NordSecurity · gbaranski · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025 · Jan 9, 2025
diff --git a/core/core.go b/core/core.go
@@ -38,6 +38,7 @@ type CredentialsAPI interface {
 
 type InsightsAPI interface {
 	Insights() (*Insights, error)
+	InsightsViaTunnel() (*Insights, error)
 }
 
 type ServersAPI interface {
@@ -99,9 +100,9 @@ func (api *DefaultAPI) request(path, method string, data []byte, token string) (
 	return api.do(req)
 }
 
-// do request regardless of the authentication.
-func (api *DefaultAPI) do(req *http.Request) (*http.Response, error) {
-	resp, err := api.client.Do(req)
+// doWithClient makes a request with the provided client.
+func (api *DefaultAPI) doWithClient(req *http.Request, client *http.Client) (*http.Response, error) {
+	resp, err := client.Do(req)
 
 	// Transport of the request is already up to date
 
@@ -145,6 +146,11 @@ func (api *DefaultAPI) do(req *http.Request) (*http.Response, error) {
 	return resp, nil
 }
 
+// do request regardless of the authentication.
+func (api *DefaultAPI) do(req *http.Request) (*http.Response, error) {
+	return api.doWithClient(req, api.client)
+}
+
 func (api *DefaultAPI) Plans() (*Plans, error) {
 	var ret *Plans
 	req, err := request.NewRequest(http.MethodGet, api.agent, api.baseURL, PlanURL, "application/json", "", "gzip, deflate", nil)
@@ -418,14 +424,13 @@ func (api *DefaultAPI) Server(id int64) (*Server, error) {
 	return &ret[0], nil
 }
 
-// Insights returns insights about user
-func (api *DefaultAPI) Insights() (*Insights, error) {
+func (api *DefaultAPI) insightsWithClient(client *http.Client) (*Insights, error) {
 	req, err := request.NewRequest(http.MethodGet, api.agent, api.baseURL, InsightsURL, "application/json", "", "gzip, deflate", nil)
 	if err != nil {
 		return nil, err
 	}
 
-	resp, err := api.do(req)
+	resp, err := api.doWithClient(req, client)
 	if err != nil {
 		return nil, err
 	}
@@ -438,6 +443,19 @@ func (api *DefaultAPI) Insights() (*Insights, error) {
 	return &ret, nil
 }
 
+// Insights returns insights about user
+func (api *DefaultAPI) Insights() (*Insights, error) {
+	return api.insightsWithClient(api.client)
+}
+
+// InsightsViaTunnel returns insights about user, but the request is made through a tunnel
+// the method is not using the default client, but creates a new one
+// the request might not necessary go through a tunnel, if there's no tunnel open
+func (api *DefaultAPI) InsightsViaTunnel() (*Insights, error) {
+	client := request.NewStdHTTP()
+	return api.insightsWithClient(client)
+}
+
 type NotificationCredentialsRequest struct {
 	AppUserID  string `json:"app_user_uid"`
 	PlatformID int    `json:"platform_id"`

diff --git a/core/models.go b/core/models.go
@@ -554,6 +554,7 @@ type Pivot struct {
 }
 
 type Insights struct {
+	IP          string  `json:"ip"`
 	City        string  `json:"city"`
 	Country     string  `json:"country"`
 	Isp         string  `json:"isp"`

diff --git a/daemon/data_manager.go b/daemon/data_manager.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"net/netip"
 	"sort"
 	"strings"
 	"sync"
@@ -30,6 +31,7 @@ type DataManager struct {
 	insightsData     InsightsData
 	serversData      ServersData
 	versionData      VersionData
+	actualIP         netip.Addr
 	dataUpdateEvents *events.DataUpdateEvents
 	mu               sync.Mutex
 }
@@ -44,6 +46,7 @@ func NewDataManager(insightsFilePath,
 		insightsData:     InsightsData{filePath: insightsFilePath},
 		serversData:      ServersData{filePath: serversFilePath},
 		versionData:      VersionData{filePath: versionFilePath},
+		actualIP:         netip.Addr{},
 		dataUpdateEvents: dataUpdateEvents,
 	}
 }
@@ -196,6 +199,18 @@ func (dm *DataManager) SetVersionData(version semver.Version, newerAvailable boo
 	}
 }
 
+func (dm *DataManager) GetActualIP() netip.Addr {
+	dm.mu.Lock()
+	defer dm.mu.Unlock()
+	return dm.actualIP
+}
+
+func (dm *DataManager) SetActualIP(ip netip.Addr) {
+	dm.mu.Lock()
+	defer dm.mu.Unlock()
+	dm.actualIP = ip
+}
+
 func toServerTechnology(
 	technology config.Technology,
 	protocol config.Protocol,

diff --git a/daemon/job_actual_ip.go b/daemon/job_actual_ip.go
@@ -0,0 +1,135 @@
+package daemon
+
+import (
+	"context"
+	"log"
+	"net/netip"
+	"time"
+
+	"github.com/NordSecurity/nordvpn-linux/core"
+	"github.com/NordSecurity/nordvpn-linux/daemon/state"
+	"github.com/NordSecurity/nordvpn-linux/events"
+	"github.com/NordSecurity/nordvpn-linux/internal"
+	"github.com/NordSecurity/nordvpn-linux/network"
+)
+
+// tryInsightsIP is an attempt to get insights IP
+// the IP it returns is always valid
+func tryInsightsIP(api core.InsightsAPI) (netip.Addr, error) {
+	insights, err := api.InsightsViaTunnel()
+	if err == nil && insights != nil {
+		ip, err := netip.ParseAddr(insights.IP)
+		if err == nil {
+			return ip, nil
+		} else {
+			return netip.Addr{}, err
+		}
+	} else {
+		return netip.Addr{}, err
+	}
+}
+
+func insightsIPUntilSuccess(ctx context.Context, api core.InsightsAPI, backoff func(int) time.Duration) (netip.Addr, error) {
+	type Result struct {
+		netip.Addr
+		error
+	}
+	result := make(chan Result)
+	for i := 0; ; i++ {
+		if ctx.Err() != nil {
+			return netip.Addr{}, ctx.Err()
+		}
+
+		// this goroutine is used so that this function is immediately stopped once the context is cancelled
+		go func() {
+			ip, err := tryInsightsIP(api)
+			result <- Result{ip, err}
+		}()
+
+		select {
+		case r := <-result:
+			if r.error == nil {
+				return r.Addr, nil
+			} else {
+				log.Println(internal.ErrorPrefix, "insights ip attempt failed: ", r.error)
+			}
+		case <-ctx.Done():
+			return netip.Addr{}, ctx.Err()
+		}
+
+		select {
+		case <-time.After(backoff(i)): // wait before retrying
+		// PS: there's no fallthrough
+		case <-ctx.Done():
+			return netip.Addr{}, ctx.Err()
+		}
+	}
+}
+
+func updateActualIP(dm *DataManager, api core.InsightsAPI, ctx context.Context, isConnected bool) error {
+	var newIP netip.Addr
+	defer func() {
+		dm.SetActualIP(newIP)
+	}()
+
+	if !isConnected {
+		return nil
+	}
+
+	insightsIP, err := insightsIPUntilSuccess(ctx, api, network.ExponentialBackoff)
+	if err != nil {
+		return err
+	}
+	if insightsIP.IsValid() {
+		newIP = insightsIP
+	}
+
+	return nil
+}
+
+// JobActualIP is a long-running job that will update the actual IP address indefinitely
+// it reacts to state updates from the statePublisher
+func JobActualIP(statePublisher *state.StatePublisher, dm *DataManager, api core.InsightsAPI) {
+	call := func(ctx context.Context, isConnected bool) {
+		err := updateActualIP(dm, api, ctx, isConnected)
+		if err == nil {
+			err := statePublisher.NotifyActualIPUpdate()
+			if err != nil {
+				log.Println(internal.ErrorPrefix, "notify about actual ip update failed: ", err)
+			}
+		} else {
+			if err == context.Canceled {
+				return
+			}
+			log.Println(internal.ErrorPrefix, "actual ip job error: ", err)
+		}
+	}
+
+	stateChan, _ := statePublisher.AddSubscriber()
+	var cancel context.CancelFunc
+
+	for ev := range stateChan {
+		_, isConnect := ev.(events.DataConnect)
+		_, isDisconnect := ev.(events.DataDisconnect)
+
+		if isConnect || isDisconnect {
+			if cancel != nil {
+				cancel()
+			}
+
+			var ctx context.Context
+			ctx, cancel = context.WithCancel(context.Background())
+
+			if isConnect {
+				go call(ctx, true)
+			} else {
+				call(ctx, false) // should finish immediately, that's why it's not a separate goroutine
+			}
+		}
+	}
+
+	// Ensure the context is canceled when the loop exits
+	if cancel != nil {
+		cancel()
+	}
+}