Improve error logging (#24)

Task/Issue URL: https://app.asana.com/0/1203512625915051/1203969517643013/f and https://app.asana.com/0/1203512625915051/1203971625280790/f
Tech Design URL:
BSK PR: more-duckduckgo-org/browserserviceskit-network-protection#17

Author: diegoreymendez

DuckDuckGo.xcodeproj/project.pbxproj

@@ -30,7 +30,7 @@ final class APIHeaders {
         static let ifNoneMatch = "If-None-Match"
         static let moreInfo = "X-DuckDuckGo-MoreInfo"
     }
-
+    
     private let appVersion: AppVersion
 
     init(appVersion: AppVersion = AppVersion.shared) {

DuckDuckGo/API/APIHeaders.swift

@@ -95,18 +95,6 @@ extension URL {
         return Self.preferences.appendingPathComponent(pane.rawValue)
     }
 
-    // MARK: Pixel
-
-    static let pixelBase = ProcessInfo.processInfo.environment["PIXEL_BASE_URL", default: "https://improving.duckduckgo.com"]
-
-    static func pixelUrl(forPixelNamed pixelName: String) -> URL {
-        let urlString = "\(Self.pixelBase)/t/\(pixelName)"
-        let url = URL(string: urlString)!
-        // url = url.addParameter(name: \"atb\", value: statisticsStore.atbWithVariant ?? \"\")")
-        // https://app.asana.com/0/1177771139624306/1199951074455863/f
-        return url
-    }
-
     // MARK: ATB
 
     static var devMode: String {
@@ -273,8 +261,6 @@ extension URL {
 
     static var duckDuckGoEmail = URL(string: "https://duckduckgo.com/email-protection")!
 
-    static var duckDuckGoMorePrivacyInfo = URL(string: "https://help.duckduckgo.com/duckduckgo-help-pages/privacy/atb/")!
-
     var isDuckDuckGo: Bool {
         absoluteString.starts(with: Self.duckDuckGo.absoluteString)
     }

DuckDuckGo/Common/Extensions/URLExtension.swift

@@ -77,12 +77,6 @@ final class MainWindowController: NSWindowController {
         if shouldShowOnboarding {
             mainViewController.tabCollectionViewModel.selectedTabViewModel?.tab.startOnboarding()
         }
-
-        DispatchQueue.main.asyncAfter(deadline: .now() + 1) {
-            #if NETP_SYSTEM_EXTENSION
-            SystemExtensionManager.shared.activate()
-            #endif
-        }
     }
 
     private func subscribeToResolutionChange() {

DuckDuckGo/Main/View/MainWindowController.swift

@@ -0,0 +1,53 @@
+//
+//  NetworkProtectionControllerIssuesStore.swift
+//
+//  Copyright © 2023 DuckDuckGo. All rights reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//
+
+import Foundation
+
+/// This class provides a mechanism to store and announce issues when interacting with the tunnel.
+/// The reason this lass is necessry is because we need to store and share failures across different UI elements.  As an example
+/// we may need to show these errors in the status menu (which will eventually be run in its own agent), and in the status view within
+/// the app.
+///
+final class NetworkProtectionControllerErrorStore {
+    private static let lastErrorMessageKey = "com.duckduckgo.NetworkProtectionControllerErrorStore.lastErrorMessage"
+    private let userDefaults: UserDefaults
+    private let distributedNotificationCenter: DistributedNotificationCenter
+
+    init(userDefaults: UserDefaults = .standard,
+         distributedNotificationCenter: DistributedNotificationCenter = .forType(.networkProtection)) {
+        self.userDefaults = userDefaults
+        self.distributedNotificationCenter = distributedNotificationCenter
+    }
+
+    var lastErrorMessage: String? {
+        get {
+            userDefaults.string(forKey: Self.lastErrorMessageKey)
+        }
+        
+        set {
+            userDefaults.set(newValue, forKey: Self.lastErrorMessageKey)
+            postLastErrorMessageChangedNotification()
+        }
+    }
+
+    // MARK: - Posting Notifications
+
+    private func postLastErrorMessageChangedNotification() {
+        distributedNotificationCenter.postNotificationName(.NetPControllerErrorStatusChanged, object: nil, userInfo: nil, options: [.deliverImmediately, .postToAllSessions])
+    }
+}

DuckDuckGo/NetworkProtection/NetworkProtectionControllerErrorStore.swift

@@ -24,22 +24,9 @@ protocol NetworkProtectionLogger {
 }
 
 final class DefaultNetworkProtectionLogger: NetworkProtectionLogger {
-
     func log(_ error: Error) {
         let format = StaticString(stringLiteral: "🔴 %{public}@")
         os_log(format, type: .error, error.localizedDescription)
-
-        let nsError = error as NSError
-
-        /// Note: `configurationReadWriteFailed` is raised when the user does not grant permission to access the system's VPN info (which we should ignore),
-        /// but the error code's description makes it sound like it could signal other issues with reading and writing the VPN configuration, which we don't want to ignore by default.
-        /// For this reason we're keeping the log but disabling the assertion for this error code.
-        ///
-        let skipAssertion = nsError.domain == NEVPNErrorDomain && nsError.code == NEVPNError.configurationReadWriteFailed.rawValue
-
-        if !skipAssertion {
-            assertionFailure(error.localizedDescription)
-        }
     }
 
 }

DuckDuckGo/NetworkProtection/NetworkProtectionLogger.swift

@@ -24,7 +24,6 @@ import BrowserServicesKit
 import NetworkExtension
 import NetworkProtection
 import SystemExtensions
-import Common
 
 enum NetworkProtectionConnectionStatus {
     case notConfigured
@@ -75,11 +74,10 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
     /// The logger that this object will use for errors that are handled by this class.
     ///
     private let logger: NetworkProtectionLogger
-
-    /// Handles registration of the current device with the Network Protection backend.
-    /// The manager is also responsible to maintaining the current known list of backend servers, and allowing the user to pick which one they connect to.
-    /// 
-    private let deviceManager: NetworkProtectionDeviceManagement
+    
+    /// Stores the last controller error for the purpose of updating the UI as needed..
+    ///
+    private let controllerErrorStore = NetworkProtectionControllerErrorStore()
 
     // MARK: - Notifications & Observers
 
@@ -92,12 +90,6 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
     private var configChangeObserverToken: NSObjectProtocol?
 
     let configChangePublisher = CurrentValueSubject<Void, Never>(())
-
-    // MARK: - Bundle Identifiers
-    
-    var extensionBundleIdentifier: String {
-        NetworkProtectionBundle.extensionBundle().bundleIdentifier!
-    }
 
     // MARK: - VPN Tunnel & Configuration
 
@@ -192,11 +184,8 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
 
     convenience init() {
         let keychainStore = NetworkProtectionKeychainStore(useSystemKeychain: NetworkProtectionBundle.usesSystemKeychain())
-        let deviceManager = NetworkProtectionDeviceManager(keyStore: keychainStore,
-                                                           errorEvents: Self.networkProtectionDebugEvents)
 
         self.init(notificationCenter: .default,
-                  deviceManager: deviceManager,
                   logger: DefaultNetworkProtectionLogger())
     }
 
@@ -207,11 +196,9 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
     ///         - logger: (meant for testing) the logger that this object will use.
     ///
     init(notificationCenter: NotificationCenter,
-         deviceManager: NetworkProtectionDeviceManagement,
          logger: NetworkProtectionLogger) {
 
         self.logger = logger
-        self.deviceManager = deviceManager
         self.notificationCenter = notificationCenter
 
         startObservingNotifications()
@@ -261,65 +248,6 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
         configChangeObserverToken = nil
     }
 
-    // MARK: - Error Reporting
-
-    static let networkProtectionDebugEvents: EventMapping<NetworkProtectionError>? = .init { event, _, _, _ in
-        let domainEvent: Pixel.Event
-
-        switch event {
-        case .noServerRegistrationInfo:
-            domainEvent = .networkProtectionTunnelConfigurationNoServerRegistrationInfo
-        case .couldNotSelectClosestServer:
-            domainEvent = .networkProtectionTunnelConfigurationCouldNotSelectClosestServer
-        case .couldNotGetPeerPublicKey:
-            domainEvent = .networkProtectionTunnelConfigurationCouldNotGetPeerPublicKey
-        case .couldNotGetPeerHostName:
-            domainEvent = .networkProtectionTunnelConfigurationCouldNotGetPeerHostName
-        case .couldNotGetInterfaceAddressRange:
-            domainEvent = .networkProtectionTunnelConfigurationCouldNotGetInterfaceAddressRange
-
-        case .failedToFetchServerList:
-            return
-        case .failedToParseServerListResponse:
-            domainEvent = .networkProtectionClientFailedToParseServerListResponse
-        case .failedToEncodeRegisterKeyRequest:
-            domainEvent = .networkProtectionClientFailedToEncodeRegisterKeyRequest
-        case .failedToFetchRegisteredServers:
-            return
-        case .failedToParseRegisteredServersResponse:
-            domainEvent = .networkProtectionClientFailedToParseRegisteredServersResponse
-        case .serverListInconsistency:
-            // - TODO: not sure what to do here
-            return
-
-        case .failedToEncodeServerList:
-            domainEvent = .networkProtectionServerListStoreFailedToEncodeServerList
-        case .failedToWriteServerList(let eventError):
-            domainEvent = .networkProtectionServerListStoreFailedToWriteServerList(error: eventError)
-        case .noServerListFound:
-            return
-        case .couldNotCreateServerListDirectory:
-            return
-            
-        case .failedToReadServerList(let eventError):
-            domainEvent = .networkProtectionServerListStoreFailedToReadServerList(error: eventError)
-
-        case .failedToCastKeychainValueToData(let field):
-            domainEvent = .networkProtectionKeychainErrorFailedToCastKeychainValueToData(field: field)
-        case .keychainReadError(let field, let status):
-            domainEvent = .networkProtectionKeychainReadError(field: field, status: status)
-        case .keychainWriteError(let field, let status):
-            domainEvent = .networkProtectionKeychainWriteError(field: field, status: status)
-        case .keychainDeleteError(let field, let status):
-            domainEvent = .networkProtectionKeychainDeleteError(field: field, status: status)
-
-        case .unhandledError(function: let function, line: let line, error: let error):
-            domainEvent = .networkProtectionUnhandledError(function: function, line: line, error: error)
-        }
-
-        Pixel.fire(domainEvent, includeAppVersionParameter: true)
-    }
-
     // MARK: - Notifications: Handling
 
     static let statusChangeQueue: OperationQueue = {
@@ -371,9 +299,6 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
     /// Setups the tunnel manager if it's not set up already.
     ///
     private func setup(_ tunnelManager: NETunnelProviderManager) async throws {
-        // 1 - If configuration exists... let it through (but what if it's broken?  the service will take care of it)
-        // 2 - If a configuration doesn't exist, fill in a dummy one (can this cause issues?)
-        
         if tunnelManager.localizedDescription == nil {
             tunnelManager.localizedDescription = UserText.networkProtectionTunnelName
         }
@@ -382,12 +307,9 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
             tunnelManager.isEnabled = true
         }
 
-        guard tunnelManager.protocolConfiguration == nil else {
-            return
-        }
-
         let protocolConfiguration = NETunnelProviderProtocol()
         protocolConfiguration.serverAddress = "127.0.0.1" // Dummy address... the NetP service will take care of grabbing a real server
+        protocolConfiguration.providerBundleIdentifier = NetworkProtectionBundle.extensionBundle().bundleIdentifier
         tunnelManager.protocolConfiguration = protocolConfiguration
     }
 
@@ -409,30 +331,65 @@ final class DefaultNetworkProtectionProvider: NetworkProtectionProvider {
             return false
         }
     }
+    
+    // MARK: - Ensure things are working
+    
+    /// - Returns: `true` if the system extension and the background agent were activated successfully
+    ///
+    private func ensureSystemExtensionAndAgentAreActivated() async throws -> Bool {
+        NetworkProtectionAgentManager.current.enable()
+        
+#if NETP_SYSTEM_EXTENSION
+        if case .willActivateAfterReboot = try await SystemExtensionManager.shared.activate(waitingForUserApprovalHandler: { [weak self] in
+            self?.controllerErrorStore.lastErrorMessage = "Go to Security & Privacy in System Settings to allow Network Protection to activate"
+        }) {
+            controllerErrorStore.lastErrorMessage = "Please reboot to activate Network Protection"
+            return false
+        }
+#endif
+        
+        return true
+    }
 
     // MARK: - Starting & Stopping the VPN
 
     /// Starts the VPN connection used for Network Protection
     ///
     func start() async throws {
-        NetworkProtectionAgentManager.current.enable()
-        let tunnelManager = try await loadOrMakeTunnelManager()
+        guard try await ensureSystemExtensionAndAgentAreActivated() else {
+            return
+        }
+        
+        controllerErrorStore.lastErrorMessage = nil
+        let tunnelManager: NETunnelProviderManager
+        
+        do {
+            tunnelManager = try await loadOrMakeTunnelManager()
+        } catch {
+            controllerErrorStore.lastErrorMessage = error.localizedDescription
+            throw error
+        }
 
         switch tunnelManager.connection.status {
         case .invalid:
             reloadTunnelManager()
             try await start()
-        case .disconnected, .disconnecting:
+        case .connected:
+            // Intentional no-op
+            break
+        default:
             var options = [String: NSObject]()
-            
+
             if let selectedServerName = NetworkProtectionSelectedServerUserDefaultsStore().selectedServer.stringValue {
                 options["selectedServer"] = selectedServerName as NSString
             }
-            
-            try tunnelManager.connection.startVPNTunnel(options: options)
-        default:
-            // Intentional no-op
-            break
+
+            do {
+                try tunnelManager.connection.startVPNTunnel(options: options)
+            } catch {
+                controllerErrorStore.lastErrorMessage = error.localizedDescription
+                throw error
+            }
         }
     }