unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 4 Wiki Activity
Files
7381ba82180449ced517a73dd831695d57f46b35
punktfunk/clients/apple/Sources/PunktfunkClient/SessionModel.swift
T
enricobuehler 5e77731da0
ci / rust (push) Has been cancelled
Details
feat: hosts grid + trust-on-first-use UX + settings pane 
The app grows from a dev connect form into a real client shell:

- Home is a grid of saved hosts (UserDefaults-persisted; context menu: Remove / Forget
  Identity), "+" in the toolbar opens the add-host sheet, the stream mode moved into
  Settings (⌘, / gear) — native resolution stays the only mode, no scaling.
- Trust is now explicit: the protocol always supported certificate pinning, but the app
  passed no pin and discarded the observed fingerprint — silently trusting any host.
  First connect now shows the host's SHA-256 fingerprint (compare with the "clients pin
  this fingerprint" line in the host log) over the live-but-blurred stream; the stream
  must pump immediately (the opening IDR is the only guaranteed one), so StreamView gains
  a capturesCursor switch to keep the cursor free while the prompt needs clicking, and
  input capture starts only after confirmation. Trusting pins the fingerprint per host;
  a changed host identity then refuses to connect.
- PUNKTFUNK_AUTOCONNECT keeps working (auto-trusts, doesn't touch the saved hosts).

Host→client authorization (pairing PIN) remains a punktfunk-core roadmap item — the host
still accepts any client that can reach its port.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 16:15:37 +02:00

160 lines
5.5 KiB
Swift
Raw Blame History

// Session state for the app shell: owns the connection, the input capture, the trust
// handshake phase, and the pump-thread main-actor stats relay.
import Foundation
import PunktfunkKit
import SwiftUI
/// Pump-thread-side frame counters; a 1 Hz main-actor timer drains them into @Published
/// values. NSLock instead of an actor the writer is the (non-async) pump thread.
final class FrameMeter: @unchecked Sendable {
private let lock = NSLock()
private var frames = 0
private var bytes = 0
private var totalFrames = 0
func note(byteCount: Int) {
lock.lock()
frames += 1
bytes += byteCount
totalFrames += 1
lock.unlock()
}
/// Returns and resets the per-interval counters (the running total stays).
func drain() -> (frames: Int, bytes: Int, total: Int) {
lock.lock()
defer {
frames = 0
bytes = 0
lock.unlock()
}
return (frames, bytes, totalFrames)
}
}
@MainActor
final class SessionModel: ObservableObject {
enum Phase: Equatable {
case idle
case connecting
/// Connected to an unpinned host: the stream is live (and pumping the opening
/// IDR must not be missed) but input/cursor capture wait for the user to confirm
/// the observed fingerprint.
case awaitingTrust(fingerprint: Data)
case streaming
}
@Published private(set) var phase: Phase = .idle
@Published private(set) var connection: PunktfunkConnection?
/// The host this session is for (a value copy; identity = id).
@Published private(set) var activeHost: StoredHost?
@Published var errorMessage: String?
@Published var fps = 0
@Published var mbps = 0.0
@Published var totalFrames = 0
let meter = FrameMeter()
private var inputCapture: InputCapture?
private var statsTimer: Timer?
var isBusy: Bool { phase != .idle }
func connect(to host: StoredHost, width: UInt32, height: UInt32, hz: UInt32,
autoTrust: Bool = false) {
guard phase == .idle else { return }
phase = .connecting
activeHost = host
errorMessage = nil
let pin = host.pinnedSHA256
Task.detached(priority: .userInitiated) {
// PunktfunkConnection.init blocks on the QUIC handshake keep it off the main actor.
let result = Result { try PunktfunkConnection(
host: host.address, port: host.port,
width: width, height: height, refreshHz: hz,
pinSHA256: pin) }
await MainActor.run { [weak self] in
guard let self else { return }
switch result {
case .success(let conn):
self.connection = conn
self.startStatsTimer()
if pin != nil || autoTrust {
self.beginStreaming()
} else {
self.phase = .awaitingTrust(fingerprint: conn.hostFingerprint)
}
case .failure:
self.phase = .idle
self.activeHost = nil
self.errorMessage = pin != nil
? "Could not connect to \(host.displayName) — host unreachable, "
+ "not running, or its identity no longer matches the pinned "
+ "fingerprint."
: "Could not connect to \(host.displayName) — is punktfunk-host "
+ "running on \(host.address):\(host.port)?"
}
}
}
}
/// The user confirmed the fingerprint: returns it for pinning and enters streaming.
func confirmTrust() -> Data? {
guard case .awaitingTrust(let fingerprint) = phase else { return nil }
beginStreaming()
return fingerprint
}
func rejectTrust() {
disconnect()
}
func disconnect() {
inputCapture?.stop()
inputCapture = nil
statsTimer?.invalidate()
statsTimer = nil
if let conn = connection {
// close() waits out an in-flight poll (100 ms) and joins the Rust worker
// threads keep that off the main actor.
Task.detached { conn.close() }
}
connection = nil
activeHost = nil
phase = .idle
fps = 0
mbps = 0
}
/// Called (via the main actor) when the pump hits end-of-session.
func sessionEnded() {
guard connection != nil else { return }
let name = activeHost?.displayName ?? "host"
disconnect()
errorMessage = "Session ended by \(name)."
}
private func beginStreaming() {
guard let conn = connection else { return }
phase = .streaming
let capture = InputCapture(connection: conn)
capture.start()
inputCapture = capture
}
private func startStatsTimer() {
let timer = Timer(timeInterval: 1.0, repeats: true) { [weak self] _ in
guard let self else { return }
Task { @MainActor in
let (frames, bytes, total) = self.meter.drain()
self.fps = frames
self.mbps = Double(bytes) * 8 / 1_000_000
self.totalFrames = total
}
}
// .common so the HUD keeps updating during window drags / menu tracking.
RunLoop.main.add(timer, forMode: .common)
statsTimer = timer
}
}
Reference in New Issue View Git Blame Copy Permalink