chore(gui-client): Bubble up connlib panics as error dialogs in the GUI

rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service

@@ -42,7 +42,7 @@ Environment="LOG_DIR=/var/log/dev.firezone.client"
 Environment="RUST_LOG=info"
 EnvironmentFile="/etc/default/firezone-client-ipc"
 
-ExecStart=firezone-client-ipc
+ExecStart=firezone-client-ipc ipc-service
 Type=notify
 # Unfortunately we may need root to control DNS
 User=root

rust/gui-client/src-tauri/src/client/gui.rs

@@ -438,7 +438,10 @@ pub(crate) enum ControllerRequest {
     ApplySettings(AdvancedSettings),
     /// Only used for smoke tests
     ClearLogs,
-    Disconnected,
+    Disconnected {
+        error_msg: String,
+        is_authentication_error: bool,
+    },
     /// The same as the arguments to `client::logging::export_logs_to`
     ExportLogs {
         path: PathBuf,
@@ -560,13 +563,25 @@ impl Controller {
             Req::ClearLogs => logging::clear_logs_inner()
                 .await
                 .context("Failed to clear logs")?,
-            Req::Disconnected => {
-                tracing::info!("Disconnected by connlib");
+            Req::Disconnected {
+                error_msg,
+                is_authentication_error,
+            } => {
                 self.sign_out().await?;
-                os::show_notification(
-                    "Firezone disconnected",
-                    "To access resources, sign in again.",
-                )?;
+                if is_authentication_error {
+                    tracing::info!(?error_msg, "Auth error");
+                    os::show_notification(
+                        "Firezone disconnected",
+                        "To access resources, sign in again.",
+                    )?;
+                } else {
+                    tracing::error!(?error_msg, "Disconnected");
+                    native_dialog::MessageDialog::new()
+                        .set_title("Firezone Error")
+                        .set_text(&error_msg)
+                        .set_type(native_dialog::MessageType::Error)
+                        .show_alert()?;
+                }
             }
             Req::ExportLogs { path, stem } => logging::export_logs_to(path, stem)
                 .await

rust/gui-client/src-tauri/src/client/ipc.rs

@@ -2,15 +2,12 @@ use crate::client::gui::{ControllerRequest, CtlrTx};
 use anyhow::{Context as _, Result};
 use arc_swap::ArcSwap;
 use connlib_client_shared::callbacks::ResourceDescription;
-use firezone_headless_client::IpcClientMsg;
-
-use std::{
-    net::{IpAddr, Ipv4Addr, Ipv6Addr},
-    sync::Arc,
-};
+use firezone_headless_client::{IpcClientMsg, IpcServerMsg};
+use futures::{SinkExt, StreamExt};
+use secrecy::{ExposeSecret, SecretString};
+use std::{net::IpAddr, sync::Arc};
 use tokio::sync::Notify;
-
-pub(crate) use platform::Client;
+use tokio_util::codec::{FramedRead, FramedWrite, LengthDelimitedCodec};
 
 #[cfg(target_os = "linux")]
 #[path = "ipc/linux.rs"]
@@ -32,23 +29,22 @@ pub(crate) struct CallbackHandler {
     pub resources: Arc<ArcSwap<Vec<ResourceDescription>>>,
 }
 
-// Callbacks must all be non-blocking
-impl connlib_client_shared::Callbacks for CallbackHandler {
-    fn on_disconnect(&self, error: &connlib_client_shared::Error) {
-        // The errors don't implement `Serialize`, so we don't get a machine-readable
-        // error here, but we should consider it an error anyway. `on_disconnect`
-        // is always an error
-        tracing::error!("on_disconnect {error:?}");
+// Almost but not quite implements `Callbacks` from connlib.
+// Because of the IPC boundary, we can deviate.
+impl CallbackHandler {
+    fn on_disconnect(&self, error_msg: String, is_authentication_error: bool) {
         self.ctlr_tx
-            .try_send(ControllerRequest::Disconnected)
+            .try_send(ControllerRequest::Disconnected {
+                error_msg,
+                is_authentication_error,
+            })
             .expect("controller channel failed");
     }
 
-    fn on_set_interface_config(&self, _: Ipv4Addr, _: Ipv6Addr, _: Vec<IpAddr>) -> Option<i32> {
+    fn on_set_interface_config(&self) {
         self.ctlr_tx
             .try_send(ControllerRequest::TunnelReady)
             .expect("controller channel failed");
-        None
     }
 
     fn on_update_resources(&self, resources: Vec<ResourceDescription>) {
@@ -58,7 +54,80 @@ impl connlib_client_shared::Callbacks for CallbackHandler {
     }
 }
 
+pub(crate) struct Client {
+    task: tokio::task::JoinHandle<Result<()>>,
+    // Needed temporarily to avoid a big refactor. We can remove this in the future.
+    tx: FramedWrite<tokio::io::WriteHalf<platform::IpcStream>, LengthDelimitedCodec>,
+}
+
 impl Client {
+    pub(crate) async fn disconnect(mut self) -> Result<()> {
+        self.send_msg(&IpcClientMsg::Disconnect)
+            .await
+            .context("Couldn't send Disconnect")?;
+        self.tx.close().await?;
+        self.task.abort();
+        Ok(())
+    }
+
+    pub(crate) async fn send_msg(&mut self, msg: &IpcClientMsg) -> Result<()> {
+        self.tx
+            .send(
+                serde_json::to_string(msg)
+                    .context("Couldn't encode IPC message as JSON")?
+                    .into(),
+            )
+            .await
+            .context("Couldn't send IPC message")?;
+        Ok(())
+    }
+
+    pub(crate) async fn connect(
+        api_url: &str,
+        token: SecretString,
+        callback_handler: CallbackHandler,
+        tokio_handle: tokio::runtime::Handle,
+    ) -> Result<Self> {
+        tracing::info!(pid = std::process::id(), "Connecting to IPC service...");
+        let stream = platform::connect_to_service().await?;
+        let (rx, tx) = tokio::io::split(stream);
+        // Receives messages from the IPC service
+        let mut rx = FramedRead::new(rx, LengthDelimitedCodec::new());
+        let tx = FramedWrite::new(tx, LengthDelimitedCodec::new());
+
+        let task = tokio_handle.spawn(async move {
+            while let Some(msg) = rx.next().await.transpose()? {
+                match serde_json::from_slice::<IpcServerMsg>(&msg)? {
+                    IpcServerMsg::Ok => {}
+                    IpcServerMsg::OnDisconnect {
+                        error_msg,
+                        is_authentication_error,
+                    } => callback_handler.on_disconnect(error_msg, is_authentication_error),
+                    IpcServerMsg::OnUpdateResources(v) => callback_handler.on_update_resources(v),
+                    IpcServerMsg::OnSetInterfaceConfig {
+                        ipv4: _,
+                        ipv6: _,
+                        dns: _,
+                    } => {
+                        callback_handler.on_set_interface_config();
+                    }
+                }
+            }
+            Ok(())
+        });
+
+        let mut client = Self { task, tx };
+        let token = token.expose_secret().clone();
+        client
+            .send_msg(&IpcClientMsg::Connect {
+                api_url: api_url.to_string(),
+                token,
+            })
+            .await
+            .context("Couldn't send Connect message")?;
+        Ok(client)
+    }
+
     pub(crate) async fn reconnect(&mut self) -> Result<()> {
         self.send_msg(&IpcClientMsg::Reconnect)
             .await

rust/gui-client/src-tauri/src/client/ipc/linux.rs

@@ -1,82 +1,14 @@
 use anyhow::{Context as _, Result};
-use connlib_client_shared::Callbacks;
-use firezone_headless_client::{platform::sock_path, IpcClientMsg, IpcServerMsg};
-use futures::{SinkExt, StreamExt};
-use secrecy::{ExposeSecret, SecretString};
-use tokio::net::{unix::OwnedWriteHalf, UnixStream};
-use tokio_util::codec::{FramedRead, FramedWrite, LengthDelimitedCodec};
-
-/// Forwards events to and from connlib
-pub(crate) struct Client {
-    recv_task: tokio::task::JoinHandle<Result<()>>,
-    tx: FramedWrite<OwnedWriteHalf, LengthDelimitedCodec>,
-}
-
-impl Client {
-    pub(crate) async fn disconnect(mut self) -> Result<()> {
-        self.send_msg(&IpcClientMsg::Disconnect)
-            .await
-            .context("Couldn't send Disconnect")?;
-        self.tx.close().await?;
-        self.recv_task.abort();
-        Ok(())
-    }
-
-    pub(crate) async fn send_msg(&mut self, msg: &IpcClientMsg) -> Result<()> {
-        self.tx
-            .send(
-                serde_json::to_string(msg)
-                    .context("Couldn't encode IPC message as JSON")?
-                    .into(),
-            )
-            .await
-            .context("Couldn't send IPC message")?;
-        Ok(())
-    }
-
-    pub(crate) async fn connect(
-        api_url: &str,
-        token: SecretString,
-        callback_handler: super::CallbackHandler,
-        tokio_handle: tokio::runtime::Handle,
-    ) -> Result<Self> {
-        tracing::info!(pid = std::process::id(), "Connecting to IPC service...");
-        let stream = UnixStream::connect(sock_path())
-            .await
-            .context("Couldn't connect to UDS")?;
-        let (rx, tx) = stream.into_split();
-        // Receives messages from the IPC service
-        let mut rx = FramedRead::new(rx, LengthDelimitedCodec::new());
-        let tx = FramedWrite::new(tx, LengthDelimitedCodec::new());
-
-        // TODO: Make sure this joins / drops somewhere
-        let recv_task = tokio_handle.spawn(async move {
-            while let Some(msg) = rx.next().await.transpose()? {
-                let msg: IpcServerMsg = serde_json::from_slice(&msg)?;
-                match msg {
-                    IpcServerMsg::Ok => {}
-                    IpcServerMsg::OnDisconnect => callback_handler.on_disconnect(
-                        &connlib_client_shared::Error::Other("errors can't be serialized"),
-                    ),
-                    IpcServerMsg::OnUpdateResources(v) => callback_handler.on_update_resources(v),
-                    IpcServerMsg::OnSetInterfaceConfig { ipv4, ipv6, dns } => {
-                        callback_handler.on_set_interface_config(ipv4, ipv6, dns);
-                    }
-                }
-            }
-            Ok(())
-        });
-
-        let mut client = Self { recv_task, tx };
-        let token = token.expose_secret().clone();
-        client
-            .send_msg(&IpcClientMsg::Connect {
-                api_url: api_url.to_string(),
-                token,
-            })
-            .await
-            .context("Couldn't send Connect message")?;
-
-        Ok(client)
-    }
+use firezone_headless_client::platform::sock_path;
+use tokio::net::UnixStream;
+
+/// A type alias to abstract over the Windows and Unix IPC primitives
+pub(crate) type IpcStream = UnixStream;
+
+/// Connect to the IPC service
+pub(crate) async fn connect_to_service() -> Result<IpcStream> {
+    let stream = UnixStream::connect(sock_path())
+        .await
+        .context("Couldn't connect to Unix domain socket")?;
+    Ok(stream)
 }