xah30/AuraVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c8ea919c4d30486b53fc256fb54c52e5a9c5ca8
AuraVPN/aura-gui/README.md
T
xah30 40b38beb11 feat(aura-gui): v0.1 Tauri-based desktop client — system tray + profile manager + admin status 
New crate (kept out of the cargo workspace so the protocol-side check/test cycle stays fast):
a Tauri 2 + React 19 + TypeScript desktop app that runs in the system tray and manages
`aura client` for the user. The clash-verge replacement we settled on instead of trying to
shoehorn AuraVPN's L3 IP-tunnel into a clash-verge L4 outbound.

## What's wired

- **Profile manager** — `aura-gui/src-tauri/src/profiles.rs`. App-data layout
  (`~/Library/Application Support/ru.undergr0und.aura/profiles/<id>/` on macOS, the
  equivalent on Linux + Windows). `import_profile_from_tgz` accepts the same bundle shape
  `aura provision-client` emits, detects flat vs single-dir layouts, and refuses overwrites
  unless the operator deletes first. `delete_profile` refuses symlinks.

- **Connection control** — `cli_proc.rs`. Spawns `aura client --config <profile>/client.toml
  --admin-socket /tmp/aura-admin-<uid>-<profile>.sock`, captures stderr into a bounded
  in-memory ring (200 lines) for the UI to tail, kills via `Child::kill` on disconnect.
  Per-profile / per-uid socket paths so two GUIs (or two profiles) don't collide.

- **Live status** — `admin.rs`. Tiny JSON-line client for the v3.3 admin socket. Polled by
  the React app every 1.5 s: peer id, rx/tx packets, default action, rule count. Falls back
  gracefully (admin_error in the response) when the handshake hasn't completed yet.

- **System tray** — `lib.rs` `setup` callback. Three-item menu (Open AuraVPN / Disconnect /
  Quit). The window's close button hides to the tray instead of exiting — the app keeps
  running so the VPN stays connected; the user explicitly chooses Quit.

- **Frontend** — `src/App.tsx`. Single-page layout: profile list (with badge for missing
  files), connect/disconnect button per profile, status table, collapsible logs panel,
  binary-path picker at the bottom. Dark-mode CSS by default; the same look as a typical
  WireGuard / Tailscale-style tray app.

## What's deferred for v0.2

- Auto-start at login (launchd plist / systemd user unit / Windows Run key)
- Code signing + notarization
- Persisting the aura binary path between sessions
- Per-profile route overrides editor
- Live log streaming (today the frontend polls the ring buffer)
- Admin status query on Windows (today's `admin.rs` Unix-only; Windows path returns a clear
  "not supported yet" error)
- Polkit / authorization-services prompt for the TUN-needs-root step (today the operator
  has to launch the GUI from a privileged context, e.g. `sudo open -a aura-gui` on macOS)

## Workspace hygiene

Cargo workspace at the repo root now has `exclude = ["aura-gui"]` so the protocol crates'
`cargo check --workspace` / `cargo test --workspace` don't pull in the tauri + wry + webview
dep graph. The GUI builds standalone from `aura-gui/` via `npm run tauri build`.

## Validation

- `cd aura-gui/src-tauri && cargo check` — green
- `cd aura-gui/src-tauri && cargo clippy -- -D warnings` — clean
- `cd aura-gui/src-tauri && cargo fmt --check` — clean
- `cd aura-gui && npm run build` — frontend tsc + vite build succeeds
- Full `npm run tauri dev` not exercised in this session (would open a real window) — should
  work; if it breaks the surface area is small enough that next session fixes it.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-29 17:47:51 +03:00

121 lines
4.7 KiB
Markdown
Raw Blame History

# aura-gui — desktop client for AuraVPN
A Tauri 2 + React TypeScript app that runs in the system tray. It's the GUI front-end for the
existing `aura` CLI: import a provisioned bundle (`.tgz`), pick a profile, hit Connect, watch
the live tunnel status. No clash-verge replacement and no protocol patching — just a thin
manager around the existing CLI.
## Status
**v0.1 (MVP)** — scaffolding + core flows. Working:
- ✅ Profile list / import / delete (drop in a `provision-client` `.tgz` and you're set)
- ✅ Connect / Disconnect (spawns / kills `aura client` per profile)
- ✅ Live status panel (peer, tx/rx packets, default action, rules) via admin socket
- ✅ System tray with Open / Disconnect / Quit menu
- ✅ Close button hides to tray (app stays alive in background)
**Deferred for v0.2:**
- Auto-start at login (launchd plist / systemd user unit / Windows Run key)
- Code signing + notarization (macOS) / Authenticode (Windows)
- Per-profile route overrides editor
- Live log streaming (currently polled, frontend tails the in-memory ring)
- Admin status query on Windows (uses Unix sockets today; need named pipe support)
## Layout
```
aura-gui/
├── src-tauri/ (Rust 2 backend, separate Cargo manifest)
│ ├── src/
│ │ ├── lib.rs (Tauri commands + tray + window plumbing)
│ │ ├── profiles.rs ([app_data]/profiles/ I/O + .tgz import)
│ │ ├── cli_proc.rs (spawns aura client + stderr ring buffer)
│ │ └── admin.rs (JSON-line admin socket client)
│ ├── Cargo.toml
│ └── tauri.conf.json
├── src/ (React TS frontend)
│ ├── App.tsx
│ └── App.css
├── package.json
└── README.md (this file)
```
The `src-tauri/` crate is intentionally **excluded** from the workspace at the repo root
(`workspace.exclude = ["aura-gui"]`) so `cargo check --workspace` from the project root keeps
checking just the protocol crates and doesn't pull tauri/wry/webview into every CI run.
## Build
```sh
# Backend deps come down with cargo at build time
cd aura-gui
npm install # ~10 s, downloads vite + React 19
npm run build # frontend tsc + vite build → dist/
npm run tauri build # full bundle: .dmg / .deb / .msi / .AppImage
```
For dev:
```sh
npm run tauri dev
```
The first build downloads ~200 MB of native deps (tauri, wry, webview) — subsequent builds are
fast (incremental).
## Profile storage
Per-platform app-data dir:
| OS | Path |
|---------|-------------------------------------------------------------------|
| macOS | `~/Library/Application Support/ru.undergr0und.aura/profiles/` |
| Linux | `~/.config/AuraVPN/profiles/` |
| Windows | `%APPDATA%\AuraVPN\profiles\` |
Each profile is a directory with the same shape as `aura provision-client` emits:
```
profiles/<id>/
├── client.toml
├── ca.crt
├── client.crt
├── client.key
└── bridges.signed (optional, v3.3+)
```
The `id` is the basename of the imported `.tgz` (e.g. `client-1.tgz``profiles/client-1/`).
## Aura binary path
The GUI shells out to `aura client` for each connection. It defaults to:
1. `/Users/xah30/AuraVPN/target/release/aura` if present (dev convenience),
2. `/usr/local/bin/aura` on Unix,
3. `C:\Program Files\AuraVPN\aura.exe` on Windows.
Change it at runtime via the "Change…" button at the bottom of the window. The setting is
session-only for now (persisting it to a config file is a v0.2 todo).
## Sudo / admin privileges
`aura client` creates a TUN device, which needs root on Unix and Administrator on Windows.
Currently the GUI does **not** run with elevated privileges — the operator must launch it from
a privileged shell, or via `sudo open -a aura-gui` on macOS, etc.
v0.2 will add a polkit / authorization-services prompt for the privileged step.
## Why not just patch clash-verge?
We thought about it. AuraVPN is an **L3 IP-tunnel** (like WireGuard); clash-verge / mihomo /
sing-box outbounds are **L4 per-flow proxies** (like Trojan / VLESS / Hysteria). Bridging the
two requires either a user-space TCP/IP stack inside the outbound (gVisor) or extensive
mihomo patching. Neither was a small lift, and a self-contained tray app turned out to be the
shortest path to "vpn that always-on in a clash-verge-ish UX".
A v0.3 stretch goal is to ship a **local SOCKS5 listener** alongside the TUN, so clash-verge
users who already use SOCKS5 outbounds can point at AuraVPN as a SOCKS5 proxy. That requires
the gVisor netstack — separate piece of work.
Reference in New Issue View Git Blame Copy Permalink