.
//
import Foundation
struct UDPHeader {
let sourcePort: UInt16
let destinationPort: UInt16
let length: UInt16
let checksum: UInt16
}
struct UDPPacket {
let header: UDPHeader
let payload: Data
init?(_ data: Data) {
// UDP header 8
guard data.count >= 8 else {
return nil
}
let header = UDPHeader(sourcePort: UInt16(bytes: (data[0], data[1])),
destinationPort: UInt16(bytes: (data[2], data[3])),
length: UInt16(bytes: (data[4], data[5])),
checksum: UInt16(bytes: (data[6], data[7]))
)
// UDP payload = length - 8
let payloadLength = Int(header.length) - 8
self.header = header
self.payload = data.subdata(in: 8..<(8 + payloadLength))
}
}

2
Tun/Tun.entitlements
View File

@ -10,7 +10,7 @@
<true/> <true/>
<key>com.apple.security.application-groups</key> <key>com.apple.security.application-groups</key>
<array> <array>
<string>group.com.jihe.punchnetmac</string> <string>$(TeamIdentifierPrefix)</string>
</array> </array>
<key>com.apple.security.network.client</key> <key>com.apple.security.network.client</key>
<true/> <true/>

275
punchnet/App/AppContext.swift
View File

@ -1,275 +0,0 @@
//
// LoginState.swift
// punchnet
//
// Created by on 2026/1/16.
//
import Foundation
import Observation
struct AppContextError: Error {
let message: String
}
@Observable
class AppContext {
private var vpnManager = VPNManager.shared
// "/connect"
var networkContext: NetworkContext? = nil
// IP nil
var selectedExitNodeIp: String? = nil
// menu使
var vpnOptions: [String: NSObject]? = nil
// app
var appScene: AppScene = .login(username: nil)
//
enum AppScene: Equatable {
case login(username: String?)
case logined
case register
case resetPassword
}
//
var loginCredit: Credit?
//
var isLogined: Bool {
return loginCredit != nil
}
enum Credit {
case token(token: String, session: NetworkSession)
case accountAndPasword(account: String, password: String, session: NetworkSession)
}
@ObservationIgnored
var networkSession: NetworkSession? {
guard let loginCredit = self.loginCredit else {
return nil
}
switch loginCredit {
case .token(_, let session):
return session
case .accountAndPasword(_, _, let session):
return session
}
}
var tunnelEvent: SDLTunnelAppEventStore.Event? = nil
@ObservationIgnored
private var lastTunnelEventID: String?
init() {
self.observeTunnelEvent()
self.consumeLatestTunnelEvent()
}
func loginWith(token: String) async throws {
let networkSession = try await AuthService.loginWithToken(token: token)
self.loginCredit = .token(token: token, session: networkSession)
self.selectedExitNodeIp = self.loadExitNodeIp(networkId: networkSession.networkId)
// keychain
if let data = token.data(using: .utf8) {
try KeychainStore.shared.save(data, account: "token")
}
}
func loginWith(username: String, password: String) async throws {
let networkSession = try await AuthService.loginWithAccountAndPassword(username: username, password: password)
self.loginCredit = .accountAndPasword(account: username, password: password, session: networkSession)
self.selectedExitNodeIp = self.loadExitNodeIp(networkId: networkSession.networkId)
// keychain
if let data = "\(username):\(password)".data(using: .utf8) {
try KeychainStore.shared.save(data, account: "accountAndPasword")
}
}
//
func connectNetwork() async throws {
guard let session = self.networkSession else {
throw AppContextError(message: "未登陆")
}
//
guard !vpnManager.isConnected else {
throw AppContextError(message: "网络已经连接")
}
self.networkContext = try await NetworkService.connectNetwork(accesToken: session.accessToken)
}
func changeExitNodeIp(exitNodeIp: String) async throws -> Data {
//
guard vpnManager.isConnected else {
throw AppContextError(message: "网络未连接")
}
var changeExitNode = AppRequest.ChangeExitNodeRequest()
changeExitNode.ip = exitNodeIp
var appRequest = AppRequest()
appRequest.command = .changeExitNode(changeExitNode)
let message = try appRequest.serializedData()
return try await self.vpnManager.sendMessage(message)
}
// tun
func startTun() async throws {
guard let session = self.networkSession, let context = self.networkContext else {
return
}
let options = SystemConfig.getOptions(
networkId: UInt32(session.networkId),
networkDomain: session.networkDomain,
ip: context.ip,
maskLen: context.maskLen,
accessToken: session.accessToken,
identityId: context.identityId,
hostname: context.hostname,
exitNodeIp: self.selectedExitNodeIp
)
try await self.vpnManager.enableVpn(options: options)
}
//
func stopTun() async throws {
try await self.vpnManager.disableVpn()
self.networkContext = nil
}
// 退
func logout() async throws {
try await self.vpnManager.disableVpn()
self.networkContext = nil
self.selectedExitNodeIp = nil
self.loginCredit = nil
}
func loadCacheToken() -> String? {
if let data = try? KeychainStore.shared.load(account: "token") {
return String(data: data, encoding: .utf8)
}
return nil
}
func loadCacheUsernameAndPassword() -> (String, String)? {
if let data = try? KeychainStore.shared.load(account: "accountAndPasword"),
let str = String(data: data, encoding: .utf8) {
let parts = str.split(separator: ":")
if parts.count == 2 {
return (String(parts[0]), String(parts[1]))
}
}
return nil
}
// MARK: TunEvent
func dismissTunnelEvent() {
self.tunnelEvent = nil
}
private func observeTunnelEvent() {
SDLNotificationCenter.shared.addObserver(for: .tunnelEventChanged) { [weak self] _ in
self?.consumeLatestTunnelEvent()
}
}
private func consumeLatestTunnelEvent() {
guard let event = SDLTunnelAppEventStore.loadLatestEvent(),
self.lastTunnelEventID != event.id else {
return
}
self.lastTunnelEventID = event.id
self.tunnelEvent = event
SDLTunnelAppEventStore.clearLatestEvent()
}
deinit {
SDLNotificationCenter.shared.removeObserver(for: .tunnelEventChanged)
}
}
//
extension AppContext {
private func exitNodeStorageAccount(networkId: Int?) -> String {
if let networkId {
return "exitNodeIp_\(networkId)"
}
return "exitNodeIp"
}
func loadExitNodeIp(networkId: Int? = nil) -> String? {
let account = self.exitNodeStorageAccount(networkId: networkId)
if let data = try? KeychainStore.shared.load(account: account) {
return String(data: data, encoding: .utf8)
}
if networkId != nil,
let data = try? KeychainStore.shared.load(account: self.exitNodeStorageAccount(networkId: nil)) {
return String(data: data, encoding: .utf8)
}
return nil
}
func saveExitNodeIp(exitNodeIp: String, networkId: Int? = nil) async throws {
let account = self.exitNodeStorageAccount(networkId: networkId)
// keychain
if let data = exitNodeIp.data(using: .utf8) {
try KeychainStore.shared.save(data, account: account)
}
}
func clearExitNodeIp(networkId: Int? = nil) throws {
try KeychainStore.shared.delete(account: self.exitNodeStorageAccount(networkId: networkId))
}
func updateExitNodeIp(exitNodeIp: String?) async throws {
let normalizedExitNodeIp = exitNodeIp?.trimmingCharacters(in: .whitespacesAndNewlines)
let finalExitNodeIp = normalizedExitNodeIp?.isEmpty == true ? nil : normalizedExitNodeIp
let networkId = self.networkSession?.networkId
if vpnManager.isConnected {
let result = try await self.changeExitNodeIp(exitNodeIp: finalExitNodeIp ?? "0.0.0.0")
let reply = try TunnelResponse(serializedBytes: result)
guard reply.code == 0 else {
throw AppContextError(message: reply.message)
}
}
if let finalExitNodeIp {
try await self.saveExitNodeIp(exitNodeIp: finalExitNodeIp, networkId: networkId)
} else {
try self.clearExitNodeIp(networkId: networkId)
}
if networkId != nil {
try? self.clearExitNodeIp(networkId: nil)
}
self.selectedExitNodeIp = finalExitNodeIp
}
}

98
punchnet/App/AppRootView.swift
View File

@ -1,98 +0,0 @@
//
// RootView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct AppRootView: View {
@Environment(AppContext.self) var appContext: AppContext
@State private var updateManager = AppUpdateManager.shared
var body: some View {
ZStack {
// 1.
// 使 ZStack Group
ZStack(alignment: .center) {
switch appContext.appScene {
case .login(username: let username):
LoginView(username: username)
.id("scene_login") // ID
case .logined:
NetworkView()
.id("scene_logined")
case .register:
RegisterRootView()
.id("scene_register")
case .resetPassword:
ResetPasswordRootView()
.id("scene_reset")
}
}
.transition(.asymmetric(
insertion: .move(edge: .trailing).combined(with: .opacity),
removal: .move(edge: .leading).combined(with: .opacity) // leading
))
//
if updateManager.showUpdateOverlay, let info = updateManager.updateInfo {
updateOverlay(info: info)
}
}
// 4. Scene
.animation(.spring(duration: 0.5), value: appContext.appScene)
.animation(.spring(duration: 0.4), value: updateManager.showUpdateOverlay)
// macOS
.background(VisualEffectView(material: .hudWindow, blendingMode: .behindWindow))
.alert("提示", isPresented: tunnelEventPresented, presenting: appContext.tunnelEvent) { _ in
Button("确定", role: .cancel) {
appContext.dismissTunnelEvent()
}
} message: { event in
Text(event.message)
}
.task {
let checkUpdateResult = await updateManager.checkUpdate(isManual: false)
NSLog("[RootView] checkUpdateResult: \(checkUpdateResult)")
}
}
// body
@ViewBuilder
private func updateOverlay(info: AppUpgradeInfo) -> some View {
ZStack {
Color.black.opacity(0.4)
.ignoresSafeArea()
.onTapGesture {
if !info.forceUpdate {
updateManager.showUpdateOverlay = false
}
}
AppUpdateView(info: info) {
updateManager.showUpdateOverlay = false
}
.clipShape(RoundedRectangle(cornerRadius: 16))
.shadow(color: .black.opacity(0.3), radius: 20)
}
.transition(.asymmetric(
insertion: .scale(scale: 0.9).combined(with: .opacity),
removal: .opacity
))
.zIndex(100) //
}
private var tunnelEventPresented: Binding<Bool> {
Binding(
get: { self.appContext.tunnelEvent != nil },
set: { isPresented in
if !isPresented {
self.appContext.dismissTunnelEvent()
}
}
)
}
}

110
punchnet/App/punchnetApp.swift
View File

@ -1,110 +0,0 @@
//
// punchnetApp.swift
// punchnet
//
// Created by on 2025/5/12.
//
import SwiftUI
import AppKit
import SwiftData
import Combine
@main
struct punchnetApp: App {
/*
var sharedModelContainer: ModelContainer = {
let schema = Schema([
Item.self,
])
let modelConfiguration = ModelConfiguration(schema: schema, isStoredInMemoryOnly: false)
do {
return try ModelContainer(for: schema, configurations: [modelConfiguration])
} catch {
fatalError("Could not create ModelContainer: \(error)")
}
}()
*/
@NSApplicationDelegateAdaptor(AppDelegate.self) var appDelegate
@State private var appContext: AppContext
@AppStorage("hasAcceptedPrivacy") var hasAcceptedPrivacy: Bool = false
// UI
@State private var showPrivacy: Bool = false
@State private var vpnManager = VPNManager.shared
init() {
self.appContext = AppContext()
}
var body: some Scene {
Window("Punchnet", id: "main") {
AppRootView()
.navigationTitle("")
.environment(self.appContext)
.frame(
width: self.appContext.isLogined ? 900 : 380,
height: self.appContext.isLogined ? 600 : 500
)
// /
.animation(.spring(response: 0.4, dampingFraction: 0.8), value: self.appContext.isLogined)
.onAppear {
self.showPrivacy = !hasAcceptedPrivacy
}
.sheet(isPresented: $showPrivacy) {
PrivacyDetailView(showPrivacy: $showPrivacy)
.interactiveDismissDisabled() //
}
}
.windowToolbarStyle(.unified)
.windowResizability(.contentSize)
.defaultPosition(.center)
.windowStyle(.hiddenTitleBar)
Window("settings", id: "settings") {
SettingsView()
.environment(self.appContext)
.frame(width: 750, height: 450)
}
.windowResizability(.contentSize)
.defaultPosition(.center)
.windowStyle(.hiddenTitleBar)
MenuBarExtra("Punchnet", image: "logo_32") {
MainMenuBar()
.environment(appContext)
}
.menuBarExtraStyle(.menu)
}
}
// APP
class AppDelegate: NSObject, NSApplicationDelegate {
func applicationWillFinishLaunching(_ notification: Notification) {
}
func applicationShouldTerminate(_ sender: NSApplication) -> NSApplication.TerminateReply {
print("call me applicationShouldTerminate")
Task {
do {
try await VPNManager.shared.disableVpn()
NSLog("vpn disabled")
} catch let err {
NSLog("退出时关闭 VPN 失败: \(err)")
}
await MainActor.run {
sender.reply(toApplicationShouldTerminate: true)
}
}
return .terminateLater
}
}

119
punchnet/AppEventCenter/SDLNotificationCenter.swift
View File

@ -1,119 +0,0 @@
//
// DarwinNotificationName.swift
// punchnet
//
// Created by on 2026/4/3.
//
import Foundation
// MARK: - Darwin Notification Name
public struct DarwinNotificationName: RawRepresentable, Hashable {
public let rawValue: String
public init(rawValue: String) {
self.rawValue = rawValue
}
}
//
extension DarwinNotificationName {
static let tunnelEventChanged = DarwinNotificationName(rawValue: "com.jihe.punchnetmac.tunnelEventChanged")
}
extension SDLNotificationCenter {
enum Configuration {
static let appGroupSuiteName = "group.com.jihe.punchnetmac"
static let latestEventKey = "tunnel.latestEvent"
}
}
// MARK: - Manager
public final class SDLNotificationCenter {
public static let shared = SDLNotificationCenter()
private let center = CFNotificationCenterGetDarwinNotifyCenter()
private var observers: [DarwinNotificationName: (DarwinNotificationName) -> Void] = [:]
private let lock = NSLock()
private init() {}
// MARK: - Add Observer
public func addObserver(for name: DarwinNotificationName, queue: DispatchQueue = .main, using block: @escaping (DarwinNotificationName) -> Void ) {
lock.lock()
defer {
lock.unlock()
}
if observers[name] == nil {
// Darwin Center
CFNotificationCenterAddObserver(
center,
UnsafeMutableRawPointer(Unmanaged.passUnretained(self).toOpaque()),
{ (_, observer, cfName, _, _) in
guard let observer, let cfName else {
return
}
let instance = Unmanaged<SDLNotificationCenter>
.fromOpaque(observer)
.takeUnretainedValue()
let name = DarwinNotificationName(rawValue: cfName.rawValue as String)
instance.handle(name: name)
},
name.rawValue as CFString,
nil,
.deliverImmediately
)
observers[name] = { n in
queue.async {
block(n)
}
}
}
}
// MARK: - Remove Observer
public func removeObserver(for name: DarwinNotificationName) {
lock.lock()
defer {
lock.unlock()
}
if observers[name] != nil {
CFNotificationCenterRemoveObserver(
center,
UnsafeMutableRawPointer(Unmanaged.passUnretained(self).toOpaque()),
CFNotificationName(name.rawValue as CFString),
nil
)
}
observers.removeValue(forKey: name)
}
// MARK: - Post
public func post(_ name: DarwinNotificationName) {
CFNotificationCenterPostNotification(
center,
CFNotificationName(name.rawValue as CFString),
nil,
nil,
true
)
}
// MARK: - Handle
private func handle(name: DarwinNotificationName) {
lock.lock()
let block = observers[name]
lock.unlock()
block?(name)
}
}

31
punchnet/AppEventCenter/SDLTunnelAppEventStore.swift
View File

@ -1,31 +0,0 @@
//
// SDLTunnelAppEventStore.swift
// punchnet
//
// Created by on 2026/4/15.
//
import Foundation
struct SDLTunnelAppEventStore {
typealias Event = TunnelEvent
static func loadLatestEvent() -> Event? {
guard let shared = UserDefaults(suiteName: SDLNotificationCenter.Configuration.appGroupSuiteName),
let data = shared.data(forKey: SDLNotificationCenter.Configuration.latestEventKey),
let event = try? Event(serializedBytes: data) else {
return nil
}
return event
}
static func clearLatestEvent() {
guard let shared = UserDefaults(suiteName: SDLNotificationCenter.Configuration.appGroupSuiteName) else {
return
}
shared.removeObject(forKey: SDLNotificationCenter.Configuration.latestEventKey)
shared.synchronize()
}
}

77
punchnet/Core/KeychainStore.swift
View File

@ -1,77 +0,0 @@
//
// KeychainStore.swift
// punchnet
//
// Created by on 2026/1/19.
//
import Foundation
import Security
enum KeychainError: Error {
case unexpectedStatus(OSStatus)
}
final class KeychainStore {
public static var shared: KeychainStore = .init(service: Bundle.main.bundleIdentifier!)
private let service: String
private init(service: String) {
self.service = service
}
func save(_ data: Data, account: String) throws {
let query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrService: service,
kSecAttrAccount: account,
kSecValueData: data
]
//
SecItemDelete(query as CFDictionary)
let status = SecItemAdd(query as CFDictionary, nil)
guard status == errSecSuccess else {
throw KeychainError.unexpectedStatus(status)
}
}
func load(account: String) throws -> Data? {
let query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrService: service,
kSecAttrAccount: account,
kSecReturnData: true,
kSecMatchLimit: kSecMatchLimitOne
]
var result: AnyObject?
let status = SecItemCopyMatching(query as CFDictionary, &result)
if status == errSecItemNotFound {
return nil
}
guard status == errSecSuccess else {
throw KeychainError.unexpectedStatus(status)
}
return result as? Data
}
func delete(account: String) throws {
let query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrService: service,
kSecAttrAccount: account
]
let status = SecItemDelete(query as CFDictionary)
guard status == errSecSuccess || status == errSecItemNotFound else {
throw KeychainError.unexpectedStatus(status)
}
}
}

38
punchnet/Core/LaunchManager.swift
View File

@ -1,38 +0,0 @@
//
// LaunchManager.swift
// punchnet
//
// Created by on 2026/3/23.
//
import ServiceManagement
import Observation
@Observable
class LaunchManager {
// App
private let service = SMAppService.mainApp
//
var launchAtLogin: Bool
init() {
self.launchAtLogin = (service.status == .enabled)
}
func toggleLaunchAtLogin(enabled: Bool) throws {
if enabled {
try service.register()
} else {
try service.unregister()
}
// 3. View
self.launchAtLogin = (service.status == .enabled)
}
// 4.
func refreshLaunchStatus() {
self.launchAtLogin = (service.status == .enabled)
}
}

90
punchnet/Core/NoticeMessage.swift Normal file
View File

@ -0,0 +1,90 @@
//
// NoticeMessage.swift
// sdlan
//
// Created by on 2024/6/3.
//
import Foundation
import NIOCore
struct NoticeMessage {
enum InboundMessage {
case none
case upgradeMessage(prompt: String, address: String)
case alertMessage(alert: String)
case ip(ip: String)
}
static func decodeMessage(buffer: inout ByteBuffer) -> InboundMessage {
guard let type = buffer.readInteger(as: UInt8.self) else {
return .none
}
switch type {
case 0x01:
if let len0 = buffer.readInteger(as: UInt16.self),
let prompt = buffer.readString(length: Int(len0)),
let len1 = buffer.readInteger(as: UInt16.self),
let address = buffer.readString(length: Int(len1)) {
return .upgradeMessage(prompt: prompt, address: address)
}
case 0x02:
if let len0 = buffer.readInteger(as: UInt16.self),
let alert = buffer.readString(length: Int(len0)) {
return .alertMessage(alert: alert)
}
case 0x03:
if let len0 = buffer.readInteger(as: UInt16.self),
let ipAddress = buffer.readString(length: Int(len0)) {
return .ip(ip: ipAddress)
}
default:
return .none
}
return .none
}
static func upgrade(prompt: String, address: String) -> Data {
var data = Data()
data.append(contentsOf: [0x01])
data.append(contentsOf: lenBytes(UInt16(prompt.count)))
data.append(prompt.data(using: .utf8)!)
data.append(contentsOf: lenBytes(UInt16(address.count)))
data.append(address.data(using: .utf8)!)
return data
}
static func alert(alert: String) -> Data {
var data = Data()
data.append(contentsOf: [0x02])
data.append(contentsOf: lenBytes(UInt16(alert.count)))
data.append(alert.data(using: .utf8)!)
return data
}
static func ipAdress(ip: String) -> Data {
var data = Data()
data.append(contentsOf: [0x03])
data.append(contentsOf: lenBytes(UInt16(ip.count)))
data.append(ip.data(using: .utf8)!)
return data
}
private static func lenBytes(_ value: UInt16) -> [UInt8] {
let byte1 = UInt8((value >> 8) & 0xFF)
let bytes2 = UInt8(value & 0xFF)
return [byte1, bytes2]
}
}

74
punchnet/Core/SDLAPI.swift Normal file
View File

@ -0,0 +1,74 @@
//
// SDLApi.swift
// sdlan
//
// Created by on 2024/6/5.
//
import Foundation
struct JSONRPCResponse<T: Decodable>: Decodable {
let result: T?
let error: JSONRPCError?
}
struct JSONRPCError: Decodable {
let code: Int
let message: String
let data: String?
}
struct SDLAPI {
static let baseUrl: String = "https://punchnet.s5s8.com/api"
static let testBaseUrl: String = "http://127.0.0.1:19082/test"
struct Upgrade: Decodable {
let upgrade_type: Int
let upgrade_prompt: String
let upgrade_address: String
}
struct NetworkProfile: Decodable {
struct NetworkItem: Decodable {
let name: String
let code: String
}
let network: [NetworkItem]
}
static func checkVersion(clientId: String, version: Int, channel: String) async throws -> JSONRPCResponse<Upgrade> {
let params: [String:Any] = [
"client_id": clientId,
"version": version,
"channel": channel
]
let postData = try! JSONSerialization.data(withJSONObject: params)
var request = URLRequest(url: URL(string: baseUrl + "/upgrade")!)
request.httpMethod = "POST"
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpBody = postData
let (data, _) = try await URLSession.shared.data(for: request)
return try JSONDecoder().decode(JSONRPCResponse<Upgrade>.self, from: data)
}
static func getUserNetworks(clientId: String) async throws -> JSONRPCResponse<NetworkProfile> {
let params: [String:Any] = [
"client_id": clientId
]
let postData = try! JSONSerialization.data(withJSONObject: params)
var request = URLRequest(url: URL(string: baseUrl + "/get_user_network")!)
request.httpMethod = "POST"
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpBody = postData
let (data, _) = try await URLSession.shared.data(for: request)
return try JSONDecoder().decode(JSONRPCResponse<NetworkProfile>.self, from: data)
}
}

64
punchnet/Core/SDLUtil.swift
View File

@ -1,64 +0,0 @@
//
// SDLUtil.swift
// punchnet
//
// Created by on 2026/3/9.
//
import Foundation
import CommonCrypto
struct SDLUtil {
enum ContactType {
case phone
case email
case invalid
}
static func hmacMD5(key: String, data: String) -> String {
let keyData = key.data(using: .utf8)!
let dataData = data.data(using: .utf8)!
var digest = [UInt8](repeating: 0, count: Int(CC_MD5_DIGEST_LENGTH))
keyData.withUnsafeBytes { keyBytes in
dataData.withUnsafeBytes { dataBytes in
CCHmac(
CCHmacAlgorithm(kCCHmacAlgMD5),
keyBytes.baseAddress!,
keyBytes.count,
dataBytes.baseAddress!,
dataBytes.count,
&digest
)
}
}
return digest.map { String(format: "%02x", $0) }.joined()
}
static func isValidIdentifyContact(_ input: String) -> Bool {
switch identifyContact(input) {
case .email, .phone:
true
default:
false
}
}
static func identifyContact(_ input: String) -> ContactType {
let trimmed = input.trimmingCharacters(in: .whitespacesAndNewlines)
// 1 11
let phoneRegex = /^1[3-9][0-9]{9}$/
//
let emailRegex = /^[A-Z0-9a-z._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,64}$/
if trimmed.wholeMatch(of: phoneRegex) != nil {
return .phone
} else if trimmed.wholeMatch(of: emailRegex) != nil {
return .email
} else {
return .invalid
}
}
}

106
punchnet/Core/SystemConfig.swift
View File

@ -9,63 +9,42 @@ import Foundation
struct SystemConfig { struct SystemConfig {
// //
static let version: Int = 1 static let version = 1
static let version_name = "1.1" static let version_name = "1.1"
static let build: Int = 123 //
static let installedChannel = "MacAppStore"
// // super
static let channel = "appstore" //static let superHost = "118.178.229.213"
static let serverHost = "root.punchsky.com" static let superHost = "punchnet.s5s8.com"
static let superPort = 18083
// stunip // stun
static let stunAssistHost = "root.punchsky.com" static let stunServers = "118.178.229.213:1265,1266;118.178.229.213:1265,1266"
//static let stunServers = "127.0.0.1:1265,1266;127.0.0.1:1265,1266"
// static func getOptions(networkCode: String, token: String, clientId: String, hostname: String, noticePort: Int) -> [String:NSObject]? {
static let systemInfo: String = { guard let superIp = DNSResolver.resolveAddrInfos(superHost).first else {
let version = ProcessInfo.processInfo.operatingSystemVersion return nil
return "macOS \(version.majorVersion).\(version.minorVersion)"
}()
static func getOptions(networkId: UInt32,
networkDomain: String,
ip: String,
maskLen: UInt8,
accessToken: String,
identityId: UInt32,
hostname: String,
exitNodeIp: String?) -> [String: NSObject] {
// guard let serverIp = DNSResolver.resolveAddrInfos(serverHost).first,
// let stunAssistIp = DNSResolver.resolveAddrInfos(stunAssistHost).first else {
// return nil
// }
let clientId = getClientId()
let mac = getMacAddress()
var options = [
"version": version as NSObject,
"client_id": clientId as NSObject,
"access_token": accessToken as NSObject,
"identity_id": identityId as NSObject,
"server_host": serverHost as NSObject,
"stun_assist_host": stunAssistHost as NSObject,
"hostname": hostname as NSObject,
"network_address": [
"network_id": networkId as NSObject,
"ip": ip as NSObject,
"mask_len": maskLen as NSObject,
"mac": mac as NSObject,
"network_domain": networkDomain as NSObject
] as NSObject
]
if let exitNodeIp {
options["exit_node_ip"] = exitNodeIp as NSObject
} }
let options = [
"version:": version as NSObject,
"installed_channel": installedChannel as NSObject,
"client_id": clientId as NSObject,
"network_code": networkCode as NSObject,
"token": token as NSObject,
"super_ip": superIp as NSObject,
"super_port": superPort as NSObject,
"stun_servers": stunServers as NSObject,
"remote_dns_server": superIp as NSObject,
"hostname": hostname as NSObject,
"notice_port": noticePort as NSObject
]
return options return options
} }
@ -81,35 +60,4 @@ struct SystemConfig {
} }
} }
// mac
public static func getMacAddress() -> Data {
let key = "gMacAddress2"
let userDefaults = UserDefaults.standard
if let mac = userDefaults.value(forKey: key) as? Data {
return mac
}
else {
let mac = generateMacAddress()
userDefaults.setValue(mac, forKey: key)
return mac
}
}
public static func macAddressString(mac: Data, separator: String = ":") -> String {
return mac.map { String(format: "%02X", $0) }
.joined(separator: separator)
}
// mac
private static func generateMacAddress() -> Data {
var macAddress = [UInt8](repeating: 0, count: 6)
for i in 0..<6 {
macAddress[i] = UInt8.random(in: 0...255)
}
return Data(macAddress)
}
} }

60
punchnet/Core/UDPNoticeCenterServer.swift Normal file
View File

@ -0,0 +1,60 @@
//
// UDPMessageCenterServer.swift
// sdlan
//
// Created by on 2024/5/20.
//
import Foundation
import NIOCore
import NIOPosix
import Combine
final class UDPNoticeCenterServer: ChannelInboundHandler {
public typealias InboundIn = AddressedEnvelope<ByteBuffer>
public typealias OutboundOut = AddressedEnvelope<ByteBuffer>
private var group: MultiThreadedEventLoopGroup?
private var channel: Channel?
var messageFlow = PassthroughSubject<NoticeMessage.InboundMessage, Never>()
public var port: Int = 0
func start() {
self.group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
let bootstrap = DatagramBootstrap(group: self.group!)
.channelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
.channelInitializer { channel in
channel.pipeline.addHandler(self)
}
self.channel = try! bootstrap.bind(host: "127.0.0.1", port: 0).wait()
self.port = self.channel?.localAddress?.port ?? 0
}
func stop() {
try? self.group?.syncShutdownGracefully()
}
// --MARK: ChannelInboundHandler
public func channelRead(context: ChannelHandlerContext, data: NIOAny) {
let envelope = self.unwrapInboundIn(data)
var buffer = envelope.data
let notice = NoticeMessage.decodeMessage(buffer: &buffer)
self.messageFlow.send(notice)
}
public func channelReadComplete(context: ChannelHandlerContext) {
// As we are not really interested getting notified on success or failure we just pass nil as promise to
// reduce allocations.
context.flush()
}
public func errorCaught(context: ChannelHandlerContext, error: Error) {
// As we are not really interested getting notified on success or failure we just pass nil as promise to
// reduce allocations.
context.close(promise: nil)
}
}

101
punchnet/Core/VPNManager.swift
View File

@ -8,35 +8,22 @@
import Foundation import Foundation
import NetworkExtension import NetworkExtension
import SwiftUI import SwiftUI
import Observation
enum VPNManagerError: Error {
case disconnected
}
// vpn // vpn
@Observable class VPNManager: ObservableObject {
class VPNManager {
static let shared = VPNManager() static let shared = VPNManager()
private var manager: NETunnelProviderManager? @Published var vpnStatus: VPNStatus = .disconnected
private var statusObserver: NSObjectProtocol? @Published var title: String = "启动"
@Published var color: Color = .white
var vpnStatus: VPNStatus = .disconnected
var isConnected: Bool = false
var vpnStatusStream: AsyncStream<VPNStatus>
private var vpnStatusCont: AsyncStream<VPNStatus>.Continuation
enum VPNStatus { enum VPNStatus {
case connecting
case connected case connected
case disconnecting
case disconnected case disconnected
} }
private init() { private init() {
(self.vpnStatusStream, self.vpnStatusCont) = AsyncStream.makeStream(of: VPNStatus.self)
} }
// vpn // vpn
@ -45,76 +32,37 @@ class VPNManager {
let manager = try await loadAndCreateProviderManager() let manager = try await loadAndCreateProviderManager()
try await manager.loadFromPreferences() try await manager.loadFromPreferences()
self.addVPNStatusObserver(manager) self.addVPNStatusObserver(manager)
try manager.connection.startVPNTunnel(options: options)
self.manager = manager try manager.connection.startVPNTunnel(options: options)
} }
// vpn // vpn
func disableVpn() async throws { func disableVpn() async throws {
guard let manager = self.manager else { let managers = try await NETunnelProviderManager.loadAllFromPreferences()
return managers.first?.connection.stopVPNTunnel()
}
try await manager.loadFromPreferences()
manager.connection.stopVPNTunnel()
self.manager = nil
}
func sendMessage(_ message: Data) async throws -> Data {
guard let session = self.manager?.connection as? NETunnelProviderSession else {
throw VPNManagerError.disconnected
}
guard session.status == .connected || session.status == .connecting else {
throw VPNManagerError.disconnected
}
return try await withCheckedThrowingContinuation { continuation in
do {
try session.sendProviderMessage(message) { responseData in
//
continuation.resume(returning: responseData ?? Data())
}
} catch {
//
continuation.resume(throwing: error)
}
}
} }
// MARK: - Private Methods // MARK: - Private Methods
// VPN // VPN
private func addVPNStatusObserver(_ manager: NETunnelProviderManager) { private func addVPNStatusObserver(_ manager: NETunnelProviderManager) {
if let statusObserver { NotificationCenter.default.removeObserver(self)
NotificationCenter.default.removeObserver(statusObserver)
self.statusObserver = nil
}
self.statusObserver = NotificationCenter.default.addObserver(forName: .NEVPNStatusDidChange, object: manager.connection, queue: .main) {[weak self] _ in NotificationCenter.default.addObserver(forName: .NEVPNStatusDidChange, object: manager.connection, queue: .main) { [unowned self] (notification) -> Void in
NSLog("status channge: \(manager.connection.status)") // vpn
switch manager.connection.status { switch manager.connection.status {
case .invalid, .disconnected: case .invalid, .disconnected, .disconnecting:
self?.vpnStatusCont.yield(.disconnected) self.vpnStatus = .disconnected
self?.vpnStatus = .disconnected self.title = "启动"
self?.isConnected = false self.color = .white
case .disconnecting: case .connecting, .connected, .reasserting:
self?.vpnStatusCont.yield(.disconnecting) self.vpnStatus = .connected
self?.vpnStatus = .disconnecting self.title = "停止"
self?.isConnected = false self.color = .red
case .connecting, .reasserting:
self?.vpnStatusCont.yield(.connecting)
self?.vpnStatus = .connecting
self?.isConnected = true
case .connected:
self?.vpnStatusCont.yield(.connected)
self?.vpnStatus = .connected
self?.isConnected = true
@unknown default: @unknown default:
self?.vpnStatusCont.yield(.disconnected) self.vpnStatus = .disconnected
self?.vpnStatus = .disconnected self.title = "启动"
self?.isConnected = false self.color = .red
} }
} }
} }
@ -144,10 +92,9 @@ class VPNManager {
return manager return manager
} }
deinit { deinit {
if let statusObserver { NotificationCenter.default.removeObserver(self)
NotificationCenter.default.removeObserver(statusObserver)
}
} }
} }

114
punchnet/Features/Auth/AuthService.swift
View File

@ -1,114 +0,0 @@
//
// NetworkSession.swift
// punchnet
//
// Created by on 2026/3/23.
//
import Foundation
struct AuthService {
private static let baseParams: [String: Any] = [
"client_id": SystemConfig.getClientId(),
"mac": SystemConfig.macAddressString(mac: SystemConfig.getMacAddress())
]
//
struct RegisterSession: Codable {
let sessionId: Int
enum CodingKeys: String, CodingKey {
case sessionId = "session_id"
}
}
//
struct ResetPasswordSession: Codable {
let sessionId: Int
enum CodingKeys: String, CodingKey {
case sessionId = "session_id"
}
}
static func loginWithAccountAndPassword(username: String, password: String) async throws -> NetworkSession {
var params: [String: Any] = [
"username": username,
"password": password,
"system": SystemConfig.systemInfo,
"version": SystemConfig.version_name
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/auth/login", params: params, as: NetworkSession.self)
}
static func loginWithToken(token: String) async throws -> NetworkSession {
var params: [String: Any] = [
"token": token,
"system": SystemConfig.systemInfo,
"version": SystemConfig.version_name
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/auth/token", params: params, as: NetworkSession.self)
}
static func requestRegisterVerifyCode(phoneNumber: String) async throws -> RegisterSession {
var params: [String: Any] = [
"username": phoneNumber
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/register/sendVerfiyCode", params: params, as: RegisterSession.self)
}
static func submitRegisterVerifyCode(sessionId: Int, verifyCode: String) async throws -> String {
var params: [String: Any] = [
"session_id": sessionId,
"code": verifyCode,
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/register/verfiyCode", params: params, as: String.self)
}
static func register(sessionId: Int, password: String) async throws -> String {
var params: [String: Any] = [
"session_id": sessionId,
"password": password
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/register/submit", params: params, as: String.self)
}
static func requestResetPasswordVerifyCode(phoneNumber: String) async throws -> ResetPasswordSession {
var params: [String: Any] = [
"username": phoneNumber
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/password/sendVerfiyCode", params: params, as: ResetPasswordSession.self)
}
static func submitResetPasswordVerifyCode(sessionId: Int, verifyCode: String) async throws -> String {
var params: [String: Any] = [
"session_id": sessionId,
"code": verifyCode,
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/password/verfiyCode", params: params, as: String.self)
}
static func resetPassword(sessionId: Int, newPassword: String) async throws -> String {
var params: [String: Any] = [
"session_id": sessionId,
"new_password": newPassword,
]
params.merge(baseParams) {$1}
return try await SDLAPIClient.doPost(path: "/password/reset", params: params, as: String.self)
}
}

41
punchnet/Features/Auth/ViewModels/RegisterModel.swift
View File

@ -1,41 +0,0 @@
//
// LoginState.swift
// punchnet
//
// Created by on 2026/1/16.
//
import Foundation
import Observation
import SwiftUI
@Observable
class RegisterModel {
enum Stage: Equatable {
case requestVerifyCode
case submitVerifyCode
case setPassword
case success
}
//
var phoneNumber: String = ""
var sessionId: Int = 0
var stage: Stage = .requestVerifyCode
var transitionEdge: Edge = .trailing //
func requestVerifyCode(phoneNumber: String) async throws -> AuthService.RegisterSession {
return try await AuthService.requestRegisterVerifyCode(phoneNumber: phoneNumber)
}
func submitVerifyCode(sessionId: Int, verifyCode: String) async throws -> String {
return try await AuthService.submitRegisterVerifyCode(sessionId: sessionId, verifyCode: verifyCode)
}
func register(sessionId: Int, password: String) async throws -> String {
return try await AuthService.register(sessionId: sessionId, password: password)
}
}

41
punchnet/Features/Auth/ViewModels/ResetPasswordModel.swift
View File

@ -1,41 +0,0 @@
//
// LoginState.swift
// punchnet
//
// Created by on 2026/1/16.
//
import Foundation
import Observation
import SwiftUI
@Observable
class ResetPasswordModel {
enum Stage: Equatable {
case requestVerifyCode
case submitVerifyCode
case resetPassword
case success
}
var stage: Stage = .requestVerifyCode
var transitionEdge: Edge = .trailing //
//
var phoneNumber: String = ""
var sessionId: Int = 0
func requestVerifyCode(phoneNumber: String) async throws -> AuthService.ResetPasswordSession {
return try await AuthService.requestResetPasswordVerifyCode(phoneNumber: phoneNumber)
}
func submitVerifyCode(sessionId: Int, verifyCode: String) async throws -> String {
return try await AuthService.submitResetPasswordVerifyCode(sessionId: sessionId, verifyCode: verifyCode)
}
func resetPassword(sessionId: Int, newPassword: String) async throws -> String {
return try await AuthService.resetPassword(sessionId: sessionId, newPassword: newPassword)
}
}

296
punchnet/Features/Auth/Views/LoginView.swift
View File

@ -1,296 +0,0 @@
//
// LoginView.swift
// punchnet
//
// Created by on 2026/1/15.
//
import SwiftUI
import Observation
// MARK: -
struct LoginView: View {
@State private var authMethod: AuthMethod = .account
var username: String?
enum AuthMethod: String, CaseIterable {
case account = "账户登录"
case token = "密钥认证"
}
var body: some View {
ZStack {
Color.clear
VStack(spacing: 0) {
// Logo
VStack(spacing: 12) {
ZStack {
Circle()
.fill(Color.accentColor.opacity(0.1))
.frame(width: 80, height: 80)
Image(systemName: "network") // 使 SF Symbol
.font(.system(size: 38, weight: .semibold))
.foregroundColor(.accentColor)
}
Text("PunchNet")
.font(.system(size: 24, weight: .bold, design: .rounded))
.tracking(1)
}
.padding(.top, 40)
.padding(.bottom, 30)
//
Picker("", selection: $authMethod) {
ForEach(AuthMethod.allCases, id: \.self) { method in
Text(method.rawValue).tag(method)
}
}
.pickerStyle(.segmented)
.frame(width: 220)
.padding(.bottom, 30)
//
ZStack {
switch authMethod {
case .account:
LoginAccountView(username: self.username ?? "")
.transition(.move(edge: .leading).combined(with: .opacity))
case .token:
LoginTokenView()
.transition(.move(edge: .trailing).combined(with: .opacity))
}
}
.animation(.spring(response: 0.3, dampingFraction: 0.8), value: authMethod)
.frame(height: 180)
Spacer()
//
HStack(spacing: 4) {
Circle()
.fill(Color.green)
.frame(width: 8, height: 8)
Text("服务状态正常")
.font(.system(size: 11))
.foregroundColor(.secondary)
}
.padding(.bottom, 20)
}
}
}
}
// MARK: -
struct LoginAccountView: View {
@Environment(AppContext.self) var appContext: AppContext
@State var username: String = ""
@State private var password: String = ""
@State private var isLoading = false
//
@State private var showAlert: Bool = false
@State private var errorMessage: String = ""
var body: some View {
VStack(spacing: 16) {
VStack(alignment: .leading, spacing: 12) {
//
CustomTextField(title: "手机号/邮箱", text: $username, icon: "person.fill")
VStack(alignment: .trailing, spacing: 4) {
CustomSecureField(title: "密码", text: $password, icon: "lock.fill")
HStack {
Button("注册") {
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .register
}
}
.buttonStyle(.link)
.font(.system(size: 11))
.foregroundColor(.secondary)
Button("忘记密码?") {
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .resetPassword
}
}
.buttonStyle(.link)
.font(.system(size: 11))
.foregroundColor(.secondary)
}
}
}
.frame(width: 280)
//
Button(action: {
Task { @MainActor in
await self.login()
}
}) {
HStack {
if isLoading {
ProgressView()
.controlSize(.small)
.padding(.trailing, 4)
}
Text("登录网络")
.fontWeight(.medium)
}
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.frame(width: 280)
.keyboardShortcut(.defaultAction) //
.disabled(username.isEmpty || password.isEmpty || isLoading)
}
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(self.errorMessage))
}
.onAppear {
if let (cacheUsername, cachePassword) = self.appContext.loadCacheUsernameAndPassword() {
self.username = cacheUsername
self.password = cachePassword
}
}
}
private func login() async {
self.isLoading = true
defer {
self.isLoading = false
}
do {
_ = try await appContext.loginWith(username: username, password: password)
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .logined
}
} catch let err as SDLAPIError {
self.showAlert = true
self.errorMessage = err.message
} catch let err {
self.showAlert = true
self.errorMessage = err.localizedDescription
}
}
}
// MARK: -
struct LoginTokenView: View {
@Environment(AppContext.self) var appContext: AppContext
@State private var token = ""
@State private var isLoading = false
//
@State private var showAlert: Bool = false
@State private var errorMessage: String = ""
var body: some View {
VStack(spacing: 20) {
CustomTextField(title: "请输入认证密钥 (Token)", text: $token, icon: "key.fill")
.frame(width: 280)
Button(action: {
Task { @MainActor in
await self.login()
}
}) {
Text("验证并连接")
.fontWeight(.medium)
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.frame(width: 280)
.disabled(token.isEmpty || isLoading)
}
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(self.errorMessage))
}
.onAppear {
if let cacheToken = self.appContext.loadCacheToken() {
self.token = cacheToken
}
}
}
private func login() async {
self.isLoading = true
defer {
self.isLoading = false
}
do {
_ = try await appContext.loginWith(token: token)
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .logined
}
} catch let err as SDLAPIError {
self.showAlert = true
self.errorMessage = err.message
} catch let err {
self.showAlert = true
self.errorMessage = err.localizedDescription
}
}
}
// MARK: - UI
struct CustomTextField: View {
let title: String
@Binding var text: String
let icon: String
var body: some View {
HStack {
Image(systemName: icon)
.foregroundColor(.secondary)
.frame(width: 20)
TextField(title, text: $text)
.textFieldStyle(.plain)
}
.padding(8)
.background(Color(NSColor.controlBackgroundColor).opacity(0.5))
.cornerRadius(6)
.overlay(RoundedRectangle(cornerRadius: 6).stroke(Color.secondary.opacity(0.2), lineWidth: 1))
}
}
struct CustomSecureField: View {
let title: String
@Binding var text: String
let icon: String
var body: some View {
HStack {
Image(systemName: icon)
.foregroundColor(.secondary)
.frame(width: 20)
SecureField(title, text: $text)
.textFieldStyle(.plain)
}
.padding(8)
.background(Color(NSColor.controlBackgroundColor).opacity(0.5))
.cornerRadius(6)
.overlay(RoundedRectangle(cornerRadius: 6).stroke(Color.secondary.opacity(0.2), lineWidth: 1))
}
}
#Preview {
LoginView()
.environment(AppContext())
}

498
punchnet/Features/Auth/Views/RegisterView.swift
View File

@ -1,498 +0,0 @@
//
// ResetPasswordView.swift
// punchnet
//
// Created by on 2026/3/9.
//
import SwiftUI
import Observation
// MARK: -
struct RegisterRootView: View {
@State private var registerModel = RegisterModel()
@Environment(AppContext.self) private var appContext: AppContext
var body: some View {
ZStack(alignment: .center) {
Color.clear
ZStack(alignment: .center) {
switch registerModel.stage {
case .requestVerifyCode:
RegisterRequestVerifyCodeView()
case .submitVerifyCode:
RegisterSubmitVerifyCodeView()
case .setPassword:
RegisterSetPasswordView()
case .success:
RegisterSuccessView()
}
}
.transition(.asymmetric(
insertion: .move(edge: registerModel.transitionEdge).combined(with: .opacity),
removal: .move(edge: registerModel.transitionEdge == .trailing ? .leading : .trailing).combined(with: .opacity)
))
}
.environment(registerModel)
// --- 使 overlay ---
.overlay(alignment: .topLeading) {
//
switch registerModel.stage {
case .success:
EmptyView()
default:
Button(action: {
//
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .login(username: nil)
}
}) {
HStack {
Image(systemName: "chevron.left")
.font(.system(size: 16, weight: .semibold))
.padding(5)
Text("首页")
.font(.system(size: 16, weight: .regular))
}
.contentShape(Rectangle()) //
}
.buttonStyle(.plain)
.padding([.top, .leading], 16) //
.transition(.opacity) //
}
}
}
}
// MARK: -
struct PunchTextField: View {
let icon: String
let placeholder: String
@Binding var text: String
var isSecure: Bool = false
var isDisabled: Bool = false
var body: some View {
HStack(spacing: 12) {
Image(systemName: icon)
.foregroundColor(.secondary)
.frame(width: 20)
if isSecure {
SecureField(placeholder, text: $text)
.textFieldStyle(.plain)
} else {
TextField(placeholder, text: $text)
.textFieldStyle(.plain)
.disabled(isDisabled)
}
}
.padding(10)
.background(Color.primary.opacity(isDisabled ? 0.02 : 0.05))
.cornerRadius(8)
.overlay(
RoundedRectangle(cornerRadius: 8)
.stroke(Color.primary.opacity(0.1), lineWidth: 1)
)
}
}
// MARK: -
struct RegisterRequestVerifyCodeView: View {
@Environment(RegisterModel.self) var registerModel: RegisterModel
@State private var isProcessing = false
//
@State private var showAlert: Bool = false
@State private var errorMessage: String = ""
var body: some View {
@Bindable var model = registerModel
VStack(spacing: 24) {
headerSection(title: "创建个人网络", subtitle: "输入手机号开始注册")
VStack(spacing: 16) {
PunchTextField(icon: "phone.fill", placeholder: "手机号", text: $model.phoneNumber)
}
.frame(width: 280)
Button(action: {
Task { @MainActor in
await self.requestVerifyCode(phoneNumber: model.phoneNumber)
}
}) {
Text("获取验证码")
.fontWeight(.medium)
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.frame(width: 280)
.disabled(SDLUtil.identifyContact(model.phoneNumber) != .phone || isProcessing)
}
.padding(40)
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(self.errorMessage))
}
}
private func requestVerifyCode(phoneNumber: String) async {
self.isProcessing = true
defer {
self.isProcessing = false
}
if phoneNumber.isEmpty {
self.showAlert = true
self.errorMessage = "手机号为空"
return
}
switch SDLUtil.identifyContact(phoneNumber) {
case .phone:
do {
let registerSession = try await self.registerModel.requestVerifyCode(phoneNumber: phoneNumber)
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.registerModel.stage = .submitVerifyCode
self.registerModel.phoneNumber = phoneNumber
self.registerModel.sessionId = registerSession.sessionId
self.registerModel.transitionEdge = .trailing
}
} catch let err as SDLAPIError {
self.showAlert = true
self.errorMessage = err.message
} catch let err {
self.showAlert = true
self.errorMessage = err.localizedDescription
}
default:
self.showAlert = true
self.errorMessage = "手机号格式错误"
}
}
}
// MARK: -
struct RegisterSubmitVerifyCodeView: View {
@Environment(RegisterModel.self) var registerModel: RegisterModel
@State private var code: String = ""
@State private var isProcessing = false
//
@State private var showAlert: Bool = false
@State private var errorMessage: String = ""
// 使
@State private var isEnabled: Bool = false
@State private var remainingSeconds = 60
@State private var timer: Timer? = nil
//
var validInputCode: Bool {
return !self.code.isEmpty && self.code.count == 6 && self.code.allSatisfy {$0.isNumber}
}
var body: some View {
VStack(spacing: 24) {
headerSection(title: "身份验证", subtitle: "验证码已发送至 \(registerModel.phoneNumber)")
VStack(alignment: .trailing, spacing: 16) {
PunchTextField(icon: "envelope.badge", placeholder: "输入 6 位验证码", text: $code)
Button {
Task { @MainActor in
await self.resendVerifyCodeAction(phoneNumber: registerModel.phoneNumber)
}
} label: {
if isEnabled {
Text("没有收到?重新获取")
} else {
Text("重新获取 (\(remainingSeconds)s)")
}
}
.buttonStyle(.link)
.font(.caption)
.disabled(!isEnabled) //
}
.frame(width: 280)
VStack(spacing: 12) {
Button(action: {
Task { @MainActor in
await self.submitVerifyCode(sessionId: registerModel.sessionId)
}
}) {
Text("验证并设置密码")
.fontWeight(.medium)
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.disabled(!self.validInputCode)
Button("返回上一步") {
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.registerModel.stage = .requestVerifyCode
self.registerModel.transitionEdge = .leading
}
}
.buttonStyle(.plain)
.foregroundColor(.secondary)
}
.frame(width: 280)
}
.padding(40)
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(errorMessage))
}
.task {
await self.startCountdown()
}
}
//
private func resendVerifyCodeAction(phoneNumber: String) async {
do {
let result = try await self.registerModel.requestVerifyCode(phoneNumber: phoneNumber)
print("send verify code result: \(result)")
} catch let err {
print("resend verify get error: \(err)")
}
//
await self.startCountdown()
}
//
private func startCountdown() async {
self.isEnabled = false
self.remainingSeconds = 60
for sec in (1...self.remainingSeconds).reversed() {
self.remainingSeconds = sec
try? await Task.sleep(nanoseconds: 1_000_000_000)
}
self.isEnabled = true
}
//
private func submitVerifyCode(sessionId: Int) async {
self.isProcessing = true
defer {
self.isProcessing = false
}
do {
_ = try await self.registerModel.submitVerifyCode(sessionId: sessionId, verifyCode: self.code)
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.registerModel.stage = .setPassword
self.registerModel.transitionEdge = .trailing
}
} catch let err as SDLAPIError {
self.showAlert = true
self.errorMessage = err.message
} catch let err {
self.showAlert = true
self.errorMessage = err.localizedDescription
}
}
}
// MARK: -
struct RegisterSetPasswordView: View {
@Environment(RegisterModel.self) var registerModel: RegisterModel
@State private var password = ""
@State private var confirm = ""
@State private var isProcessing = false
//
@State private var showAlert: Bool = false
@State private var errorMessage: String = ""
//
var passwordError: String? {
if password.isEmpty || confirm.isEmpty {
return nil
}
if password != confirm {
return "两次输入的密码不一致"
}
if password.count < 8 {
return "密码至少需要 8 位"
}
return nil
}
var body: some View {
VStack(spacing: 24) {
headerSection(title: "设置安全密码", subtitle: "最后一步,请确保密码足够强大")
VStack(spacing: 12) {
PunchTextField(icon: "lock.shield", placeholder: "新密码", text: $password, isSecure: true)
PunchTextField(icon: "lock.shield", placeholder: "确认密码", text: $confirm, isSecure: true)
if let error = passwordError {
Text(error)
.font(.caption)
.foregroundColor(.red)
.frame(width: 280, alignment: .leading)
}
}
.frame(width: 280)
Button(action: {
Task { @MainActor in
await self.handleRegister(sessionId: registerModel.sessionId)
}
}) {
if isProcessing {
ProgressView()
.controlSize(.small)
} else {
Text("完成注册")
.fontWeight(.medium)
.frame(maxWidth: .infinity)
}
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.frame(width: 280)
.disabled(passwordError != nil)
}
.padding(40)
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(self.errorMessage))
}
}
private func handleRegister(sessionId: Int) async {
self.isProcessing = true
defer {
self.isProcessing = false
}
do {
_ = try await self.registerModel.register(sessionId: sessionId, password: self.password)
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.registerModel.stage = .success
self.registerModel.transitionEdge = .trailing
}
} catch let err as SDLAPIError {
self.showAlert = true
self.errorMessage = err.message
} catch {
self.showAlert = true
self.errorMessage = "注册失败,重稍后重试"
}
}
}
// MARK:
struct RegisterSuccessView: View {
@Environment(AppContext.self) private var appContext: AppContext
@Environment(RegisterModel.self) private var registerModel: RegisterModel
// MARK: -
@State private var animateIcon: Bool = false //
@State private var animateText: Bool = false //
var body: some View {
VStack(spacing: 32) {
Spacer()
// MARK: - ()
ZStack {
//
Circle()
.fill(Color.green.opacity(0.1))
.frame(width: 100, height: 100)
//
.scaleEffect(animateIcon ? 1.1 : 0.95)
.opacity(animateIcon ? 0.8 : 1.0)
// Checkmark
Image(systemName: "checkmark.seal.fill")
.font(.system(size: 56))
.foregroundStyle(.green.gradient)
// Checkmark
.scaleEffect(animateIcon ? 1.05 : 1.0)
}
//
.transition(.move(edge: .bottom).combined(with: .opacity))
// MARK: -
VStack(spacing: 32) {
VStack(spacing: 12) {
Text("注册成功")
.font(.title.bold())
Text("您的 PunchNet 账号已就绪。\n现在可以登录并开始构建您的私有网络了。")
.font(.subheadline)
.foregroundColor(.secondary)
.multilineTextAlignment(.center)
}
Button(action: {
//
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .login(username: registerModel.phoneNumber)
}
}) {
Text("立即开始使用")
.fontWeight(.bold)
.frame(width: 200)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.tint(.green)
}
//
.opacity(animateText ? 1.0 : 0.0)
.offset(y: animateText ? 0 : 20)
}
.padding(40)
.frame(maxWidth: .infinity, maxHeight: .infinity)
.background(Color(NSColor.windowBackgroundColor)) //
.onAppear {
self.startAnimations()
}
}
// MARK: -
private func startAnimations() {
// 1.
withAnimation(.easeInOut(duration: 1.5).repeatForever(autoreverses: true)) {
animateIcon = true
}
// 2. 0.4 使
withAnimation(.spring(duration: 0.6, bounce: 0.3).delay(0.4)) {
animateText = true
}
}
}
// MARK: -
extension View {
func headerSection(title: String, subtitle: String) -> some View {
VStack(spacing: 8) {
Image(systemName: "shield.lefthalf.filled")
.font(.system(size: 42))
.foregroundStyle(.blue.gradient)
Text(title)
.font(.title2.bold())
Text(subtitle)
.font(.subheadline)
.foregroundColor(.secondary)
.multilineTextAlignment(.center)
}
}
}

391
punchnet/Features/Auth/Views/ResetPasswordView.swift
View File

@ -1,391 +0,0 @@
//
// ResetPasswordView.swift
// punchnet
//
// Created by on 2026/3/9.
//
import SwiftUI
import Observation
// MARK: - 1.
struct ResetPasswordRootView: View {
@State private var resetPasswordModel = ResetPasswordModel()
@Environment(AppContext.self) private var appContext: AppContext
var body: some View {
ZStack(alignment: .center) {
Color.clear
ZStack(alignment: .center) {
switch resetPasswordModel.stage {
case .requestVerifyCode:
GetVerifyCodeView()
case .submitVerifyCode:
SubmitVerifyCodeView()
case .resetPassword:
ResetPasswordView()
case .success:
ResetPasswordSuccessView()
}
}
.transition(.asymmetric(
insertion: .move(edge: resetPasswordModel.transitionEdge).combined(with: .opacity),
removal: .move(edge: resetPasswordModel.transitionEdge == .trailing ? .leading : .trailing).combined(with: .opacity)
))
}
.environment(resetPasswordModel)
.overlay(alignment: .topLeading) {
//
if resetPasswordModel.stage != .success {
Button(action: {
//
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .login(username: nil)
}
}) {
HStack {
Image(systemName: "chevron.left")
.font(.system(size: 16, weight: .semibold))
.padding(5)
Text("首页")
.font(.system(size: 16, weight: .regular))
}
.contentShape(Rectangle()) //
}
.buttonStyle(.plain)
.padding([.top, .leading], 16) //
.transition(.opacity) //
}
}
}
}
// MARK: - 2.
struct GetVerifyCodeView: View {
@Environment(ResetPasswordModel.self) var resetPasswordModel
@State private var isProcessing = false
@State private var showAlert = false
@State private var errorMessage = ""
var body: some View {
@Bindable var model = resetPasswordModel
VStack(spacing: 24) {
headerSection(title: "重置密码", subtitle: "请输入关联的手机号来验证身份")
PunchTextField(icon: "phone.fill", placeholder: "手机号", text: $model.phoneNumber)
.frame(width: 280)
Button {
Task { @MainActor in
await self.sendVerifyCode(phoneNumber: model.phoneNumber)
}
} label: {
Text("获取验证码")
.fontWeight(.medium)
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.frame(width: 280)
.disabled(SDLUtil.identifyContact(model.phoneNumber) != .phone || isProcessing)
}
.padding(40)
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(errorMessage))
}
}
//
private func sendVerifyCode(phoneNumber: String) async {
self.isProcessing = true
defer {
self.isProcessing = false
}
do {
let resetSession = try await resetPasswordModel.requestVerifyCode(phoneNumber: phoneNumber)
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.resetPasswordModel.stage = .submitVerifyCode
self.resetPasswordModel.phoneNumber = phoneNumber
self.resetPasswordModel.sessionId = resetSession.sessionId
self.resetPasswordModel.transitionEdge = .trailing
}
} catch {
self.errorMessage = error.localizedDescription
self.showAlert = true
}
}
}
// MARK: - 3.
struct SubmitVerifyCodeView: View {
@Environment(ResetPasswordModel.self) var resetPasswordModel: ResetPasswordModel
@State private var code: String = ""
@State private var isProcessing = false
//
@State private var remainingSeconds = 60
@State private var isResendEnabled = false
//
@State private var showAlert = false
@State private var errorMessage = ""
var validInputCode: Bool {
return !self.code.isEmpty && self.code.count == 6 && self.code.allSatisfy {$0.isNumber}
}
var body: some View {
VStack(spacing: 24) {
headerSection(title: "身份验证", subtitle: "验证码已发送至 \(self.resetPasswordModel.phoneNumber)")
VStack(alignment: .trailing, spacing: 16) {
PunchTextField(icon: "envelope.badge", placeholder: "输入 6 位验证码", text: $code)
Button(isResendEnabled ? "重新获取" : "重新获取 (\(remainingSeconds)s)") {
Task { @MainActor in
await self.resendAction(phoneNumber: self.resetPasswordModel.phoneNumber)
}
}
.buttonStyle(.link)
.font(.caption)
.disabled(!isResendEnabled)
}
.frame(width: 280)
VStack(spacing: 12) {
Button {
Task { @MainActor in
await self.submitAction(sessionId: self.resetPasswordModel.sessionId)
}
} label: {
Text("验证并继续")
.fontWeight(.medium)
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.disabled(!validInputCode)
Button("返回上一步") {
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.resetPasswordModel.stage = .requestVerifyCode
self.resetPasswordModel.transitionEdge = .leading
}
}
.buttonStyle(.plain)
.foregroundColor(.secondary)
}
.frame(width: 280)
}
.padding(40)
.task {
await startCountdown()
}
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(self.errorMessage))
}
}
private func resendAction(phoneNumber: String) async {
_ = try? await resetPasswordModel.requestVerifyCode(phoneNumber: phoneNumber)
await startCountdown()
}
private func startCountdown() async {
self.isResendEnabled = false
self.remainingSeconds = 60
while remainingSeconds > 0 {
try? await Task.sleep(nanoseconds: 1_000_000_000)
self.remainingSeconds -= 1
}
self.isResendEnabled = true
}
private func submitAction(sessionId: Int) async {
self.isProcessing = true
defer {
self.isProcessing = false
}
do {
let result = try await resetPasswordModel.submitVerifyCode(sessionId: sessionId, verifyCode: code)
NSLog("reset password submit verify code result: \(result)")
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.resetPasswordModel.stage = .resetPassword
self.resetPasswordModel.transitionEdge = .trailing
}
} catch let err as SDLAPIError {
self.showAlert = true
self.errorMessage = err.message
} catch let err {
self.showAlert = true
self.errorMessage = err.localizedDescription
}
}
}
// MARK: - 4.
struct ResetPasswordView: View {
@Environment(ResetPasswordModel.self) var resetPasswordModel: ResetPasswordModel
@State private var password = ""
@State private var confirm = ""
@State private var isProcessing = false
//
@State private var showAlert = false
@State private var errorMessage = ""
//
var isInputValid: Bool {
!password.isEmpty && password == confirm && password.count >= 8
}
//
var passwordError: String? {
if password.isEmpty || confirm.isEmpty {
return nil
}
if password != confirm {
return "两次输入的密码不一致"
}
if password.count < 8 {
return "密码至少需要 8 位"
}
return nil
}
var body: some View {
VStack(spacing: 24) {
headerSection(title: "设置新密码", subtitle: "请为手机号 \(self.resetPasswordModel.phoneNumber) 设置一个强密码")
VStack(spacing: 12) {
PunchTextField(icon: "lock.shield", placeholder: "新密码 (至少8位)", text: $password, isSecure: true)
PunchTextField(icon: "lock.shield", placeholder: "确认新密码", text: $confirm, isSecure: true)
if let passwordError = self.passwordError {
Text(passwordError)
.font(.caption)
.foregroundColor(.red)
.frame(width: 280, alignment: .leading)
}
}
.frame(width: 280)
Button {
Task { @MainActor in
await self.handleReset(sessionId: self.resetPasswordModel.sessionId)
}
} label: {
Text("重置密码并登录")
.fontWeight(.medium)
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.frame(width: 280)
.disabled(!isInputValid || isProcessing)
}
.padding(40)
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(self.errorMessage))
}
}
private func handleReset(sessionId: Int) async {
self.isProcessing = true
defer {
self.isProcessing = false
}
do {
let result = try await resetPasswordModel.resetPassword(sessionId: sessionId, newPassword: password)
print("密码重置成功: \(result)")
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.resetPasswordModel.stage = .success
self.resetPasswordModel.transitionEdge = .trailing
}
} catch {
self.showAlert = true
self.errorMessage = "重置失败, 请稍后重试"
}
}
}
struct ResetPasswordSuccessView: View {
@Environment(AppContext.self) var appContext: AppContext
@Environment(ResetPasswordModel.self) var resetPasswordModel: ResetPasswordModel
//
@State private var animateIcon = false
@State private var animateText = false
var body: some View {
VStack(spacing: 32) {
Spacer()
// (使绿)
ZStack {
Circle()
.fill(Color.blue.opacity(0.1))
.frame(width: 100, height: 100)
.scaleEffect(animateIcon ? 1.1 : 0.95)
.opacity(animateIcon ? 0.8 : 1.0)
Image(systemName: "lock.circle.fill")
.font(.system(size: 56))
.foregroundStyle(.blue.gradient)
.scaleEffect(animateIcon ? 1.05 : 1.0)
}
.transition(.move(edge: .bottom).combined(with: .opacity))
VStack(spacing: 32) {
VStack(spacing: 12) {
Text("密码重置成功")
.font(.title2.bold())
Text("您的新密码已生效。\n为了安全,建议您立即尝试使用新密码登录。")
.font(.subheadline)
.foregroundColor(.secondary)
.multilineTextAlignment(.center)
}
Button(action: {
withAnimation(.spring(duration: 0.6, bounce: 0.2)) {
self.appContext.appScene = .login(username: self.resetPasswordModel.phoneNumber)
}
}) {
Text("返回登录")
.fontWeight(.bold)
.frame(width: 200)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
.tint(.blue)
}
.opacity(animateText ? 1.0 : 0.0)
.offset(y: animateText ? 0 : 20)
}
.padding(40)
.frame(maxWidth: .infinity, maxHeight: .infinity)
.onAppear {
withAnimation(.easeInOut(duration: 1.5).repeatForever(autoreverses: true)) {
animateIcon = true
}
withAnimation(.spring(duration: 0.6, bounce: 0.3).delay(0.4)) {
animateText = true
}
}
}
}

80
punchnet/Features/MenuBar/Views/MainMenuBar.swift
View File

@ -1,80 +0,0 @@
//
// MainMenuBar.swift
// punchnet
//
// Created by on 2026/3/24.
//
import SwiftUI
struct MainMenuBar: View {
@State private var vpnManager = VPNManager.shared
@Environment(AppContext.self) private var appContext: AppContext
@Environment(\.openWindow) private var openWindow
var body: some View {
VStack {
switch self.vpnManager.vpnStatus {
case .connected:
Button(action: {
Task { @MainActor in
try await appContext.stopTun()
}
}, label: {
Text("停止")
})
case .connecting:
Button(action: {
}, label: {
Text("连接中...")
})
.disabled(true)
case .disconnecting:
Button(action: {
}, label: {
Text("断开中...")
})
.disabled(true)
case .disconnected:
Button(action: {
Task { @MainActor in
await self.startVPN()
}
}, label: {
Text("启动")
})
}
Divider()
Button("打开控制面板") {
openWindow(id: "main")
}
SettingsLink {
Text("设置")
}
.buttonStyle(.plain)
Divider()
Button(action: {
NSApplication.shared.terminate(nil)
}, label: {
Text("退出应用")
})
}
}
private func startVPN() async {
do {
if appContext.networkContext == nil {
try await appContext.connectNetwork()
}
try await appContext.startTun()
} catch {
NSLog("menu start vpn failed: \(error)")
}
}
}

34
punchnet/Features/Network/NetworkService.swift
View File

@ -1,34 +0,0 @@
//
// SDLAPIClient+Network.swift
// punchnet
//
// Created by on 2026/3/24.
//
import Foundation
struct NetworkService {
static func connectNetwork(accesToken: String) async throws -> NetworkContext {
let params: [String: Any] = [
"client_id": SystemConfig.getClientId(),
"access_token": accesToken
]
return try await SDLAPIClient.doPost(path: "/connect", params: params, as: NetworkContext.self)
}
static func loadNodeResources(accesToken: String, id: Int) async -> [NetworkContext.Resource] {
let params: [String: Any] = [
"client_id": SystemConfig.getClientId(),
"access_token": accesToken,
"id": id
]
if let detail = try? await SDLAPIClient.doPost(path: "/get_node_resources", params: params, as: NetworkContext.NodeDetail.self) {
return detail.resourceList
}
return []
}
}

392
punchnet/Features/Network/ViewModels/NetworkModel.swift
View File

@ -1,392 +0,0 @@
//
// NetworkModel.swift
// punchnet
//
// Created by on 2026/4/17.
//
import Foundation
import Observation
@Observable
final class NetworkModel {
@ObservationIgnored
private weak var appContext: AppContext?
@ObservationIgnored
private let vpnManager = VPNManager.shared
@ObservationIgnored
private var vpnStatusTask: Task<Void, Never>?
var showMode: NetworkShowMode = .resource
var phase: NetworkConnectionPhase = .disconnected
var networkSession: NetworkSession?
var networkContext: NetworkContext?
var selectedExitNodeIp: String?
var selectedNodeId: Int?
private(set) var nodeResourcesById: [Int: [NetworkContext.Resource]] = [:]
private(set) var loadingNodeIDs: Set<Int> = []
private(set) var isUpdatingExitNode: Bool = false
private(set) var errorMessage: String?
deinit {
self.vpnStatusTask?.cancel()
}
var isBusy: Bool {
switch self.phase {
case .connecting, .disconnecting:
return true
case .connected, .disconnected:
return self.isUpdatingExitNode
}
}
var isTunnelEnabled: Bool {
switch self.phase {
case .connecting, .connected:
return true
case .disconnecting, .disconnected:
return false
}
}
var shouldShowModePicker: Bool {
self.phase == .connected
}
var resourceList: [NetworkContext.Resource] {
self.networkContext?.resourceList ?? []
}
var nodeList: [NetworkContext.Node] {
self.networkContext?.nodeList ?? []
}
var selectedNode: NetworkContext.Node? {
self.networkContext?.getNode(id: self.selectedNodeId)
}
var canSelectExitNode: Bool {
guard self.networkSession != nil else {
return false
}
guard !self.isUpdatingExitNode else {
return false
}
switch self.phase {
case .connected:
return self.networkContext != nil || self.selectedExitNodeIp != nil
case .disconnected:
return self.selectedExitNodeIp != nil
case .connecting, .disconnecting:
return false
}
}
var exitNodeOptions: [ExitNodeOption] {
guard let networkContext = self.networkContext else {
return []
}
return networkContext.exitNodeList.compactMap { exitNode in
guard let node = networkContext.getNode(id: exitNode.nnid) else {
return nil
}
return ExitNodeOption(
id: exitNode.nnid,
nodeName: exitNode.nodeName,
ip: node.ip
)
}
}
var selectedExitNode: ExitNodeOption? {
guard let selectedExitNodeIp = self.selectedExitNodeIp else {
return nil
}
return self.exitNodeOptions.first(where: { $0.ip == selectedExitNodeIp })
?? ExitNodeOption(
id: -1,
nodeName: "已保存出口节点",
ip: selectedExitNodeIp
)
}
var exitNodeHelpText: String {
if self.isUpdatingExitNode {
return "正在更新出口节点"
}
if self.networkContext == nil {
return "建立连接后可选择当前网络的出口节点"
}
return "切换当前网络流量的出口节点,也可以保持未设置"
}
func activate(appContext: AppContext) async {
if self.appContext !== appContext {
self.appContext = appContext
}
self.startObservingVPNStatusIfNeeded()
await self.handleVPNStatusChange(self.vpnManager.vpnStatus)
}
func clearError() {
self.errorMessage = nil
}
func setConnectionEnabled(_ enabled: Bool) async {
if enabled {
await self.connect()
} else {
await self.disconnect()
}
}
func connect() async {
guard let appContext = self.appContext else {
return
}
guard !self.isBusy else {
return
}
self.errorMessage = nil
self.phase = .connecting
do {
if appContext.networkContext == nil {
try await appContext.connectNetwork()
}
self.syncSharedStateFromAppContext()
await self.applyNetworkContext(appContext.networkContext)
try await appContext.startTun()
if self.vpnManager.vpnStatus == .connected {
self.phase = .connected
}
} catch let err as SDLAPIError {
self.errorMessage = err.message
self.handleDisconnectedState(syncAppContext: true)
} catch let err as AppContextError {
self.errorMessage = err.message
self.handleDisconnectedState(syncAppContext: true)
} catch {
self.errorMessage = error.localizedDescription
self.handleDisconnectedState(syncAppContext: true)
}
}
func disconnect() async {
guard let appContext = self.appContext else {
return
}
guard !self.isBusy else {
return
}
self.errorMessage = nil
self.phase = .disconnecting
do {
try await appContext.stopTun()
self.handleDisconnectedState(syncAppContext: false)
} catch let err as AppContextError {
self.errorMessage = err.message
await self.handleVPNStatusChange(self.vpnManager.vpnStatus)
} catch {
self.errorMessage = error.localizedDescription
await self.handleVPNStatusChange(self.vpnManager.vpnStatus)
}
}
func selectNode(id: Int?) {
self.selectedNodeId = id
guard let id else {
return
}
Task { @MainActor in
await self.loadResourcesIfNeeded(for: id)
}
}
func resources(for nodeId: Int) -> [NetworkContext.Resource] {
self.nodeResourcesById[nodeId] ?? []
}
func isLoadingResources(for nodeId: Int) -> Bool {
self.loadingNodeIDs.contains(nodeId)
}
func loadResourcesIfNeeded(for nodeId: Int) async {
guard let session = self.networkSession else {
return
}
guard self.nodeResourcesById[nodeId] == nil else {
return
}
guard !self.loadingNodeIDs.contains(nodeId) else {
return
}
let currentContextIdentity = self.contextIdentity(self.networkContext)
self.loadingNodeIDs.insert(nodeId)
defer {
self.loadingNodeIDs.remove(nodeId)
}
let resources = await NetworkService.loadNodeResources(accesToken: session.accessToken, id: nodeId)
guard currentContextIdentity == self.contextIdentity(self.networkContext) else {
return
}
self.nodeResourcesById[nodeId] = resources
}
func updateExitNodeSelection(_ ip: String?) async {
guard let appContext = self.appContext else {
return
}
guard !self.isUpdatingExitNode else {
return
}
self.errorMessage = nil
self.isUpdatingExitNode = true
defer {
self.isUpdatingExitNode = false
}
do {
try await appContext.updateExitNodeIp(exitNodeIp: ip)
self.syncSharedStateFromAppContext()
} catch let err as AppContextError {
self.errorMessage = err.message
} catch {
self.errorMessage = error.localizedDescription
}
}
private func startObservingVPNStatusIfNeeded() {
guard self.vpnStatusTask == nil else {
return
}
let vpnStatusStream = self.vpnManager.vpnStatusStream
self.vpnStatusTask = Task { [weak self, vpnStatusStream] in
guard let self else {
return
}
for await status in vpnStatusStream {
if Task.isCancelled {
return
}
await self.handleVPNStatusChange(status)
}
}
}
private func syncSharedStateFromAppContext() {
self.networkSession = self.appContext?.networkSession
self.selectedExitNodeIp = self.appContext?.selectedExitNodeIp
}
private func handleVPNStatusChange(_ status: VPNManager.VPNStatus) async {
self.syncSharedStateFromAppContext()
switch status {
case .connecting:
self.phase = .connecting
await self.applyNetworkContext(self.appContext?.networkContext)
case .connected:
self.phase = .connected
await self.applyNetworkContext(self.appContext?.networkContext)
case .disconnecting:
self.phase = .disconnecting
case .disconnected:
self.handleDisconnectedState(syncAppContext: true)
}
}
private func handleDisconnectedState(syncAppContext: Bool) {
if syncAppContext {
self.appContext?.networkContext = nil
}
self.phase = .disconnected
self.networkContext = nil
self.selectedNodeId = nil
self.nodeResourcesById.removeAll()
self.loadingNodeIDs.removeAll()
self.showMode = .resource
self.syncSharedStateFromAppContext()
}
private func applyNetworkContext(_ newContext: NetworkContext?) async {
let contextChanged = self.contextIdentity(self.networkContext) != self.contextIdentity(newContext)
self.networkContext = newContext
if contextChanged {
self.nodeResourcesById.removeAll()
self.loadingNodeIDs.removeAll()
self.selectedNodeId = nil
}
guard let newContext else {
self.selectedNodeId = nil
return
}
if let selectedNodeId = self.selectedNodeId,
newContext.getNode(id: selectedNodeId) != nil {
await self.loadResourcesIfNeeded(for: selectedNodeId)
return
}
self.selectedNodeId = newContext.firstNodeId()
if let selectedNodeId = self.selectedNodeId {
await self.loadResourcesIfNeeded(for: selectedNodeId)
}
}
private func contextIdentity(_ context: NetworkContext?) -> String? {
guard let context else {
return nil
}
return "\(context.identityId)-\(context.ip)"
}
}
extension NetworkModel {
struct ExitNodeOption: Identifiable, Equatable {
let id: Int
let nodeName: String
let ip: String
}
}

190
punchnet/Features/Network/Views/NetworkConnectedView.swift
View File

@ -1,190 +0,0 @@
//
// NetworkConnectedView.swift
// punchnet
//
// Created by on 2026/4/17.
//
import SwiftUI
struct NetworkConnectedView: View {
var model: NetworkModel
var body: some View {
if self.model.showMode == .resource {
//
ScrollView {
LazyVGrid(columns: [
GridItem(.flexible(), spacing: 8),
GridItem(.flexible(), spacing: 8),
GridItem(.flexible(), spacing: 8)
], spacing: 10) {
ForEach(self.model.resourceList, id: \.uuid) { res in
ResourceItemCard(resource: res)
}
}
.padding(20)
}
.transition(.opacity)
.frame(maxWidth: .infinity)
} else {
//
NetworkDeviceGroupView(model: self.model)
.transition(.asymmetric(insertion: .move(edge: .trailing), removal: .opacity))
}
}
}
// MARK: - (NavigationSplitView)
private struct NetworkDeviceGroupView: View {
var model: NetworkModel
//
private let sidebarWidth: CGFloat = 240
var body: some View {
let selectedIdBinding = Binding(
get: { self.model.selectedNodeId },
set: { newValue in
self.model.selectNode(id: newValue)
}
)
HStack(spacing: 0) {
// --- 1. (Sidebar) ---
VStack(alignment: .leading, spacing: 0) {
// macOS 绿
// WindowStyle .hiddenTitleBar Padding
Color.clear.frame(height: 28)
List(self.model.nodeList, id: \.id, selection: selectedIdBinding) { node in
NetworkNodeHeadView(node: node)
// HStack tag List selection
.tag(node.id)
.listRowSeparator(.hidden)
}
.listStyle(.inset) // 使 inset
.scrollContentBackground(.hidden) //
}
.frame(width: sidebarWidth)
Divider() // 线
// --- 2. (Detail) ---
ZStack {
if let selectedNode = self.model.selectedNode {
NetworkNodeDetailView(model: self.model, node: selectedNode)
.transition(.opacity.animation(.easeInOut(duration: 0.2)))
} else {
ContentUnavailableView(
"选择成员设备",
systemImage: "macbook.and.iphone",
description: Text("查看详细网络信息和服务")
)
}
}
.frame(maxWidth: .infinity, maxHeight: .infinity)
.background(Color(nsColor: .windowBackgroundColor)) // 使
}
.ignoresSafeArea() //
}
}
// MARK: -
private struct NetworkNodeHeadView: View {
var node: NetworkContext.Node
var body: some View {
HStack(spacing: 10) {
Circle()
.fill(node.connectionStatus == "在线" ? Color.green : Color.secondary.opacity(0.4))
.frame(width: 8, height: 8)
VStack(alignment: .leading, spacing: 2) {
Text(node.name)
.font(.system(size: 13, weight: .medium))
Text(node.ip)
.font(.system(size: 11, design: .monospaced))
.foregroundColor(.secondary)
}
}
.padding(.vertical, 4)
}
}
private struct NetworkNodeDetailView: View {
var model: NetworkModel
var node: NetworkContext.Node
var body: some View {
List {
Section("节点信息") {
LabeledContent("连接状态", value: node.connectionStatus)
LabeledContent("虚拟IPv4", value: node.ip)
LabeledContent("系统环境", value: node.system ?? "未知")
}
Section("提供的服务") {
if self.model.isLoadingResources(for: node.id) {
ProgressView()
.controlSize(.small)
} else if self.model.resources(for: node.id).isEmpty {
Text("该节点暂未发布资源")
.foregroundColor(.secondary)
.font(.callout)
} else {
ForEach(self.model.resources(for: node.id), id: \.id) { res in
VStack(alignment: .leading) {
Text(res.name)
.font(.body)
Text(res.url)
.font(.caption)
.foregroundColor(.secondary)
}
}
}
}
}
.task(id: self.node.id) {
await self.model.loadResourcesIfNeeded(for: self.node.id)
}
}
}
private struct ResourceItemCard: View {
let resource: NetworkContext.Resource
@State private var isHovered = false
var body: some View {
VStack(alignment: .leading, spacing: 8) {
Image(systemName: "safari.fill")
.foregroundColor(.accentColor)
.font(.title3)
Text(resource.name)
.font(.headline)
.lineLimit(1)
.truncationMode(.tail)
Text(resource.url)
.font(.caption2)
.foregroundColor(.secondary)
.lineLimit(1)
.truncationMode(.middle)
}
.padding()
.frame(minWidth: 0, maxWidth: .infinity, alignment: .leading)
.overlay(
RoundedRectangle(cornerRadius: 10)
.stroke(Color.gray, lineWidth: 1)
)
.background(
RoundedRectangle(cornerRadius: 10)
.fill(Color(isHovered ? NSColor.selectedControlColor : NSColor.controlBackgroundColor))
)
.onHover {
isHovered = $0
}
}
}

36
punchnet/Features/Network/Views/NetworkDisconnectedView.swift
View File

@ -1,36 +0,0 @@
//
// NetworkDisconnectedView.swift
// punchnet
//
// Created by on 2026/4/17.
//
import SwiftUI
struct NetworkDisconnectedView: View {
var model: NetworkModel
var body: some View {
VStack(spacing: 20) {
Spacer()
Image(systemName: "antenna.radiowaves.left.and.right")
.font(.system(size: 40, weight: .ultraLight))
.foregroundStyle(.tertiary)
.symbolEffect(.pulse, options: .repeating)
Text("尚未接入网络")
.font(.headline)
Button(action: {
Task { @MainActor in
await self.model.connect()
}
}) {
Text("建立安全连接")
.frame(width: 80)
}
.buttonStyle(.borderedProminent)
.disabled(self.model.phase == .connecting || self.model.networkSession == nil)
Spacer()
}
}
}

131
punchnet/Features/Network/Views/NetworkMenuView.swift
View File

@ -1,131 +0,0 @@
import SwiftUI
///
struct NetworkMenuPopup: View {
@Binding var isPresented: Bool
@State private var isNetworkEnabled = true
var body: some View {
VStack(alignment: .leading, spacing: 0) {
// 1. ()
HStack(spacing: 12) {
Image(systemName: "person.fill")
.font(.system(size: 14))
.frame(width: 34, height: 34)
.background(Color.gray.opacity(0.1))
.clipShape(Circle())
Text("test3")
.font(.system(size: 15, weight: .medium))
}
.padding(.horizontal, 16)
.padding(.vertical, 16)
Divider().opacity(0.3).padding(.horizontal, 16)
// 2.
VStack(spacing: 4) {
NetworkMenuRow(title: "管理平台")
.onTapGesture {
print("点击管理平台")
}
NetworkMenuRow(title: "我的网络", subtitle: "test的网络") {
Toggle("", isOn: $isNetworkEnabled)
.toggleStyle(.switch)
.scaleEffect(0.65)
.labelsHidden()
.tint(Color(red: 0.15, green: 0.2, blue: 0.3))
}
NetworkMenuRow(title: "出口节点", subtitle: "未选择")
NetworkMenuRow(title: "退出登录", showArrow: false)
.onTapGesture {
withAnimation(.easeOut(duration: 0.2)) {
isPresented = false
}
}
}
.padding(6) //
}
.frame(width: 240)
.background(
RoundedRectangle(cornerRadius: 14)
.fill(Color(NSColor.windowBackgroundColor))
)
.overlay(
RoundedRectangle(cornerRadius: 14)
.stroke(Color.gray.opacity(0.1), lineWidth: 1)
)
.shadow(color: .black.opacity(0.12), radius: 12, x: 0, y: 6)
}
}
/// ( Hover )
struct NetworkMenuRow<RightContent: View>: View {
let title: String
var subtitle: String? = nil
var showArrow: Bool = true
var rightContent: RightContent?
@State private var isHovering = false //
init(title: String, subtitle: String? = nil, showArrow: Bool = true) where RightContent == EmptyView {
self.init(title: title, subtitle: subtitle, showArrow: showArrow) {
EmptyView()
}
}
init(title: String, subtitle: String? = nil, showArrow: Bool = true, @ViewBuilder rightContent: () -> RightContent? = { nil }) {
self.title = title
self.subtitle = subtitle
self.showArrow = showArrow
self.rightContent = rightContent()
}
var body: some View {
HStack(spacing: 0) {
VStack(alignment: .leading, spacing: 2) {
Text(title)
.font(.system(size: 13.5))
.foregroundColor(.primary)
if let sub = subtitle {
Text(sub)
.font(.system(size: 11.5))
.foregroundColor(.secondary)
}
}
Spacer()
//
if let content = rightContent {
content
}
//
if showArrow {
Image(systemName: "chevron.right")
.font(.system(size: 9, weight: .bold))
.foregroundColor(.secondary.opacity(0.4))
.padding(.leading, 6)
}
}
.padding(.horizontal, 12)
.padding(.vertical, 10)
// --- ---
.background(
RoundedRectangle(cornerRadius: 8)
.fill(isHovering ? Color.gray.opacity(0.12) : Color.clear)
)
.onHover { hovering in
withAnimation(.easeInOut(duration: 0.15)) {
isHovering = hovering
}
}
// ------------------
.contentShape(Rectangle())
}
}

254
punchnet/Features/Network/Views/NetworkView.swift
View File

@ -1,254 +0,0 @@
//
// NetworkView.swift
// punchnet
import SwiftUI
import Observation
//
enum NetworkShowMode: String, CaseIterable {
case resource = "访问资源"
case device = "成员设备"
}
// MARK: -
enum NetworkConnectionPhase {
case disconnected
case connecting
case connected
case disconnecting
}
// MARK: -
struct NetworkView: View {
@Environment(AppContext.self) var appContext: AppContext
@Environment(\.openWindow) var openWindow
@State private var networkModel = NetworkModel()
var body: some View {
@Bindable var networkModel = self.networkModel
VStack(spacing: 0) {
// 1. (Header)
HStack(spacing: 16) {
NetworkStatusBar(model: self.networkModel)
Spacer()
if self.networkModel.shouldShowModePicker {
Picker("", selection: $networkModel.showMode) {
ForEach(NetworkShowMode.allCases, id: \.self) {
Text($0.rawValue).tag($0)
}
}
.pickerStyle(.segmented)
.frame(width: 160)
}
Button {
openWindow(id: "settings")
} label: {
Image(systemName: "slider.horizontal.3")
.font(.system(size: 14))
.foregroundColor(.secondary)
}
.buttonStyle(.plain)
.help("配置中心")
}
.padding(.horizontal, 20)
.padding(.vertical, 14)
.background(VisualEffectView(material: .headerView, blendingMode: .withinWindow))
Divider()
// 2. (Content)
Group {
switch self.networkModel.phase {
case .connecting, .disconnecting:
NetworkWaitAuthView(phase: self.networkModel.phase)
case .connected:
NetworkConnectedView(model: self.networkModel)
case .disconnected:
NetworkDisconnectedView(model: self.networkModel)
}
}
.frame(maxWidth: .infinity, maxHeight: .infinity)
.background(VisualEffectView(material: .windowBackground, blendingMode: .behindWindow))
}
.frame(minWidth: 700, minHeight: 500) // SplitView
.task {
await self.networkModel.activate(appContext: self.appContext)
}
.alert("提示", isPresented: self.errorPresented) {
Button("确定", role: .cancel) {
self.networkModel.clearError()
}
} message: {
Text(self.networkModel.errorMessage ?? "")
}
}
private var errorPresented: Binding<Bool> {
Binding(
get: { self.networkModel.errorMessage != nil },
set: { isPresented in
if !isPresented {
self.networkModel.clearError()
}
}
)
}
}
private struct NetworkStatusBar: View {
var model: NetworkModel
var body: some View {
let isOnBinding = Binding(
get: { self.model.isTunnelEnabled },
set: { newValue in
Task { @MainActor in
await self.model.setConnectionEnabled(newValue)
}
}
)
HStack(spacing: 12) {
//
HStack(spacing: 20) {
ZStack {
Circle()
.fill(self.model.isTunnelEnabled ? Color.green.opacity(0.15) : Color.primary.opacity(0.05))
.frame(width: 36, height: 36)
Image(systemName: self.model.isTunnelEnabled ? "checkmark.shield.fill" : "shield.slash.fill")
.symbolRenderingMode(.hierarchical)
.foregroundStyle(self.model.isTunnelEnabled ? Color.green : Color.secondary)
.font(.system(size: 16))
}
VStack(alignment: .leading, spacing: 1) {
if let networkSession = self.model.networkSession {
Text(networkSession.networkName)
.font(.system(size: 12, weight: .semibold))
Text("局域网IP: \(self.model.networkContext?.ip ?? "0.0.0.0")")
.font(.system(size: 10, design: .monospaced))
.foregroundColor(.secondary)
} else {
Text("未登录网络")
.font(.system(size: 12, weight: .semibold))
Text("登录后可建立连接")
.font(.system(size: 10))
.foregroundColor(.secondary)
}
}
}
if self.model.networkSession != nil {
exitNodeMenu
}
// Switch
// 使 Binding /
Toggle("", isOn: isOnBinding)
.toggleStyle(.switch)
.controlSize(.small) // macOS 使 small
.disabled(self.model.phase == .connecting || self.model.phase == .disconnecting || self.model.networkSession == nil)
}
.padding(.vertical, 5)
}
private var exitNodeMenu: some View {
Menu {
Button {
Task { @MainActor in
await self.model.updateExitNodeSelection(nil)
}
} label: {
if self.model.selectedExitNode == nil {
Label("不设置", systemImage: "checkmark")
} else {
Text("不设置")
}
}
if !self.model.exitNodeOptions.isEmpty {
Divider()
ForEach(self.model.exitNodeOptions) { option in
Button {
Task { @MainActor in
await self.model.updateExitNodeSelection(option.ip)
}
} label: {
if self.model.selectedExitNode?.ip == option.ip {
Label(option.nodeName, systemImage: "checkmark")
} else {
Text(option.nodeName)
}
}
}
}
} label: {
HStack(spacing: 8) {
ZStack {
Circle()
.fill(Color.blue.opacity(0.1))
.frame(width: 24, height: 24)
Image(systemName: "arrow.triangle.branch")
.font(.system(size: 11, weight: .medium))
.foregroundColor(.blue)
}
Text(self.model.selectedExitNode?.nodeName ?? "出口节点")
.font(.system(size: 12, weight: .semibold))
.foregroundColor(.primary)
.lineLimit(1)
if let selectedExitNode = self.model.selectedExitNode {
Text(selectedExitNode.ip)
.font(.system(size: 10, design: .monospaced))
.foregroundColor(.secondary)
.padding(.horizontal, 6)
.padding(.vertical, 3)
.background(
Capsule(style: .continuous)
.fill(Color.primary.opacity(0.05))
)
.lineLimit(1)
} else {
Text("未设置")
.font(.system(size: 10, weight: .medium))
.foregroundColor(.secondary)
}
if self.model.isUpdatingExitNode {
ProgressView()
.controlSize(.small)
} else {
Image(systemName: "chevron.down")
.font(.system(size: 10, weight: .semibold))
.foregroundColor(.secondary)
}
}
.padding(.horizontal, 10)
.padding(.vertical, 6)
.frame(minWidth: 156, maxWidth: 210, alignment: .leading)
.background(
Capsule(style: .continuous)
.fill(Color.primary.opacity(0.04))
)
.overlay(
Capsule(style: .continuous)
.stroke(Color.primary.opacity(0.06), lineWidth: 1)
)
}
.buttonStyle(.plain)
.disabled(!self.model.canSelectExitNode)
.opacity(self.model.canSelectExitNode ? 1 : 0.7)
.help(self.model.exitNodeHelpText)
}
}

20
punchnet/Features/Network/Views/NetworkWaitAuthView.swift
View File

@ -1,20 +0,0 @@
//
// NetworkWaitAuthView.swift
// punchnet
//
// Created by on 2026/4/17.
//
import SwiftUI
struct NetworkWaitAuthView: View {
var phase: NetworkConnectionPhase
var body: some View {
VStack(spacing: 16) {
ProgressView()
Text(self.phase == .disconnecting ? "正在断开网络..." : "正在建立安全连接...")
.foregroundColor(.secondary)
}
}
}

98
punchnet/Features/Privacy/Views/PrivacyDetailView.swift
View File

@ -1,98 +0,0 @@
//
// PrivacyDetailView.swift
// punchnet
//
// Created by on 2026/3/20.
//
import SwiftUI
// MARK: - 2.
struct PrivacyDetailView: View {
@Environment(\.dismiss) var dismiss
@AppStorage("hasAcceptedPrivacy") var hasAcceptedPrivacy: Bool = false
@Binding var showPrivacy: Bool
//
@State private var loadingProgress: Double = 0.0
@State private var isPageLoading: Bool = true
let privacyURL = URL(string: "https://www.baidu.com")! //
var body: some View {
VStack(spacing: 0) {
// MARK:
HStack {
VStack(alignment: .leading, spacing: 2) {
Text("隐私政策与服务条款")
.font(.headline)
Text("由 PunchNet 加密传输")
.font(.caption2)
.foregroundColor(.secondary)
}
Spacer()
if isPageLoading {
ProgressView()
.controlSize(.small)
}
Button(action: { dismiss() }) {
Image(systemName: "xmark.circle.fill")
.foregroundColor(.secondary)
.font(.title3)
}
.buttonStyle(.plain)
}
.padding()
.background(.ultraThinMaterial)
// MARK: 线
if isPageLoading {
ProgressView(value: loadingProgress, total: 1.0)
.progressViewStyle(.linear)
.tint(.blue)
.frame(height: 2)
.transition(.opacity)
} else {
Divider().frame(height: 2)
}
// MARK: WebView
PunchNetWebView(url: privacyURL, progress: $loadingProgress, isLoading: $isPageLoading)
.background(Color(NSColor.windowBackgroundColor))
// MARK:
VStack(spacing: 12) {
Divider()
HStack {
Text("继续使用即表示您同意我们的全部条款。")
.font(.caption)
.foregroundColor(.secondary)
Spacer()
Button("拒绝") {
self.showPrivacy = false
DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
NSApplication.shared.terminate(nil)
}
}
.buttonStyle(.bordered)
Button("同意并继续") {
hasAcceptedPrivacy = true
dismiss()
}
.buttonStyle(.borderedProminent)
.tint(.blue)
}
.padding(.horizontal, 20)
.padding(.vertical, 16)
}
.background(.ultraThinMaterial)
}
.frame(minWidth: 600, minHeight: 700)
}
}

63
punchnet/Features/Privacy/Views/PunchNetWebView.swift
View File

@ -1,63 +0,0 @@
//
// PunchNetWebView.swift
// punchnet
//
// Created by on 2026/3/20.
//
import SwiftUI
import WebKit
// MARK: - 1. WebView ()
struct PunchNetWebView: NSViewRepresentable {
let url: URL
@Binding var progress: Double
@Binding var isLoading: Bool
func makeCoordinator() -> Coordinator {
Coordinator(self)
}
func makeNSView(context: Context) -> WKWebView {
let webView = WKWebView()
webView.navigationDelegate = context.coordinator
// (KVO)
context.coordinator.observation = webView.observe(\.estimatedProgress, options: [.new]) { wv, _ in
DispatchQueue.main.async {
self.progress = wv.estimatedProgress
}
}
let request = URLRequest(url: url)
webView.load(request)
return webView
}
func updateNSView(_ nsView: WKWebView, context: Context) {
}
//
class Coordinator: NSObject, WKNavigationDelegate {
var parent: PunchNetWebView
var observation: NSKeyValueObservation?
init(_ parent: PunchNetWebView) {
self.parent = parent
}
func webView(_ webView: WKWebView, didStartProvisionalNavigation navigation: WKNavigation!) {
DispatchQueue.main.async { self.parent.isLoading = true }
}
func webView(_ webView: WKWebView, didFinish navigation: WKNavigation!) {
DispatchQueue.main.async {
withAnimation(.easeInOut(duration: 0.5)) {
self.parent.isLoading = false
}
}
}
}
}

200
punchnet/Features/Settings/Views/SettingsAboutView.swift
View File

@ -1,200 +0,0 @@
//
// SettingsAboutView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsAboutView: View {
@Environment(\.openURL) private var openURL
@State private var isShowingFeedbackSheet = false
@State private var appPoliciesInfo: AppPoliciesInfo?
//
@State private var updateManager = AppUpdateManager.shared
@State private var showNoUpdateAlert = false
@State private var manualUpdateInfo: AppUpgradeInfo?
var body: some View {
ScrollView(.vertical, showsIndicators: false) {
VStack(alignment: .leading, spacing: 32) {
// MARK: - ()
HStack(spacing: 20) {
// App Icon
ZStack {
RoundedRectangle(cornerRadius: 16, style: .continuous)
.fill(Color.blue.gradient)
.frame(width: 64, height: 64)
.shadow(color: .blue.opacity(0.2), radius: 8, x: 0, y: 4)
Image(systemName: "bolt.shield.fill")
.font(.system(size: 32))
.foregroundColor(.white)
}
VStack(alignment: .leading, spacing: 4) {
Text("PunchNet")
.font(.system(size: 22, weight: .bold))
Text("版本 \(SystemConfig.version_name)")
.font(.subheadline)
.foregroundColor(.secondary)
Text(SystemConfig.systemInfo)
.font(.caption2)
.padding(.horizontal, 6)
.padding(.vertical, 2)
.background(Color.primary.opacity(0.05))
.cornerRadius(4)
}
}
.padding(.top, 10)
// MARK: -
VStack(alignment: .leading, spacing: 0) {
AboutRow(title: "检查更新", icon: "arrow.clockwise.circle") {
Button("立即检查") {
//
Task {@MainActor in
await self.checkAppUpgrade()
}
}
.buttonStyle(.plain)
.foregroundColor(.blue)
.font(.subheadline.bold())
.disabled(updateManager.isChecking)
}
Divider().padding(.leading, 44)
AboutRow(title: "用户反馈", icon: "bubble.left.and.exclamationmark.bubble.right") {
Image(systemName: "chevron.right")
.font(.caption)
.foregroundColor(.secondary)
}
.onTapGesture {
self.isShowingFeedbackSheet = true
}
}
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
.overlay(RoundedRectangle(cornerRadius: 12).stroke(Color.primary.opacity(0.05), lineWidth: 1))
// MARK: -
VStack(alignment: .leading, spacing: 0) {
AboutRow(title: "隐私政策", icon: "doc.text.magnifyingglass") {
Image(systemName: "arrow.up.right")
.font(.caption)
.foregroundColor(.secondary)
}
.onTapGesture {
if let privacyPolicyUrl = self.appPoliciesInfo?.privacyPolicyUrl, let privacyUrl = URL(string: privacyPolicyUrl) {
openURL(privacyUrl)
}
}
Divider().padding(.leading, 44)
AboutRow(title: "服务条款", icon: "scroll") {
Image(systemName: "arrow.up.right")
.font(.caption)
.foregroundColor(.secondary)
}
.onTapGesture {
if let termsOfServiceUrl = self.appPoliciesInfo?.termsOfServiceUrl, let termsUrl = URL(string: termsOfServiceUrl) {
openURL(termsUrl)
}
}
}
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
// MARK: -
VStack(alignment: .leading, spacing: 4) {
Text("© 2024-2026 PunchNet Inc.")
Text("保留所有权利。")
}
.font(.caption2)
.foregroundColor(.secondary)
.padding(.leading, 4)
}
.padding(32)
.frame(maxWidth: 600, alignment: .leading)
}
.sheet(isPresented: $isShowingFeedbackSheet) {
VStack {
HStack {
Spacer()
Button {
isShowingFeedbackSheet = false
} label: {
Text("关闭")
}
.buttonStyle(.plain)
.padding()
}
//
SettingsUserIssueView()
}
.frame(width: 500, height: 600) //
}
// Sheet
.sheet(item: $manualUpdateInfo) { info in
AppUpdateView(info: info) {
self.manualUpdateInfo = nil
}
}
.alert(isPresented: $showNoUpdateAlert) {
Alert(title: Text("检查更新"), message: Text("您当前使用的是最新版本。"))
}
.task {
self.appPoliciesInfo = try? await AppService.appPolicies()
_ = try? await AppService.appCheckUpdate()
}
}
private func checkAppUpgrade() async {
let hasUpdate = await updateManager.checkUpdate(isManual: true)
if hasUpdate {
// sheet
self.manualUpdateInfo = updateManager.updateInfo
} else {
self.showNoUpdateAlert = true
}
}
}
// MARK: -
struct AboutRow<Content: View>: View {
let title: String
let icon: String
let trailingContent: () -> Content
var body: some View {
HStack(spacing: 12) {
Image(systemName: icon)
.foregroundColor(.blue)
.font(.system(size: 14))
.frame(width: 20)
Text(title)
.font(.system(size: 14, weight: .medium))
Spacer()
trailingContent()
}
.padding(.horizontal, 16)
.padding(.vertical, 14)
.contentShape(Rectangle())
}
}
#Preview {
SettingsAboutView()
}

151
punchnet/Features/Settings/Views/SettingsAccountView.swift
View File

@ -1,151 +0,0 @@
//
// SettingsAccountView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct SettingsAccountView: View {
@Environment(AppContext.self) var appContext: AppContext
@Environment(\.openWindow) var openWindow
@Environment(\.openURL) var openURL
var body: some View {
ScrollView(.vertical, showsIndicators: false) {
VStack(alignment: .leading, spacing: 24) {
// MARK: -
sectionHeader(title: "账户安全", icon: "shield.lefthalf.filled")
VStack(spacing: 0) {
if let loginCredit = appContext.loginCredit {
switch loginCredit {
case .token(let token, _):
TokenCreditView(token: token)
case .accountAndPasword(let account, _, _):
AccountCreditView(username: account)
}
} else {
//
Button {
self.openWindow(id: "main")
} label: {
Text("登录")
.fontWeight(.medium)
}
.buttonStyle(.borderedProminent)
}
}
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
.overlay(RoundedRectangle(cornerRadius: 12).stroke(Color.primary.opacity(0.05), lineWidth: 1))
}
.frame(maxWidth: 600) //
}
}
//
private func sectionHeader(title: String, icon: String) -> some View {
HStack {
Image(systemName: icon)
.foregroundColor(.blue)
Text(title)
.font(.system(size: 16, weight: .bold))
}
.padding(.leading, 4)
}
}
// MARK: -
//
private struct AccountRow: View {
let icon: String
let title: String
let subtitle: String
var actions: AnyView
var body: some View {
HStack(spacing: 16) {
// Logo
Circle()
.fill(Color.blue.gradient)
.frame(width: 32, height: 32)
.overlay(
Image(systemName: icon)
.foregroundColor(.white)
.font(.system(size: 14))
)
VStack(alignment: .leading, spacing: 2) {
Text(title)
.font(.subheadline)
.foregroundColor(.secondary)
Text(subtitle)
.font(.system(size: 15, weight: .medium, design: .monospaced))
.lineLimit(1)
}
Spacer()
actions
}
.padding(16)
}
}
private struct AccountCreditView: View {
@Environment(AppContext.self) var appContext: AppContext
@Environment(\.openWindow) var openWindow
@Environment(\.dismissWindow) var dismissWindow
let username: String
var body: some View {
AccountRow(icon: "person.fill", title: "当前登录账号", subtitle: username, actions: AnyView(
HStack(spacing: 12) {
// Button("") {
//
// }
// .buttonStyle(.link)
Button("退出登录") {
Task { @MainActor in
try await appContext.logout()
}
self.appContext.appScene = .login(username: username)
self.dismissWindow(id: "settings")
self.openWindow(id: "main")
}
.buttonStyle(.bordered)
.foregroundColor(.red)
}
))
}
}
private struct TokenCreditView: View {
@Environment(AppContext.self) var appContext: AppContext
@Environment(\.openWindow) var openWindow
@Environment(\.dismissWindow) var dismissWindow
let token: String
var body: some View {
AccountRow(icon: "key.horizontal.fill", title: "Token 登录", subtitle: token, actions: AnyView(
Button("退出登录") {
Task { @MainActor in
try await appContext.logout()
}
self.appContext.appScene = .login(username: nil)
self.dismissWindow(id: "settings")
self.openWindow(id: "main")
}
.buttonStyle(.bordered)
.foregroundColor(.red)
))
}
}

127
punchnet/Features/Settings/Views/SettingsDeviceView.swift
View File

@ -1,127 +0,0 @@
//
// SettingsDeviceView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsDeviceView: View {
@Environment(AppContext.self) var appContext: AppContext
var body: some View {
ScrollView(.vertical, showsIndicators: false) {
VStack(alignment: .leading, spacing: 28) {
// MARK: -
HStack(spacing: 16) {
Image(systemName: "laptopcomputer")
.font(.system(size: 36))
.foregroundStyle(.blue.gradient)
.frame(width: 60, height: 60)
.background(Color.blue.opacity(0.1))
.cornerRadius(12)
VStack(alignment: .leading, spacing: 4) {
if let networkContext = self.appContext.networkContext {
Text(networkContext.hostname)
.font(.title3.bold())
} else {
Text("未知")
.font(.title3.bold())
}
Text(SystemConfig.systemInfo)
.font(.subheadline)
.foregroundColor(.secondary)
}
}
.padding(.horizontal, 4)
// MARK: -
VStack(alignment: .leading, spacing: 0) {
//
DevicePropertyRow(title: "设备名称", value: self.appContext.networkContext?.hostname ?? "未知") {
Button {
//
} label: {
Text("修改")
.font(.subheadline.bold())
.padding(.horizontal, 12)
.padding(.vertical, 4)
.background(Capsule().fill(Color.blue.opacity(0.1)))
.foregroundColor(.blue)
}
.buttonStyle(.plain)
}
Divider().padding(.leading, 16)
// IPv4
DevicePropertyRow(title: "虚拟 IPv4", value: self.appContext.networkContext?.ip ?? "0.0.0.0") {
Image(systemName: "info.circle")
.foregroundColor(.secondary)
}
Divider().padding(.leading, 16)
// // IPv6
// DevicePropertyRow(title: " IPv6", value: "fe80::ab:ef:1") {
// Text("")
// .font(.caption2.bold())
// .padding(.horizontal, 6)
// .padding(.vertical, 2)
// .background(Color.green.opacity(0.1))
// .foregroundColor(.green)
// .cornerRadius(4)
// }
}
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
.overlay(RoundedRectangle(cornerRadius: 12).stroke(Color.primary.opacity(0.05), lineWidth: 1))
// MARK: -
Text("此设备在虚拟网络中是唯一的,修改名称不会影响连接标识。")
.font(.caption)
.foregroundColor(.secondary)
.padding(.horizontal, 4)
Spacer()
}
.padding(32)
.frame(maxWidth: 600, alignment: .leading)
}
}
}
// MARK: -
private struct DevicePropertyRow<Content: View>: View {
let title: String
let value: String
let trailingContent: () -> Content
init(title: String, value: String, @ViewBuilder trailingContent: @escaping () -> Content) {
self.title = title
self.value = value
self.trailingContent = trailingContent
}
var body: some View {
HStack {
Text(title)
.foregroundColor(.secondary)
.frame(width: 100, alignment: .leading)
Text(value)
.fontWeight(.medium)
.font(.system(.body, design: .monospaced)) // 使 IP
Spacer()
trailingContent()
}
.padding(.horizontal, 16)
.padding(.vertical, 14)
}
}

154
punchnet/Features/Settings/Views/SettingsNetworkView.swift
View File

@ -1,154 +0,0 @@
//
// SettingsNetworkView 2.swift
// punchnet
//
// Created by on 2026/3/19.
//
import SwiftUI
struct SettingsNetworkView: View {
@Environment(AppContext.self) var appContext: AppContext
@Environment(\.openURL) var openURL
var body: some View {
ScrollView(.vertical, showsIndicators: false) {
VStack(alignment: .leading, spacing: 24) {
// MARK: -
sectionHeader(title: "网络配置", icon: "network")
if let networkSession = appContext.networkSession {
VStack(spacing: 16) {
HStack {
VStack(alignment: .leading, spacing: 4) {
Text("网络")
.font(.subheadline)
.foregroundColor(.secondary)
Text(networkSession.networkName)
.font(.headline)
}
Spacer()
}
Divider()
HStack {
Button {
self.openNetworkUrl(url: networkSession.networkUrl)
} label: {
Label("进入管理平台", systemImage: "arrow.up.right.square")
}
.buttonStyle(.plain)
.foregroundColor(.blue)
Spacer()
Button("查看详情") {
self.openNetworkUrl(url: networkSession.networkUrl)
}
.buttonStyle(.bordered)
.controlSize(.small)
}
}
.padding(16)
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
//
HStack(alignment: .top, spacing: 12) {
ZStack {
RoundedRectangle(cornerRadius: 8, style: .continuous)
.fill(Color.blue.opacity(0.1))
.frame(width: 32, height: 32)
Image(systemName: "arrow.triangle.branch")
.font(.system(size: 14, weight: .medium))
.foregroundColor(.blue)
}
VStack(alignment: .leading, spacing: 4) {
Text("出口节点")
.font(.system(size: 14, weight: .medium))
Text("已迁移到主界面顶部状态栏,可结合当前连接状态以下拉方式切换,也支持保持未设置。")
.font(.system(size: 12))
.foregroundColor(.secondary)
.fixedSize(horizontal: false, vertical: true)
}
Spacer()
}
.padding(16)
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
.overlay(RoundedRectangle(cornerRadius: 12).stroke(Color.primary.opacity(0.05), lineWidth: 1))
}
// MARK: -
sectionHeader(title: "授权状态", icon: "checkmark.shield.fill")
VStack(spacing: 0) {
StatusRow(title: "当前状态", value: "有效", valueColor: .green)
Divider()
.padding(.leading, 16)
StatusRow(title: "有效期", value: "临时 (至断开连接)", valueColor: .secondary)
}
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
}
.padding(32)
.frame(maxWidth: 600, alignment: .leading)
}
}
// MARK: -
private func openNetworkUrl(url: String) {
if let url = URL(string: url) {
openURL(url) { accepted in
if accepted {
print("浏览器已成功打开")
} else {
print("打开失败(可能是 URL 格式错误)")
}
}
}
}
//
private func sectionHeader(title: String, icon: String) -> some View {
HStack {
Image(systemName: icon)
.foregroundColor(.blue)
Text(title)
.font(.system(size: 16, weight: .bold))
}
.padding(.leading, 4)
}
}
private struct StatusRow: View {
let title: String
let value: String
let valueColor: Color
var body: some View {
HStack {
Text(title)
.font(.system(size: 14))
.foregroundColor(.primary.opacity(0.8))
Spacer()
Text(value)
.font(.system(size: 14, weight: .medium))
.foregroundColor(valueColor)
}
.padding(16)
}
}

129
punchnet/Features/Settings/Views/SettingsSystemView.swift
View File

@ -1,129 +0,0 @@
//
// SettingsSystemView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
struct SettingsSystemView: View {
//
@State private var launchManager = LaunchManager()
//
@AppStorage("autoConnect") private var autoConnect: Bool = false
@AppStorage("autoUpdate") private var autoUpdate: Bool = true
@State private var showMainUI: Bool = true
var body: some View {
ScrollView(.vertical, showsIndicators: false) {
VStack(alignment: .leading, spacing: 28) {
// MARK: -
systemSectionHeader(title: "启动与运行", icon: "power.circle.fill")
VStack(spacing: 0) {
ToggleRow(icon: "macwindow.badge.plus", title: "开机时自动启动", isOn: Binding(
get: {
launchManager.launchAtLogin
},
set: { newValue in
do {
try launchManager.toggleLaunchAtLogin(enabled: newValue)
} catch let err {
NSLog("toggle get error: \(err)")
}
}
))
Divider()
.padding(.leading, 48) //
ToggleRow(icon: "bolt.horizontal.icloud.fill", title: "应用启动后自动连接", isOn: $autoConnect)
Divider()
.padding(.leading, 48)
ToggleRow(icon: "macwindow", title: "启动时显示主界面", isOn: $showMainUI)
}
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
.overlay(RoundedRectangle(cornerRadius: 12).stroke(Color.primary.opacity(0.05), lineWidth: 1))
// MARK: -
systemSectionHeader(title: "软件更新", icon: "arrow.clockwise.circle.fill")
VStack(spacing: 0) {
ToggleRow(icon: "arrow.down.circle.fill", title: "自动下载并安装更新", isOn: $autoUpdate)
}
.background(Color.primary.opacity(0.03))
.cornerRadius(12)
.overlay(RoundedRectangle(cornerRadius: 12).stroke(Color.primary.opacity(0.05), lineWidth: 1))
// MARK: -
Text("当前版本1.0.4 (Build 202603) - 已是最新版本")
.font(.caption)
.foregroundColor(.secondary)
.padding(.horizontal, 4)
Spacer()
}
.padding(32)
.frame(maxWidth: 600, alignment: .leading)
}
.onAppear {
}
}
//
private func systemSectionHeader(title: String, icon: String) -> some View {
HStack {
Image(systemName: icon)
.foregroundColor(.blue)
.font(.system(size: 14, weight: .semibold))
Text(title)
.font(.system(size: 15, weight: .bold))
.foregroundColor(.secondary)
}
.padding(.leading, 4)
}
}
// MARK: -
private struct ToggleRow: View {
let icon: String
let title: String
@Binding var isOn: Bool
var body: some View {
HStack(spacing: 16) {
//
ZStack {
RoundedRectangle(cornerRadius: 6, style: .continuous)
.fill(Color.blue.opacity(0.1))
.frame(width: 28, height: 28)
Image(systemName: icon)
.font(.system(size: 14, weight: .medium))
.foregroundColor(.blue)
}
Text(title)
.font(.system(size: 14))
Spacer()
Toggle("", isOn: $isOn)
.toggleStyle(.switch) // 使 macOS
.labelsHidden() // Label 便
}
.padding(.horizontal, 16)
.padding(.vertical, 12)
}
}
#Preview {
SettingsSystemView()
}

188
punchnet/Features/Settings/Views/SettingsUserIssueView.swift
View File

@ -1,188 +0,0 @@
//
// SettingsUserIssueView.swift
// punchnet
//
// Created by on 2026/1/19.
//
import SwiftUI
// MARK: - ()
struct SettingsUserIssueView: View {
@Environment(AppContext.self) var appContext: AppContext
//
@State private var account: String = ""
@State private var text: String = ""
//
@State private var isSubmitting: Bool = false
@State private var showSuccessToast: Bool = false
//
@State private var showAlert: Bool = false
@State private var errorMessage: String = ""
var body: some View {
ZStack {
//
ScrollView(.vertical, showsIndicators: false) {
VStack(alignment: .leading, spacing: 24) {
// 1.
HStack(spacing: 12) {
Image(systemName: "envelope.badge.fill")
.foregroundColor(.blue)
Text("用户反馈")
.font(.system(size: 18, weight: .bold))
}
.padding(.leading, 4)
// 2.
VStack(alignment: .leading, spacing: 20) {
//
VStack(alignment: .leading, spacing: 8) {
Text("联系方式 (选填)")
.font(.caption.bold())
.foregroundColor(.secondary)
TextField("邮箱或用户名", text: $account)
.textFieldStyle(.plain)
.padding(10)
.background(Color.primary.opacity(0.04))
.cornerRadius(8)
}
// ( Placeholder )
VStack(alignment: .leading, spacing: 8) {
Text("问题描述")
.font(.caption.bold())
.foregroundColor(.secondary)
ZStack(alignment: .topLeading) {
if text.isEmpty {
Text("请详细描述您遇到的问题...")
.foregroundColor(.gray.opacity(0.5))
.padding(.horizontal, 12).padding(.vertical, 12)
.font(.system(size: 14))
}
TextEditor(text: $text)
.font(.system(size: 14))
.scrollContentBackground(.hidden) //
.padding(8)
.background(Color.primary.opacity(0.04))
.cornerRadius(8)
}
.frame(minHeight: 160)
}
}
.padding(20)
.background(Color.primary.opacity(0.02))
.cornerRadius(12)
.overlay(RoundedRectangle(cornerRadius: 12).stroke(Color.primary.opacity(0.05), lineWidth: 1))
// 3.
Button {
Task { @MainActor in
await self.submitFeedback()
}
} label: {
HStack {
if isSubmitting {
ProgressView()
.controlSize(.small).brightness(1)
} else {
Image(systemName: "paperplane.fill")
}
Text("发送反馈").fontWeight(.semibold)
}
.frame(maxWidth: .infinity)
.padding(.vertical, 12)
.background(text.isEmpty ? Color.gray : Color.blue)
.foregroundColor(.white)
.cornerRadius(10)
}
.buttonStyle(.plain)
.disabled(text.isEmpty || isSubmitting)
}
.padding(32)
.frame(maxWidth: 600, alignment: .leading)
}
.blur(radius: showSuccessToast ? 8 : 0) //
.disabled(showSuccessToast) //
// 4. Overlay
if showSuccessToast {
successPopup
}
}
.alert(isPresented: $showAlert) {
Alert(title: Text("提示"), message: Text(errorMessage))
}
}
// MARK: -
private var successPopup: some View {
VStack(spacing: 16) {
Image(systemName: "checkmark.seal.fill")
.font(.system(size: 44))
.foregroundStyle(.green.gradient)
Text("发送成功")
.font(.headline)
Text("感谢您的支持!")
.font(.subheadline)
.foregroundColor(.secondary)
}
.padding(40)
.background(.ultraThinMaterial) // macOS
.cornerRadius(24)
.shadow(color: .black.opacity(0.15), radius: 20)
.transition(.asymmetric(
insertion: .scale(scale: 0.8).combined(with: .opacity),
removal: .opacity.combined(with: .scale(scale: 1.1))
))
}
}
// MARK: Actions
extension SettingsUserIssueView {
private func submitFeedback() async {
withAnimation {
isSubmitting = true
}
do {
_ = try await AppService.appIssue(
accessToken: self.appContext.networkSession?.accessToken ?? "",
contact: self.account,
content: self.text
)
withAnimation(.spring(response: 0.4, dampingFraction: 0.7)) {
isSubmitting = false
showSuccessToast = true
text = "" //
}
// 2.5
DispatchQueue.main.asyncAfter(deadline: .now() + 2.5) {
withAnimation(.easeOut(duration: 0.3)) {
showSuccessToast = false
}
}
} catch let err as SDLAPIError {
self.showAlert = true
self.errorMessage = err.message
} catch let err {
self.showAlert = true
self.errorMessage = err.localizedDescription
}
self.isSubmitting = false
}
}

152
punchnet/Features/Settings/Views/SettingsView.swift
View File

@ -1,152 +0,0 @@
//
// SettingsView.swift
// punchnet
//
// Created by on 2026/1/16.
//
import SwiftUI
struct SettingsView: View {
@State private var columnVisibility: NavigationSplitViewVisibility = .all
@State private var selectedMenu: MenuItem = .accout
enum MenuItem: String, CaseIterable {
case accout = "账号"
case network = "网络"
case device = "设备"
case system = "软件"
case about = "关于"
//
var icon: String {
switch self {
case .accout:
return "person.crop.circle.fill"
case .network:
return "network"
case .device:
return "laptopcomputer"
case .system:
return "gearshape.fill"
case .about:
return "info.circle.fill"
}
}
}
var body: some View {
NavigationSplitView(columnVisibility: $columnVisibility, sidebar: {
// MARK: -
VStack(alignment: .leading, spacing: 20) {
Text("设置")
.font(.system(size: 24, weight: .bold))
.padding(.horizontal, 16)
.padding(.top, 45)
.overlay(alignment: .topLeading) {
CustomWindowControls()
.padding(.top, 12)
.padding(.leading, 12)
}
VStack(spacing: 4) {
ForEach(MenuItem.allCases, id: \.self) { menu in
SidebarItem(
icon: menu.icon,
title: menu.rawValue,
isSelected: selectedMenu == menu
)
.onTapGesture {
// 使 spring
withAnimation(.spring(response: 0.35, dampingFraction: 0.8)) {
self.selectedMenu = menu
}
}
}
Spacer()
}
.padding(.horizontal, 12)
}
.frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .topLeading)
.background(VisualEffectView(material: .sidebar, blendingMode: .behindWindow))
.toolbar(.hidden, for: .windowToolbar)
.navigationSplitViewColumnWidth(min: 180, ideal: 200, max: 250)
.ignoresSafeArea(.all)
}, detail: {
// MARK: -
VStack(alignment: .leading, spacing: 0) {
Group {
// 使 ID SwiftUI transition
switch self.selectedMenu {
case .accout:
SettingsAccountView()
case .network:
SettingsNetworkView()
case .device:
SettingsDeviceView()
case .system:
SettingsSystemView()
case .about:
SettingsAboutView()
}
}
.id(selectedMenu) //
.transition(.asymmetric(
insertion: .move(edge: .bottom).combined(with: .opacity),
removal: .opacity
))
Spacer()
}
.padding(32) //
.frame(maxWidth: .infinity, maxHeight: .infinity, alignment: .topLeading)
.toolbar(.hidden, for: .windowToolbar)
.ignoresSafeArea(edges: .top)
})
.navigationSplitViewStyle(.prominentDetail)
.background(VisualEffectView(material: .sidebar, blendingMode: .behindWindow))
.ignoresSafeArea(.all)
}
}
// MARK: -
private struct SidebarItem: View {
let icon: String
let title: String
let isSelected: Bool
@State private var isHovering = false
var body: some View {
HStack(spacing: 12) {
Image(systemName: icon)
.font(.system(size: 14, weight: .medium))
.frame(width: 20)
Text(title)
.font(.system(size: 14, weight: .medium))
Spacer()
}
.padding(.horizontal, 12)
.padding(.vertical, 8)
.foregroundColor(isSelected ? .white : .primary.opacity(0.8))
.background {
if isSelected {
RoundedRectangle(cornerRadius: 8, style: .continuous)
.fill(Color.blue.gradient) //
} else if isHovering {
RoundedRectangle(cornerRadius: 8, style: .continuous)
.fill(Color.primary.opacity(0.05))
}
}
.onHover {
isHovering = $0
}
.contentShape(Rectangle())
}
}
#Preview {
SettingsView()
}

68
punchnet/Features/Upgrade/ViewModels/AppUpdateManager.swift
View File

@ -1,68 +0,0 @@
//
// AppUpdateManager.swift
// punchnet
//
// Created by on 2026/3/23.
//
import SwiftUI
import Observation
@Observable
class AppUpdateManager {
static let shared = AppUpdateManager()
var updateInfo: AppUpgradeInfo?
var isChecking = false
var showUpdateOverlay = false //
@MainActor
func checkUpdate(isManual: Bool = false) async -> Bool {
isChecking = true
defer {
isChecking = false
}
do {
let updateInfo = try await AppService.appCheckUpdate()
//
let currentVersion = SystemConfig.version_name
let needsUpdate = VersionComparator.isVersion(currentVersion, olderThan: updateInfo.latestVersion)
if needsUpdate {
self.updateInfo = updateInfo
//
if !isManual {
self.showUpdateOverlay = true
}
return true
}
} catch {
print("Update check failed: \(error)")
}
return false
}
}
private struct VersionComparator {
/// current < latest true ()
static func isVersion(_ current: String, olderThan latest: String) -> Bool {
let currentComponents = current.split(separator: ".").map { Int($0) ?? 0 }
let latestComponents = latest.split(separator: ".").map { Int($0) ?? 0 }
let maxLength = max(currentComponents.count, latestComponents.count)
for i in 0..<maxLength {
let currentPart = i < currentComponents.count ? currentComponents[i] : 0
let latestPart = i < latestComponents.count ? latestComponents[i] : 0
if currentPart < latestPart {
return true
}
if currentPart > latestPart {
return false
}
}
return false
}
}

77
punchnet/Features/Upgrade/Views/AppUpdateView.swift
View File

@ -1,77 +0,0 @@
//
// AppUpdateView.swift
// punchnet
//
// Created by on 2026/3/23.
//
import SwiftUI
struct AppUpdateView: View {
let info: AppUpgradeInfo
var dismissAction: () -> Void
var body: some View {
VStack(spacing: 0) {
// Header
VStack(spacing: 12) {
Image(systemName: "arrow.up.rocket.fill")
.font(.system(size: 40))
.foregroundStyle(.blue.gradient)
Text("新版本已就绪")
.font(.title3.bold())
Text("版本号: \(info.latestVersion)")
.font(.caption)
.foregroundColor(.secondary)
}
.padding(.top, 30)
.padding(.bottom, 20)
.frame(maxWidth: .infinity)
.background(Color.blue.opacity(0.05))
//
VStack(alignment: .leading, spacing: 12) {
Text("更新说明")
.font(.subheadline.bold())
ScrollView {
Text(info.releaseNotes)
.font(.subheadline)
.foregroundColor(.secondary)
.lineSpacing(4)
.frame(maxWidth: .infinity, alignment: .leading)
}
.frame(maxHeight: 120)
//
HStack(spacing: 12) {
if !info.forceUpdate {
Button("稍后") {
dismissAction()
}
.buttonStyle(.plain)
.frame(width: 80)
}
Button {
if let url = URL(string: info.downloadUrl) {
NSWorkspace.shared.open(url)
}
} label: {
Text(info.forceUpdate ? "立即更新" : "下载并安装")
.fontWeight(.bold)
.frame(maxWidth: .infinity)
}
.buttonStyle(.borderedProminent)
.controlSize(.large)
}
.padding(.top, 10)
}
.padding(25)
}
.frame(width: 360)
.background(VisualEffectView(material: .underWindowBackground, blendingMode: .behindWindow))
}
}

21
punchnet/Shared/Models/AppPoliciesInfo.swift
View File

@ -1,21 +0,0 @@
//
// AppPoliciesInfo.swift
// punchnet
//
// Created by on 2026/4/17.
//
import Foundation
struct AppPoliciesInfo: Codable {
let privacyPolicyUrl: String
let termsOfServiceUrl: String
let privacyPolicyVersion: String
let termsVersion: String
enum CodingKeys: String, CodingKey {
case privacyPolicyUrl = "privacy_policy_url"
case termsOfServiceUrl = "terms_of_service_url"
case privacyPolicyVersion = "privacy_policy_version"
case termsVersion = "terms_version"
}
}

32
punchnet/Shared/Models/AppUpgradeInfo.swift
View File

@ -1,32 +0,0 @@
//
// AppUpgradeInfo.swift
// punchnet
//
// Created by on 2026/4/17.
//
import Foundation
//
struct AppUpgradeInfo: Codable, Identifiable {
var id = UUID().uuidString
let hasUpdate: Bool
let latestVersion: String
let latestBuild: Int
let forceUpdate: Bool
let downloadUrl: String
let releaseNotes: String
let minSupportedVersion: String
let publishTime: Int
enum CodingKeys: String, CodingKey {
case hasUpdate = "has_update"
case latestVersion = "latest_version"
case latestBuild = "latest_build"
case forceUpdate = "force_update"
case downloadUrl = "download_url"
case releaseNotes = "release_notes"
case minSupportedVersion = "min_supported_version"
case publishTime = "publish_time"
}
}

Some files were not shown because too many files have changed in this diff Show More