Merge branch 'use-new-version-endpoint'

Author: dlon

Cargo.lock

@@ -15,6 +15,7 @@ workspace = true
 api-override = []
 
 [dependencies]
+anyhow = { workspace = true }
 async-trait = "0.1"
 libc = "0.2"
 chrono = { workspace = true }
@@ -46,6 +47,7 @@ tokio-rustls = { version = "0.26.0", features = [
 tokio-socks = "0.5.1"
 rustls-pemfile = "2.1.3"
 uuid = { version = "1.4.1", features = ["v4"] }
+vec1 = { workspace = true }
 
 mullvad-encrypted-dns-proxy = { path = "../mullvad-encrypted-dns-proxy" }
 mullvad-fs = { path = "../mullvad-fs" }
@@ -55,6 +57,9 @@ talpid-time = { path = "../talpid-time" }
 
 shadowsocks = { workspace = true, features = ["stream-cipher"] }
 
+[target.'cfg(not(target_os = "ios"))'.dependencies]
+mullvad-update = { path = "../mullvad-update", features = ["client"] }
+
 [dev-dependencies]
 talpid-time = { path = "../talpid-time", features = ["test"] }
 tokio = { workspace = true, features = ["test-util", "time"] }

mullvad-api/Cargo.toml

@@ -3,12 +3,9 @@ use async_trait::async_trait;
 #[cfg(target_os = "android")]
 use futures::channel::mpsc;
 use hyper::body::Incoming;
+use mullvad_types::account::{AccountData, AccountNumber, VoucherSubmission};
 #[cfg(target_os = "android")]
 use mullvad_types::account::{PlayPurchase, PlayPurchasePaymentToken};
-use mullvad_types::{
-    account::{AccountData, AccountNumber, VoucherSubmission},
-    version::AppVersion,
-};
 use proxy::{ApiConnectionMode, ConnectionModeProvider};
 use std::{
     collections::BTreeMap,
@@ -23,6 +20,8 @@ use talpid_types::ErrorExt;
 pub mod availability;
 use availability::ApiAvailability;
 pub mod rest;
+#[cfg(not(target_os = "ios"))]
+pub mod version;
 
 mod abortable_stream;
 pub mod access_mode;
@@ -698,45 +697,6 @@ impl ProblemReportProxy {
     }
 }
 
-#[derive(Clone)]
-pub struct AppVersionProxy {
-    handle: rest::MullvadRestHandle,
-}
-
-#[derive(serde::Deserialize, Debug)]
-pub struct AppVersionResponse {
-    pub supported: bool,
-    pub latest: AppVersion,
-    pub latest_stable: Option<AppVersion>,
-    pub latest_beta: AppVersion,
-}
-
-impl AppVersionProxy {
-    pub fn new(handle: rest::MullvadRestHandle) -> Self {
-        Self { handle }
-    }
-
-    pub fn version_check(
-        &self,
-        app_version: AppVersion,
-        platform: &str,
-        platform_version: String,
-    ) -> impl Future<Output = Result<AppVersionResponse, rest::Error>> + use<> {
-        let service = self.handle.service.clone();
-
-        let path = format!("{APP_URL_PREFIX}/releases/{platform}/{app_version}");
-        let request = self.handle.factory.get(&path);
-
-        async move {
-            let request = request?
-                .expected_status(&[StatusCode::OK])
-                .header("M-Platform-Version", &platform_version)?;
-            let response = service.request(request).await?;
-            response.deserialize().await
-        }
-    }
-}
-
 #[derive(Clone)]
 pub struct ApiProxy {
     handle: rest::MullvadRestHandle,

mullvad-api/src/lib.rs

@@ -13,7 +13,7 @@ use futures::{
 };
 use http_body_util::{combinators::BoxBody, BodyExt, Empty, Full};
 use hyper::{
-    body::{Body, Bytes, Incoming},
+    body::{Body, Buf, Bytes, Incoming},
     header::{self, HeaderValue},
     Method, Uri,
 };
@@ -73,6 +73,14 @@ pub enum Error {
 
     #[error("Set account number on factory with no access token store")]
     NoAccessTokenStore,
+
+    /// Failed to obtain versions
+    #[error("Failed to obtain versions")]
+    FetchVersions(#[from] Arc<anyhow::Error>),
+
+    /// Body exceeded size limit
+    #[error("Body exceeded size limit")]
+    BodyTooLarge,
 }
 
 impl From<Infallible> for Error {
@@ -493,7 +501,7 @@ pub struct Response<B> {
     response: hyper::Response<B>,
 }
 
-impl<B: Body> Response<B>
+impl<B: Body + Unpin> Response<B>
 where
     Error: From<<B as Body>::Error>,
 {
@@ -516,6 +524,20 @@ where
     pub async fn body(self) -> Result<Vec<u8>> {
         Ok(BodyExt::collect(self.response).await?.to_bytes().to_vec())
     }
+
+    pub async fn body_with_max_size(self, size_limit: usize) -> Result<Vec<u8>> {
+        let mut data: Vec<u8> = vec![];
+        let mut stream = self.response.into_data_stream();
+
+        while let Some(chunk) = stream.next().await {
+            data.extend(chunk?.chunk());
+            if data.len() > size_limit {
+                return Err(Error::BodyTooLarge);
+            }
+        }
+
+        Ok(data)
+    }
 }
 
 #[derive(serde::Deserialize)]

mullvad-api/src/rest.rs

@@ -0,0 +1,96 @@
+use std::future::Future;
+use std::sync::Arc;
+
+use http::StatusCode;
+use mullvad_types::version::AppVersion;
+use mullvad_update::version::{VersionInfo, VersionParameters};
+use vec1::vec1;
+
+use super::rest;
+use super::APP_URL_PREFIX;
+
+#[derive(Clone)]
+pub struct AppVersionProxy {
+    handle: super::rest::MullvadRestHandle,
+}
+
+#[derive(serde::Deserialize, Debug)]
+pub struct AppVersionResponse {
+    pub supported: bool,
+    pub latest: AppVersion,
+    pub latest_stable: Option<AppVersion>,
+    pub latest_beta: AppVersion,
+}
+
+impl AppVersionProxy {
+    /// Public key to use for `version_check_2` response
+    const VERSION_PROVIDER_PUBKEY: &str = include_str!("../../mullvad-update/stagemole-pubkey");
+
+    /// Maximum size of `version_check_2` response
+    const SIZE_LIMIT: usize = 1024 * 1024;
+
+    pub fn new(handle: rest::MullvadRestHandle) -> Self {
+        Self { handle }
+    }
+
+    pub fn version_check(
+        &self,
+        app_version: AppVersion,
+        platform: &str,
+        platform_version: String,
+    ) -> impl Future<Output = Result<AppVersionResponse, rest::Error>> + use<> {
+        let service = self.handle.service.clone();
+
+        let path = format!("{APP_URL_PREFIX}/releases/{platform}/{app_version}");
+        let request = self.handle.factory.get(&path);
+
+        async move {
+            let request = request?
+                .expected_status(&[StatusCode::OK])
+                .header("M-Platform-Version", &platform_version)?;
+            let response = service.request(request).await?;
+            response.deserialize().await
+        }
+    }
+
+    /// Get versions from `/app/releases/<platform>.json`
+    pub fn version_check_2(
+        &self,
+        platform: &str,
+        architecture: mullvad_update::format::Architecture,
+        rollout: f32,
+        lowest_metadata_version: usize,
+    ) -> impl Future<Output = Result<VersionInfo, rest::Error>> + use<> {
+        let service = self.handle.service.clone();
+        let path = format!("app/releases/{platform}.json");
+        let request = self.handle.factory.get(&path);
+
+        let verifying_key =
+            mullvad_update::format::key::VerifyingKey::from_hex(Self::VERSION_PROVIDER_PUBKEY)
+                .expect("valid key");
+        let verifying_keys = vec1![verifying_key];
+
+        async move {
+            let request = request?.expected_status(&[StatusCode::OK]);
+            let response = service.request(request).await?;
+            let bytes = response.body_with_max_size(Self::SIZE_LIMIT).await?;
+
+            let response = mullvad_update::format::SignedResponse::deserialize_and_verify(
+                &verifying_keys,
+                &bytes,
+                lowest_metadata_version,
+            )
+            .map_err(|err| rest::Error::FetchVersions(Arc::new(err)))?;
+
+            let params = VersionParameters {
+                architecture,
+                rollout,
+                lowest_metadata_version,
+            };
+
+            VersionInfo::try_from_response(&params, response.signed)
+                .map_err(Arc::new)
+                .map_err(rest::Error::FetchVersions)
+        }
+    }
+}

mullvad-api/src/version.rs

@@ -4,7 +4,11 @@ use futures::{
     future::{BoxFuture, FusedFuture},
     FutureExt, SinkExt, StreamExt, TryFutureExt,
 };
-use mullvad_api::{availability::ApiAvailability, rest::MullvadRestHandle, AppVersionProxy};
+use mullvad_api::{
+    availability::ApiAvailability,
+    rest::MullvadRestHandle,
+    version::{AppVersionProxy, AppVersionResponse},
+};
 use mullvad_types::version::AppVersionInfo;
 use mullvad_version::Version;
 use serde::{Deserialize, Serialize};
@@ -194,11 +198,8 @@ impl VersionUpdaterInner {
         self.last_app_version_info.as_ref().map(|(info, _)| info)
     }
 
-    /// Convert a [mullvad_api::AppVersionResponse] to an [AppVersionInfo].
-    fn response_to_version_info(
-        &self,
-        response: mullvad_api::AppVersionResponse,
-    ) -> AppVersionInfo {
+    /// Convert a [AppVersionResponse] to an [AppVersionInfo].
+    fn response_to_version_info(&self, response: AppVersionResponse) -> AppVersionInfo {
         let suggested_upgrade = suggested_upgrade(
             &APP_VERSION,
             &response.latest_stable,
@@ -295,12 +296,9 @@ impl VersionUpdaterInner {
         mut self,
         mut rx: mpsc::Receiver<VersionUpdaterCommand>,
         update: impl Fn(AppVersionInfo) -> BoxFuture<'static, Result<(), Error>>,
-        do_version_check: impl Fn()
-            -> BoxFuture<'static, Result<mullvad_api::AppVersionResponse, Error>>,
-        do_version_check_in_background: impl Fn() -> BoxFuture<
-            'static,
-            Result<mullvad_api::AppVersionResponse, Error>,
-        >,
+        do_version_check: impl Fn() -> BoxFuture<'static, Result<AppVersionResponse, Error>>,
+        do_version_check_in_background: impl Fn()
+            -> BoxFuture<'static, Result<AppVersionResponse, Error>>,
     ) {
         let mut version_is_stale = self.wait_until_version_is_stale();
         let mut version_check = futures::future::Fuse::terminated();
@@ -422,9 +420,7 @@ struct ApiContext {
 }
 
 /// Immediately query the API for the latest [AppVersionInfo].
-fn do_version_check(
-    api: ApiContext,
-) -> BoxFuture<'static, Result<mullvad_api::AppVersionResponse, Error>> {
+fn do_version_check(api: ApiContext) -> BoxFuture<'static, Result<AppVersionResponse, Error>> {
     let download_future_factory = move || {
         api.version_proxy
             .version_check(
@@ -459,7 +455,7 @@ fn do_version_check(
 /// On any error, this function retries repeatedly every [UPDATE_INTERVAL_ERROR] until success.
 fn do_version_check_in_background(
     api: ApiContext,
-) -> BoxFuture<'static, Result<mullvad_api::AppVersionResponse, Error>> {
+) -> BoxFuture<'static, Result<AppVersionResponse, Error>> {
     let download_future_factory = move || {
         let when_available = api.api_handle.wait_background();
         let request = api.version_proxy.version_check(
@@ -721,21 +717,20 @@ mod test {
         }
     }
 
-    fn fake_version_check() -> BoxFuture<'static, Result<mullvad_api::AppVersionResponse, Error>> {
+    fn fake_version_check() -> BoxFuture<'static, Result<AppVersionResponse, Error>> {
         Box::pin(async { Ok(fake_version_response()) })
     }
 
-    fn fake_version_check_err() -> BoxFuture<'static, Result<mullvad_api::AppVersionResponse, Error>>
-    {
+    fn fake_version_check_err() -> BoxFuture<'static, Result<AppVersionResponse, Error>> {
         Box::pin(retry_future(
             || async { Err(Error::Download(mullvad_api::rest::Error::TimeoutError)) },
             |_| true,
             std::iter::repeat(UPDATE_INTERVAL_ERROR),
         ))
     }
 
-    fn fake_version_response() -> mullvad_api::AppVersionResponse {
-        mullvad_api::AppVersionResponse {
+    fn fake_version_response() -> AppVersionResponse {
+        AppVersionResponse {
             supported: true,
             latest: "2024.1".to_owned(),
             latest_stable: None,

mullvad-daemon/src/version_check.rs

@@ -28,7 +28,7 @@ talpid-future = { path = "../talpid-future" }
 talpid-types = { path = "../talpid-types" }
 talpid-tunnel-config-client = { path = "../talpid-tunnel-config-client" }
 mullvad-encrypted-dns-proxy = { path = "../mullvad-encrypted-dns-proxy" }
-mullvad-api = { path = "../mullvad-api" }
+mullvad-api = { path = "../mullvad-api", default-features = false }
 serde_json = { workspace = true }
 
 shadowsocks-service = { workspace = true, features = [