Files
netbird/client/ui/authsession/warning.go
Zoltan Papp 6e23ed4da7 [client] Add error event publishing for rejected session deadlines (#6358)
* [client] Surface session deadline rejections via SystemEvent and add timer arm debug logs

When sessionwatch.Watcher.Update rejects a deadline (pre-epoch, too far
in the future, or past the clock-skew tolerance) it silently zeroes the
status recorder, leaving the UI with no "expires in" row and no
indication of why. Publish a SystemEvent_ERROR on the AUTHENTICATION
channel so the rejection appears in the UI event feed and the user
knows re-login may be required.

Also add Debugf log lines in armTimerLocked so that warning and
final-warning timer fire-times are visible in logs without having to
add instrumentation after the fact.

https://claude.ai/code/session_01Y3bQoNgcVjTD4zDTvv7a8u

* [client] Remove verbose arm-timer debug logs from sessionwatch

The per-arm Debugf lines added noise on every deadline update.
Rejection logging already happens at the call site in engine_authsession.go;
the watcher itself needs no extra instrumentation.

https://claude.ai/code/session_01Y3bQoNgcVjTD4zDTvv7a8u

* [client] Leave userMessage empty on deadline-rejected event; use metadata key

Daemon-layer PublishEvent userMessage strings are not localized — the UI
reads metadata keys and builds its own locale-aware copy (same pattern
as the session-warning events in event.go). Drop the hardcoded English
sentence from the deadline-rejected event and instead surface the
rejection reason via a new MetaSessionDeadlineRejected metadata key so
the UI can detect and localize it.

https://claude.ai/code/session_01Y3bQoNgcVjTD4zDTvv7a8u

* [client] Revert silent deadline-rejected event; restore userMessage

MetaSessionDeadlineRejected had no UI consumer: the tray only does
metadata-driven localisation for MetaSessionWarning events; all other
SystemEvents display userMessage directly (tray_events.go). Leaving
userMessage empty made the rejection invisible to the user.

Restore the English userMessage so the generic event path shows
something, and remove the unused MetaSessionDeadlineRejected constant.

https://claude.ai/code/session_01Y3bQoNgcVjTD4zDTvv7a8u

* [client] Localize session deadline rejected notification via metadata key

Follow the same pattern as session-warning events: the daemon emits an
empty userMessage and puts the signal in a typed metadata key
(MetaSessionDeadlineRejected); the UI tray detects the key and builds a
locale-aware OS notification from i18n strings.

Changes:
- sessionwatch/event.go: add MetaSessionDeadlineRejected constant
- engine_authsession.go: empty userMessage, use the new metadata key
- ui/authsession/warning.go: re-export MetaDeadlineRejected for UI consumers
- ui/tray_events.go: gate on isDeadlineRejected alongside isSessionWarning;
  new branch calls t.notify with localized title/body
- i18n locales (en/de/hu): add notify.sessionDeadlineRejected.{title,body}

https://claude.ai/code/session_01Y3bQoNgcVjTD4zDTvv7a8u

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-06-08 17:10:15 +02:00

85 lines
3.4 KiB
Go

//go:build !android && !ios && !freebsd && !js
// Package authsession holds the UI-side domain logic for the SSO
// session-extend feature. Wails service facades in
// client/ui/services/session*.go are thin adapters around the types and
// functions defined here; the parsing, request shapes, and constants
// live in this package so future-us can reason about (and test) the
// feature without dragging the Wails service surface around with it.
package authsession
import (
"time"
"github.com/netbirdio/netbird/client/internal/auth/sessionwatch"
)
// Metadata keys the daemon attaches to session-warning SystemEvents.
// Re-exported from sessionwatch (single source of truth on the daemon
// side) so UI-side consumers don't have to import the daemon-internal
// package directly.
const (
MetaWarning = sessionwatch.MetaSessionWarning
MetaFinal = sessionwatch.MetaSessionFinal
MetaExpiresAt = sessionwatch.MetaSessionExpiresAt
MetaLeadMinutes = sessionwatch.MetaSessionLeadMinutes
MetaDeadlineRejected = sessionwatch.MetaSessionDeadlineRejected
)
// Warning is the typed payload emitted on the session-warning Wails
// events. The React side subscribes to "netbird:session:warning" and
// "netbird:session:final-warning" and receives this shape.
//
// ExpiresAt is best-effort: when the metadata is missing or malformed
// (e.g. an older daemon emits the event without the timestamp) it stays
// zero — the UI can fall back to the Status snapshot.
type Warning struct {
// ExpiresAt is the absolute UTC deadline the warning was fired
// against. The UI displays remaining time relative to its own clock.
ExpiresAt time.Time `json:"sessionExpiresAt"`
// LeadMinutes is the warning's configured lead time in minutes
// (WarningLead for the T-10 event, FinalWarningLead for the T-2
// event). Exposed so the UI can show "expires in ~N minutes" without
// hardcoding either constant on its side.
LeadMinutes int `json:"leadMinutes"`
// Final is true on the T-FinalWarningLead fallback event and false
// on the regular T-WarningLead notification. Exposed so a frontend
// listener bound to the dedicated final-warning Wails event still
// receives a payload it can self-describe (and so a tray that
// happens to see both event streams can branch in one place).
Final bool `json:"final"`
}
// WarningFromMetadata parses the daemon's SystemEvent metadata into a
// Warning payload. Returns (nil, false) when the event is not a
// session-warning at all (the common case). When the metadata flag is
// set but a field fails to parse, the field stays at its zero value and
// the event is still surfaced — the UI gets to decide how to handle it.
func WarningFromMetadata(meta map[string]string) (*Warning, bool) {
if meta == nil || meta[MetaWarning] != "true" {
return nil, false
}
out := &Warning{
Final: meta[MetaFinal] == "true",
}
if raw := meta[MetaExpiresAt]; raw != "" {
if t, err := sessionwatch.ParseExpiresAt(raw); err == nil {
out.ExpiresAt = t
}
}
if raw := meta[MetaLeadMinutes]; raw != "" {
if n, err := sessionwatch.ParseLeadMinutes(raw); err == nil {
out.LeadMinutes = n
}
}
return out, true
}
// ParseExpiresAt decodes a MetaExpiresAt metadata value to a UTC time.
// Thin re-export of sessionwatch.ParseExpiresAt so UI-side call sites
// (tray, frontend bindings) don't import the daemon-internal package.
func ParseExpiresAt(s string) (time.Time, error) {
return sessionwatch.ParseExpiresAt(s)
}