unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases 4 Wiki Activity
Files
9e57a5a1ff281112cee8578169ea65c0ef47715a
punktfunk/clients/apple/Sources/PunktfunkClient/PairSheet.swift
T
enricobuehler 9e57a5a1ff
ci / rust (push) Has been cancelled
Details
fix(apple/tvOS): native form controls — pushed pickers, single-pill fields, centered values 
The inline iOS form widgets fought the tvOS focus system at every turn: focused fields
showed nested pills, rows darkened oddly and grew on activation, the Compositor picker
was not even focusable, and prefilled fields (port, client name) floated their label
inside the pill, shoving the value off-center.

- Settings is now a fully tv-native screen: NO inline text entry — the stream mode is
  a preset picker (This TV native / 720p / 1080p / 4K, plus a Custom entry preserving
  a mode set on another platform) and both pickers use .navigationLink style (pushed
  selection lists, exactly like the system Settings app — and properly focusable; the
  cover wraps in a NavigationStack for the pushes).
- Where text entry is unavoidable (Add Host, PIN pairing), the fields keep their stock
  single-pill chrome (the grouped form style stays off tvOS — its row platters were
  one of the nested pills) and prefilled fields hide their floating label so values
  center vertically.
- All earlier row-clearing experiments reverted.

Verified by screenshot in the Apple TV simulator: Settings rows render as single
focus lozenges with chevrons; the Add Host pills are uniform with centered text.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 13:38:37 +02:00

149 lines
6.1 KiB
Swift
Raw Blame History

// PIN pairing sheet. The host, started with --allow-pairing (or --require-pairing),
// prints a short PIN at startup ("PAIRING ARMED enter this PIN on the client to
// pair"); the user types it here. The ceremony is SPAKE2, so a wrong PIN buys an
// attacker exactly one online guess for the user a typo just means "try again" (the
// host rate-limits ceremonies to one per 2 s). Success returns the host's now-VERIFIED
// fingerprint: the caller pins it, no manual comparison needed, and the host stores this
// client's identity in return.
import Foundation
import PunktfunkKit
import SwiftUI
/// Dismissing the sheet must abandon an in-flight ceremony: the blocking pair() call
/// can't be interrupted, so its completion checks this flag and self-discards a late
/// success must NOT pin and auto-connect to a host the user cancelled out of. Only
/// touched on the main actor.
private final class CeremonyToken: @unchecked Sendable {
var cancelled = false
}
struct PairSheet: View {
@Environment(\.dismiss) private var dismiss
let host: StoredHost
/// Called with the verified host fingerprint after a successful ceremony.
let onPaired: (Data) -> Void
@State private var pin = ""
#if os(macOS)
@State private var clientName = Host.current().localizedName ?? "Mac"
#else
@State private var clientName = UIDevice.current.name
#endif
@State private var busy = false
@State private var errorText: String?
@State private var token = CeremonyToken()
var body: some View {
VStack(spacing: 0) {
Form {
Section {
TextField("PIN", text: $pin, prompt: Text("Shown in the host's log"))
.font(.system(.title3, design: .monospaced))
#if os(iOS)
.keyboardType(.numberPad)
#endif
TextField(
"Client name", text: $clientName,
prompt: Text("How the host lists this Mac"))
#if os(tvOS)
.labelsHidden() // prefilled tvOS floats the label off-center
#endif
} header: {
Label("Pair with \(host.displayName)", systemImage: "lock.shield")
.foregroundStyle(.tint)
} footer: {
Text("The host prints the PIN when pairing is armed "
+ "(--allow-pairing, \u{201C}PAIRING ARMED\u{201D} in its log). "
+ "Pairing verifies both sides at once — no fingerprint "
+ "comparison needed.")
.font(.caption)
.foregroundStyle(.secondary)
}
if let errorText {
Section {
Text(errorText)
.font(.callout)
.foregroundStyle(.red)
}
}
}
#if !os(tvOS)
.formStyle(.grouped)
#endif
HStack {
Button("Cancel", role: .cancel) {
token.cancelled = true
dismiss()
}
#if !os(tvOS)
.keyboardShortcut(.cancelAction)
#endif
Spacer()
if busy {
ProgressView()
.controlSize(.small)
.padding(.trailing, 8)
}
Button("Pair & Connect") { runCeremony() }
.buttonStyle(.borderedProminent)
#if !os(tvOS)
.keyboardShortcut(.defaultAction)
#endif
.disabled(busy || pin.trimmingCharacters(in: .whitespaces).isEmpty)
}
#if os(iOS)
.controlSize(.large)
#endif
.padding(16)
}
#if os(macOS)
.frame(width: 400)
.fixedSize(horizontal: false, vertical: true)
#endif
.interactiveDismissDisabled(busy)
.onDisappear { token.cancelled = true } // any other dismissal path
}
private func runCeremony() {
busy = true
errorText = nil
let pin = pin.trimmingCharacters(in: .whitespaces)
let name = clientName.trimmingCharacters(in: .whitespaces)
let address = host.address
let port = host.port
let token = token
Task.detached(priority: .userInitiated) {
// Identity load + the ceremony both block keep them off the main actor.
// loadForPairing is the strict variant: the host durably trusts this
// identity, so it must have made it into the Keychain.
let result = Result {
let identity = try ClientIdentityStore.shared.loadForPairing()
return try PunktfunkKit.pair(
host: address, port: port, identity: identity,
pin: pin, name: name.isEmpty ? "Mac" : name)
}
await MainActor.run {
guard !token.cancelled else { return } // sheet dismissed mid-ceremony
busy = false
switch result {
case .success(let fingerprint):
onPaired(fingerprint)
dismiss()
case .failure(PunktfunkClientError.wrongPIN):
errorText = "Wrong PIN — check the host's \u{201C}PAIRING ARMED\u{201D} "
+ "line and try again."
case .failure(is ClientIdentityStore.IdentityError):
errorText = "Can't store this Mac's identity in the Keychain, so the "
+ "pairing would not survive a relaunch. Unlock the login "
+ "keychain and try again."
case .failure:
errorText = "Pairing failed. Is the host reachable, armed with "
+ "--allow-pairing, and not mid-session? Retries are rate-limited "
+ "to one per 2 seconds."
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink