Release 2.1.1

Handle the gateway endpoint error
Related: #338
2025-05-20 07:26:58 -04:00 · 2024-03-25 21:42:16 +08:00 · 2024-03-25 21:03:54 +08:00 · 2024-03-23 20:05:54 +08:00 · 2024-03-17 18:41:42 +08:00 · 2024-03-16 21:24:41 +08:00
120 changed files with 6599 additions and 524 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -7,3 +7,6 @@ indent_size = 2
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 [{Makefile,Makefile.in}]
 indent_style = tab
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,30 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
 ---
 **Describe the bug**
 A clear and concise description of what the bug is.
 **Expected behavior**
 A clear and concise description of what you expected to happen.
 **Screenshots**
 If applicable, add screenshots to help explain your problem.
 **Logs**
 - For the GUI version, you can find the logs at `~/.local/share/gpclient/gpclient.log`
 - For the CLI version, copy the output of the `gpclient` command.
 **Environment:**
 - OS: [e.g. Ubuntu 22.04]
 - Desktop Environment: [e.g. GNOME or KDE]
 - Output of `ps aux | grep 'gnome-keyring\|kwalletd5' | grep -v grep`: [Required for secure store error]
 - Is remote SSH? [Yes/No]
 **Additional context**
 Add any other context about the problem here.
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,4 +1,4 @@
-name: Build GPGUI
+name: Build
 on:
  push:
    paths-ignore:
@@ -8,8 +8,10 @@ on:
      - .devcontainer
    branches:
      - main
-    # tags:
+      - dev
-    #   - v*.*.*
+    tags:
      - latest
      - v*.*.*
 jobs:
  # Include arm64 if ref is a tag
  setup-matrix:
@@ -21,96 +23,128 @@ jobs:
        id: set-matrix
        run: |
          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
-            echo "matrix=[\"amd64\", \"arm64\"]" >> $GITHUB_OUTPUT
+            echo "matrix=[\"ubuntu-latest\", \"arm64\"]" >> $GITHUB_OUTPUT
          else
-            echo "matrix=[\"amd64\"]" >> $GITHUB_OUTPUT
+            echo "matrix=[\"ubuntu-latest\"]" >> $GITHUB_OUTPUT
          fi
-  build-fe:
+  tarball:
    runs-on: ubuntu-latest
    needs: [setup-matrix]
    steps:
-      - name: Checkout gpgui repo
+    - uses: pnpm/action-setup@v2
-        uses: actions/checkout@v4
+      with:
-        with:
+        version: 8
-          token: ${{ secrets.GH_PAT }}
+    - name: Prepare workspace
-          repository: yuezk/gpgui
+      run: rm -rf source && mkdir source
    - name: Checkout GlobalProtect-openconnect
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/GlobalProtect-openconnect
        path: source/gp
    - name: Create tarball
      run: |
        cd source/gp
        make tarball
    - name: Upload tarball
      uses: actions/upload-artifact@v3
      with:
        name: artifact-source
        if-no-files-found: error
        path: |
          source/gp/.build/tarball/*.tar.gz
-      - name: Install Node.js
+  build-gp:
-        uses: actions/setup-node@v4
+    needs:
-        with:
+    - setup-matrix
-          node-version: 18
+    - tarball
      - uses: pnpm/action-setup@v2
        with:
          version: 8
      - name: Install dependencies
        run: |
          cd app
          pnpm install
      - name: Build
        run: |
          cd app
          pnpm run build
      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: gpgui-fe
          path: app/dist
  build-tauri:
    needs: [setup-matrix, build-fe]
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        arch: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
    runs-on: ${{ matrix.os }}
    steps:
-      - name: Checkout gpgui repo
+    - name: Prepare workspace
-        uses: actions/checkout@v4
+      run: rm -rf build-gp && mkdir build-gp
-        with:
+    - name: Download tarball
-          token: ${{ secrets.GH_PAT }}
+      uses: actions/download-artifact@v3
-          repository: yuezk/gpgui
+      with:
-          path: gpgui
+        name: artifact-source
        path: build-gp
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build gp in Docker
      run: |
        docker run --rm -v $(pwd)/build-gp:/gp yuezk/gpdev:gp-builder
-      - name: Checkout gp repo
+  build-gpgui:
-        uses: actions/checkout@v4
+    needs:
-        with:
+    - setup-matrix
-          token: ${{ secrets.GH_PAT }}
+    strategy:
-          repository: yuezk/GlobalProtect-openconnect
+      matrix:
-          path: gp
+        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
    runs-on: ${{ matrix.os }}
    steps:
    - uses: pnpm/action-setup@v2
      with:
        version: 8
    - name: Prepare workspace
      run: rm -rf gpgui-source && mkdir gpgui-source
    - name: Checkout GlobalProtect-openconnect
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/GlobalProtect-openconnect
        path: gpgui-source/gp
    - name: Checkout gpgui
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/gpgui
        path: gpgui-source/gpgui
    - name: Tarball
      run: |
        cd gpgui-source
        tar -czf gpgui.tar.gz gpgui gp
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build gpgui in Docker
      run: |
        docker run --rm -v $(pwd)/gpgui-source:/gpgui yuezk/gpdev:gpgui-builder
    - name: Install gpgui in Docker
      run: |
        cd gpgui-source
        tar -xJf *.bin.tar.xz
        docker run --rm -v $(pwd):/gpgui yuezk/gpdev:gpgui-builder \
          bash -c "cd /gpgui/gpgui_*/ && ./gpgui --version"
    - name: Upload gpgui
      uses: actions/upload-artifact@v3
      with:
        name: artifact-gpgui-${{ matrix.os }}
        if-no-files-found: error
        path: |
          gpgui-source/*.bin.tar.xz
          gpgui-source/*.bin.tar.xz.sha256
-      - name: Download gpgui-fe artifact
+  gh-release:
-        uses: actions/download-artifact@v4
+    if: startsWith(github.ref, 'refs/tags/')
-        with:
+    runs-on: ubuntu-latest
-          name: gpgui-fe
+    needs:
-          path: gpgui/app/dist
+      - build-gp
      - build-gpgui
-      - name: Set up QEMU
+    steps:
-        uses: docker/setup-qemu-action@v3
+    - name: Prepare workspace
-        with:
+      run: rm -rf gh-release && mkdir gh-release
-          platforms: ${{ matrix.arch }}
+    - name: Download all artifacts
-
+      uses: actions/download-artifact@v3
-      - name: Login to Docker Hub
+      with:
-        uses: docker/login-action@v3
+        path: gh-release
-        with:
+    - name: Create GH release
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+      uses: softprops/action-gh-release@v1
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      with:
-
+        token: ${{ secrets.GH_PAT }}
-      - name: Build Tauri in Docker
+        prerelease: ${{ contains(github.ref, 'latest') }}
-        run: |
+        fail_on_unmatched_files: true
-          docker run \
+        files: |
-            --rm \
+          gh-release/artifact-*/*
            -v $(pwd):/${{ github.workspace }} \
            -w ${{ github.workspace }} \
            -e CI=true \
            --platform linux/${{ matrix.arch }} \
            yuezk/gpdev:main \
            "./gpgui/scripts/build.sh"
      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: artifact-${{ matrix.arch }}-tauri
          path: |
            gpgui/.tmp/artifact
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -0,0 +1,89 @@
 name: Publish Packages
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to publish'
        required: true
      revision:
        description: 'Package revision'
        required: true
        default: "1"
      ppa:
        description: 'Publish to PPA'
        type: boolean
        required: true
        default: true
      obs:
        description: 'Publish to OBS'
        type: boolean
        required: true
        default: true
      aur:
        description: 'Publish to AUR'
        type: boolean
        required: true
        default: true
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - name: Check tag exists
      uses: mukunku/tag-exists-action@v1.6.0
      id: check-tag
      with:
        tag: ${{ inputs.tag }}
    - name: Exit if tag does not exist
      run: |
        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
          echo "Tag ${{ inputs.tag }} does not exist"
          exit 1
        fi
  publish-ppa:
    needs: check
    if: ${{ inputs.ppa }}
    runs-on: ubuntu-latest
    steps:
    - uses: pnpm/action-setup@v2
      with:
        version: 8
    - name: Prepare workspace
      run: rm -rf publish-ppa && mkdir publish-ppa
    - name: Download ${{ inputs.tag }} source code
      uses: robinraju/release-downloader@v1.9
      with:
        token: ${{ secrets.GH_PAT }}
        tag: ${{ inputs.tag }}
        fileName: globalprotect-openconnect-*.tar.gz
        tarBall: false
        zipBall: false
        out-file-path: publish-ppa
    - name: Make the offline tarball
      run: |
        cd publish-ppa
        tar -xf globalprotect-openconnect-*.tar.gz
        cd globalprotect-openconnect-*/
        make tarball OFFLINE=1
        # Prepare the debian directory with custom files
        mkdir -p .build/debian
        sed 's/@RUST@/rust-all(>=1.70)/g' packaging/deb/control.in > .build/debian/control
        sed 's/@OFFLINE@/1/g' packaging/deb/rules.in > .build/debian/rules
        cp packaging/deb/postrm .build/debian/postrm
    - name: Publish to PPA
      uses: yuezk/publish-ppa-package@dev
      with:
        repository: "yuezk/globalprotect-openconnect"
        gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
        gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
        tarball: publish-ppa/globalprotect-openconnect-*/.build/tarball/*.tar.gz
        debian_dir: publish-ppa/globalprotect-openconnect-*/.build/debian
        deb_email: "k3vinyue@gmail.com"
        deb_fullname: "Kevin Yue"
        extra_ppa: "liushuyu-011/rust-bpo-1.75"
        revision: ${{ inputs.revision }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,148 @@
 name: Release Packages
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to release'
        required: true
      arch:
        type: choice
        description: 'Architecture to build'
        required: true
        default: all
        options:
          - all
          - x86_64
          - arm64
      release-deb:
        type: boolean
        description: 'Build DEB package'
        required: true
        default: true
      release-rpm:
        type: boolean
        description: 'Build RPM package'
        required: true
        default: true
      release-pkg:
        type: boolean
        description: 'Build PKG package'
        required: true
        default: true
      release-binary:
        type: boolean
        description: 'Build binary package'
        required: true
        default: true
      gh-release:
        type: boolean
        description: 'Update GitHub release'
        required: true
        default: true
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - name: Check tag exists
      uses: mukunku/tag-exists-action@v1.6.0
      id: check-tag
      with:
        tag: ${{ inputs.tag }}
    - name: Exit if tag does not exist
      run: |
        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
          echo "Tag ${{ inputs.tag }} does not exist"
          exit 1
        fi
  setup-matrix:
    needs:
    - check
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.result }}
    steps:
    - name: Set up matrix
      id: set-matrix
      uses: actions/github-script@v7
      with:
        result-encoding: string
        script: |
          const inputs = ${{ toJson(inputs) }}
          const { arch } = inputs
          const osMap = {
            "all": ["ubuntu-latest", "arm64"],
            "x86_64": ["ubuntu-latest"],
            "arm64": ["arm64"]
          }
          const package = Object.entries(inputs)
            .filter(([key, value]) => key.startsWith('release-') && value)
            .map(([key, value]) => key.replace('release-', ''))
          return JSON.stringify({
            os: osMap[arch],
            package,
          })
  build:
    needs:
    - setup-matrix
    strategy:
      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
    runs-on: ${{ matrix.os }}
    steps:
    - name: Prepare workspace
      run: rm -rf build-${{ matrix.package }} && mkdir -p build-${{ matrix.package }}
    - name: Download ${{ inputs.tag }} source code
      uses: robinraju/release-downloader@v1.9
      with:
        token: ${{ secrets.GH_PAT }}
        tag: ${{ inputs.tag }}
        fileName: globalprotect-openconnect-*.tar.gz
        tarBall: false
        zipBall: false
        out-file-path: build-${{ matrix.package }}
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build ${{ matrix.package }} package in Docker
      run: |
        docker run --rm -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} -e INCLUDE_GUI=1 yuezk/gpdev:${{ matrix.package }}-builder
    - name: Install ${{ matrix.package }} package in Docker
      run: |
        docker run --rm -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} yuezk/gpdev:${{ matrix.package }}-builder \
          bash install.sh
    - name: Upload ${{ matrix.package }} package
      uses: actions/upload-artifact@v3
      with:
        name: artifact-${{ matrix.os }}-${{ matrix.package }}
        if-no-files-found: error
        path: |
          build-${{ matrix.package }}/artifacts/*
  gh-release:
    needs:
    - build
    runs-on: ubuntu-latest
    if: ${{ inputs.gh-release }}
    steps:
    - name: Prepare workspace
      run: rm -rf gh-release && mkdir gh-release
    - name: Download artifact
      uses: actions/download-artifact@v3
      with:
        path: gh-release
    - name: Update release
      uses: softprops/action-gh-release@v1
      with:
        token: ${{ secrets.GH_PAT }}
        prerelease: ${{ contains(github.ref, 'latest') }}
        fail_on_unmatched_files: true
        tag_name: ${{ inputs.tag }}
        files: |
          gh-release/artifact-*/*
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,8 @@
 /target
 .pnpm-store
 .env
 .vendor
 *.tar.xz
 .cargo
 .build
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -4,6 +4,7 @@
        "bincode",
        "chacha",
        "clientos",
        "cstring",
        "datetime",
        "disconnectable",
        "distro",
@@ -11,8 +12,10 @@
        "dotenvy",
        "getconfig",
        "globalprotect",
        "globalprotectcallback",
        "gpapi",
        "gpauth",
        "gpcallback",
        "gpclient",
        "gpcommon",
        "gpgui",
@@ -50,5 +53,6 @@
        "wmctrl",
        "XAUTHORITY",
        "yuezk"
-    ]
+    ],
    "rust-analyzer.cargo.features": "all",
 }
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -562,6 +562,13 @@ dependencies = [
 "memchr",
 ]
 [[package]]
 name = "common"
 version = "2.1.1"
 dependencies = [
 "is_executable",
 ]
 [[package]]
 name = "compile-time"
 version = "0.2.0"
@@ -1423,7 +1430,7 @@ dependencies = [
 [[package]]
 name = "gpapi"
-version = "2.0.0-beta4"
+version = "2.1.1"
 dependencies = [
 "anyhow",
 "base64 0.21.5",
@@ -1431,12 +1438,16 @@ dependencies = [
 "clap",
 "dotenvy_macro",
 "log",
 "md5",
 "open",
 "redact-engine",
 "regex",
 "reqwest",
 "roxmltree",
 "serde",
 "serde_json",
 "serde_urlencoded",
 "sha256",
 "specta",
 "specta-macros",
 "tauri",
@@ -1451,7 +1462,7 @@ dependencies = [
 [[package]]
 name = "gpauth"
-version = "2.0.0-beta4"
+version = "2.1.1"
 dependencies = [
 "anyhow",
 "clap",
@@ -1471,10 +1482,11 @@ dependencies = [
 [[package]]
 name = "gpclient"
-version = "2.0.0-beta4"
+version = "2.1.1"
 dependencies = [
 "anyhow",
 "clap",
 "common",
 "compile-time",
 "directories",
 "env_logger",
@@ -1490,9 +1502,27 @@ dependencies = [
 "whoami",
 ]
 [[package]]
 name = "gpgui-helper"
 version = "2.1.1"
 dependencies = [
 "anyhow",
 "clap",
 "compile-time",
 "env_logger",
 "futures-util",
 "gpapi",
 "log",
 "reqwest",
 "tauri",
 "tauri-build",
 "tempfile",
 "tokio",
 ]
 [[package]]
 name = "gpservice"
-version = "2.0.0-beta4"
+version = "2.1.1"
 dependencies = [
 "anyhow",
 "axum",
@@ -1503,9 +1533,12 @@ dependencies = [
 "gpapi",
 "log",
 "openconnect",
 "serde",
 "serde_json",
 "tar",
 "tokio",
 "tokio-util",
 "xz2",
 ]
 [[package]]
@@ -1963,6 +1996,15 @@ version = "2.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3"
 [[package]]
 name = "is-docker"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "928bae27f42bc99b60d9ac7334e3a21d10ad8f1835a4e12ec3ec0464765ed1b3"
 dependencies = [
 "once_cell",
 ]
 [[package]]
 name = "is-terminal"
 version = "0.4.10"
@@ -1974,6 +2016,16 @@ dependencies = [
 "windows-sys 0.52.0",
 ]
 [[package]]
 name = "is-wsl"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "173609498df190136aa7dea1a91db051746d339e18476eed5ca40521f02d7aa5"
 dependencies = [
 "is-docker",
 "once_cell",
 ]
 [[package]]
 name = "is_executable"
 version = "1.0.1"
@@ -2156,6 +2208,17 @@ dependencies = [
 "tracing-subscriber",
 ]
 [[package]]
 name = "lzma-sys"
 version = "0.1.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5fda04ab3764e6cde78b9974eec4f779acaba7c4e84b36eca3cf77c581b85d27"
 dependencies = [
 "cc",
 "libc",
 "pkg-config",
 ]
 [[package]]
 name = "mac"
 version = "0.1.1"
@@ -2206,6 +2269,12 @@ version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94"
 [[package]]
 name = "md5"
 version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771"
 [[package]]
 name = "memchr"
 version = "2.7.1"
@@ -2239,9 +2308,9 @@ dependencies = [
 [[package]]
 name = "mio"
-version = "0.8.10"
+version = "0.8.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09"
+checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
 dependencies = [
 "libc",
 "log",
@@ -2445,12 +2514,23 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
 [[package]]
 name = "open"
 version = "5.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "90878fb664448b54c4e592455ad02831e23a3f7e157374a8b95654731aac7349"
 dependencies = [
 "is-wsl",
 "libc",
 "pathdiff",
 ]
 [[package]]
 name = "openconnect"
-version = "2.0.0-beta4"
+version = "2.1.1"
 dependencies = [
 "cc",
- "is_executable",
+ "common",
 "log",
 ]
@@ -2574,6 +2654,12 @@ version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c"
 [[package]]
 name = "pathdiff"
 version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8835116a5c179084a830efb3adc117ab007512b535bc1a21c991d3b32a6b44dd"
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -3403,6 +3489,19 @@ dependencies = [
 "digest",
 ]
 [[package]]
 name = "sha256"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "18278f6a914fa3070aa316493f7d2ddfb9ac86ebc06fa3b83bffda487e9065b0"
 dependencies = [
 "async-trait",
 "bytes",
 "hex",
 "sha2",
 "tokio",
 ]
 [[package]]
 name = "sharded-slab"
 version = "0.1.7"
@@ -4056,9 +4155,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tokio"
-version = "1.35.1"
+version = "1.36.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
+checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
 dependencies = [
 "backtrace",
 "bytes",
@@ -5046,6 +5145,15 @@ version = "0.13.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4"
 [[package]]
 name = "xz2"
 version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "388c44dc09d76f1536602ead6d325eb532f5c122f17782bd57fb47baeeb767e2"
 dependencies = [
 "lzma-sys",
 ]
 [[package]]
 name = "zeroize"
 version = "1.7.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,10 +1,11 @@
 [workspace]
 resolver = "2"
-members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth"]
+members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth", "apps/gpgui-helper/src-tauri"]
 [workspace.package]
-version = "2.0.0-beta4"
+rust-version = "1.70"
 version = "2.1.1"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"
@@ -34,15 +35,21 @@ axum = "0.7"
 futures = "0.3"
 futures-util = "0.3"
 tokio-tungstenite = "0.20.1"
 specta = "=2.0.0-rc.1"
 specta-macros = "=2.0.0-rc.1"
 uzers = "0.11"
 whoami = "1"
 tauri = { version = "1.5" }
 thiserror = "1"
 redact-engine = "0.1"
 dotenvy_macro = "0.15"
 compile-time = "0.2"
 serde_urlencoded = "0.7"
 md5="0.7"
 sha256="1"
 # Tauri dependencies
 tauri = { version = "1.5" }
 specta = "=2.0.0-rc.1"
 specta-macros = "=2.0.0-rc.1"
 rspc = { version = "1.0.0-rc.5", features = ["tauri"] }
 [profile.release]
 opt-level = 'z'   # Optimize for size
--- a/255
+++ b/255
@@ -0,0 +1,255 @@
 .SHELLFLAGS += -e
 OFFLINE ?= 0
 BUILD_FE ?= 1
 INCLUDE_GUI ?= 0
 CARGO ?= cargo
 VERSION = $(shell $(CARGO) metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
 REVISION ?= 1
 PPA_REVISION ?= 1
 PKG_NAME = globalprotect-openconnect
 PKG = $(PKG_NAME)-$(VERSION)
 SERIES ?= $(shell lsb_release -cs)
 PUBLISH ?= 0
 export DEBEMAIL = k3vinyue@gmail.com
 export DEBFULLNAME = Kevin Yue
 CARGO_BUILD_ARGS = --release
 ifeq ($(OFFLINE), 1)
 	CARGO_BUILD_ARGS += --frozen
 endif
 default: build
 version:
 	@echo $(VERSION)
 clean-tarball:
 	rm -rf .build/tarball
 	rm -rf .vendor
 	rm -rf vendor.tar.xz
 	rm -rf .cargo
 # Create a tarball, include the cargo dependencies if OFFLINE is set to 1
 tarball: clean-tarball
 	if [ $(BUILD_FE) -eq 1 ]; then \
 		echo "Building frontend..."; \
 		cd apps/gpgui-helper && pnpm install && pnpm build; \
 	fi
 	# Remove node_modules to reduce the tarball size
 	rm -rf apps/gpgui-helper/node_modules
 	mkdir -p .cargo
 	mkdir -p .build/tarball
 	# If OFFLINE is set to 1, vendor all cargo dependencies
 	if [ $(OFFLINE) -eq 1 ]; then \
 		$(CARGO) vendor .vendor > .cargo/config.toml; \
 		tar -cJf vendor.tar.xz .vendor; \
 	fi
 	@echo "Creating tarball..."
 	tar --exclude .vendor --exclude target --transform 's,^,${PKG}/,' -czf .build/tarball/${PKG}.tar.gz * .cargo
 download-gui:
 	rm -rf .build/gpgui
 	if [ $(INCLUDE_GUI) -eq 1 ]; then \
 		echo "Downloading GlobalProtect GUI..."; \
 		mkdir -p .build/gpgui; \
 		curl -sSL https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v$(VERSION)/gpgui_$(VERSION)_$(shell uname -m).bin.tar.xz -o .build/gpgui/gpgui_$(VERSION)_x$(shell uname -m).bin.tar.xz; \
 		tar -xJf .build/gpgui/*.tar.xz -C .build/gpgui; \
 	else \
 		echo "Skipping GlobalProtect GUI download (INCLUDE_GUI=0)"; \
 	fi
 build: download-gui build-fe build-rs
 # Install and build the frontend
 # If OFFLINE is set to 1, skip it
 build-fe:
 	if [ $(OFFLINE) -eq 1 ] || [ $(BUILD_FE) -eq 0 ]; then \
 		echo "Skipping frontend build (OFFLINE=1 or BUILD_FE=0)"; \
 	else \
 		cd apps/gpgui-helper && pnpm install && pnpm build; \
 	fi
 	if [ ! -d apps/gpgui-helper/dist ]; then \
 		echo "Error: frontend build failed"; \
 		exit 1; \
 	fi
 build-rs:
 	if [ $(OFFLINE) -eq 1 ]; then \
 		tar -xJf vendor.tar.xz; \
 	fi
 	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpclient -p gpservice -p gpauth
 	$(CARGO) build $(CARGO_BUILD_ARGS) -p gpgui-helper --features "tauri/custom-protocol"
 clean:
 	$(CARGO) clean
 	rm -rf .build
 	rm -rf .vendor
 	rm -rf apps/gpgui-helper/node_modules
 install:
 	@echo "Installing $(PKG_NAME)..."
 	install -Dm755 target/release/gpclient $(DESTDIR)/usr/bin/gpclient
 	install -Dm755 target/release/gpauth $(DESTDIR)/usr/bin/gpauth
 	install -Dm755 target/release/gpservice $(DESTDIR)/usr/bin/gpservice
 	install -Dm755 target/release/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper
 	if [ -f .build/gpgui/gpgui_*/gpgui ]; then \
 		install -Dm755 .build/gpgui/gpgui_*/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 	install -Dm644 packaging/files/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 packaging/files/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 packaging/files/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
 	install -Dm644 packaging/files/usr/share/icons/hicolor/128x128/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
 	install -Dm644 packaging/files/usr/share/icons/hicolor/256x256@2/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	install -Dm644 packaging/files/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 uninstall:
 	@echo "Uninstalling $(PKG_NAME)..."
 	rm -f $(DESTDIR)/usr/bin/gpclient
 	rm -f $(DESTDIR)/usr/bin/gpauth
 	rm -f $(DESTDIR)/usr/bin/gpservice
 	rm -f $(DESTDIR)/usr/bin/gpgui-helper
 	rm -f $(DESTDIR)/usr/bin/gpgui
 	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
 	rm -f $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
 clean-debian:
 	rm -rf .build/deb
 # Generate the debian package structure, without the changelog
 init-debian: clean-debian tarball
 	mkdir -p .build/deb
 	cp .build/tarball/${PKG}.tar.gz .build/deb
 	tar -xzf .build/deb/${PKG}.tar.gz -C .build/deb
 	cd .build/deb/${PKG} && debmake
 	cp -f packaging/deb/control.in .build/deb/$(PKG)/debian/control
 	cp -f packaging/deb/rules.in .build/deb/$(PKG)/debian/rules
 	cp -f packaging/deb/postrm .build/deb/$(PKG)/debian/postrm
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/deb/$(PKG)/debian/rules
 	rm -f .build/deb/$(PKG)/debian/changelog
 deb: init-debian
 	# Remove the rust build depdency from the control file
 	sed -i "s/@RUST@//g" .build/deb/$(PKG)/debian/control
 	cd .build/deb/$(PKG) && dch --create --distribution unstable --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION) "Bugfix and improvements."
 	cd .build/deb/$(PKG) && debuild --preserve-env -e PATH -us -uc -b
 check-ppa:
 	if [ $(OFFLINE) -eq 0 ]; then \
 		echo "Error: ppa build requires offline mode (OFFLINE=1)"; \
 	fi
 # Usage: make ppa SERIES=focal OFFLINE=1 PUBLISH=1
 ppa: check-ppa init-debian
 	sed -i "s/@RUST@/rust-all(>=1.70)/g" .build/deb/$(PKG)/debian/control
 	$(eval SERIES_VER = $(shell distro-info --series $(SERIES) -r | cut -d' ' -f1))
 	@echo "Building for $(SERIES) $(SERIES_VER)"
 	rm -rf .build/deb/$(PKG)/debian/changelog
 	cd .build/deb/$(PKG) && dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
 	cd .build/deb/$(PKG) && echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
 	if [ $(PUBLISH) -eq 1 ]; then \
 		cd .build/deb/$(PKG) && dput ppa:yuezk/globalprotect-openconnect ../*.changes; \
 	else \
 		echo "Skipping ppa publish (PUBLISH=0)"; \
 	fi
 clean-rpm:
 	rm -rf .build/rpm
 # Generate RPM sepc file
 init-rpm: clean-rpm
 	mkdir -p .build/rpm
 	cp packaging/rpm/globalprotect-openconnect.spec.in .build/rpm/globalprotect-openconnect.spec
 	cp packaging/rpm/globalprotect-openconnect.changes.in .build/rpm/globalprotect-openconnect.changes
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@REVISION@/$(REVISION)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@DATE@/$(shell date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.changes
 	sed -i "s/@DATE@/$(shell LC_ALL=en.US date -u "+%a %b %e %T %Z %Y")/g" .build/rpm/globalprotect-openconnect.changes
 rpm: init-rpm tarball
 	rm -rf $(HOME)/rpmbuild
 	rpmdev-setuptree
 	cp .build/tarball/${PKG}.tar.gz $(HOME)/rpmbuild/SOURCES/${PKG_NAME}.tar.gz
 	rpmbuild -ba .build/rpm/globalprotect-openconnect.spec
 	# Copy RPM package from build directory
 	cp $(HOME)/rpmbuild/RPMS/$(shell uname -m)/$(PKG_NAME)*.rpm .build/rpm
 	# Copy the SRPM only for x86_64.
 	if [ "$(shell uname -m)" = "x86_64" ]; then \
 		cp $(HOME)/rpmbuild/SRPMS/$(PKG_NAME)*.rpm .build/rpm; \
 	fi
 clean-pkgbuild:
 	rm -rf .build/pkgbuild
 init-pkgbuild: clean-pkgbuild tarball
 	mkdir -p .build/pkgbuild
 	cp .build/tarball/${PKG}.tar.gz .build/pkgbuild
 	cp packaging/pkgbuild/PKGBUILD.in .build/pkgbuild/PKGBUILD
 	sed -i "s/@PKG_NAME@/$(PKG_NAME)/g" .build/pkgbuild/PKGBUILD
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/pkgbuild/PKGBUILD
 	sed -i "s/@REVISION@/$(REVISION)/g" .build/pkgbuild/PKGBUILD
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/pkgbuild/PKGBUILD
 pkgbuild: init-pkgbuild
 	cd .build/pkgbuild && makepkg -s --noconfirm
 clean-binary:
 	rm -rf .build/binary
 binary: clean-binary tarball
 	mkdir -p .build/binary
 	cp .build/tarball/${PKG}.tar.gz .build/binary
 	tar -xzf .build/binary/${PKG}.tar.gz -C .build/binary
 	mkdir -p .build/binary/$(PKG_NAME)_$(VERSION)/artifacts
 	make -C .build/binary/${PKG} build OFFLINE=$(OFFLINE) BUILD_FE=0 INCLUDE_GUI=$(INCLUDE_GUI)
 	make -C .build/binary/${PKG} install DESTDIR=$(PWD)/.build/binary/$(PKG_NAME)_$(VERSION)/artifacts
 	cp packaging/binary/Makefile.in .build/binary/$(PKG_NAME)_$(VERSION)/Makefile
 	# Create a tarball for the binary package
 	tar -cJf .build/binary/$(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz -C .build/binary $(PKG_NAME)_$(VERSION)
 	# Generate sha256sum
 	cd .build/binary && sha256sum $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz | cut -d' ' -f1 > $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz.sha256
--- a/README.md
+++ b/README.md
@@ -11,8 +11,11 @@ A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authenticati
 - [x] Better Linux support
 - [x] Support both CLI and GUI
 - [x] Support both SSO and non-SSO authentication
 - [x] Support the FIDO2 authentication (e.g., YubiKey)
 - [x] Support authentication using default browser
 - [x] Support multiple portals
 - [x] Support gateway selection
 - [x] Support connect gateway directly
 - [x] Support auto-connect on startup
 - [x] Support system tray icon
@@ -50,20 +53,12 @@ The GUI version is also available after you installed it. You can launch it from
 ## Installation
 > [!Note]
 >
 > This instruction is for the 2.x version. The 1.x version is still available on the [1.x](https://github.com/yuezk/GlobalProtect-openconnect/tree/1.x) branch, you can build it from the source code by following the instructions in the `README.md` file.
 > [!Warning]
 >
 > The client requires `openconnect >= 8.20`, please make sure you have it installed, you can check it with `openconnect --version`.
 > Installing the client from PPA will automatically install the required version of `openconnect`.
 ### Debian/Ubuntu based distributions
 #### Install from PPA
 ```
 sudo apt-get install gir1.2-gtk-3.0 gir1.2-webkit2-4.0
 sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
 sudo apt-get update
 sudo apt-get install globalprotect-openconnect
@@ -99,7 +94,7 @@ Download the latest package from [releases](https://github.com/yuezk/GlobalProte
 sudo pacman -U globalprotect-openconnect-*.pkg.tar.zst
 ```
-### Fedora/OpenSUSE/CentOS/RHEL
+### Fedora 38 and later / Fedora Rawhide
 #### Install from COPR
@@ -110,17 +105,64 @@ sudo dnf copr enable yuezk/globalprotect-openconnect
 sudo dnf install globalprotect-openconnect
 ```
-#### Install from OBS
+### openSUSE Leap 15.6 / openSUSE Tumbleweed
 #### Install from OBS (openSUSE Build Service)
 The package is also available on [OBS](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect) for various RPM-based distributions. You can follow the instructions [on this page](https://software.opensuse.org//download.html?project=home%3Ayuezk&package=globalprotect-openconnect) to install it.
 ### Other RPM-based distributions
 #### Install from RPM package
 Download the latest RPM package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
 ```bash
 sudo rpm -i globalprotect-openconnect-*.rpm
 ```
 ### Other distributions
-The project depends on `openconnect >= 8.20`, `webkit2gtk`, `libsecret`, `libayatana-appindicator` or `libappindicator-gtk3`. You can install them first and then download the latest binary release (i.e., `*.bin.tar.gz`) from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
+- Install `openconnect >= 8.20`, `webkit2gtk`, `libsecret`, `libayatana-appindicator` or `libappindicator-gtk3`.
 - Download `globalprotect-openconnect_${version}_${arch}.bin.tar.xz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
 - Extract the tarball with `tar -xJf globalprotect-openconnect_${version}_${arch}.bin.tar.xz`.
 - Run `sudo make install` to install the client.
 ## Build from source
 You can also build the client from source, steps are as follows:
 ### Prerequisites
 - [Install Rust](https://www.rust-lang.org/tools/install)
 - Install Tauri dependencies: https://tauri.app/v1/guides/getting-started/prerequisites/#setting-up-linux
 - Install `perl`
 - Install `openconnect >= 8.20` and `libopenconnect-dev` (or `openconnect-devel` on RPM-based distributions)
 - Install `pkexec`, `gnome-keyring` (or `pam_kwallet` on KDE)
 ### Build
 1. Download the source code tarball from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Choose `globalprotect-openconnect-${version}.tar.gz`.
 2. Extract the tarball with `tar -xzf globalprotect-openconnect-${version}.tar.gz`.
 3. Enter the source directory and run `make build BUILD_FE=0` to build the client.
 3. Run `sudo make install` to install the client. (Note, `DESTDIR` is not supported)
 ## FAQ
 1. How to deal with error `Secure Storage not ready`
   You need to install the `gnome-keyring` package, and restart the system (See [#321](https://github.com/yuezk/GlobalProtect-openconnect/issues/321), [#316](https://github.com/yuezk/GlobalProtect-openconnect/issues/316)).
 2. How to deal with error `(gpauth:18869): Gtk-WARNING **: 10:33:37.566: cannot open display:`
   If you encounter this error when using the CLI version, try to run the command with `sudo -E` (See [#316](https://github.com/yuezk/GlobalProtect-openconnect/issues/316)).
 ## About Trial
 The CLI version is always free, while the GUI version is paid. There are two trial modes for the GUI version:
 1. 10-day trial: You can use the GUI stable release for 10 days after the installation.
 2. 14-day trial: Each beta release has a fresh trial period (at most 14 days) after released.
 ## [License](./LICENSE)
--- a/apps/gpauth/icons/128x128.png
+++ b/apps/gpauth/icons/128x128.png
--- a/apps/gpauth/icons/128x128@2x.png
+++ b/apps/gpauth/icons/128x128@2x.png
--- a/apps/gpauth/icons/32x32.png
+++ b/apps/gpauth/icons/32x32.png
--- a/apps/gpauth/icons/icon.icns
+++ b/apps/gpauth/icons/icon.icns
--- a/apps/gpauth/icons/icon.ico
+++ b/apps/gpauth/icons/icon.ico
--- a/apps/gpauth/icons/icon.png
+++ b/apps/gpauth/icons/icon.png
--- a/apps/gpauth/src/auth_window.rs
+++ b/apps/gpauth/src/auth_window.rs
@@ -19,8 +19,8 @@ use tokio_util::sync::CancellationToken;
 use webkit2gtk::{
  gio::Cancellable,
  glib::{GString, TimeSpan},
-  LoadEvent, SettingsExt, TLSErrorsPolicy, URIResponse, URIResponseExt, WebContextExt, WebResource,
+  LoadEvent, SettingsExt, TLSErrorsPolicy, URIResponse, URIResponseExt, WebContextExt, WebResource, WebResourceExt,
-  WebResourceExt, WebView, WebViewExt, WebsiteDataManagerExtManual, WebsiteDataTypes,
+  WebView, WebViewExt, WebsiteDataManagerExtManual, WebsiteDataTypes,
 };
 enum AuthDataError {
@@ -216,9 +216,7 @@ impl<'a> AuthWindow<'a> {
      if let Some(auth_result) = auth_result_rx.recv().await {
        match auth_result {
          Ok(auth_data) => return Ok(auth_data),
-          Err(AuthDataError::TlsError) => {
+          Err(AuthDataError::TlsError) => bail!("TLS error: certificate verify failed"),
            return Err(anyhow::anyhow!("TLS error: certificate verify failed"))
          }
          Err(AuthDataError::NotFound) => {
            info!("No auth data found, it may not be the /SAML20/SP/ACS endpoint");
@@ -227,10 +225,7 @@ impl<'a> AuthWindow<'a> {
              let window = Arc::clone(window);
              let cancel_token = CancellationToken::new();
-              raise_window_cancel_token
+              raise_window_cancel_token.write().await.replace(cancel_token.clone());
                .write()
                .await
                .replace(cancel_token.clone());
              tokio::spawn(async move {
                let delay_secs = 1;
@@ -284,12 +279,10 @@ fn raise_window(window: &Arc<Window>) {
  }
 }
-pub(crate) async fn portal_prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<String> {
+pub async fn portal_prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<String> {
  info!("Portal prelogin...");
  match prelogin(portal, gp_params).await? {
    Prelogin::Saml(prelogin) => Ok(prelogin.saml_request().to_string()),
-    Prelogin::Standard(_) => Err(anyhow::anyhow!("Received non-SAML prelogin response")),
+    Prelogin::Standard(_) => bail!("Received non-SAML prelogin response"),
  }
 }
@@ -420,7 +413,19 @@ fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSe
    }
    Err(AuthDataError::NotFound) => {
      info!("No auth data found in headers, trying to read from body...");
      let url = main_resource.uri().unwrap_or("".into());
      let is_acs_endpoint = url.contains("/SAML20/SP/ACS");
      read_auth_data_from_body(main_resource, move |auth_result| {
        // If the endpoint is `/SAML20/SP/ACS` and no auth data found in body, it should be considered as invalid
        let auth_result = auth_result.map_err(|err| {
          if matches!(err, AuthDataError::NotFound) && is_acs_endpoint {
            AuthDataError::Invalid
          } else {
            err
          }
        });
        send_auth_result(&auth_result_tx, auth_result)
      });
    }
--- a/apps/gpauth/src/cli.rs
+++ b/apps/gpauth/src/cli.rs
@@ -13,18 +13,15 @@ use tempfile::NamedTempFile;
 use crate::auth_window::{portal_prelogin, AuthWindow};
-const VERSION: &str = concat!(
+const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
  env!("CARGO_PKG_VERSION"),
  " (",
  compile_time::date_str!(),
  ")"
 );
 #[derive(Parser, Clone)]
 #[command(version = VERSION)]
 struct Cli {
  server: String,
  #[arg(long)]
  gateway: bool,
  #[arg(long)]
  saml_request: Option<String>,
  #[arg(long, default_value = GP_USER_AGENT)]
  user_agent: String,
@@ -102,6 +99,7 @@ impl Cli {
      .client_os(ClientOs::from(&self.os))
      .os_version(self.os_version.clone())
      .ignore_tls_errors(self.ignore_tls_errors)
      .is_gateway(self.gateway)
      .build();
    gp_params
--- a/apps/gpauth/tauri.conf.json
+++ b/apps/gpauth/tauri.conf.json
@@ -22,8 +22,8 @@
        "all": true,
        "request": true,
        "scope": [
-          "http://**",
+          "http://*",
-          "https://**"
+          "https://*"
        ]
      }
    },
--- a/apps/gpclient/Cargo.toml
+++ b/apps/gpclient/Cargo.toml
@@ -6,6 +6,7 @@ edition.workspace = true
 license.workspace = true
 [dependencies]
 common = { path = "../../crates/common" }
 gpapi = { path = "../../crates/gpapi", features = ["clap"] }
 openconnect = { path = "../../crates/openconnect" }
 anyhow.workspace = true
--- a/apps/gpclient/src/cli.rs
+++ b/apps/gpclient/src/cli.rs
@@ -9,12 +9,7 @@ use crate::{
  launch_gui::{LaunchGuiArgs, LaunchGuiHandler},
 };
-const VERSION: &str = concat!(
+const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
  env!("CARGO_PKG_VERSION"),
  " (",
  compile_time::date_str!(),
  ")"
 );
 pub(crate) struct SharedArgs {
  pub(crate) fix_openssl: bool,
@@ -53,10 +48,7 @@ struct Cli {
  #[command(subcommand)]
  command: CliCommand,
-  #[arg(
+  #[arg(long, help = "Get around the OpenSSL `unsafe legacy renegotiation` error")]
    long,
    help = "Get around the OpenSSL `unsafe legacy renegotiation` error"
  )]
  fix_openssl: bool,
  #[arg(long, help = "Ignore the TLS errors")]
  ignore_tls_errors: bool,
@@ -115,10 +107,8 @@ pub(crate) async fn run() {
      eprintln!("{} --fix-openssl {}\n", args[0], args[1..].join(" "));
    }
-    if err.contains("certificate verify failed") {
+    if err.contains("certificate verify failed") && !cli.ignore_tls_errors {
-      eprintln!(
+      eprintln!("\nRe-run it with the `--ignore-tls-errors` option to ignore the certificate error, e.g.:\n");
        "\nRe-run it with the `--ignore-tls-errors` option to ignore the certificate error, e.g.:\n"
      );
      // Print the command
      let args = std::env::args().collect::<Vec<_>>();
      eprintln!("{} --ignore-tls-errors {}\n", args[0], args[1..].join(" "));
--- a/apps/gpclient/src/connect.rs
+++ b/apps/gpclient/src/connect.rs
@@ -1,14 +1,19 @@
 use std::{fs, sync::Arc};
 use clap::Args;
 use common::vpn_utils::find_csd_wrapper;
 use gpapi::{
  clap::args::Os,
  credential::{Credential, PasswordCredential},
  error::PortalError,
  gateway::gateway_login,
  gp_params::{ClientOs, GpParams},
  portal::{prelogin, retrieve_config, Prelogin},
-  process::auth_launcher::SamlAuthLauncher,
+  process::{
-  utils::{self, shutdown_signal},
+    auth_launcher::SamlAuthLauncher,
    users::{get_non_root_user, get_user_by_name},
  },
  utils::shutdown_signal,
  GP_USER_AGENT,
 };
 use inquire::{Password, PasswordDisplayMode, Select, Text};
@@ -21,20 +26,28 @@ use crate::{cli::SharedArgs, GP_CLIENT_LOCK_FILE};
 pub(crate) struct ConnectArgs {
  #[arg(help = "The portal server to connect to")]
  server: String,
-  #[arg(
+  #[arg(short, long, help = "The gateway to connect to, it will prompt if not specified")]
    short,
    long,
    help = "The gateway to connect to, it will prompt if not specified"
  )]
  gateway: Option<String>,
-  #[arg(
+  #[arg(short, long, help = "The username to use, it will prompt if not specified")]
    short,
    long,
    help = "The username to use, it will prompt if not specified"
  )]
  user: Option<String>,
  #[arg(long, short, help = "The VPNC script to use")]
  script: Option<String>,
  #[arg(
    long,
    help = "Use the default CSD wrapper to generate the HIP report and send it to the server"
  )]
  hip: bool,
  #[arg(long, help = "Same as the '--csd-user' option in the openconnect command")]
  csd_user: Option<String>,
  #[arg(long, help = "Same as the '--csd-wrapper' option in the openconnect command")]
  csd_wrapper: Option<String>,
  #[arg(short, long, help = "Request MTU from server (legacy servers only)")]
  mtu: Option<u32>,
  #[arg(long, default_value = GP_USER_AGENT, help = "The user agent to use")]
  user_agent: String,
  #[arg(long, default_value = "Linux")]
@@ -71,33 +84,55 @@ impl<'a> ConnectHandler<'a> {
    Self { args, shared_args }
  }
-  pub(crate) async fn handle(&self) -> anyhow::Result<()> {
+  fn build_gp_params(&self) -> GpParams {
-    let portal = utils::normalize_server(self.args.server.as_str())?;
+    GpParams::builder()
    let gp_params = GpParams::builder()
      .user_agent(&self.args.user_agent)
      .client_os(ClientOs::from(&self.args.os))
      .os_version(self.args.os_version())
      .ignore_tls_errors(self.shared_args.ignore_tls_errors)
-      .build();
+      .build()
  }
-    let prelogin = prelogin(&portal, &gp_params).await?;
+  pub(crate) async fn handle(&self) -> anyhow::Result<()> {
-    let portal_credential = self.obtain_portal_credential(&prelogin).await?;
+    let server = self.args.server.as_str();
-    let mut portal_config = retrieve_config(&portal, &portal_credential, &gp_params).await?;
+
    let Err(err) = self.connect_portal_with_prelogin(server).await else {
      return Ok(());
    };
    info!("Failed to connect portal with prelogin: {}", err);
    if err.root_cause().downcast_ref::<PortalError>().is_some() {
      info!("Trying the gateway authentication workflow...");
      return self.connect_gateway_with_prelogin(server).await;
    }
    Err(err)
  }
  async fn connect_portal_with_prelogin(&self, portal: &str) -> anyhow::Result<()> {
    let gp_params = self.build_gp_params();
    let prelogin = prelogin(portal, &gp_params).await?;
    let cred = self.obtain_credential(&prelogin, portal).await?;
    let mut portal_config = retrieve_config(portal, &cred, &gp_params).await?;
    let selected_gateway = match &self.args.gateway {
      Some(gateway) => portal_config
        .find_gateway(gateway)
-        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway {}", gateway))?,
+        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway specified: {}", gateway))?,
      None => {
        portal_config.sort_gateways(prelogin.region());
        let gateways = portal_config.gateways();
        if gateways.len() > 1 {
-          Select::new("Which gateway do you want to connect to?", gateways)
+          let gateway = Select::new("Which gateway do you want to connect to?", gateways)
            .with_vim_mode(true)
-            .prompt()?
+            .prompt()?;
          info!("Connecting to the selected gateway: {}", gateway);
          gateway
        } else {
          info!("Connecting to the only available gateway: {}", gateways[0]);
          gateways[0]
        }
      }
@@ -105,12 +140,50 @@ impl<'a> ConnectHandler<'a> {
    let gateway = selected_gateway.server();
    let cred = portal_config.auth_cookie().into();
    let token = gateway_login(gateway, &cred, &gp_params).await?;
-    let vpn = Vpn::builder(gateway, &token)
+    let cookie = match gateway_login(gateway, &cred, &gp_params).await {
-      .user_agent(self.args.user_agent.clone())
+      Ok(cookie) => cookie,
      Err(err) => {
        info!("Gateway login failed: {}", err);
        return self.connect_gateway_with_prelogin(gateway).await;
      }
    };
    self.connect_gateway(gateway, &cookie).await
  }
  async fn connect_gateway_with_prelogin(&self, gateway: &str) -> anyhow::Result<()> {
    info!("Treat the portal as the gateway, connecting...");
    let mut gp_params = self.build_gp_params();
    gp_params.set_is_gateway(true);
    let prelogin = prelogin(gateway, &gp_params).await?;
    let cred = self.obtain_credential(&prelogin, gateway).await?;
    let cookie = gateway_login(gateway, &cred, &gp_params).await?;
    self.connect_gateway(gateway, &cookie).await
  }
  async fn connect_gateway(&self, gateway: &str, cookie: &str) -> anyhow::Result<()> {
    let mtu = self.args.mtu.unwrap_or(0);
    let csd_uid = get_csd_uid(&self.args.csd_user)?;
    let csd_wrapper = if self.args.csd_wrapper.is_some() {
      self.args.csd_wrapper.clone()
    } else if self.args.hip {
      find_csd_wrapper()
    } else {
      None
    };
    let vpn = Vpn::builder(gateway, cookie)
      .script(self.args.script.clone())
-      .build();
+      .user_agent(self.args.user_agent.clone())
      .csd_uid(csd_uid)
      .csd_wrapper(csd_wrapper)
      .mtu(mtu)
      .build()?;
    let vpn = Arc::new(vpn);
    let vpn_clone = vpn.clone();
@@ -132,10 +205,13 @@ impl<'a> ConnectHandler<'a> {
    Ok(())
  }
-  async fn obtain_portal_credential(&self, prelogin: &Prelogin) -> anyhow::Result<Credential> {
+  async fn obtain_credential(&self, prelogin: &Prelogin, server: &str) -> anyhow::Result<Credential> {
    let is_gateway = prelogin.is_gateway();
    match prelogin {
      Prelogin::Saml(prelogin) => {
        SamlAuthLauncher::new(&self.args.server)
          .gateway(is_gateway)
          .saml_request(prelogin.saml_request())
          .user_agent(&self.args.user_agent)
          .os(self.args.os.as_str())
@@ -148,7 +224,8 @@ impl<'a> ConnectHandler<'a> {
          .await
      }
      Prelogin::Standard(prelogin) => {
-        println!("{}", prelogin.auth_message());
+        let prefix = if is_gateway { "Gateway" } else { "Portal" };
        println!("{} ({}: {})", prelogin.auth_message(), prefix, server);
        let user = self.args.user.as_ref().map_or_else(
          || Text::new(&format!("{}:", prelogin.label_username())).prompt(),
@@ -173,3 +250,11 @@ fn write_pid_file() {
  fs::write(GP_CLIENT_LOCK_FILE, pid.to_string()).unwrap();
  info!("Wrote PID {} to {}", pid, GP_CLIENT_LOCK_FILE);
 }
 fn get_csd_uid(csd_user: &Option<String>) -> anyhow::Result<u32> {
  if let Some(csd_user) = csd_user {
    get_user_by_name(csd_user).map(|user| user.uid())
  } else {
    get_non_root_user().map_or_else(|_| Ok(0), |user| Ok(user.uid()))
  }
 }
--- a/apps/gpclient/src/launch_gui.rs
+++ b/apps/gpclient/src/launch_gui.rs
@@ -10,7 +10,12 @@ use log::info;
 #[derive(Args)]
 pub(crate) struct LaunchGuiArgs {
-  #[clap(long, help = "Launch the GUI minimized")]
+  #[arg(
    required = false,
    help = "The authentication data, used for the default browser authentication"
  )]
  auth_data: Option<String>,
  #[arg(long, help = "Launch the GUI minimized")]
  minimized: bool,
 }
@@ -30,6 +35,12 @@ impl<'a> LaunchGuiHandler<'a> {
      anyhow::bail!("`launch-gui` cannot be run as root");
    }
    let auth_data = self.args.auth_data.as_deref().unwrap_or_default();
    if !auth_data.is_empty() {
      // Process the authentication data, its format is `globalprotectcallback:<data>`
      return feed_auth_data(auth_data).await;
    }
    if try_active_gui().await.is_ok() {
      info!("The GUI is already running");
      return Ok(());
@@ -66,6 +77,19 @@ impl<'a> LaunchGuiHandler<'a> {
  }
 }
 async fn feed_auth_data(auth_data: &str) -> anyhow::Result<()> {
  let service_endpoint = http_endpoint().await?;
  reqwest::Client::default()
    .post(format!("{}/auth-data", service_endpoint))
    .json(&auth_data)
    .send()
    .await?
    .error_for_status()?;
  Ok(())
 }
 async fn try_active_gui() -> anyhow::Result<()> {
  let service_endpoint = http_endpoint().await?;
--- a/apps/gpgui-helper/.eslintrc.cjs
+++ b/apps/gpgui-helper/.eslintrc.cjs
@@ -0,0 +1,36 @@
 module.exports = {
  env: {
    browser: true,
    es2021: true,
  },
  extends: [
    "eslint:recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:react/recommended",
    "plugin:react/jsx-runtime",
    "plugin:react-hooks/recommended",
    "prettier",
  ],
  overrides: [
    {
      env: {
        node: true,
      },
      files: [".eslintrc.{js,cjs}"],
      parserOptions: {
        sourceType: "script",
      },
    },
  ],
  parser: "@typescript-eslint/parser",
  parserOptions: {
    ecmaVersion: "latest",
    sourceType: "module",
  },
  plugins: ["@typescript-eslint", "react"],
  rules: {
    "react-hooks/rules-of-hooks": "error",
    "react-hooks/exhaustive-deps": "error",
    "@typescript-eslint/no-unused-vars": "warn",
  },
 };
--- a/apps/gpgui-helper/.gitignore
+++ b/apps/gpgui-helper/.gitignore
@@ -0,0 +1,25 @@
 # Logs
 logs
 *.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
 node_modules
 dist
 dist-ssr
 *.local
 # Editor directories and files
 .vscode/*
 !.vscode/extensions.json
 .idea
 .DS_Store
 *.suo
 *.ntvs*
 *.njsproj
 *.sln
 *.sw?
 .vite
--- a/apps/gpgui-helper/.prettierignore
+++ b/apps/gpgui-helper/.prettierignore
--- a/apps/gpgui-helper/.prettierrc
+++ b/apps/gpgui-helper/.prettierrc
@@ -0,0 +1,3 @@
 {
    "printWidth": 100
 }
--- a/apps/gpgui-helper/README.md
+++ b/apps/gpgui-helper/README.md
@@ -0,0 +1,7 @@
 # Tauri + React + Typescript
 This template should help get you started developing with Tauri, React and Typescript in Vite.
 ## Recommended IDE Setup
 - [VS Code](https://code.visualstudio.com/) + [Tauri](https://marketplace.visualstudio.com/items?itemName=tauri-apps.tauri-vscode) + [rust-analyzer](https://marketplace.visualstudio.com/items?itemName=rust-lang.rust-analyzer)
--- a/apps/gpgui-helper/index.html
+++ b/apps/gpgui-helper/index.html
@@ -0,0 +1,19 @@
 <!doctype html>
 <html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <title>GlobalProtect</title>
  </head>
  <body>
    <script>
      /* workaround to webview font size auto scaling */
      var htmlFontSize = getComputedStyle(document.documentElement).fontSize;
      var ratio = parseInt(htmlFontSize, 10) / 16;
      document.documentElement.style.fontSize = 16 / ratio + "px";
    </script>
    <div id="root" data-tauri-drag-region></div>
    <script type="module" src="/src/pages/main.tsx"></script>
  </body>
 </html>
--- a/apps/gpgui-helper/package.json
+++ b/apps/gpgui-helper/package.json
@@ -0,0 +1,36 @@
 {
  "name": "gpgui",
  "private": true,
  "type": "module",
  "scripts": {
    "dev": "vite",
    "build": "tsc && vite build",
    "preview": "vite preview",
    "tauri": "tauri"
  },
  "dependencies": {
    "@emotion/react": "^11.11.1",
    "@emotion/styled": "^11.11.0",
    "@mui/icons-material": "^5.14.18",
    "@mui/material": "^5.14.18",
    "@tauri-apps/api": "^1.5.0",
    "react": "^18.2.0",
    "react-dom": "^18.2.0"
  },
  "devDependencies": {
    "@tauri-apps/cli": "^1.5.6",
    "@types/node": "^20.8.10",
    "@types/react": "^18.2.15",
    "@types/react-dom": "^18.2.7",
    "@typescript-eslint/eslint-plugin": "^6.12.0",
    "@typescript-eslint/parser": "^6.12.0",
    "@vitejs/plugin-react": "^4.0.3",
    "eslint": "^8.54.0",
    "eslint-config-prettier": "^9.0.0",
    "eslint-plugin-react": "^7.33.2",
    "eslint-plugin-react-hooks": "^4.6.0",
    "prettier": "3.1.0",
    "typescript": "^5.0.2",
    "vite": "^4.5.2"
  }
 }
--- a/apps/gpgui-helper/pnpm-lock.yaml
+++ b/apps/gpgui-helper/pnpm-lock.yaml
--- a/apps/gpgui-helper/public/tauri.svg
+++ b/apps/gpgui-helper/public/tauri.svg
@@ -0,0 +1,6 @@
 <svg width="206" height="231" viewBox="0 0 206 231" fill="none" xmlns="http://www.w3.org/2000/svg">
 <path d="M143.143 84C143.143 96.1503 133.293 106 121.143 106C108.992 106 99.1426 96.1503 99.1426 84C99.1426 71.8497 108.992 62 121.143 62C133.293 62 143.143 71.8497 143.143 84Z" fill="#FFC131"/>
 <ellipse cx="84.1426" cy="147" rx="22" ry="22" transform="rotate(180 84.1426 147)" fill="#24C8DB"/>
 <path fill-rule="evenodd" clip-rule="evenodd" d="M166.738 154.548C157.86 160.286 148.023 164.269 137.757 166.341C139.858 160.282 141 153.774 141 147C141 144.543 140.85 142.121 140.558 139.743C144.975 138.204 149.215 136.139 153.183 133.575C162.73 127.404 170.292 118.608 174.961 108.244C179.63 97.8797 181.207 86.3876 179.502 75.1487C177.798 63.9098 172.884 53.4021 165.352 44.8883C157.82 36.3744 147.99 30.2165 137.042 27.1546C126.095 24.0926 114.496 24.2568 103.64 27.6274C92.7839 30.998 83.1319 37.4317 75.8437 46.1553C74.9102 47.2727 74.0206 48.4216 73.176 49.5993C61.9292 50.8488 51.0363 54.0318 40.9629 58.9556C44.2417 48.4586 49.5653 38.6591 56.679 30.1442C67.0505 17.7298 80.7861 8.57426 96.2354 3.77762C111.685 -1.01901 128.19 -1.25267 143.769 3.10474C159.348 7.46215 173.337 16.2252 184.056 28.3411C194.775 40.457 201.767 55.4101 204.193 71.404C206.619 87.3978 204.374 103.752 197.73 118.501C191.086 133.25 180.324 145.767 166.738 154.548ZM41.9631 74.275L62.5557 76.8042C63.0459 72.813 63.9401 68.9018 65.2138 65.1274C57.0465 67.0016 49.2088 70.087 41.9631 74.275Z" fill="#FFC131"/>
 <path fill-rule="evenodd" clip-rule="evenodd" d="M38.4045 76.4519C47.3493 70.6709 57.2677 66.6712 67.6171 64.6132C65.2774 70.9669 64 77.8343 64 85.0001C64 87.1434 64.1143 89.26 64.3371 91.3442C60.0093 92.8732 55.8533 94.9092 51.9599 97.4256C42.4128 103.596 34.8505 112.392 30.1816 122.756C25.5126 133.12 23.9357 144.612 25.6403 155.851C27.3449 167.09 32.2584 177.598 39.7906 186.112C47.3227 194.626 57.153 200.784 68.1003 203.846C79.0476 206.907 90.6462 206.743 101.502 203.373C112.359 200.002 122.011 193.568 129.299 184.845C130.237 183.722 131.131 182.567 131.979 181.383C143.235 180.114 154.132 176.91 164.205 171.962C160.929 182.49 155.596 192.319 148.464 200.856C138.092 213.27 124.357 222.426 108.907 227.222C93.458 232.019 76.9524 232.253 61.3736 227.895C45.7948 223.538 31.8055 214.775 21.0867 202.659C10.3679 190.543 3.37557 175.59 0.949823 159.596C-1.47592 143.602 0.768139 127.248 7.41237 112.499C14.0566 97.7497 24.8183 85.2327 38.4045 76.4519ZM163.062 156.711L163.062 156.711C162.954 156.773 162.846 156.835 162.738 156.897C162.846 156.835 162.954 156.773 163.062 156.711Z" fill="#24C8DB"/>
 </svg>
--- a/apps/gpgui-helper/public/vite.svg
+++ b/apps/gpgui-helper/public/vite.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>
--- a/apps/gpgui-helper/src-tauri/.gitignore
+++ b/apps/gpgui-helper/src-tauri/.gitignore
@@ -0,0 +1,4 @@
 # Generated by Cargo
 # will have compiled files and executables
 /target/
--- a/apps/gpgui-helper/src-tauri/Cargo.toml
+++ b/apps/gpgui-helper/src-tauri/Cargo.toml
@@ -0,0 +1,25 @@
 [package]
 name = "gpgui-helper"
 authors.workspace = true
 version.workspace = true
 edition.workspace = true
 license.workspace = true
 [build-dependencies]
 tauri-build = { version = "1.5", features = [] }
 [dependencies]
 gpapi = { path = "../../../crates/gpapi", features = ["tauri"] }
 tauri = { workspace = true, features = ["window-start-dragging"] }
 tokio.workspace = true
 anyhow.workspace = true
 log.workspace = true
 clap.workspace = true
 compile-time.workspace = true
 env_logger.workspace = true
 futures-util.workspace = true
 tempfile.workspace = true
 reqwest = { workspace = true, features = ["stream"] }
 [features]
 custom-protocol = ["tauri/custom-protocol"]
--- a/apps/gpgui-helper/src-tauri/build.rs
+++ b/apps/gpgui-helper/src-tauri/build.rs
@@ -0,0 +1,3 @@
 fn main() {
  tauri_build::build()
 }
--- a/apps/gpgui-helper/src-tauri/icons/128x128.png
+++ b/apps/gpgui-helper/src-tauri/icons/128x128.png
--- a/apps/gpgui-helper/src-tauri/icons/128x128@2x.png
+++ b/apps/gpgui-helper/src-tauri/icons/128x128@2x.png
--- a/apps/gpgui-helper/src-tauri/icons/32x32.png
+++ b/apps/gpgui-helper/src-tauri/icons/32x32.png
--- a/apps/gpgui-helper/src-tauri/icons/icon.icns
+++ b/apps/gpgui-helper/src-tauri/icons/icon.icns
--- a/apps/gpgui-helper/src-tauri/icons/icon.ico
+++ b/apps/gpgui-helper/src-tauri/icons/icon.ico
--- a/apps/gpgui-helper/src-tauri/icons/icon.png
+++ b/apps/gpgui-helper/src-tauri/icons/icon.png
--- a/apps/gpgui-helper/src-tauri/icons/icon.svg
+++ b/apps/gpgui-helper/src-tauri/icons/icon.svg
@@ -0,0 +1,99 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
 <svg
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
   xmlns:svg="http://www.w3.org/2000/svg"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   version="1.1"
   id="Layer_1"
   x="0px"
   y="0px"
   viewBox="0 0 96 96"
   style="enable-background:new 0 0 96 96;"
   xml:space="preserve"
   sodipodi:docname="com.yuezk.qt.gpclient.svg"
   inkscape:version="0.92.4 5da689c313, 2019-01-14"><metadata
   id="metadata14"><rdf:RDF><cc:Work
       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title /></cc:Work></rdf:RDF></metadata><defs
   id="defs12" /><sodipodi:namedview
   pagecolor="#ffffff"
   bordercolor="#666666"
   borderopacity="1"
   objecttolerance="10"
   gridtolerance="10"
   guidetolerance="10"
   inkscape:pageopacity="0"
   inkscape:pageshadow="2"
   inkscape:window-width="1920"
   inkscape:window-height="1006"
   id="namedview10"
   showgrid="false"
   inkscape:zoom="6.9532168"
   inkscape:cx="7.9545315"
   inkscape:cy="59.062386"
   inkscape:window-x="0"
   inkscape:window-y="0"
   inkscape:window-maximized="1"
   inkscape:current-layer="g8499" />
 <style
   type="text/css"
   id="style2">
 	.st0{fill:#2980B9;}
 	.st1{fill:#3498DB;}
 	.st2{fill:#2ECC71;}
 	.st3{fill:#27AE60;}
 </style>
 <g
   id="g8499"
   transform="matrix(1.3407388,0,0,1.3407388,-16.409202,-16.355463)"><g
     id="XMLID_1_">
 	<circle
   r="32.5"
   cy="48"
   cx="48"
   class="st0"
   id="XMLID_3_"
   style="fill:#2980b9" />
 	<path
   d="m 48,15.5 v 65 C 65.9,80.5 80.5,65.7 80.5,48 80.5,30 65.9,15.5 48,15.5 Z"
   class="st1"
   id="XMLID_4_"
   inkscape:connector-curvature="0"
   style="fill:#3498db" />
 	<path
   d="m 48,15.5 v 0.6 l 1.2,-0.3 c 0.3,-0.3 0.4,-0.3 0.6,-0.3 h -1.1 z m 7.3,0.9 c -0.1,0 0.4,0.9 1.1,1.8 0.8,1.5 1.1,2.1 1.3,2.1 0.3,-0.3 1.9,-1.2 3,-2.1 -1.7,-0.9 -3.5,-1.5 -5.4,-1.8 z m 10.3,6.2 c -0.1,0 -0.4,0 -0.9,0.6 l -0.8,0.9 0.6,0.6 c 0.3,0.6 0.8,0.9 1,1.2 0.5,0.6 0.6,0.6 0.1,1.5 -0.2,0.6 -0.3,0.9 -0.3,0.9 0.1,0.3 0.3,0.3 1.4,0.3 h 1.6 c 0.1,0 0.3,-0.6 0.4,-1.2 l 0.1,-0.9 -1.1,-0.9 c -1,-0.9 -1,-0.9 -1.4,-1.8 -0.3,-0.6 -0.6,-1.2 -0.7,-1.2 z m -3,2.4 c -0.2,0 -1.3,2.1 -1.3,2.4 0,0 0.3,0.6 0.7,0.9 0.4,0.3 0.7,0.6 0.7,0.6 0.1,0 1.2,-1.2 1.4,-1.5 C 64.2,27.1 64,26.8 63.5,26.2 63.1,25.5 62.7,25 62.6,25 Z m 9.5,1.1 0.2,0.3 c 0,0.3 -0.7,0.9 -1.4,1.5 -1.2,0.9 -1.4,1.2 -2,1.2 -0.6,0 -0.9,0.3 -1.8,0.9 -0.6,0.6 -1.2,0.9 -1.2,1.2 0,0 0.2,0.3 0.6,0.9 0.7,0.6 0.7,0.9 0.2,1.8 l -0.4,0.3 h -1.1 c -0.6,0 -1.5,0 -1.8,-0.3 -0.9,0 -0.8,0 -0.1,2.1 1,3 1.1,3.2 1.3,3.2 0.1,0 1.3,-1.2 2.8,-2.4 1.5,-1.2 2.7,-2.4 2.8,-2.4 l 0.6,0.3 c 0.4,0.3 0.5,0 1.3,-0.6 l 0.8,-0.6 0.8,0.6 c 1.9,1.2 2.2,1.5 2.3,2.4 0.2,1.5 0.3,1.8 0.5,1.8 0.1,0 1.3,-1.5 1.6,-1.8 0.1,-0.3 -0.1,-0.6 -1.1,-2.1 -0.7,-0.9 -1.1,-1.8 -1.1,-2.1 0,0 0.1,0 0.3,-0.3 0.2,0 0.4,0.3 1,0.9 -1.6,-2.3 -3.2,-4.7 -5.1,-6.8 z m 2.8,10.7 c -0.2,0 -0.9,0.9 -0.8,1.2 l 0.5,0.3 H 75 c 0.2,0 0.3,0 0.2,-0.3 C 75.1,37.4 75,36.8 74.9,36.8 Z M 72.3,38 h -2.4 l -2.4,0.3 -4.5,3.5 -4.4,3.8 v 3.5 c 0,2.1 0,3.8 0.1,3.8 0.1,0 0.7,0.9 1.5,1.5 0.8,0.9 1.5,1.5 1.8,1.8 0.4,0.3 0.5,0.3 4,0.6 l 3.4,0.3 1.6,0.9 c 0.8,0.6 1.5,1.2 1.6,1.2 0.1,0 -0.3,0.3 -0.6,0.6 l -0.6,0.6 1,1.2 c 0.5,0.6 1.3,1.5 1.7,1.8 l 0.6,0.9 v 1.7 0.9 c 3.7,-5 5.9,-11.5 6.1,-18.3 0.1,-2.7 -0.3,-5.3 -0.8,-8 l -0.6,-0.3 c -0.1,0 -0.5,0.3 -1,0.6 -0.5,0.3 -1,0.9 -1.1,0.9 -0.1,0 -0.8,-0.3 -1.8,-0.6 l -1.8,-0.6 v -0.9 c 0,-0.6 0,-0.9 -0.6,-1.5 z M 48,63.7 V 64 h 0.2 z"
   class="st2"
   id="XMLID_13_"
   inkscape:connector-curvature="0"
   style="fill:#2ecc71" />
 	<path
   d="m 48,15.5 c -3.1,0 -6.2,0.5 -9,1.3 0.3,0.4 0.3,0.4 0.6,0.9 1.5,2.5 1.7,2.8 2.1,2.9 0.3,0 0.9,0.1 1.6,0.1 h 1.2 l 0.9,-2 0.8,-1.9 1.8,-0.6 z m -16.9,4.7 c -2.8,1.7 -5.4,3.9 -7.6,6.4 -3.8,4.3 -6.3,9.6 -7.4,15.4 0.5,0 0.9,-0.1 1.8,-0.1 2.8,0.1 2.5,0 3.4,1.4 0.5,0.8 0.6,0.8 1.4,0.8 1,0.1 0.9,0 0.5,-1.6 -0.2,-0.6 -0.3,-1.2 -0.3,-1.4 0,-0.2 0.5,-0.7 1.7,-1.6 1.9,-1.5 1.8,-1.3 1.5,-2.9 -0.1,-0.3 0.1,-0.6 0.6,-1.2 0.7,-0.7 0.7,-0.6 1.4,-0.6 h 0.7 l 0.1,-1.2 c 0.1,-0.7 0.1,-1.3 0.2,-1.3 0,0 1.9,-1.1 4.1,-2.3 2.2,-1.2 4.1,-2.2 4.2,-2.3 0.2,-0.2 -0.3,-0.8 -2.7,-3.8 -1.5,-1.9 -2.8,-3.6 -2.9,-3.7 z m -5.8,23 c -0.1,0 -0.1,0.3 -0.1,0.6 0,0.6 0,0.7 0.6,1 0.8,0.4 0.9,0.5 0.8,0.2 -0.1,-0.4 -1.2,-1.9 -1.3,-1.8 z m -3.4,2.1 -0.5,1.8 c 0.1,0.1 0.9,0.3 1.8,0.5 1,0.2 1.6,0.4 1.8,0.3 l 0.5,-1.3 z m -3.8,1 -1.1,0.6 c -0.6,0.3 -1.2,0.6 -1.4,0.6 h -0.1 c 0,1.4 0.1,2.8 0.3,4.2 l 0.6,0.4 1,-0.1 h 1 l 0.6,1.4 c 0.3,0.7 0.7,1.4 0.8,1.5 0.1,0.1 1,0.1 1.8,0.1 h 1.5 L 23,56.2 c 0,1.2 0,1.3 -0.6,2.2 -0.4,0.5 -0.6,1.2 -0.6,1.4 0,0.2 0.7,2.1 1.6,4.3 l 1.5,4 1.6,0.8 c 1.2,0.6 1.5,0.8 1.5,1 0,0.1 -0.4,2.1 -0.6,3.1 3,2.5 6.4,4.5 10.2,5.8 3.5,-3.6 6.8,-7.1 7.3,-7.6 l 0.7,-0.7 0.2,-1.9 c 0.2,-1.1 0.4,-2.1 0.4,-2.2 0,-0.1 0.5,-0.6 1,-1.2 0.5,-0.5 0.8,-1 0.8,-1.1 v -0.2 c -0.1,-0.1 -1.4,-1.1 -3,-2.2 l -3.1,-2.1 -1.1,-0.1 c -0.8,0 -1.2,0 -1.3,-0.2 C 39.4,59.2 39.2,58.5 39.1,57.7 39,56.9 38.9,56.2 38.8,56.1 38.8,56 38,56 37.1,56 36.2,56 35.4,55.9 35.3,55.8 35.2,55.7 35.2,55.1 35.1,54.3 35,53.6 34.9,53 34.8,52.9 34.7,52.8 33.7,52.7 32.5,52.6 30.5,52.5 30.1,52.5 29.1,52 l -1.2,-0.6 -1.6,0.7 -1.7,0.9 -1.8,-0.1 c -2,0 -1.9,0.2 -2.1,-1.6 C 20.6,50.7 20.6,50.1 20.5,50.1 20.4,50 20,50 19.6,49.9 L 18.9,49.7 19,49.2 c 0,-0.3 0,-1 0.1,-1.4 L 19.2,47 18.7,46.5 Z m 9.1,1.1 C 27.1,47.5 27.1,47.8 27,48 l -0.1,0.5 2.9,1.2 c 2.9,1.1 3.4,1.2 3.9,0.7 0.2,-0.2 0.1,-0.2 -0.3,-0.4 -0.3,-0.1 -1.7,-0.9 -3.2,-1.6 -1.7,-0.7 -2.9,-1.1 -3,-1 z"
   class="st3"
   id="XMLID_20_"
   inkscape:connector-curvature="0"
   style="fill:#27ae60" />
 </g><g
     transform="matrix(1.458069,0,0,1.458069,-22.631538,-19.615144)"
     id="g7664"><path
       inkscape:connector-curvature="0"
       id="XMLID_6_"
       class="st3"
       d="m 38.8,56.1 c 0,1.2 1,2.2 2.2,2.2 h 15.2 c 1.2,0 2.2,-1 2.2,-2.2 V 45.3 c 0,-1.2 -1,-2.2 -2.2,-2.2 H 40.9 c -1.2,0 -2.2,1 -2.2,2.2 v 10.8 z"
       style="fill:#f1aa27;fill-opacity:1" /><path
       style="fill:#e6e6e6"
       inkscape:connector-curvature="0"
       id="XMLID_7_"
       class="st4"
       d="m 55.5,43.1 h -3.3 v -3.7 c 0,-2.1 -1.7,-3.8 -3.8,-3.8 -2.1,0 -3.8,1.7 -3.8,3.8 v 3.8 h -3.1 v -3.8 c 0,-3.9 3.2,-7 7,-7 3.9,0 7,3.2 7,7 z" /><path
       style="fill:#e6e6e6;fill-opacity:1"
       inkscape:connector-curvature="0"
       id="XMLID_8_"
       class="st5"
       d="m 50.35,48.2 c 0,-1 -0.8,-1.8 -1.8,-1.8 -1,0 -1.8,0.8 -1.8,1.8 0,0.7 0.4,1.3 1,1.6 l -1,5.2 h 3.6 l -1,-5.2 c 0.6,-0.3 1,-0.9 1,-1.6 z" /></g></g></svg>
--- a/apps/gpgui-helper/src-tauri/src/app.rs
+++ b/apps/gpgui-helper/src-tauri/src/app.rs
@@ -0,0 +1,56 @@
 use std::sync::Arc;
 use gpapi::utils::window::WindowExt;
 use log::info;
 use tauri::Manager;
 use crate::updater::{GuiUpdater, Installer, ProgressNotifier};
 pub struct App {
  api_key: Vec<u8>,
  gui_version: String,
 }
 impl App {
  pub fn new(api_key: Vec<u8>, gui_version: &str) -> Self {
    Self {
      api_key,
      gui_version: gui_version.to_string(),
    }
  }
  pub fn run(&self) -> anyhow::Result<()> {
    let gui_version = self.gui_version.clone();
    let api_key = self.api_key.clone();
    tauri::Builder::default()
      .setup(move |app| {
        let win = app.get_window("main").expect("no main window");
        win.hide_menu();
        let notifier = ProgressNotifier::new(win.clone());
        let installer = Installer::new(api_key);
        let updater = Arc::new(GuiUpdater::new(gui_version, notifier, installer));
        let win_clone = win.clone();
        app.listen_global("app://update-done", move |_event| {
          info!("Update done");
          let _ = win_clone.close();
        });
        // Listen for the update event
        win.listen("app://update", move |_event| {
          let updater = Arc::clone(&updater);
          tokio::spawn(async move { updater.update().await });
        });
        // Update the GUI on startup
        win.trigger("app://update", None);
        Ok(())
      })
      .run(tauri::generate_context!())?;
    Ok(())
  }
 }
--- a/apps/gpgui-helper/src-tauri/src/cli.rs
+++ b/apps/gpgui-helper/src-tauri/src/cli.rs
@@ -0,0 +1,56 @@
 use clap::Parser;
 use gpapi::utils::base64;
 use log::{info, LevelFilter};
 use crate::app::App;
 const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
 const GP_API_KEY: &[u8; 32] = &[0; 32];
 #[derive(Parser)]
 #[command(version = VERSION)]
 struct Cli {
  #[arg(long, help = "Read the API key from stdin")]
  api_key_on_stdin: bool,
  #[arg(long, default_value = env!("CARGO_PKG_VERSION"), help = "The version of the GUI")]
  gui_version: String,
 }
 impl Cli {
  fn run(&self) -> anyhow::Result<()> {
    let api_key = self.read_api_key()?;
    let app = App::new(api_key, &self.gui_version);
    app.run()
  }
  fn read_api_key(&self) -> anyhow::Result<Vec<u8>> {
    if self.api_key_on_stdin {
      let mut api_key = String::new();
      std::io::stdin().read_line(&mut api_key)?;
      let api_key = base64::decode_to_vec(api_key.trim())?;
      Ok(api_key)
    } else {
      Ok(GP_API_KEY.to_vec())
    }
  }
 }
 fn init_logger() {
  env_logger::builder().filter_level(LevelFilter::Info).init();
 }
 pub fn run() {
  let cli = Cli::parse();
  init_logger();
  info!("gpgui-helper started: {}", VERSION);
  if let Err(e) = cli.run() {
    eprintln!("{}", e);
    std::process::exit(1);
  }
 }
--- a/apps/gpgui-helper/src-tauri/src/downloader.rs
+++ b/apps/gpgui-helper/src-tauri/src/downloader.rs
@@ -0,0 +1,87 @@
 use std::io::Write;
 use anyhow::bail;
 use futures_util::StreamExt;
 use log::info;
 use tempfile::NamedTempFile;
 use tokio::sync::RwLock;
 type OnProgress = Box<dyn Fn(Option<f64>) + Send + Sync + 'static>;
 pub struct FileDownloader<'a> {
  url: &'a str,
  on_progress: RwLock<Option<OnProgress>>,
 }
 impl<'a> FileDownloader<'a> {
  pub fn new(url: &'a str) -> Self {
    Self {
      url,
      on_progress: Default::default(),
    }
  }
  pub fn on_progress<T>(&self, on_progress: T)
  where
    T: Fn(Option<f64>) + Send + Sync + 'static,
  {
    if let Ok(mut guard) = self.on_progress.try_write() {
      *guard = Some(Box::new(on_progress));
    } else {
      info!("Failed to acquire on_progress lock");
    }
  }
  pub async fn download(&self) -> anyhow::Result<NamedTempFile> {
    let res = reqwest::get(self.url).await?.error_for_status()?;
    let content_length = res.content_length().unwrap_or(0);
    info!("Content length: {}", content_length);
    let mut current_length = 0;
    let mut stream = res.bytes_stream();
    let mut file = NamedTempFile::new()?;
    while let Some(item) = stream.next().await {
      let chunk = item?;
      let chunk_size = chunk.len() as u64;
      file.write_all(&chunk)?;
      current_length += chunk_size;
      let progress = current_length as f64 / content_length as f64 * 100.0;
      if let Some(on_progress) = &*self.on_progress.read().await {
        let progress = if content_length > 0 { Some(progress) } else { None };
        on_progress(progress);
      }
    }
    if content_length > 0 && current_length != content_length {
      bail!("Download incomplete");
    }
    info!("Downloaded to: {:?}", file.path());
    Ok(file)
  }
 }
 pub struct ChecksumFetcher<'a> {
  url: &'a str,
 }
 impl<'a> ChecksumFetcher<'a> {
  pub fn new(url: &'a str) -> Self {
    Self { url }
  }
  pub async fn fetch(&self) -> anyhow::Result<String> {
    let res = reqwest::get(self.url).await?.error_for_status()?;
    let checksum = res.text().await?.trim().to_string();
    Ok(checksum)
  }
 }
--- a/apps/gpgui-helper/src-tauri/src/lib.rs
+++ b/apps/gpgui-helper/src-tauri/src/lib.rs
@@ -0,0 +1,5 @@
 pub(crate) mod app;
 pub(crate) mod downloader;
 pub(crate) mod updater;
 pub mod cli;
--- a/apps/gpgui-helper/src-tauri/src/main.rs
+++ b/apps/gpgui-helper/src-tauri/src/main.rs
@@ -0,0 +1,9 @@
 // Prevents additional console window on Windows in release, DO NOT REMOVE!!
 #![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
 use gpgui_helper::cli;
 #[tokio::main]
 async fn main() {
  cli::run()
 }
--- a/apps/gpgui-helper/src-tauri/src/updater.rs
+++ b/apps/gpgui-helper/src-tauri/src/updater.rs
@@ -0,0 +1,137 @@
 use std::sync::Arc;
 use gpapi::{
  service::request::UpdateGuiRequest,
  utils::{checksum::verify_checksum, crypto::Crypto, endpoint::http_endpoint},
 };
 use log::{info, warn};
 use tauri::{Manager, Window};
 use crate::downloader::{ChecksumFetcher, FileDownloader};
 pub struct ProgressNotifier {
  win: Window,
 }
 impl ProgressNotifier {
  pub fn new(win: Window) -> Self {
    Self { win }
  }
  fn notify(&self, progress: Option<f64>) {
    let _ = self.win.emit_all("app://update-progress", progress);
  }
  fn notify_error(&self) {
    let _ = self.win.emit_all("app://update-error", ());
  }
  fn notify_done(&self) {
    let _ = self.win.emit_and_trigger("app://update-done", ());
  }
 }
 pub struct Installer {
  crypto: Crypto,
 }
 impl Installer {
  pub fn new(api_key: Vec<u8>) -> Self {
    Self {
      crypto: Crypto::new(api_key),
    }
  }
  async fn install(&self, path: &str, checksum: &str) -> anyhow::Result<()> {
    let service_endpoint = http_endpoint().await?;
    let request = UpdateGuiRequest {
      path: path.to_string(),
      checksum: checksum.to_string(),
    };
    let payload = self.crypto.encrypt(&request)?;
    reqwest::Client::default()
      .post(format!("{}/update-gui", service_endpoint))
      .body(payload)
      .send()
      .await?
      .error_for_status()?;
    Ok(())
  }
 }
 pub struct GuiUpdater {
  version: String,
  notifier: Arc<ProgressNotifier>,
  installer: Installer,
 }
 impl GuiUpdater {
  pub fn new(version: String, notifier: ProgressNotifier, installer: Installer) -> Self {
    Self {
      version,
      notifier: Arc::new(notifier),
      installer,
    }
  }
  pub async fn update(&self) {
    info!("Update GUI, version: {}", self.version);
    #[cfg(debug_assertions)]
    let release_tag = "latest";
    #[cfg(not(debug_assertions))]
    let release_tag = format!("v{}", self.version);
    #[cfg(target_arch = "x86_64")]
    let arch = "x86_64";
    #[cfg(target_arch = "aarch64")]
    let arch = "aarch64";
    let file_url = format!(
      "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/{}/gpgui_{}_{}.bin.tar.xz",
      release_tag, self.version, arch
    );
    let checksum_url = format!("{}.sha256", file_url);
    info!("Downloading file: {}", file_url);
    let dl = FileDownloader::new(&file_url);
    let cf = ChecksumFetcher::new(&checksum_url);
    let notifier = Arc::clone(&self.notifier);
    dl.on_progress(move |progress| notifier.notify(progress));
    let res = tokio::try_join!(dl.download(), cf.fetch());
    let (file, checksum) = match res {
      Ok((file, checksum)) => (file, checksum),
      Err(err) => {
        warn!("Download error: {}", err);
        self.notifier.notify_error();
        return;
      }
    };
    let path = file.into_temp_path();
    let file_path = path.to_string_lossy();
    if let Err(err) = verify_checksum(&file_path, &checksum) {
      warn!("Checksum error: {}", err);
      self.notifier.notify_error();
      return;
    }
    info!("Checksum success");
    if let Err(err) = self.installer.install(&file_path, &checksum).await {
      warn!("Install error: {}", err);
      self.notifier.notify_error();
    } else {
      info!("Install success");
      self.notifier.notify_done();
    }
  }
 }
--- a/apps/gpgui-helper/src-tauri/tauri.conf.json
+++ b/apps/gpgui-helper/src-tauri/tauri.conf.json
@@ -0,0 +1,52 @@
 {
  "$schema": "../node_modules/@tauri-apps/cli/schema.json",
  "build": {
    "beforeDevCommand": "pnpm dev",
    "beforeBuildCommand": "pnpm build",
    "devPath": "http://localhost:1421",
    "distDir": "../dist",
    "withGlobalTauri": false
  },
  "package": {
    "productName": "gpgui-helper"
  },
  "tauri": {
    "allowlist": {
      "all": false,
      "window": {
        "all": false,
        "startDragging": true
      }
    },
    "bundle": {
      "active": false,
      "targets": "deb",
      "identifier": "com.yuezk.gpgui-helper",
      "icon": [
        "icons/32x32.png",
        "icons/128x128.png",
        "icons/128x128@2x.png",
        "icons/icon.icns",
        "icons/icon.ico"
      ]
    },
    "security": {
      "csp": null
    },
    "windows": [
      {
        "title": "GlobalProtect GUI Helper",
        "center": true,
        "resizable": true,
        "width": 500,
        "height": 100,
        "minWidth": 500,
        "minHeight": 100,
        "maxWidth": 500,
        "maxHeight": 100,
        "label": "main",
        "decorations": false
      }
    ]
  }
 }
--- a/apps/gpgui-helper/src/assets/icon.svg
+++ b/apps/gpgui-helper/src/assets/icon.svg
@@ -0,0 +1,99 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
 <svg
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
   xmlns:svg="http://www.w3.org/2000/svg"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   version="1.1"
   id="Layer_1"
   x="0px"
   y="0px"
   viewBox="0 0 96 96"
   style="enable-background:new 0 0 96 96;"
   xml:space="preserve"
   sodipodi:docname="com.yuezk.qt.gpclient.svg"
   inkscape:version="0.92.4 5da689c313, 2019-01-14"><metadata
   id="metadata14"><rdf:RDF><cc:Work
       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title /></cc:Work></rdf:RDF></metadata><defs
   id="defs12" /><sodipodi:namedview
   pagecolor="#ffffff"
   bordercolor="#666666"
   borderopacity="1"
   objecttolerance="10"
   gridtolerance="10"
   guidetolerance="10"
   inkscape:pageopacity="0"
   inkscape:pageshadow="2"
   inkscape:window-width="1920"
   inkscape:window-height="1006"
   id="namedview10"
   showgrid="false"
   inkscape:zoom="6.9532168"
   inkscape:cx="7.9545315"
   inkscape:cy="59.062386"
   inkscape:window-x="0"
   inkscape:window-y="0"
   inkscape:window-maximized="1"
   inkscape:current-layer="g8499" />
 <style
   type="text/css"
   id="style2">
 	.st0{fill:#2980B9;}
 	.st1{fill:#3498DB;}
 	.st2{fill:#2ECC71;}
 	.st3{fill:#27AE60;}
 </style>
 <g
   id="g8499"
   transform="matrix(1.3407388,0,0,1.3407388,-16.409202,-16.355463)"><g
     id="XMLID_1_">
 	<circle
   r="32.5"
   cy="48"
   cx="48"
   class="st0"
   id="XMLID_3_"
   style="fill:#2980b9" />
 	<path
   d="m 48,15.5 v 65 C 65.9,80.5 80.5,65.7 80.5,48 80.5,30 65.9,15.5 48,15.5 Z"
   class="st1"
   id="XMLID_4_"
   inkscape:connector-curvature="0"
   style="fill:#3498db" />
 	<path
   d="m 48,15.5 v 0.6 l 1.2,-0.3 c 0.3,-0.3 0.4,-0.3 0.6,-0.3 h -1.1 z m 7.3,0.9 c -0.1,0 0.4,0.9 1.1,1.8 0.8,1.5 1.1,2.1 1.3,2.1 0.3,-0.3 1.9,-1.2 3,-2.1 -1.7,-0.9 -3.5,-1.5 -5.4,-1.8 z m 10.3,6.2 c -0.1,0 -0.4,0 -0.9,0.6 l -0.8,0.9 0.6,0.6 c 0.3,0.6 0.8,0.9 1,1.2 0.5,0.6 0.6,0.6 0.1,1.5 -0.2,0.6 -0.3,0.9 -0.3,0.9 0.1,0.3 0.3,0.3 1.4,0.3 h 1.6 c 0.1,0 0.3,-0.6 0.4,-1.2 l 0.1,-0.9 -1.1,-0.9 c -1,-0.9 -1,-0.9 -1.4,-1.8 -0.3,-0.6 -0.6,-1.2 -0.7,-1.2 z m -3,2.4 c -0.2,0 -1.3,2.1 -1.3,2.4 0,0 0.3,0.6 0.7,0.9 0.4,0.3 0.7,0.6 0.7,0.6 0.1,0 1.2,-1.2 1.4,-1.5 C 64.2,27.1 64,26.8 63.5,26.2 63.1,25.5 62.7,25 62.6,25 Z m 9.5,1.1 0.2,0.3 c 0,0.3 -0.7,0.9 -1.4,1.5 -1.2,0.9 -1.4,1.2 -2,1.2 -0.6,0 -0.9,0.3 -1.8,0.9 -0.6,0.6 -1.2,0.9 -1.2,1.2 0,0 0.2,0.3 0.6,0.9 0.7,0.6 0.7,0.9 0.2,1.8 l -0.4,0.3 h -1.1 c -0.6,0 -1.5,0 -1.8,-0.3 -0.9,0 -0.8,0 -0.1,2.1 1,3 1.1,3.2 1.3,3.2 0.1,0 1.3,-1.2 2.8,-2.4 1.5,-1.2 2.7,-2.4 2.8,-2.4 l 0.6,0.3 c 0.4,0.3 0.5,0 1.3,-0.6 l 0.8,-0.6 0.8,0.6 c 1.9,1.2 2.2,1.5 2.3,2.4 0.2,1.5 0.3,1.8 0.5,1.8 0.1,0 1.3,-1.5 1.6,-1.8 0.1,-0.3 -0.1,-0.6 -1.1,-2.1 -0.7,-0.9 -1.1,-1.8 -1.1,-2.1 0,0 0.1,0 0.3,-0.3 0.2,0 0.4,0.3 1,0.9 -1.6,-2.3 -3.2,-4.7 -5.1,-6.8 z m 2.8,10.7 c -0.2,0 -0.9,0.9 -0.8,1.2 l 0.5,0.3 H 75 c 0.2,0 0.3,0 0.2,-0.3 C 75.1,37.4 75,36.8 74.9,36.8 Z M 72.3,38 h -2.4 l -2.4,0.3 -4.5,3.5 -4.4,3.8 v 3.5 c 0,2.1 0,3.8 0.1,3.8 0.1,0 0.7,0.9 1.5,1.5 0.8,0.9 1.5,1.5 1.8,1.8 0.4,0.3 0.5,0.3 4,0.6 l 3.4,0.3 1.6,0.9 c 0.8,0.6 1.5,1.2 1.6,1.2 0.1,0 -0.3,0.3 -0.6,0.6 l -0.6,0.6 1,1.2 c 0.5,0.6 1.3,1.5 1.7,1.8 l 0.6,0.9 v 1.7 0.9 c 3.7,-5 5.9,-11.5 6.1,-18.3 0.1,-2.7 -0.3,-5.3 -0.8,-8 l -0.6,-0.3 c -0.1,0 -0.5,0.3 -1,0.6 -0.5,0.3 -1,0.9 -1.1,0.9 -0.1,0 -0.8,-0.3 -1.8,-0.6 l -1.8,-0.6 v -0.9 c 0,-0.6 0,-0.9 -0.6,-1.5 z M 48,63.7 V 64 h 0.2 z"
   class="st2"
   id="XMLID_13_"
   inkscape:connector-curvature="0"
   style="fill:#2ecc71" />
 	<path
   d="m 48,15.5 c -3.1,0 -6.2,0.5 -9,1.3 0.3,0.4 0.3,0.4 0.6,0.9 1.5,2.5 1.7,2.8 2.1,2.9 0.3,0 0.9,0.1 1.6,0.1 h 1.2 l 0.9,-2 0.8,-1.9 1.8,-0.6 z m -16.9,4.7 c -2.8,1.7 -5.4,3.9 -7.6,6.4 -3.8,4.3 -6.3,9.6 -7.4,15.4 0.5,0 0.9,-0.1 1.8,-0.1 2.8,0.1 2.5,0 3.4,1.4 0.5,0.8 0.6,0.8 1.4,0.8 1,0.1 0.9,0 0.5,-1.6 -0.2,-0.6 -0.3,-1.2 -0.3,-1.4 0,-0.2 0.5,-0.7 1.7,-1.6 1.9,-1.5 1.8,-1.3 1.5,-2.9 -0.1,-0.3 0.1,-0.6 0.6,-1.2 0.7,-0.7 0.7,-0.6 1.4,-0.6 h 0.7 l 0.1,-1.2 c 0.1,-0.7 0.1,-1.3 0.2,-1.3 0,0 1.9,-1.1 4.1,-2.3 2.2,-1.2 4.1,-2.2 4.2,-2.3 0.2,-0.2 -0.3,-0.8 -2.7,-3.8 -1.5,-1.9 -2.8,-3.6 -2.9,-3.7 z m -5.8,23 c -0.1,0 -0.1,0.3 -0.1,0.6 0,0.6 0,0.7 0.6,1 0.8,0.4 0.9,0.5 0.8,0.2 -0.1,-0.4 -1.2,-1.9 -1.3,-1.8 z m -3.4,2.1 -0.5,1.8 c 0.1,0.1 0.9,0.3 1.8,0.5 1,0.2 1.6,0.4 1.8,0.3 l 0.5,-1.3 z m -3.8,1 -1.1,0.6 c -0.6,0.3 -1.2,0.6 -1.4,0.6 h -0.1 c 0,1.4 0.1,2.8 0.3,4.2 l 0.6,0.4 1,-0.1 h 1 l 0.6,1.4 c 0.3,0.7 0.7,1.4 0.8,1.5 0.1,0.1 1,0.1 1.8,0.1 h 1.5 L 23,56.2 c 0,1.2 0,1.3 -0.6,2.2 -0.4,0.5 -0.6,1.2 -0.6,1.4 0,0.2 0.7,2.1 1.6,4.3 l 1.5,4 1.6,0.8 c 1.2,0.6 1.5,0.8 1.5,1 0,0.1 -0.4,2.1 -0.6,3.1 3,2.5 6.4,4.5 10.2,5.8 3.5,-3.6 6.8,-7.1 7.3,-7.6 l 0.7,-0.7 0.2,-1.9 c 0.2,-1.1 0.4,-2.1 0.4,-2.2 0,-0.1 0.5,-0.6 1,-1.2 0.5,-0.5 0.8,-1 0.8,-1.1 v -0.2 c -0.1,-0.1 -1.4,-1.1 -3,-2.2 l -3.1,-2.1 -1.1,-0.1 c -0.8,0 -1.2,0 -1.3,-0.2 C 39.4,59.2 39.2,58.5 39.1,57.7 39,56.9 38.9,56.2 38.8,56.1 38.8,56 38,56 37.1,56 36.2,56 35.4,55.9 35.3,55.8 35.2,55.7 35.2,55.1 35.1,54.3 35,53.6 34.9,53 34.8,52.9 34.7,52.8 33.7,52.7 32.5,52.6 30.5,52.5 30.1,52.5 29.1,52 l -1.2,-0.6 -1.6,0.7 -1.7,0.9 -1.8,-0.1 c -2,0 -1.9,0.2 -2.1,-1.6 C 20.6,50.7 20.6,50.1 20.5,50.1 20.4,50 20,50 19.6,49.9 L 18.9,49.7 19,49.2 c 0,-0.3 0,-1 0.1,-1.4 L 19.2,47 18.7,46.5 Z m 9.1,1.1 C 27.1,47.5 27.1,47.8 27,48 l -0.1,0.5 2.9,1.2 c 2.9,1.1 3.4,1.2 3.9,0.7 0.2,-0.2 0.1,-0.2 -0.3,-0.4 -0.3,-0.1 -1.7,-0.9 -3.2,-1.6 -1.7,-0.7 -2.9,-1.1 -3,-1 z"
   class="st3"
   id="XMLID_20_"
   inkscape:connector-curvature="0"
   style="fill:#27ae60" />
 </g><g
     transform="matrix(1.458069,0,0,1.458069,-22.631538,-19.615144)"
     id="g7664"><path
       inkscape:connector-curvature="0"
       id="XMLID_6_"
       class="st3"
       d="m 38.8,56.1 c 0,1.2 1,2.2 2.2,2.2 h 15.2 c 1.2,0 2.2,-1 2.2,-2.2 V 45.3 c 0,-1.2 -1,-2.2 -2.2,-2.2 H 40.9 c -1.2,0 -2.2,1 -2.2,2.2 v 10.8 z"
       style="fill:#f1aa27;fill-opacity:1" /><path
       style="fill:#e6e6e6"
       inkscape:connector-curvature="0"
       id="XMLID_7_"
       class="st4"
       d="m 55.5,43.1 h -3.3 v -3.7 c 0,-2.1 -1.7,-3.8 -3.8,-3.8 -2.1,0 -3.8,1.7 -3.8,3.8 v 3.8 h -3.1 v -3.8 c 0,-3.9 3.2,-7 7,-7 3.9,0 7,3.2 7,7 z" /><path
       style="fill:#e6e6e6;fill-opacity:1"
       inkscape:connector-curvature="0"
       id="XMLID_8_"
       class="st5"
       d="m 50.35,48.2 c 0,-1 -0.8,-1.8 -1.8,-1.8 -1,0 -1.8,0.8 -1.8,1.8 0,0.7 0.4,1.3 1,1.6 l -1,5.2 h 3.6 l -1,-5.2 c 0.6,-0.3 1,-0.9 1,-1.6 z" /></g></g></svg>
--- a/apps/gpgui-helper/src/components/App/App.tsx
+++ b/apps/gpgui-helper/src/components/App/App.tsx
@@ -0,0 +1,131 @@
 import { Box, Button, CssBaseline, LinearProgress, Typography } from "@mui/material";
 import { appWindow } from "@tauri-apps/api/window";
 import logo from "../../assets/icon.svg";
 import { useEffect, useState } from "react";
 import "./styles.css";
 function useUpdateProgress() {
  const [progress, setProgress] = useState<number | null>(null);
  useEffect(() => {
    const unlisten = appWindow.listen("app://update-progress", (event) => {
      setProgress(event.payload as number);
    });
    return () => {
      unlisten.then((unlisten) => unlisten());
    };
  }, []);
  return progress;
 }
 export default function App() {
  const [error, setError] = useState(false);
  useEffect(() => {
    const unlisten = appWindow.listen("app://update-error", () => {
      setError(true);
    });
    return () => {
      unlisten.then((unlisten) => unlisten());
    };
  }, []);
  const handleRetry = () => {
    setError(false);
    appWindow.emit("app://update");
  };
  return (
    <>
      <CssBaseline />
      <Box
        sx={{ position: "absolute", inset: 0 }}
        display="flex"
        alignItems="center"
        px={2}
        data-tauri-drag-region
      >
        <Box display="flex" alignItems="center" flex="1" data-tauri-drag-region>
          <Box
            component="img"
            src={logo}
            alt="logo"
            sx={{ width: "4rem", height: "4rem" }}
            data-tauri-drag-region
          />
          <Box flex={1} ml={2}>
            {error ? <DownloadFailed onRetry={handleRetry} /> : <DownloadIndicator />}
          </Box>
        </Box>
      </Box>
    </>
  );
 }
 function DownloadIndicator() {
  const progress = useUpdateProgress();
  return (
    <>
      <Typography variant="h1" fontSize="1rem" data-tauri-drag-region>
        Updating the GUI components...
      </Typography>
      <Box mt={1}>
        <LinearProgressWithLabel value={progress} />
      </Box>
    </>
  );
 }
 function DownloadFailed({ onRetry }: { onRetry: () => void }) {
  return (
    <>
      <Typography variant="h1" fontSize="1rem" data-tauri-drag-region>
        Failed to update the GUI components.
      </Typography>
      <Box mt={1} data-tauri-drag-region>
        <Button
          variant="contained"
          color="primary"
          size="small"
          onClick={onRetry}
          sx={{
            textTransform: "none",
          }}
        >
          Retry
        </Button>
      </Box>
    </>
  );
 }
 function LinearProgressWithLabel(props: { value: number | null }) {
  const { value } = props;
  return (
    <Box sx={{ display: "flex", alignItems: "center" }}>
      <Box flex="1">
        <LinearProgress
          variant={value === null ? "indeterminate" : "determinate"}
          value={value ?? 0}
          sx={{
            py: 1.2,
            ".MuiLinearProgress-bar": {
              transition: "none",
            },
          }}
        />
      </Box>
      {value !== null && (
        <Box sx={{ minWidth: 35, textAlign: "right", ml: 1 }}>
          <Typography variant="body2" color="text.secondary">{`${Math.round(value)}%`}</Typography>
        </Box>
      )}
    </Box>
  );
 }
--- a/apps/gpgui-helper/src/components/App/styles.css
+++ b/apps/gpgui-helper/src/components/App/styles.css
@@ -0,0 +1,10 @@
 html,
 body,
 #root {
  height: 100%;
  margin: 0;
  padding: 0;
  -webkit-user-select: none;
  user-select: none;
  cursor: default;
 }
--- a/apps/gpgui-helper/src/pages/main.tsx
+++ b/apps/gpgui-helper/src/pages/main.tsx
@@ -0,0 +1,6 @@
 import { createRoot } from "react-dom/client"
 import App from "../components/App/App";
 const rootApp = createRoot(document.getElementById('root') as HTMLElement);
 rootApp.render(<App />);
--- a/apps/gpgui-helper/src/types.d.ts
+++ b/apps/gpgui-helper/src/types.d.ts
--- a/apps/gpgui-helper/src/vite-env.d.ts
+++ b/apps/gpgui-helper/src/vite-env.d.ts
@@ -0,0 +1 @@
 /// <reference types="vite/client" />
--- a/apps/gpgui-helper/tsconfig.json
+++ b/apps/gpgui-helper/tsconfig.json
@@ -0,0 +1,25 @@
 {
  "compilerOptions": {
    "target": "ES2020",
    "useDefineForClassFields": true,
    "lib": ["ES2020", "DOM", "DOM.Iterable"],
    "module": "ESNext",
    "skipLibCheck": true,
    /* Bundler mode */
    "moduleResolution": "bundler",
    "allowImportingTsExtensions": true,
    "resolveJsonModule": true,
    "isolatedModules": true,
    "noEmit": true,
    "jsx": "react-jsx",
    /* Linting */
    "strict": true,
    "noUnusedLocals": true,
    "noUnusedParameters": true,
    "noFallthroughCasesInSwitch": true
  },
  "include": ["src"],
  "references": [{ "path": "./tsconfig.node.json" }]
 }
--- a/apps/gpgui-helper/tsconfig.node.json
+++ b/apps/gpgui-helper/tsconfig.node.json
@@ -0,0 +1,10 @@
 {
  "compilerOptions": {
    "composite": true,
    "skipLibCheck": true,
    "module": "ESNext",
    "moduleResolution": "bundler",
    "allowSyntheticDefaultImports": true
  },
  "include": ["vite.config.ts"]
 }
--- a/apps/gpgui-helper/vite.config.ts
+++ b/apps/gpgui-helper/vite.config.ts
@@ -0,0 +1,30 @@
 import react from "@vitejs/plugin-react";
 import { resolve } from "path";
 import { defineConfig } from "vite";
 // https://vitejs.dev/config/
 export default defineConfig(async () => {
  return {
    plugins: [react()],
    // Vite options tailored for Tauri development and only applied in `tauri dev` or `tauri build`
    //
    // 1. prevent vite from obscuring rust errors
    clearScreen: false,
    // 2. tauri expects a fixed port, fail if that port is not available
    server: {
      port: 1421,
      strictPort: true,
    },
    // 3. to make use of `TAURI_DEBUG` and other env variables
    // https://tauri.app/v1/api/config#buildconfig.beforedevcommand
    envPrefix: ["VITE_", "TAURI_"],
    build: {
      rollupOptions: {
        input: {
          main: resolve(__dirname, "index.html"),
        },
      },
    },
  };
 });
--- a/apps/gpservice/Cargo.toml
+++ b/apps/gpservice/Cargo.toml
@@ -13,7 +13,10 @@ tokio.workspace = true
 tokio-util.workspace = true
 axum = { workspace = true, features = ["ws"] }
 futures.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 env_logger.workspace = true
 log.workspace = true
 compile-time.workspace = true
 xz2 = "0.1"
 tar = "0.4"
--- a/apps/gpservice/src/cli.rs
+++ b/apps/gpservice/src/cli.rs
@@ -6,9 +6,7 @@ use clap::Parser;
 use gpapi::{
  process::gui_launcher::GuiLauncher,
  service::{request::WsRequest, vpn_state::VpnState},
-  utils::{
+  utils::{crypto::generate_key, env_file, lock_file::LockFile, redact::Redaction, shutdown_signal},
    crypto::generate_key, env_file, lock_file::LockFile, redact::Redaction, shutdown_signal,
  },
  GP_SERVICE_LOCK_FILE,
 };
 use log::{info, warn, LevelFilter};
@@ -16,12 +14,7 @@ use tokio::sync::{mpsc, watch};
 use crate::{vpn_task::VpnTask, ws_server::WsServer};
-const VERSION: &str = concat!(
+const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
  env!("CARGO_PKG_VERSION"),
  " (",
  compile_time::date_str!(),
  ")"
 );
 #[derive(Parser)]
 #[command(version = VERSION)]
@@ -51,13 +44,7 @@ impl Cli {
    let (vpn_state_tx, vpn_state_rx) = watch::channel(VpnState::Disconnected);
    let mut vpn_task = VpnTask::new(ws_req_rx, vpn_state_tx);
-    let ws_server = WsServer::new(
+    let ws_server = WsServer::new(api_key.clone(), ws_req_tx, vpn_state_rx, lock_file.clone(), redaction);
      api_key.clone(),
      ws_req_tx,
      vpn_state_rx,
      lock_file.clone(),
      redaction,
    );
    let (shutdown_tx, mut shutdown_rx) = mpsc::channel::<()>(4);
    let shutdown_tx_clone = shutdown_tx.clone();
@@ -76,11 +63,7 @@ impl Cli {
    if no_gui {
      info!("GUI is disabled");
    } else {
-      let envs = self
+      let envs = self.env_file.as_ref().map(env_file::load_env_vars).transpose()?;
        .env_file
        .as_ref()
        .map(env_file::load_env_vars)
        .transpose()?;
      let minimized = self.minimized;
@@ -129,7 +112,7 @@ fn init_logger() -> Arc<Redaction> {
      let timestamp = buf.timestamp();
      writeln!(
        buf,
-        "[{} {} {}] {}",
+        "[{} {}  {}] {}",
        timestamp,
        record.level(),
        record.module_path().unwrap_or_default(),
@@ -144,10 +127,8 @@ fn init_logger() -> Arc<Redaction> {
 async fn launch_gui(envs: Option<HashMap<String, String>>, api_key: Vec<u8>, mut minimized: bool) {
  loop {
-    let api_key_clone = api_key.clone();
+    let gui_launcher = GuiLauncher::new(env!("CARGO_PKG_VERSION"), &api_key)
    let gui_launcher = GuiLauncher::new()
      .envs(envs.clone())
      .api_key(api_key_clone)
      .minimized(minimized);
    match gui_launcher.launch().await {
--- a/apps/gpservice/src/handlers.rs
+++ b/apps/gpservice/src/handlers.rs
@@ -1,15 +1,33 @@
-use std::{borrow::Cow, ops::ControlFlow, sync::Arc};
+use std::{
  borrow::Cow,
  fs::{File, Permissions},
  io::BufReader,
  ops::ControlFlow,
  os::unix::fs::PermissionsExt,
  path::PathBuf,
  sync::Arc,
 };
 use anyhow::bail;
 use axum::{
  body::Bytes,
  extract::{
    ws::{self, CloseFrame, Message, WebSocket},
    State, WebSocketUpgrade,
  },
  http::StatusCode,
  response::IntoResponse,
 };
 use futures::{SinkExt, StreamExt};
-use gpapi::service::event::WsEvent;
+use gpapi::{
  service::{event::WsEvent, request::UpdateGuiRequest},
  utils::checksum::verify_checksum,
  GP_GUI_BINARY,
 };
 use log::{info, warn};
 use tar::Archive;
 use tokio::fs;
 use xz2::read::XzDecoder;
 use crate::ws_server::WsServerContext;
@@ -21,10 +39,73 @@ pub(crate) async fn active_gui(State(ctx): State<Arc<WsServerContext>>) -> impl
  ctx.send_event(WsEvent::ActiveGui).await;
 }
-pub(crate) async fn ws_handler(
+pub(crate) async fn auth_data(State(ctx): State<Arc<WsServerContext>>, body: String) -> impl IntoResponse {
-  ws: WebSocketUpgrade,
+  ctx.send_event(WsEvent::AuthData(body)).await;
-  State(ctx): State<Arc<WsServerContext>>,
+}
-) -> impl IntoResponse {
+
 pub async fn update_gui(State(ctx): State<Arc<WsServerContext>>, body: Bytes) -> Result<(), StatusCode> {
  let payload = match ctx.decrypt::<UpdateGuiRequest>(body.to_vec()) {
    Ok(payload) => payload,
    Err(err) => {
      warn!("Failed to decrypt update payload: {}", err);
      return Err(StatusCode::BAD_REQUEST);
    }
  };
  info!("Update GUI: {:?}", payload);
  let UpdateGuiRequest { path, checksum } = payload;
  info!("Verifying checksum");
  verify_checksum(&path, &checksum).map_err(|err| {
    warn!("Failed to verify checksum: {}", err);
    StatusCode::BAD_REQUEST
  })?;
  info!("Installing GUI");
  install_gui(&path).await.map_err(|err| {
    warn!("Failed to install GUI: {}", err);
    StatusCode::INTERNAL_SERVER_ERROR
  })?;
  Ok(())
 }
 // Unpack GPGUI archive, gpgui_2.0.0_{arch}.bin.tar.xz and install it
 async fn install_gui(src: &str) -> anyhow::Result<()> {
  let path = PathBuf::from(GP_GUI_BINARY);
  let Some(dir) = path.parent() else {
    bail!("Failed to get parent directory of GUI binary");
  };
  fs::create_dir_all(dir).await?;
  // Unpack the archive
  info!("Unpacking GUI archive");
  let tar = XzDecoder::new(BufReader::new(File::open(src)?));
  let mut ar = Archive::new(tar);
  for entry in ar.entries()? {
    let mut entry = entry?;
    let path = entry.path()?;
    if let Some(name) = path.file_name() {
      let name = name.to_string_lossy();
      if name == "gpgui" {
        let mut file = File::create(GP_GUI_BINARY)?;
        std::io::copy(&mut entry, &mut file)?;
        break;
      }
    }
  }
  // Make the binary executable
  fs::set_permissions(GP_GUI_BINARY, Permissions::from_mode(0o755)).await?;
  Ok(())
 }
 pub(crate) async fn ws_handler(ws: WebSocketUpgrade, State(ctx): State<Arc<WsServerContext>>) -> impl IntoResponse {
  ws.on_upgrade(move |socket| handle_socket(socket, ctx))
 }
--- a/apps/gpservice/src/main.rs
+++ b/apps/gpservice/src/main.rs
@@ -2,8 +2,8 @@ mod cli;
 mod handlers;
 mod routes;
 mod vpn_task;
 mod ws_server;
 mod ws_connection;
 mod ws_server;
 #[tokio::main]
 async fn main() {
--- a/apps/gpservice/src/routes.rs
+++ b/apps/gpservice/src/routes.rs
@@ -1,6 +1,9 @@
 use std::sync::Arc;
-use axum::{routing::{get, post}, Router};
+use axum::{
  routing::{get, post},
  Router,
 };
 use crate::{handlers, ws_server::WsServerContext};
@@ -8,6 +11,8 @@ pub(crate) fn routes(ctx: Arc<WsServerContext>) -> Router {
  Router::new()
    .route("/health", get(handlers::health))
    .route("/active-gui", post(handlers::active_gui))
    .route("/auth-data", post(handlers::auth_data))
    .route("/update-gui", post(handlers::update_gui))
    .route("/ws", get(handlers::ws_handler))
    .with_state(ctx)
 }
--- a/apps/gpservice/src/vpn_task.rs
+++ b/apps/gpservice/src/vpn_task.rs
@@ -4,7 +4,7 @@ use gpapi::service::{
  request::{ConnectRequest, WsRequest},
  vpn_state::VpnState,
 };
-use log::info;
+use log::{info, warn};
 use openconnect::Vpn;
 use tokio::sync::{mpsc, oneshot, watch, RwLock};
 use tokio_util::sync::CancellationToken;
@@ -31,19 +31,29 @@ impl VpnTaskContext {
      return;
    }
    let vpn_state_tx = self.vpn_state_tx.clone();
    let info = req.info().clone();
-    let vpn_handle = self.vpn_handle.clone();
+    let vpn_handle = Arc::clone(&self.vpn_handle);
    let args = req.args();
-    let vpn = Vpn::builder(req.gateway().server(), args.cookie())
+    let vpn = match Vpn::builder(req.gateway().server(), args.cookie())
      .user_agent(args.user_agent())
      .script(args.vpnc_script())
      .user_agent(args.user_agent())
      .csd_uid(args.csd_uid())
      .csd_wrapper(args.csd_wrapper())
      .mtu(args.mtu())
      .os(args.openconnect_os())
-      .build();
+      .build()
    {
      Ok(vpn) => vpn,
      Err(err) => {
        warn!("Failed to create VPN: {}", err);
        vpn_state_tx.send(VpnState::Disconnected).ok();
        return;
      }
    };
    // Save the VPN handle
    vpn_handle.write().await.replace(vpn);
    let vpn_state_tx = self.vpn_state_tx.clone();
    let connect_info = Box::new(info.clone());
    vpn_state_tx.send(VpnState::Connecting(connect_info)).ok();
@@ -73,7 +83,9 @@ impl VpnTaskContext {
  pub async fn disconnect(&self) {
    if let Some(disconnect_rx) = self.disconnect_rx.write().await.take() {
      info!("Disconnecting VPN...");
      if let Some(vpn) = self.vpn_handle.read().await.as_ref() {
        info!("VPN is connected, start disconnecting...");
        self.vpn_state_tx.send(VpnState::Disconnecting).ok();
        vpn.disconnect()
      }
--- a/apps/gpservice/src/ws_server.rs
+++ b/apps/gpservice/src/ws_server.rs
@@ -6,6 +6,7 @@ use gpapi::{
  utils::{crypto::Crypto, lock_file::LockFile, redact::Redaction},
 };
 use log::{info, warn};
 use serde::de::DeserializeOwned;
 use tokio::{
  net::TcpListener,
  sync::{mpsc, watch, RwLock},
@@ -38,6 +39,10 @@ impl WsServerContext {
    }
  }
  pub fn decrypt<T: DeserializeOwned>(&self, encrypted: Vec<u8>) -> anyhow::Result<T> {
    self.crypto.decrypt(encrypted)
  }
  pub async fn send_event(&self, event: WsEvent) {
    let connections = self.connections.read().await;
@@ -98,12 +103,7 @@ impl WsServer {
    lock_file: Arc<LockFile>,
    redaction: Arc<Redaction>,
  ) -> Self {
-    let ctx = Arc::new(WsServerContext::new(
+    let ctx = Arc::new(WsServerContext::new(api_key, ws_req_tx, vpn_state_rx, redaction));
      api_key,
      ws_req_tx,
      vpn_state_rx,
      redaction,
    ));
    let cancel_token = CancellationToken::new();
    Self {
--- a/changelog.md
+++ b/changelog.md
@@ -0,0 +1,22 @@
 # Changelog
 ## 2.1.1 - 2024-03-25
 - Add the `--hip` option to enable HIP report
 - Fix not working in OpenSuse 15.5 (fix #336, #322)
 - Treat portal as gateway when the gateway login is failed (fix #338)
 - Improve the error message (fix #327)
 ## 2.1.0 - 2024-02-27
 - Update distribution channel for `gpgui` to complaint with the GPL-3 license.
 - Add `mtu` option.
 - Retry auth if failed to obtain the auth cookie
 ## 2.0.0 - 2024-02-05
 - Refactor using Tauri
 - Support HIP report
 - Support pass vpn-slice command
 - Do not error when the region field is empty
 - Update the auth window icon
--- a/crates/common/Cargo.toml
+++ b/crates/common/Cargo.toml
@@ -0,0 +1,11 @@
 [package]
 name = "common"
 rust-version.workspace = true
 version.workspace = true
 authors.workspace = true
 homepage.workspace = true
 edition.workspace = true
 license.workspace = true
 [dependencies]
 is_executable.workspace = true
--- a/crates/common/src/lib.rs
+++ b/crates/common/src/lib.rs
@@ -0,0 +1 @@
 pub mod vpn_utils;
--- a/crates/common/src/vpn_utils.rs
+++ b/crates/common/src/vpn_utils.rs
@@ -0,0 +1,41 @@
 use is_executable::IsExecutable;
 use std::path::Path;
 pub use is_executable::is_executable;
 const VPNC_SCRIPT_LOCATIONS: [&str; 6] = [
  "/usr/local/share/vpnc-scripts/vpnc-script",
  "/usr/local/sbin/vpnc-script",
  "/usr/share/vpnc-scripts/vpnc-script",
  "/usr/sbin/vpnc-script",
  "/etc/vpnc/vpnc-script",
  "/etc/openconnect/vpnc-script",
 ];
 const CSD_WRAPPER_LOCATIONS: [&str; 3] = [
  #[cfg(target_arch = "x86_64")]
  "/usr/lib/x86_64-linux-gnu/openconnect/hipreport.sh",
  #[cfg(target_arch = "aarch64")]
  "/usr/lib/aarch64-linux-gnu/openconnect/hipreport.sh",
  "/usr/lib/openconnect/hipreport.sh",
  "/usr/libexec/openconnect/hipreport.sh",
 ];
 fn find_executable(locations: &[&str]) -> Option<String> {
  for location in locations.iter() {
    let path = Path::new(location);
    if path.is_executable() {
      return Some(location.to_string());
    }
  }
  None
 }
 pub fn find_vpnc_script() -> Option<String> {
  find_executable(&VPNC_SCRIPT_LOCATIONS)
 }
 pub fn find_csd_wrapper() -> Option<String> {
  find_executable(&CSD_WRAPPER_LOCATIONS)
 }
--- a/crates/gpapi/Cargo.toml
+++ b/crates/gpapi/Cargo.toml
@@ -25,10 +25,15 @@ url.workspace = true
 regex.workspace = true
 dotenvy_macro.workspace = true
 uzers.workspace = true
 serde_urlencoded.workspace = true
 md5.workspace = true
 sha256.workspace = true
 tauri = { workspace = true, optional = true }
 clap = { workspace = true, optional = true }
 open = { version = "5", optional = true }
 [features]
 tauri = ["dep:tauri"]
 clap = ["dep:clap"]
 browser-auth = ["dep:open"]
--- a/crates/gpapi/src/auth.rs
+++ b/crates/gpapi/src/auth.rs
@@ -1,3 +1,5 @@
 use anyhow::bail;
 use regex::Regex;
 use serde::{Deserialize, Serialize};
 #[derive(Debug, Serialize, Deserialize)]
@@ -25,11 +27,7 @@ impl SamlAuthResult {
 }
 impl SamlAuthData {
-  pub fn new(
+  pub fn new(username: String, prelogin_cookie: Option<String>, portal_userauthcookie: Option<String>) -> Self {
    username: String,
    prelogin_cookie: Option<String>,
    portal_userauthcookie: Option<String>,
  ) -> Self {
    Self {
      username,
      prelogin_cookie,
@@ -37,6 +35,32 @@ impl SamlAuthData {
    }
  }
  pub fn parse_html(html: &str) -> anyhow::Result<SamlAuthData> {
    match parse_xml_tag(html, "saml-auth-status") {
      Some(saml_status) if saml_status == "1" => {
        let username = parse_xml_tag(html, "saml-username");
        let prelogin_cookie = parse_xml_tag(html, "prelogin-cookie");
        let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
        if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
          return Ok(SamlAuthData::new(
            username.unwrap(),
            prelogin_cookie,
            portal_userauthcookie,
          ));
        }
        bail!("Found invalid auth data in HTML");
      }
      Some(status) => {
        bail!("Found invalid SAML status {} in HTML", status);
      }
      None => {
        bail!("No auth data found in HTML");
      }
    }
  }
  pub fn username(&self) -> &str {
    &self.username
  }
@@ -50,14 +74,17 @@ impl SamlAuthData {
    prelogin_cookie: &Option<String>,
    portal_userauthcookie: &Option<String>,
  ) -> bool {
-    let username_valid = username
+    let username_valid = username.as_ref().is_some_and(|username| !username.is_empty());
      .as_ref()
      .is_some_and(|username| !username.is_empty());
    let prelogin_cookie_valid = prelogin_cookie.as_ref().is_some_and(|val| val.len() > 5);
-    let portal_userauthcookie_valid = portal_userauthcookie
+    let portal_userauthcookie_valid = portal_userauthcookie.as_ref().is_some_and(|val| val.len() > 5);
      .as_ref()
      .is_some_and(|val| val.len() > 5);
    username_valid && (prelogin_cookie_valid || portal_userauthcookie_valid)
  }
 }
 pub fn parse_xml_tag(html: &str, tag: &str) -> Option<String> {
  let re = Regex::new(&format!("<{}>(.*)</{}>", tag, tag)).unwrap();
  re.captures(html)
    .and_then(|captures| captures.get(1))
    .map(|m| m.as_str().to_string())
 }
--- a/crates/gpapi/src/credential.rs
+++ b/crates/gpapi/src/credential.rs
@@ -3,7 +3,7 @@ use std::collections::HashMap;
 use serde::{Deserialize, Serialize};
 use specta::Type;
-use crate::auth::SamlAuthData;
+use crate::{auth::SamlAuthData, utils::base64::decode_to_string};
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
@@ -112,11 +112,7 @@ pub struct CachedCredential {
 }
 impl CachedCredential {
-  pub fn new(
+  pub fn new(username: String, password: Option<String>, auth_cookie: AuthCookieCredential) -> Self {
    username: String,
    password: Option<String>,
    auth_cookie: AuthCookieCredential,
  ) -> Self {
    Self {
      username,
      password,
@@ -139,6 +135,24 @@ impl CachedCredential {
  pub fn set_auth_cookie(&mut self, auth_cookie: AuthCookieCredential) {
    self.auth_cookie = auth_cookie;
  }
  pub fn set_username(&mut self, username: String) {
    self.username = username;
  }
  pub fn set_password(&mut self, password: Option<String>) {
    self.password = password.map(|s| s.to_string());
  }
 }
 impl From<PasswordCredential> for CachedCredential {
  fn from(value: PasswordCredential) -> Self {
    Self::new(
      value.username().to_owned(),
      Some(value.password().to_owned()),
      AuthCookieCredential::new("", "", ""),
    )
  }
 }
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
@@ -151,6 +165,17 @@ pub enum Credential {
 }
 impl Credential {
  /// Create a credential from a globalprotectcallback:<base64 encoded string>
  pub fn parse_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
    // Remove the surrounding quotes
    let auth_data = auth_data.trim_matches('"');
    let auth_data = auth_data.trim_start_matches("globalprotectcallback:");
    let auth_data = decode_to_string(auth_data)?;
    let auth_data = SamlAuthData::parse_html(&auth_data)?;
    Self::try_from(auth_data)
  }
  pub fn username(&self) -> &str {
    match self {
      Credential::Password(cred) => cred.username(),
@@ -164,8 +189,7 @@ impl Credential {
    let mut params = HashMap::new();
    params.insert("user", self.username());
-    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie) = match self
+    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie) = match self {
    {
      Credential::Password(cred) => (Some(cred.password()), None, None, None),
      Credential::PreloginCookie(cred) => (None, Some(cred.prelogin_cookie()), None, None),
      Credential::AuthCookie(cred) => (
@@ -184,10 +208,7 @@ impl Credential {
    params.insert("passwd", passwd.unwrap_or_default());
    params.insert("prelogin-cookie", prelogin_cookie.unwrap_or_default());
-    params.insert(
+    params.insert("portal-userauthcookie", portal_userauthcookie.unwrap_or_default());
      "portal-userauthcookie",
      portal_userauthcookie.unwrap_or_default(),
    );
    params.insert(
      "portal-prelogonuserauthcookie",
      portal_prelogonuserauthcookie.unwrap_or_default(),
--- a/crates/gpapi/src/error.rs
+++ b/crates/gpapi/src/error.rs
@@ -0,0 +1,11 @@
 use thiserror::Error;
 #[derive(Error, Debug)]
 pub enum PortalError {
  #[error("Portal prelogin error: {0}")]
  PreloginError(String),
  #[error("Portal config error: {0}")]
  ConfigError(String),
  #[error("Gateway error: {0}")]
  GatewayError(String),
 }
--- a/crates/gpapi/src/gateway/hip.rs
+++ b/crates/gpapi/src/gateway/hip.rs
@@ -0,0 +1,178 @@
 use std::collections::HashMap;
 use log::{info, warn};
 use reqwest::Client;
 use roxmltree::Document;
 use crate::{gp_params::GpParams, process::hip_launcher::HipLauncher, utils::normalize_server};
 struct HipReporter<'a> {
  server: String,
  cookie: &'a str,
  md5: &'a str,
  csd_wrapper: &'a str,
  gp_params: &'a GpParams,
  client: Client,
 }
 impl HipReporter<'_> {
  async fn report(&self) -> anyhow::Result<()> {
    let client_ip = self.retrieve_client_ip().await?;
    let hip_needed = match self.check_hip(&client_ip).await {
      Ok(hip_needed) => hip_needed,
      Err(err) => {
        warn!("Failed to check HIP: {}", err);
        return Ok(());
      }
    };
    if !hip_needed {
      info!("HIP report not needed");
      return Ok(());
    }
    info!("HIP report needed, generating report...");
    let report = self.generate_report(&client_ip).await?;
    if let Err(err) = self.submit_hip(&client_ip, &report).await {
      warn!("Failed to submit HIP report: {}", err);
    }
    Ok(())
  }
  async fn retrieve_client_ip(&self) -> anyhow::Result<String> {
    let config_url = format!("{}/ssl-vpn/getconfig.esp", self.server);
    let mut params: HashMap<&str, &str> = HashMap::new();
    params.insert("client-type", "1");
    params.insert("protocol-version", "p1");
    params.insert("internal", "no");
    params.insert("ipv6-support", "yes");
    params.insert("clientos", self.gp_params.client_os());
    params.insert("hmac-algo", "sha1,md5,sha256");
    params.insert("enc-algo", "aes-128-cbc,aes-256-cbc");
    if let Some(os_version) = self.gp_params.os_version() {
      params.insert("os-version", os_version);
    }
    if let Some(client_version) = self.gp_params.client_version() {
      params.insert("app-version", client_version);
    }
    let params = merge_cookie_params(self.cookie, &params)?;
    let res = self.client.post(&config_url).form(&params).send().await?;
    let res_xml = res.error_for_status()?.text().await?;
    let doc = Document::parse(&res_xml)?;
    // Get <ip-address>
    let ip = doc
      .descendants()
      .find(|n| n.has_tag_name("ip-address"))
      .and_then(|n| n.text())
      .ok_or_else(|| anyhow::anyhow!("ip-address not found"))?;
    Ok(ip.to_string())
  }
  async fn check_hip(&self, client_ip: &str) -> anyhow::Result<bool> {
    let url = format!("{}/ssl-vpn/hipreportcheck.esp", self.server);
    let mut params = HashMap::new();
    params.insert("client-role", "global-protect-full");
    params.insert("client-ip", client_ip);
    params.insert("md5", self.md5);
    let params = merge_cookie_params(self.cookie, &params)?;
    let res = self.client.post(&url).form(&params).send().await?;
    let res_xml = res.error_for_status()?.text().await?;
    is_hip_needed(&res_xml)
  }
  async fn generate_report(&self, client_ip: &str) -> anyhow::Result<String> {
    let launcher = HipLauncher::new(self.csd_wrapper)
      .cookie(self.cookie)
      .md5(self.md5)
      .client_ip(client_ip)
      .client_os(self.gp_params.client_os())
      .client_version(self.gp_params.client_version());
    launcher.launch().await
  }
  async fn submit_hip(&self, client_ip: &str, report: &str) -> anyhow::Result<()> {
    let url = format!("{}/ssl-vpn/hipreport.esp", self.server);
    let mut params = HashMap::new();
    params.insert("client-role", "global-protect-full");
    params.insert("client-ip", client_ip);
    params.insert("report", report);
    let params = merge_cookie_params(self.cookie, &params)?;
    let res = self.client.post(&url).form(&params).send().await?;
    let res_xml = res.error_for_status()?.text().await?;
    info!("HIP check response: {}", res_xml);
    Ok(())
  }
 }
 fn is_hip_needed(res_xml: &str) -> anyhow::Result<bool> {
  let doc = Document::parse(res_xml)?;
  let hip_needed = doc
    .descendants()
    .find(|n| n.has_tag_name("hip-report-needed"))
    .and_then(|n| n.text())
    .ok_or_else(|| anyhow::anyhow!("hip-report-needed not found"))?;
  Ok(hip_needed == "yes")
 }
 fn merge_cookie_params(cookie: &str, params: &HashMap<&str, &str>) -> anyhow::Result<HashMap<String, String>> {
  let cookie_params = serde_urlencoded::from_str::<HashMap<String, String>>(cookie)?;
  let params = params
    .iter()
    .map(|(k, v)| (k.to_string(), v.to_string()))
    .chain(cookie_params)
    .collect::<HashMap<String, String>>();
  Ok(params)
 }
 // Compute md5 for fields except authcookie,preferred-ip,preferred-ipv6
 fn build_csd_token(cookie: &str) -> anyhow::Result<String> {
  let mut cookie_params = serde_urlencoded::from_str::<Vec<(String, String)>>(cookie)?;
  cookie_params.retain(|(k, _)| k != "authcookie" && k != "preferred-ip" && k != "preferred-ipv6");
  let token = serde_urlencoded::to_string(cookie_params)?;
  let md5 = format!("{:x}", md5::compute(token));
  Ok(md5)
 }
 pub async fn hip_report(gateway: &str, cookie: &str, csd_wrapper: &str, gp_params: &GpParams) -> anyhow::Result<()> {
  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(gp_params.user_agent())
    .build()?;
  let md5 = build_csd_token(cookie)?;
  info!("Submit HIP report md5: {}", md5);
  let reporter = HipReporter {
    server: normalize_server(gateway)?,
    cookie,
    md5: &md5,
    csd_wrapper,
    gp_params,
    client,
  };
  reporter.report().await
 }
--- a/crates/gpapi/src/gateway/login.rs
+++ b/crates/gpapi/src/gateway/login.rs
@@ -1,17 +1,23 @@
-use log::info;
+use anyhow::bail;
 use log::{info, warn};
 use reqwest::Client;
 use roxmltree::Document;
 use urlencoding::encode;
-use crate::{credential::Credential, gp_params::GpParams};
+use crate::{
  credential::Credential,
  error::PortalError,
  gp_params::GpParams,
  utils::{normalize_server, parse_gp_error, remove_url_scheme},
 };
-pub async fn gateway_login(
+pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<String> {
-  gateway: &str,
+  let url = normalize_server(gateway)?;
-  cred: &Credential,
+  let gateway = remove_url_scheme(&url);
-  gp_params: &GpParams,
+
-) -> anyhow::Result<String> {
+  let login_url = format!("{}/ssl-vpn/login.esp", url);
  let login_url = format!("https://{}/ssl-vpn/login.esp", gateway);
  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(gp_params.user_agent())
    .build()?;
@@ -19,13 +25,31 @@ pub async fn gateway_login(
  let extra_params = gp_params.to_params();
  params.extend(extra_params);
-  params.insert("server", gateway);
+  params.insert("server", &gateway);
  info!("Gateway login, user_agent: {}", gp_params.user_agent());
-  let res = client.post(&login_url).form(&params).send().await?;
+  let res = client
-  let res_xml = res.error_for_status()?.text().await?;
+    .post(&login_url)
    .form(&params)
    .send()
    .await
    .map_err(|e| anyhow::anyhow!(PortalError::GatewayError(e.to_string())))?;
  let status = res.status();
  if status.is_client_error() || status.is_server_error() {
    let (reason, res) = parse_gp_error(res).await;
    warn!(
      "Gateway login error: reason={}, status={}, response={}",
      reason, status, res
    );
    bail!("Gateway login error, reason: {}", reason);
  }
  let res_xml = res.text().await?;
  let doc = Document::parse(&res_xml)?;
  build_gateway_token(&doc, gp_params.computer())
@@ -56,11 +80,7 @@ fn build_gateway_token(doc: &Document, computer: &str) -> anyhow::Result<String>
  Ok(token)
 }
-fn read_args<'a>(
+fn read_args<'a>(args: &'a [String], index: usize, key: &'a str) -> anyhow::Result<(&'a str, &'a str)> {
  args: &'a [String],
  index: usize,
  key: &'a str,
 ) -> anyhow::Result<(&'a str, &'a str)> {
  args
    .get(index)
    .ok_or_else(|| anyhow::anyhow!("Failed to read {key} from args"))
--- a/crates/gpapi/src/gateway/mod.rs
+++ b/crates/gpapi/src/gateway/mod.rs
@@ -1,5 +1,6 @@
 mod login;
 mod parse_gateways;
 pub mod hip;
 pub use login::*;
 pub(crate) use parse_gateways::*;
@@ -31,6 +32,15 @@ impl Display for Gateway {
 }
 impl Gateway {
  pub fn new(name: String, address: String) -> Self {
    Self {
      name,
      address,
      priority: 0,
      priority_rules: vec![],
    }
  }
  pub fn name(&self) -> &str {
    &self.name
  }
--- a/crates/gpapi/src/gateway/parse_gateways.rs
+++ b/crates/gpapi/src/gateway/parse_gateways.rs
@@ -4,9 +4,7 @@ use super::{Gateway, PriorityRule};
 pub(crate) fn parse_gateways(doc: &Document) -> Option<Vec<Gateway>> {
  let node_gateways = doc.descendants().find(|n| n.has_tag_name("gateways"))?;
-  let list_gateway = node_gateways
+  let list_gateway = node_gateways.descendants().find(|n| n.has_tag_name("list"))?;
    .descendants()
    .find(|n| n.has_tag_name("list"))?;
  let gateways = list_gateway
    .children()
--- a/crates/gpapi/src/gp_params.rs
+++ b/crates/gpapi/src/gp_params.rs
@@ -44,12 +44,14 @@ impl ClientOs {
 #[derive(Debug, Serialize, Deserialize, Type, Default)]
 pub struct GpParams {
  is_gateway: bool,
  user_agent: String,
  client_os: ClientOs,
  os_version: Option<String>,
  client_version: Option<String>,
  computer: String,
  ignore_tls_errors: bool,
  prefer_default_browser: bool,
 }
 impl GpParams {
@@ -57,6 +59,14 @@ impl GpParams {
    GpParamsBuilder::new()
  }
  pub(crate) fn is_gateway(&self) -> bool {
    self.is_gateway
  }
  pub fn set_is_gateway(&mut self, is_gateway: bool) {
    self.is_gateway = is_gateway;
  }
  pub(crate) fn user_agent(&self) -> &str {
    &self.user_agent
  }
@@ -69,6 +79,22 @@ impl GpParams {
    self.ignore_tls_errors
  }
  pub fn prefer_default_browser(&self) -> bool {
    self.prefer_default_browser
  }
  pub fn client_os(&self) -> &str {
    self.client_os.as_str()
  }
  pub fn os_version(&self) -> Option<&str> {
    self.os_version.as_deref()
  }
  pub fn client_version(&self) -> Option<&str> {
    self.client_version.as_deref()
  }
  pub(crate) fn to_params(&self) -> HashMap<&str, &str> {
    let mut params: HashMap<&str, &str> = HashMap::new();
    let client_os = self.client_os.as_str();
@@ -88,35 +114,45 @@ impl GpParams {
      params.insert("os-version", os_version);
    }
-    if let Some(client_version) = &self.client_version {
+    // NOTE: Do not include clientgpversion for now
-      params.insert("clientgpversion", client_version);
+    // if let Some(client_version) = &self.client_version {
-    }
+    //   params.insert("clientgpversion", client_version);
    // }
    params
  }
 }
 pub struct GpParamsBuilder {
  is_gateway: bool,
  user_agent: String,
  client_os: ClientOs,
  os_version: Option<String>,
  client_version: Option<String>,
  computer: String,
  ignore_tls_errors: bool,
  prefer_default_browser: bool,
 }
 impl GpParamsBuilder {
  pub fn new() -> Self {
    Self {
      is_gateway: false,
      user_agent: GP_USER_AGENT.to_string(),
      client_os: ClientOs::Linux,
      os_version: Default::default(),
      client_version: Default::default(),
      computer: whoami::hostname(),
      ignore_tls_errors: false,
      prefer_default_browser: false,
    }
  }
  pub fn is_gateway(&mut self, is_gateway: bool) -> &mut Self {
    self.is_gateway = is_gateway;
    self
  }
  pub fn user_agent(&mut self, user_agent: &str) -> &mut Self {
    self.user_agent = user_agent.to_string();
    self
@@ -147,14 +183,21 @@ impl GpParamsBuilder {
    self
  }
  pub fn prefer_default_browser(&mut self, prefer_default_browser: bool) -> &mut Self {
    self.prefer_default_browser = prefer_default_browser;
    self
  }
  pub fn build(&self) -> GpParams {
    GpParams {
      is_gateway: self.is_gateway,
      user_agent: self.user_agent.clone(),
      client_os: self.client_os.clone(),
      os_version: self.os_version.clone(),
      client_version: self.client_version.clone(),
      computer: self.computer.clone(),
      ignore_tls_errors: self.ignore_tls_errors,
      prefer_default_browser: self.prefer_default_browser,
    }
  }
 }
--- a/crates/gpapi/src/lib.rs
+++ b/crates/gpapi/src/lib.rs
@@ -1,5 +1,6 @@
 pub mod auth;
 pub mod credential;
 pub mod error;
 pub mod gateway;
 pub mod gp_params;
 pub mod portal;
@@ -23,6 +24,8 @@ pub const GP_SERVICE_BINARY: &str = "/usr/bin/gpservice";
 #[cfg(not(debug_assertions))]
 pub const GP_GUI_BINARY: &str = "/usr/bin/gpgui";
 #[cfg(not(debug_assertions))]
 pub const GP_GUI_HELPER_BINARY: &str = "/usr/bin/gpgui-helper";
 #[cfg(not(debug_assertions))]
 pub(crate) const GP_AUTH_BINARY: &str = "/usr/bin/gpauth";
 #[cfg(debug_assertions)]
@@ -32,4 +35,6 @@ pub const GP_SERVICE_BINARY: &str = dotenvy_macro::dotenv!("GP_SERVICE_BINARY");
 #[cfg(debug_assertions)]
 pub const GP_GUI_BINARY: &str = dotenvy_macro::dotenv!("GP_GUI_BINARY");
 #[cfg(debug_assertions)]
 pub const GP_GUI_HELPER_BINARY: &str = dotenvy_macro::dotenv!("GP_GUI_HELPER_BINARY");
 #[cfg(debug_assertions)]
 pub(crate) const GP_AUTH_BINARY: &str = dotenvy_macro::dotenv!("GP_AUTH_BINARY");
--- a/crates/gpapi/src/portal/config.rs
+++ b/crates/gpapi/src/portal/config.rs
@@ -1,16 +1,16 @@
-use anyhow::ensure;
+use anyhow::bail;
-use log::info;
+use log::{info, warn};
-use reqwest::Client;
+use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
 use specta::Type;
 use thiserror::Error;
 use crate::{
  credential::{AuthCookieCredential, Credential},
  error::PortalError,
  gateway::{parse_gateways, Gateway},
  gp_params::GpParams,
-  utils::{normalize_server, xml},
+  utils::{normalize_server, parse_gp_error, remove_url_scheme, xml},
 };
 #[derive(Debug, Serialize, Type)]
@@ -18,25 +18,12 @@ use crate::{
 pub struct PortalConfig {
  portal: String,
  auth_cookie: AuthCookieCredential,
  config_cred: Credential,
  gateways: Vec<Gateway>,
  config_digest: Option<String>,
 }
 impl PortalConfig {
  pub fn new(
    portal: String,
    auth_cookie: AuthCookieCredential,
    gateways: Vec<Gateway>,
    config_digest: Option<String>,
  ) -> Self {
    Self {
      portal,
      auth_cookie,
      gateways,
      config_digest,
    }
  }
  pub fn portal(&self) -> &str {
    &self.portal
  }
@@ -49,6 +36,10 @@ impl PortalConfig {
    &self.auth_cookie
  }
  pub fn config_cred(&self) -> &Credential {
    &self.config_cred
  }
  /// In-place sort the gateways by region
  pub fn sort_gateways(&mut self, region: &str) {
    let preferred_gateway = self.find_preferred_gateway(region);
@@ -88,38 +79,17 @@ impl PortalConfig {
    }
    // If no gateway is found, return the gateway with the lowest priority
-    preferred_gateway.unwrap_or_else(|| {
+    preferred_gateway.unwrap_or_else(|| self.gateways.iter().min_by_key(|gateway| gateway.priority).unwrap())
      self
        .gateways
        .iter()
        .min_by_key(|gateway| gateway.priority)
        .unwrap()
    })
  }
 }
-#[derive(Error, Debug)]
+pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<PortalConfig> {
 pub enum PortalConfigError {
  #[error("Empty response, retrying can help")]
  EmptyResponse,
  #[error("Empty auth cookie, retrying can help")]
  EmptyAuthCookie,
  #[error("Invalid auth cookie, retrying can help")]
  InvalidAuthCookie,
  #[error("Empty gateways, retrying can help")]
  EmptyGateways,
 }
 pub async fn retrieve_config(
  portal: &str,
  cred: &Credential,
  gp_params: &GpParams,
 ) -> anyhow::Result<PortalConfig> {
  let portal = normalize_server(portal)?;
  let server = remove_url_scheme(&portal);
  let url = format!("{}/global-protect/getconfig.esp", portal);
  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(gp_params.user_agent())
    .build()?;
@@ -133,42 +103,49 @@ pub async fn retrieve_config(
  info!("Portal config, user_agent: {}", gp_params.user_agent());
  let res = client.post(&url).form(&params).send().await?;
-  let res_xml = res.error_for_status()?.text().await?;
+  let status = res.status();
-  ensure!(!res_xml.is_empty(), PortalConfigError::EmptyResponse);
+  if status == StatusCode::NOT_FOUND {
    bail!(PortalError::ConfigError("Config endpoint not found".to_string()))
  }
-  let doc = Document::parse(&res_xml)?;
+  if status.is_client_error() || status.is_server_error() {
-  let gateways = parse_gateways(&doc).ok_or_else(|| anyhow::anyhow!("Failed to parse gateways"))?;
+    let (reason, res) = parse_gp_error(res).await;
    warn!(
      "Portal config error: reason={}, status={}, response={}",
      reason, status, res
    );
    bail!("Portal config error, reason: {}", reason);
  }
  let res_xml = res.text().await.map_err(|e| PortalError::ConfigError(e.to_string()))?;
  if res_xml.is_empty() {
    bail!(PortalError::ConfigError("Empty portal config response".to_string()))
  }
  let doc = Document::parse(&res_xml).map_err(|e| PortalError::ConfigError(e.to_string()))?;
  let mut gateways = parse_gateways(&doc).unwrap_or_else(|| {
    info!("No gateways found in portal config");
    vec![]
  });
  let user_auth_cookie = xml::get_child_text(&doc, "portal-userauthcookie").unwrap_or_default();
-  let prelogon_user_auth_cookie =
+  let prelogon_user_auth_cookie = xml::get_child_text(&doc, "portal-prelogonuserauthcookie").unwrap_or_default();
    xml::get_child_text(&doc, "portal-prelogonuserauthcookie").unwrap_or_default();
  let config_digest = xml::get_child_text(&doc, "config-digest");
-  ensure!(
+  if gateways.is_empty() {
-    !user_auth_cookie.is_empty() && !prelogon_user_auth_cookie.is_empty(),
+    gateways.push(Gateway::new(server.to_string(), server.to_string()));
-    PortalConfigError::EmptyAuthCookie
+  }
  );
-  ensure!(
+  Ok(PortalConfig {
-    user_auth_cookie != "empty" && prelogon_user_auth_cookie != "empty",
+    portal: server.to_string(),
-    PortalConfigError::InvalidAuthCookie
+    auth_cookie: AuthCookieCredential::new(cred.username(), &user_auth_cookie, &prelogon_user_auth_cookie),
-  );
+    config_cred: cred.clone(),
  ensure!(!gateways.is_empty(), PortalConfigError::EmptyGateways);
  Ok(PortalConfig::new(
    server.to_string(),
    AuthCookieCredential::new(
      cred.username(),
      &user_auth_cookie,
      &prelogon_user_auth_cookie,
    ),
    gateways,
    config_digest,
-  ))
+  })
 }
 fn remove_url_scheme(s: &str) -> String {
  s.replace("http://", "").replace("https://", "")
 }
--- a/crates/gpapi/src/portal/prelogin.rs
+++ b/crates/gpapi/src/portal/prelogin.rs
@@ -1,13 +1,14 @@
 use anyhow::bail;
-use log::{info, trace};
+use log::{info, warn};
-use reqwest::Client;
+use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
 use specta::Type;
 use crate::{
  error::PortalError,
  gp_params::GpParams,
-  utils::{base64, normalize_server, xml},
+  utils::{base64, normalize_server, parse_gp_error, xml},
 };
 const REQUIRED_PARAMS: [&str; 8] = [
@@ -25,7 +26,9 @@ const REQUIRED_PARAMS: [&str; 8] = [
 #[serde(rename_all = "camelCase")]
 pub struct SamlPrelogin {
  region: String,
  is_gateway: bool,
  saml_request: String,
  support_default_browser: bool,
 }
 impl SamlPrelogin {
@@ -36,12 +39,17 @@ impl SamlPrelogin {
  pub fn saml_request(&self) -> &str {
    &self.saml_request
  }
  pub fn support_default_browser(&self) -> bool {
    self.support_default_browser
  }
 }
 #[derive(Debug, Serialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
 pub struct StandardPrelogin {
  region: String,
  is_gateway: bool,
  auth_message: String,
  label_username: String,
  label_password: String,
@@ -79,27 +87,31 @@ impl Prelogin {
      Prelogin::Standard(standard) => standard.region(),
    }
  }
  pub fn is_gateway(&self) -> bool {
    match self {
      Prelogin::Saml(saml) => saml.is_gateway,
      Prelogin::Standard(standard) => standard.is_gateway,
    }
  }
 }
 pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prelogin> {
  let user_agent = gp_params.user_agent();
-  info!("Portal prelogin, user_agent: {}", user_agent);
+  info!("Prelogin with user_agent: {}", user_agent);
  let portal = normalize_server(portal)?;
-  let prelogin_url = format!(
+  let is_gateway = gp_params.is_gateway();
-    "{}/global-protect/prelogin.esp?kerberos-support=yes",
+  let path = if is_gateway { "ssl-vpn" } else { "global-protect" };
-    portal
+  let prelogin_url = format!("{portal}/{}/prelogin.esp", path);
  );
  let mut params = gp_params.to_params();
  params.insert("tmp", "tmp");
  params.insert("default-browser", "0");
  params.insert("cas-support", "yes");
-  params.retain(|k, _| {
+  params.insert("tmp", "tmp");
-    REQUIRED_PARAMS
+  if gp_params.prefer_default_browser() {
-      .iter()
+    params.insert("default-browser", "1");
-      .any(|required_param| required_param == k)
+  }
-  });
+
  params.retain(|k, _| REQUIRED_PARAMS.iter().any(|required_param| required_param == k));
  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
@@ -107,9 +119,31 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
    .build()?;
  let res = client.post(&prelogin_url).form(&params).send().await?;
-  let res_xml = res.error_for_status()?.text().await?;
+  let status = res.status();
-  trace!("Prelogin response: {}", res_xml);
+  if status == StatusCode::NOT_FOUND {
    bail!(PortalError::PreloginError("Prelogin endpoint not found".to_string()))
  }
  if status.is_client_error() || status.is_server_error() {
    let (reason, res) = parse_gp_error(res).await;
    warn!("Prelogin error: reason={}, status={}, response={}", reason, status, res);
    bail!("Prelogin error: {}", status)
  }
  let res_xml = res
    .text()
    .await
    .map_err(|e| PortalError::PreloginError(e.to_string()))?;
  let prelogin = parse_res_xml(res_xml, is_gateway).map_err(|e| PortalError::PreloginError(e.to_string()))?;
  Ok(prelogin)
 }
 fn parse_res_xml(res_xml: String, is_gateway: bool) -> anyhow::Result<Prelogin> {
  let doc = Document::parse(&res_xml)?;
  let status = xml::get_child_text(&doc, "status")
@@ -120,17 +154,24 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
    bail!("Prelogin failed: {}", msg)
  }
-  let region = xml::get_child_text(&doc, "region")
+  let region = xml::get_child_text(&doc, "region").unwrap_or_else(|| {
-    .ok_or_else(|| anyhow::anyhow!("Prelogin response does not contain region element"))?;
+    info!("Prelogin response does not contain region element");
    String::from("Unknown")
  });
  let saml_method = xml::get_child_text(&doc, "saml-auth-method");
  let saml_request = xml::get_child_text(&doc, "saml-request");
  let saml_default_browser = xml::get_child_text(&doc, "saml-default-browser");
  // Check if the prelogin response is SAML
  if saml_method.is_some() && saml_request.is_some() {
    let saml_request = base64::decode_to_string(&saml_request.unwrap())?;
    let support_default_browser = saml_default_browser.map(|s| s.to_lowercase() == "yes").unwrap_or(false);
    let saml_prelogin = SamlPrelogin {
      region,
      is_gateway,
      saml_request,
      support_default_browser,
    };
    return Ok(Prelogin::Saml(saml_prelogin));
@@ -140,10 +181,11 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
  let label_password = xml::get_child_text(&doc, "password-label");
  // Check if the prelogin response is standard login
  if label_username.is_some() && label_password.is_some() {
-    let auth_message = xml::get_child_text(&doc, "authentication-message")
+    let auth_message =
-      .unwrap_or(String::from("Please enter the login credentials"));
+      xml::get_child_text(&doc, "authentication-message").unwrap_or(String::from("Please enter the login credentials"));
    let standard_prelogin = StandardPrelogin {
      region,
      is_gateway,
      auth_message,
      label_username: label_username.unwrap(),
      label_password: label_password.unwrap(),
--- a/crates/gpapi/src/process/auth_launcher.rs
+++ b/crates/gpapi/src/process/auth_launcher.rs
@@ -1,5 +1,6 @@
 use std::process::Stdio;
 use anyhow::bail;
 use tokio::process::Command;
 use crate::{auth::SamlAuthResult, credential::Credential, GP_AUTH_BINARY};
@@ -8,6 +9,7 @@ use super::command_traits::CommandExt;
 pub struct SamlAuthLauncher<'a> {
  server: &'a str,
  gateway: bool,
  saml_request: Option<&'a str>,
  user_agent: Option<&'a str>,
  os: Option<&'a str>,
@@ -22,6 +24,7 @@ impl<'a> SamlAuthLauncher<'a> {
  pub fn new(server: &'a str) -> Self {
    Self {
      server,
      gateway: false,
      saml_request: None,
      user_agent: None,
      os: None,
@@ -33,6 +36,11 @@ impl<'a> SamlAuthLauncher<'a> {
    }
  }
  pub fn gateway(mut self, gateway: bool) -> Self {
    self.gateway = gateway;
    self
  }
  pub fn saml_request(mut self, saml_request: &'a str) -> Self {
    self.saml_request = Some(saml_request);
    self
@@ -78,6 +86,10 @@ impl<'a> SamlAuthLauncher<'a> {
    let mut auth_cmd = Command::new(GP_AUTH_BINARY);
    auth_cmd.arg(self.server);
    if self.gateway {
      auth_cmd.arg("--gateway");
    }
    if let Some(saml_request) = self.saml_request {
      auth_cmd.arg("--saml-request").arg(saml_request);
    }
@@ -118,12 +130,13 @@ impl<'a> SamlAuthLauncher<'a> {
      .wait_with_output()
      .await?;
-    let auth_result: SamlAuthResult = serde_json::from_slice(&output.stdout)
+    let Ok(auth_result) = serde_json::from_slice::<SamlAuthResult>(&output.stdout) else {
-      .map_err(|_| anyhow::anyhow!("Failed to parse auth data"))?;
+      bail!("Failed to parse auth data")
    };
    match auth_result {
      SamlAuthResult::Success(auth_data) => Credential::try_from(auth_data),
-      SamlAuthResult::Failure(msg) => Err(anyhow::anyhow!(msg)),
+      SamlAuthResult::Failure(msg) => bail!(msg),
    }
  }
 }
--- a/crates/gpapi/src/process/browser_authenticator.rs
+++ b/crates/gpapi/src/process/browser_authenticator.rs
@@ -0,0 +1,34 @@
 use std::{env::temp_dir, io::Write};
 pub struct BrowserAuthenticator<'a> {
  auth_request: &'a str,
 }
 impl BrowserAuthenticator<'_> {
  pub fn new(auth_request: &str) -> BrowserAuthenticator {
    BrowserAuthenticator { auth_request }
  }
  pub fn authenticate(&self) -> anyhow::Result<()> {
    if self.auth_request.starts_with("http") {
      open::that_detached(self.auth_request)?;
    } else {
      let html_file = temp_dir().join("gpauth.html");
      let mut file = std::fs::File::create(&html_file)?;
      file.write_all(self.auth_request.as_bytes())?;
      open::that_detached(html_file)?;
    }
    Ok(())
  }
 }
 impl Drop for BrowserAuthenticator<'_> {
  fn drop(&mut self) {
    // Cleanup the temporary file
    let html_file = temp_dir().join("gpauth.html");
    let _ = std::fs::remove_file(html_file);
  }
 }
--- a/crates/gpapi/src/process/command_traits.rs
+++ b/crates/gpapi/src/process/command_traits.rs
@@ -1,7 +1,8 @@
-use anyhow::bail;
+use std::ffi::OsStr;
 use std::{env, ffi::OsStr};
 use tokio::process::Command;
-use uzers::{os::unix::UserExt, User};
+use uzers::os::unix::UserExt;
 use super::users::get_non_root_user;
 pub trait CommandExt {
  fn new_pkexec<S: AsRef<OsStr>>(program: S) -> Command;
@@ -11,18 +12,13 @@ pub trait CommandExt {
 impl CommandExt for Command {
  fn new_pkexec<S: AsRef<OsStr>>(program: S) -> Command {
    let mut cmd = Command::new("pkexec");
-    cmd
+    cmd.arg("--user").arg("root").arg(program);
      .arg("--disable-internal-agent")
      .arg("--user")
      .arg("root")
      .arg(program);
    cmd
  }
  fn into_non_root(mut self) -> anyhow::Result<Command> {
-    let user =
+    let user = get_non_root_user().map_err(|_| anyhow::anyhow!("{:?} cannot be run as root", self))?;
      get_non_root_user().map_err(|_| anyhow::anyhow!("{:?} cannot be run as root", self))?;
    self
      .env("HOME", user.home_dir())
@@ -35,30 +31,3 @@ impl CommandExt for Command {
    Ok(self)
  }
 }
 fn get_non_root_user() -> anyhow::Result<User> {
  let current_user = whoami::username();
  let user = if current_user == "root" {
    get_real_user()?
  } else {
    uzers::get_user_by_name(&current_user)
      .ok_or_else(|| anyhow::anyhow!("User ({}) not found", current_user))?
  };
  if user.uid() == 0 {
    bail!("Non-root user not found")
  }
  Ok(user)
 }
 fn get_real_user() -> anyhow::Result<User> {
  // Read the UID from SUDO_UID or PKEXEC_UID environment variable if available.
  let uid = match env::var("SUDO_UID") {
    Ok(uid) => uid.parse::<u32>()?,
    _ => env::var("PKEXEC_UID")?.parse::<u32>()?,
  };
  uzers::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
 }
--- a/crates/gpapi/src/process/gui_helper_launcher.rs
+++ b/crates/gpapi/src/process/gui_helper_launcher.rs
@@ -0,0 +1,68 @@
 use std::{collections::HashMap, path::PathBuf, process::Stdio};
 use anyhow::bail;
 use log::info;
 use tokio::{io::AsyncWriteExt, process::Command};
 use crate::{process::command_traits::CommandExt, utils, GP_GUI_HELPER_BINARY};
 pub struct GuiHelperLauncher<'a> {
  program: PathBuf,
  envs: Option<&'a HashMap<String, String>>,
  api_key: &'a [u8],
  gui_version: Option<&'a str>,
 }
 impl<'a> GuiHelperLauncher<'a> {
  pub fn new(api_key: &'a [u8]) -> Self {
    Self {
      program: GP_GUI_HELPER_BINARY.into(),
      envs: None,
      api_key,
      gui_version: None,
    }
  }
  pub fn envs(mut self, envs: Option<&'a HashMap<String, String>>) -> Self {
    self.envs = envs;
    self
  }
  pub fn gui_version(mut self, version: Option<&'a str>) -> Self {
    self.gui_version = version;
    self
  }
  pub async fn launch(&self) -> anyhow::Result<()> {
    let mut cmd = Command::new(&self.program);
    if let Some(envs) = self.envs {
      cmd.env_clear();
      cmd.envs(envs);
    }
    cmd.arg("--api-key-on-stdin");
    if let Some(gui_version) = self.gui_version {
      cmd.arg("--gui-version").arg(gui_version);
    }
    info!("Launching gpgui-helper");
    let mut non_root_cmd = cmd.into_non_root()?;
    let mut child = non_root_cmd.kill_on_drop(true).stdin(Stdio::piped()).spawn()?;
    let Some(mut stdin) = child.stdin.take() else {
      bail!("Failed to open stdin");
    };
    let api_key = utils::base64::encode(self.api_key);
    tokio::spawn(async move {
      stdin.write_all(api_key.as_bytes()).await.unwrap();
      drop(stdin);
    });
    let exit_status = child.wait().await?;
    info!("gpgui-helper exited with: {}", exit_status);
    Ok(())
  }
 }
--- a/crates/gpapi/src/process/gui_launcher.rs
+++ b/crates/gpapi/src/process/gui_launcher.rs
@@ -4,30 +4,28 @@ use std::{
  process::{ExitStatus, Stdio},
 };
 use anyhow::bail;
 use log::info;
 use tokio::{io::AsyncWriteExt, process::Command};
-use crate::{utils::base64, GP_GUI_BINARY};
+use crate::{process::gui_helper_launcher::GuiHelperLauncher, utils::base64, GP_GUI_BINARY};
 use super::command_traits::CommandExt;
-pub struct GuiLauncher {
+pub struct GuiLauncher<'a> {
  version: &'a str,
  program: PathBuf,
-  api_key: Option<Vec<u8>>,
+  api_key: &'a [u8],
  minimized: bool,
  envs: Option<HashMap<String, String>>,
 }
-impl Default for GuiLauncher {
+impl<'a> GuiLauncher<'a> {
-  fn default() -> Self {
+  pub fn new(version: &'a str, api_key: &'a [u8]) -> Self {
    Self::new()
  }
 }
 impl GuiLauncher {
  pub fn new() -> Self {
    Self {
      version,
      program: GP_GUI_BINARY.into(),
-      api_key: None,
+      api_key,
      minimized: false,
      envs: None,
    }
@@ -38,17 +36,23 @@ impl GuiLauncher {
    self
  }
  pub fn api_key(mut self, api_key: Vec<u8>) -> Self {
    self.api_key = Some(api_key);
    self
  }
  pub fn minimized(mut self, minimized: bool) -> Self {
    self.minimized = minimized;
    self
  }
  pub async fn launch(&self) -> anyhow::Result<ExitStatus> {
    // Check if the program's version
    if let Err(err) = self.check_version().await {
      info!("Check version failed: {}", err);
      // Download the program and replace the current one
      self.download_program().await?;
    }
    self.launch_program().await
  }
  async fn launch_program(&self) -> anyhow::Result<ExitStatus> {
    let mut cmd = Command::new(&self.program);
    if let Some(envs) = &self.envs {
@@ -56,36 +60,60 @@ impl GuiLauncher {
      cmd.envs(envs);
    }
-    if self.api_key.is_some() {
+    cmd.arg("--api-key-on-stdin");
      cmd.arg("--api-key-on-stdin");
    }
    if self.minimized {
      cmd.arg("--minimized");
    }
    info!("Launching gpgui");
    let mut non_root_cmd = cmd.into_non_root()?;
    let mut child = non_root_cmd.kill_on_drop(true).stdin(Stdio::piped()).spawn()?;
    let Some(mut stdin) = child.stdin.take() else {
      bail!("Failed to open stdin");
    };
-    let mut child = non_root_cmd
+    let api_key = base64::encode(self.api_key);
-      .kill_on_drop(true)
+    tokio::spawn(async move {
-      .stdin(Stdio::piped())
+      stdin.write_all(api_key.as_bytes()).await.unwrap();
-      .spawn()?;
+      drop(stdin);
-
+    });
    let mut stdin = child
      .stdin
      .take()
      .ok_or_else(|| anyhow::anyhow!("Failed to open stdin"))?;
    if let Some(api_key) = &self.api_key {
      let api_key = base64::encode(api_key);
      tokio::spawn(async move {
        stdin.write_all(api_key.as_bytes()).await.unwrap();
        drop(stdin);
      });
    }
    let exit_status = child.wait().await?;
    Ok(exit_status)
  }
  async fn check_version(&self) -> anyhow::Result<()> {
    let cmd = Command::new(&self.program).arg("--version").output().await?;
    let output = String::from_utf8_lossy(&cmd.stdout);
    // Version string: "gpgui 2.0.0 (2024-02-05)"
    let Some(version) = output.split_whitespace().nth(1) else {
      bail!("Failed to parse version: {}", output);
    };
    if version != self.version {
      bail!("Version mismatch: expected {}, got {}", self.version, version);
    }
    info!("Version check passed: {}", version);
    Ok(())
  }
  async fn download_program(&self) -> anyhow::Result<()> {
    let gui_helper = GuiHelperLauncher::new(self.api_key);
    gui_helper
      .envs(self.envs.as_ref())
      .gui_version(Some(self.version))
      .launch()
      .await?;
    // Check the version again
    self.check_version().await?;
    Ok(())
  }
 }
--- a/crates/gpapi/src/process/hip_launcher.rs
+++ b/crates/gpapi/src/process/hip_launcher.rs
@@ -0,0 +1,94 @@
 use std::process::Stdio;
 use anyhow::bail;
 use tokio::process::Command;
 pub struct HipLauncher<'a> {
  program: &'a str,
  cookie: Option<&'a str>,
  client_ip: Option<&'a str>,
  md5: Option<&'a str>,
  client_os: Option<&'a str>,
  client_version: Option<&'a str>,
 }
 impl<'a> HipLauncher<'a> {
  pub fn new(program: &'a str) -> Self {
    Self {
      program,
      cookie: None,
      client_ip: None,
      md5: None,
      client_os: None,
      client_version: None,
    }
  }
  pub fn cookie(mut self, cookie: &'a str) -> Self {
    self.cookie = Some(cookie);
    self
  }
  pub fn client_ip(mut self, client_ip: &'a str) -> Self {
    self.client_ip = Some(client_ip);
    self
  }
  pub fn md5(mut self, md5: &'a str) -> Self {
    self.md5 = Some(md5);
    self
  }
  pub fn client_os(mut self, client_os: &'a str) -> Self {
    self.client_os = Some(client_os);
    self
  }
  pub fn client_version(mut self, client_version: Option<&'a str>) -> Self {
    self.client_version = client_version;
    self
  }
  pub async fn launch(&self) -> anyhow::Result<String> {
    let mut cmd = Command::new(self.program);
    if let Some(cookie) = self.cookie {
      cmd.arg("--cookie").arg(cookie);
    }
    if let Some(client_ip) = self.client_ip {
      cmd.arg("--client-ip").arg(client_ip);
    }
    if let Some(md5) = self.md5 {
      cmd.arg("--md5").arg(md5);
    }
    if let Some(client_os) = self.client_os {
      cmd.arg("--client-os").arg(client_os);
    }
    if let Some(client_version) = self.client_version {
      cmd.env("APP_VERSION", client_version);
    }
    let output = cmd
      .kill_on_drop(true)
      .stdout(Stdio::piped())
      .spawn()?
      .wait_with_output()
      .await?;
    if let Some(exit_status) = output.status.code() {
      if exit_status != 0 {
        bail!("HIP report generation failed with exit code {}", exit_status);
      }
      let report = String::from_utf8(output.stdout)?;
      Ok(report)
    } else {
      bail!("HIP report generation failed");
    }
  }
 }
--- a/crates/gpapi/src/process/mod.rs
+++ b/crates/gpapi/src/process/mod.rs
@@ -1,5 +1,10 @@
 pub(crate) mod command_traits;
 pub(crate) mod gui_helper_launcher;
 pub mod auth_launcher;
 #[cfg(feature = "browser-auth")]
 pub mod browser_authenticator;
 pub mod gui_launcher;
 pub mod hip_launcher;
 pub mod service_launcher;
 pub mod users;
--- a/crates/gpapi/src/process/users.rs
+++ b/crates/gpapi/src/process/users.rs
@@ -0,0 +1,39 @@
 use std::env;
 use anyhow::bail;
 use uzers::User;
 pub fn get_user_by_name(username: &str) -> anyhow::Result<User> {
  uzers::get_user_by_name(username).ok_or_else(|| anyhow::anyhow!("User ({}) not found", username))
 }
 pub fn get_non_root_user() -> anyhow::Result<User> {
  let current_user = whoami::username();
  let user = if current_user == "root" {
    get_real_user()?
  } else {
    get_user_by_name(&current_user)?
  };
  if user.uid() == 0 {
    bail!("Non-root user not found")
  }
  Ok(user)
 }
 pub fn get_current_user() -> anyhow::Result<User> {
  let current_user = whoami::username();
  get_user_by_name(&current_user)
 }
 fn get_real_user() -> anyhow::Result<User> {
  // Read the UID from SUDO_UID or PKEXEC_UID environment variable if available.
  let uid = match env::var("SUDO_UID") {
    Ok(uid) => uid.parse::<u32>()?,
    _ => env::var("PKEXEC_UID")?.parse::<u32>()?,
  };
  uzers::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
 }
--- a/crates/gpapi/src/service/event.rs
+++ b/crates/gpapi/src/service/event.rs
@@ -7,4 +7,6 @@ use super::vpn_state::VpnState;
 pub enum WsEvent {
  VpnState(VpnState),
  ActiveGui,
  /// External authentication data
  AuthData(String),
 }
--- a/crates/gpapi/src/service/request.rs
+++ b/crates/gpapi/src/service/request.rs
@@ -32,6 +32,9 @@ pub struct ConnectArgs {
  cookie: String,
  vpnc_script: Option<String>,
  user_agent: Option<String>,
  csd_uid: u32,
  csd_wrapper: Option<String>,
  mtu: u32,
  os: Option<ClientOs>,
 }
@@ -42,6 +45,9 @@ impl ConnectArgs {
      vpnc_script: None,
      user_agent: None,
      os: None,
      csd_uid: 0,
      csd_wrapper: None,
      mtu: 0,
    }
  }
@@ -58,10 +64,19 @@ impl ConnectArgs {
  }
  pub fn openconnect_os(&self) -> Option<String> {
-    self
+    self.os.as_ref().map(|os| os.to_openconnect_os().to_string())
-      .os
+  }
-      .as_ref()
+
-      .map(|os| os.to_openconnect_os().to_string())
+  pub fn csd_uid(&self) -> u32 {
    self.csd_uid
  }
  pub fn csd_wrapper(&self) -> Option<String> {
    self.csd_wrapper.clone()
  }
  pub fn mtu(&self) -> u32 {
    self.mtu
  }
 }
@@ -84,6 +99,21 @@ impl ConnectRequest {
    self
  }
  pub fn with_csd_uid(mut self, csd_uid: u32) -> Self {
    self.args.csd_uid = csd_uid;
    self
  }
  pub fn with_csd_wrapper<T: Into<Option<String>>>(mut self, csd_wrapper: T) -> Self {
    self.args.csd_wrapper = csd_wrapper.into();
    self
  }
  pub fn with_mtu(mut self, mtu: u32) -> Self {
    self.args.mtu = mtu;
    self
  }
  pub fn with_user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
    self.args.user_agent = user_agent.into();
    self
@@ -116,3 +146,9 @@ pub enum WsRequest {
  Connect(Box<ConnectRequest>),
  Disconnect(DisconnectRequest),
 }
 #[derive(Debug, Deserialize, Serialize)]
 pub struct UpdateGuiRequest {
  pub path: String,
  pub checksum: String,
 }
--- a/crates/gpapi/src/utils/checksum.rs
+++ b/crates/gpapi/src/utils/checksum.rs
@@ -0,0 +1,14 @@
 use std::path::Path;
 use anyhow::bail;
 pub fn verify_checksum(path: &str, expected: &str) -> anyhow::Result<()> {
  let file = Path::new(&path);
  let checksum = sha256::try_digest(&file)?;
  if checksum != expected {
    bail!("Checksum mismatch, expected: {}, actual: {}", expected, checksum);
  }
  Ok(())
 }
--- a/crates/gpapi/src/utils/mod.rs
+++ b/crates/gpapi/src/utils/mod.rs
@@ -1,8 +1,9 @@
-use reqwest::Url;
+use reqwest::{Response, Url};
 pub(crate) mod xml;
 pub mod base64;
 pub mod checksum;
 pub mod crypto;
 pub mod endpoint;
 pub mod env_file;
@@ -30,11 +31,28 @@ pub fn normalize_server(server: &str) -> anyhow::Result<String> {
    .host_str()
    .ok_or(anyhow::anyhow!("Invalid server URL: missing host"))?;
-  let port: String = normalized_url
+  let port: String = normalized_url.port().map_or("".into(), |port| format!(":{}", port));
    .port()
    .map_or("".into(), |port| format!(":{}", port));
  let normalized_url = format!("{}://{}{}", scheme, host, port);
  Ok(normalized_url)
 }
 pub fn remove_url_scheme(s: &str) -> String {
  s.replace("http://", "").replace("https://", "")
 }
 pub(crate) async fn parse_gp_error(res: Response) -> (String, String) {
  let reason = res
    .headers()
    .get("x-private-pan-globalprotect")
    .map_or_else(|| "<none>", |v| v.to_str().unwrap_or("<invalid header>"))
    .to_string();
  let res = res.text().await.map_or_else(
    |_| "<failed to read response>".to_string(),
    |v| if v.is_empty() { "<empty>".to_string() } else { v },
  );
  (reason, res)
 }
--- a/crates/gpapi/src/utils/redact.rs
+++ b/crates/gpapi/src/utils/redact.rs
@@ -115,12 +115,7 @@ pub fn redact_uri(uri: &str) -> String {
      .map(|query| format!("?{}", query))
      .unwrap_or_default();
-    return format!(
+    return format!("{}://[**********]{}{}", url.scheme(), url.path(), redacted_query);
      "{}://[**********]{}{}",
      url.scheme(),
      url.path(),
      redacted_query
    );
  }
  let redacted_query = redact_query(url.query());
@@ -165,10 +160,7 @@ mod tests {
    redaction.add_value("foo").unwrap();
-    assert_eq!(
+    assert_eq!(redaction.redact_str("hello, foo, bar"), "hello, [**********], bar");
      redaction.redact_str("hello, foo, bar"),
      "hello, [**********], bar"
    );
  }
  #[test]
--- a/crates/gpapi/src/utils/shutdown_signal.rs
+++ b/crates/gpapi/src/utils/shutdown_signal.rs
@@ -2,9 +2,7 @@ use tokio::signal;
 pub async fn shutdown_signal() {
  let ctrl_c = async {
-    signal::ctrl_c()
+    signal::ctrl_c().await.expect("failed to install Ctrl+C handler");
      .await
      .expect("failed to install Ctrl+C handler");
  };
  #[cfg(unix)]
--- a/crates/gpapi/src/utils/window.rs
+++ b/crates/gpapi/src/utils/window.rs
@@ -2,17 +2,22 @@ use std::{process::ExitStatus, time::Duration};
 use anyhow::bail;
 use log::{info, warn};
-use tauri::{window::MenuHandle, Window};
+use tauri::Window;
 use tokio::process::Command;
 pub trait WindowExt {
  fn raise(&self) -> anyhow::Result<()>;
  fn hide_menu(&self);
 }
 impl WindowExt for Window {
  fn raise(&self) -> anyhow::Result<()> {
    raise_window(self)
  }
  fn hide_menu(&self) {
    hide_menu(self);
  }
 }
 pub fn raise_window(win: &Window) -> anyhow::Result<()> {
@@ -34,7 +39,8 @@ pub fn raise_window(win: &Window) -> anyhow::Result<()> {
  }
  // Calling window.show() on Windows will cause the menu to be shown.
-  hide_menu(win.menu_handle());
+  // We need to hide it again.
  hide_menu(win);
  Ok(())
 }
@@ -71,7 +77,9 @@ async fn wmctrl_try_raise_window(title: &str) -> anyhow::Result<ExitStatus> {
  Ok(exit_status)
 }
-fn hide_menu(menu_handle: MenuHandle) {
+fn hide_menu(win: &Window) {
  let menu_handle = win.menu_handle();
  tokio::spawn(async move {
    loop {
      let menu_visible = menu_handle.is_visible().unwrap_or(false);
--- a/crates/openconnect/Cargo.toml
+++ b/crates/openconnect/Cargo.toml
@@ -6,8 +6,8 @@ license.workspace = true
 links = "openconnect"
 [dependencies]
 common = { path = "../common" }
 log.workspace = true
 is_executable.workspace = true
 [build-dependencies]
 cc = "1"
--- a/crates/openconnect/build.rs
+++ b/crates/openconnect/build.rs
@@ -5,8 +5,5 @@ fn main() {
  println!("cargo:rerun-if-changed=src/ffi/vpn.h");
  // Compile the vpn.c file
-  cc::Build::new()
+  cc::Build::new().file("src/ffi/vpn.c").include("src/ffi").compile("vpn");
    .file("src/ffi/vpn.c")
    .include("src/ffi")
    .compile("vpn");
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Kevin Yue	187ca778f2	Release 2.1.1	2024-03-25 21:42:16 +08:00
Kevin Yue	2d1aa3ba8c	Handle the gateway endpoint error Related: #338	2024-03-25 21:03:54 +08:00
Kevin Yue	08bd4efefa	Improve the error message Related #327	2024-03-23 20:05:54 +08:00
Kevin Yue	558485f5a9	Add the --hip option	2024-03-17 18:41:42 +08:00
Kevin Yue	cff2ff9dbe	Update dependencies	2024-03-16 21:24:41 +08:00
Kevin Yue	d5d92cfbee	Ensure vpnc_script and csd_wrapper executable	2024-03-16 21:06:49 +08:00
Kevin Yue	a00f6a8cba	Add vpnc_script location, fix #336	2024-03-16 12:05:09 +08:00
Kevin Yue	59dee3d767	Update packaging script	2024-03-11 07:55:49 -04:00
Kevin Yue	e94661b213	Fix build-depends	2024-03-10 08:32:35 -04:00
Kevin Yue	9dea81bdff	Update CI	2024-03-10 16:31:18 +08:00
Kevin Yue	6ff552c1ec	Update packaging	2024-03-05 08:12:26 -05:00
Kevin Yue	c1b1ea1a67	Update install instructions	2024-02-27 21:05:52 +08:00
Kevin Yue	167a8f4037	Release 2.1.0	2024-02-26 23:45:37 +08:00
Kevin Yue	47776d54d9	Improve packaging (#328 ) * Add gpgui-helper (#326) * Add packaging	2024-02-26 23:33:39 +08:00
Kevin Yue	5767c252b7	Update issue templates	2024-02-17 20:39:11 +08:00
Kevin Yue	a2efcada02	Update README.md	2024-02-13 04:07:18 -05:00
Kevin Yue	e68aa0ffa6	Update README.md	2024-02-13 03:24:20 -05:00
Kevin Yue	66bcccabe4	Add mtu option	2024-02-10 18:19:37 +08:00
Kevin Yue	3736189308	Retry auth if failed to obtain the auth cookie	2024-02-07 19:33:58 +08:00
Kevin Yue	c408482c55	Update install instruction	2024-02-06 20:30:57 +08:00
Kevin Yue	00b0b8eb84	Update README.md	2024-02-06 12:44:18 +08:00
Wesley vieira	b14294f131	update readme with the prerequisites (#313 )	2024-02-06 12:43:26 +08:00
Kevin Yue	db9249bd61	Support HIP report (#309 )	2024-02-05 18:35:45 +08:00
Kevin Yue	662e4d0b8a	Support specify csd-wrapper	2024-02-03 13:12:17 +08:00
Kevin Yue	13be9179f5	Bump version 2.0.0	2024-02-01 22:41:36 +08:00
Kevin Yue	0a55506077	Do not error when region is not found	2024-02-01 21:52:31 +08:00
Kevin Yue	8860efa82e	Simplify code	2024-01-29 07:54:58 -05:00
Kevin Yue	9bc0994a8e	Update gpauth app icon	2024-01-29 06:10:34 -05:00
Kevin Yue	1f50e4d82b	Add CI	2024-01-28 20:34:15 +08:00
Kevin Yue	995d1216ea	Bump version 2.0.0-beta8	2024-01-28 20:21:33 +08:00
Kevin Yue	196e91289c	Update format	2024-01-28 05:11:46 -05:00
Kevin Yue	b2bb35994f	Support connect gateway (#306 )	2024-01-28 11:41:48 +08:00
Kevin Yue	6fe6a1387a	Update README.md	2024-01-25 20:30:23 +08:00
Kevin Yue	aac401e7ee	Perform gateway prelogin when failed to login to gateway	2024-01-23 09:26:45 -05:00
Kevin Yue	9655b735a1	Fix ignore TLS errors	2024-01-22 23:20:25 -05:00
Kevin Yue	c3bd7aeb93	Support SSO using default browser	2024-01-22 09:43:44 -05:00
		`@@ -0,0 +1 @@`
							<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>