From 6f0ffc79ee0953b5ec18bb0b89d174278133fd0e Mon Sep 17 00:00:00 2001 From: zhom <2717306+zhom@users.noreply.github.com> Date: Tue, 7 Jul 2026 23:14:53 +0400 Subject: [PATCH] refactor: cleanup --- src-tauri/src/cookie_manager.rs | 3 +-- src-tauri/src/lib.rs | 4 ++-- src-tauri/src/proxy_server.rs | 4 ++-- src-tauri/src/sync/engine.rs | 6 +++--- src-tauri/src/sync/subscription.rs | 2 +- src-tauri/src/vpn/socks5_server.rs | 22 +++++++++++++++------- src-tauri/src/vpn_worker_storage.rs | 2 +- src/components/profile-data-table.tsx | 4 ++-- src/components/settings-dialog.tsx | 3 +-- 9 files changed, 28 insertions(+), 22 deletions(-) diff --git a/src-tauri/src/cookie_manager.rs b/src-tauri/src/cookie_manager.rs index 488b0e3..4427995 100644 --- a/src-tauri/src/cookie_manager.rs +++ b/src-tauri/src/cookie_manager.rs @@ -1759,8 +1759,7 @@ mod tests { assert_eq!(xs.value, "sessionvalue"); // Raw DB checks against the Firefox schema — these would catch the bugs - // that caused issue #265 on the Chrome path (plaintext, correct expiry, - // correct schemeMap). + // on the Chrome path (plaintext, correct expiry, correct schemeMap). let conn = Connection::open(&ff_db).unwrap(); let now = std::time::SystemTime::now() .duration_since(std::time::UNIX_EPOCH) diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs index 7fe1b66..b81fbba 100644 --- a/src-tauri/src/lib.rs +++ b/src-tauri/src/lib.rs @@ -1827,7 +1827,7 @@ pub fn run() { // so the background loop respects portable mode and the // disable_auto_updates setting. Previously it bypassed both, so a // portable install would auto-download and run the NSIS installer, - // clobbering the portable folder instead of updating in place (#468). + // clobbering the portable folder instead of updating in place. match app_auto_updater::check_for_app_updates().await { Ok(Some(update_info)) => { log::info!( @@ -2073,7 +2073,7 @@ pub fn run() { // (window closed by the user). The explicit kill path in // browser_runner.rs already releases it, but this branch did // not — leaking the lock, which the 30s heartbeat then renews - // indefinitely (issue #474). No-op for non-sync/non-paid + // indefinitely. No-op for non-sync/non-paid // profiles thanks to the guards inside the helper. if !is_running { crate::team_lock::release_team_lock_if_needed(&profile).await; diff --git a/src-tauri/src/proxy_server.rs b/src-tauri/src/proxy_server.rs index df70c38..0efcaad 100644 --- a/src-tauri/src/proxy_server.rs +++ b/src-tauri/src/proxy_server.rs @@ -1729,8 +1729,8 @@ const DIRECT_CONNECT_TIMEOUT: std::time::Duration = std::time::Duration::from_se /// handshake). Without it, an upstream that accepts TCP but stalls before /// replying hangs the worker task forever and holds a connection slot; under /// load (e.g. two profiles sharing one proxy) the slots exhaust and the browser -/// sees `ERR_PROXY_CONNECTION_FAILED` until the profile is restarted (issue -/// #439). A bounded dial fails fast and releases the slot. +/// sees `ERR_PROXY_CONNECTION_FAILED` until the profile is restarted. A +/// bounded dial fails fast and releases the slot. const UPSTREAM_DIAL_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(20); /// Per-host failure state (last failure instant, consecutive failure count) for diff --git a/src-tauri/src/sync/engine.rs b/src-tauri/src/sync/engine.rs index 0b9df3f..e3aa3b7 100644 --- a/src-tauri/src/sync/engine.rs +++ b/src-tauri/src/sync/engine.rs @@ -706,7 +706,7 @@ impl SyncEngine { // deleted local files), the manifest generated at the START of the sync is // now stale. Uploading it would advertise wrong hashes/mtimes for the files // we just pulled, so the peer keeps computing a non-empty diff and the two - // devices ping-pong re-uploads forever (issue #470). Regenerate from the + // devices ping-pong re-uploads forever. Regenerate from the // actual on-disk files before uploading. When only uploads happened, the // on-disk state is unchanged and the original manifest is still accurate. let local_changed = @@ -2399,7 +2399,7 @@ impl SyncEngine { let metadata_raw = self.client.download_bytes(&metadata_presign.url).await?; // Unseal E2E-encrypted metadata before parsing — otherwise an encrypted // envelope fails to deserialize and the missing profile never downloads to - // this device (issue #466). Plaintext (legacy) metadata passes through. + // this device. Plaintext (legacy) metadata passes through. let metadata_data = encryption::maybe_unseal_after_download(&metadata_raw).map_err(|e| { if e.contains("ENCRYPTION_PASSWORD_REQUIRED") { let _ = events::emit("profile-sync-e2e-password-required", ()); @@ -3212,7 +3212,7 @@ pub async fn enable_extension_group_sync_if_needed(extension_group_id: &str) -> // Enabling sync only flips a local flag; without queueing a sync run the // group and its extensions are never uploaded, so the other device never - // receives them (issue #477). Queue them now. + // receives them. Queue them now. if let Some(scheduler) = crate::sync::get_global_scheduler() { scheduler .queue_extension_group_sync(extension_group_id.to_string()) diff --git a/src-tauri/src/sync/subscription.rs b/src-tauri/src/sync/subscription.rs index 62df17a..9567aca 100644 --- a/src-tauri/src/sync/subscription.rs +++ b/src-tauri/src/sync/subscription.rs @@ -146,7 +146,7 @@ impl SyncSubscription { // Refresh the sync token before reconnecting. The token may have // expired while the stream was open (tokens last ~15 min); reusing // the construction-time token otherwise produces an endless 401 - // reconnect loop until the app is restarted (issue #440). + // reconnect loop until the app is restarted. match Self::fetch_sync_token(source, &app_handle).await { Ok(Some(fresh)) => token = fresh, Ok(None) => { diff --git a/src-tauri/src/vpn/socks5_server.rs b/src-tauri/src/vpn/socks5_server.rs index 30252cb..28e82c1 100644 --- a/src-tauri/src/vpn/socks5_server.rs +++ b/src-tauri/src/vpn/socks5_server.rs @@ -447,7 +447,7 @@ impl WireGuardSocks5Server { .port(); // Update config with actual port and local_url. Prefer the explicit - // config path the worker was started with — see issue #287, where + // config path the worker was started with — a case where // get_storage_dir() in the worker process resolved to a different // directory than in the parent (Qubes/sandboxed Linux), causing the // write-back to land in the wrong place and the parent to time out. @@ -776,15 +776,23 @@ impl WireGuardSocks5Server { } } 0x04 => { - // IPv6 + // IPv6-literal CONNECT. The WireGuard tunnel is IPv4-only + // (parse_cidr_address keeps only the first/IPv4 address and no + // default IPv6 route is installed), so an IPv6 destination can + // never be reached. Attempting the connect would leave the + // smoltcp socket in SynSent until it times out — a visible hang — + // so fail fast with "host unreachable" instead. + // Normal navigation never lands here: Chromium uses remote DNS + // over the SOCKS proxy and domain CONNECT requests resolve A-only, so + // this only guards direct literal-IPv6 destinations. if conn.read_buf.len() < 22 { continue; } - let mut octets = [0u8; 16]; - octets.copy_from_slice(&conn.read_buf[4..20]); - let ip = std::net::Ipv6Addr::from(octets); - let port = u16::from_be_bytes([conn.read_buf[20], conn.read_buf[21]]); - (SocketAddr::new(std::net::IpAddr::V6(ip), port), 22) + let _ = conn + .tcp_stream + .try_write(&[0x05, 0x04, 0x00, 0x01, 0, 0, 0, 0, 0, 0]); + completed.push(idx); + continue; } _ => { completed.push(idx); diff --git a/src-tauri/src/vpn_worker_storage.rs b/src-tauri/src/vpn_worker_storage.rs index c37b525..88eac23 100644 --- a/src-tauri/src/vpn_worker_storage.rs +++ b/src-tauri/src/vpn_worker_storage.rs @@ -45,7 +45,7 @@ pub fn save_vpn_worker_config(config: &VpnWorkerConfig) -> Result<(), Box