chore: bump version (#1701)

* chore: removed unnecessary qdebug

* fix: return soft and hide strict killswitch

.github/workflows/deploy.yml

@@ -10,7 +10,7 @@ env:
 
 jobs:
   Build-Linux-Ubuntu:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     env:
       QT_VERSION: 6.6.2
@@ -20,6 +20,8 @@ jobs:
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
       DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
       DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
 
     steps:
     - name: 'Install Qt'
@@ -90,6 +92,8 @@ jobs:
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
       DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
       DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
 
     steps:
     - name: 'Get sources'
@@ -156,6 +160,8 @@ jobs:
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
       DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
       DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
 
     steps:
     - name: 'Setup xcode'
@@ -190,7 +196,7 @@ jobs:
     - name: 'Install go'
       uses: actions/setup-go@v5
       with:
-        go-version: '1.22.1'
+        go-version: '1.24'
         cache: false
 
     - name: 'Setup gomobile'
@@ -243,18 +249,82 @@ jobs:
 
 # ------------------------------------------------------
 
-  Build-MacOS:
+  Build-MacOS-old:
     runs-on: macos-latest
 
     env:
       # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
       QT_VERSION: 6.4.3
-      QIF_VERSION: 4.6
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
       DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
       DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
+
+    steps:
+    - name: 'Setup xcode'
+      uses: maxim-lobanov/setup-xcode@v1
+      with:
+        xcode-version: '15.4.0'
+
+    - name: 'Install Qt'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'mac'
+        target: 'desktop'
+        arch: 'clang_64'
+        modules: 'qtremoteobjects qt5compat qtshadertools'
+        dir: ${{ runner.temp }}
+        setup-python: 'true'
+        set-env: 'true'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
+
+
+    - name: 'Get sources'
+      uses: actions/checkout@v4
+      with:
+        submodules: 'true'
+        fetch-depth: 10
+
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2
+
+    - name: 'Build project'
+      run: |
+        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
+        bash deploy/build_macos.sh
+
+    - name: 'Upload installer artifact'
+      uses: actions/upload-artifact@v4
+      with:
+        name: AmneziaVPN_MacOS_old_installer
+        path: deploy/build/pkg/AmneziaVPN.pkg
+        retention-days: 7
+
+    - name: 'Upload unpacked artifact'
+      uses: actions/upload-artifact@v4
+      with:
+        name: AmneziaVPN_MacOS_old_unpacked
+        path: deploy/build/client/AmneziaVPN.app
+        retention-days: 7
+
+# ------------------------------------------------------
+
+  Build-MacOS:
+    runs-on: macos-latest
+
+    env:
+      QT_VERSION: 6.8.0
+      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
 
     steps:
     - name: 'Setup xcode'
@@ -275,11 +345,6 @@ jobs:
         set-env: 'true'
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
-    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
-      run: |
-        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
-        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
-        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
 
     - name: 'Get sources'
       uses: actions/checkout@v4
@@ -293,14 +358,13 @@ jobs:
     - name: 'Build project'
       run: |
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
-        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
         bash deploy/build_macos.sh
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
         name: AmneziaVPN_MacOS_installer
-        path: AmneziaVPN.dmg
+        path: deploy/build/pkg/AmneziaVPN.pkg
         retention-days: 7
 
     - name: 'Upload unpacked artifact'
@@ -324,6 +388,8 @@ jobs:
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
       DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
       DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
 
     steps:
     - name: 'Install desktop Qt'

.github/workflows/tag-deploy.yml

@@ -20,6 +20,8 @@ jobs:
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
       DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
       DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
 
     steps:
     - name: 'Install desktop Qt'

.github/workflows/tag-upload.yml

@@ -1,64 +1,41 @@
 name: 'Upload a new version'
 
 on:
-  push:
+  workflow_dispatch:
-    tags:
+    inputs:
-    - '[0-9]+.[0-9]+.[0-9]+.[0-9]+'
+      RELEASE_VERSION:
+        description: 'Release version (e.g. 1.2.3.4)'
+        required: true
+        type: string
 
 jobs:
-  upload:
+  Upload-S3:
     runs-on: ubuntu-latest
-    name: upload
     steps:
-      - name: Checkout CMakeLists.txt
+      - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.ref_name }}
+          ref: ${{ inputs.RELEASE_VERSION }}
           sparse-checkout: |
             CMakeLists.txt
+            deploy/deploy_s3.sh
           sparse-checkout-cone-mode: false
 
       - name: Verify git tag
         run: |
-          GIT_TAG=${{ github.ref_name }}
+          TAG_NAME=${{ inputs.RELEASE_VERSION }}
           CMAKE_TAG=$(grep 'project.*VERSION' CMakeLists.txt | sed -E 's/.* ([0-9]+.[0-9]+.[0-9]+.[0-9]+)$/\1/')
-
+          if [[ "$TAG_NAME" == "$CMAKE_TAG" ]]; then
-          if [[ "$GIT_TAG" == "$CMAKE_TAG" ]]; then
+            echo "Git tag ($TAG_NAME) matches CMakeLists.txt version ($CMAKE_TAG)."
-            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are the same. Continuing..."
           else
-            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are not the same! Cancelling..."
+            echo "::error::Mismatch: Git tag ($TAG_NAME) != CMakeLists.txt version ($CMAKE_TAG). Exiting with error..."
             exit 1
           fi
 
-      - name: Download artifacts from the "${{ github.ref_name }}" tag
+      - name: Setup Rclone
-        uses: robinraju/release-downloader@v1.8
+        uses: AnimMouse/setup-rclone@v1
         with:
-          tag: ${{ github.ref_name }}
+          rclone_config: ${{ secrets.RCLONE_CONFIG }}
-          fileName: "AmneziaVPN_(Linux_|)${{ github.ref_name }}*"
-          out-file-path: ${{ github.ref_name }}
 
-      - name: Upload beta version
+      - name: Send dist to S3
-        uses: jakejarvis/s3-sync-action@master
+        run: bash deploy/deploy_s3.sh ${{ inputs.RELEASE_VERSION }}
-        if: contains(github.event.base_ref, 'dev')
-        with:
-          args: --include "AmneziaVPN*" --delete
-        env:
-          AWS_S3_BUCKET: updates
-          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
-          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
-          SOURCE_DIR: ${{ github.ref_name }}
-          DEST_DIR: beta/${{ github.ref_name }}
-
-      - name: Upload stable version
-        uses: jakejarvis/s3-sync-action@master
-        if: contains(github.event.base_ref, 'master')
-        with:
-          args: --include "AmneziaVPN*" --delete
-        env:
-          AWS_S3_BUCKET: updates
-          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
-          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
-          SOURCE_DIR: ${{ github.ref_name }}
-          DEST_DIR: stable/${{ github.ref_name }}

.gitignore

@@ -134,3 +134,7 @@ out/
 
 # CMake files
 CMakeFiles/
+
+ios-ne-build.sh
+macos-ne-build.sh
+macos-signed-build.sh

.gitmodules

@@ -7,6 +7,7 @@
 [submodule "client/3rd-prebuilt"]
 	path = client/3rd-prebuilt
 	url = https://github.com/amnezia-vpn/3rd-prebuilt
+	branch = feature/special-handshake
 [submodule "client/3rd/amneziawg-apple"]
 	path = client/3rd/amneziawg-apple
 	url = https://github.com/amnezia-vpn/amneziawg-apple

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.8.3.3
+project(${PROJECT} VERSION 4.8.8.1
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2076)
+set(APP_ANDROID_VERSION_CODE 2087)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

README_RU.md

@@ -6,11 +6,11 @@
 [![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
 
 ### [English](https://github.com/amnezia-vpn/amnezia-client/blob/dev/README.md) | Русский
-[AmneziaVPN](https://amnezia.org) — это open sourse VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере.
+[AmneziaVPN](https://amnezia.org) — это open source VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере.
 
 [![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)
 
-### [Сайт](https://amnezia.org) | [Зеркало на сайт](https://storage.googleapis.com/amnezia/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting)
+### [Сайт](https://amnezia.org) | [Зеркало сайта](https://storage.googleapis.com/amnezia/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting)
 
 > [!TIP]
 > Если [сайт Amnezia](https://amnezia.org) заблокирован в вашем регионе, вы можете воспользоваться [ссылкой на зеркало](https://storage.googleapis.com/amnezia/amnezia.org).
@@ -30,7 +30,7 @@
 - Классические VPN-протоколы: OpenVPN, WireGuard и IKEv2.
 - Протоколы с маскировкой трафика (обфускацией): OpenVPN с плагином [Cloak](https://github.com/cbeuw/Cloak), Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
 - Поддержка Split Tunneling — добавляйте любые сайты или приложения в список, чтобы включить VPN только для них.
-- Поддерживает платформы: Windows, MacOS, Linux, Android, iOS.
+- Поддерживает платформы: Windows, macOS, Linux, Android, iOS.
 - Поддержка конфигурации протокола AmneziaWG на [бета-прошивке Keenetic](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).
 
 ## Ссылки
@@ -38,10 +38,10 @@
 - [https://amnezia.org](https://amnezia.org) - Веб-сайт проекта | [Альтернативная ссылка (зеркало)](https://storage.googleapis.com/kldscp/amnezia.org)
 - [https://docs.amnezia.org](https://docs.amnezia.org) - Документация
 - [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
-- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддржки в Telegram (Английский)
+- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддержки в Telegram (Английский)
-- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддржки в Telegram (Фарси)
+- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддержки в Telegram (Фарси)
-- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддржки в Telegram (Мьянма) 
+- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддержки в Telegram (Мьянма) 
-- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддржки в Telegram  (Русский)
+- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддержки в Telegram  (Русский)
 - [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium | [Зеркало](https://storage.googleapis.com/kldscp/vpnpay.io/ru/amnezia-premium\)
 
 ## Технологии
@@ -80,8 +80,8 @@ git submodule update --init --recursive
 Проверьте папку deploy для скриптов сборки.
 
 ### Как собрать iOS-приложение из исходного кода на MacOS
-1. Убедитесь, что у вас установлен XCode версии 14 или выше.
+1. Убедитесь, что у вас установлен Xcode версии 14 или выше.
-2. Для генерации проекта XCode используется QT. Требуется версия QT 6.6.2. Установите QT для MacOS здесь или через QT Online Installer. Необходимые модули:
+2. Для генерации проекта Xcode используется QT. Требуется версия QT 6.6.2. Установите QT для MacOS здесь или через QT Online Installer. Необходимые модули:
 - MacOS
 - iOS
 - Модуль совместимости с Qt 5
@@ -117,7 +117,7 @@ $QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR
 export PATH=$(PATH):/path/to/GOPATH/bin
 ```
 
-6. Откройте проект в XCode. Теперь вы можете тестировать, архивировать или публиковать приложение.
+6. Откройте проект в Xcode. Теперь вы можете тестировать, архивировать или публиковать приложение.
    
 Если сборка завершится с ошибкой:
 ```

client/3rd-prebuilt

@@ -1 +1 @@
-Subproject commit e555c78bcf44070d5c88bcca54480732c9164f18
+Subproject commit 840b7b070e6ac8b90dda2fac6e98859b23727c0c

client/3rd/amneziawg-apple

@@ -1 +1 @@
-Subproject commit 76e7db556a6d7e2582f9481df91db188a46c009c
+Subproject commit 811af0a83b3faeade89a9093a588595666d32066

client/CMakeLists.txt

@@ -31,9 +31,8 @@ add_definitions(-DDEV_AGW_PUBLIC_KEY="$ENV{DEV_AGW_PUBLIC_KEY}")
 add_definitions(-DDEV_AGW_ENDPOINT="$ENV{DEV_AGW_ENDPOINT}")
 add_definitions(-DDEV_S3_ENDPOINT="$ENV{DEV_S3_ENDPOINT}")
 
-if(IOS)
+add_definitions(-DFREE_V2_ENDPOINT="$ENV{FREE_V2_ENDPOINT}")
-    set(PACKAGES ${PACKAGES} Multimedia)
+add_definitions(-DPREM_V1_ENDPOINT="$ENV{PREM_V1_ENDPOINT}")
-endif()
 
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     set(PACKAGES ${PACKAGES} Widgets)
@@ -48,10 +47,6 @@ set(LIBS ${LIBS}
     Qt6::Core5Compat Qt6::Concurrent
 )
 
-if(IOS)
-    set(LIBS ${LIBS} Qt6::Multimedia)
-endif()
-
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     set(LIBS ${LIBS} Qt6::Widgets)
 endif()
@@ -105,8 +100,8 @@ if(IS_CI)
     endif()
 endif()
 
-
 include(${CMAKE_CURRENT_LIST_DIR}/cmake/3rdparty.cmake)
+include(${CMAKE_CURRENT_LIST_DIR}/cmake/sources.cmake)
 
 include_directories(
     ${CMAKE_CURRENT_LIST_DIR}/../ipc
@@ -115,167 +110,22 @@ include_directories(
     ${CMAKE_CURRENT_BINARY_DIR}
 )
 
-configure_file(${CMAKE_CURRENT_LIST_DIR}/../version.h.in ${CMAKE_CURRENT_BINARY_DIR}/version.h)
-
-set(HEADERS ${HEADERS}
-    ${CMAKE_CURRENT_LIST_DIR}/migrations.h
-    ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc.h
-    ${CMAKE_CURRENT_LIST_DIR}/amnezia_application.h
-    ${CMAKE_CURRENT_LIST_DIR}/containers/containers_defs.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/defs.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/errorstrings.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/scripts_registry.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/server_defs.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/apiController.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/serverController.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/vpnConfigurationController.h
-    ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.h
-    ${CMAKE_CURRENT_LIST_DIR}/protocols/qml_register_protocols.h
-    ${CMAKE_CURRENT_LIST_DIR}/ui/pages.h
-    ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.h
-    ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.h
-    ${CMAKE_CURRENT_BINARY_DIR}/version.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/networkUtilities.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/serialization.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/transfer.h
-    ${CMAKE_CURRENT_LIST_DIR}/core/enums/apiEnums.h
-    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.h
-    ${CMAKE_CURRENT_LIST_DIR}/utils/qmlUtils.h
-)
-
-# Mozilla headres
-set(HEADERS ${HEADERS}
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/models/server.h
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/shared/ipaddress.h
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/shared/leakdetector.h
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/controllerimpl.h
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/localsocketcontroller.h
-)
-
 include_directories(mozilla)
 include_directories(mozilla/shared)
 include_directories(mozilla/models)
 
-if(NOT IOS)
+configure_file(${CMAKE_CURRENT_LIST_DIR}/../version.h.in ${CMAKE_CURRENT_BINARY_DIR}/version.h)
-    set(HEADERS ${HEADERS}
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.h
-    )
-endif()
-
-if(NOT ANDROID)
-    set(HEADERS ${HEADERS}
-        ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.h
-    )
-endif()
-
-set(SOURCES ${SOURCES}
-    ${CMAKE_CURRENT_LIST_DIR}/migrations.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/amnezia_application.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/containers/containers_defs.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/errorstrings.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/scripts_registry.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/server_defs.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/apiController.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/serverController.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/vpnConfigurationController.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/networkUtilities.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/outbound.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/inbound.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/ss.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/ssd.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vless.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/trojan.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess_new.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/utils/qmlUtils.cpp
-)
-
-# Mozilla sources
-set(SOURCES ${SOURCES}
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/models/server.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/shared/ipaddress.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/shared/leakdetector.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/mozilla/localsocketcontroller.cpp
-)
 
 if(CMAKE_BUILD_TYPE STREQUAL "Debug")
     target_compile_definitions(${PROJECT} PRIVATE "MZ_DEBUG")
 endif()
 
-if(NOT IOS)
-    set(SOURCES ${SOURCES}
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.cpp
-    )
-endif()
-
-if(NOT ANDROID)
-    set(SOURCES ${SOURCES}
-        ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.cpp
-    )
-endif()
-
-file(GLOB COMMON_FILES_H CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/*.h)
-file(GLOB COMMON_FILES_CPP CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/*.cpp)
-
-file(GLOB_RECURSE PAGE_LOGIC_H CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/ui/pages_logic/*.h)
-file(GLOB_RECURSE PAGE_LOGIC_CPP CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/ui/pages_logic/*.cpp)
-
-file(GLOB CONFIGURATORS_H CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/configurators/*.h)
-file(GLOB CONFIGURATORS_CPP CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/configurators/*.cpp)
-
-file(GLOB UI_MODELS_H CONFIGURE_DEPENDS
-    ${CMAKE_CURRENT_LIST_DIR}/ui/models/*.h
-    ${CMAKE_CURRENT_LIST_DIR}/ui/models/protocols/*.h
-    ${CMAKE_CURRENT_LIST_DIR}/ui/models/services/*.h
-)
-file(GLOB UI_MODELS_CPP CONFIGURE_DEPENDS
-    ${CMAKE_CURRENT_LIST_DIR}/ui/models/*.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/ui/models/protocols/*.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/ui/models/services/*.cpp
-)
-
-file(GLOB UI_CONTROLLERS_H CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/ui/controllers/*.h)
-file(GLOB UI_CONTROLLERS_CPP CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/ui/controllers/*.cpp)
-
-set(HEADERS ${HEADERS}
-    ${COMMON_FILES_H}
-    ${PAGE_LOGIC_H}
-    ${CONFIGURATORS_H}
-    ${UI_MODELS_H}
-    ${UI_CONTROLLERS_H}
-)
-set(SOURCES ${SOURCES}
-    ${COMMON_FILES_CPP}
-    ${PAGE_LOGIC_CPP}
-    ${CONFIGURATORS_CPP}
-    ${UI_MODELS_CPP}
-    ${UI_CONTROLLERS_CPP}
-)
-
 if(WIN32)
     configure_file(
         ${CMAKE_CURRENT_LIST_DIR}/platforms/windows/amneziavpn.rc.in
         ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn.rc
     )
 
-    set(HEADERS ${HEADERS}
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/ikev2_vpn_protocol_windows.h
-    )
-
-    set(SOURCES ${SOURCES}
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/ikev2_vpn_protocol_windows.cpp
-    )
-
-    set(RESOURCES ${RESOURCES}
-        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn.rc
-    )
-
     set(LIBS ${LIBS}
         user32
         rasapi32
@@ -319,30 +169,6 @@ endif()
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     message("Client desktop build")
     add_compile_definitions(AMNEZIA_DESKTOP)
-
-    set(HEADERS ${HEADERS}
-        ${CMAKE_CURRENT_LIST_DIR}/core/ipcclient.h
-        ${CMAKE_CURRENT_LIST_DIR}/core/privileged_process.h
-        ${CMAKE_CURRENT_LIST_DIR}/ui/systemtray_notificationhandler.h
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnprotocol.h
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnovercloakprotocol.h
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/shadowsocksvpnprotocol.h
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/wireguardprotocol.h
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/xrayprotocol.h
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/awgprotocol.h
-    )
-
-    set(SOURCES ${SOURCES}
-        ${CMAKE_CURRENT_LIST_DIR}/core/ipcclient.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/core/privileged_process.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/ui/systemtray_notificationhandler.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnprotocol.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnovercloakprotocol.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/shadowsocksvpnprotocol.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/wireguardprotocol.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/xrayprotocol.cpp
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/awgprotocol.cpp
-    )
 endif()
 
 if(ANDROID)

client/amnezia_application.cpp

@@ -14,22 +14,14 @@
 #include <QTranslator>
 
 #include "logger.h"
+#include "ui/controllers/pageController.h"
 #include "ui/models/installedAppsModel.h"
 #include "version.h"
 
 #include "platforms/ios/QRCodeReaderBase.h"
-#if defined(Q_OS_ANDROID)
-    #include "core/installedAppsImageProvider.h"
-    #include "platforms/android/android_controller.h"
-#endif
 
 #include "protocols/qml_register_protocols.h"
 
-#if defined(Q_OS_IOS)
-    #include "platforms/ios/ios_controller.h"
-    #include <AmneziaVPN-Swift.h>
-#endif
-
 AmneziaApplication::AmneziaApplication(int &argc, char *argv[]) : AMNEZIA_BASE_CLASS(argc, argv)
 {
     setQuitOnLastWindowClosed(false);
@@ -84,79 +76,12 @@ void AmneziaApplication::init()
     m_vpnConnection->moveToThread(&m_vpnConnectionThread);
     m_vpnConnectionThread.start();
 
-    initModels();
+    m_coreController.reset(new CoreController(m_vpnConnection, m_settings, m_engine));
-    loadTranslator();
-    initControllers();
-
-#ifdef Q_OS_ANDROID
-    if (!AndroidController::initLogging()) {
-        qFatal("Android logging initialization failed");
-    }
-    AndroidController::instance()->setSaveLogs(m_settings->isSaveLogs());
-    connect(m_settings.get(), &Settings::saveLogsChanged, AndroidController::instance(), &AndroidController::setSaveLogs);
-
-    AndroidController::instance()->setScreenshotsEnabled(m_settings->isScreenshotsEnabled());
-    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, AndroidController::instance(), &AndroidController::setScreenshotsEnabled);
-
-    connect(m_settings.get(), &Settings::serverRemoved, AndroidController::instance(), &AndroidController::resetLastServer);
-
-    connect(m_settings.get(), &Settings::settingsCleared, []() { AndroidController::instance()->resetLastServer(-1); });
-
-    connect(AndroidController::instance(), &AndroidController::initConnectionState, this, [this](Vpn::ConnectionState state) {
-        m_connectionController->onConnectionStateChanged(state);
-        if (m_vpnConnection)
-            m_vpnConnection->restoreConnection();
-    });
-    if (!AndroidController::instance()->initialize()) {
-        qFatal("Android controller initialization failed");
-    }
-
-    connect(AndroidController::instance(), &AndroidController::importConfigFromOutside, this, [this](QString data) {
-        emit m_pageController->goToPageHome();
-        m_importController->extractConfigFromData(data);
-        data.clear();
-        emit m_pageController->goToPageViewConfig();
-    });
-
-    m_engine->addImageProvider(QLatin1String("installedAppImage"), new InstalledAppsImageProvider);
-#endif
-
-#ifdef Q_OS_IOS
-    IosController::Instance()->initialize();
-    connect(IosController::Instance(), &IosController::importConfigFromOutside, this, [this](QString data) {
-        emit m_pageController->goToPageHome();
-        m_importController->extractConfigFromData(data);
-        emit m_pageController->goToPageViewConfig();
-    });
-
-    connect(IosController::Instance(), &IosController::importBackupFromOutside, this, [this](QString filePath) {
-        emit m_pageController->goToPageHome();
-        m_pageController->goToPageSettingsBackup();
-        emit m_settingsController->importBackupFromOutside(filePath);
-    });
-
-    QTimer::singleShot(0, this, [this]() { AmneziaVPN::toggleScreenshots(m_settings->isScreenshotsEnabled()); });
-
-    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, [](bool enabled) { AmneziaVPN::toggleScreenshots(enabled); });
-#endif
-
-#ifndef Q_OS_ANDROID
-    m_notificationHandler.reset(NotificationHandler::create(nullptr));
-
-    connect(m_vpnConnection.get(), &VpnConnection::connectionStateChanged, m_notificationHandler.get(),
-            &NotificationHandler::setConnectionState);
-
-    connect(m_notificationHandler.get(), &NotificationHandler::raiseRequested, m_pageController.get(), &PageController::raiseMainWindow);
-    connect(m_notificationHandler.get(), &NotificationHandler::connectRequested, m_connectionController.get(),
-            static_cast<void (ConnectionController::*)()>(&ConnectionController::openConnection));
-    connect(m_notificationHandler.get(), &NotificationHandler::disconnectRequested, m_connectionController.get(),
-            &ConnectionController::closeConnection);
-    connect(this, &AmneziaApplication::translationsUpdated, m_notificationHandler.get(), &NotificationHandler::onTranslationsUpdated);
-#endif
 
     m_engine->addImportPath("qrc:/ui/qml/Modules/");
     m_engine->load(url);
-    m_systemController->setQmlRoot(m_engine->rootObjects().value(0));
+
+    m_coreController->setQmlRoot();
 
     bool enabled = m_settings->isSaveLogs();
 #ifndef Q_OS_ANDROID
@@ -168,13 +93,13 @@ void AmneziaApplication::init()
 #endif
     Logger::setServiceLogsEnabled(enabled);
 
-#ifdef Q_OS_WIN
+#ifdef Q_OS_WIN //TODO
     if (m_parser.isSet("a"))
-        m_pageController->showOnStartup();
+        m_coreController->pageController()->showOnStartup();
     else
-        emit m_pageController->raiseMainWindow();
+        emit m_coreController->pageController()->raiseMainWindow();
 #else
-    m_pageController->showOnStartup();
+    m_coreController->pageController()->showOnStartup();
 #endif
 
 // Android TextArea clipboard workaround
@@ -231,33 +156,6 @@ void AmneziaApplication::loadFonts()
     QFontDatabase::addApplicationFont(":/fonts/pt-root-ui_vf.ttf");
 }
 
-void AmneziaApplication::loadTranslator()
-{
-    auto locale = m_settings->getAppLanguage();
-    m_translator.reset(new QTranslator());
-    updateTranslator(locale);
-}
-
-void AmneziaApplication::updateTranslator(const QLocale &locale)
-{
-    if (!m_translator->isEmpty()) {
-        QCoreApplication::removeTranslator(m_translator.get());
-    }
-
-    QString strFileName = QString(":/translations/amneziavpn") + QLatin1String("_") + locale.name() + ".qm";
-    if (m_translator->load(strFileName)) {
-        if (QCoreApplication::installTranslator(m_translator.get())) {
-            m_settings->setAppLanguage(locale);
-        }
-    } else {
-        m_settings->setAppLanguage(QLocale::English);
-    }
-
-    m_engine->retranslate();
-
-    emit translationsUpdated();
-}
-
 bool AmneziaApplication::parseCommands()
 {
     m_parser.setApplicationDescription(APPLICATION_NAME);
@@ -295,7 +193,7 @@ void AmneziaApplication::startLocalServer()
             QLocalSocket *clientConnection = server->nextPendingConnection();
             clientConnection->deleteLater();
         }
-        emit m_pageController->raiseMainWindow();
+        emit m_coreController->pageController()->raiseMainWindow(); //TODO
     });
 }
 #endif
@@ -305,165 +203,12 @@ QQmlApplicationEngine *AmneziaApplication::qmlEngine() const
     return m_engine;
 }
 
-void AmneziaApplication::initModels()
+QNetworkAccessManager *AmneziaApplication::networkManager()
 {
-    m_containersModel.reset(new ContainersModel(this));
+    return m_nam;
-    m_engine->rootContext()->setContextProperty("ContainersModel", m_containersModel.get());
-
-    m_defaultServerContainersModel.reset(new ContainersModel(this));
-    m_engine->rootContext()->setContextProperty("DefaultServerContainersModel", m_defaultServerContainersModel.get());
-
-    m_serversModel.reset(new ServersModel(m_settings, this));
-    m_engine->rootContext()->setContextProperty("ServersModel", m_serversModel.get());
-    connect(m_serversModel.get(), &ServersModel::containersUpdated, m_containersModel.get(), &ContainersModel::updateModel);
-    connect(m_serversModel.get(), &ServersModel::defaultServerContainersUpdated, m_defaultServerContainersModel.get(),
-            &ContainersModel::updateModel);
-    m_serversModel->resetModel();
-
-    m_languageModel.reset(new LanguageModel(m_settings, this));
-    m_engine->rootContext()->setContextProperty("LanguageModel", m_languageModel.get());
-    connect(m_languageModel.get(), &LanguageModel::updateTranslations, this, &AmneziaApplication::updateTranslator);
-    connect(this, &AmneziaApplication::translationsUpdated, m_languageModel.get(), &LanguageModel::translationsUpdated);
-
-    m_sitesModel.reset(new SitesModel(m_settings, this));
-    m_engine->rootContext()->setContextProperty("SitesModel", m_sitesModel.get());
-
-    m_appSplitTunnelingModel.reset(new AppSplitTunnelingModel(m_settings, this));
-    m_engine->rootContext()->setContextProperty("AppSplitTunnelingModel", m_appSplitTunnelingModel.get());
-
-    m_protocolsModel.reset(new ProtocolsModel(m_settings, this));
-    m_engine->rootContext()->setContextProperty("ProtocolsModel", m_protocolsModel.get());
-
-    m_openVpnConfigModel.reset(new OpenVpnConfigModel(this));
-    m_engine->rootContext()->setContextProperty("OpenVpnConfigModel", m_openVpnConfigModel.get());
-
-    m_shadowSocksConfigModel.reset(new ShadowSocksConfigModel(this));
-    m_engine->rootContext()->setContextProperty("ShadowSocksConfigModel", m_shadowSocksConfigModel.get());
-
-    m_cloakConfigModel.reset(new CloakConfigModel(this));
-    m_engine->rootContext()->setContextProperty("CloakConfigModel", m_cloakConfigModel.get());
-
-    m_wireGuardConfigModel.reset(new WireGuardConfigModel(this));
-    m_engine->rootContext()->setContextProperty("WireGuardConfigModel", m_wireGuardConfigModel.get());
-
-    m_awgConfigModel.reset(new AwgConfigModel(this));
-    m_engine->rootContext()->setContextProperty("AwgConfigModel", m_awgConfigModel.get());
-
-    m_xrayConfigModel.reset(new XrayConfigModel(this));
-    m_engine->rootContext()->setContextProperty("XrayConfigModel", m_xrayConfigModel.get());
-
-#ifdef Q_OS_WINDOWS
-    m_ikev2ConfigModel.reset(new Ikev2ConfigModel(this));
-    m_engine->rootContext()->setContextProperty("Ikev2ConfigModel", m_ikev2ConfigModel.get());
-#endif
-
-    m_sftpConfigModel.reset(new SftpConfigModel(this));
-    m_engine->rootContext()->setContextProperty("SftpConfigModel", m_sftpConfigModel.get());
-
-    m_socks5ConfigModel.reset(new Socks5ProxyConfigModel(this));
-    m_engine->rootContext()->setContextProperty("Socks5ProxyConfigModel", m_socks5ConfigModel.get());
-
-    m_clientManagementModel.reset(new ClientManagementModel(m_settings, this));
-    m_engine->rootContext()->setContextProperty("ClientManagementModel", m_clientManagementModel.get());
-    connect(m_clientManagementModel.get(), &ClientManagementModel::adminConfigRevoked, m_serversModel.get(),
-            &ServersModel::clearCachedProfile);
-
-    m_apiServicesModel.reset(new ApiServicesModel(this));
-    m_engine->rootContext()->setContextProperty("ApiServicesModel", m_apiServicesModel.get());
-
-    m_apiCountryModel.reset(new ApiCountryModel(this));
-    m_engine->rootContext()->setContextProperty("ApiCountryModel", m_apiCountryModel.get());
-    connect(m_serversModel.get(), &ServersModel::updateApiLanguageModel, this, [this]() {
-        m_apiCountryModel->updateModel(m_serversModel->getProcessedServerData("apiAvailableCountries").toJsonArray(),
-                                       m_serversModel->getProcessedServerData("apiServerCountryCode").toString());
-    });
-    connect(m_serversModel.get(), &ServersModel::updateApiServicesModel, this,
-            [this]() { m_apiServicesModel->updateModel(m_serversModel->getProcessedServerData("apiConfig").toJsonObject()); });
 }
 
-void AmneziaApplication::initControllers()
+QClipboard *AmneziaApplication::getClipboard()
 {
-    m_connectionController.reset(
+    return this->clipboard();
-            new ConnectionController(m_serversModel, m_containersModel, m_clientManagementModel, m_vpnConnection, m_settings));
-    m_engine->rootContext()->setContextProperty("ConnectionController", m_connectionController.get());
-
-    connect(m_connectionController.get(), qOverload<const QString &>(&ConnectionController::connectionErrorOccurred), this,
-            [this](const QString &errorMessage) {
-                emit m_pageController->showErrorMessage(errorMessage);
-                emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
-            });
-
-    connect(m_connectionController.get(), qOverload<ErrorCode>(&ConnectionController::connectionErrorOccurred), this,
-            [this](ErrorCode errorCode) {
-                emit m_pageController->showErrorMessage(errorCode);
-                emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
-            });
-
-    connect(m_connectionController.get(), &ConnectionController::connectButtonClicked, m_connectionController.get(),
-            &ConnectionController::toggleConnection, Qt::QueuedConnection);
-
-    m_pageController.reset(new PageController(m_serversModel, m_settings));
-    m_engine->rootContext()->setContextProperty("PageController", m_pageController.get());
-
-    m_focusController.reset(new FocusController(m_engine, this));
-    m_engine->rootContext()->setContextProperty("FocusController", m_focusController.get());
-
-    m_installController.reset(new InstallController(m_serversModel, m_containersModel, m_protocolsModel, m_clientManagementModel,
-                                                    m_apiServicesModel, m_settings));
-    m_engine->rootContext()->setContextProperty("InstallController", m_installController.get());
-    connect(m_installController.get(), &InstallController::passphraseRequestStarted, m_pageController.get(),
-            &PageController::showPassphraseRequestDrawer);
-    connect(m_pageController.get(), &PageController::passphraseRequestDrawerClosed, m_installController.get(),
-            &InstallController::setEncryptedPassphrase);
-    connect(m_installController.get(), &InstallController::currentContainerUpdated, m_connectionController.get(),
-            &ConnectionController::onCurrentContainerUpdated);
-
-    connect(m_installController.get(), &InstallController::updateServerFromApiFinished, this, [this]() {
-        if (m_reloadConfigErrorOccurredConnection) {
-            disconnect(m_reloadConfigErrorOccurredConnection);
-        }
-        emit m_connectionController->configFromApiUpdated();
-    });
-
-    connect(m_connectionController.get(), &ConnectionController::updateApiConfigFromGateway, this, [this]() {
-        m_reloadConfigErrorOccurredConnection = connect(
-                m_installController.get(), qOverload<ErrorCode>(&InstallController::installationErrorOccurred), this,
-                [this]() { emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected); },
-                static_cast<Qt::ConnectionType>(Qt::AutoConnection | Qt::SingleShotConnection));
-        m_installController->updateServiceFromApi(m_serversModel->getDefaultServerIndex(), "", "");
-    });
-
-    connect(m_connectionController.get(), &ConnectionController::updateApiConfigFromTelegram, this, [this]() {
-        m_reloadConfigErrorOccurredConnection = connect(
-                m_installController.get(), qOverload<ErrorCode>(&InstallController::installationErrorOccurred), this,
-                [this]() { emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected); },
-                static_cast<Qt::ConnectionType>(Qt::AutoConnection | Qt::SingleShotConnection));
-        m_serversModel->removeApiConfig(m_serversModel->getDefaultServerIndex());
-        m_installController->updateServiceFromTelegram(m_serversModel->getDefaultServerIndex());
-    });
-
-    connect(this, &AmneziaApplication::translationsUpdated, m_connectionController.get(), &ConnectionController::onTranslationsUpdated);
-
-    m_importController.reset(new ImportController(m_serversModel, m_containersModel, m_settings));
-    m_engine->rootContext()->setContextProperty("ImportController", m_importController.get());
-
-    m_exportController.reset(new ExportController(m_serversModel, m_containersModel, m_clientManagementModel, m_settings));
-    m_engine->rootContext()->setContextProperty("ExportController", m_exportController.get());
-
-    m_settingsController.reset(
-            new SettingsController(m_serversModel, m_containersModel, m_languageModel, m_sitesModel, m_appSplitTunnelingModel, m_settings));
-    m_engine->rootContext()->setContextProperty("SettingsController", m_settingsController.get());
-    if (m_settingsController->isAutoConnectEnabled() && m_serversModel->getDefaultServerIndex() >= 0) {
-        QTimer::singleShot(1000, this, [this]() { m_connectionController->openConnection(); });
-    }
-    connect(m_settingsController.get(), &SettingsController::amneziaDnsToggled, m_serversModel.get(), &ServersModel::toggleAmneziaDns);
-
-    m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
-    m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());
-
-    m_appSplitTunnelingController.reset(new AppSplitTunnelingController(m_settings, m_appSplitTunnelingModel));
-    m_engine->rootContext()->setContextProperty("AppSplitTunnelingController", m_appSplitTunnelingController.get());
-
-    m_systemController.reset(new SystemController(m_settings));
-    m_engine->rootContext()->setContextProperty("SystemController", m_systemController.get());
 }

client/amnezia_application.h

@@ -11,44 +11,12 @@
 #else
     #include <QApplication>
 #endif
+#include <QClipboard>
 
+#include "core/controllers/coreController.h"
 #include "settings.h"
 #include "vpnconnection.h"
 
-#include "ui/controllers/connectionController.h"
-#include "ui/controllers/exportController.h"
-#include "ui/controllers/importController.h"
-#include "ui/controllers/installController.h"
-#include "ui/controllers/focusController.h"
-#include "ui/controllers/pageController.h"
-#include "ui/controllers/settingsController.h"
-#include "ui/controllers/sitesController.h"
-#include "ui/controllers/systemController.h"
-#include "ui/controllers/appSplitTunnelingController.h"
-#include "ui/models/containers_model.h"
-#include "ui/models/languageModel.h"
-#include "ui/models/protocols/cloakConfigModel.h"
-#ifndef Q_OS_ANDROID
-    #include "ui/notificationhandler.h"
-#endif
-#ifdef Q_OS_WINDOWS
-    #include "ui/models/protocols/ikev2ConfigModel.h"
-#endif
-#include "ui/models/protocols/awgConfigModel.h"
-#include "ui/models/protocols/openvpnConfigModel.h"
-#include "ui/models/protocols/shadowsocksConfigModel.h"
-#include "ui/models/protocols/wireguardConfigModel.h"
-#include "ui/models/protocols/xrayConfigModel.h"
-#include "ui/models/protocols_model.h"
-#include "ui/models/servers_model.h"
-#include "ui/models/services/sftpConfigModel.h"
-#include "ui/models/services/socks5ProxyConfigModel.h"
-#include "ui/models/sites_model.h"
-#include "ui/models/clientManagementModel.h"
-#include "ui/models/appSplitTunnelingModel.h"
-#include "ui/models/apiServicesModel.h"
-#include "ui/models/apiCountryModel.h"
-
 #define amnApp (static_cast<AmneziaApplication *>(QCoreApplication::instance()))
 
 #if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
@@ -67,8 +35,6 @@ public:
     void init();
     void registerTypes();
     void loadFonts();
-    void loadTranslator();
-    void updateTranslator(const QLocale &locale);
     bool parseCommands();
 
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
@@ -76,68 +42,24 @@ public:
 #endif
 
     QQmlApplicationEngine *qmlEngine() const;
-    QNetworkAccessManager *manager() { return m_nam; }
+    QNetworkAccessManager *networkManager();
-
+    QClipboard *getClipboard();
-signals:
-    void translationsUpdated();
 
 private:
-    void initModels();
-    void initControllers();
-
     QQmlApplicationEngine *m_engine {};
     std::shared_ptr<Settings> m_settings;
 
+    QScopedPointer<CoreController> m_coreController;
+
     QSharedPointer<ContainerProps> m_containerProps;
     QSharedPointer<ProtocolProps> m_protocolProps;
 
-    QSharedPointer<QTranslator> m_translator;
     QCommandLineParser m_parser;
 
-    QSharedPointer<ContainersModel> m_containersModel;
-    QSharedPointer<ContainersModel> m_defaultServerContainersModel;
-    QSharedPointer<ServersModel> m_serversModel;
-    QSharedPointer<LanguageModel> m_languageModel;
-    QSharedPointer<ProtocolsModel> m_protocolsModel;
-    QSharedPointer<SitesModel> m_sitesModel;
-    QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
-    QSharedPointer<ClientManagementModel> m_clientManagementModel;
-    QSharedPointer<ApiServicesModel> m_apiServicesModel;
-    QSharedPointer<ApiCountryModel> m_apiCountryModel;
-
-    QScopedPointer<OpenVpnConfigModel> m_openVpnConfigModel;
-    QScopedPointer<ShadowSocksConfigModel> m_shadowSocksConfigModel;
-    QScopedPointer<CloakConfigModel> m_cloakConfigModel;
-    QScopedPointer<XrayConfigModel> m_xrayConfigModel;    
-    QScopedPointer<WireGuardConfigModel> m_wireGuardConfigModel;
-    QScopedPointer<AwgConfigModel> m_awgConfigModel;
-#ifdef Q_OS_WINDOWS
-    QScopedPointer<Ikev2ConfigModel> m_ikev2ConfigModel;
-#endif
-
-    QScopedPointer<SftpConfigModel> m_sftpConfigModel;
-    QScopedPointer<Socks5ProxyConfigModel> m_socks5ConfigModel;
-
     QSharedPointer<VpnConnection> m_vpnConnection;
     QThread m_vpnConnectionThread;
-#ifndef Q_OS_ANDROID
-    QScopedPointer<NotificationHandler> m_notificationHandler;
-#endif
-
-    QScopedPointer<ConnectionController> m_connectionController;
-    QScopedPointer<FocusController> m_focusController;
-    QScopedPointer<PageController> m_pageController;
-    QScopedPointer<InstallController> m_installController;
-    QScopedPointer<ImportController> m_importController;
-    QScopedPointer<ExportController> m_exportController;
-    QScopedPointer<SettingsController> m_settingsController;
-    QScopedPointer<SitesController> m_sitesController;
-    QScopedPointer<SystemController> m_systemController;
-    QScopedPointer<AppSplitTunnelingController> m_appSplitTunnelingController;
 
     QNetworkAccessManager *m_nam;
-
-    QMetaObject::Connection m_reloadConfigErrorOccurredConnection;
 };
 
 #endif // AMNEZIA_APPLICATION_H

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt

@@ -120,10 +120,21 @@ open class Wireguard : Protocol() {
         configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) }
         configData.optStringOrNull("S1")?.let { setS1(it.toInt()) }
         configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
+        configData.optStringOrNull("S3")?.let { setS3(it.toInt()) }
+        configData.optStringOrNull("S4")?.let { setS4(it.toInt()) }
         configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
         configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
         configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
         configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
+        configData.optStringOrNull("I1")?.let { setI1(it) }
+        configData.optStringOrNull("I2")?.let { setI2(it) }
+        configData.optStringOrNull("I3")?.let { setI3(it) }
+        configData.optStringOrNull("I4")?.let { setI4(it) }
+        configData.optStringOrNull("I5")?.let { setI5(it) }
+        configData.optStringOrNull("J1")?.let { setJ1(it) }
+        configData.optStringOrNull("J2")?.let { setJ2(it) }
+        configData.optStringOrNull("J3")?.let { setJ3(it) }
+        configData.optStringOrNull("Itime")?.let { setItime(it.toInt()) }
     }
 
     private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) {

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt

@@ -20,10 +20,21 @@ open class WireguardConfig protected constructor(
     val jmax: Int?,
     val s1: Int?,
     val s2: Int?,
+    val s3: Int?,
+    val s4: Int?,
     val h1: Long?,
     val h2: Long?,
     val h3: Long?,
-    val h4: Long?
+    val h4: Long?,
+    var i1: String?,
+    var i2: String?,
+    var i3: String?,
+    var i4: String?,
+    var i5: String?,
+    var j1: String?,
+    var j2: String?,
+    var j3: String?,
+    var itime: Int?
 ) : ProtocolConfig(protocolConfigBuilder) {
 
     protected constructor(builder: Builder) : this(
@@ -39,10 +50,21 @@ open class WireguardConfig protected constructor(
         builder.jmax,
         builder.s1,
         builder.s2,
+        builder.s3,
+        builder.s4,
         builder.h1,
         builder.h2,
         builder.h3,
-        builder.h4
+        builder.h4,
+        builder.i1,
+        builder.i2,
+        builder.i3,
+        builder.i4,
+        builder.i5,
+        builder.j1,
+        builder.j2,
+        builder.j3,
+        builder.itime
     )
 
     fun toWgUserspaceString(): String = with(StringBuilder()) {
@@ -61,10 +83,21 @@ open class WireguardConfig protected constructor(
             appendLine("jmax=$jmax")
             appendLine("s1=$s1")
             appendLine("s2=$s2")
+            s3?.let { appendLine("s3=$it") }
+            s4?.let { appendLine("s4=$it") }
             appendLine("h1=$h1")
             appendLine("h2=$h2")
             appendLine("h3=$h3")
             appendLine("h4=$h4")
+            i1?.let { appendLine("i1=$it") }
+            i2?.let { appendLine("i2=$it") }
+            i3?.let { appendLine("i3=$it") }
+            i4?.let { appendLine("i4=$it") }
+            i5?.let { appendLine("i5=$it") }
+            j1?.let { appendLine("j1=$it") }
+            j2?.let { appendLine("j2=$it") }
+            j3?.let { appendLine("j3=$it") }
+            itime?.let { appendLine("itime=$it") }
         }
     }
 
@@ -117,10 +150,21 @@ open class WireguardConfig protected constructor(
         internal var jmax: Int? = null
         internal var s1: Int? = null
         internal var s2: Int? = null
+        internal var s3: Int? = null
+        internal var s4: Int? = null
         internal var h1: Long? = null
         internal var h2: Long? = null
         internal var h3: Long? = null
         internal var h4: Long? = null
+        internal var i1: String? = null
+        internal var i2: String? = null
+        internal var i3: String? = null
+        internal var i4: String? = null
+        internal var i5: String? = null
+        internal var j1: String? = null
+        internal var j2: String? = null
+        internal var j3: String? = null
+        internal var itime: Int? = null
 
         fun setEndpoint(endpoint: InetEndpoint) = apply { this.endpoint = endpoint }
 
@@ -139,10 +183,21 @@ open class WireguardConfig protected constructor(
         fun setJmax(jmax: Int) = apply { this.jmax = jmax }
         fun setS1(s1: Int) = apply { this.s1 = s1 }
         fun setS2(s2: Int) = apply { this.s2 = s2 }
+        fun setS3(s3: Int) = apply { this.s3 = s3 }
+        fun setS4(s4: Int) = apply { this.s4 = s4 }
         fun setH1(h1: Long) = apply { this.h1 = h1 }
         fun setH2(h2: Long) = apply { this.h2 = h2 }
         fun setH3(h3: Long) = apply { this.h3 = h3 }
         fun setH4(h4: Long) = apply { this.h4 = h4 }
+        fun setI1(i1: String) = apply { this.i1 = i1 }
+        fun setI2(i2: String) = apply { this.i2 = i2 }
+        fun setI3(i3: String) = apply { this.i3 = i3 }
+        fun setI4(i4: String) = apply { this.i4 = i4 }
+        fun setI5(i5: String) = apply { this.i5 = i5 }
+        fun setJ1(j1: String) = apply { this.j1 = j1 }
+        fun setJ2(j2: String) = apply { this.j2 = j2 }
+        fun setJ3(j3: String) = apply { this.j3 = j3 }
+        fun setItime(itime: Int) = apply { this.itime = itime }
 
         override fun build(): WireguardConfig = configBuild().run { WireguardConfig(this@Builder) }
     }

client/cmake/ios.cmake

@@ -76,8 +76,22 @@ set_target_properties(${PROJECT} PROPERTIES
     XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
     XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/Frameworks"
     XCODE_EMBED_APP_EXTENSIONS networkextension
-    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
 )
+
+if(DEFINED DEPLOY)
+    set_target_properties(${PROJECT} PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "distr ios.org.amnezia.AmneziaVPN"
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "dev ios.org.amnezia.AmneziaVPN"
+    )
+else()
+    set_target_properties(${PROJECT} PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    )
+endif()
+
 set_target_properties(${PROJECT} PROPERTIES
     XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
     XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"

client/cmake/sources.cmake

@@ -0,0 +1,191 @@
+set(CLIENT_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/..)
+
+set(HEADERS ${HEADERS}
+    ${CLIENT_ROOT_DIR}/migrations.h
+    ${CLIENT_ROOT_DIR}/../ipc/ipc.h
+    ${CLIENT_ROOT_DIR}/amnezia_application.h
+    ${CLIENT_ROOT_DIR}/containers/containers_defs.h
+    ${CLIENT_ROOT_DIR}/core/defs.h
+    ${CLIENT_ROOT_DIR}/core/errorstrings.h
+    ${CLIENT_ROOT_DIR}/core/scripts_registry.h
+    ${CLIENT_ROOT_DIR}/core/server_defs.h
+    ${CLIENT_ROOT_DIR}/core/api/apiDefs.h
+    ${CLIENT_ROOT_DIR}/core/qrCodeUtils.h
+    ${CLIENT_ROOT_DIR}/core/controllers/coreController.h
+    ${CLIENT_ROOT_DIR}/core/controllers/gatewayController.h
+    ${CLIENT_ROOT_DIR}/core/controllers/serverController.h
+    ${CLIENT_ROOT_DIR}/core/controllers/vpnConfigurationController.h
+    ${CLIENT_ROOT_DIR}/protocols/protocols_defs.h
+    ${CLIENT_ROOT_DIR}/protocols/qml_register_protocols.h
+    ${CLIENT_ROOT_DIR}/ui/pages.h
+    ${CLIENT_ROOT_DIR}/ui/qautostart.h
+    ${CLIENT_ROOT_DIR}/protocols/vpnprotocol.h
+    ${CMAKE_CURRENT_BINARY_DIR}/version.h
+    ${CLIENT_ROOT_DIR}/core/sshclient.h
+    ${CLIENT_ROOT_DIR}/core/networkUtilities.h
+    ${CLIENT_ROOT_DIR}/core/serialization/serialization.h
+    ${CLIENT_ROOT_DIR}/core/serialization/transfer.h
+    ${CLIENT_ROOT_DIR}/../common/logger/logger.h
+    ${CLIENT_ROOT_DIR}/utils/qmlUtils.h
+    ${CLIENT_ROOT_DIR}/core/api/apiUtils.h
+)
+
+# Mozilla headres
+set(HEADERS ${HEADERS}
+    ${CLIENT_ROOT_DIR}/mozilla/models/server.h
+    ${CLIENT_ROOT_DIR}/mozilla/shared/ipaddress.h
+    ${CLIENT_ROOT_DIR}/mozilla/shared/leakdetector.h
+    ${CLIENT_ROOT_DIR}/mozilla/controllerimpl.h
+    ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.h
+)
+
+if(NOT IOS)
+    set(HEADERS ${HEADERS}
+        ${CLIENT_ROOT_DIR}/platforms/ios/QRCodeReaderBase.h
+    )
+endif()
+
+if(NOT ANDROID)
+    set(HEADERS ${HEADERS}
+        ${CLIENT_ROOT_DIR}/ui/notificationhandler.h
+    )
+endif()
+
+set(SOURCES ${SOURCES}
+    ${CLIENT_ROOT_DIR}/migrations.cpp
+    ${CLIENT_ROOT_DIR}/amnezia_application.cpp
+    ${CLIENT_ROOT_DIR}/containers/containers_defs.cpp
+    ${CLIENT_ROOT_DIR}/core/errorstrings.cpp
+    ${CLIENT_ROOT_DIR}/core/scripts_registry.cpp
+    ${CLIENT_ROOT_DIR}/core/server_defs.cpp
+    ${CLIENT_ROOT_DIR}/core/qrCodeUtils.cpp
+    ${CLIENT_ROOT_DIR}/core/controllers/coreController.cpp
+    ${CLIENT_ROOT_DIR}/core/controllers/gatewayController.cpp
+    ${CLIENT_ROOT_DIR}/core/controllers/serverController.cpp
+    ${CLIENT_ROOT_DIR}/core/controllers/vpnConfigurationController.cpp
+    ${CLIENT_ROOT_DIR}/protocols/protocols_defs.cpp
+    ${CLIENT_ROOT_DIR}/ui/qautostart.cpp
+    ${CLIENT_ROOT_DIR}/protocols/vpnprotocol.cpp
+    ${CLIENT_ROOT_DIR}/core/sshclient.cpp
+    ${CLIENT_ROOT_DIR}/core/networkUtilities.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/outbound.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/inbound.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/ss.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/ssd.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/vless.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/trojan.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/vmess.cpp
+    ${CLIENT_ROOT_DIR}/core/serialization/vmess_new.cpp
+    ${CLIENT_ROOT_DIR}/../common/logger/logger.cpp
+    ${CLIENT_ROOT_DIR}/utils/qmlUtils.cpp
+    ${CLIENT_ROOT_DIR}/core/api/apiUtils.cpp
+)
+
+# Mozilla sources
+set(SOURCES ${SOURCES}
+    ${CLIENT_ROOT_DIR}/mozilla/models/server.cpp
+    ${CLIENT_ROOT_DIR}/mozilla/shared/ipaddress.cpp
+    ${CLIENT_ROOT_DIR}/mozilla/shared/leakdetector.cpp
+    ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.cpp
+)
+
+if(NOT IOS)
+    set(SOURCES ${SOURCES}
+        ${CLIENT_ROOT_DIR}/platforms/ios/QRCodeReaderBase.cpp
+    )
+endif()
+
+if(NOT ANDROID)
+    set(SOURCES ${SOURCES}
+        ${CLIENT_ROOT_DIR}/ui/notificationhandler.cpp
+    )
+endif()
+
+file(GLOB COMMON_FILES_H CONFIGURE_DEPENDS ${CLIENT_ROOT_DIR}/*.h)
+file(GLOB COMMON_FILES_CPP CONFIGURE_DEPENDS ${CLIENT_ROOT_DIR}/*.cpp)
+
+file(GLOB_RECURSE PAGE_LOGIC_H CONFIGURE_DEPENDS ${CLIENT_ROOT_DIR}/ui/pages_logic/*.h)
+file(GLOB_RECURSE PAGE_LOGIC_CPP CONFIGURE_DEPENDS ${CLIENT_ROOT_DIR}/ui/pages_logic/*.cpp)
+
+file(GLOB CONFIGURATORS_H CONFIGURE_DEPENDS ${CLIENT_ROOT_DIR}/configurators/*.h)
+file(GLOB CONFIGURATORS_CPP CONFIGURE_DEPENDS ${CLIENT_ROOT_DIR}/configurators/*.cpp)
+
+file(GLOB UI_MODELS_H CONFIGURE_DEPENDS
+    ${CLIENT_ROOT_DIR}/ui/models/*.h
+    ${CLIENT_ROOT_DIR}/ui/models/protocols/*.h
+    ${CLIENT_ROOT_DIR}/ui/models/services/*.h
+    ${CLIENT_ROOT_DIR}/ui/models/api/*.h
+)
+file(GLOB UI_MODELS_CPP CONFIGURE_DEPENDS
+    ${CLIENT_ROOT_DIR}/ui/models/*.cpp
+    ${CLIENT_ROOT_DIR}/ui/models/protocols/*.cpp
+    ${CLIENT_ROOT_DIR}/ui/models/services/*.cpp
+    ${CLIENT_ROOT_DIR}/ui/models/api/*.cpp
+)
+
+file(GLOB UI_CONTROLLERS_H CONFIGURE_DEPENDS
+    ${CLIENT_ROOT_DIR}/ui/controllers/*.h
+    ${CLIENT_ROOT_DIR}/ui/controllers/api/*.h
+)
+file(GLOB UI_CONTROLLERS_CPP CONFIGURE_DEPENDS
+    ${CLIENT_ROOT_DIR}/ui/controllers/*.cpp
+    ${CLIENT_ROOT_DIR}/ui/controllers/api/*.cpp
+)
+
+set(HEADERS ${HEADERS}
+    ${COMMON_FILES_H}
+    ${PAGE_LOGIC_H}
+    ${CONFIGURATORS_H}
+    ${UI_MODELS_H}
+    ${UI_CONTROLLERS_H}
+)
+set(SOURCES ${SOURCES}
+    ${COMMON_FILES_CPP}
+    ${PAGE_LOGIC_CPP}
+    ${CONFIGURATORS_CPP}
+    ${UI_MODELS_CPP}
+    ${UI_CONTROLLERS_CPP}
+)
+
+if(WIN32)
+    set(HEADERS ${HEADERS}
+        ${CLIENT_ROOT_DIR}/protocols/ikev2_vpn_protocol_windows.h
+    )
+
+    set(SOURCES ${SOURCES}
+        ${CLIENT_ROOT_DIR}/protocols/ikev2_vpn_protocol_windows.cpp
+    )
+
+    set(RESOURCES ${RESOURCES}
+        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn.rc
+    )
+endif()
+
+if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
+    message("Client desktop build")
+    add_compile_definitions(AMNEZIA_DESKTOP)
+
+    set(HEADERS ${HEADERS}
+        ${CLIENT_ROOT_DIR}/core/ipcclient.h
+        ${CLIENT_ROOT_DIR}/core/privileged_process.h
+        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.h
+        ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.h
+        ${CLIENT_ROOT_DIR}/protocols/openvpnovercloakprotocol.h
+        ${CLIENT_ROOT_DIR}/protocols/shadowsocksvpnprotocol.h
+        ${CLIENT_ROOT_DIR}/protocols/wireguardprotocol.h
+        ${CLIENT_ROOT_DIR}/protocols/xrayprotocol.h
+        ${CLIENT_ROOT_DIR}/protocols/awgprotocol.h
+    )
+
+    set(SOURCES ${SOURCES}
+        ${CLIENT_ROOT_DIR}/core/ipcclient.cpp
+        ${CLIENT_ROOT_DIR}/core/privileged_process.cpp
+        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.cpp
+        ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.cpp
+        ${CLIENT_ROOT_DIR}/protocols/openvpnovercloakprotocol.cpp
+        ${CLIENT_ROOT_DIR}/protocols/shadowsocksvpnprotocol.cpp
+        ${CLIENT_ROOT_DIR}/protocols/wireguardprotocol.cpp
+        ${CLIENT_ROOT_DIR}/protocols/xrayprotocol.cpp
+        ${CLIENT_ROOT_DIR}/protocols/awgprotocol.cpp
+    )
+endif()

client/configurators/awg_configurator.cpp

@@ -1,4 +1,5 @@
 #include "awg_configurator.h"
+#include "protocols/protocols_defs.h"
 
 #include <QJsonDocument>
 #include <QJsonObject>
@@ -39,6 +40,20 @@ QString AwgConfigurator::createConfig(const ServerCredentials &credentials, Dock
     jsonConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
     jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
     jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+
+    // jsonConfig[config_key::cookieReplyPacketJunkSize] = configMap.value(config_key::cookieReplyPacketJunkSize);
+    // jsonConfig[config_key::transportPacketJunkSize] = configMap.value(config_key::transportPacketJunkSize);
+
+    // jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
+    // jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
+    // jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
+    // jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
+    // jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
+    // jsonConfig[config_key::controlledJunk1] = configMap.value(amnezia::config_key::controlledJunk1);
+    // jsonConfig[config_key::controlledJunk2] = configMap.value(amnezia::config_key::controlledJunk2);
+    // jsonConfig[config_key::controlledJunk3] = configMap.value(amnezia::config_key::controlledJunk3);
+    // jsonConfig[config_key::specialHandshakeTimeout] = configMap.value(amnezia::config_key::specialHandshakeTimeout);
+
     jsonConfig[config_key::mtu] =
             containerConfig.value(ProtocolProps::protoToString(Proto::Awg)).toObject().value(config_key::mtu).toString(protocols::awg::defaultMtu);
 

client/configurators/openvpn_configurator.cpp

@@ -13,10 +13,10 @@
     #include <QApplication>
 #endif
 
+#include "core/networkUtilities.h"
 #include "containers/containers_defs.h"
 #include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
-#include "core/server_defs.h"
 #include "settings.h"
 #include "utilities.h"
 
@@ -24,6 +24,7 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+
 OpenVpnConfigurator::OpenVpnConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
                                          QObject *parent)
     : ConfiguratorBase(settings, serverController, parent)
@@ -117,22 +118,22 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(const QPair<QString,
         QRegularExpression regex("redirect-gateway.*");
         config.replace(regex, "");
         
+        // We don't use secondary DNS if primary DNS is AmneziaDNS
+        if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
+            QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
+            config.replace(dnsRegex, "");
+        }
+
         if (!m_settings->isSitesSplitTunnelingEnabled()) {
             config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
-
-#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
-            // Prevent ipv6 leak
-            config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
-#endif
             config.append("block-ipv6\n");
         } else if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
 
-            // no redirect-gateway
+               // no redirect-gateway
         } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
             config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
             // Prevent ipv6 leak
-            config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
 #endif
             config.append("block-ipv6\n");
         }
@@ -166,10 +167,15 @@ QString OpenVpnConfigurator::processConfigWithExportSettings(const QPair<QString
     QRegularExpression regex("redirect-gateway.*");
     config.replace(regex, "");
 
+    // We don't use secondary DNS if primary DNS is AmneziaDNS
+    if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
+        QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
+        config.replace(dnsRegex, "");
+    }
+
     config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
 
     // Prevent ipv6 leak
-    config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
     config.append("block-ipv6\n");
 
     // remove block-outside-dns for all exported configs

client/configurators/wireguard_configurator.cpp

@@ -3,6 +3,7 @@
 #include <QDebug>
 #include <QJsonDocument>
 #include <QProcess>
+#include <QRegularExpression>
 #include <QString>
 #include <QTemporaryDir>
 #include <QTemporaryFile>
@@ -19,13 +20,17 @@
 #include "settings.h"
 #include "utilities.h"
 
-WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
+WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings,
-                                             bool isAwg, QObject *parent)
+                                             const QSharedPointer<ServerController> &serverController, bool isAwg,
+                                             QObject *parent)
     : ConfiguratorBase(settings, serverController, parent), m_isAwg(isAwg)
 {
-    m_serverConfigPath = m_isAwg ? amnezia::protocols::awg::serverConfigPath : amnezia::protocols::wireguard::serverConfigPath;
+    m_serverConfigPath =
-    m_serverPublicKeyPath = m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath : amnezia::protocols::wireguard::serverPublicKeyPath;
+            m_isAwg ? amnezia::protocols::awg::serverConfigPath : amnezia::protocols::wireguard::serverConfigPath;
-    m_serverPskKeyPath = m_isAwg ? amnezia::protocols::awg::serverPskKeyPath : amnezia::protocols::wireguard::serverPskKeyPath;
+    m_serverPublicKeyPath =
+            m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath : amnezia::protocols::wireguard::serverPublicKeyPath;
+    m_serverPskKeyPath =
+            m_isAwg ? amnezia::protocols::awg::serverPskKeyPath : amnezia::protocols::wireguard::serverPskKeyPath;
     m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template : ProtocolScriptType::wireguard_template;
 
     m_protocolName = m_isAwg ? config_key::awg : config_key::wireguard;
@@ -63,9 +68,31 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
     return connData;
 }
 
+QList<QHostAddress> WireguardConfigurator::getIpsFromConf(const QString &input)
+{
+    QRegularExpression regex("AllowedIPs = (\\d+\\.\\d+\\.\\d+\\.\\d+)");
+    QRegularExpressionMatchIterator matchIterator = regex.globalMatch(input);
+
+    QList<QHostAddress> ips;
+
+    while (matchIterator.hasNext()) {
+        QRegularExpressionMatch match = matchIterator.next();
+        const QString address_string { match.captured(1) };
+        const QHostAddress address { address_string };
+        if (address.isNull()) {
+            qWarning() << "Couldn't recognize the ip address: " << address_string;
+        } else {
+            ips << address;
+        }
+    }
+
+    return ips;
+}
+
 WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
                                                                                     DockerContainer container,
-                                                                                    const QJsonObject &containerConfig, ErrorCode &errorCode)
+                                                                                    const QJsonObject &containerConfig,
+                                                                                    ErrorCode &errorCode)
 {
     WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
     connData.host = credentials.hostName;
@@ -76,65 +103,45 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         return connData;
     }
 
-    // Get list of already created clients (only IP addresses)
+    QString getIpsScript = QString("cat %1 | grep AllowedIPs").arg(m_serverConfigPath);
-    QString nextIpNumber;
+    QString stdOut;
-    {
+    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
-        QString script = QString("cat %1 | grep AllowedIPs").arg(m_serverConfigPath);
+        stdOut += data + "\n";
-        QString stdOut;
+        return ErrorCode::NoError;
-        auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
+    };
-            stdOut += data + "\n";
-            return ErrorCode::NoError;
-        };
 
-        errorCode = m_serverController->runContainerScript(credentials, container, script, cbReadStdOut);
+    errorCode = m_serverController->runContainerScript(credentials, container, getIpsScript, cbReadStdOut);
-        if (errorCode != ErrorCode::NoError) {
+    if (errorCode != ErrorCode::NoError) {
-            return connData;
+        return connData;
-        }
+    }
+    auto ips = getIpsFromConf(stdOut);
 
-        stdOut.replace("AllowedIPs = ", "");
+    QHostAddress nextIp = [&] {
-        stdOut.replace("/32", "");
+        QHostAddress result;
-        QStringList ips = stdOut.split("\n", Qt::SkipEmptyParts);
+        QHostAddress lastIp;
-
+        if (ips.empty()) {
-        // remove extra IPs from each line for case when user manually edited the wg0.conf
+            lastIp.setAddress(containerConfig.value(m_protocolName)
-        // and added there more IPs for route his itnernal networks, like:
+                                      .toObject()
-        //     ...
+                                      .value(config_key::subnet_address)
-        //     AllowedIPs = 10.8.1.6/32, 192.168.1.0/24, 192.168.2.0/24, ...
+                                      .toString(protocols::wireguard::defaultSubnetAddress));
-        //     ...
-        // without this code - next IP would be 1 if last item in 'ips' has format above
-        QStringList vpnIps;
-        for (const auto &ip : ips) {
-          vpnIps.append(ip.split(",", Qt::SkipEmptyParts).first().trimmed());
-        }
-        ips = vpnIps;
-
-        // Calc next IP address
-        if (ips.isEmpty()) {
-            nextIpNumber = "2";
         } else {
-            int next = ips.last().split(".").last().toInt() + 1;
+            lastIp = ips.last();
-            if (next > 254) {
-                errorCode = ErrorCode::AddressPoolError;
-                return connData;
-            }
-            nextIpNumber = QString::number(next);
         }
-    }
+        quint8 lastOctet = static_cast<quint8>(lastIp.toIPv4Address());
-
+        switch (lastOctet) {
-    QString subnetIp = containerConfig.value(m_protocolName).toObject().value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+        case 254: result.setAddress(lastIp.toIPv4Address() + 3); break;
-    {
+        case 255: result.setAddress(lastIp.toIPv4Address() + 2); break;
-        QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
+        default: result.setAddress(lastIp.toIPv4Address() + 1); break;
-        if (l.isEmpty()) {
-            errorCode = ErrorCode::AddressPoolError;
-            return connData;
         }
-        l.removeLast();
-        l.append(nextIpNumber);
 
-        connData.clientIP = l.join(".");
+        return result;
-    }
+    }();
+
+    connData.clientIP = nextIp.toString();
 
     // Get keys
-    connData.serverPubKey = m_serverController->getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, errorCode);
+    connData.serverPubKey =
+            m_serverController->getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, errorCode);
     connData.serverPubKey.replace("\n", "");
     if (errorCode != ErrorCode::NoError) {
         return connData;
@@ -161,10 +168,12 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         return connData;
     }
 
-    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'").arg(m_serverConfigPath);
+    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'")
+                             .arg(m_serverConfigPath);
 
     errorCode = m_serverController->runScript(
-            credentials, m_serverController->replaceVars(script, m_serverController->genVarsForScript(credentials, container)));
+            credentials,
+            m_serverController->replaceVars(script, m_serverController->genVarsForScript(credentials, container)));
 
     return connData;
 }
@@ -173,8 +182,8 @@ QString WireguardConfigurator::createConfig(const ServerCredentials &credentials
                                             const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
     QString scriptData = amnezia::scriptData(m_configTemplate, container);
-    QString config =
+    QString config = m_serverController->replaceVars(
-            m_serverController->replaceVars(scriptData, m_serverController->genVarsForScript(credentials, container, containerConfig));
+            scriptData, m_serverController->genVarsForScript(credentials, container, containerConfig));
 
     ConnectionData connData = prepareWireguardConfig(credentials, container, containerConfig, errorCode);
     if (errorCode != ErrorCode::NoError) {
@@ -208,16 +217,16 @@ QString WireguardConfigurator::createConfig(const ServerCredentials &credentials
     return QJsonDocument(jConfig).toJson();
 }
 
-QString WireguardConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+QString WireguardConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns,
-                                                              QString &protocolConfigString)
+                                                              const bool isApiConfig, QString &protocolConfigString)
 {
     processConfigWithDnsSettings(dns, protocolConfigString);
 
     return protocolConfigString;
 }
 
-QString WireguardConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+QString WireguardConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns,
-                                                               QString &protocolConfigString)
+                                                               const bool isApiConfig, QString &protocolConfigString)
 {
     processConfigWithDnsSettings(dns, protocolConfigString);
 

client/configurators/wireguard_configurator.h

@@ -1,6 +1,7 @@
 #ifndef WIREGUARD_CONFIGURATOR_H
 #define WIREGUARD_CONFIGURATOR_H
 
+#include <QHostAddress>
 #include <QObject>
 #include <QProcessEnvironment>
 
@@ -12,8 +13,8 @@ class WireguardConfigurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
-    WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, bool isAwg,
+    WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
-                          QObject *parent = nullptr);
+                          bool isAwg, QObject *parent = nullptr);
 
     struct ConnectionData
     {
@@ -26,15 +27,18 @@ public:
         QString port;
     };
 
-    QString createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
-                         ErrorCode &errorCode);
+                         const QJsonObject &containerConfig, ErrorCode &errorCode);
 
-    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig, QString &protocolConfigString);
+    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
-    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig, QString &protocolConfigString);
+                                           QString &protocolConfigString);
+    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                            QString &protocolConfigString);
 
     static ConnectionData genClientKeys();
 
 private:
+    QList<QHostAddress> getIpsFromConf(const QString &input);
     ConnectionData prepareWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
                                           const QJsonObject &containerConfig, ErrorCode &errorCode);
 

client/containers/containers_defs.cpp

@@ -140,98 +140,83 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
 {
     return {
         { DockerContainer::OpenVpn,
-          QObject::tr(
+          QObject::tr("OpenVPN is one of the most popular and reliable VPN protocols. "
-                  "OpenVPN stands as one of the most popular and time-tested VPN protocols available.\n"
+                      "It uses SSL/TLS encryption, supports a wide variety of devices and operating systems, "
-                  "It employs its unique security protocol, "
+                      "and is continuously improved by the community due to its open-source nature. "
-                  "leveraging the strength of SSL/TLS for encryption and key exchange. "
+                      "It provides a good balance between speed and security but is easily recognized by DPI systems, "
-                  "Furthermore, OpenVPN's support for a multitude of authentication methods makes it versatile and adaptable, "
+                      "making it susceptible to blocking.\n"
-                  "catering to a wide range of devices and operating systems. "
+                      "\nFeatures:\n"
-                  "Due to its open-source nature, OpenVPN benefits from extensive scrutiny by the global community, "
+                      "* Available on all AmneziaVPN platforms\n"
-                  "which continually reinforces its security. "
+                      "* Normal battery consumption on mobile devices\n"
-                  "With a strong balance of performance, security, and compatibility, "
+                      "* Flexible customization for various devices and OS\n"
-                  "OpenVPN remains a top choice for privacy-conscious individuals and businesses alike.\n\n"
+                      "* Operates over both TCP and UDP protocols") },
-                  "* Available in the AmneziaVPN across all platforms\n"
-                  "* Normal power consumption on mobile devices\n"
-                  "* Flexible customisation to suit user needs to work with different operating systems and devices\n"
-                  "* Recognised by DPI systems and therefore susceptible to blocking\n"
-                  "* Can operate over both TCP and UDP network protocols.") },
         { DockerContainer::ShadowSocks,
-          QObject::tr("Shadowsocks, inspired by the SOCKS5 protocol, safeguards the connection using the AEAD cipher. "
+          QObject::tr("Shadowsocks is based on the SOCKS5 protocol and encrypts connections using AEAD cipher. "
-                      "Although Shadowsocks is designed to be discreet and challenging to identify, it isn't identical to a standard HTTPS connection."
+                      "Although designed to be discreet, it doesn't mimic a standard HTTPS connection and can be detected by some DPI systems. "
-                      "However, certain traffic analysis systems might still detect a Shadowsocks connection. "
+                      "Due to limited support in Amnezia, we recommend using the AmneziaWG protocol.\n"
-                      "Due to limited support in Amnezia, it's recommended to use AmneziaWG protocol.\n\n"
+                      "\nFeatures:\n"
-                      "* Available in the AmneziaVPN only on desktop platforms\n"
+                      "* Available in AmneziaVPN only on desktop platforms\n"
-                      "* Configurable encryption protocol\n"
+                      "* Customizable encryption protocol\n"
                       "* Detectable by some DPI systems\n"
-                      "* Works over TCP network protocol.") },
+                      "* Operates over TCP protocol\n") },
         { DockerContainer::Cloak,
-          QObject::tr("This is a combination of the OpenVPN protocol and the Cloak plugin designed specifically for "
+          QObject::tr("This combination includes the OpenVPN protocol and the Cloak plugin, specifically designed to protect against blocking.\n"
-                      "protecting against detection.\n\n"
+                      "\nOpenVPN securely encrypts all internet traffic between your device and the server.\n"
-                      "OpenVPN provides a secure VPN connection by encrypting all internet traffic between the client "
+                      "\nThe Cloak plugin further protects the connection from DPI detection. "
-                      "and the server.\n\n"
+                      "It modifies traffic metadata to disguise VPN traffic as regular web traffic and prevents detection through active probing. "
-                      "Cloak protects OpenVPN from detection. \n\n"
+                      "If an incoming connection fails authentication, Cloak serves a fake website, making your VPN invisible to traffic analysis systems.\n"
-                      "Cloak can modify packet metadata so that it completely masks VPN traffic as normal web traffic, "
+                      "\nIn regions with heavy internet censorship, we strongly recommend using OpenVPN with Cloak from your first connection.\n"
-                      "and also protects the VPN from detection by Active Probing. This makes it very resistant to "
+                      "\nFeatures:\n"
-                      "being detected\n\n"
+                      "* Available on all AmneziaVPN platforms\n"
-                      "Immediately after receiving the first data packet, Cloak authenticates the incoming connection. "
-                      "If authentication fails, the plugin masks the server as a fake website and your VPN becomes "
-                      "invisible to analysis systems.\n\n"
-                      "* Available in the AmneziaVPN across all platforms\n"
                       "* High power consumption on mobile devices\n"
-                      "* Flexible settings\n"
+                      "* Flexible configuration options\n"
-                      "* Not recognised by detection systems\n"
+                      "* Undetectable by DPI systems\n"
-                      "* Works over TCP network protocol, 443 port.\n") },
+                      "* Operates over TCP protocol on port 443") },
         { DockerContainer::WireGuard,
-          QObject::tr("A relatively new popular VPN protocol with a simplified architecture.\n"
+          QObject::tr("WireGuard is a modern, streamlined VPN protocol offering stable connectivity and excellent performance across all devices. "
-                      "WireGuard provides stable VPN connection and high performance on all devices. It uses hard-coded encryption "
+                      "It uses fixed encryption settings, delivering lower latency and higher data transfer speeds compared to OpenVPN. "
-                      "settings. WireGuard compared to OpenVPN has lower latency and better data transfer throughput.\n"
+                      "However, WireGuard is easily identifiable by DPI systems due to its distinctive packet signatures, making it susceptible to blocking.\n"
-                      "WireGuard is very susceptible to detection and blocking due to its distinct packet signatures. "
+                      "\nFeatures:\n"
-                      "Unlike some other VPN protocols that employ obfuscation techniques, "
+                      "* Available on all AmneziaVPN platforms\n"
-                      "the consistent signature patterns of WireGuard packets can be more easily identified and "
+                      "* Low power consumption on mobile devices\n"
-                      "thus blocked by advanced Deep Packet Inspection (DPI) systems and other network monitoring tools.\n\n"
+                      "* Minimal configuration required\n"
-                      "* Available in the AmneziaVPN across all platforms\n"
+                      "* Easily detected by DPI systems (susceptible to blocking)\n"
-                      "* Low power consumption\n"
+                      "* Operates over UDP protocol") },
-                      "* Minimum number of settings\n"
-                      "* Easily recognised by DPI analysis systems, susceptible to blocking\n"
-                      "* Works over UDP network protocol.") },
         { DockerContainer::Awg,
-          QObject::tr("A modern iteration of the popular VPN protocol, "
+          QObject::tr("AmneziaWG is a modern VPN protocol based on WireGuard, "
-                      "AmneziaWG builds upon the foundation set by WireGuard, "
+                      "combining simplified architecture with high performance across all devices. "
-                      "retaining its simplified architecture and high-performance capabilities across devices.\n"
+                      "It addresses WireGuard's main vulnerability (easy detection by DPI systems) through advanced obfuscation techniques, "
-                      "While WireGuard is known for its efficiency, "
+                      "making VPN traffic indistinguishable from regular internet traffic.\n"
-                      "it had issues with being easily detected due to its distinct packet signatures. "
+                      "\nAmneziaWG is an excellent choice for those seeking a fast, stealthy VPN connection.\n"
-                      "AmneziaWG solves this problem by using better obfuscation methods, "
+                      "\nFeatures:\n"
-                      "making its traffic blend in with regular internet traffic.\n"
+                      "* Available on all AmneziaVPN platforms\n"
-                      "This means that AmneziaWG keeps the fast performance of the original "
+                      "* Low battery consumption on mobile devices\n"
-                      "while adding an extra layer of stealth, "
+                      "* Minimal settings required\n"
-                      "making it a great choice for those wanting a fast and discreet VPN connection.\n\n"
+                      "* Undetectable by traffic analysis systems (DPI)\n"
-                      "* Available in the AmneziaVPN across all platforms\n"
+                      "* Operates over UDP protocol") },
-                      "* Low power consumption\n"
-                      "* Minimum number of settings\n"
-                      "* Not recognised by traffic analysis systems\n"
-                      "* Works over UDP network protocol.") },
         { DockerContainer::Xray,
-                QObject::tr("The REALITY protocol, a pioneering development by the creators of XRay, "
+          QObject::tr("REALITY is an innovative protocol developed by the creators of XRay, designed specifically to combat high levels of internet censorship. "
-                            "is designed to provide the highest level of protection against detection through its innovative approach to security and privacy.\n"
+                      "REALITY identifies censorship systems during the TLS handshake, "
-                            "It uniquely identifies attackers during the TLS handshake phase, seamlessly operating as a proxy for legitimate clients while diverting attackers to genuine websites, "
+                      "redirecting suspicious traffic seamlessly to legitimate websites like google.com while providing genuine TLS certificates. "
-                            "thus presenting an authentic TLS certificate and data. \n"
+                      "This allows VPN traffic to blend indistinguishably with regular web traffic without special configuration."
-                            "This advanced capability differentiates REALITY from similar technologies by its ability to disguise web traffic as coming from random, "
+                      "\nUnlike older protocols such as VMess, VLESS, and XTLS-Vision, REALITY incorporates an advanced built-in \"friend-or-foe\" detection mechanism, "
-                            "legitimate sites without the need for specific configurations. \n"
+                      "effectively protecting against DPI and other traffic analysis methods.\n"
-                            "Unlike older protocols such as VMess, VLESS, and the XTLS-Vision transport, "
+                      "\nFeatures:\n"
-                            "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security. "
+                      "* Resistant to active probing and DPI detection\n"
-                            "This makes REALITY a robust solution for maintaining internet freedom.")
+                      "* No special configuration required to disguise traffic\n"
-        },
+                      "* Highly effective in heavily censored regions\n"
+                      "* Minimal battery consumption on devices\n"
+                      "* Operates over TCP protocol") },
         { DockerContainer::Ipsec,
-          QObject::tr("IKEv2, paired with the IPSec encryption layer, stands as a modern and stable VPN protocol.\n"
+          QObject::tr("IKEv2, combined with IPSec encryption, is a modern and reliable VPN protocol. "
-                      "One of its distinguishing features is its ability to swiftly switch between networks and devices, "
+                      "It reconnects quickly when switching networks or devices, making it ideal for dynamic network environments. "
-                      "making it particularly adaptive in dynamic network environments. \n"
+                      "While it provides good security and speed, it's easily recognized by DPI systems and susceptible to blocking.\n"
-                      "While it offers a blend of security, stability, and speed, "
+                      "\nFeatures:\n"
-                      "it's essential to note that IKEv2 can be easily detected and is susceptible to blocking.\n\n"
+                      "* Available in AmneziaVPN only on Windows\n"
-                      "* Available in the AmneziaVPN only on Windows\n"
+                      "* Low battery consumption on mobile devices\n"
-                      "* Low power consumption, on mobile devices\n"
+                      "* Minimal configuration required\n"
-                      "* Minimal configuration\n"
+                      "* Detectable by DPI analysis systems(easily blocked)\n"
-                      "* Recognised by DPI analysis systems\n"
+                      "* Operates over UDP protocol(ports 500 and 4500)") },
-                      "* Works over UDP network protocol, ports 500 and 4500.") },
 
         { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") },
         { DockerContainer::Dns, QObject::tr("DNS Service") },

client/core/api/apiDefs.h

@@ -0,0 +1,72 @@
+#ifndef APIDEFS_H
+#define APIDEFS_H
+
+#include <QString>
+
+namespace apiDefs
+{
+    enum ConfigType {
+        AmneziaFreeV2 = 0,
+        AmneziaFreeV3,
+        AmneziaPremiumV1,
+        AmneziaPremiumV2,
+        SelfHosted,
+        ExternalPremium
+    };
+
+    enum ConfigSource {
+        Telegram = 1,
+        AmneziaGateway
+    };
+
+    namespace key
+    {
+        constexpr QLatin1String configVersion("config_version");
+        constexpr QLatin1String apiEndpoint("api_endpoint");
+        constexpr QLatin1String apiKey("api_key");
+        constexpr QLatin1String description("description");
+        constexpr QLatin1String name("name");
+        constexpr QLatin1String protocol("protocol");
+
+        constexpr QLatin1String apiConfig("api_config");
+        constexpr QLatin1String stackType("stack_type");
+        constexpr QLatin1String serviceType("service_type");
+        constexpr QLatin1String cliVersion("cli_version");
+        constexpr QLatin1String supportedProtocols("supported_protocols");
+
+        constexpr QLatin1String vpnKey("vpn_key");
+        constexpr QLatin1String config("config");
+        constexpr QLatin1String configs("configs");
+
+        constexpr QLatin1String installationUuid("installation_uuid");
+        constexpr QLatin1String workerLastUpdated("worker_last_updated");
+        constexpr QLatin1String lastDownloaded("last_downloaded");
+        constexpr QLatin1String sourceType("source_type");
+
+        constexpr QLatin1String serverCountryCode("server_country_code");
+        constexpr QLatin1String serverCountryName("server_country_name");
+
+        constexpr QLatin1String osVersion("os_version");
+
+        constexpr QLatin1String availableCountries("available_countries");
+        constexpr QLatin1String activeDeviceCount("active_device_count");
+        constexpr QLatin1String maxDeviceCount("max_device_count");
+        constexpr QLatin1String subscriptionEndDate("subscription_end_date");
+        constexpr QLatin1String issuedConfigs("issued_configs");
+
+        constexpr QLatin1String supportInfo("support_info");
+        constexpr QLatin1String email("email");
+        constexpr QLatin1String billingEmail("billing_email");
+        constexpr QLatin1String website("website");
+        constexpr QLatin1String websiteName("website_name");
+        constexpr QLatin1String telegram("telegram");
+
+        constexpr QLatin1String id("id");
+        constexpr QLatin1String orderId("order_id");
+        constexpr QLatin1String migrationCode("migration_code");
+    }
+
+    const int requestTimeoutMsecs = 12 * 1000; // 12 secs
+}
+
+#endif // APIDEFS_H

client/core/api/apiUtils.cpp

@@ -0,0 +1,164 @@
+#include "apiUtils.h"
+
+#include <QDateTime>
+#include <QJsonObject>
+
+namespace
+{
+    const QByteArray AMNEZIA_CONFIG_SIGNATURE = QByteArray::fromHex("000000ff");
+
+    QString escapeUnicode(const QString &input)
+    {
+        QString output;
+        for (QChar c : input) {
+            if (c.unicode() < 0x20 || c.unicode() > 0x7E) {
+                output += QString("\\u%1").arg(QString::number(c.unicode(), 16).rightJustified(4, '0'));
+            } else {
+                output += c;
+            }
+        }
+        return output;
+    }
+}
+
+bool apiUtils::isSubscriptionExpired(const QString &subscriptionEndDate)
+{
+    QDateTime now = QDateTime::currentDateTime();
+    QDateTime endDate = QDateTime::fromString(subscriptionEndDate, Qt::ISODateWithMs);
+    return endDate < now;
+}
+
+bool apiUtils::isServerFromApi(const QJsonObject &serverConfigObject)
+{
+    auto configVersion = serverConfigObject.value(apiDefs::key::configVersion).toInt();
+    switch (configVersion) {
+    case apiDefs::ConfigSource::Telegram: return true;
+    case apiDefs::ConfigSource::AmneziaGateway: return true;
+    default: return false;
+    }
+}
+
+apiDefs::ConfigType apiUtils::getConfigType(const QJsonObject &serverConfigObject)
+{
+    auto configVersion = serverConfigObject.value(apiDefs::key::configVersion).toInt();
+
+    switch (configVersion) {
+    case apiDefs::ConfigSource::Telegram: {
+        constexpr QLatin1String freeV2Endpoint(FREE_V2_ENDPOINT);
+        constexpr QLatin1String premiumV1Endpoint(PREM_V1_ENDPOINT);
+
+        auto apiEndpoint = serverConfigObject.value(apiDefs::key::apiEndpoint).toString();
+
+        if (apiEndpoint.contains(premiumV1Endpoint)) {
+            return apiDefs::ConfigType::AmneziaPremiumV1;
+        } else if (apiEndpoint.contains(freeV2Endpoint)) {
+            return apiDefs::ConfigType::AmneziaFreeV2;
+        }
+    };
+    case apiDefs::ConfigSource::AmneziaGateway: {
+        constexpr QLatin1String servicePremium("amnezia-premium");
+        constexpr QLatin1String serviceFree("amnezia-free");
+        constexpr QLatin1String serviceExternalPremium("external-premium");
+
+        auto apiConfigObject = serverConfigObject.value(apiDefs::key::apiConfig).toObject();
+        auto serviceType = apiConfigObject.value(apiDefs::key::serviceType).toString();
+
+        if (serviceType == servicePremium) {
+            return apiDefs::ConfigType::AmneziaPremiumV2;
+        } else if (serviceType == serviceFree) {
+            return apiDefs::ConfigType::AmneziaFreeV3;
+        } else if (serviceType == serviceExternalPremium) {
+            return apiDefs::ConfigType::ExternalPremium;
+        }
+    }
+    default: {
+        return apiDefs::ConfigType::SelfHosted;
+    }
+    };
+}
+
+apiDefs::ConfigSource apiUtils::getConfigSource(const QJsonObject &serverConfigObject)
+{
+    return static_cast<apiDefs::ConfigSource>(serverConfigObject.value(apiDefs::key::configVersion).toInt());
+}
+
+amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply)
+{
+    const int httpStatusCodeConflict = 409;
+    const int httpStatusCodeNotFound = 404;
+
+    if (!sslErrors.empty()) {
+        qDebug().noquote() << sslErrors;
+        return amnezia::ErrorCode::ApiConfigSslError;
+    } else if (reply->error() == QNetworkReply::NoError) {
+        return amnezia::ErrorCode::NoError;
+    } else if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
+               || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+        qDebug() << reply->error();
+        return amnezia::ErrorCode::ApiConfigTimeoutError;
+    } else if (reply->error() == QNetworkReply::NetworkError::OperationNotImplementedError) {
+        qDebug() << reply->error();
+        return amnezia::ErrorCode::ApiUpdateRequestError;
+    } else {
+        QString err = reply->errorString();
+        int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+        qDebug() << QString::fromUtf8(reply->readAll());
+        qDebug() << reply->error();
+        qDebug() << err;
+        qDebug() << httpStatusCode;
+        if (httpStatusCode == httpStatusCodeConflict) {
+            return amnezia::ErrorCode::ApiConfigLimitError;
+        } else if (httpStatusCode == httpStatusCodeNotFound) {
+            return amnezia::ErrorCode::ApiNotFoundError;
+        }
+        return amnezia::ErrorCode::ApiConfigDownloadError;
+    }
+
+    qDebug() << "something went wrong";
+    return amnezia::ErrorCode::InternalError;
+}
+
+bool apiUtils::isPremiumServer(const QJsonObject &serverConfigObject)
+{
+    static const QSet<apiDefs::ConfigType> premiumTypes = { apiDefs::ConfigType::AmneziaPremiumV1, apiDefs::ConfigType::AmneziaPremiumV2,
+                                                            apiDefs::ConfigType::ExternalPremium };
+    return premiumTypes.contains(getConfigType(serverConfigObject));
+}
+
+QString apiUtils::getPremiumV1VpnKey(const QJsonObject &serverConfigObject)
+{
+    if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV1) {
+        return {};
+    }
+
+    QList<QPair<QString, QVariant>> orderedFields;
+    orderedFields.append(qMakePair(apiDefs::key::name, serverConfigObject[apiDefs::key::name].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::description, serverConfigObject[apiDefs::key::description].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::configVersion, serverConfigObject[apiDefs::key::configVersion].toDouble()));
+    orderedFields.append(qMakePair(apiDefs::key::protocol, serverConfigObject[apiDefs::key::protocol].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::apiEndpoint, serverConfigObject[apiDefs::key::apiEndpoint].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::apiKey, serverConfigObject[apiDefs::key::apiKey].toString()));
+
+    QString vpnKeyStr = "{";
+    for (int i = 0; i < orderedFields.size(); ++i) {
+        const auto &pair = orderedFields[i];
+        if (pair.second.typeId() == QMetaType::Type::QString) {
+            vpnKeyStr += "\"" + pair.first + "\": \"" + pair.second.toString() + "\"";
+        } else if (pair.second.typeId() == QMetaType::Type::Double || pair.second.typeId() == QMetaType::Type::Int) {
+            vpnKeyStr += "\"" + pair.first + "\": " + QString::number(pair.second.toDouble(), 'f', 1);
+        }
+
+        if (i < orderedFields.size() - 1) {
+            vpnKeyStr += ", ";
+        }
+    }
+    vpnKeyStr += "}";
+
+    QByteArray vpnKeyCompressed = escapeUnicode(vpnKeyStr).toUtf8();
+    vpnKeyCompressed = qCompress(vpnKeyCompressed, 6);
+    vpnKeyCompressed = vpnKeyCompressed.mid(4);
+
+    QByteArray signedData = AMNEZIA_CONFIG_SIGNATURE + vpnKeyCompressed;
+
+    return QString("vpn://%1").arg(QString(signedData.toBase64(QByteArray::Base64UrlEncoding)));
+}

client/core/api/apiUtils.h

@@ -0,0 +1,26 @@
+#ifndef APIUTILS_H
+#define APIUTILS_H
+
+#include <QNetworkReply>
+#include <QObject>
+
+#include "apiDefs.h"
+#include "core/defs.h"
+
+namespace apiUtils
+{
+    bool isServerFromApi(const QJsonObject &serverConfigObject);
+
+    bool isSubscriptionExpired(const QString &subscriptionEndDate);
+
+    bool isPremiumServer(const QJsonObject &serverConfigObject);
+
+    apiDefs::ConfigType getConfigType(const QJsonObject &serverConfigObject);
+    apiDefs::ConfigSource getConfigSource(const QJsonObject &serverConfigObject);
+
+    amnezia::ErrorCode checkNetworkReplyErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply);
+
+    QString getPremiumV1VpnKey(const QJsonObject &serverConfigObject);
+}
+
+#endif // APIUTILS_H

client/core/controllers/apiController.cpp

@@ -1,509 +0,0 @@
-#include "apiController.h"
-
-#include <algorithm>
-#include <random>
-
-#include <QEventLoop>
-#include <QNetworkAccessManager>
-#include <QNetworkReply>
-#include <QtConcurrent>
-
-#include "QBlockCipher.h"
-#include "QRsa.h"
-
-#include "amnezia_application.h"
-#include "configurators/wireguard_configurator.h"
-#include "core/enums/apiEnums.h"
-#include "utilities.h"
-#include "version.h"
-
-namespace
-{
-    namespace configKey
-    {
-        constexpr char cloak[] = "cloak";
-        constexpr char awg[] = "awg";
-
-        constexpr char apiEdnpoint[] = "api_endpoint";
-        constexpr char accessToken[] = "api_key";
-        constexpr char certificate[] = "certificate";
-        constexpr char publicKey[] = "public_key";
-        constexpr char protocol[] = "protocol";
-
-        constexpr char uuid[] = "installation_uuid";
-        constexpr char osVersion[] = "os_version";
-        constexpr char appVersion[] = "app_version";
-
-        constexpr char userCountryCode[] = "user_country_code";
-        constexpr char serverCountryCode[] = "server_country_code";
-        constexpr char serviceType[] = "service_type";
-        constexpr char serviceInfo[] = "service_info";
-
-        constexpr char aesKey[] = "aes_key";
-        constexpr char aesIv[] = "aes_iv";
-        constexpr char aesSalt[] = "aes_salt";
-
-        constexpr char apiPayload[] = "api_payload";
-        constexpr char keyPayload[] = "key_payload";
-
-        constexpr char apiConfig[] = "api_config";
-        constexpr char authData[] = "auth_data";
-    }
-
-    const int requestTimeoutMsecs = 12 * 1000; // 12 secs
-
-    ErrorCode checkErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply)
-    {
-        if (!sslErrors.empty()) {
-            qDebug().noquote() << sslErrors;
-            return ErrorCode::ApiConfigSslError;
-        } else if (reply->error() == QNetworkReply::NoError) {
-            return ErrorCode::NoError;
-        } else if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
-                   || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
-            return ErrorCode::ApiConfigTimeoutError;
-        } else {
-            QString err = reply->errorString();
-            qDebug() << QString::fromUtf8(reply->readAll());
-            qDebug() << reply->error();
-            qDebug() << err;
-            qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
-            return ErrorCode::ApiConfigDownloadError;
-        }
-    }
-
-    bool shouldBypassProxy(QNetworkReply *reply, const QByteArray &responseBody, bool checkEncryption, const QByteArray &key = "",
-                           const QByteArray &iv = "", const QByteArray &salt = "")
-    {
-        if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
-            || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
-            qDebug() << "Timeout occurred";
-            return true;
-        } else if (responseBody.contains("html")) {
-            qDebug() << "The response contains an html tag";
-            return true;
-        } else if (checkEncryption) {
-            try {
-                QSimpleCrypto::QBlockCipher blockCipher;
-                static_cast<void>(blockCipher.decryptAesBlockCipher(responseBody, key, iv, "", salt));
-            } catch (...) {
-                qDebug() << "Failed to decrypt the data";
-                return true;
-            }
-        }
-        return false;
-    }
-}
-
-ApiController::ApiController(const QString &gatewayEndpoint, bool isDevEnvironment, QObject *parent)
-    : QObject(parent), m_gatewayEndpoint(gatewayEndpoint), m_isDevEnvironment(isDevEnvironment)
-{
-}
-
-void ApiController::fillServerConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData,
-                                     const QByteArray &apiResponseBody, QJsonObject &serverConfig)
-{
-    QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
-
-    data.replace("vpn://", "");
-    QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
-
-    if (ba.isEmpty()) {
-        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
-        return;
-    }
-
-    QByteArray ba_uncompressed = qUncompress(ba);
-    if (!ba_uncompressed.isEmpty()) {
-        ba = ba_uncompressed;
-    }
-
-    QString configStr = ba;
-    if (protocol == configKey::cloak) {
-        configStr.replace("<key>", "<key>\n");
-        configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
-    } else if (protocol == configKey::awg) {
-        configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
-        auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-        auto containers = newServerConfig.value(config_key::containers).toArray();
-        if (containers.isEmpty()) {
-            return; // todo process error
-        }
-        auto container = containers.at(0).toObject();
-        QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
-        auto containerConfig = container.value(containerName).toObject();
-        auto protocolConfig = QJsonDocument::fromJson(containerConfig.value(config_key::last_config).toString().toUtf8()).object();
-        containerConfig[config_key::junkPacketCount] = protocolConfig.value(config_key::junkPacketCount);
-        containerConfig[config_key::junkPacketMinSize] = protocolConfig.value(config_key::junkPacketMinSize);
-        containerConfig[config_key::junkPacketMaxSize] = protocolConfig.value(config_key::junkPacketMaxSize);
-        containerConfig[config_key::initPacketJunkSize] = protocolConfig.value(config_key::initPacketJunkSize);
-        containerConfig[config_key::responsePacketJunkSize] = protocolConfig.value(config_key::responsePacketJunkSize);
-        containerConfig[config_key::initPacketMagicHeader] = protocolConfig.value(config_key::initPacketMagicHeader);
-        containerConfig[config_key::responsePacketMagicHeader] = protocolConfig.value(config_key::responsePacketMagicHeader);
-        containerConfig[config_key::underloadPacketMagicHeader] = protocolConfig.value(config_key::underloadPacketMagicHeader);
-        containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
-        container[containerName] = containerConfig;
-        containers.replace(0, container);
-        newServerConfig[config_key::containers] = containers;
-        configStr = QString(QJsonDocument(newServerConfig).toJson());
-    }
-
-    QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-    serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
-    serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
-    serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
-    serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
-
-    if (newServerConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
-        serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
-        serverConfig[config_key::description] = newServerConfig.value(config_key::description);
-        serverConfig[config_key::name] = newServerConfig.value(config_key::name);
-    }
-
-    auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
-    serverConfig[config_key::defaultContainer] = defaultContainer;
-
-    QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
-    map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
-    auto apiConfig = QJsonObject::fromVariantMap(map);
-
-    if (newServerConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
-        apiConfig.insert(configKey::serviceInfo, QJsonDocument::fromJson(apiResponseBody).object().value(configKey::serviceInfo).toObject());
-    }
-
-    serverConfig[configKey::apiConfig] = apiConfig;
-
-    return;
-}
-
-QStringList ApiController::getProxyUrls()
-{
-    QNetworkRequest request;
-    request.setTransferTimeout(requestTimeoutMsecs);
-    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
-
-    QEventLoop wait;
-    QList<QSslError> sslErrors;
-    QNetworkReply *reply;
-
-    QStringList proxyStorageUrl;
-    if (m_isDevEnvironment) {
-        proxyStorageUrl = QStringList { DEV_S3_ENDPOINT };
-    } else {
-        proxyStorageUrl = QStringList { PROD_S3_ENDPOINT };
-    }
-
-    QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
-
-    for (const auto &proxyStorageUrl : proxyStorageUrl) {
-        request.setUrl(proxyStorageUrl);
-        reply = amnApp->manager()->get(request);
-
-        connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
-        connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-        wait.exec();
-
-        if (reply->error() == QNetworkReply::NetworkError::NoError) {
-            break;
-        }
-        reply->deleteLater();
-    }
-
-    auto encryptedResponseBody = reply->readAll();
-    reply->deleteLater();
-
-    EVP_PKEY *privateKey = nullptr;
-    QByteArray responseBody;
-    try {
-        if (!m_isDevEnvironment) {
-            QCryptographicHash hash(QCryptographicHash::Sha512);
-            hash.addData(key);
-            QByteArray hashResult = hash.result().toHex();
-
-            QByteArray key = QByteArray::fromHex(hashResult.left(64));
-            QByteArray iv = QByteArray::fromHex(hashResult.mid(64, 32));
-
-            QByteArray ba = QByteArray::fromBase64(encryptedResponseBody);
-
-            QSimpleCrypto::QBlockCipher blockCipher;
-            responseBody = blockCipher.decryptAesBlockCipher(ba, key, iv);
-        } else {
-            responseBody = encryptedResponseBody;
-        }
-    } catch (...) {
-        Utils::logException();
-        qCritical() << "error loading private key from environment variables or decrypting payload";
-        return {};
-    }
-
-    auto endpointsArray = QJsonDocument::fromJson(responseBody).array();
-
-    QStringList endpoints;
-    for (const auto &endpoint : endpointsArray) {
-        endpoints.push_back(endpoint.toString());
-    }
-    return endpoints;
-}
-
-ApiController::ApiPayloadData ApiController::generateApiPayloadData(const QString &protocol)
-{
-    ApiController::ApiPayloadData apiPayload;
-    if (protocol == configKey::cloak) {
-        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
-    } else if (protocol == configKey::awg) {
-        auto connData = WireguardConfigurator::genClientKeys();
-        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
-        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
-    }
-    return apiPayload;
-}
-
-QJsonObject ApiController::fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData)
-{
-    QJsonObject obj;
-    if (protocol == configKey::cloak) {
-        obj[configKey::certificate] = apiPayloadData.certRequest.request;
-    } else if (protocol == configKey::awg) {
-        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
-    }
-
-    obj[configKey::osVersion] = QSysInfo::productType();
-    obj[configKey::appVersion] = QString(APP_VERSION);
-
-    return obj;
-}
-
-void ApiController::updateServerConfigFromApi(const QString &installationUuid, const int serverIndex, QJsonObject serverConfig)
-{
-#ifdef Q_OS_IOS
-    IosController::Instance()->requestInetAccess();
-    QThread::msleep(10);
-#endif
-
-    if (serverConfig.value(config_key::configVersion).toInt()) {
-        QNetworkRequest request;
-        request.setTransferTimeout(requestTimeoutMsecs);
-        request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
-        request.setRawHeader("Authorization", "Api-Key " + serverConfig.value(configKey::accessToken).toString().toUtf8());
-        QString endpoint = serverConfig.value(configKey::apiEdnpoint).toString();
-        request.setUrl(endpoint);
-
-        QString protocol = serverConfig.value(configKey::protocol).toString();
-
-        ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
-
-        QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-        apiPayload[configKey::uuid] = installationUuid;
-
-        QByteArray requestBody = QJsonDocument(apiPayload).toJson();
-
-        QNetworkReply *reply = amnApp->manager()->post(request, requestBody);
-
-        QObject::connect(reply, &QNetworkReply::finished, [this, reply, protocol, apiPayloadData, serverIndex, serverConfig]() mutable {
-            if (reply->error() == QNetworkReply::NoError) {
-                auto apiResponseBody = reply->readAll();
-                fillServerConfig(protocol, apiPayloadData, apiResponseBody, serverConfig);
-                emit finished(serverConfig, serverIndex);
-            } else {
-                if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
-                    || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
-                    emit errorOccurred(ErrorCode::ApiConfigTimeoutError);
-                } else if (reply->error() == QNetworkReply::NetworkError::SslHandshakeFailedError) {
-                    emit errorOccurred(ErrorCode::ApiConfigSslError);
-                } else {
-                    QString err = reply->errorString();
-                    qDebug() << QString::fromUtf8(reply->readAll());
-                    qDebug() << reply->error();
-                    qDebug() << err;
-                    qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
-                    emit errorOccurred(ErrorCode::ApiConfigDownloadError);
-                }
-            }
-
-            reply->deleteLater();
-        });
-
-        QObject::connect(reply, &QNetworkReply::errorOccurred,
-                         [this, reply](QNetworkReply::NetworkError error) { qDebug() << reply->errorString() << error; });
-
-        connect(reply, &QNetworkReply::sslErrors, [this, reply](const QList<QSslError> &errors) { qDebug().noquote() << errors; });
-    }
-}
-
-ErrorCode ApiController::getServicesList(QByteArray &responseBody)
-{
-#ifdef Q_OS_IOS
-    IosController::Instance()->requestInetAccess();
-    QThread::msleep(10);
-#endif
-
-    QNetworkRequest request;
-    request.setTransferTimeout(requestTimeoutMsecs);
-    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
-
-    request.setUrl(QString("%1v1/services").arg(m_gatewayEndpoint));
-
-    QNetworkReply *reply;
-    reply = amnApp->manager()->get(request);
-
-    QEventLoop wait;
-    QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
-
-    QList<QSslError> sslErrors;
-    connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-    wait.exec();
-
-    responseBody = reply->readAll();
-
-    if (sslErrors.isEmpty() && shouldBypassProxy(reply, responseBody, false)) {
-        m_proxyUrls = getProxyUrls();
-        std::random_device randomDevice;
-        std::mt19937 generator(randomDevice());
-        std::shuffle(m_proxyUrls.begin(), m_proxyUrls.end(), generator);
-        for (const QString &proxyUrl : m_proxyUrls) {
-            qDebug() << "Go to the next endpoint";
-            request.setUrl(QString("%1v1/services").arg(proxyUrl));
-            reply->deleteLater(); // delete the previous reply
-            reply = amnApp->manager()->get(request);
-
-            QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
-            connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-            wait.exec();
-
-            responseBody = reply->readAll();
-            if (!sslErrors.isEmpty() || !shouldBypassProxy(reply, responseBody, false)) {
-                break;
-            }
-        }
-    }
-
-    auto errorCode = checkErrors(sslErrors, reply);
-    reply->deleteLater();
-
-    if (errorCode == ErrorCode::NoError) {
-        if (!responseBody.contains("services")) {
-            return ErrorCode::ApiServicesMissingError;
-        }
-    }
-
-    return errorCode;
-}
-
-ErrorCode ApiController::getConfigForService(const QString &installationUuid, const QString &userCountryCode, const QString &serviceType,
-                                             const QString &protocol, const QString &serverCountryCode, const QJsonObject &authData,
-                                             QJsonObject &serverConfig)
-{
-#ifdef Q_OS_IOS
-    IosController::Instance()->requestInetAccess();
-    QThread::msleep(10);
-#endif
-
-    QNetworkRequest request;
-    request.setTransferTimeout(requestTimeoutMsecs);
-    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
-
-    request.setUrl(QString("%1v1/config").arg(m_gatewayEndpoint));
-
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
-
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = userCountryCode;
-    if (!serverCountryCode.isEmpty()) {
-        apiPayload[configKey::serverCountryCode] = serverCountryCode;
-    }
-    apiPayload[configKey::serviceType] = serviceType;
-    apiPayload[configKey::uuid] = installationUuid;
-    if (!authData.isEmpty()) {
-        apiPayload[configKey::authData] = authData;
-    }
-
-    QSimpleCrypto::QBlockCipher blockCipher;
-    QByteArray key = blockCipher.generatePrivateSalt(32);
-    QByteArray iv = blockCipher.generatePrivateSalt(32);
-    QByteArray salt = blockCipher.generatePrivateSalt(8);
-
-    QJsonObject keyPayload;
-    keyPayload[configKey::aesKey] = QString(key.toBase64());
-    keyPayload[configKey::aesIv] = QString(iv.toBase64());
-    keyPayload[configKey::aesSalt] = QString(salt.toBase64());
-
-    QByteArray encryptedKeyPayload;
-    QByteArray encryptedApiPayload;
-    try {
-        QSimpleCrypto::QRsa rsa;
-
-        EVP_PKEY *publicKey = nullptr;
-        try {
-            QByteArray rsaKey = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
-            QSimpleCrypto::QRsa rsa;
-            publicKey = rsa.getPublicKeyFromByteArray(rsaKey);
-        } catch (...) {
-            Utils::logException();
-            qCritical() << "error loading public key from environment variables";
-            return ErrorCode::ApiMissingAgwPublicKey;
-        }
-
-        encryptedKeyPayload = rsa.encrypt(QJsonDocument(keyPayload).toJson(), publicKey, RSA_PKCS1_PADDING);
-        EVP_PKEY_free(publicKey);
-
-        encryptedApiPayload = blockCipher.encryptAesBlockCipher(QJsonDocument(apiPayload).toJson(), key, iv, "", salt);
-    } catch (...) { // todo change error handling in QSimpleCrypto?
-        Utils::logException();
-        qCritical() << "error when encrypting the request body";
-        return ErrorCode::ApiConfigDecryptionError;
-    }
-
-    QJsonObject requestBody;
-    requestBody[configKey::keyPayload] = QString(encryptedKeyPayload.toBase64());
-    requestBody[configKey::apiPayload] = QString(encryptedApiPayload.toBase64());
-
-    QNetworkReply *reply = amnApp->manager()->post(request, QJsonDocument(requestBody).toJson());
-
-    QEventLoop wait;
-    connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
-
-    QList<QSslError> sslErrors;
-    connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-    wait.exec();
-
-    auto encryptedResponseBody = reply->readAll();
-
-    if (sslErrors.isEmpty() && shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
-        m_proxyUrls = getProxyUrls();
-        std::random_device randomDevice;
-        std::mt19937 generator(randomDevice());
-        std::shuffle(m_proxyUrls.begin(), m_proxyUrls.end(), generator);
-        for (const QString &proxyUrl : m_proxyUrls) {
-            qDebug() << "Go to the next endpoint";
-            request.setUrl(QString("%1v1/config").arg(proxyUrl));
-            reply->deleteLater(); // delete the previous reply
-            reply = amnApp->manager()->post(request, QJsonDocument(requestBody).toJson());
-
-            QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
-            connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-            wait.exec();
-
-            encryptedResponseBody = reply->readAll();
-            if (!sslErrors.isEmpty() || !shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
-                break;
-            }
-        }
-    }
-
-    auto errorCode = checkErrors(sslErrors, reply);
-    reply->deleteLater();
-    if (errorCode) {
-        return errorCode;
-    }
-
-    try {
-        auto responseBody = blockCipher.decryptAesBlockCipher(encryptedResponseBody, key, iv, "", salt);
-        fillServerConfig(protocol, apiPayloadData, responseBody, serverConfig);
-    } catch (...) { // todo change error handling in QSimpleCrypto?
-        Utils::logException();
-        qCritical() << "error when decrypting the request body";
-        return ErrorCode::ApiConfigDecryptionError;
-    }
-
-    return errorCode;
-}

client/core/controllers/apiController.h

@@ -1,50 +0,0 @@
-#ifndef APICONTROLLER_H
-#define APICONTROLLER_H
-
-#include <QObject>
-
-#include "configurators/openvpn_configurator.h"
-
-#ifdef Q_OS_IOS
-    #include "platforms/ios/ios_controller.h"
-#endif
-
-class ApiController : public QObject
-{
-    Q_OBJECT
-
-public:
-    explicit ApiController(const QString &gatewayEndpoint, bool isDevEnvironment, QObject *parent = nullptr);
-
-public slots:
-    void updateServerConfigFromApi(const QString &installationUuid, const int serverIndex, QJsonObject serverConfig);
-
-    ErrorCode getServicesList(QByteArray &responseBody);
-    ErrorCode getConfigForService(const QString &installationUuid, const QString &userCountryCode, const QString &serviceType,
-                                  const QString &protocol, const QString &serverCountryCode, const QJsonObject &authData, QJsonObject &serverConfig);
-
-signals:
-    void errorOccurred(ErrorCode errorCode);
-    void finished(const QJsonObject &config, const int serverIndex);
-
-private:
-    struct ApiPayloadData
-    {
-        OpenVpnConfigurator::ConnectionData certRequest;
-
-        QString wireGuardClientPrivKey;
-        QString wireGuardClientPubKey;
-    };
-
-    ApiPayloadData generateApiPayloadData(const QString &protocol);
-    QJsonObject fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData);
-    void fillServerConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, const QByteArray &apiResponseBody,
-                          QJsonObject &serverConfig);
-    QStringList getProxyUrls();
-
-    QString m_gatewayEndpoint;
-    QStringList m_proxyUrls;
-    bool m_isDevEnvironment = false;
-};
-
-#endif // APICONTROLLER_H

client/core/controllers/coreController.cpp

@@ -0,0 +1,399 @@
+#include "coreController.h"
+
+#include <QDirIterator>
+#include <QTranslator>
+
+#if defined(Q_OS_ANDROID)
+    #include "core/installedAppsImageProvider.h"
+    #include "platforms/android/android_controller.h"
+#endif
+
+#if defined(Q_OS_IOS)
+    #include "platforms/ios/ios_controller.h"
+    #include <AmneziaVPN-Swift.h>
+#endif
+
+CoreController::CoreController(const QSharedPointer<VpnConnection> &vpnConnection, const std::shared_ptr<Settings> &settings,
+                               QQmlApplicationEngine *engine, QObject *parent)
+    : QObject(parent), m_vpnConnection(vpnConnection), m_settings(settings), m_engine(engine)
+{
+    initModels();
+    initControllers();
+    initSignalHandlers();
+
+    initAndroidController();
+    initAppleController();
+
+    initNotificationHandler();
+
+    auto locale = m_settings->getAppLanguage();
+    m_translator.reset(new QTranslator());
+    updateTranslator(locale);
+}
+
+void CoreController::initModels()
+{
+    m_containersModel.reset(new ContainersModel(this));
+    m_engine->rootContext()->setContextProperty("ContainersModel", m_containersModel.get());
+
+    m_defaultServerContainersModel.reset(new ContainersModel(this));
+    m_engine->rootContext()->setContextProperty("DefaultServerContainersModel", m_defaultServerContainersModel.get());
+
+    m_serversModel.reset(new ServersModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("ServersModel", m_serversModel.get());
+
+    m_languageModel.reset(new LanguageModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("LanguageModel", m_languageModel.get());
+
+    m_sitesModel.reset(new SitesModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("SitesModel", m_sitesModel.get());
+
+    m_allowedDnsModel.reset(new AllowedDnsModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("AllowedDnsModel", m_allowedDnsModel.get());
+
+    m_appSplitTunnelingModel.reset(new AppSplitTunnelingModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("AppSplitTunnelingModel", m_appSplitTunnelingModel.get());
+
+    m_protocolsModel.reset(new ProtocolsModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("ProtocolsModel", m_protocolsModel.get());
+
+    m_openVpnConfigModel.reset(new OpenVpnConfigModel(this));
+    m_engine->rootContext()->setContextProperty("OpenVpnConfigModel", m_openVpnConfigModel.get());
+
+    m_shadowSocksConfigModel.reset(new ShadowSocksConfigModel(this));
+    m_engine->rootContext()->setContextProperty("ShadowSocksConfigModel", m_shadowSocksConfigModel.get());
+
+    m_cloakConfigModel.reset(new CloakConfigModel(this));
+    m_engine->rootContext()->setContextProperty("CloakConfigModel", m_cloakConfigModel.get());
+
+    m_wireGuardConfigModel.reset(new WireGuardConfigModel(this));
+    m_engine->rootContext()->setContextProperty("WireGuardConfigModel", m_wireGuardConfigModel.get());
+
+    m_awgConfigModel.reset(new AwgConfigModel(this));
+    m_engine->rootContext()->setContextProperty("AwgConfigModel", m_awgConfigModel.get());
+
+    m_xrayConfigModel.reset(new XrayConfigModel(this));
+    m_engine->rootContext()->setContextProperty("XrayConfigModel", m_xrayConfigModel.get());
+
+#ifdef Q_OS_WINDOWS
+    m_ikev2ConfigModel.reset(new Ikev2ConfigModel(this));
+    m_engine->rootContext()->setContextProperty("Ikev2ConfigModel", m_ikev2ConfigModel.get());
+#endif
+
+    m_sftpConfigModel.reset(new SftpConfigModel(this));
+    m_engine->rootContext()->setContextProperty("SftpConfigModel", m_sftpConfigModel.get());
+
+    m_socks5ConfigModel.reset(new Socks5ProxyConfigModel(this));
+    m_engine->rootContext()->setContextProperty("Socks5ProxyConfigModel", m_socks5ConfigModel.get());
+
+    m_clientManagementModel.reset(new ClientManagementModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("ClientManagementModel", m_clientManagementModel.get());
+
+    m_apiServicesModel.reset(new ApiServicesModel(this));
+    m_engine->rootContext()->setContextProperty("ApiServicesModel", m_apiServicesModel.get());
+
+    m_apiCountryModel.reset(new ApiCountryModel(this));
+    m_engine->rootContext()->setContextProperty("ApiCountryModel", m_apiCountryModel.get());
+
+    m_apiAccountInfoModel.reset(new ApiAccountInfoModel(this));
+    m_engine->rootContext()->setContextProperty("ApiAccountInfoModel", m_apiAccountInfoModel.get());
+
+    m_apiDevicesModel.reset(new ApiDevicesModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("ApiDevicesModel", m_apiDevicesModel.get());
+}
+
+void CoreController::initControllers()
+{
+    m_connectionController.reset(
+            new ConnectionController(m_serversModel, m_containersModel, m_clientManagementModel, m_vpnConnection, m_settings));
+    m_engine->rootContext()->setContextProperty("ConnectionController", m_connectionController.get());
+
+    m_pageController.reset(new PageController(m_serversModel, m_settings));
+    m_engine->rootContext()->setContextProperty("PageController", m_pageController.get());
+
+    m_focusController.reset(new FocusController(m_engine, this));
+    m_engine->rootContext()->setContextProperty("FocusController", m_focusController.get());
+
+    m_installController.reset(new InstallController(m_serversModel, m_containersModel, m_protocolsModel, m_clientManagementModel, m_settings));
+    m_engine->rootContext()->setContextProperty("InstallController", m_installController.get());
+
+    connect(m_installController.get(), &InstallController::currentContainerUpdated, m_connectionController.get(),
+            &ConnectionController::onCurrentContainerUpdated); // TODO remove this
+
+    m_importController.reset(new ImportController(m_serversModel, m_containersModel, m_settings));
+    m_engine->rootContext()->setContextProperty("ImportController", m_importController.get());
+
+    m_exportController.reset(new ExportController(m_serversModel, m_containersModel, m_clientManagementModel, m_settings));
+    m_engine->rootContext()->setContextProperty("ExportController", m_exportController.get());
+
+    m_settingsController.reset(
+            new SettingsController(m_serversModel, m_containersModel, m_languageModel, m_sitesModel, m_appSplitTunnelingModel, m_settings));
+    m_engine->rootContext()->setContextProperty("SettingsController", m_settingsController.get());
+
+    m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
+    m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());
+
+    m_allowedDnsController.reset(new AllowedDnsController(m_settings, m_allowedDnsModel));
+    m_engine->rootContext()->setContextProperty("AllowedDnsController", m_allowedDnsController.get());
+
+    m_appSplitTunnelingController.reset(new AppSplitTunnelingController(m_settings, m_appSplitTunnelingModel));
+    m_engine->rootContext()->setContextProperty("AppSplitTunnelingController", m_appSplitTunnelingController.get());
+
+    m_systemController.reset(new SystemController(m_settings));
+    m_engine->rootContext()->setContextProperty("SystemController", m_systemController.get());
+
+    m_apiSettingsController.reset(
+            new ApiSettingsController(m_serversModel, m_apiAccountInfoModel, m_apiCountryModel, m_apiDevicesModel, m_settings));
+    m_engine->rootContext()->setContextProperty("ApiSettingsController", m_apiSettingsController.get());
+
+    m_apiConfigsController.reset(new ApiConfigsController(m_serversModel, m_apiServicesModel, m_settings));
+    m_engine->rootContext()->setContextProperty("ApiConfigsController", m_apiConfigsController.get());
+
+    m_apiPremV1MigrationController.reset(new ApiPremV1MigrationController(m_serversModel, m_settings, this));
+    m_engine->rootContext()->setContextProperty("ApiPremV1MigrationController", m_apiPremV1MigrationController.get());
+}
+
+void CoreController::initAndroidController()
+{
+#ifdef Q_OS_ANDROID
+    if (!AndroidController::initLogging()) {
+        qFatal("Android logging initialization failed");
+    }
+    AndroidController::instance()->setSaveLogs(m_settings->isSaveLogs());
+    connect(m_settings.get(), &Settings::saveLogsChanged, AndroidController::instance(), &AndroidController::setSaveLogs);
+
+    AndroidController::instance()->setScreenshotsEnabled(m_settings->isScreenshotsEnabled());
+    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, AndroidController::instance(), &AndroidController::setScreenshotsEnabled);
+
+    connect(m_settings.get(), &Settings::serverRemoved, AndroidController::instance(), &AndroidController::resetLastServer);
+
+    connect(m_settings.get(), &Settings::settingsCleared, []() { AndroidController::instance()->resetLastServer(-1); });
+
+    connect(AndroidController::instance(), &AndroidController::initConnectionState, this, [this](Vpn::ConnectionState state) {
+        m_connectionController->onConnectionStateChanged(state);
+        if (m_vpnConnection)
+            m_vpnConnection->restoreConnection();
+    });
+    if (!AndroidController::instance()->initialize()) {
+        qFatal("Android controller initialization failed");
+    }
+
+    connect(AndroidController::instance(), &AndroidController::importConfigFromOutside, this, [this](QString data) {
+        emit m_pageController->goToPageHome();
+        m_importController->extractConfigFromData(data);
+        data.clear();
+        emit m_pageController->goToPageViewConfig();
+    });
+
+    m_engine->addImageProvider(QLatin1String("installedAppImage"), new InstalledAppsImageProvider);
+#endif
+}
+
+void CoreController::initAppleController()
+{
+#ifdef Q_OS_IOS
+    IosController::Instance()->initialize();
+    connect(IosController::Instance(), &IosController::importConfigFromOutside, this, [this](QString data) {
+        emit m_pageController->goToPageHome();
+        m_importController->extractConfigFromData(data);
+        emit m_pageController->goToPageViewConfig();
+    });
+
+    connect(IosController::Instance(), &IosController::importBackupFromOutside, this, [this](QString filePath) {
+        emit m_pageController->goToPageHome();
+        m_pageController->goToPageSettingsBackup();
+        emit m_settingsController->importBackupFromOutside(filePath);
+    });
+
+    QTimer::singleShot(0, this, [this]() { AmneziaVPN::toggleScreenshots(m_settings->isScreenshotsEnabled()); });
+
+    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, [](bool enabled) { AmneziaVPN::toggleScreenshots(enabled); });
+#endif
+}
+
+void CoreController::initSignalHandlers()
+{
+    initErrorMessagesHandler();
+
+    initApiCountryModelUpdateHandler();
+    initContainerModelUpdateHandler();
+    initAdminConfigRevokedHandler();
+    initPassphraseRequestHandler();
+    initTranslationsUpdatedHandler();
+    initAutoConnectHandler();
+    initAmneziaDnsToggledHandler();
+    initPrepareConfigHandler();
+    initImportPremiumV2VpnKeyHandler();
+    initShowMigrationDrawerHandler();
+    initStrictKillSwitchHandler();
+}
+
+void CoreController::initNotificationHandler()
+{
+#ifndef Q_OS_ANDROID
+    m_notificationHandler.reset(NotificationHandler::create(nullptr));
+
+    connect(m_vpnConnection.get(), &VpnConnection::connectionStateChanged, m_notificationHandler.get(),
+            &NotificationHandler::setConnectionState);
+
+    connect(m_notificationHandler.get(), &NotificationHandler::raiseRequested, m_pageController.get(), &PageController::raiseMainWindow);
+    connect(m_notificationHandler.get(), &NotificationHandler::connectRequested, m_connectionController.get(),
+            static_cast<void (ConnectionController::*)()>(&ConnectionController::openConnection));
+    connect(m_notificationHandler.get(), &NotificationHandler::disconnectRequested, m_connectionController.get(),
+            &ConnectionController::closeConnection);
+    connect(this, &CoreController::translationsUpdated, m_notificationHandler.get(), &NotificationHandler::onTranslationsUpdated);
+#endif
+}
+
+void CoreController::updateTranslator(const QLocale &locale)
+{
+    if (!m_translator->isEmpty()) {
+        QCoreApplication::removeTranslator(m_translator.get());
+    }
+
+    QStringList availableTranslations;
+    QDirIterator it(":/translations", QStringList("amneziavpn_*.qm"), QDir::Files);
+    while (it.hasNext()) {
+        availableTranslations << it.next();
+    }
+
+    // This code allow to load translation for the language only, without country code
+    const QString lang = locale.name().split("_").first();
+    const QString translationFilePrefix = QString(":/translations/amneziavpn_") + lang;
+    QString strFileName = QString(":/translations/amneziavpn_%1.qm").arg(locale.name());
+    for (const QString &translation : availableTranslations) {
+        if (translation.contains(translationFilePrefix)) {
+            strFileName = translation;
+            break;
+        }
+    }
+
+    if (m_translator->load(strFileName)) {
+        if (QCoreApplication::installTranslator(m_translator.get())) {
+            m_settings->setAppLanguage(locale);
+        }
+    } else {
+        m_settings->setAppLanguage(QLocale::English);
+    }
+
+    m_engine->retranslate();
+
+    emit translationsUpdated();
+}
+
+void CoreController::initErrorMessagesHandler()
+{
+    connect(m_connectionController.get(), &ConnectionController::connectionErrorOccurred, this, [this](ErrorCode errorCode) {
+        emit m_pageController->showErrorMessage(errorCode);
+        emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
+    });
+
+    connect(m_apiConfigsController.get(), &ApiConfigsController::errorOccurred, m_pageController.get(),
+            qOverload<ErrorCode>(&PageController::showErrorMessage));
+}
+
+void CoreController::setQmlRoot()
+{
+    m_systemController->setQmlRoot(m_engine->rootObjects().value(0));
+}
+
+void CoreController::initApiCountryModelUpdateHandler()
+{
+    // TODO
+    connect(m_serversModel.get(), &ServersModel::updateApiCountryModel, this, [this]() {
+        m_apiCountryModel->updateModel(m_serversModel->getProcessedServerData("apiAvailableCountries").toJsonArray(),
+                                       m_serversModel->getProcessedServerData("apiServerCountryCode").toString());
+    });
+    connect(m_serversModel.get(), &ServersModel::updateApiServicesModel, this,
+            [this]() { m_apiServicesModel->updateModel(m_serversModel->getProcessedServerData("apiConfig").toJsonObject()); });
+}
+
+void CoreController::initContainerModelUpdateHandler()
+{
+    connect(m_serversModel.get(), &ServersModel::containersUpdated, m_containersModel.get(), &ContainersModel::updateModel);
+    connect(m_serversModel.get(), &ServersModel::defaultServerContainersUpdated, m_defaultServerContainersModel.get(),
+            &ContainersModel::updateModel);
+    m_serversModel->resetModel();
+}
+
+void CoreController::initAdminConfigRevokedHandler()
+{
+    connect(m_clientManagementModel.get(), &ClientManagementModel::adminConfigRevoked, m_serversModel.get(),
+            &ServersModel::clearCachedProfile);
+}
+
+void CoreController::initPassphraseRequestHandler()
+{
+    connect(m_installController.get(), &InstallController::passphraseRequestStarted, m_pageController.get(),
+            &PageController::showPassphraseRequestDrawer);
+    connect(m_pageController.get(), &PageController::passphraseRequestDrawerClosed, m_installController.get(),
+            &InstallController::setEncryptedPassphrase);
+}
+
+void CoreController::initTranslationsUpdatedHandler()
+{
+    connect(m_languageModel.get(), &LanguageModel::updateTranslations, this, &CoreController::updateTranslator);
+    connect(this, &CoreController::translationsUpdated, m_languageModel.get(), &LanguageModel::translationsUpdated);
+    connect(this, &CoreController::translationsUpdated, m_connectionController.get(), &ConnectionController::onTranslationsUpdated);
+}
+
+void CoreController::initAutoConnectHandler()
+{
+    if (m_settingsController->isAutoConnectEnabled() && m_serversModel->getDefaultServerIndex() >= 0) {
+        QTimer::singleShot(1000, this, [this]() { m_connectionController->openConnection(); });
+    }
+}
+
+void CoreController::initAmneziaDnsToggledHandler()
+{
+    connect(m_settingsController.get(), &SettingsController::amneziaDnsToggled, m_serversModel.get(), &ServersModel::toggleAmneziaDns);
+}
+
+void CoreController::initPrepareConfigHandler()
+{
+    connect(m_connectionController.get(), &ConnectionController::prepareConfig, this, [this]() {
+        emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Preparing);
+
+        if (!m_apiConfigsController->isConfigValid()) {
+            emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
+            return;
+        }
+
+        if (!m_installController->isConfigValid()) {
+            emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
+            return;
+        }
+
+        m_connectionController->openConnection();
+    });
+}
+
+void CoreController::initImportPremiumV2VpnKeyHandler()
+{
+    connect(m_apiPremV1MigrationController.get(), &ApiPremV1MigrationController::importPremiumV2VpnKey, this, [this](const QString &vpnKey) {
+        m_importController->extractConfigFromData(vpnKey);
+        m_importController->importConfig();
+
+        emit m_apiPremV1MigrationController->migrationFinished();
+    });
+}
+
+void CoreController::initShowMigrationDrawerHandler()
+{
+    QTimer::singleShot(1000, this, [this]() {
+        if (m_apiPremV1MigrationController->isPremV1MigrationReminderActive() && m_apiPremV1MigrationController->hasConfigsToMigration()) {
+            m_apiPremV1MigrationController->showMigrationDrawer();
+        }
+    });
+}
+
+void CoreController::initStrictKillSwitchHandler()
+{
+    connect(m_settingsController.get(), &SettingsController::strictKillSwitchEnabledChanged, m_vpnConnection.get(),
+            &VpnConnection::onKillSwitchModeChanged);
+}
+
+QSharedPointer<PageController> CoreController::pageController() const
+{
+    return m_pageController;
+}

client/core/controllers/coreController.h

@@ -0,0 +1,145 @@
+#ifndef CORECONTROLLER_H
+#define CORECONTROLLER_H
+
+#include <QObject>
+#include <QQmlContext>
+#include <QThread>
+
+#include "ui/controllers/api/apiConfigsController.h"
+#include "ui/controllers/api/apiSettingsController.h"
+#include "ui/controllers/api/apiPremV1MigrationController.h"
+#include "ui/controllers/appSplitTunnelingController.h"
+#include "ui/controllers/allowedDnsController.h"
+#include "ui/controllers/connectionController.h"
+#include "ui/controllers/exportController.h"
+#include "ui/controllers/focusController.h"
+#include "ui/controllers/importController.h"
+#include "ui/controllers/installController.h"
+#include "ui/controllers/pageController.h"
+#include "ui/controllers/settingsController.h"
+#include "ui/controllers/sitesController.h"
+#include "ui/controllers/systemController.h"
+
+#include "ui/models/allowed_dns_model.h"
+#include "ui/models/containers_model.h"
+#include "ui/models/languageModel.h"
+#include "ui/models/protocols/cloakConfigModel.h"
+#ifdef Q_OS_WINDOWS
+    #include "ui/models/protocols/ikev2ConfigModel.h"
+#endif
+#include "ui/models/api/apiAccountInfoModel.h"
+#include "ui/models/api/apiCountryModel.h"
+#include "ui/models/api/apiDevicesModel.h"
+#include "ui/models/api/apiServicesModel.h"
+#include "ui/models/appSplitTunnelingModel.h"
+#include "ui/models/clientManagementModel.h"
+#include "ui/models/protocols/awgConfigModel.h"
+#include "ui/models/protocols/openvpnConfigModel.h"
+#include "ui/models/protocols/shadowsocksConfigModel.h"
+#include "ui/models/protocols/wireguardConfigModel.h"
+#include "ui/models/protocols/xrayConfigModel.h"
+#include "ui/models/protocols_model.h"
+#include "ui/models/servers_model.h"
+#include "ui/models/services/sftpConfigModel.h"
+#include "ui/models/services/socks5ProxyConfigModel.h"
+#include "ui/models/sites_model.h"
+
+#ifndef Q_OS_ANDROID
+    #include "ui/notificationhandler.h"
+#endif
+
+class CoreController : public QObject
+{
+    Q_OBJECT
+
+public:
+    explicit CoreController(const QSharedPointer<VpnConnection> &vpnConnection, const std::shared_ptr<Settings> &settings,
+                            QQmlApplicationEngine *engine, QObject *parent = nullptr);
+
+    QSharedPointer<PageController> pageController() const;
+    void setQmlRoot();
+
+signals:
+    void translationsUpdated();
+
+private:
+    void initModels();
+    void initControllers();
+    void initAndroidController();
+    void initAppleController();
+    void initSignalHandlers();
+
+    void initNotificationHandler();
+
+    void updateTranslator(const QLocale &locale);
+
+    void initErrorMessagesHandler();
+
+    void initApiCountryModelUpdateHandler();
+    void initContainerModelUpdateHandler();
+    void initAdminConfigRevokedHandler();
+    void initPassphraseRequestHandler();
+    void initTranslationsUpdatedHandler();
+    void initAutoConnectHandler();
+    void initAmneziaDnsToggledHandler();
+    void initPrepareConfigHandler();
+    void initImportPremiumV2VpnKeyHandler();
+    void initShowMigrationDrawerHandler();
+    void initStrictKillSwitchHandler();
+
+    QQmlApplicationEngine *m_engine {}; // TODO use parent child system here?
+    std::shared_ptr<Settings> m_settings;
+    QSharedPointer<VpnConnection> m_vpnConnection;
+    QSharedPointer<QTranslator> m_translator;
+
+#ifndef Q_OS_ANDROID
+    QScopedPointer<NotificationHandler> m_notificationHandler;
+#endif
+
+    QMetaObject::Connection m_reloadConfigErrorOccurredConnection;
+
+    QScopedPointer<ConnectionController> m_connectionController;
+    QScopedPointer<FocusController> m_focusController;
+    QSharedPointer<PageController> m_pageController; // TODO
+    QScopedPointer<InstallController> m_installController;
+    QScopedPointer<ImportController> m_importController;
+    QScopedPointer<ExportController> m_exportController;
+    QScopedPointer<SettingsController> m_settingsController;
+    QScopedPointer<SitesController> m_sitesController;
+    QScopedPointer<SystemController> m_systemController;
+    QScopedPointer<AppSplitTunnelingController> m_appSplitTunnelingController;
+    QScopedPointer<AllowedDnsController> m_allowedDnsController;
+
+    QScopedPointer<ApiSettingsController> m_apiSettingsController;
+    QScopedPointer<ApiConfigsController> m_apiConfigsController;
+    QScopedPointer<ApiPremV1MigrationController> m_apiPremV1MigrationController;
+
+    QSharedPointer<ContainersModel> m_containersModel;
+    QSharedPointer<ContainersModel> m_defaultServerContainersModel;
+    QSharedPointer<ServersModel> m_serversModel;
+    QSharedPointer<LanguageModel> m_languageModel;
+    QSharedPointer<ProtocolsModel> m_protocolsModel;
+    QSharedPointer<SitesModel> m_sitesModel;
+    QSharedPointer<AllowedDnsModel> m_allowedDnsModel;
+    QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
+    QSharedPointer<ClientManagementModel> m_clientManagementModel;
+
+    QSharedPointer<ApiServicesModel> m_apiServicesModel;
+    QSharedPointer<ApiCountryModel> m_apiCountryModel;
+    QSharedPointer<ApiAccountInfoModel> m_apiAccountInfoModel;
+    QSharedPointer<ApiDevicesModel> m_apiDevicesModel;
+
+    QScopedPointer<OpenVpnConfigModel> m_openVpnConfigModel;
+    QScopedPointer<ShadowSocksConfigModel> m_shadowSocksConfigModel;
+    QScopedPointer<CloakConfigModel> m_cloakConfigModel;
+    QScopedPointer<XrayConfigModel> m_xrayConfigModel;
+    QScopedPointer<WireGuardConfigModel> m_wireGuardConfigModel;
+    QScopedPointer<AwgConfigModel> m_awgConfigModel;
+#ifdef Q_OS_WINDOWS
+    QScopedPointer<Ikev2ConfigModel> m_ikev2ConfigModel;
+#endif
+    QScopedPointer<SftpConfigModel> m_sftpConfigModel;
+    QScopedPointer<Socks5ProxyConfigModel> m_socks5ConfigModel;
+};
+
+#endif // CORECONTROLLER_H

client/core/controllers/gatewayController.cpp

@@ -0,0 +1,364 @@
+#include "gatewayController.h"
+
+#include <algorithm>
+#include <random>
+
+#include <QJsonArray>
+#include <QJsonDocument>
+#include <QJsonObject>
+#include <QNetworkReply>
+#include <QUrl>
+
+#include "QBlockCipher.h"
+#include "QRsa.h"
+
+#include "amnezia_application.h"
+#include "core/api/apiUtils.h"
+#include "core/networkUtilities.h"
+#include "utilities.h"
+
+#ifdef AMNEZIA_DESKTOP
+    #include "core/ipcclient.h"
+#endif
+
+namespace
+{
+    namespace configKey
+    {
+        constexpr char aesKey[] = "aes_key";
+        constexpr char aesIv[] = "aes_iv";
+        constexpr char aesSalt[] = "aes_salt";
+
+        constexpr char apiPayload[] = "api_payload";
+        constexpr char keyPayload[] = "key_payload";
+    }
+
+    constexpr QLatin1String errorResponsePattern1("No active configuration found for");
+    constexpr QLatin1String errorResponsePattern2("No non-revoked public key found for");
+    constexpr QLatin1String errorResponsePattern3("Account not found.");
+
+    constexpr QLatin1String updateRequestResponsePattern("client version update is required");
+}
+
+GatewayController::GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
+                                     const bool isStrictKillSwitchEnabled, QObject *parent)
+    : QObject(parent),
+      m_gatewayEndpoint(gatewayEndpoint),
+      m_isDevEnvironment(isDevEnvironment),
+      m_requestTimeoutMsecs(requestTimeoutMsecs),
+      m_isStrictKillSwitchEnabled(isStrictKillSwitchEnabled)
+{
+}
+
+ErrorCode GatewayController::get(const QString &endpoint, QByteArray &responseBody)
+{
+#ifdef Q_OS_IOS
+    IosController::Instance()->requestInetAccess();
+    QThread::msleep(10);
+#endif
+
+    QNetworkRequest request;
+    request.setTransferTimeout(m_requestTimeoutMsecs);
+    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+
+    request.setUrl(QString(endpoint).arg(m_gatewayEndpoint));
+
+    // bypass killSwitch exceptions for API-gateway
+#ifdef AMNEZIA_DESKTOP
+    if (m_isStrictKillSwitchEnabled) {
+        QString host = QUrl(request.url()).host();
+        QString ip = NetworkUtilities::getIPAddress(host);
+        if (!ip.isEmpty()) {
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
+        }
+    }
+#endif
+
+    QNetworkReply *reply;
+    reply = amnApp->networkManager()->get(request);
+
+    QEventLoop wait;
+    QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
+
+    QList<QSslError> sslErrors;
+    connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
+    wait.exec();
+
+    responseBody = reply->readAll();
+
+    if (sslErrors.isEmpty() && shouldBypassProxy(reply, responseBody, false)) {
+        auto requestFunction = [&request, &responseBody](const QString &url) {
+            request.setUrl(url);
+            return amnApp->networkManager()->get(request);
+        };
+
+        auto replyProcessingFunction = [&responseBody, &reply, &sslErrors, this](QNetworkReply *nestedReply,
+                                                                                 const QList<QSslError> &nestedSslErrors) {
+            responseBody = nestedReply->readAll();
+            if (!sslErrors.isEmpty() || !shouldBypassProxy(nestedReply, responseBody, false)) {
+                sslErrors = nestedSslErrors;
+                reply = nestedReply;
+                return true;
+            }
+            return false;
+        };
+
+        bypassProxy(endpoint, reply, requestFunction, replyProcessingFunction);
+    }
+
+    auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, reply);
+    reply->deleteLater();
+
+    return errorCode;
+}
+
+ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody)
+{
+#ifdef Q_OS_IOS
+    IosController::Instance()->requestInetAccess();
+    QThread::msleep(10);
+#endif
+
+    QNetworkRequest request;
+    request.setTransferTimeout(m_requestTimeoutMsecs);
+    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+
+    request.setUrl(endpoint.arg(m_gatewayEndpoint));
+
+    // bypass killSwitch exceptions for API-gateway
+#ifdef AMNEZIA_DESKTOP
+    if (m_isStrictKillSwitchEnabled) {
+        QString host = QUrl(request.url()).host();
+        QString ip = NetworkUtilities::getIPAddress(host);
+        if (!ip.isEmpty()) {
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
+        }
+    }
+#endif
+
+    QSimpleCrypto::QBlockCipher blockCipher;
+    QByteArray key = blockCipher.generatePrivateSalt(32);
+    QByteArray iv = blockCipher.generatePrivateSalt(32);
+    QByteArray salt = blockCipher.generatePrivateSalt(8);
+
+    QJsonObject keyPayload;
+    keyPayload[configKey::aesKey] = QString(key.toBase64());
+    keyPayload[configKey::aesIv] = QString(iv.toBase64());
+    keyPayload[configKey::aesSalt] = QString(salt.toBase64());
+
+    QByteArray encryptedKeyPayload;
+    QByteArray encryptedApiPayload;
+    try {
+        QSimpleCrypto::QRsa rsa;
+
+        EVP_PKEY *publicKey = nullptr;
+        try {
+            QByteArray rsaKey = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
+            QSimpleCrypto::QRsa rsa;
+            publicKey = rsa.getPublicKeyFromByteArray(rsaKey);
+        } catch (...) {
+            Utils::logException();
+            qCritical() << "error loading public key from environment variables";
+            return ErrorCode::ApiMissingAgwPublicKey;
+        }
+
+        encryptedKeyPayload = rsa.encrypt(QJsonDocument(keyPayload).toJson(), publicKey, RSA_PKCS1_PADDING);
+        EVP_PKEY_free(publicKey);
+
+        encryptedApiPayload = blockCipher.encryptAesBlockCipher(QJsonDocument(apiPayload).toJson(), key, iv, "", salt);
+    } catch (...) { // todo change error handling in QSimpleCrypto?
+        Utils::logException();
+        qCritical() << "error when encrypting the request body";
+        return ErrorCode::ApiConfigDecryptionError;
+    }
+
+    QJsonObject requestBody;
+    requestBody[configKey::keyPayload] = QString(encryptedKeyPayload.toBase64());
+    requestBody[configKey::apiPayload] = QString(encryptedApiPayload.toBase64());
+
+    QNetworkReply *reply = amnApp->networkManager()->post(request, QJsonDocument(requestBody).toJson());
+
+    QEventLoop wait;
+    connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
+
+    QList<QSslError> sslErrors;
+    connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
+    wait.exec();
+
+    QByteArray encryptedResponseBody = reply->readAll();
+
+    if (sslErrors.isEmpty() && shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
+        auto requestFunction = [&request, &encryptedResponseBody, &requestBody](const QString &url) {
+            request.setUrl(url);
+            return amnApp->networkManager()->post(request, QJsonDocument(requestBody).toJson());
+        };
+
+        auto replyProcessingFunction = [&encryptedResponseBody, &reply, &sslErrors, &key, &iv, &salt,
+                                        this](QNetworkReply *nestedReply, const QList<QSslError> &nestedSslErrors) {
+            encryptedResponseBody = nestedReply->readAll();
+            reply = nestedReply;
+            if (!sslErrors.isEmpty() || shouldBypassProxy(nestedReply, encryptedResponseBody, true, key, iv, salt)) {
+                sslErrors = nestedSslErrors;
+                return false;
+            }
+            return true;
+        };
+
+        bypassProxy(endpoint, reply, requestFunction, replyProcessingFunction);
+    }
+
+    auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, reply);
+    reply->deleteLater();
+    if (errorCode) {
+        return errorCode;
+    }
+
+    try {
+        responseBody = blockCipher.decryptAesBlockCipher(encryptedResponseBody, key, iv, "", salt);
+        return ErrorCode::NoError;
+    } catch (...) { // todo change error handling in QSimpleCrypto?
+        Utils::logException();
+        qCritical() << "error when decrypting the request body";
+        return ErrorCode::ApiConfigDecryptionError;
+    }
+}
+
+QStringList GatewayController::getProxyUrls()
+{
+    QNetworkRequest request;
+    request.setTransferTimeout(m_requestTimeoutMsecs);
+    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+
+    QEventLoop wait;
+    QList<QSslError> sslErrors;
+    QNetworkReply *reply;
+
+    QStringList proxyStorageUrls;
+    if (m_isDevEnvironment) {
+        proxyStorageUrls = QString(DEV_S3_ENDPOINT).split(", ");
+    } else {
+        proxyStorageUrls = QString(PROD_S3_ENDPOINT).split(", ");
+    }
+
+    QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
+
+    for (const auto &proxyStorageUrl : proxyStorageUrls) {
+        request.setUrl(proxyStorageUrl);
+        reply = amnApp->networkManager()->get(request);
+
+        connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
+        connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
+        wait.exec();
+
+        if (reply->error() == QNetworkReply::NetworkError::NoError) {
+            auto encryptedResponseBody = reply->readAll();
+            reply->deleteLater();
+
+            EVP_PKEY *privateKey = nullptr;
+            QByteArray responseBody;
+            try {
+                if (!m_isDevEnvironment) {
+                    QCryptographicHash hash(QCryptographicHash::Sha512);
+                    hash.addData(key);
+                    QByteArray hashResult = hash.result().toHex();
+
+                    QByteArray key = QByteArray::fromHex(hashResult.left(64));
+                    QByteArray iv = QByteArray::fromHex(hashResult.mid(64, 32));
+
+                    QByteArray ba = QByteArray::fromBase64(encryptedResponseBody);
+
+                    QSimpleCrypto::QBlockCipher blockCipher;
+                    responseBody = blockCipher.decryptAesBlockCipher(ba, key, iv);
+                } else {
+                    responseBody = encryptedResponseBody;
+                }
+            } catch (...) {
+                Utils::logException();
+                qCritical() << "error loading private key from environment variables or decrypting payload" << encryptedResponseBody;
+                continue;
+            }
+
+            auto endpointsArray = QJsonDocument::fromJson(responseBody).array();
+
+            QStringList endpoints;
+            for (const auto &endpoint : endpointsArray) {
+                endpoints.push_back(endpoint.toString());
+            }
+            return endpoints;
+        } else {
+            apiUtils::checkNetworkReplyErrors(sslErrors, reply);
+            qDebug() << "go to the next storage endpoint";
+
+            reply->deleteLater();
+        }
+    }
+    return {};
+}
+
+bool GatewayController::shouldBypassProxy(QNetworkReply *reply, const QByteArray &responseBody, bool checkEncryption, const QByteArray &key,
+                                          const QByteArray &iv, const QByteArray &salt)
+{
+    if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+        qDebug() << "timeout occurred";
+        qDebug() << reply->error();
+        return true;
+    } else if (responseBody.contains("html")) {
+        qDebug() << "the response contains an html tag";
+        return true;
+    } else if (reply->error() == QNetworkReply::NetworkError::ContentNotFoundError) {
+        if (responseBody.contains(errorResponsePattern1) || responseBody.contains(errorResponsePattern2)
+            || responseBody.contains(errorResponsePattern3)) {
+            return false;
+        } else {
+            qDebug() << reply->error();
+            return true;
+        }
+    } else if (reply->error() == QNetworkReply::NetworkError::OperationNotImplementedError) {
+        if (responseBody.contains(updateRequestResponsePattern)) {
+            return false;
+        } else {
+            qDebug() << reply->error();
+            return true;
+        }
+    } else if (reply->error() != QNetworkReply::NetworkError::NoError) {
+        qDebug() << reply->error();
+        return true;
+    } else if (checkEncryption) {
+        try {
+            QSimpleCrypto::QBlockCipher blockCipher;
+            static_cast<void>(blockCipher.decryptAesBlockCipher(responseBody, key, iv, "", salt));
+        } catch (...) {
+            qDebug() << "failed to decrypt the data";
+            return true;
+        }
+    }
+    return false;
+}
+
+void GatewayController::bypassProxy(const QString &endpoint, QNetworkReply *reply,
+                                    std::function<QNetworkReply *(const QString &url)> requestFunction,
+                                    std::function<bool(QNetworkReply *reply, const QList<QSslError> &sslErrors)> replyProcessingFunction)
+{
+    QStringList proxyUrls = getProxyUrls();
+    std::random_device randomDevice;
+    std::mt19937 generator(randomDevice());
+    std::shuffle(proxyUrls.begin(), proxyUrls.end(), generator);
+
+    QEventLoop wait;
+    QList<QSslError> sslErrors;
+    QByteArray responseBody;
+
+    for (const QString &proxyUrl : proxyUrls) {
+        qDebug() << "go to the next proxy endpoint";
+        reply->deleteLater(); // delete the previous reply
+        reply = requestFunction(endpoint.arg(proxyUrl));
+
+        QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
+        connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
+        wait.exec();
+
+        if (replyProcessingFunction(reply, sslErrors)) {
+            break;
+        }
+    }
+}

client/core/controllers/gatewayController.h

@@ -0,0 +1,37 @@
+#ifndef GATEWAYCONTROLLER_H
+#define GATEWAYCONTROLLER_H
+
+#include <QNetworkReply>
+#include <QObject>
+
+#include "core/defs.h"
+
+#ifdef Q_OS_IOS
+    #include "platforms/ios/ios_controller.h"
+#endif
+
+class GatewayController : public QObject
+{
+    Q_OBJECT
+
+public:
+    explicit GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
+                               const bool isStrictKillSwitchEnabled, QObject *parent = nullptr);
+
+    amnezia::ErrorCode get(const QString &endpoint, QByteArray &responseBody);
+    amnezia::ErrorCode post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody);
+
+private:
+    QStringList getProxyUrls();
+    bool shouldBypassProxy(QNetworkReply *reply, const QByteArray &responseBody, bool checkEncryption, const QByteArray &key = "",
+                           const QByteArray &iv = "", const QByteArray &salt = "");
+    void bypassProxy(const QString &endpoint, QNetworkReply *reply, std::function<QNetworkReply *(const QString &url)> requestFunction,
+                     std::function<bool(QNetworkReply *reply, const QList<QSslError> &sslErrors)> replyProcessingFunction);
+
+    int m_requestTimeoutMsecs;
+    QString m_gatewayEndpoint;
+    bool m_isDevEnvironment = false;
+    bool m_isStrictKillSwitchEnabled = false;
+};
+
+#endif // GATEWAYCONTROLLER_H

client/core/controllers/serverController.cpp

@@ -138,7 +138,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
 
     if (overwriteMode == libssh::ScpOverwriteMode::ScpOverwriteExisting) {
         e = runScript(credentials,
-                      replaceVars(QString("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName).arg(path),
+                      replaceVars(QStringLiteral("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName, path),
                                   genVarsForScript(credentials, container)),
                       cbReadStd, cbReadStd);
 
@@ -146,7 +146,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
             return e;
     } else if (overwriteMode == libssh::ScpOverwriteMode::ScpAppendToExisting) {
         e = runScript(credentials,
-                      replaceVars(QString("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName).arg(tmpFileName),
+                      replaceVars(QStringLiteral("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName, tmpFileName),
                                   genVarsForScript(credentials, container)),
                       cbReadStd, cbReadStd);
 
@@ -154,7 +154,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
             return e;
 
         e = runScript(credentials,
-                      replaceVars(QString("sudo docker exec -i $CONTAINER_NAME sh -c \"cat %1 >> %2\"").arg(tmpFileName).arg(path),
+                      replaceVars(QStringLiteral("sudo docker exec -i $CONTAINER_NAME sh -c \"cat %1 >> %2\"").arg(tmpFileName, path),
                                   genVarsForScript(credentials, container)),
                       cbReadStd, cbReadStd);
 
@@ -177,7 +177,7 @@ QByteArray ServerController::getTextFileFromContainer(DockerContainer container,
 
     errorCode = ErrorCode::NoError;
 
-    QString script = QString("sudo docker exec -i %1 sh -c \"xxd -p \'%2\'\"").arg(ContainerProps::containerToString(container)).arg(path);
+    QString script = QStringLiteral("sudo docker exec -i %1 sh -c \"xxd -p '%2'\"").arg(ContainerProps::containerToString(container), path);
 
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -349,7 +349,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
         if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
              != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
             || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
-             != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
+                != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
             || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
                 != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
             || (oldProtoConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize)
@@ -366,8 +366,13 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
                 != newProtoConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader))
             || (oldProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader)
                 != newProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader))
-            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)
+            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
-                != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)))
+                    != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
+            // || (oldProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize)
+            //     != newProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize))
+            // || (oldProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)
+            //     != newProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize))
+
             return true;
     }
 
@@ -375,7 +380,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
         if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
              != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
             || (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
-            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
+                != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
             return true;
     }
 
@@ -383,6 +388,13 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
         return true;
     }
 
+    if (container == DockerContainer::Xray) {
+        if (oldProtoConfig.value(config_key::port).toString(protocols::xray::defaultPort)
+            != newProtoConfig.value(config_key::port).toString(protocols::xray::defaultPort)) {
+            return true;
+        }
+    }
+
     return false;
 }
 
@@ -439,15 +451,24 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
         stdOut += data + "\n";
         return ErrorCode::NoError;
     };
+    auto cbReadStdErr = [&](const QString &data, libssh::Client &) {
+        stdOut += data + "\n";
+        return ErrorCode::NoError;
+    };
 
-    errorCode =
+    ErrorCode error =
             runScript(credentials,
                       replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
-                      cbReadStdOut);
+                      cbReadStdOut, cbReadStdErr);
-    if (errorCode)
-        return errorCode;
 
-    return errorCode;
+    if (stdOut.contains("doesn't work on cgroups v2"))
+        return ErrorCode::ServerDockerOnCgroupsV2;
+    if (stdOut.contains("cgroup mountpoint does not exist"))
+        return ErrorCode::ServerCgroupMountpoint;
+    if (stdOut.contains("have reached") && stdOut.contains("pull rate limit"))
+        return ErrorCode::DockerPullRateLimit;
+
+    return error;
 }
 
 ErrorCode ServerController::runContainerWorker(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config)
@@ -625,6 +646,9 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
     vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });
 
+    vars.append({ { "$COOKIE_REPLY_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::cookieReplyPacketJunkSize).toString() } });
+    vars.append({ { "$TRANSPORT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::transportPacketJunkSize).toString() } });
+
     // Socks5 proxy vars
     vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
     auto username = socks5ProxyConfig.value(config_key::userName).toString();
@@ -709,7 +733,7 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
     QString transportProto = containerConfig.value(config_key::transport_proto).toString(defaultTransportProto);
 
     // TODO reimplement with netstat
-    QString script = QString("which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
+    QString script = QString("which lsof > /dev/null 2>&1 || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
     for (auto &port : fixedPorts) {
         script = script.append("|:%1").arg(port);
     }
@@ -757,10 +781,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
 
 ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container)
 {
-    if (credentials.userName == "root") {
-        return ErrorCode::NoError;
-    }
-
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
         stdOut += data + "\n";
@@ -774,8 +794,16 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
     const QString scriptData = amnezia::scriptData(SharedScriptType::check_user_in_sudo);
     ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr);
 
-    if (!stdOut.contains("sudo"))
+    if (credentials.userName != "root" && stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found"))
+        return ErrorCode::ServerSudoPackageIsNotPreinstalled;
+    if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel"))
         return ErrorCode::ServerUserNotInSudo;
+    if (stdOut.contains("can't cd to") || stdOut.contains("Permission denied") || stdOut.contains("No such file or directory"))
+        return ErrorCode::ServerUserDirectoryNotAccessible;
+    if (stdOut.contains("sudoers") || stdOut.contains("is not allowed to run sudo on"))
+        return ErrorCode::ServerUserNotAllowedInSudoers;
+    if (stdOut.contains("password is required"))
+        return ErrorCode::ServerUserPasswordRequired;
 
     return error;
 }
@@ -807,7 +835,7 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential
 
             if (stdOut.contains("Packet manager not found"))
                 return ErrorCode::ServerPacketManagerError;
-            if (stdOut.contains("fuser not installed"))
+            if (stdOut.contains("fuser not installed") || stdOut.contains("cat not installed"))
                 return ErrorCode::NoError;
 
             if (stdOut.isEmpty()) {

client/core/controllers/vpnConfigurationController.cpp

@@ -77,8 +77,7 @@ ErrorCode VpnConfigurationsController::createProtocolConfigString(const bool isA
 }
 
 QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QString, QString> &dns, const QJsonObject &serverConfig,
-                                                                const QJsonObject &containerConfig, const DockerContainer container,
+                                                                const QJsonObject &containerConfig, const DockerContainer container)
-                                                                ErrorCode &errorCode)
 {
     QJsonObject vpnConfiguration {};
 
@@ -103,7 +102,8 @@ QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QStr
         if (container == DockerContainer::Awg || container == DockerContainer::WireGuard) {
             // add mtu for old configs
             if (vpnConfigData[config_key::mtu].toString().isEmpty()) {
-                vpnConfigData[config_key::mtu] = container == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
+                vpnConfigData[config_key::mtu] =
+                        container == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
             }
         }
 

client/core/controllers/vpnConfigurationController.h

@@ -12,7 +12,8 @@ class VpnConfigurationsController : public QObject
 {
     Q_OBJECT
 public:
-    explicit VpnConfigurationsController(const std::shared_ptr<Settings> &settings, QSharedPointer<ServerController> serverController, QObject *parent = nullptr);
+    explicit VpnConfigurationsController(const std::shared_ptr<Settings> &settings, QSharedPointer<ServerController> serverController,
+                                         QObject *parent = nullptr);
 
 public slots:
     ErrorCode createProtocolConfigForContainer(const ServerCredentials &credentials, const DockerContainer container,
@@ -21,7 +22,7 @@ public slots:
                                          const DockerContainer container, const QJsonObject &containerConfig, const Proto protocol,
                                          QString &protocolConfigString);
     QJsonObject createVpnConfiguration(const QPair<QString, QString> &dns, const QJsonObject &serverConfig,
-                                       const QJsonObject &containerConfig, const DockerContainer container, ErrorCode &errorCode);
+                                       const QJsonObject &containerConfig, const DockerContainer container);
 
     static void updateContainerConfigAfterInstallation(const DockerContainer container, QJsonObject &containerConfig, const QString &stdOut);
 signals:

client/core/defs.h

@@ -6,9 +6,6 @@
 
 namespace amnezia
 {
-
-    constexpr const qint16 qrMagicCode = 1984;
-
     struct ServerCredentials
     {
         QString hostName;
@@ -47,6 +44,7 @@ namespace amnezia
         InternalError = 101,
         NotImplementedError = 102,
         AmneziaServiceNotRunning = 103,
+        NotSupportedOnThisPlatform = 104,
 
         // Server errors
         ServerCheckFailed = 200,
@@ -56,6 +54,13 @@ namespace amnezia
         ServerCancelInstallation = 204,
         ServerUserNotInSudo = 205,
         ServerPacketManagerError = 206,
+        ServerSudoPackageIsNotPreinstalled = 207,
+        ServerUserDirectoryNotAccessible = 208,
+        ServerUserNotAllowedInSudoers = 209,
+        ServerUserPasswordRequired = 210,
+        ServerDockerOnCgroupsV2 = 211,
+        ServerCgroupMountpoint = 212,
+        DockerPullRateLimit = 213,
 
         // Ssh connection errors
         SshRequestDeniedError = 300,
@@ -97,6 +102,7 @@ namespace amnezia
         // import and install errors
         ImportInvalidConfigError = 900,
         ImportOpenConfigError = 901,
+        NoInstalledContainersError = 902,
 
         // Android errors
         AndroidError = 1000,
@@ -110,6 +116,10 @@ namespace amnezia
         ApiMissingAgwPublicKey = 1105,
         ApiConfigDecryptionError = 1106,
         ApiServicesMissingError = 1107,
+        ApiConfigLimitError = 1108,
+        ApiNotFoundError = 1109,
+        ApiMigrationError = 1110,
+        ApiUpdateRequestError = 1111,
 
         // QFile errors
         OpenError = 1200,

client/core/enums/apiEnums.h

@@ -1,9 +0,0 @@
-#ifndef APIENUMS_H
-#define APIENUMS_H
-
-enum ApiConfigSources {
-    Telegram = 1,
-    AmneziaGateway
-};
-
-#endif // APIENUMS_H

client/core/errorstrings.cpp

@@ -12,6 +12,7 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::UnknownError): errorMessage = QObject::tr("Unknown error"); break;
     case(ErrorCode::NotImplementedError): errorMessage = QObject::tr("Function not implemented"); break;
     case(ErrorCode::AmneziaServiceNotRunning): errorMessage = QObject::tr("Background service is not running"); break;
+    case(ErrorCode::NotSupportedOnThisPlatform): errorMessage = QObject::tr("The selected protocol is not supported on the current platform"); break;
 
     // Server errors
     case(ErrorCode::ServerCheckFailed): errorMessage = QObject::tr("Server check failed"); break;
@@ -19,8 +20,15 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
     case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
     case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
-    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
+    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break;
-    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;
+    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break;
+    case(ErrorCode::ServerSudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed on the server"); break;
+    case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break;
+    case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break;
+    case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
+    case(ErrorCode::ServerDockerOnCgroupsV2): errorMessage = QObject::tr("Docker error: runc doesn't work on cgroups v2"); break;
+    case(ErrorCode::ServerCgroupMountpoint): errorMessage = QObject::tr("Server error: cgroup mountpoint does not exist"); break;
+    case(ErrorCode::DockerPullRateLimit): errorMessage = QObject::tr("Docker error: The pull rate limit has been reached"); break;
 
     // Libssh errors
     case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
@@ -51,6 +59,7 @@ QString errorString(ErrorCode code) {
 
     case (ErrorCode::ImportInvalidConfigError): errorMessage = QObject::tr("The config does not contain any containers and credentials for connecting to the server"); break;
     case (ErrorCode::ImportOpenConfigError): errorMessage = QObject::tr("Unable to open config file"); break;
+    case(ErrorCode::NoInstalledContainersError): errorMessage = QObject::tr("VPN Protocols is not installed.\n Please install VPN container at first"); break;
 
     // Android errors
     case (ErrorCode::AndroidError): errorMessage = QObject::tr("VPN connection error"); break;
@@ -64,6 +73,10 @@ QString errorString(ErrorCode code) {
     case (ErrorCode::ApiMissingAgwPublicKey): errorMessage = QObject::tr("Missing AGW public key"); break;
     case (ErrorCode::ApiConfigDecryptionError): errorMessage = QObject::tr("Failed to decrypt response payload"); break;
     case (ErrorCode::ApiServicesMissingError): errorMessage = QObject::tr("Missing list of available services"); break;
+    case (ErrorCode::ApiConfigLimitError): errorMessage = QObject::tr("The limit of allowed configurations per subscription has been exceeded"); break;
+    case (ErrorCode::ApiNotFoundError): errorMessage = QObject::tr("Error when retrieving configuration from API"); break;
+    case (ErrorCode::ApiMigrationError): errorMessage = QObject::tr("A migration error has occurred. Please contact our technical support"); break;
+    case (ErrorCode::ApiUpdateRequestError): errorMessage = QObject::tr("Please update the application to use this feature"); break;
 
     // QFile errors
     case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;

client/core/networkUtilities.cpp

@@ -12,6 +12,7 @@
     #include <winsock.h>
     #include <QNetworkInterface>
     #include "qendian.h"
+    #include <QSettings>
 #endif
 #ifdef Q_OS_LINUX
     #include <arpa/inet.h>
@@ -185,6 +186,17 @@ int NetworkUtilities::AdapterIndexTo(const QHostAddress& dst) {
     return 0;
 }
 
+bool NetworkUtilities::checkIpv6Enabled() {
+#ifdef Q_OS_WIN
+    QSettings RegHLM("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters",
+                     QSettings::NativeFormat);
+    int ret = RegHLM.value("DisabledComponents", 0).toInt();
+    qDebug() << "Check for Windows disabled IPv6 return " << ret;
+    return (ret != 255);
+#endif
+    return true;
+}
+
 #ifdef Q_OS_WIN
 DWORD GetAdaptersAddressesWrapper(const ULONG Family,
                                   const ULONG Flags,

client/core/networkUtilities.h

@@ -5,6 +5,7 @@
 #include <QRegExp>
 #include <QString>
 #include <QHostAddress>
+#include <QNetworkReply>
 
 
 class NetworkUtilities : public QObject
@@ -15,6 +16,7 @@ public:
     static QString getStringBetween(const QString &s, const QString &a, const QString &b);
     static bool checkIPv4Format(const QString &ip);
     static bool checkIpSubnetFormat(const QString &ip);
+    static bool checkIpv6Enabled();
     static QString getGatewayAndIface();
     // Returns the Interface Index that could Route to dst
     static int AdapterIndexTo(const QHostAddress& dst);
@@ -28,9 +30,7 @@ public:
 
     static QString netMaskFromIpWithSubnet(const QString ip);
     static QString ipAddressFromIpWithSubnet(const QString ip);
-
     static QStringList summarizeRoutes(const QStringList &ips, const QString cidr);
-
 };
 
 #endif // NETWORKUTILITIES_H

client/core/qrCodeUtils.cpp

@@ -0,0 +1,35 @@
+#include "qrCodeUtils.h"
+
+#include <QIODevice>
+#include <QList>
+
+QList<QString> qrCodeUtils::generateQrCodeImageSeries(const QByteArray &data)
+{
+    double k = 850;
+
+    quint8 chunksCount = std::ceil(data.size() / k);
+    QList<QString> chunks;
+    for (int i = 0; i < data.size(); i = i + k) {
+        QByteArray chunk;
+        QDataStream s(&chunk, QIODevice::WriteOnly);
+        s << qrCodeUtils::qrMagicCode << chunksCount << (quint8)std::round(i / k) << data.mid(i, k);
+
+        QByteArray ba = chunk.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+
+        qrcodegen::QrCode qr = qrcodegen::QrCode::encodeText(ba, qrcodegen::QrCode::Ecc::LOW);
+        QString svg = QString::fromStdString(toSvgString(qr, 1));
+        chunks.append(svgToBase64(svg));
+    }
+
+    return chunks;
+}
+
+QString qrCodeUtils::svgToBase64(const QString &image)
+{
+    return "data:image/svg;base64," + QString::fromLatin1(image.toUtf8().toBase64().data());
+}
+
+qrcodegen::QrCode qrCodeUtils::generateQrCode(const QByteArray &data)
+{
+    return qrcodegen::QrCode::encodeText(data, qrcodegen::QrCode::Ecc::LOW);
+}

client/core/qrCodeUtils.h

@@ -0,0 +1,17 @@
+#ifndef QRCODEUTILS_H
+#define QRCODEUTILS_H
+
+#include <QString>
+
+#include "qrcodegen.hpp"
+
+namespace qrCodeUtils
+{
+    constexpr const qint16 qrMagicCode = 1984;
+
+    QList<QString> generateQrCodeImageSeries(const QByteArray &data);
+    qrcodegen::QrCode generateQrCode(const QByteArray &data);
+    QString svgToBase64(const QString &image);
+};
+
+#endif // QRCODEUTILS_H

client/daemon/daemon.cpp

@@ -149,8 +149,7 @@ bool Daemon::activate(const InterfaceConfig& config) {
   // set routing
   for (const IPAddress& ip : config.m_allowedIPAddressRanges) {
     if (!wgutils()->updateRoutePrefix(ip)) {
-      logger.debug() << "Routing configuration failed for"
+      logger.debug() << "Routing configuration failed for" << ip.toString();
-                     << logger.sensitive(ip.toString());
       return false;
     }
   }
@@ -170,11 +169,14 @@ bool Daemon::maybeUpdateResolvers(const InterfaceConfig& config) {
   if ((config.m_hopType == InterfaceConfig::MultiHopExit) ||
       (config.m_hopType == InterfaceConfig::SingleHop)) {
     QList<QHostAddress> resolvers;
-    resolvers.append(QHostAddress(config.m_dnsServer));
+    resolvers.append(QHostAddress(config.m_primaryDnsServer));
+    if (!config.m_secondaryDnsServer.isEmpty()) {
+        resolvers.append(QHostAddress(config.m_secondaryDnsServer));
+    }
 
     // If the DNS is not the Gateway, it's a user defined DNS
     // thus, not add any other :)
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
       resolvers.append(QHostAddress(config.m_serverIpv6Gateway));
     }
 
@@ -280,15 +282,26 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   config.m_serverIpv4Gateway = obj.value("serverIpv4Gateway").toString();
   config.m_serverIpv6Gateway = obj.value("serverIpv6Gateway").toString();
 
-  if (!obj.contains("dnsServer")) {
+  if (!obj.contains("primaryDnsServer")) {
-    config.m_dnsServer = QString();
+    config.m_primaryDnsServer = QString();
   } else {
-    QJsonValue value = obj.value("dnsServer");
+    QJsonValue value = obj.value("primaryDnsServer");
     if (!value.isString()) {
       logger.error() << "dnsServer is not a string";
       return false;
     }
-    config.m_dnsServer = value.toString();
+    config.m_primaryDnsServer = value.toString();
+  }
+
+  if (!obj.contains("secondaryDnsServer")) {
+    config.m_secondaryDnsServer = QString();
+  } else {
+    QJsonValue value = obj.value("secondaryDnsServer");
+    if (!value.isString()) {
+      logger.error() << "dnsServer is not a string";
+      return false;
+    }
+    config.m_secondaryDnsServer = value.toString();
   }
 
   if (!obj.contains("hopType")) {
@@ -371,6 +384,9 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   if (!parseStringList(obj, "vpnDisabledApps", config.m_vpnDisabledApps)) {
     return false;
   }
+  if (!parseStringList(obj, "allowedDnsServers", config.m_allowedDnsServers)) {
+    return false;
+  }
 
   config.m_killSwitchEnabled = QVariant(obj.value("killSwitchOption").toString()).toBool();
 
@@ -389,6 +405,13 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   if (!obj.value("S2").isNull()) {
     config.m_responsePacketJunkSize = obj.value("S2").toString();
   }
+  if (!obj.value("S3").isNull()) {
+    config.m_cookieReplyPacketJunkSize = obj.value("S3").toString();
+  }
+  if (!obj.value("S4").isNull()) {
+    config.m_transportPacketJunkSize = obj.value("S4").toString();
+  }
+
   if (!obj.value("H1").isNull()) {
     config.m_initPacketMagicHeader = obj.value("H1").toString();
   }
@@ -402,6 +425,34 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
     config.m_transportPacketMagicHeader = obj.value("H4").toString();
   }
 
+  if (!obj.value("I1").isNull()) {
+    config.m_specialJunk["I1"] = obj.value("I1").toString();
+  }
+  if (!obj.value("I2").isNull()) {
+    config.m_specialJunk["I2"] = obj.value("I2").toString();
+  }
+  if (!obj.value("I3").isNull()) {
+    config.m_specialJunk["I3"] = obj.value("I3").toString();
+  }
+  if (!obj.value("I4").isNull()) {
+    config.m_specialJunk["I4"] = obj.value("I4").toString();
+  }
+  if (!obj.value("I5").isNull()) {
+    config.m_specialJunk["I5"] = obj.value("I5").toString();
+  }
+  if (!obj.value("J1").isNull()) {
+    config.m_controlledJunk["J1"] = obj.value("J1").toString();
+  }
+  if (!obj.value("J2").isNull()) {
+    config.m_controlledJunk["J2"] = obj.value("J2").toString();
+  }
+  if (!obj.value("J3").isNull()) {
+    config.m_controlledJunk["J3"] = obj.value("J3").toString();
+  }
+  if (!obj.value("Itime").isNull()) {
+    config.m_specialHandshakeTimeout = obj.value("Itime").toString();
+  }
+
   return true;
 }
 

client/daemon/interfaceconfig.cpp

@@ -28,7 +28,8 @@ QJsonObject InterfaceConfig::toJson() const {
       (m_hopType == InterfaceConfig::SingleHop)) {
     json.insert("serverIpv4Gateway", QJsonValue(m_serverIpv4Gateway));
     json.insert("serverIpv6Gateway", QJsonValue(m_serverIpv6Gateway));
-    json.insert("dnsServer", QJsonValue(m_dnsServer));
+    json.insert("primaryDnsServer", QJsonValue(m_primaryDnsServer));
+    json.insert("secondaryDnsServer", QJsonValue(m_secondaryDnsServer));
   }
 
   QJsonArray allowedIPAddesses;
@@ -48,6 +49,13 @@ QJsonObject InterfaceConfig::toJson() const {
   }
   json.insert("excludedAddresses", jsExcludedAddresses);
 
+
+  QJsonArray jsAllowedDnsServers;
+  for (const QString& i : m_allowedDnsServers) {
+    jsAllowedDnsServers.append(QJsonValue(i));
+  }
+  json.insert("allowedDnsServers", jsAllowedDnsServers);
+
   QJsonArray disabledApps;
   for (const QString& i : m_vpnDisabledApps) {
     disabledApps.append(QJsonValue(i));
@@ -93,11 +101,15 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
     out << "MTU = " << m_deviceMTU << "\n";
   }
 
-  if (!m_dnsServer.isNull()) {
+  if (!m_primaryDnsServer.isNull()) {
-    QStringList dnsServers(m_dnsServer);
+    QStringList dnsServers;
+    dnsServers.append(m_primaryDnsServer);
+    if (!m_secondaryDnsServer.isNull()) {
+        dnsServers.append(m_secondaryDnsServer);
+    }
     // If the DNS is not the Gateway, it's a user defined DNS
     // thus, not add any other :)
-    if (m_dnsServer == m_serverIpv4Gateway) {
+    if (m_primaryDnsServer == m_serverIpv4Gateway) {
       dnsServers.append(m_serverIpv6Gateway);
     }
     out << "DNS = " << dnsServers.join(", ") << "\n";
@@ -118,6 +130,12 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
   if (!m_responsePacketJunkSize.isNull()) {
     out << "S2 = " << m_responsePacketJunkSize << "\n";
   }
+  if (!m_cookieReplyPacketJunkSize.isNull()) {
+    out << "S3 = " << m_cookieReplyPacketJunkSize << "\n";
+  }
+  if (!m_transportPacketJunkSize.isNull()) {
+    out << "S4 = " << m_transportPacketJunkSize << "\n";
+  }
   if (!m_initPacketMagicHeader.isNull()) {
     out << "H1 = " << m_initPacketMagicHeader << "\n";
   }
@@ -131,6 +149,16 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
     out << "H4 = " << m_transportPacketMagicHeader << "\n";
   }
 
+  for (const QString& key : m_specialJunk.keys()) {
+    out << key << " = " << m_specialJunk[key] << "\n";
+  }
+  for (const QString& key : m_controlledJunk.keys()) {
+    out << key << " = " << m_controlledJunk[key] << "\n";
+  }
+  if (!m_specialHandshakeTimeout.isNull()) {
+    out << "Itime = " << m_specialHandshakeTimeout << "\n";
+  }
+
   // If any extra config was provided, append it now.
   for (const QString& key : extra.keys()) {
     out << key << " = " << extra[key] << "\n";

client/daemon/interfaceconfig.h

@@ -6,6 +6,7 @@
 #define INTERFACECONFIG_H
 
 #include <QList>
+#include <QMap>
 #include <QString>
 
 #include "ipaddress.h"
@@ -31,12 +32,14 @@ class InterfaceConfig {
   QString m_serverIpv4AddrIn;
   QString m_serverPskKey;
   QString m_serverIpv6AddrIn;
-  QString m_dnsServer;
+  QString m_primaryDnsServer;
+  QString m_secondaryDnsServer;
   int m_serverPort = 0;
   int m_deviceMTU = 1420;
   QList<IPAddress> m_allowedIPAddressRanges;
   QStringList m_excludedAddresses;
   QStringList m_vpnDisabledApps;
+  QStringList m_allowedDnsServers;
   bool m_killSwitchEnabled;
 #if defined(MZ_ANDROID) || defined(MZ_IOS)
   QString m_installationId;
@@ -47,10 +50,15 @@ class InterfaceConfig {
   QString m_junkPacketMaxSize;
   QString m_initPacketJunkSize;
   QString m_responsePacketJunkSize;
+  QString m_cookieReplyPacketJunkSize;
+  QString m_transportPacketJunkSize;
   QString m_initPacketMagicHeader;
   QString m_responsePacketMagicHeader;
   QString m_underloadPacketMagicHeader;
   QString m_transportPacketMagicHeader;
+  QMap<QString, QString> m_specialJunk;
+  QMap<QString, QString> m_controlledJunk;
+  QString m_specialHandshakeTimeout;
 
   QJsonObject toJson() const;
   QString toWgConf(

client/images/controls/monitor.svg

@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M20 3H4C2.89543 3 2 3.89543 2 5V15C2 16.1046 2.89543 17 4 17H20C21.1046 17 22 16.1046 22 15V5C22 3.89543 21.1046 3 20 3Z" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M8 21H16" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M12 17V21" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

client/ios/networkextension/CMakeLists.txt

@@ -26,10 +26,22 @@ set_target_properties(networkextension PROPERTIES
     XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
 
     XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks"
-
-    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
 )
 
+if(DEPLOY)
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "distr ios.org.amnezia.AmneziaVPN"
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "dev ios.org.amnezia.AmneziaVPN"
+    )
+else()
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    )
+endif()
+
 set_target_properties(networkextension PROPERTIES
     XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
     XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"

client/mozilla/localsocketcontroller.cpp

@@ -123,6 +123,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   int appSplitTunnelType = rawConfig.value(amnezia::config_key::appSplitTunnelType).toInt();
   QJsonArray splitTunnelApps = rawConfig.value(amnezia::config_key::splitTunnelApps).toArray();
+  QJsonArray allowedDns = rawConfig.value(amnezia::config_key::allowedDnsServers).toArray();
 
   QJsonObject wgConfig = rawConfig.value(protocolName + "_config_data").toObject();
 
@@ -148,7 +149,14 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
   json.insert("serverPort", wgConfig.value(amnezia::config_key::port).toInt());
   json.insert("serverIpv4Gateway", wgConfig.value(amnezia::config_key::hostName));
   //  json.insert("serverIpv6Gateway", QJsonValue(hop.m_server.ipv6Gateway()));
-  json.insert("dnsServer", rawConfig.value(amnezia::config_key::dns1));
+
+  json.insert("primaryDnsServer", rawConfig.value(amnezia::config_key::dns1));
+
+  // We don't use secondary DNS if primary DNS is AmneziaDNS
+  if (!rawConfig.value(amnezia::config_key::dns1).toString().
+    contains(amnezia::protocols::dns::amneziaDnsIp)) {
+    json.insert("secondaryDnsServer", rawConfig.value(amnezia::config_key::dns2));
+  }
 
   QJsonArray jsAllowedIPAddesses;
 
@@ -226,6 +234,8 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   json.insert("vpnDisabledApps", splitTunnelApps);
 
+  json.insert("allowedDnsServers", allowedDns);
+
   json.insert(amnezia::config_key::killSwitchOption, rawConfig.value(amnezia::config_key::killSwitchOption));
 
   if (protocolName == amnezia::config_key::awg) {
@@ -234,28 +244,61 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
     json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
     json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
     json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
+    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
+    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
     json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
     json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
     json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
     json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
+    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
+    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
+    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
+    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
+    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
   } else if (!wgConfig.value(amnezia::config_key::junkPacketCount).isUndefined()
              && !wgConfig.value(amnezia::config_key::junkPacketMinSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::junkPacketMaxSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::initPacketJunkSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::responsePacketJunkSize).isUndefined()
+             && !wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize).isUndefined()
+             && !wgConfig.value(amnezia::config_key::transportPacketJunkSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::initPacketMagicHeader).isUndefined()
              && !wgConfig.value(amnezia::config_key::responsePacketMagicHeader).isUndefined()
              && !wgConfig.value(amnezia::config_key::underloadPacketMagicHeader).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()) {
+             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk4).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk5).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialHandshakeTimeout).isUndefined()) {
     json.insert(amnezia::config_key::junkPacketCount, wgConfig.value(amnezia::config_key::junkPacketCount));
     json.insert(amnezia::config_key::junkPacketMinSize, wgConfig.value(amnezia::config_key::junkPacketMinSize));
     json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
     json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
     json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
+    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
+    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
     json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
     json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
     json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
     json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
+    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
+    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
+    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
+    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
+    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
   }
 
   write(json);

client/platforms/ios/ScreenProtection.swift

@@ -14,10 +14,15 @@ extension UIApplication {
   var keyWindows: [UIWindow] {
     connectedScenes
       .compactMap {
+        guard let windowScene = $0 as? UIWindowScene else { return nil }
         if #available(iOS 15.0, *) {
-          ($0 as? UIWindowScene)?.keyWindow
+          guard let keywindow = windowScene.keyWindow else {
+            windowScene.windows.first?.makeKey()
+            return windowScene.windows.first
+          }
+          return keywindow
         } else {
-          ($0 as? UIWindowScene)?.windows.first { $0.isKeyWindow }
+          return windowScene.windows.first { $0.isKeyWindow }
         }
       }
   }

client/platforms/ios/WGConfig.swift

@@ -4,7 +4,10 @@ struct WGConfig: Decodable {
   let initPacketMagicHeader, responsePacketMagicHeader: String?
   let underloadPacketMagicHeader, transportPacketMagicHeader: String?
   let junkPacketCount, junkPacketMinSize, junkPacketMaxSize: String?
-  let initPacketJunkSize, responsePacketJunkSize: String?
+  let initPacketJunkSize, responsePacketJunkSize, cookieReplyPacketJunkSize, transportPacketJunkSize: String?
+  let specialJunk1, specialJunk2, specialJunk3, specialJunk4, specialJunk5: String?
+  let controlledJunk1, controlledJunk2, controlledJunk3: String?
+  let specialHandshakeTimeout: String?
   let dns1: String
   let dns2: String
   let mtu: String
@@ -23,7 +26,10 @@ struct WGConfig: Decodable {
     case initPacketMagicHeader = "H1", responsePacketMagicHeader = "H2"
     case underloadPacketMagicHeader = "H3", transportPacketMagicHeader = "H4"
     case junkPacketCount = "Jc", junkPacketMinSize = "Jmin", junkPacketMaxSize = "Jmax"
-    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2"
+    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2", cookieReplyPacketJunkSize = "S3", transportPacketJunkSize = "S4"
+    case specialJunk1 = "I1", specialJunk2 = "I2", specialJunk3 = "I3", specialJunk4 = "I4", specialJunk5 = "I5"
+    case controlledJunk1 = "J1", controlledJunk2 = "J2", controlledJunk3 = "J3"
+    case specialHandshakeTimeout = "Itime"
     case dns1
     case dns2
     case mtu
@@ -40,19 +46,59 @@ struct WGConfig: Decodable {
   }
 
   var settings: String {
-    junkPacketCount == nil ? "" :
+    guard junkPacketCount != nil else { return "" }
-    """
-    Jc = \(junkPacketCount!)
-    Jmin = \(junkPacketMinSize!)
-    Jmax = \(junkPacketMaxSize!)
-    S1 = \(initPacketJunkSize!)
-    S2 = \(responsePacketJunkSize!)
-    H1 = \(initPacketMagicHeader!)
-    H2 = \(responsePacketMagicHeader!)
-    H3 = \(underloadPacketMagicHeader!)
-    H4 = \(transportPacketMagicHeader!)
     
-    """
+    var settingsLines: [String] = []
+    
+    // Required parameters when junkPacketCount is present
+    settingsLines.append("Jc = \(junkPacketCount!)")
+    settingsLines.append("Jmin = \(junkPacketMinSize!)")
+    settingsLines.append("Jmax = \(junkPacketMaxSize!)")
+    settingsLines.append("S1 = \(initPacketJunkSize!)")
+    settingsLines.append("S2 = \(responsePacketJunkSize!)")
+    
+    settingsLines.append("H1 = \(initPacketMagicHeader!)")
+    settingsLines.append("H2 = \(responsePacketMagicHeader!)")
+    settingsLines.append("H3 = \(underloadPacketMagicHeader!)")
+    settingsLines.append("H4 = \(transportPacketMagicHeader!)")
+
+    // Optional parameters - only add if not nil and not empty
+    if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty {
+      settingsLines.append("S3 = \(s3)")
+    }
+    if let s4 = transportPacketJunkSize, !s4.isEmpty {
+      settingsLines.append("S4 = \(s4)")
+    }
+    
+    if let i1 = specialJunk1, !i1.isEmpty {
+      settingsLines.append("I1 = \(i1)")
+    }
+    if let i2 = specialJunk2, !i2.isEmpty {
+      settingsLines.append("I2 = \(i2)")
+    }
+    if let i3 = specialJunk3, !i3.isEmpty {
+      settingsLines.append("I3 = \(i3)")
+    }
+    if let i4 = specialJunk4, !i4.isEmpty {
+      settingsLines.append("I4 = \(i4)")
+    }
+    if let i5 = specialJunk5, !i5.isEmpty {
+      settingsLines.append("I5 = \(i5)")
+    }
+    if let j1 = controlledJunk1, !j1.isEmpty {
+      settingsLines.append("J1 = \(j1)")
+    }
+    if let j2 = controlledJunk2, !j2.isEmpty {
+      settingsLines.append("J2 = \(j2)")
+    }
+    if let j3 = controlledJunk3, !j3.isEmpty {
+      settingsLines.append("J3 = \(j3)")
+    }
+    if let itime = specialHandshakeTimeout, !itime.isEmpty {
+      settingsLines.append("Itime = \(itime)")
+    }
+    
+    return settingsLines.joined(separator: "\n")
   }
 
   var str: String {

client/platforms/ios/ios_controller.mm

@@ -507,6 +507,8 @@ bool IosController::setupWireGuard()
 
         wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
         wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
+        wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
+        wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
 
         wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
         wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
@@ -605,11 +607,23 @@ bool IosController::setupAwg()
 
     wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
     wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
+    wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
+    wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
 
     wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
     wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
     wgConfig.insert(config_key::junkPacketMaxSize, config[config_key::junkPacketMaxSize]);
 
+    wgConfig.insert(config_key::specialJunk1, config[config_key::specialJunk1]);
+    wgConfig.insert(config_key::specialJunk2, config[config_key::specialJunk2]);
+    wgConfig.insert(config_key::specialJunk3, config[config_key::specialJunk3]);
+    wgConfig.insert(config_key::specialJunk4, config[config_key::specialJunk4]);
+    wgConfig.insert(config_key::specialJunk5, config[config_key::specialJunk5]);
+    wgConfig.insert(config_key::controlledJunk1, config[config_key::controlledJunk1]);
+    wgConfig.insert(config_key::controlledJunk2, config[config_key::controlledJunk2]);
+    wgConfig.insert(config_key::controlledJunk3, config[config_key::controlledJunk3]);
+    wgConfig.insert(config_key::specialHandshakeTimeout, config[config_key::specialHandshakeTimeout]);
+
     QJsonDocument wgConfigDoc(wgConfig);
     QString wgConfigDocStr(wgConfigDoc.toJson(QJsonDocument::Compact));
 

client/platforms/linux/daemon/iputilslinux.cpp

@@ -31,7 +31,9 @@ IPUtilsLinux::~IPUtilsLinux() {
 }
 
 bool IPUtilsLinux::addInterfaceIPs(const InterfaceConfig& config) {
-  return addIP4AddressToDevice(config) && addIP6AddressToDevice(config);
+  bool ret = addIP4AddressToDevice(config);
+  addIP6AddressToDevice(config);
+  return ret;
 }
 
 bool IPUtilsLinux::setMTUAndUp(const InterfaceConfig& config) {
@@ -95,7 +97,7 @@ bool IPUtilsLinux::addIP4AddressToDevice(const InterfaceConfig& config) {
   // Set ifr to interface
   int ret = ioctl(sockfd, SIOCSIFADDR, &ifr);
   if (ret) {
-    logger.error() << "Failed to set IPv4: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv4: " << deviceAddr
                    << "error:" << strerror(errno);
     return false;
   }
@@ -136,7 +138,7 @@ bool IPUtilsLinux::addIP6AddressToDevice(const InterfaceConfig& config) {
   // Set ifr6 to the interface
   ret = ioctl(sockfd, SIOCSIFADDR, &ifr6);
   if (ret && (errno != EEXIST)) {
-    logger.error() << "Failed to set IPv6: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv6: " << deviceAddr
                    << "error:" << strerror(errno);
     return false;
   }

client/platforms/linux/daemon/linuxfirewall.cpp

@@ -455,9 +455,6 @@ void LinuxFirewall::updateDNSServers(const QStringList& servers)
 
 void LinuxFirewall::updateAllowNets(const QStringList& servers)
 {
-    static QStringList existingServers {};
-
-    existingServers = servers;
     execute(QStringLiteral("iptables -F %1.110.allowNets").arg(kAnchorName));
     for (const QString& rule : getAllowRule(servers))
         execute(QStringLiteral("iptables -A %1.110.allowNets %2").arg(kAnchorName, rule));

client/platforms/linux/daemon/wireguardutilslinux.cpp

@@ -17,6 +17,8 @@
 #include "leakdetector.h"
 #include "logger.h"
 
+#include "killswitch.h"
+
 constexpr const int WG_TUN_PROC_TIMEOUT = 5000;
 constexpr const char* WG_RUNTIME_DIR = "/var/run/amneziawg";
 
@@ -119,6 +121,12 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
     if (!config.m_responsePacketJunkSize.isEmpty()) {
         out << "s2=" << config.m_responsePacketJunkSize << "\n";
     }
+    if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
+        out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
+    }
+    if (!config.m_transportPacketJunkSize.isEmpty()) {
+        out << "s4=" << config.m_transportPacketJunkSize << "\n";
+    }
     if (!config.m_initPacketMagicHeader.isEmpty()) {
         out << "h1=" << config.m_initPacketMagicHeader << "\n";
     }
@@ -132,13 +140,26 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
         out << "h4=" << config.m_transportPacketMagicHeader << "\n";
     }
 
+    for (const QString& key : config.m_specialJunk.keys()) {
+        out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
+    }
+    for (const QString& key : config.m_controlledJunk.keys()) {
+        out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+    }
+    if (!config.m_specialHandshakeTimeout.isEmpty()) {
+        out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+    }
+
     int err = uapiErrno(uapiCommand(message));
     if (err != 0) {
         logger.error() << "Interface configuration failed:" << strerror(err);
     } else {
         if (config.m_killSwitchEnabled) {
             FirewallParams params { };
-            params.dnsServers.append(config.m_dnsServer);
+            params.dnsServers.append(config.m_primaryDnsServer);
+            if (!config.m_secondaryDnsServer.isEmpty()) {
+                params.dnsServers.append(config.m_secondaryDnsServer);
+            }
             if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
                 params.blockAll = true;
                 if (config.m_excludedAddresses.size()) {
@@ -182,7 +203,7 @@ bool WireguardUtilsLinux::deleteInterface() {
     QFile::remove(wgRuntimeDir.filePath(QString(WG_INTERFACE) + ".name"));
 
     // double-check + ensure our firewall is installed and enabled
-    LinuxFirewall::uninstall();
+    KillSwitch::instance()->disableKillSwitch();
     return true;
 }
 

client/platforms/macos/daemon/iputilsmacos.cpp

@@ -122,7 +122,7 @@ bool IPUtilsMacos::addIP4AddressToDevice(const InterfaceConfig& config) {
   // Set ifr to interface
   int ret = ioctl(sockfd, SIOCAIFADDR, &ifr);
   if (ret) {
-    logger.error() << "Failed to set IPv4: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv4: " << deviceAddr
                    << "error:" << strerror(errno);
     return false;
   }
@@ -162,7 +162,7 @@ bool IPUtilsMacos::addIP6AddressToDevice(const InterfaceConfig& config) {
   // Set ifr to interface
   int ret = ioctl(sockfd, SIOCAIFADDR_IN6, &ifr6);
   if (ret) {
-    logger.error() << "Failed to set IPv6: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv6: " << deviceAddr
                    << "error:" << strerror(errno);
     return false;
   }

client/platforms/macos/daemon/macosfirewall.cpp

@@ -43,8 +43,16 @@ namespace {
 
 #include "macosfirewall.h"
 
-#define ResourceDir qApp->applicationDirPath() + "/pf"
+#include <QDir>
-#define DaemonDataDir qApp->applicationDirPath() + "/pf"
+#include <QStandardPaths>
+
+// Read-only rules bundled with the application.
+#define ResourceDir (qApp->applicationDirPath() + "/pf")
+
+// Writable location that does NOT live inside the signed bundle.  Using a
+// constant path under /Library/Application Support keeps the signature intact
+// and is accessible to the root helper.
+#define DaemonDataDir QStringLiteral("/Library/Application Support/AmneziaVPN/pf")
 
 #include <QProcess>
 
@@ -121,6 +129,8 @@ void MacOSFirewall::install()
     logger.info() << "Installing PF root anchor";
 
     installRootAnchors();
+    // Ensure writable directory exists, then store the token there.
+    QDir().mkpath(DaemonDataDir);
     execute(QStringLiteral("pfctl -E 2>&1 | grep -F 'Token : ' | cut -c9- > '%1/pf.token'").arg(DaemonDataDir));
 }
 

client/platforms/macos/daemon/macosroutemonitor.cpp

@@ -144,7 +144,7 @@ void MacosRouteMonitor::handleRtmDelete(const struct rt_msghdr* rtm,
   for (const IPAddress& prefix : m_exclusionRoutes) {
     if (prefix.address().protocol() == protocol) {
       logger.debug() << "Removing exclusion route to"
-                     << logger.sensitive(prefix.toString());
+                     << prefix.toString();
       rtmSendRoute(RTM_DELETE, prefix, rtm->rtm_index, nullptr);
     }
   }
@@ -259,7 +259,7 @@ void MacosRouteMonitor::handleRtmUpdate(const struct rt_msghdr* rtm,
   for (const IPAddress& prefix : m_exclusionRoutes) {
     if (prefix.address().protocol() == protocol) {
       logger.debug() << "Updating exclusion route to"
-                     << logger.sensitive(prefix.toString());
+                     << prefix.toString();
       rtmSendRoute(rtm_type, prefix, ifindex, addrlist[1].constData());
     }
   }
@@ -510,8 +510,7 @@ bool MacosRouteMonitor::deleteRoute(const IPAddress& prefix, int flags) {
 }
 
 bool MacosRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
-  logger.debug() << "Adding exclusion route for"
+  logger.debug() << "Adding exclusion route for" << prefix.toString();
-                 << logger.sensitive(prefix.toString());
 
   if (m_exclusionRoutes.contains(prefix)) {
     logger.warning() << "Exclusion route already exists";
@@ -536,8 +535,7 @@ bool MacosRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
 }
 
 bool MacosRouteMonitor::deleteExclusionRoute(const IPAddress& prefix) {
-  logger.debug() << "Deleting exclusion route for"
+  logger.debug() << "Deleting exclusion route for" << prefix.toString();
-                 << logger.sensitive(prefix.toString());
 
   m_exclusionRoutes.removeAll(prefix);
   if (prefix.address().protocol() == QAbstractSocket::IPv4Protocol) {

client/platforms/macos/daemon/wireguardutilsmacos.cpp

@@ -16,6 +16,8 @@
 #include "leakdetector.h"
 #include "logger.h"
 
+#include "killswitch.h"
+
 constexpr const int WG_TUN_PROC_TIMEOUT = 5000;
 constexpr const char* WG_RUNTIME_DIR = "/var/run/amneziawg";
 
@@ -117,6 +119,12 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
   if (!config.m_responsePacketJunkSize.isEmpty()) {
     out << "s2=" << config.m_responsePacketJunkSize << "\n";
   }
+  if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
+    out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
+  }
+  if (!config.m_transportPacketJunkSize.isEmpty()) {
+    out << "s4=" << config.m_transportPacketJunkSize << "\n";
+  }
   if (!config.m_initPacketMagicHeader.isEmpty()) {
     out << "h1=" << config.m_initPacketMagicHeader << "\n";
   }
@@ -130,30 +138,43 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
     out << "h4=" << config.m_transportPacketMagicHeader << "\n";
   }
 
+  for (const QString& key : config.m_specialJunk.keys()) {
+      out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
+  }
+  for (const QString& key : config.m_controlledJunk.keys()) {
+      out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+  }
+  if (!config.m_specialHandshakeTimeout.isEmpty()) {
+      out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+  }
+
   int err = uapiErrno(uapiCommand(message));
   if (err != 0) {
     logger.error() << "Interface configuration failed:" << strerror(err);
   } else {
-      if (config.m_killSwitchEnabled) {
+    if (config.m_killSwitchEnabled) {
-        FirewallParams params { };
+      FirewallParams params { };
-        params.dnsServers.append(config.m_dnsServer);
+      params.dnsServers.append(config.m_primaryDnsServer);
+      if (!config.m_secondaryDnsServer.isEmpty()) {
+          params.dnsServers.append(config.m_secondaryDnsServer);
+      }
 
-        if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
+      if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
           params.blockAll = true;
           if (config.m_excludedAddresses.size()) {
-            params.allowNets = true;
+              params.allowNets = true;
-            foreach (auto net, config.m_excludedAddresses) {
+              foreach (auto net, config.m_excludedAddresses) {
-              params.allowAddrs.append(net.toUtf8());
+                  params.allowAddrs.append(net.toUtf8());
-            }
+              }
           }
-        } else {
+      } else {
           params.blockNets = true;
           foreach (auto net, config.m_allowedIPAddressRanges) {
-            params.blockAddrs.append(net.toString());
+              params.blockAddrs.append(net.toString());
           }
-        }
-        applyFirewallRules(params);
       }
+      applyFirewallRules(params);
+    }
   }
   return (err == 0);
 }
@@ -180,7 +201,7 @@ bool WireguardUtilsMacos::deleteInterface() {
   QFile::remove(wgRuntimeDir.filePath(QString(WG_INTERFACE) + ".name"));
 
   // double-check + ensure our firewall is installed and enabled
-  MacOSFirewall::uninstall();
+  KillSwitch::instance()->disableKillSwitch();
 
   return true;
 }

client/platforms/windows/daemon/windowsfirewall.cpp

@@ -29,6 +29,8 @@
 #include "logger.h"
 #include "platforms/windows/windowsutils.h"
 
+#include "killswitch.h"
+
 #define IPV6_ADDRESS_SIZE 16
 
 // ID for the Firewall Sublayer
@@ -180,16 +182,29 @@ bool WindowsFirewall::enableInterface(int vpnAdapterIndex) {
     }                                                                     \
   }
 
-  logger.info() << "Enabling firewall Using Adapter:" << vpnAdapterIndex;
+  logger.info() << "Enabling Killswitch Using Adapter:" << vpnAdapterIndex;
+  if (vpnAdapterIndex < 0)
+  {
+    IPAddress allv4("0.0.0.0/0");
+    if (!blockTrafficTo(allv4, MED_WEIGHT,
+                        "Block Internet", "killswitch")) {
+        return false;
+    }
+    IPAddress allv6("::/0");
+    if (!blockTrafficTo(allv6, MED_WEIGHT,
+                        "Block Internet", "killswitch")) {
+      return false;
+    }
+  } else
   FW_OK(allowTrafficOfAdapter(vpnAdapterIndex, MED_WEIGHT,
-                              "Allow usage of VPN Adapter"));
+                                  "Allow usage of VPN Adapter"));
   FW_OK(allowDHCPTraffic(MED_WEIGHT, "Allow DHCP Traffic"));
-  FW_OK(allowHyperVTraffic(MED_WEIGHT, "Allow Hyper-V Traffic"));
+  FW_OK(allowHyperVTraffic(MAX_WEIGHT, "Allow Hyper-V Traffic"));
   FW_OK(allowTrafficForAppOnAll(getCurrentPath(), MAX_WEIGHT,
                                 "Allow all for AmneziaVPN.exe"));
   FW_OK(blockTrafficOnPort(53, MED_WEIGHT, "Block all DNS"));
-  FW_OK(
+  FW_OK(allowLoopbackTraffic(MED_WEIGHT,
-      allowLoopbackTraffic(MED_WEIGHT, "Allow Loopback traffic on device %1"));
+                             "Allow Loopback traffic on device %1"));
 
   logger.debug() << "Killswitch on! Rules:" << m_activeRules.length();
   return true;
@@ -226,6 +241,37 @@ bool WindowsFirewall::enableLanBypass(const QList<IPAddress>& ranges) {
   return true;
 }
 
+// Allow unprotected traffic sent to the following address ranges.
+bool WindowsFirewall::allowTrafficRange(const QStringList& ranges) {
+  // Start the firewall transaction
+  auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
+  if (result != ERROR_SUCCESS) {
+    disableKillSwitch();
+    return false;
+  }
+  auto cleanup = qScopeGuard([&] {
+      FwpmTransactionAbort0(m_sessionHandle);
+      disableKillSwitch();
+  });
+
+  for (const QString& addr : ranges) {
+    logger.debug() << "Allow killswitch exclude: " << addr;
+    if (!allowTrafficTo(QHostAddress(addr), HIGH_WEIGHT, "Allow killswitch bypass traffic")) {
+      return false;
+    }
+  }
+
+  result = FwpmTransactionCommit0(m_sessionHandle);
+  if (result != ERROR_SUCCESS) {
+    logger.error() << "FwpmTransactionCommit0 failed with error:" << result;
+    return false;
+  }
+
+  cleanup.dismiss();
+  return true;
+}
+
+
 bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
   // Start the firewall transaction
   auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
@@ -245,15 +291,15 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
                       "Block Internet", config.m_serverPublicKey)) {
     return false;
   }
-  if (!config.m_dnsServer.isEmpty()) {
+  if (!config.m_primaryDnsServer.isEmpty()) {
-    if (!allowTrafficTo(QHostAddress(config.m_dnsServer), 53, HIGH_WEIGHT,
+    if (!allowTrafficTo(QHostAddress(config.m_primaryDnsServer), 53, HIGH_WEIGHT,
                         "Allow DNS-Server", config.m_serverPublicKey)) {
       return false;
     }
     // In some cases, we might configure a 2nd DNS server for IPv6, however
     // this should probably be cleaned up by converting m_dnsServer into
     // a QStringList instead.
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
       if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
                           HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
                           config.m_serverPublicKey)) {
@@ -262,12 +308,37 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
     }
   }
 
+  if (!config.m_secondaryDnsServer.isEmpty()) {
+    if (!allowTrafficTo(QHostAddress(config.m_secondaryDnsServer), 53, HIGH_WEIGHT,
+                        "Allow DNS-Server", config.m_serverPublicKey)) {
+      return false;
+    }
+    // In some cases, we might configure a 2nd DNS server for IPv6, however
+    // this should probably be cleaned up by converting m_dnsServer into
+    // a QStringList instead.
+    if (config.m_secondaryDnsServer == config.m_serverIpv4Gateway) {
+      if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
+                          HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
+                          config.m_serverPublicKey)) {
+        return false;
+      }
+    }
+  }
+
+  for (const QString& dns : config.m_allowedDnsServers) {
+    logger.debug() << "Allow DNS: " << dns;
+    if (!allowTrafficTo(QHostAddress(dns), 53, HIGH_WEIGHT,
+                        "Allow DNS-Server", config.m_serverPublicKey)) {
+      return false;
+    }
+  }
+
   if (!config.m_excludedAddresses.empty()) {
     for (const QString& i : config.m_excludedAddresses) {
       logger.debug() << "excludedAddresses range: " << i;
 
       if (!allowTrafficTo(i, HIGH_WEIGHT,
-                               "Allow Ecxlude route", config.m_serverPublicKey)) {
+                          "Allow Ecxlude route", config.m_serverPublicKey)) {
         return false;
       }
     }
@@ -313,37 +384,41 @@ bool WindowsFirewall::disablePeerTraffic(const QString& pubkey) {
 }
 
 bool WindowsFirewall::disableKillSwitch() {
-  auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
+  return KillSwitch::instance()->disableKillSwitch();
-  auto cleanup = qScopeGuard([&] {
+}
+
+bool WindowsFirewall::allowAllTraffic() {
+    auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
+    auto cleanup = qScopeGuard([&] {
+        if (result != ERROR_SUCCESS) {
+            FwpmTransactionAbort0(m_sessionHandle);
+        }
+    });
     if (result != ERROR_SUCCESS) {
-      FwpmTransactionAbort0(m_sessionHandle);
+      logger.error() << "FwpmTransactionBegin0 failed. Return value:.\n"
+                     << result;
+      return false;
     }
-  });
-  if (result != ERROR_SUCCESS) {
-    logger.error() << "FwpmTransactionBegin0 failed. Return value:.\n"
-                   << result;
-    return false;
-  }
 
-  for (const auto& filterID : m_peerRules.values()) {
+    for (const auto& filterID : m_peerRules.values()) {
-    FwpmFilterDeleteById0(m_sessionHandle, filterID);
+      FwpmFilterDeleteById0(m_sessionHandle, filterID);
-  }
+    }
 
-  for (const auto& filterID : qAsConst(m_activeRules)) {
+    for (const auto& filterID : qAsConst(m_activeRules)) {
-    FwpmFilterDeleteById0(m_sessionHandle, filterID);
+      FwpmFilterDeleteById0(m_sessionHandle, filterID);
-  }
+    }
 
-  // Commit!
+           // Commit!
-  result = FwpmTransactionCommit0(m_sessionHandle);
+    result = FwpmTransactionCommit0(m_sessionHandle);
-  if (result != ERROR_SUCCESS) {
+    if (result != ERROR_SUCCESS) {
-    logger.error() << "FwpmTransactionCommit0 failed. Return value:.\n"
+      logger.error() << "FwpmTransactionCommit0 failed. Return value:.\n"
-                   << result;
+                     << result;
-    return false;
+      return false;
-  }
+    }
-  m_peerRules.clear();
+    m_peerRules.clear();
-  m_activeRules.clear();
+    m_activeRules.clear();
-  logger.debug() << "Firewall Disabled!";
+    logger.debug() << "Firewall Disabled!";
-  return true;
+    return true;
 }
 
 bool WindowsFirewall::allowTrafficForAppOnAll(const QString& exePath,

client/platforms/windows/daemon/windowsfirewall.h

@@ -43,6 +43,8 @@ class WindowsFirewall final : public QObject {
   bool enablePeerTraffic(const InterfaceConfig& config);
   bool disablePeerTraffic(const QString& pubkey);
   bool disableKillSwitch();
+  bool allowAllTraffic();
+  bool allowTrafficRange(const QStringList& ranges);
 
  private:
   static bool initSublayer();

client/platforms/windows/daemon/windowsroutemonitor.cpp

@@ -303,8 +303,7 @@ void WindowsRouteMonitor::updateCapturedRoutes(int family, void* ptable) {
       data->Age++;
       continue;
     }
-    logger.debug() << "Capturing route to"
+    logger.debug() << "Capturing route to" << prefix.toString();
-                   << logger.sensitive(prefix.toString());
 
     // Clone the route and direct it into the VPN tunnel.
     data = new MIB_IPFORWARD_ROW2;
@@ -354,8 +353,7 @@ void WindowsRouteMonitor::updateCapturedRoutes(int family, void* ptable) {
       continue;
     }
 
-    logger.debug() << "Removing route capture for"
+    logger.debug() << "Removing route capture for" << i.key().toString();
-                   << logger.sensitive(i.key().toString());
 
     // Otherwise, this route is no longer in use.
     DWORD result = DeleteIpForwardEntry2(data);
@@ -368,8 +366,7 @@ void WindowsRouteMonitor::updateCapturedRoutes(int family, void* ptable) {
 }
 
 bool WindowsRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
-  logger.debug() << "Adding exclusion route for"
+  logger.debug() << "Adding exclusion route for" << prefix.toString();
-                 << logger.sensitive(prefix.toString());
 
   // Silently ignore non-routeable addresses.
   QHostAddress addr = prefix.address();
@@ -437,7 +434,7 @@ bool WindowsRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
 
 bool WindowsRouteMonitor::deleteExclusionRoute(const IPAddress& prefix) {
   logger.debug() << "Deleting exclusion route for"
-                 << logger.sensitive(prefix.address().toString());
+                 << prefix.address().toString();
 
   MIB_IPFORWARD_ROW2* data = m_exclusionRoutes.take(prefix);
   if (data == nullptr) {
@@ -447,7 +444,7 @@ bool WindowsRouteMonitor::deleteExclusionRoute(const IPAddress& prefix) {
   DWORD result = DeleteIpForwardEntry2(data);
   if ((result != ERROR_NOT_FOUND) && (result != NO_ERROR)) {
     logger.error() << "Failed to delete route to"
-                   << logger.sensitive(prefix.toString())
+                   << prefix.toString()
                    << "result:" << result;
   }
 
@@ -465,7 +462,7 @@ void WindowsRouteMonitor::flushRouteTable(
     DWORD result = DeleteIpForwardEntry2(data);
     if ((result != ERROR_NOT_FOUND) && (result != NO_ERROR)) {
       logger.error() << "Failed to delete route to"
-                     << logger.sensitive(i.key().toString())
+                     << i.key().toString()
                      << "result:" << result;
     }
     delete data;

client/platforms/windows/daemon/wireguardutilswindows.cpp

@@ -14,8 +14,6 @@
 
 #include "leakdetector.h"
 #include "logger.h"
-#include "platforms/windows/windowscommons.h"
-#include "windowsdaemon.h"
 #include "windowsfirewall.h"
 
 #pragma comment(lib, "iphlpapi.lib")
@@ -132,6 +130,7 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
     // Enable the windows firewall
     NET_IFINDEX ifindex;
     ConvertInterfaceLuidToIndex(&luid, &ifindex);
+    m_firewall->allowAllTraffic();
     m_firewall->enableInterface(ifindex);
   }
 
@@ -269,6 +268,13 @@ bool WireguardUtilsWindows::updateRoutePrefix(const IPAddress& prefix) {
   if (result == ERROR_OBJECT_ALREADY_EXISTS) {
     return true;
   }
+
+  // Case for ipv6 route with disabled ipv6
+  if (prefix.address().protocol() == QAbstractSocket::IPv6Protocol
+      && result == ERROR_NOT_FOUND) {
+    return true;
+  }
+
   if (result != NO_ERROR) {
     logger.error() << "Failed to create route to"
                    << prefix.toString()

client/protocols/openvpnprotocol.cpp

@@ -171,6 +171,11 @@ ErrorCode OpenVpnProtocol::start()
         return lastError();
     }
 
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::Interface()->addKillSwitchAllowedRange(QStringList(NetworkUtilities::getIPAddress(
+            m_configData.value(amnezia::config_key::hostName).toString())));
+#endif
+
     // Detect default gateway
 #ifdef Q_OS_MAC
     QProcess p;
@@ -338,7 +343,7 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                         // killSwitch toggle
                         if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                             if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                                IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                                IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                             }
                             m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                             m_configData.insert("vpnGateway", m_vpnGateway);

client/protocols/protocols_defs.h

@@ -72,10 +72,21 @@ namespace amnezia
         constexpr char junkPacketMaxSize[] = "Jmax";
         constexpr char initPacketJunkSize[] = "S1";
         constexpr char responsePacketJunkSize[] = "S2";
+        constexpr char cookieReplyPacketJunkSize[] = "S3";
+        constexpr char transportPacketJunkSize[] = "S4";
         constexpr char initPacketMagicHeader[] = "H1";
         constexpr char responsePacketMagicHeader[] = "H2";
         constexpr char underloadPacketMagicHeader[] = "H3";
         constexpr char transportPacketMagicHeader[] = "H4";
+        constexpr char specialJunk1[] = "I1";
+        constexpr char specialJunk2[] = "I2";
+        constexpr char specialJunk3[] = "I3";
+        constexpr char specialJunk4[] = "I4";
+        constexpr char specialJunk5[] = "I5";
+        constexpr char controlledJunk1[] = "J1";
+        constexpr char controlledJunk2[] = "J2";
+        constexpr char controlledJunk3[] = "J3";
+        constexpr char specialHandshakeTimeout[] = "Itime";
 
         constexpr char openvpn[] = "openvpn";
         constexpr char wireguard[] = "wireguard";
@@ -95,12 +106,16 @@ namespace amnezia
         constexpr char splitTunnelApps[] = "splitTunnelApps";
         constexpr char appSplitTunnelType[] = "appSplitTunnelType";
 
+        constexpr char allowedDnsServers[] = "allowedDnsServers";
+
         constexpr char killSwitchOption[] = "killSwitchOption";
 
         constexpr char crc[] = "crc";
 
         constexpr char clientId[] = "clientId";
 
+        constexpr char nameOverriddenByUser[] = "nameOverriddenByUser";
+
     }
 
     namespace protocols
@@ -212,10 +227,22 @@ namespace amnezia
             constexpr char defaultJunkPacketMaxSize[] = "30";
             constexpr char defaultInitPacketJunkSize[] = "15";
             constexpr char defaultResponsePacketJunkSize[] = "18";
+            constexpr char defaultCookieReplyPacketJunkSize[] = "20";
+            constexpr char defaultTransportPacketJunkSize[] = "23";
+
             constexpr char defaultInitPacketMagicHeader[] = "1020325451";
             constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
             constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
             constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
+            constexpr char defaultSpecialJunk1[] = "";
+            constexpr char defaultSpecialJunk2[] = "";
+            constexpr char defaultSpecialJunk3[] = "";
+            constexpr char defaultSpecialJunk4[] = "";
+            constexpr char defaultSpecialJunk5[] = "";
+            constexpr char defaultControlledJunk1[] = "";
+            constexpr char defaultControlledJunk2[] = "";
+            constexpr char defaultControlledJunk3[] = "";
+            constexpr char defaultSpecialHandshakeTimeout[] = "";
         }
 
         namespace socks5Proxy

client/protocols/xrayprotocol.cpp

@@ -98,8 +98,13 @@ ErrorCode XrayProtocol::startTun2Sock()
         if (vpnState == Vpn::ConnectionState::Connected) {
             setConnectionState(Vpn::ConnectionState::Connecting);
             QList<QHostAddress> dnsAddr;
+
             dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+            // We don't use secondary DNS if primary DNS is AmneziaDNS
+            if (!m_configData.value(amnezia::config_key::dns1).toString().
+                 contains(amnezia::protocols::dns::amneziaDnsIp)) {
+                dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+            }
 #ifdef Q_OS_WIN
             QThread::msleep(8000);
 #endif
@@ -134,7 +139,7 @@ ErrorCode XrayProtocol::startTun2Sock()
                     // killSwitch toggle
                     if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                         if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                            IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                         }
                         m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                         m_configData.insert("vpnGateway", m_vpnGateway);

client/resources.qrc

@@ -129,6 +129,7 @@
         <file>ui/qml/Components/SettingsContainersListView.qml</file>
         <file>ui/qml/Components/ShareConnectionDrawer.qml</file>
         <file>ui/qml/Components/TransportProtoSelector.qml</file>
+        <file>ui/qml/Components/AddSitePanel.qml</file>
         <file>ui/qml/Config/GlobalConfig.qml</file>
         <file>ui/qml/Config/qmldir</file>
         <file>ui/qml/Controls2/BackButtonType.qml</file>
@@ -143,7 +144,9 @@
         <file>ui/qml/Controls2/DropDownType.qml</file>
         <file>ui/qml/Controls2/FlickableType.qml</file>
         <file>ui/qml/Controls2/Header2Type.qml</file>
-        <file>ui/qml/Controls2/HeaderType.qml</file>
+        <file>ui/qml/Controls2/BaseHeaderType.qml</file>
+        <file>ui/qml/Controls2/HeaderTypeWithButton.qml</file>
+        <file>ui/qml/Controls2/HeaderTypeWithSwitcher.qml</file>
         <file>ui/qml/Controls2/HorizontalRadioButton.qml</file>
         <file>ui/qml/Controls2/ImageButtonType.qml</file>
         <file>ui/qml/Controls2/LabelWithButtonType.qml</file>
@@ -192,13 +195,15 @@
         <file>ui/qml/Pages2/PageServiceTorWebsiteSettings.qml</file>
         <file>ui/qml/Pages2/PageSettings.qml</file>
         <file>ui/qml/Pages2/PageSettingsAbout.qml</file>
-        <file>ui/qml/Pages2/PageSettingsApiLanguageList.qml</file>
+        <file>ui/qml/Pages2/PageSettingsApiAvailableCountries.qml</file>
         <file>ui/qml/Pages2/PageSettingsApiServerInfo.qml</file>
         <file>ui/qml/Pages2/PageSettingsApplication.qml</file>
         <file>ui/qml/Pages2/PageSettingsAppSplitTunneling.qml</file>
         <file>ui/qml/Pages2/PageSettingsBackup.qml</file>
         <file>ui/qml/Pages2/PageSettingsConnection.qml</file>
         <file>ui/qml/Pages2/PageSettingsDns.qml</file>
+        <file>ui/qml/Pages2/PageSettingsKillSwitch.qml</file>
+        <file>ui/qml/Pages2/PageSettingsKillSwitchExceptions.qml</file>
         <file>ui/qml/Pages2/PageSettingsLogging.qml</file>
         <file>ui/qml/Pages2/PageSettingsServerData.qml</file>
         <file>ui/qml/Pages2/PageSettingsServerInfo.qml</file>
@@ -224,6 +229,17 @@
         <file>ui/qml/Pages2/PageShare.qml</file>
         <file>ui/qml/Pages2/PageShareFullAccess.qml</file>
         <file>ui/qml/Pages2/PageStart.qml</file>
+        <file>ui/qml/Components/RenameServerDrawer.qml</file>
+        <file>ui/qml/Controls2/ListViewType.qml</file>
+        <file>ui/qml/Pages2/PageSettingsApiSupport.qml</file>
+        <file>ui/qml/Pages2/PageSettingsApiInstructions.qml</file>
+        <file>ui/qml/Pages2/PageSettingsApiNativeConfigs.qml</file>
+        <file>ui/qml/Pages2/PageSettingsApiDevices.qml</file>
+        <file>images/controls/monitor.svg</file>
+        <file>ui/qml/Components/ApiPremV1MigrationDrawer.qml</file>
+        <file>ui/qml/Components/ApiPremV1SubListDrawer.qml</file>
+        <file>ui/qml/Components/OtpCodeDrawer.qml</file>
+        <file>ui/qml/Components/AwgTextField.qml</file>
     </qresource>
     <qresource prefix="/countriesFlags">
         <file>images/flagKit/ZW.svg</file>

client/secure_qsettings.cpp

@@ -1,7 +1,7 @@
 #include "secure_qsettings.h"
 
-#include "QAead.h"
+#include "../client/3rd/QSimpleCrypto/src/include/QAead.h"
-#include "QBlockCipher.h"
+#include "../client/3rd/QSimpleCrypto/src/include/QBlockCipher.h"
 #include "utilities.h"
 #include <QDataStream>
 #include <QDebug>

client/secure_qsettings.h

@@ -6,7 +6,7 @@
 #include <QObject>
 #include <QSettings>
 
-#include "keychain.h"
+#include "../client/3rd/qtkeychain/qtkeychain/keychain.h"
 
 class SecureQSettings : public QObject
 {

client/server_scripts/awg/Dockerfile

@@ -44,3 +44,4 @@ RUN echo -e " \n\
 
 ENTRYPOINT [ "dumb-init", "/opt/amnezia/start.sh" ]
 CMD [ "" ]
+

client/server_scripts/awg/configure_container.sh

@@ -23,4 +23,5 @@ H1 = $INIT_PACKET_MAGIC_HEADER
 H2 = $RESPONSE_PACKET_MAGIC_HEADER
 H3 = $UNDERLOAD_PACKET_MAGIC_HEADER
 H4 = $TRANSPORT_PACKET_MAGIC_HEADER
+
 EOF

client/server_scripts/check_server_is_busy.sh

@@ -1,6 +1,7 @@
-if which apt-get > /dev/null 2>&1; then LOCK_FILE="/var/lib/dpkg/lock-frontend";\
+if which apt-get > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/dpkg/lock-frontend";\
-elif which dnf > /dev/null 2>&1; then LOCK_FILE="/var/run/dnf.pid";\
+elif which dnf > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/cache/dnf/* /var/run/dnf/* /var/lib/dnf/* /var/lib/rpm/*";\
-elif which yum > /dev/null 2>&1; then LOCK_FILE="/var/run/yum.pid";\
+elif which yum > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/yum.pid";\
-elif which pacman > /dev/null 2>&1; then LOCK_FILE="/var/lib/pacman/db.lck";\
+elif which zypper > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/zypp.pid";\
+elif which pacman > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/pacman/db.lck";\
 else echo "Packet manager not found"; echo "Internal error"; exit 1; fi;\
-if command -v fuser > /dev/null 2>&1; then sudo fuser $LOCK_FILE 2>/dev/null; else echo "fuser not installed"; fi
+if command -v $LOCK_CMD > /dev/null 2>&1; then sudo $LOCK_CMD $LOCK_FILE 2>/dev/null; else echo "$LOCK_CMD not installed"; fi

client/server_scripts/check_user_in_sudo.sh

@@ -1,2 +1,14 @@
-CUR_USER=$(whoami);\
+if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\
-groups $CUR_USER
+elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\
+elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\
+elif which zypper > /dev/null 2>&1; then pm=$(which zypper); opt="--version";\
+elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\
+else pm="uname"; opt="-a";\
+fi;\
+CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\
+echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\
+sudo -K;\
+cd ~;\
+if [ "$CUR_USER" = "root" ] || ( groups "$CUR_USER" | grep -E '\<(sudo|wheel)\>' ); then \
+  sudo -nu $CUR_USER $pm $opt > /dev/null; sudo -n $pm $opt > /dev/null;\
+fi

client/server_scripts/install_docker.sh

@@ -1,6 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
+elif which zypper > /dev/null 2>&1; then pm=$(which zypper); silent_inst="-nq install"; check_pkgs="-nq refresh"; docker_pkg="docker"; dist="opensuse";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\
 else echo "Packet manager not found"; exit 1; fi;\
 echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\

client/server_scripts/prepare_host.sh

@@ -1,4 +1,4 @@
-CUR_USER=$(whoami);\
+CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\
 sudo mkdir -p $DOCKERFILE_FOLDER;\
 sudo chown $CUR_USER $DOCKERFILE_FOLDER;\
 if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \

client/settings.cpp

@@ -443,6 +443,16 @@ void Settings::setKillSwitchEnabled(bool enabled)
     setValue("Conf/killSwitchEnabled", enabled);
 }
 
+bool Settings::isStrictKillSwitchEnabled() const
+{
+    return value("Conf/strictKillSwitchEnabled", false).toBool();
+}
+
+void Settings::setStrictKillSwitchEnabled(bool enabled)
+{
+    setValue("Conf/strictKillSwitchEnabled", enabled);
+}
+
 QString Settings::getInstallationUuid(const bool needCreate)
 {
     auto uuid = value("Conf/installationUuid", "").toString();
@@ -548,3 +558,23 @@ void Settings::disableHomeAdLabel()
 {
     setValue("Conf/homeAdLabelVisible", false);
 }
+
+bool Settings::isPremV1MigrationReminderActive()
+{
+    return value("Conf/premV1MigrationReminderActive", true).toBool();
+}
+
+void Settings::disablePremV1MigrationReminder()
+{
+    setValue("Conf/premV1MigrationReminderActive", false);
+}
+
+QStringList Settings::allowedDnsServers() const
+{
+    return value("Conf/allowedDnsServers").toStringList();
+}
+
+void Settings::setAllowedDnsServers(const QStringList &servers)
+{
+    setValue("Conf/allowedDnsServers", servers);
+}

client/settings.h

@@ -174,11 +174,12 @@ public:
 
     QLocale getAppLanguage()
     {
-        return value("Conf/appLanguage", QLocale()).toLocale();
+        QString localeStr = m_settings.value("Conf/appLanguage").toString();
+        return QLocale(localeStr);
     };
     void setAppLanguage(QLocale locale)
     {
-        setValue("Conf/appLanguage", locale);
+        setValue("Conf/appLanguage", locale.name());
     };
 
     bool isScreenshotsEnabled() const
@@ -213,6 +214,10 @@ public:
 
     bool isKillSwitchEnabled() const;
     void setKillSwitchEnabled(bool enabled);
+
+    bool isStrictKillSwitchEnabled() const;
+    void setStrictKillSwitchEnabled(bool enabled);
+
     QString getInstallationUuid(const bool needCreate);
 
     void resetGatewayEndpoint();
@@ -225,6 +230,12 @@ public:
     bool isHomeAdLabelVisible();
     void disableHomeAdLabel();
 
+    bool isPremV1MigrationReminderActive();
+    void disablePremV1MigrationReminder();
+    
+    QStringList allowedDnsServers() const;
+    void setAllowedDnsServers(const QStringList &servers);
+
 signals:
     void saveLogsChanged(bool enabled);
     void screenshotsEnabledChanged(bool enabled);

client/ui/Controls2

@@ -1,34 +0,0 @@
-import QtQuick
-import QtQuick.Controls
-import QtQuick.Layouts
-
-TextArea {
-    id: root
-
-    width: parent.width
-
-    topPadding: 16
-    leftPadding: 16
-
-    color: "#D7D8DB"
-    selectionColor:  "#412102"
-    selectedTextColor: "#D7D8DB"
-    placeholderTextColor: "#878B91"
-
-    font.pixelSize: 16
-    font.weight: Font.Medium
-    font.family: "PT Root UI VF"
-
-    wrapMode: Text.Wrap
-
-    MouseArea {
-        anchors.fill: parent
-        acceptedButtons: Qt.RightButton
-        onClicked: contextMenu.open()
-    }
-
-    ContextMenuType {
-        id: contextMenu
-        textObj: textField
-    }
-}

client/ui/controllers/allowedDnsController.cpp

@@ -0,0 +1,101 @@
+#include "allowedDnsController.h"
+
+#include <QFile>
+#include <QStandardPaths>
+#include <QJsonDocument>
+#include <QJsonArray>
+#include <QJsonObject>
+
+#include "systemController.h"
+#include "core/networkUtilities.h"
+#include "core/defs.h"
+
+AllowedDnsController::AllowedDnsController(const std::shared_ptr<Settings> &settings,
+                                           const QSharedPointer<AllowedDnsModel> &allowedDnsModel,
+                                           QObject *parent)
+    : QObject(parent), m_settings(settings), m_allowedDnsModel(allowedDnsModel)
+{
+}
+
+void AllowedDnsController::addDns(QString ip)
+{
+    if (ip.isEmpty()) {
+        return;
+    }
+
+    if (!NetworkUtilities::ipAddressRegExp().match(ip).hasMatch()) {
+        emit errorOccurred(tr("The address does not look like a valid IP address"));
+        return;
+    }
+
+    if (m_allowedDnsModel->addDns(ip)) {
+        emit finished(tr("New DNS server added: %1").arg(ip));
+    } else {
+        emit errorOccurred(tr("DNS server already exists: %1").arg(ip));
+    }
+}
+
+void AllowedDnsController::removeDns(int index)
+{
+    auto modelIndex = m_allowedDnsModel->index(index);
+    auto ip = m_allowedDnsModel->data(modelIndex, AllowedDnsModel::Roles::IpRole).toString();
+    m_allowedDnsModel->removeDns(modelIndex);
+
+    emit finished(tr("DNS server removed: %1").arg(ip));
+}
+
+void AllowedDnsController::importDns(const QString &fileName, bool replaceExisting)
+{
+    QByteArray jsonData;
+    if (!SystemController::readFile(fileName, jsonData)) {
+        emit errorOccurred(tr("Can't open file: %1").arg(fileName));
+        return;
+    }
+
+    QJsonDocument jsonDocument = QJsonDocument::fromJson(jsonData);
+    if (jsonDocument.isNull()) {
+        emit errorOccurred(tr("Failed to parse JSON data from file: %1").arg(fileName));
+        return;
+    }
+
+    if (!jsonDocument.isArray()) {
+        emit errorOccurred(tr("The JSON data is not an array in file: %1").arg(fileName));
+        return;
+    }
+
+    auto jsonArray = jsonDocument.array();
+    QStringList dnsServers;
+
+    for (auto jsonValue : jsonArray) {
+        auto ip = jsonValue.toString();
+        
+        if (!NetworkUtilities::ipAddressRegExp().match(ip).hasMatch()) {
+            qDebug() << ip << " is not a valid IP address";
+            continue;
+        }
+        
+        dnsServers.append(ip);
+    }
+
+    m_allowedDnsModel->addDnsList(dnsServers, replaceExisting);
+
+    emit finished(tr("Import completed"));
+}
+
+void AllowedDnsController::exportDns(const QString &fileName)
+{
+    auto dnsServers = m_allowedDnsModel->getCurrentDnsServers();
+
+    QJsonArray jsonArray;
+
+    for (const auto &ip : dnsServers) {
+        jsonArray.append(ip);
+    }
+
+    QJsonDocument jsonDocument(jsonArray);
+    QByteArray jsonData = jsonDocument.toJson();
+
+    SystemController::saveFile(fileName, jsonData);
+
+    emit finished(tr("Export completed"));
+} 

client/ui/controllers/allowedDnsController.h

@@ -0,0 +1,35 @@
+#ifndef ALLOWEDDNSCONTROLLER_H
+#define ALLOWEDDNSCONTROLLER_H
+
+#include <QObject>
+
+#include "settings.h"
+#include "ui/models/allowed_dns_model.h"
+
+class AllowedDnsController : public QObject
+{
+    Q_OBJECT
+public:
+    explicit AllowedDnsController(const std::shared_ptr<Settings> &settings,
+                                  const QSharedPointer<AllowedDnsModel> &allowedDnsModel,
+                                  QObject *parent = nullptr);
+
+public slots:
+    void addDns(QString ip);
+    void removeDns(int index);
+
+    void importDns(const QString &fileName, bool replaceExisting);
+    void exportDns(const QString &fileName);
+
+signals:
+    void errorOccurred(const QString &errorMessage);
+    void finished(const QString &message);
+
+    void saveFile(const QString &fileName, const QString &data);
+
+private:
+    std::shared_ptr<Settings> m_settings;
+    QSharedPointer<AllowedDnsModel> m_allowedDnsModel;
+};
+
+#endif // ALLOWEDDNSCONTROLLER_H 

client/ui/controllers/api/apiConfigsController.cpp

@@ -0,0 +1,635 @@
+#include "apiConfigsController.h"
+
+#include <QClipboard>
+#include <QEventLoop>
+
+#include "amnezia_application.h"
+#include "configurators/wireguard_configurator.h"
+#include "core/api/apiDefs.h"
+#include "core/api/apiUtils.h"
+#include "core/controllers/gatewayController.h"
+#include "core/qrCodeUtils.h"
+#include "ui/controllers/systemController.h"
+#include "version.h"
+
+namespace
+{
+    namespace configKey
+    {
+        constexpr char cloak[] = "cloak";
+        constexpr char awg[] = "awg";
+        constexpr char vless[] = "vless";
+
+        constexpr char apiEndpoint[] = "api_endpoint";
+        constexpr char accessToken[] = "api_key";
+        constexpr char certificate[] = "certificate";
+        constexpr char publicKey[] = "public_key";
+        constexpr char protocol[] = "protocol";
+
+        constexpr char uuid[] = "installation_uuid";
+        constexpr char osVersion[] = "os_version";
+        constexpr char appVersion[] = "app_version";
+
+        constexpr char userCountryCode[] = "user_country_code";
+        constexpr char serverCountryCode[] = "server_country_code";
+        constexpr char serviceType[] = "service_type";
+        constexpr char serviceInfo[] = "service_info";
+        constexpr char serviceProtocol[] = "service_protocol";
+
+        constexpr char apiPayload[] = "api_payload";
+        constexpr char keyPayload[] = "key_payload";
+
+        constexpr char apiConfig[] = "api_config";
+        constexpr char authData[] = "auth_data";
+
+        constexpr char config[] = "config";
+    }
+
+    struct ProtocolData
+    {
+        OpenVpnConfigurator::ConnectionData certRequest;
+
+        QString wireGuardClientPrivKey;
+        QString wireGuardClientPubKey;
+
+        QString xrayUuid;
+    };
+
+    struct GatewayRequestData
+    {
+        QString osVersion;
+        QString appVersion;
+
+        QString installationUuid;
+
+        QString userCountryCode;
+        QString serverCountryCode;
+        QString serviceType;
+        QString serviceProtocol;
+
+        QJsonObject authData;
+
+        QJsonObject toJsonObject() const
+        {
+            QJsonObject obj;
+            if (!osVersion.isEmpty()) {
+                obj[configKey::osVersion] = osVersion;
+            }
+            if (!appVersion.isEmpty()) {
+                obj[configKey::appVersion] = appVersion;
+            }
+            if (!installationUuid.isEmpty()) {
+                obj[configKey::uuid] = installationUuid;
+            }
+            if (!userCountryCode.isEmpty()) {
+                obj[configKey::userCountryCode] = userCountryCode;
+            }
+            if (!serverCountryCode.isEmpty()) {
+                obj[configKey::serverCountryCode] = serverCountryCode;
+            }
+            if (!serviceType.isEmpty()) {
+                obj[configKey::serviceType] = serviceType;
+            }
+            if (!serviceProtocol.isEmpty()) {
+                obj[configKey::serviceProtocol] = serviceProtocol;
+            }
+            if (!authData.isEmpty()) {
+                obj[configKey::authData] = authData;
+            }
+            return obj;
+        }
+    };
+
+    ProtocolData generateProtocolData(const QString &protocol)
+    {
+        ProtocolData protocolData;
+        if (protocol == configKey::cloak) {
+            protocolData.certRequest = OpenVpnConfigurator::createCertRequest();
+        } else if (protocol == configKey::awg) {
+            auto connData = WireguardConfigurator::genClientKeys();
+            protocolData.wireGuardClientPubKey = connData.clientPubKey;
+            protocolData.wireGuardClientPrivKey = connData.clientPrivKey;
+        } else if (protocol == configKey::vless) {
+            protocolData.xrayUuid = QUuid::createUuid().toString(QUuid::WithoutBraces);
+        }
+
+        return protocolData;
+    }
+
+    void appendProtocolDataToApiPayload(const QString &protocol, const ProtocolData &protocolData, QJsonObject &apiPayload)
+    {
+        if (protocol == configKey::cloak) {
+            apiPayload[configKey::certificate] = protocolData.certRequest.request;
+        } else if (protocol == configKey::awg) {
+            apiPayload[configKey::publicKey] = protocolData.wireGuardClientPubKey;
+        } else if (protocol == configKey::vless) {
+            apiPayload[configKey::publicKey] = protocolData.xrayUuid;
+        }
+    }
+
+    ErrorCode fillServerConfig(const QString &protocol, const ProtocolData &apiPayloadData, const QByteArray &apiResponseBody,
+                               QJsonObject &serverConfig)
+    {
+        QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
+
+        data.replace("vpn://", "");
+        QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+
+        if (ba.isEmpty()) {
+            qDebug() << "empty vpn key";
+            return ErrorCode::ApiConfigEmptyError;
+        }
+
+        QByteArray ba_uncompressed = qUncompress(ba);
+        if (!ba_uncompressed.isEmpty()) {
+            ba = ba_uncompressed;
+        }
+
+        QString configStr = ba;
+        if (protocol == configKey::cloak) {
+            configStr.replace("<key>", "<key>\n");
+            configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
+        } else if (protocol == configKey::awg) {
+            configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+            auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+            auto containers = newServerConfig.value(config_key::containers).toArray();
+            if (containers.isEmpty()) {
+                qDebug() << "missing containers field";
+                return ErrorCode::ApiConfigEmptyError;
+            }
+            auto container = containers.at(0).toObject();
+            QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
+            auto serverProtocolConfig = container.value(containerName).toObject();
+            auto clientProtocolConfig =
+                    QJsonDocument::fromJson(serverProtocolConfig.value(config_key::last_config).toString().toUtf8()).object();
+
+            //TODO looks like this block can be removed after v1 configs EOL
+
+            serverProtocolConfig[config_key::junkPacketCount] = clientProtocolConfig.value(config_key::junkPacketCount);
+            serverProtocolConfig[config_key::junkPacketMinSize] = clientProtocolConfig.value(config_key::junkPacketMinSize);
+            serverProtocolConfig[config_key::junkPacketMaxSize] = clientProtocolConfig.value(config_key::junkPacketMaxSize);
+            serverProtocolConfig[config_key::initPacketJunkSize] = clientProtocolConfig.value(config_key::initPacketJunkSize);
+            serverProtocolConfig[config_key::responsePacketJunkSize] = clientProtocolConfig.value(config_key::responsePacketJunkSize);
+            serverProtocolConfig[config_key::initPacketMagicHeader] = clientProtocolConfig.value(config_key::initPacketMagicHeader);
+            serverProtocolConfig[config_key::responsePacketMagicHeader] = clientProtocolConfig.value(config_key::responsePacketMagicHeader);
+            serverProtocolConfig[config_key::underloadPacketMagicHeader] = clientProtocolConfig.value(config_key::underloadPacketMagicHeader);
+            serverProtocolConfig[config_key::transportPacketMagicHeader] = clientProtocolConfig.value(config_key::transportPacketMagicHeader);
+
+            serverProtocolConfig[config_key::cookieReplyPacketJunkSize] = clientProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
+            serverProtocolConfig[config_key::transportPacketJunkSize] = clientProtocolConfig.value(config_key::transportPacketJunkSize);
+            serverProtocolConfig[config_key::specialJunk1] = clientProtocolConfig.value(config_key::specialJunk1);
+            serverProtocolConfig[config_key::specialJunk2] = clientProtocolConfig.value(config_key::specialJunk2);
+            serverProtocolConfig[config_key::specialJunk3] = clientProtocolConfig.value(config_key::specialJunk3);
+            serverProtocolConfig[config_key::specialJunk4] = clientProtocolConfig.value(config_key::specialJunk4);
+            serverProtocolConfig[config_key::specialJunk5] = clientProtocolConfig.value(config_key::specialJunk5);
+            serverProtocolConfig[config_key::controlledJunk1] = clientProtocolConfig.value(config_key::controlledJunk1);
+            serverProtocolConfig[config_key::controlledJunk2] = clientProtocolConfig.value(config_key::controlledJunk2);
+            serverProtocolConfig[config_key::controlledJunk3] = clientProtocolConfig.value(config_key::controlledJunk3);
+            serverProtocolConfig[config_key::specialHandshakeTimeout] = clientProtocolConfig.value(config_key::specialHandshakeTimeout);
+
+            //
+
+            container[containerName] = serverProtocolConfig;
+            containers.replace(0, container);
+            newServerConfig[config_key::containers] = containers;
+            configStr = QString(QJsonDocument(newServerConfig).toJson());
+        }
+
+        QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+        serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
+        serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
+        serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
+        serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
+
+        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+            serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
+            serverConfig[config_key::description] = newServerConfig.value(config_key::description);
+            serverConfig[config_key::name] = newServerConfig.value(config_key::name);
+        }
+
+        auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
+        serverConfig[config_key::defaultContainer] = defaultContainer;
+
+        QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
+        map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
+        auto apiConfig = QJsonObject::fromVariantMap(map);
+
+        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+            apiConfig.insert(apiDefs::key::supportedProtocols,
+                             QJsonDocument::fromJson(apiResponseBody).object().value(apiDefs::key::supportedProtocols).toArray());
+        }
+
+        serverConfig[configKey::apiConfig] = apiConfig;
+
+        return ErrorCode::NoError;
+    }
+}
+
+ApiConfigsController::ApiConfigsController(const QSharedPointer<ServersModel> &serversModel,
+                                           const QSharedPointer<ApiServicesModel> &apiServicesModel,
+                                           const std::shared_ptr<Settings> &settings, QObject *parent)
+    : QObject(parent), m_serversModel(serversModel), m_apiServicesModel(apiServicesModel), m_settings(settings)
+{
+}
+
+bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode, const QString &fileName)
+{
+    if (fileName.isEmpty()) {
+        emit errorOccurred(ErrorCode::PermissionsError);
+        return false;
+    }
+
+    auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            serverConfigObject.value(configKey::authData).toObject() };
+
+    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    ProtocolData protocolData = generateProtocolData(protocol);
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
+
+    QByteArray responseBody;
+    ErrorCode errorCode = executeRequest(QString("%1v1/native_config"), apiPayload, responseBody);
+    if (errorCode != ErrorCode::NoError) {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+
+    QJsonObject jsonConfig = QJsonDocument::fromJson(responseBody).object();
+    QString nativeConfig = jsonConfig.value(configKey::config).toString();
+    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", protocolData.wireGuardClientPrivKey);
+
+    SystemController::saveFile(fileName, nativeConfig);
+    return true;
+}
+
+bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode)
+{
+    auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            serverConfigObject.value(configKey::authData).toObject() };
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+
+    QByteArray responseBody;
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
+    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+    return true;
+}
+
+void ApiConfigsController::prepareVpnKeyExport()
+{
+    auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    auto vpnKey = apiConfigObject.value(apiDefs::key::vpnKey).toString();
+    m_vpnKey = vpnKey;
+
+    vpnKey.replace("vpn://", "");
+
+    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(vpnKey.toUtf8());
+
+    emit vpnKeyExportReady();
+}
+
+void ApiConfigsController::copyVpnKeyToClipboard()
+{
+    auto clipboard = amnApp->getClipboard();
+    clipboard->setText(m_vpnKey);
+}
+
+bool ApiConfigsController::fillAvailableServices()
+{
+    QJsonObject apiPayload;
+    apiPayload[configKey::osVersion] = QSysInfo::productType();
+
+    QByteArray responseBody;
+    ErrorCode errorCode = executeRequest(QString("%1v1/services"), apiPayload, responseBody);
+    if (errorCode == ErrorCode::NoError) {
+        if (!responseBody.contains("services")) {
+            errorCode = ErrorCode::ApiServicesMissingError;
+        }
+    }
+
+    if (errorCode != ErrorCode::NoError) {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+
+    QJsonObject data = QJsonDocument::fromJson(responseBody).object();
+    m_apiServicesModel->updateModel(data);
+    return true;
+}
+
+bool ApiConfigsController::importServiceFromGateway()
+{
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            m_apiServicesModel->getCountryCode(),
+                                            "",
+                                            m_apiServicesModel->getSelectedServiceType(),
+                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            QJsonObject() };
+
+    if (m_serversModel->isServerFromApiAlreadyExists(gatewayRequestData.userCountryCode, gatewayRequestData.serviceType,
+                                                     gatewayRequestData.serviceProtocol)) {
+        emit errorOccurred(ErrorCode::ApiConfigAlreadyAdded);
+        return false;
+    }
+
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
+
+    QByteArray responseBody;
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
+
+    QJsonObject serverConfig;
+    if (errorCode == ErrorCode::NoError) {
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, serverConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }
+
+        QJsonObject apiConfig = serverConfig.value(configKey::apiConfig).toObject();
+        apiConfig.insert(configKey::userCountryCode, m_apiServicesModel->getCountryCode());
+        apiConfig.insert(configKey::serviceType, m_apiServicesModel->getSelectedServiceType());
+        apiConfig.insert(configKey::serviceProtocol, m_apiServicesModel->getSelectedServiceProtocol());
+
+        serverConfig.insert(configKey::apiConfig, apiConfig);
+
+        m_serversModel->addServer(serverConfig);
+        emit installServerFromApiFinished(tr("%1 installed successfully.").arg(m_apiServicesModel->getSelectedServiceName()));
+        return true;
+    } else {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+}
+
+bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
+                                                    bool reloadServiceConfig)
+{
+    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
+
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfig.value(configKey::userCountryCode).toString(),
+                                            newCountryCode,
+                                            apiConfig.value(configKey::serviceType).toString(),
+                                            apiConfig.value(configKey::serviceProtocol).toString(),
+                                            serverConfig.value(configKey::authData).toObject() };
+
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
+
+    QByteArray responseBody;
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
+
+    QJsonObject newServerConfig;
+    if (errorCode == ErrorCode::NoError) {
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, newServerConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }
+
+        QJsonObject newApiConfig = newServerConfig.value(configKey::apiConfig).toObject();
+        newApiConfig.insert(configKey::userCountryCode, apiConfig.value(configKey::userCountryCode));
+        newApiConfig.insert(configKey::serviceType, apiConfig.value(configKey::serviceType));
+        newApiConfig.insert(configKey::serviceProtocol, apiConfig.value(configKey::serviceProtocol));
+        newApiConfig.insert(apiDefs::key::vpnKey, apiConfig.value(apiDefs::key::vpnKey));
+
+        newServerConfig.insert(configKey::apiConfig, newApiConfig);
+        newServerConfig.insert(configKey::authData, gatewayRequestData.authData);
+
+        if (serverConfig.value(config_key::nameOverriddenByUser).toBool()) {
+            newServerConfig.insert(config_key::name, serverConfig.value(config_key::name));
+            newServerConfig.insert(config_key::nameOverriddenByUser, true);
+        }
+        m_serversModel->editServer(newServerConfig, serverIndex);
+        if (reloadServiceConfig) {
+            emit reloadServerFromApiFinished(tr("API config reloaded"));
+        } else if (newCountryName.isEmpty()) {
+            emit updateServerFromApiFinished();
+        } else {
+            emit changeApiCountryFinished(tr("Successfully changed the country of connection to %1").arg(newCountryName));
+        }
+        return true;
+    } else {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+}
+
+bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
+{
+#ifdef Q_OS_IOS
+    IosController::Instance()->requestInetAccess();
+    QThread::msleep(10);
+#endif
+
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
+    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
+    auto installationUuid = m_settings->getInstallationUuid(true);
+
+    QString serviceProtocol = serverConfig.value(configKey::protocol).toString();
+    ProtocolData protocolData = generateProtocolData(serviceProtocol);
+
+    QJsonObject apiPayload;
+    appendProtocolDataToApiPayload(serviceProtocol, protocolData, apiPayload);
+    apiPayload[configKey::uuid] = installationUuid;
+    apiPayload[configKey::osVersion] = QSysInfo::productType();
+    apiPayload[configKey::appVersion] = QString(APP_VERSION);
+    apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString();
+    apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString();
+
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody);
+
+    if (errorCode == ErrorCode::NoError) {
+        errorCode = fillServerConfig(serviceProtocol, protocolData, responseBody, serverConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }
+
+        m_serversModel->editServer(serverConfig, serverIndex);
+        emit updateServerFromApiFinished();
+        return true;
+    } else {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+}
+
+bool ApiConfigsController::deactivateDevice()
+{
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    if (!apiUtils::isPremiumServer(serverConfigObject)) {
+        return true;
+    }
+
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            apiConfigObject.value(configKey::serverCountryCode).toString(),
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            "",
+                                            serverConfigObject.value(configKey::authData).toObject() };
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+
+    QByteArray responseBody;
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+
+    serverConfigObject.remove(config_key::containers);
+    m_serversModel->editServer(serverConfigObject, serverIndex);
+
+    return true;
+}
+
+bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode)
+{
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    if (!apiUtils::isPremiumServer(serverConfigObject)) {
+        return true;
+    }
+
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            uuid,
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            "",
+                                            serverConfigObject.value(configKey::authData).toObject() };
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+
+    QByteArray responseBody;
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+
+    if (uuid == m_settings->getInstallationUuid(true)) {
+        serverConfigObject.remove(config_key::containers);
+        m_serversModel->editServer(serverConfigObject, serverIndex);
+    }
+
+    return true;
+}
+
+bool ApiConfigsController::isConfigValid()
+{
+    int serverIndex = m_serversModel->getDefaultServerIndex();
+    QJsonObject serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto configSource = apiUtils::getConfigSource(serverConfigObject);
+
+    if (configSource == apiDefs::ConfigSource::Telegram
+        && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
+        m_serversModel->removeApiConfig(serverIndex);
+        return updateServiceFromTelegram(serverIndex);
+    } else if (configSource == apiDefs::ConfigSource::AmneziaGateway
+               && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
+        return updateServiceFromGateway(serverIndex, "", "");
+    } else if (configSource && m_serversModel->isApiKeyExpired(serverIndex)) {
+        qDebug() << "attempt to update api config by expires_at event";
+        if (configSource == apiDefs::ConfigSource::AmneziaGateway) {
+            return updateServiceFromGateway(serverIndex, "", "");
+        } else {
+            m_serversModel->removeApiConfig(serverIndex);
+            return updateServiceFromTelegram(serverIndex);
+        }
+    }
+    return true;
+}
+
+void ApiConfigsController::setCurrentProtocol(const QString &protocolName)
+{
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    apiConfigObject[configKey::serviceProtocol] = protocolName;
+
+    serverConfigObject.insert(configKey::apiConfig, apiConfigObject);
+
+    m_serversModel->editServer(serverConfigObject, serverIndex);
+}
+
+bool ApiConfigsController::isVlessProtocol()
+{
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    if (apiConfigObject[configKey::serviceProtocol].toString() == "vless") {
+        return true;
+    }
+    return false;
+}
+
+QList<QString> ApiConfigsController::getQrCodes()
+{
+    return m_qrCodes;
+}
+
+int ApiConfigsController::getQrCodesCount()
+{
+    return m_qrCodes.size();
+}
+
+QString ApiConfigsController::getVpnKey()
+{
+    return m_vpnKey;
+}
+
+ErrorCode ApiConfigsController::executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody)
+{
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    return gatewayController.post(endpoint, apiPayload, responseBody);
+}

client/ui/controllers/api/apiConfigsController.h

@@ -0,0 +1,66 @@
+#ifndef APICONFIGSCONTROLLER_H
+#define APICONFIGSCONTROLLER_H
+
+#include <QObject>
+
+#include "configurators/openvpn_configurator.h"
+#include "ui/models/api/apiServicesModel.h"
+#include "ui/models/servers_model.h"
+
+class ApiConfigsController : public QObject
+{
+    Q_OBJECT
+public:
+    ApiConfigsController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ApiServicesModel> &apiServicesModel,
+                         const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
+
+    Q_PROPERTY(QList<QString> qrCodes READ getQrCodes NOTIFY vpnKeyExportReady)
+    Q_PROPERTY(int qrCodesCount READ getQrCodesCount NOTIFY vpnKeyExportReady)
+    Q_PROPERTY(QString vpnKey READ getVpnKey NOTIFY vpnKeyExportReady)
+
+public slots:
+    bool exportNativeConfig(const QString &serverCountryCode, const QString &fileName);
+    bool revokeNativeConfig(const QString &serverCountryCode);
+    // bool exportVpnKey(const QString &fileName);
+    void prepareVpnKeyExport();
+    void copyVpnKeyToClipboard();
+
+    bool fillAvailableServices();
+    bool importServiceFromGateway();
+    bool updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
+                                  bool reloadServiceConfig = false);
+    bool updateServiceFromTelegram(const int serverIndex);
+    bool deactivateDevice();
+    bool deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode);
+
+    bool isConfigValid();
+
+    void setCurrentProtocol(const QString &protocolName);
+    bool isVlessProtocol();
+
+signals:
+    void errorOccurred(ErrorCode errorCode);
+
+    void installServerFromApiFinished(const QString &message);
+    void changeApiCountryFinished(const QString &message);
+    void reloadServerFromApiFinished(const QString &message);
+    void updateServerFromApiFinished();
+
+    void vpnKeyExportReady();
+
+private:
+    QList<QString> getQrCodes();
+    int getQrCodesCount();
+    QString getVpnKey();
+
+    ErrorCode executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody);
+
+    QList<QString> m_qrCodes;
+    QString m_vpnKey;
+
+    QSharedPointer<ServersModel> m_serversModel;
+    QSharedPointer<ApiServicesModel> m_apiServicesModel;
+    std::shared_ptr<Settings> m_settings;
+};
+
+#endif // APICONFIGSCONTROLLER_H

client/ui/controllers/api/apiPremV1MigrationController.cpp

@@ -0,0 +1,133 @@
+#include "apiPremV1MigrationController.h"
+
+#include <QEventLoop>
+#include <QTimer>
+
+#include "core/api/apiDefs.h"
+#include "core/api/apiUtils.h"
+#include "core/controllers/gatewayController.h"
+
+ApiPremV1MigrationController::ApiPremV1MigrationController(const QSharedPointer<ServersModel> &serversModel,
+                                                           const std::shared_ptr<Settings> &settings, QObject *parent)
+    : QObject(parent), m_serversModel(serversModel), m_settings(settings)
+{
+}
+
+bool ApiPremV1MigrationController::hasConfigsToMigration()
+{
+    QJsonArray vpnKeys;
+
+    auto serversCount = m_serversModel->getServersCount();
+    for (size_t i = 0; i < serversCount; i++) {
+        auto serverConfigObject = m_serversModel->getServerConfig(i);
+
+        if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV1) {
+            continue;
+        }
+
+        QString vpnKey = apiUtils::getPremiumV1VpnKey(serverConfigObject);
+        vpnKeys.append(vpnKey);
+    }
+
+    if (!vpnKeys.isEmpty()) {
+        GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                            m_settings->isStrictKillSwitchEnabled());
+        QJsonObject apiPayload;
+
+        apiPayload["configs"] = vpnKeys;
+        QByteArray responseBody;
+        ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/is-active-subscription"), apiPayload, responseBody);
+
+        auto migrationsStatus = QJsonDocument::fromJson(responseBody).object();
+        for (const auto &migrationStatus : migrationsStatus) {
+            if (migrationStatus == "not_found") {
+                return true;
+            }
+        }
+    }
+
+    return false;
+}
+
+void ApiPremV1MigrationController::getSubscriptionList(const QString &email)
+{
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    QJsonObject apiPayload;
+
+    apiPayload[apiDefs::key::email] = email;
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/subscription-list"), apiPayload, responseBody);
+
+    if (errorCode == ErrorCode::NoError) {
+        m_email = email;
+        m_subscriptionsModel = QJsonDocument::fromJson(responseBody).array();
+        if (m_subscriptionsModel.isEmpty()) {
+            emit noSubscriptionToMigrate();
+            return;
+        }
+
+        emit subscriptionsModelChanged();
+    } else {
+        emit errorOccurred(ErrorCode::ApiMigrationError);
+    }
+}
+
+QJsonArray ApiPremV1MigrationController::getSubscriptionModel()
+{
+    return m_subscriptionsModel;
+}
+
+void ApiPremV1MigrationController::sendMigrationCode(const int subscriptionIndex)
+{
+    QEventLoop wait;
+    QTimer::singleShot(1000, &wait, &QEventLoop::quit);
+    wait.exec();
+
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    QJsonObject apiPayload;
+
+    apiPayload[apiDefs::key::email] = m_email;
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/migration-code"), apiPayload, responseBody);
+
+    if (errorCode == ErrorCode::NoError) {
+        m_subscriptionIndex = subscriptionIndex;
+        emit otpSuccessfullySent();
+    } else {
+        emit errorOccurred(ErrorCode::ApiMigrationError);
+    }
+}
+
+void ApiPremV1MigrationController::migrate(const QString &migrationCode)
+{
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    QJsonObject apiPayload;
+
+    apiPayload[apiDefs::key::email] = m_email;
+    apiPayload[apiDefs::key::orderId] = m_subscriptionsModel.at(m_subscriptionIndex).toObject().value(apiDefs::key::id).toString();
+    apiPayload[apiDefs::key::migrationCode] = migrationCode;
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/migrate"), apiPayload, responseBody);
+
+    if (errorCode == ErrorCode::NoError) {
+        auto responseObject = QJsonDocument::fromJson(responseBody).object();
+        QString premiumV2VpnKey = responseObject.value(apiDefs::key::config).toString();
+
+        emit importPremiumV2VpnKey(premiumV2VpnKey);
+    } else {
+        emit errorOccurred(ErrorCode::ApiMigrationError);
+    }
+}
+
+bool ApiPremV1MigrationController::isPremV1MigrationReminderActive()
+{
+    return m_settings->isPremV1MigrationReminderActive();
+}
+
+void ApiPremV1MigrationController::disablePremV1MigrationReminder()
+{
+    m_settings->disablePremV1MigrationReminder();
+}

client/ui/controllers/api/apiPremV1MigrationController.h

@@ -0,0 +1,50 @@
+#ifndef APIPREMV1MIGRATIONCONTROLLER_H
+#define APIPREMV1MIGRATIONCONTROLLER_H
+
+#include <QObject>
+
+#include "ui/models/servers_model.h"
+
+class ApiPremV1MigrationController : public QObject
+{
+    Q_OBJECT
+public:
+    ApiPremV1MigrationController(const QSharedPointer<ServersModel> &serversModel, const std::shared_ptr<Settings> &settings,
+                                 QObject *parent = nullptr);
+
+    Q_PROPERTY(QJsonArray subscriptionsModel READ getSubscriptionModel NOTIFY subscriptionsModelChanged)
+
+public slots:
+    bool hasConfigsToMigration();
+    void getSubscriptionList(const QString &email);
+    QJsonArray getSubscriptionModel();
+    void sendMigrationCode(const int subscriptionIndex);
+    void migrate(const QString &migrationCode);
+
+    bool isPremV1MigrationReminderActive();
+    void disablePremV1MigrationReminder();
+
+signals:
+    void subscriptionsModelChanged();
+
+    void otpSuccessfullySent();
+
+    void importPremiumV2VpnKey(const QString &vpnKey);
+
+    void errorOccurred(ErrorCode errorCode);
+
+    void showMigrationDrawer();
+    void migrationFinished();
+
+    void noSubscriptionToMigrate();
+
+private:
+    QSharedPointer<ServersModel> m_serversModel;
+    std::shared_ptr<Settings> m_settings;
+
+    QJsonArray m_subscriptionsModel;
+    int m_subscriptionIndex;
+    QString m_email;
+};
+
+#endif // APIPREMV1MIGRATIONCONTROLLER_H

client/ui/controllers/api/apiSettingsController.cpp

@@ -0,0 +1,94 @@
+#include "apiSettingsController.h"
+
+#include <QEventLoop>
+#include <QTimer>
+
+#include "core/api/apiUtils.h"
+#include "core/controllers/gatewayController.h"
+#include "version.h"
+
+namespace
+{
+    namespace configKey
+    {
+        constexpr char userCountryCode[] = "user_country_code";
+        constexpr char serverCountryCode[] = "server_country_code";
+        constexpr char serviceType[] = "service_type";
+        constexpr char serviceInfo[] = "service_info";
+
+        constexpr char apiConfig[] = "api_config";
+        constexpr char authData[] = "auth_data";
+    }
+
+    const int requestTimeoutMsecs = 12 * 1000; // 12 secs
+}
+
+ApiSettingsController::ApiSettingsController(const QSharedPointer<ServersModel> &serversModel,
+                                             const QSharedPointer<ApiAccountInfoModel> &apiAccountInfoModel,
+                                             const QSharedPointer<ApiCountryModel> &apiCountryModel,
+                                             const QSharedPointer<ApiDevicesModel> &apiDevicesModel,
+                                             const std::shared_ptr<Settings> &settings, QObject *parent)
+    : QObject(parent),
+      m_serversModel(serversModel),
+      m_apiAccountInfoModel(apiAccountInfoModel),
+      m_apiCountryModel(apiCountryModel),
+      m_apiDevicesModel(apiDevicesModel),
+      m_settings(settings)
+{
+}
+
+ApiSettingsController::~ApiSettingsController()
+{
+}
+
+bool ApiSettingsController::getAccountInfo(bool reload)
+{
+    if (reload) {
+        QEventLoop wait;
+        QTimer::singleShot(1000, &wait, &QEventLoop::quit);
+        wait.exec();
+    }
+
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
+    auto processedIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfig = m_serversModel->getServerConfig(processedIndex);
+    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
+    auto authData = serverConfig.value(configKey::authData).toObject();
+
+    QJsonObject apiPayload;
+    apiPayload[configKey::userCountryCode] = apiConfig.value(configKey::userCountryCode).toString();
+    apiPayload[configKey::serviceType] = apiConfig.value(configKey::serviceType).toString();
+    apiPayload[configKey::authData] = authData;
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+
+    QByteArray responseBody;
+
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/account_info"), apiPayload, responseBody);
+    if (errorCode != ErrorCode::NoError) {
+        emit errorOccurred(errorCode);
+        return false;
+    }
+
+    QJsonObject accountInfo = QJsonDocument::fromJson(responseBody).object();
+    m_apiAccountInfoModel->updateModel(accountInfo, serverConfig);
+
+    if (reload) {
+        updateApiCountryModel();
+        updateApiDevicesModel();
+    }
+
+    return true;
+}
+
+void ApiSettingsController::updateApiCountryModel()
+{
+    m_apiCountryModel->updateModel(m_apiAccountInfoModel->getAvailableCountries(), "");
+    m_apiCountryModel->updateIssuedConfigsInfo(m_apiAccountInfoModel->getIssuedConfigsInfo());
+}
+
+void ApiSettingsController::updateApiDevicesModel()
+{
+    m_apiDevicesModel->updateModel(m_apiAccountInfoModel->getIssuedConfigsInfo());
+}

client/ui/controllers/api/apiSettingsController.h

@@ -0,0 +1,37 @@
+#ifndef APISETTINGSCONTROLLER_H
+#define APISETTINGSCONTROLLER_H
+
+#include <QObject>
+
+#include "ui/models/api/apiAccountInfoModel.h"
+#include "ui/models/api/apiCountryModel.h"
+#include "ui/models/api/apiDevicesModel.h"
+#include "ui/models/servers_model.h"
+
+class ApiSettingsController : public QObject
+{
+    Q_OBJECT
+public:
+    ApiSettingsController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ApiAccountInfoModel> &apiAccountInfoModel,
+                          const QSharedPointer<ApiCountryModel> &apiCountryModel, const QSharedPointer<ApiDevicesModel> &apiDevicesModel,
+                          const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
+    ~ApiSettingsController();
+
+public slots:
+    bool getAccountInfo(bool reload);
+    void updateApiCountryModel();
+    void updateApiDevicesModel();
+
+signals:
+    void errorOccurred(ErrorCode errorCode);
+
+private:
+    QSharedPointer<ServersModel> m_serversModel;
+    QSharedPointer<ApiAccountInfoModel> m_apiAccountInfoModel;
+    QSharedPointer<ApiCountryModel> m_apiCountryModel;
+    QSharedPointer<ApiDevicesModel> m_apiDevicesModel;
+
+    std::shared_ptr<Settings> m_settings;
+};
+
+#endif // APISETTINGSCONTROLLER_H

client/ui/controllers/connectionController.cpp

@@ -5,10 +5,8 @@
 #else
     #include <QApplication>
 #endif
-#include <QtConcurrent>
 
 #include "core/controllers/vpnConfigurationController.h"
-#include "core/enums/apiEnums.h"
 #include "version.h"
 
 ConnectionController::ConnectionController(const QSharedPointer<ServersModel> &serversModel,
@@ -27,7 +25,7 @@ ConnectionController::ConnectionController(const QSharedPointer<ServersModel> &s
     connect(this, &ConnectionController::connectToVpn, m_vpnConnection.get(), &VpnConnection::connectToVpn, Qt::QueuedConnection);
     connect(this, &ConnectionController::disconnectFromVpn, m_vpnConnection.get(), &VpnConnection::disconnectFromVpn, Qt::QueuedConnection);
 
-    connect(this, &ConnectionController::configFromApiUpdated, this, &ConnectionController::continueConnection);
+    connect(this, &ConnectionController::connectButtonClicked, this, &ConnectionController::toggleConnection, Qt::QueuedConnection);
 
     m_state = Vpn::ConnectionState::Disconnected;
 }
@@ -35,8 +33,7 @@ ConnectionController::ConnectionController(const QSharedPointer<ServersModel> &s
 void ConnectionController::openConnection()
 {
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
-    if (!Utils::processIsRunning(Utils::executable(SERVICE_NAME, false), true))
+    if (!Utils::processIsRunning(Utils::executable(SERVICE_NAME, false), true)) {
-    {
         emit connectionErrorOccurred(ErrorCode::AmneziaServiceNotRunning);
         return;
     }
@@ -44,26 +41,24 @@ void ConnectionController::openConnection()
 
     int serverIndex = m_serversModel->getDefaultServerIndex();
     QJsonObject serverConfig = m_serversModel->getServerConfig(serverIndex);
-    auto configVersion = serverConfig.value(config_key::configVersion).toInt();
 
-    emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Preparing);
+    DockerContainer container = qvariant_cast<DockerContainer>(m_serversModel->data(serverIndex, ServersModel::Roles::DefaultContainerRole));
 
-    if (configVersion == ApiConfigSources::Telegram
+    if (!m_containersModel->isSupportedByCurrentPlatform(container)) {
-        && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
+        emit connectionErrorOccurred(ErrorCode::NotSupportedOnThisPlatform);
-        emit updateApiConfigFromTelegram();
+        return;
-        } else if (configVersion == ApiConfigSources::AmneziaGateway
-        && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
-        emit updateApiConfigFromGateway();
-    } else if (configVersion && m_serversModel->isApiKeyExpired(serverIndex)) {
-        qDebug() << "attempt to update api config by expires_at event";
-        if (configVersion == ApiConfigSources::Telegram) {
-            emit updateApiConfigFromTelegram();
-        } else {
-            emit updateApiConfigFromGateway();
-        }
-    } else {
-        continueConnection();
     }
+
+    QSharedPointer<ServerController> serverController(new ServerController(m_settings));
+    VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
+
+    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
+    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
+
+    auto dns = m_serversModel->getDnsPair(serverIndex);
+
+    auto vpnConfiguration = vpnConfigurationController.createVpnConfiguration(dns, serverConfig, containerConfig, container);
+    emit connectToVpn(serverIndex, credentials, container, vpnConfiguration);
 }
 
 void ConnectionController::closeConnection()
@@ -167,7 +162,7 @@ void ConnectionController::toggleConnection()
     } else if (isConnected()) {
         closeConnection();
     } else {
-        openConnection();
+        emit prepareConfig();
     }
 }
 
@@ -180,98 +175,3 @@ bool ConnectionController::isConnected() const
 {
     return m_isConnected;
 }
-
-bool ConnectionController::isProtocolConfigExists(const QJsonObject &containerConfig, const DockerContainer container)
-{
-    for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
-        QString protocolConfig =
-                containerConfig.value(ProtocolProps::protoToString(protocol)).toObject().value(config_key::last_config).toString();
-
-        if (protocolConfig.isEmpty()) {
-            return false;
-        }
-    }
-    return true;
-}
-
-void ConnectionController::continueConnection()
-{
-    int serverIndex = m_serversModel->getDefaultServerIndex();
-    QJsonObject serverConfig = m_serversModel->getServerConfig(serverIndex);
-    auto configVersion = serverConfig.value(config_key::configVersion).toInt();
-
-    if (!m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
-        emit noInstalledContainers();
-        emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
-        return;
-    }
-
-    DockerContainer container = qvariant_cast<DockerContainer>(m_serversModel->data(serverIndex, ServersModel::Roles::DefaultContainerRole));
-
-    if (!m_containersModel->isSupportedByCurrentPlatform(container)) {
-        emit connectionErrorOccurred(tr("The selected protocol is not supported on the current platform"));
-        return;
-    }
-
-    if (container == DockerContainer::None) {
-        emit connectionErrorOccurred(tr("VPN Protocols is not installed.\n Please install VPN container at first"));
-        return;
-    }
-
-    QSharedPointer<ServerController> serverController(new ServerController(m_settings));
-    VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
-
-    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
-    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-    ErrorCode errorCode = updateProtocolConfig(container, credentials, containerConfig, serverController);
-    if (errorCode != ErrorCode::NoError) {
-        emit connectionErrorOccurred(errorCode);
-        return;
-    }
-
-    auto dns = m_serversModel->getDnsPair(serverIndex);
-
-    auto vpnConfiguration = vpnConfigurationController.createVpnConfiguration(dns, serverConfig, containerConfig, container, errorCode);
-    if (errorCode != ErrorCode::NoError) {
-        emit connectionErrorOccurred(tr("unable to create configuration"));
-        return;
-    }
-
-    emit connectToVpn(serverIndex, credentials, container, vpnConfiguration);
-}
-
-ErrorCode ConnectionController::updateProtocolConfig(const DockerContainer container, const ServerCredentials &credentials,
-                                                     QJsonObject &containerConfig, QSharedPointer<ServerController> serverController)
-{
-    QFutureWatcher<ErrorCode> watcher;
-
-    if (serverController.isNull()) {
-        serverController.reset(new ServerController(m_settings));
-    }
-
-    QFuture<ErrorCode> future = QtConcurrent::run([this, container, &credentials, &containerConfig, &serverController]() {
-        ErrorCode errorCode = ErrorCode::NoError;
-        if (!isProtocolConfigExists(containerConfig, container)) {
-            VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
-            errorCode = vpnConfigurationController.createProtocolConfigForContainer(credentials, container, containerConfig);
-            if (errorCode != ErrorCode::NoError) {
-                return errorCode;
-            }
-            m_serversModel->updateContainerConfig(container, containerConfig);
-
-            errorCode = m_clientManagementModel->appendClient(container, credentials, containerConfig,
-                                                              QString("Admin [%1]").arg(QSysInfo::prettyProductName()), serverController);
-            if (errorCode != ErrorCode::NoError) {
-                return errorCode;
-            }
-        }
-        return errorCode;
-    });
-
-    QEventLoop wait;
-    connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
-    watcher.setFuture(future);
-    wait.exec();
-
-    return watcher.result();
-}

client/ui/controllers/connectionController.h

@@ -40,30 +40,20 @@ public slots:
 
     void onTranslationsUpdated();
 
-    ErrorCode updateProtocolConfig(const DockerContainer container, const ServerCredentials &credentials, QJsonObject &containerConfig,
-                                   QSharedPointer<ServerController> serverController = nullptr);
-
 signals:
     void connectToVpn(int serverIndex, const ServerCredentials &credentials, DockerContainer container, const QJsonObject &vpnConfiguration);
     void disconnectFromVpn();
     void connectionStateChanged();
 
-    void connectionErrorOccurred(const QString &errorMessage);
     void connectionErrorOccurred(ErrorCode errorCode);
     void reconnectWithUpdatedContainer(const QString &message);
 
-    void noInstalledContainers();
-
     void connectButtonClicked();
     void preparingConfig();
-
+    void prepareConfig();
-    void updateApiConfigFromGateway();
-    void updateApiConfigFromTelegram();
-    void configFromApiUpdated();
 
 private:
     Vpn::ConnectionState getCurrentConnectionState();
-    bool isProtocolConfigExists(const QJsonObject &containerConfig, const DockerContainer container);
 
     void continueConnection();
 

client/ui/controllers/exportController.cpp

@@ -9,8 +9,8 @@
 #include <QStandardPaths>
 
 #include "core/controllers/vpnConfigurationController.h"
+#include "core/qrCodeUtils.h"
 #include "systemController.h"
-#include "qrcodegen.hpp"
 
 ExportController::ExportController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
                                    const QSharedPointer<ClientManagementModel> &clientManagementModel,
@@ -50,7 +50,7 @@ void ExportController::generateFullAccessConfig()
     compressedConfig = qCompress(compressedConfig, 8);
     m_config = QString("vpn://%1").arg(QString(compressedConfig.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals)));
 
-    m_qrCodes = generateQrCodeImageSeries(compressedConfig);
+    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(compressedConfig);
     emit exportConfigChanged();
 }
 
@@ -92,7 +92,7 @@ void ExportController::generateConnectionConfig(const QString &clientName)
     compressedConfig = qCompress(compressedConfig, 8);
     m_config = QString("vpn://%1").arg(QString(compressedConfig.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals)));
 
-    m_qrCodes = generateQrCodeImageSeries(compressedConfig);
+    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(compressedConfig);
     emit exportConfigChanged();
 }
 
@@ -145,11 +145,11 @@ void ExportController::generateOpenVpnConfig(const QString &clientName)
     }
 
     QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
         m_config.append(line + "\n");
     }
 
-    m_qrCodes = generateQrCodeImageSeries(m_config.toUtf8());
+    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(m_config.toUtf8());
     emit exportConfigChanged();
 }
 
@@ -163,12 +163,12 @@ void ExportController::generateWireGuardConfig(const QString &clientName)
     }
 
     QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
         m_config.append(line + "\n");
     }
 
-    qrcodegen::QrCode qr = qrcodegen::QrCode::encodeText(m_config.toUtf8(), qrcodegen::QrCode::Ecc::LOW);
+    auto qr = qrCodeUtils::generateQrCode(m_config.toUtf8());
-    m_qrCodes << svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
+    m_qrCodes << qrCodeUtils::svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
 
     emit exportConfigChanged();
 }
@@ -183,12 +183,12 @@ void ExportController::generateAwgConfig(const QString &clientName)
     }
 
     QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
         m_config.append(line + "\n");
     }
 
-    qrcodegen::QrCode qr = qrcodegen::QrCode::encodeText(m_config.toUtf8(), qrcodegen::QrCode::Ecc::LOW);
+    auto qr = qrCodeUtils::generateQrCode(m_config.toUtf8());
-    m_qrCodes << svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
+    m_qrCodes << qrCodeUtils::svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
 
     emit exportConfigChanged();
 }
@@ -211,7 +211,7 @@ void ExportController::generateShadowSocksConfig()
     }
 
     QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
         m_config.append(line + "\n");
     }
 
@@ -221,8 +221,8 @@ void ExportController::generateShadowSocksConfig()
 
     m_nativeConfigString = "ss://" + m_nativeConfigString.toUtf8().toBase64();
 
-    qrcodegen::QrCode qr = qrcodegen::QrCode::encodeText(m_nativeConfigString.toUtf8(), qrcodegen::QrCode::Ecc::LOW);
+    auto qr = qrCodeUtils::generateQrCode(m_nativeConfigString.toUtf8());
-    m_qrCodes << svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
+    m_qrCodes << qrCodeUtils::svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
 
     emit exportConfigChanged();
 }
@@ -240,7 +240,7 @@ void ExportController::generateCloakConfig()
     nativeConfig.insert("ProxyMethod", "shadowsocks");
 
     QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
         m_config.append(line + "\n");
     }
 
@@ -257,7 +257,7 @@ void ExportController::generateXrayConfig(const QString &clientName)
     }
 
     QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
         m_config.append(line + "\n");
     }
 
@@ -312,32 +312,6 @@ void ExportController::renameClient(const int row, const QString &clientName, co
     }
 }
 
-QList<QString> ExportController::generateQrCodeImageSeries(const QByteArray &data)
-{
-    double k = 850;
-
-    quint8 chunksCount = std::ceil(data.size() / k);
-    QList<QString> chunks;
-    for (int i = 0; i < data.size(); i = i + k) {
-        QByteArray chunk;
-        QDataStream s(&chunk, QIODevice::WriteOnly);
-        s << amnezia::qrMagicCode << chunksCount << (quint8)std::round(i / k) << data.mid(i, k);
-
-        QByteArray ba = chunk.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
-
-        qrcodegen::QrCode qr = qrcodegen::QrCode::encodeText(ba, qrcodegen::QrCode::Ecc::LOW);
-        QString svg = QString::fromStdString(toSvgString(qr, 1));
-        chunks.append(svgToBase64(svg));
-    }
-
-    return chunks;
-}
-
-QString ExportController::svgToBase64(const QString &image)
-{
-    return "data:image/svg;base64," + QString::fromLatin1(image.toUtf8().toBase64().data());
-}
-
 int ExportController::getQrCodesCount()
 {
     return m_qrCodes.size();

client/ui/controllers/exportController.h

@@ -50,9 +50,6 @@ signals:
     void saveFile(const QString &fileName, const QString &data);
 
 private:
-    QList<QString> generateQrCodeImageSeries(const QByteArray &data);
-    QString svgToBase64(const QString &image);
-
     int getQrCodesCount();
 
     void clearPreviousConfig();

client/ui/controllers/importController.cpp

@@ -7,8 +7,12 @@
 #include <QStandardPaths>
 #include <QUrlQuery>
 
+#include "core/api/apiDefs.h"
+#include "core/api/apiUtils.h"
 #include "core/errorstrings.h"
+#include "core/qrCodeUtils.h"
 #include "core/serialization/serialization.h"
+#include "protocols/protocols_defs.h"
 #include "systemController.h"
 #include "utilities.h"
 
@@ -24,8 +28,6 @@ namespace
     ConfigTypes checkConfigFormat(const QString &config)
     {
         const QString openVpnConfigPatternCli = "client";
-        const QString openVpnConfigPatternProto1 = "proto tcp";
-        const QString openVpnConfigPatternProto2 = "proto udp";
         const QString openVpnConfigPatternDriver1 = "dev tun";
         const QString openVpnConfigPatternDriver2 = "dev tap";
 
@@ -45,18 +47,18 @@ namespace
 
         if (config.contains(backupPattern)) {
             return ConfigTypes::Backup;
-        } else if (config.contains(amneziaConfigPattern) || config.contains(amneziaFreeConfigPattern) || config.contains(amneziaPremiumConfigPattern)
+        } else if (config.contains(amneziaConfigPattern) || config.contains(amneziaFreeConfigPattern)
+                   || config.contains(amneziaPremiumConfigPattern)
                    || (config.contains(amneziaConfigPatternHostName) && config.contains(amneziaConfigPatternUserName)
                        && config.contains(amneziaConfigPatternPassword))) {
             return ConfigTypes::Amnezia;
-        } else if (config.contains(openVpnConfigPatternCli)
-                   && (config.contains(openVpnConfigPatternProto1) || config.contains(openVpnConfigPatternProto2))
-                   && (config.contains(openVpnConfigPatternDriver1) || config.contains(openVpnConfigPatternDriver2))) {
-            return ConfigTypes::OpenVpn;
         } else if (config.contains(wireguardConfigPatternSectionInterface) && config.contains(wireguardConfigPatternSectionPeer)) {
             return ConfigTypes::WireGuard;
         } else if ((config.contains(xrayConfigPatternInbound)) && (config.contains(xrayConfigPatternOutbound))) {
             return ConfigTypes::Xray;
+        } else if (config.contains(openVpnConfigPatternCli)
+                   && (config.contains(openVpnConfigPatternDriver1) || config.contains(openVpnConfigPatternDriver2))) {
+            return ConfigTypes::OpenVpn;
         }
         return ConfigTypes::Invalid;
     }
@@ -93,6 +95,8 @@ bool ImportController::extractConfigFromFile(const QString &fileName)
 
 bool ImportController::extractConfigFromData(QString data)
 {
+    m_maliciousWarningText.clear();
+
     QString config = data;
     QString prefix;
     QString errormsg;
@@ -149,11 +153,11 @@ bool ImportController::extractConfigFromData(QString data)
 
     m_configType = checkConfigFormat(config);
     if (m_configType == ConfigTypes::Invalid) {
-        data.replace("vpn://", "");
+        config.replace("vpn://", "");
-        QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+        QByteArray ba = QByteArray::fromBase64(config.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
-        QByteArray ba_uncompressed = qUncompress(ba);
+        QByteArray baUncompressed = qUncompress(ba);
-        if (!ba_uncompressed.isEmpty()) {
+        if (!baUncompressed.isEmpty()) {
-            ba = ba_uncompressed;
+            ba = baUncompressed;
         }
 
         config = ba;
@@ -180,6 +184,13 @@ bool ImportController::extractConfigFromData(QString data)
     }
     case ConfigTypes::Amnezia: {
         m_config = QJsonDocument::fromJson(config.toUtf8()).object();
+
+        if (apiUtils::isServerFromApi(m_config)) {
+            auto apiConfig = m_config.value(apiDefs::key::apiConfig).toObject();
+            apiConfig[apiDefs::key::vpnKey] = data;
+            m_config[apiDefs::key::apiConfig] = apiConfig;
+        }
+
         processAmneziaConfig(m_config);
         if (!m_config.empty()) {
             checkForMaliciousStrings(m_config);
@@ -217,6 +228,21 @@ bool ImportController::extractConfigFromQr(const QByteArray &data)
         return true;
     }
 
+    m_configType = checkConfigFormat(data);
+    if (m_configType == ConfigTypes::Invalid) {
+        QByteArray ba = QByteArray::fromBase64(data, QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+        QByteArray baUncompressed = qUncompress(ba);
+
+        if (!baUncompressed.isEmpty()) {
+            ba = baUncompressed;
+        }
+
+        if (!ba.isEmpty()) {
+            m_config = QJsonDocument::fromJson(ba).object();
+            return true;
+        }
+    }
+
     return false;
 }
 
@@ -261,6 +287,19 @@ void ImportController::processNativeWireGuardConfig()
         clientProtocolConfig[config_key::underloadPacketMagicHeader] = "3";
         clientProtocolConfig[config_key::transportPacketMagicHeader] = "4";
 
+        // clientProtocolConfig[config_key::cookieReplyPacketJunkSize] = "0";
+        // clientProtocolConfig[config_key::transportPacketJunkSize] = "0";
+
+        // clientProtocolConfig[config_key::specialJunk1] = "";
+        // clientProtocolConfig[config_key::specialJunk2] = "";
+        // clientProtocolConfig[config_key::specialJunk3] = "";
+        // clientProtocolConfig[config_key::specialJunk4] = "";
+        // clientProtocolConfig[config_key::specialJunk5] = "";
+        // clientProtocolConfig[config_key::controlledJunk1] = "";
+        // clientProtocolConfig[config_key::controlledJunk2] = "";
+        // clientProtocolConfig[config_key::controlledJunk3] = "";
+        // clientProtocolConfig[config_key::specialHandshakeTimeout] = "0";
+
         clientProtocolConfig[config_key::isObfuscationEnabled] = true;
 
         serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(clientProtocolConfig).toJson());
@@ -319,7 +358,7 @@ QJsonObject ImportController::extractOpenVpnConfig(const QString &data)
     arr.push_back(containers);
 
     QString hostName;
-    const static QRegularExpression hostNameRegExp("remote (.*) [0-9]*");
+    const static QRegularExpression hostNameRegExp("remote\\s+([^\\s]+)");
     QRegularExpressionMatch hostNameMatch = hostNameRegExp.match(data);
     if (hostNameMatch.hasMatch()) {
         hostName = hostNameMatch.captured(1);
@@ -413,21 +452,33 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
     lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;
 
     QString protocolName = "wireguard";
-    if (!configMap.value(config_key::junkPacketCount).isEmpty() && !configMap.value(config_key::junkPacketMinSize).isEmpty()
+
-        && !configMap.value(config_key::junkPacketMaxSize).isEmpty() && !configMap.value(config_key::initPacketJunkSize).isEmpty()
+    const QStringList requiredJunkFields = { config_key::junkPacketCount,           config_key::junkPacketMinSize,
-        && !configMap.value(config_key::responsePacketJunkSize).isEmpty() && !configMap.value(config_key::initPacketMagicHeader).isEmpty()
+                                             config_key::junkPacketMaxSize,         config_key::initPacketJunkSize,
-        && !configMap.value(config_key::responsePacketMagicHeader).isEmpty()
+                                             config_key::responsePacketJunkSize,    config_key::initPacketMagicHeader,
-        && !configMap.value(config_key::underloadPacketMagicHeader).isEmpty()
+                                             config_key::responsePacketMagicHeader, config_key::underloadPacketMagicHeader,
-        && !configMap.value(config_key::transportPacketMagicHeader).isEmpty()) {
+                                             config_key::transportPacketMagicHeader };
-        lastConfig[config_key::junkPacketCount] = configMap.value(config_key::junkPacketCount);
+
-        lastConfig[config_key::junkPacketMinSize] = configMap.value(config_key::junkPacketMinSize);
+    const QStringList optionalJunkFields = { // config_key::cookieReplyPacketJunkSize,
-        lastConfig[config_key::junkPacketMaxSize] = configMap.value(config_key::junkPacketMaxSize);
+                                             // config_key::transportPacketJunkSize,
-        lastConfig[config_key::initPacketJunkSize] = configMap.value(config_key::initPacketJunkSize);
+                                             config_key::specialJunk1,    config_key::specialJunk2,    config_key::specialJunk3,
-        lastConfig[config_key::responsePacketJunkSize] = configMap.value(config_key::responsePacketJunkSize);
+                                             config_key::specialJunk4,    config_key::specialJunk5,    config_key::controlledJunk1,
-        lastConfig[config_key::initPacketMagicHeader] = configMap.value(config_key::initPacketMagicHeader);
+                                             config_key::controlledJunk2, config_key::controlledJunk3, config_key::specialHandshakeTimeout
-        lastConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
+    };
-        lastConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
+
-        lastConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+    bool hasAllRequiredFields = std::all_of(requiredJunkFields.begin(), requiredJunkFields.end(),
+                                            [&configMap](const QString &field) { return !configMap.value(field).isEmpty(); });
+    if (hasAllRequiredFields) {
+        for (const QString &field : requiredJunkFields) {
+            lastConfig[field] = configMap.value(field);
+        }
+
+        for (const QString &field : optionalJunkFields) {
+            if (!configMap.value(field).isEmpty()) {
+                lastConfig[field] = configMap.value(field);
+            }
+        }
+
         protocolName = "awg";
         m_configType = ConfigTypes::Awg;
     }
@@ -569,7 +620,7 @@ bool ImportController::parseQrCodeChunk(const QString &code)
     qint16 magic;
     s >> magic;
 
-    if (magic == amnezia::qrMagicCode) {
+    if (magic == qrCodeUtils::qrMagicCode) {
         quint8 chunksCount;
         s >> chunksCount;
         if (m_totalQrCodeChunksCount != chunksCount) {
@@ -635,29 +686,33 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
         if ((containerName == ContainerProps::containerToString(DockerContainer::OpenVpn))
             || (containerName == ContainerProps::containerToString(DockerContainer::Cloak))
             || (containerName == ContainerProps::containerToString(DockerContainer::ShadowSocks))) {
+
             QString protocolConfig =
                     containerConfig[ProtocolProps::protoToString(Proto::OpenVpn)].toObject()[config_key::last_config].toString();
             QString protocolConfigJson = QJsonDocument::fromJson(protocolConfig.toUtf8()).object()[config_key::config].toString();
 
-            const QRegularExpression regExp { "(\\w+-\\w+|\\w+)" };
-            const size_t dangerousTagsMaxCount = 3;
-
             // https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/script-options.rst
             QStringList dangerousTags {
                 "up", "tls-verify", "ipchange", "client-connect", "route-up", "route-pre-down", "client-disconnect", "down", "learn-address", "auth-user-pass-verify"
             };
 
             QStringList maliciousStrings;
-            QStringList lines = protocolConfigJson.replace("\r", "").split("\n");
+            QStringList lines = protocolConfigJson.split('\n', Qt::SkipEmptyParts);
-            for (const QString &l : lines) {
+
-                QRegularExpressionMatch match = regExp.match(l);
+            for (const QString &rawLine : lines) {
-                if (dangerousTags.contains(match.captured(0))) {
+                QString line = rawLine.trimmed();
-                    maliciousStrings << l;
+
+                QString command = line.section(' ', 0, 0, QString::SectionSkipEmpty);
+                if (dangerousTags.contains(command, Qt::CaseInsensitive)) {
+                    maliciousStrings << rawLine;
                 }
             }
 
-            if (maliciousStrings.size() >= dangerousTagsMaxCount) {
+            m_maliciousWarningText = tr("This configuration contains an OpenVPN setup. OpenVPN configurations can include malicious "
-                m_maliciousWarningText = tr("In the imported configuration, potentially dangerous lines were found:");
+                                        "scripts, so only add it if you fully trust the provider of this config. ");
+
+            if (!maliciousStrings.isEmpty()) {
+                m_maliciousWarningText.push_back(tr("<br>In the imported configuration, potentially dangerous lines were found:"));
                 for (const auto &string : maliciousStrings) {
                     m_maliciousWarningText.push_back(QString("<br><i>%1</i>").arg(string));
                 }
@@ -680,7 +735,8 @@ void ImportController::processAmneziaConfig(QJsonObject &config)
             }
 
             QJsonObject jsonConfig = QJsonDocument::fromJson(protocolConfig.toUtf8()).object();
-            jsonConfig[config_key::mtu] = dockerContainer == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
+            jsonConfig[config_key::mtu] =
+                    dockerContainer == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
 
             containerConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
 

client/ui/controllers/installController.cpp

@@ -6,8 +6,9 @@
 #include <QJsonObject>
 #include <QRandomGenerator>
 #include <QStandardPaths>
+#include <QtConcurrent>
 
-#include "core/controllers/apiController.h"
+#include "core/api/apiUtils.h"
 #include "core/controllers/serverController.h"
 #include "core/controllers/vpnConfigurationController.h"
 #include "core/networkUtilities.h"
@@ -39,14 +40,12 @@ namespace
 InstallController::InstallController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
                                      const QSharedPointer<ProtocolsModel> &protocolsModel,
                                      const QSharedPointer<ClientManagementModel> &clientManagementModel,
-                                     const QSharedPointer<ApiServicesModel> &apiServicesModel, const std::shared_ptr<Settings> &settings,
+                                     const std::shared_ptr<Settings> &settings, QObject *parent)
-                                     QObject *parent)
     : QObject(parent),
       m_serversModel(serversModel),
       m_containersModel(containersModel),
       m_protocolModel(protocolsModel),
       m_clientManagementModel(clientManagementModel),
-      m_apiServicesModel(apiServicesModel),
       m_settings(settings)
 {
 }
@@ -80,12 +79,36 @@ void InstallController::install(DockerContainer container, int port, TransportPr
 
                 int s1 = QRandomGenerator::global()->bounded(15, 150);
                 int s2 = QRandomGenerator::global()->bounded(15, 150);
-                while (s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
+                // int s3 = QRandomGenerator::global()->bounded(15, 150);
+                // int s4 = QRandomGenerator::global()->bounded(15, 150);
+
+                // Ensure all values are unique and don't create equal packet sizes
+                QSet<int> usedValues;
+                usedValues.insert(s1);
+
+                while (usedValues.contains(s2) || s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
                     s2 = QRandomGenerator::global()->bounded(15, 150);
                 }
+                usedValues.insert(s2);
+
+                // while (usedValues.contains(s3)
+                //        || s1 + AwgConstant::messageInitiationSize == s3 + AwgConstant::messageCookieReplySize
+                //        || s2 + AwgConstant::messageResponseSize == s3 + AwgConstant::messageCookieReplySize) {
+                //     s3 = QRandomGenerator::global()->bounded(15, 150);
+                // }
+                // usedValues.insert(s3);
+
+                // while (usedValues.contains(s4)
+                //        || s1 + AwgConstant::messageInitiationSize == s4 + AwgConstant::messageTransportSize
+                //        || s2 + AwgConstant::messageResponseSize == s4 + AwgConstant::messageTransportSize
+                //        || s3 + AwgConstant::messageCookieReplySize == s4 + AwgConstant::messageTransportSize) {
+                //     s4 = QRandomGenerator::global()->bounded(15, 150);
+                // }
 
                 QString initPacketJunkSize = QString::number(s1);
                 QString responsePacketJunkSize = QString::number(s2);
+                // QString cookieReplyPacketJunkSize = QString::number(s3);
+                // QString transportPacketJunkSize = QString::number(s4);
 
                 QSet<QString> headersValue;
                 while (headersValue.size() != 4) {
@@ -109,6 +132,21 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                 containerConfig[config_key::responsePacketMagicHeader] = responsePacketMagicHeader;
                 containerConfig[config_key::underloadPacketMagicHeader] = underloadPacketMagicHeader;
                 containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
+
+                // TODO:
+                // containerConfig[config_key::cookieReplyPacketJunkSize] = cookieReplyPacketJunkSize;
+                // containerConfig[config_key::transportPacketJunkSize] = transportPacketJunkSize;
+
+                // containerConfig[config_key::specialJunk1] = specialJunk1;
+                // containerConfig[config_key::specialJunk2] = specialJunk2;
+                // containerConfig[config_key::specialJunk3] = specialJunk3;
+                // containerConfig[config_key::specialJunk4] = specialJunk4;
+                // containerConfig[config_key::specialJunk5] = specialJunk5;
+                // containerConfig[config_key::controlledJunk1] = controlledJunk1;
+                // containerConfig[config_key::controlledJunk2] = controlledJunk2;
+                // containerConfig[config_key::controlledJunk3] = controlledJunk3;
+                // containerConfig[config_key::specialHandshakeTimeout] = specialHandshakeTimeout;
+
             } else if (container == DockerContainer::Sftp) {
                 containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
                 containerConfig.insert(config_key::password, Utils::getRandomString(16));
@@ -364,7 +402,8 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
 
             QJsonObject config;
             Proto mainProto = ContainerProps::defaultProtocol(container);
-            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
+            const auto &protocols = ContainerProps::protocolsForContainer(container);
+            for (const auto &protocol : protocols) {
                 QJsonObject containerConfig;
                 if (protocol == mainProto) {
                     containerConfig.insert(config_key::port, port);
@@ -388,6 +427,7 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                             }
                         }
 
+                        containerConfig[config_key::subnet_address] = serverConfigMap.value("Address").remove("/24");
                         containerConfig[config_key::junkPacketCount] = serverConfigMap.value(config_key::junkPacketCount);
                         containerConfig[config_key::junkPacketMinSize] = serverConfigMap.value(config_key::junkPacketMinSize);
                         containerConfig[config_key::junkPacketMaxSize] = serverConfigMap.value(config_key::junkPacketMaxSize);
@@ -399,6 +439,38 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                                 serverConfigMap.value(config_key::underloadPacketMagicHeader);
                         containerConfig[config_key::transportPacketMagicHeader] =
                                 serverConfigMap.value(config_key::transportPacketMagicHeader);
+
+                        // containerConfig[config_key::cookieReplyPacketJunkSize] = serverConfigMap.value(config_key::cookieReplyPacketJunkSize);
+                        // containerConfig[config_key::transportPacketJunkSize] = serverConfigMap.value(config_key::transportPacketJunkSize);
+
+                        // containerConfig[config_key::specialJunk1] = serverConfigMap.value(config_key::specialJunk1);
+                        // containerConfig[config_key::specialJunk2] = serverConfigMap.value(config_key::specialJunk2);
+                        // containerConfig[config_key::specialJunk3] = serverConfigMap.value(config_key::specialJunk3);
+                        // containerConfig[config_key::specialJunk4] = serverConfigMap.value(config_key::specialJunk4);
+                        // containerConfig[config_key::specialJunk5] = serverConfigMap.value(config_key::specialJunk5);
+                        // containerConfig[config_key::controlledJunk1] = serverConfigMap.value(config_key::controlledJunk1);
+                        // containerConfig[config_key::controlledJunk2] = serverConfigMap.value(config_key::controlledJunk2);
+                        // containerConfig[config_key::controlledJunk3] = serverConfigMap.value(config_key::controlledJunk3);
+                        // containerConfig[config_key::specialHandshakeTimeout] = serverConfigMap.value(config_key::specialHandshakeTimeout);
+
+                    } else if (protocol == Proto::WireGuard) {
+                        QString serverConfig = serverController->getTextFileFromContainer(container, credentials,
+                                                                                          protocols::wireguard::serverConfigPath, errorCode);
+
+                        QMap<QString, QString> serverConfigMap;
+                        auto serverConfigLines = serverConfig.split("\n");
+                        for (auto &line : serverConfigLines) {
+                            auto trimmedLine = line.trimmed();
+                            if (trimmedLine.startsWith("[") && trimmedLine.endsWith("]")) {
+                                continue;
+                            } else {
+                                QStringList parts = trimmedLine.split(" = ");
+                                if (parts.count() == 2) {
+                                    serverConfigMap.insert(parts[0].trimmed(), parts[1].trimmed());
+                                }
+                            }
+                        }
+                        containerConfig[config_key::subnet_address] = serverConfigMap.value("Address").remove("/24");
                     } else if (protocol == Proto::Sftp) {
                         stdOut.clear();
                         script = QString("sudo docker inspect --format '{{.Config.Cmd}}' %1").arg(name);
@@ -433,6 +505,51 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                             containerConfig.insert(config_key::userName, userName);
                             containerConfig.insert(config_key::password, password);
                         }
+                    } else if (protocol == Proto::Xray) {
+                        QString currentConfig = serverController->getTextFileFromContainer(
+                                container, credentials, amnezia::protocols::xray::serverConfigPath, errorCode);
+
+                        QJsonDocument doc = QJsonDocument::fromJson(currentConfig.toUtf8());
+                        qDebug() << doc;
+                        if (doc.isNull() || !doc.isObject()) {
+                            logger.error() << "Failed to parse server config JSON";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+                        QJsonObject serverConfig = doc.object();
+
+                        if (!serverConfig.contains("inbounds")) {
+                            logger.error() << "Server config missing 'inbounds' field";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QJsonArray inbounds = serverConfig["inbounds"].toArray();
+                        if (inbounds.isEmpty()) {
+                            logger.error() << "Server config has empty 'inbounds' array";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QJsonObject inbound = inbounds[0].toObject();
+                        if (!inbound.contains("streamSettings")) {
+                            logger.error() << "Inbound missing 'streamSettings' field";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QJsonObject streamSettings = inbound["streamSettings"].toObject();
+                        QJsonObject realitySettings = streamSettings["realitySettings"].toObject();
+                        if (!realitySettings.contains("serverNames")) {
+                            logger.error() << "Settings missing 'clients' field";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QString siteName = realitySettings["serverNames"][0].toString();
+                        qDebug() << siteName;
+
+                        containerConfig.insert(config_key::site, siteName);
                     }
 
                     config.insert(config_key::container, ContainerProps::containerToString(container));
@@ -773,109 +890,79 @@ void InstallController::addEmptyServer()
     emit installServerFinished(tr("Server added successfully"));
 }
 
-bool InstallController::fillAvailableServices()
+bool InstallController::isConfigValid()
 {
-    ApiController apiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());
+    int serverIndex = m_serversModel->getDefaultServerIndex();
+    QJsonObject serverConfigObject = m_serversModel->getServerConfig(serverIndex);
 
-    QByteArray responseBody;
+    if (apiUtils::isServerFromApi(serverConfigObject)) {
-    ErrorCode errorCode = apiController.getServicesList(responseBody);
+        return true;
-    if (errorCode != ErrorCode::NoError) {
+    }
-        emit installationErrorOccurred(errorCode);
+
+    if (!m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
+        emit noInstalledContainers();
         return false;
     }
 
-    QJsonObject data = QJsonDocument::fromJson(responseBody).object();
+    DockerContainer container = qvariant_cast<DockerContainer>(m_serversModel->data(serverIndex, ServersModel::Roles::DefaultContainerRole));
-    m_apiServicesModel->updateModel(data);
-    return true;
-}
 
-bool InstallController::installServiceFromApi()
+    if (container == DockerContainer::None) {
-{
+        emit installationErrorOccurred(ErrorCode::NoInstalledContainersError);
-    if (m_serversModel->isServerFromApiAlreadyExists(m_apiServicesModel->getCountryCode(), m_apiServicesModel->getSelectedServiceType(),
-                                                     m_apiServicesModel->getSelectedServiceProtocol())) {
-        emit installationErrorOccurred(ErrorCode::ApiConfigAlreadyAdded);
         return false;
     }
 
-    ApiController apiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());
+    QSharedPointer<ServerController> serverController(new ServerController(m_settings));
-    QJsonObject serverConfig;
+    VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
 
-    ErrorCode errorCode = apiController.getConfigForService(m_settings->getInstallationUuid(true), m_apiServicesModel->getCountryCode(),
+    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
-                                                            m_apiServicesModel->getSelectedServiceType(),
+    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-                                                            m_apiServicesModel->getSelectedServiceProtocol(), "", QJsonObject(), serverConfig);
-    if (errorCode != ErrorCode::NoError) {
-        emit installationErrorOccurred(errorCode);
-        return false;
-    }
 
-    auto serviceInfo = m_apiServicesModel->getSelectedServiceInfo();
+    QFutureWatcher<ErrorCode> watcher;
-    QJsonObject apiConfig = serverConfig.value(configKey::apiConfig).toObject();
-    apiConfig.insert(configKey::serviceInfo, serviceInfo);
-    apiConfig.insert(configKey::userCountryCode, m_apiServicesModel->getCountryCode());
-    apiConfig.insert(configKey::serviceType, m_apiServicesModel->getSelectedServiceType());
-    apiConfig.insert(configKey::serviceProtocol, m_apiServicesModel->getSelectedServiceProtocol());
 
-    serverConfig.insert(configKey::apiConfig, apiConfig);
+    QFuture<ErrorCode> future = QtConcurrent::run([this, container, &credentials, &containerConfig, &serverController]() {
+        ErrorCode errorCode = ErrorCode::NoError;
 
-    m_serversModel->addServer(serverConfig);
+        auto isProtocolConfigExists = [](const QJsonObject &containerConfig, const DockerContainer container) {
-    emit installServerFromApiFinished(tr("%1 installed successfully.").arg(m_apiServicesModel->getSelectedServiceName()));
+            for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
-    return true;
+                QString protocolConfig =
-}
+                        containerConfig.value(ProtocolProps::protoToString(protocol)).toObject().value(config_key::last_config).toString();
 
-bool InstallController::updateServiceFromApi(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
+                if (protocolConfig.isEmpty()) {
-                                             bool reloadServiceConfig)
+                    return false;
-{
+                }
-    ApiController apiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());
+            }
+            return true;
+        };
 
-    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
+        if (!isProtocolConfigExists(containerConfig, container)) {
-    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
+            VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
-    auto authData = serverConfig.value(configKey::authData).toObject();
+            errorCode = vpnConfigurationController.createProtocolConfigForContainer(credentials, container, containerConfig);
+            if (errorCode != ErrorCode::NoError) {
+                return errorCode;
+            }
+            m_serversModel->updateContainerConfig(container, containerConfig);
 
-    QJsonObject newServerConfig;
+            errorCode = m_clientManagementModel->appendClient(container, credentials, containerConfig,
-    ErrorCode errorCode = apiController.getConfigForService(
+                                                              QString("Admin [%1]").arg(QSysInfo::prettyProductName()), serverController);
-            m_settings->getInstallationUuid(true), apiConfig.value(configKey::userCountryCode).toString(),
+            if (errorCode != ErrorCode::NoError) {
-            apiConfig.value(configKey::serviceType).toString(), apiConfig.value(configKey::serviceProtocol).toString(), newCountryCode,
+                return errorCode;
-            authData, newServerConfig);
+            }
-    if (errorCode != ErrorCode::NoError) {
+        }
-        emit installationErrorOccurred(errorCode);
+        return errorCode;
-        return false;
-    }
-
-    QJsonObject newApiConfig = newServerConfig.value(configKey::apiConfig).toObject();
-    newApiConfig.insert(configKey::userCountryCode, apiConfig.value(configKey::userCountryCode));
-    newApiConfig.insert(configKey::serviceType, apiConfig.value(configKey::serviceType));
-    newApiConfig.insert(configKey::serviceProtocol, apiConfig.value(configKey::serviceProtocol));
-
-    newServerConfig.insert(configKey::apiConfig, newApiConfig);
-    newServerConfig.insert(configKey::authData, authData);
-    m_serversModel->editServer(newServerConfig, serverIndex);
-
-    if (reloadServiceConfig) {
-        emit reloadServerFromApiFinished(tr("API config reloaded"));
-    } else if (newCountryName.isEmpty()) {
-        emit updateServerFromApiFinished();
-    } else {
-        emit changeApiCountryFinished(tr("Successfully changed the country of connection to %1").arg(newCountryName));
-    }
-    return true;
-}
-
-void InstallController::updateServiceFromTelegram(const int serverIndex)
-{
-    ApiController *apiController = new ApiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());
-
-    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
-
-    apiController->updateServerConfigFromApi(m_settings->getInstallationUuid(true), serverIndex, serverConfig);
-    connect(apiController, &ApiController::finished, this, [this, apiController](const QJsonObject &config, const int serverIndex) {
-        m_serversModel->editServer(config, serverIndex);
-        emit updateServerFromApiFinished();
-        apiController->deleteLater();
     });
-    connect(apiController, &ApiController::errorOccurred, this, [this, apiController](ErrorCode errorCode) {
+
+    QEventLoop wait;
+    connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
+    watcher.setFuture(future);
+    wait.exec();
+
+    ErrorCode errorCode = watcher.result();
+
+    if (errorCode != ErrorCode::NoError) {
         emit installationErrorOccurred(errorCode);
-        apiController->deleteLater();
+        return false;
-    });
+    }
+    return true;
 }
 
 bool InstallController::isUpdateDockerContainerRequired(const DockerContainer container, const QJsonObject &oldConfig,

client/ui/controllers/installController.h

@@ -10,7 +10,6 @@
 #include "ui/models/containers_model.h"
 #include "ui/models/protocols_model.h"
 #include "ui/models/servers_model.h"
-#include "ui/models/apiServicesModel.h"
 
 class InstallController : public QObject
 {
@@ -19,7 +18,6 @@ public:
     explicit InstallController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
                                const QSharedPointer<ProtocolsModel> &protocolsModel,
                                const QSharedPointer<ClientManagementModel> &clientManagementModel,
-                               const QSharedPointer<ApiServicesModel> &apiServicesModel,
                                const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
     ~InstallController();
 
@@ -52,21 +50,13 @@ public slots:
 
     void addEmptyServer();
 
-    bool fillAvailableServices();
+    bool isConfigValid();
-    bool installServiceFromApi();
-    bool updateServiceFromApi(const int serverIndex, const QString &newCountryCode, const QString &newCountryName, bool reloadServiceConfig = false);
-
-    void updateServiceFromTelegram(const int serverIndex);
 
 signals:
     void installContainerFinished(const QString &finishMessage, bool isServiceInstall);
     void installServerFinished(const QString &finishMessage);
-    void installServerFromApiFinished(const QString &message);
 
     void updateContainerFinished(const QString &message);
-    void updateServerFromApiFinished();
-    void changeApiCountryFinished(const QString &message);
-    void reloadServerFromApiFinished(const QString &message);
 
     void scanServerFinished(bool isInstalledContainerFound);
 
@@ -91,6 +81,8 @@ signals:
     void cachedProfileCleared(const QString &message);
     void apiConfigRemoved(const QString &message);
 
+    void noInstalledContainers();
+
 private:
     void installServer(const DockerContainer container, const QMap<DockerContainer, QJsonObject> &installedContainers,
                        const ServerCredentials &serverCredentials, const QSharedPointer<ServerController> &serverController,
@@ -108,7 +100,6 @@ private:
     QSharedPointer<ContainersModel> m_containersModel;
     QSharedPointer<ProtocolsModel> m_protocolModel;
     QSharedPointer<ClientManagementModel> m_clientManagementModel;
-    QSharedPointer<ApiServicesModel> m_apiServicesModel;
 
     std::shared_ptr<Settings> m_settings;
 

client/ui/controllers/pageController.h

@@ -31,6 +31,14 @@ namespace PageLoader
         PageSettingsLogging,
         PageSettingsSplitTunneling,
         PageSettingsAppSplitTunneling,
+        PageSettingsKillSwitch,
+        PageSettingsApiServerInfo,
+        PageSettingsApiAvailableCountries,
+        PageSettingsApiSupport,
+        PageSettingsApiInstructions,
+        PageSettingsApiNativeConfigs,
+        PageSettingsApiDevices,
+        PageSettingsKillSwitchExceptions,
         
         PageServiceSftpSettings,
         PageServiceTorWebsiteSettings,
@@ -104,7 +112,7 @@ public slots:
     int incrementDrawerDepth();
     int decrementDrawerDepth();
 
-  private slots:
+private slots:
     void onShowErrorMessage(amnezia::ErrorCode errorCode);
 
 signals:

client/ui/controllers/settingsController.cpp

@@ -126,7 +126,13 @@ void SettingsController::clearLogs()
 
 void SettingsController::backupAppConfig(const QString &fileName)
 {
-    SystemController::saveFile(fileName, m_settings->backupAppConfig());
+    QByteArray data = m_settings->backupAppConfig();
+    QJsonDocument doc = QJsonDocument::fromJson(data);
+    QJsonObject config = doc.object();
+
+    config["Conf/autoStart"] = Autostart::isAutostart();
+
+    SystemController::saveFile(fileName, QJsonDocument(config).toJson());
 }
 
 void SettingsController::restoreAppConfig(const QString &fileName)
@@ -140,9 +146,30 @@ void SettingsController::restoreAppConfigFromData(const QByteArray &data)
 {
     bool ok = m_settings->restoreAppConfig(data);
     if (ok) {
+        QJsonObject newConfigData = QJsonDocument::fromJson(data).object();
+
+#if defined(Q_OS_WINDOWS) || defined(Q_OS_LINUX) || defined(Q_OS_MACX)
+        bool autoStart = false;
+        if (newConfigData.contains("Conf/autoStart")) {
+            autoStart = newConfigData["Conf/autoStart"].toBool();
+        }
+        toggleAutoStart(autoStart);
+#endif
         m_serversModel->resetModel();
         m_languageModel->changeLanguage(
                 static_cast<LanguageSettings::AvailableLanguageEnum>(m_languageModel->getCurrentLanguageIndex()));
+
+#if defined(Q_OS_WINDOWS) || defined(Q_OS_ANDROID)
+        int appSplitTunnelingRouteMode = newConfigData.value("Conf/appsRouteMode").toInt();
+        bool appSplittunnelingEnabled = newConfigData.value("Conf/appsSplitTunnelingEnabled").toBool();
+        m_appSplitTunnelingModel->setRouteMode(appSplitTunnelingRouteMode);
+        m_appSplitTunnelingModel->toggleSplitTunneling(appSplittunnelingEnabled);
+#endif
+        int siteSplitTunnelingRouteMode = newConfigData.value("Conf/routeMode").toInt();
+        bool siteSplittunnelingEnabled = newConfigData.value("Conf/sitesSplitTunnelingEnabled").toBool();
+        m_sitesModel->setRouteMode(siteSplitTunnelingRouteMode);
+        m_sitesModel->toggleSplitTunneling(siteSplittunnelingEnabled);
+
         emit restoreBackupFinished();
     } else {
         emit changeSettingsErrorOccurred(tr("Backup file is corrupted"));
@@ -167,6 +194,8 @@ void SettingsController::clearSettings()
     m_appSplitTunnelingModel->setRouteMode(Settings::AppsRouteMode::VpnAllExceptApps);
     m_appSplitTunnelingModel->toggleSplitTunneling(false);
 
+    toggleAutoStart(false);
+
     emit changeSettingsFinished(tr("All settings have been reset to default values"));
 
 #ifdef Q_OS_IOS
@@ -245,6 +274,23 @@ bool SettingsController::isKillSwitchEnabled()
 void SettingsController::toggleKillSwitch(bool enable)
 {
     m_settings->setKillSwitchEnabled(enable);
+    emit killSwitchEnabledChanged();
+    if (enable == false) {
+        emit strictKillSwitchEnabledChanged(false);
+    } else {
+        emit strictKillSwitchEnabledChanged(isStrictKillSwitchEnabled());
+    }
+}
+
+bool SettingsController::isStrictKillSwitchEnabled()
+{
+    return m_settings->isStrictKillSwitchEnabled();
+}
+
+void SettingsController::toggleStrictKillSwitch(bool enable)
+{
+    m_settings->setStrictKillSwitchEnabled(enable);
+    emit strictKillSwitchEnabledChanged(enable);
 }
 
 bool SettingsController::isNotificationPermissionGranted()