idp.global/swiftapp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adopt root-level tsswift app layout
CI / test (push) Has been cancelled
Details

Browse Source 
Move the app payload under swift/ while keeping git, package.json, and .smartconfig.json at the repo root. This standardizes the Swift app setup so build, test, run, and watch workflows match the other repos.
This commit is contained in:
Jürgen Kunz
2026-04-19 01:21:43 +02:00
parent d534964601
commit a6939453f8
61 changed files with 2341 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
swift/Sources/Features/Auth/NFCPairingView.swift
+296
View File
@@ -0,0 +1,296 @@
import SwiftUI
#if canImport(CoreLocation) && canImport(CoreNFC) && canImport(CryptoKit) && os(iOS)
import CoreLocation
import CoreNFC
import CryptoKit
@MainActor
final class NFCIdentifyReader: NSObject, ObservableObject, @preconcurrency NFCNDEFReaderSessionDelegate {
@Published private(set) var helperText: String
@Published private(set) var isScanning = false
@Published private(set) var isSupported: Bool
var onAuthenticationRequestDetected: ((PairingAuthenticationRequest) -> Void)?
var onError: ((String) -> Void)?
private let signedGPSPositionProvider = SignedGPSPositionProvider()
private var session: NFCNDEFReaderSession?
private var isPreparingLocationProof = false
override init() {
let supported = NFCNDEFReaderSession.readingAvailable
_helperText = Published(initialValue: supported ? NFCIdentifyReader.idleHelperText : NFCIdentifyReader.unavailableHelperText)
_isSupported = Published(initialValue: supported)
super.init()
}
func beginScanning() {
refreshAvailability()
guard isSupported else {
onError?(Self.unavailableErrorMessage)
return
}
guard !isScanning else { return }
isScanning = true
isPreparingLocationProof = false
helperText = Self.scanningHelperText
let session = NFCNDEFReaderSession(delegate: self, queue: nil, invalidateAfterFirstRead: true)
session.alertMessage = "Hold your iPhone near the idp.global tag. A signed GPS position will be attached to this NFC identify action."
self.session = session
session.begin()
}
func readerSessionDidBecomeActive(_ session: NFCNDEFReaderSession) {
DispatchQueue.main.async {
self.helperText = Self.scanningHelperText
}
}
func readerSession(_ session: NFCNDEFReaderSession, didDetectNDEFs messages: [NFCNDEFMessage]) {
guard let payload = extractPayload(from: messages) else {
session.invalidate()
DispatchQueue.main.async {
self.finishScanning()
self.onError?(Self.invalidTagMessage)
}
return
}
DispatchQueue.main.async {
self.isPreparingLocationProof = true
self.helperText = Self.signingLocationHelperText
Task { @MainActor in
await self.completeAuthentication(for: payload)
}
}
}
func readerSession(_ session: NFCNDEFReaderSession, didInvalidateWithError error: Error) {
let nsError = error as NSError
let ignoredCodes = [200, 204] // User canceled, first tag read.
DispatchQueue.main.async {
self.session = nil
}
guard !(nsError.domain == NFCErrorDomain && ignoredCodes.contains(nsError.code)) else {
if !isPreparingLocationProof {
DispatchQueue.main.async {
self.finishScanning()
}
}
return
}
DispatchQueue.main.async {
self.finishScanning()
self.onError?(Self.failureMessage(for: nsError))
}
}
@MainActor
private func completeAuthentication(for payload: String) async {
do {
let signedGPSPosition = try await signedGPSPositionProvider.currentSignedGPSPosition(for: payload)
let request = PairingAuthenticationRequest(
pairingPayload: payload,
transport: .nfc,
signedGPSPosition: signedGPSPosition
)
finishScanning()
onAuthenticationRequestDetected?(request)
} catch let error as AppError {
finishScanning()
onError?(error.errorDescription ?? Self.gpsSigningFailureMessage)
} catch {
finishScanning()
onError?(Self.gpsSigningFailureMessage)
}
}
private func finishScanning() {
session = nil
isPreparingLocationProof = false
isScanning = false
refreshAvailability()
}
private func refreshAvailability() {
let available = NFCNDEFReaderSession.readingAvailable
isSupported = available
if !isScanning {
helperText = available ? Self.idleHelperText : Self.unavailableHelperText
}
}
private func extractPayload(from messages: [NFCNDEFMessage]) -> String? {
for message in messages {
for record in message.records {
if let url = record.wellKnownTypeURIPayload() {
return url.absoluteString
}
let (text, _) = record.wellKnownTypeTextPayload()
if let trimmed = text?.trimmingCharacters(in: .whitespacesAndNewlines),
!trimmed.isEmpty {
return trimmed
}
if let fallback = String(data: record.payload, encoding: .utf8)?
.trimmingCharacters(in: .whitespacesAndNewlines),
!fallback.isEmpty {
return fallback
}
}
}
return nil
}
private static func failureMessage(for error: NSError) -> String {
if error.domain == NFCErrorDomain && error.code == 2 {
return "NFC identify is not permitted in this build. Check the NFC entitlement and privacy description."
}
return "NFC identify could not be completed on this device."
}
private static let idleHelperText = "Tap to identify with an NFC tag on supported iPhone hardware. A signed GPS position will be attached automatically."
private static let scanningHelperText = "Hold the top of your iPhone near the NFC tag until it is identified."
private static let signingLocationHelperText = "Tag detected. Capturing and signing the current GPS position for NFC identify."
private static let unavailableHelperText = "NFC identify is unavailable on this device."
private static let unavailableErrorMessage = "Tap to identify requires supported iPhone hardware with NFC enabled."
private static let invalidTagMessage = "The NFC tag did not contain a usable idp.global payload."
private static let gpsSigningFailureMessage = "The NFC tag was read, but the signed GPS position could not be attached."
}
@MainActor
private final class SignedGPSPositionProvider: NSObject, @preconcurrency CLLocationManagerDelegate {
private var manager: CLLocationManager?
private var authorizationContinuation: CheckedContinuation<CLAuthorizationStatus, Never>?
private var locationContinuation: CheckedContinuation<CLLocation, Error>?
func currentSignedGPSPosition(for pairingPayload: String) async throws -> SignedGPSPosition {
let location = try await currentLocation()
return try sign(location: location, pairingPayload: pairingPayload)
}
private func currentLocation() async throws -> CLLocation {
let manager = CLLocationManager()
manager.delegate = self
manager.desiredAccuracy = kCLLocationAccuracyNearestTenMeters
manager.distanceFilter = kCLDistanceFilterNone
self.manager = manager
switch manager.authorizationStatus {
case .authorizedAlways, .authorizedWhenInUse:
break
case .notDetermined:
let status = await requestAuthorization(using: manager)
guard status == .authorizedAlways || status == .authorizedWhenInUse else {
throw AppError.locationPermissionDenied
}
case .denied, .restricted:
throw AppError.locationPermissionDenied
@unknown default:
throw AppError.locationUnavailable
}
return try await requestLocation(using: manager)
}
private func requestAuthorization(using manager: CLLocationManager) async -> CLAuthorizationStatus {
manager.requestWhenInUseAuthorization()
return await withCheckedContinuation { continuation in
authorizationContinuation = continuation
}
}
private func requestLocation(using manager: CLLocationManager) async throws -> CLLocation {
try await withCheckedThrowingContinuation { continuation in
locationContinuation = continuation
manager.requestLocation()
}
}
private func sign(location: CLLocation, pairingPayload: String) throws -> SignedGPSPosition {
let isFresh = abs(location.timestamp.timeIntervalSinceNow) <= 120
guard location.horizontalAccuracy >= 0,
isFresh else {
throw AppError.locationUnavailable
}
let unsignedPosition = SignedGPSPosition(
latitude: location.coordinate.latitude,
longitude: location.coordinate.longitude,
horizontalAccuracyMeters: location.horizontalAccuracy,
capturedAt: location.timestamp
)
let privateKey = P256.Signing.PrivateKey()
let signature = try privateKey.signature(for: unsignedPosition.signingPayload(for: pairingPayload))
return unsignedPosition.signed(
signatureData: signature.derRepresentation,
publicKeyData: privateKey.publicKey.x963Representation
)
}
func locationManagerDidChangeAuthorization(_ manager: CLLocationManager) {
guard let continuation = authorizationContinuation else { return }
let status = manager.authorizationStatus
guard status != .notDetermined else { return }
authorizationContinuation = nil
continuation.resume(returning: status)
}
func locationManager(_ manager: CLLocationManager, didUpdateLocations locations: [CLLocation]) {
guard let continuation = locationContinuation,
let location = locations.last else {
return
}
authorizationContinuation = nil
locationContinuation = nil
self.manager = nil
continuation.resume(returning: location)
}
func locationManager(_ manager: CLLocationManager, didFailWithError error: Error) {
guard let continuation = locationContinuation else { return }
authorizationContinuation = nil
locationContinuation = nil
self.manager = nil
if let locationError = error as? CLError,
locationError.code == .denied {
continuation.resume(throwing: AppError.locationPermissionDenied)
return
}
continuation.resume(throwing: AppError.locationUnavailable)
}
}
#else
@MainActor
final class NFCIdentifyReader: NSObject, ObservableObject {
@Published private(set) var helperText = "NFC identify with a signed GPS position is available on supported iPhone hardware only."
@Published private(set) var isScanning = false
@Published private(set) var isSupported = false
var onAuthenticationRequestDetected: ((PairingAuthenticationRequest) -> Void)?
var onError: ((String) -> Void)?
func beginScanning() {
onError?("Tap to identify requires supported iPhone hardware with NFC and location access enabled.")
}
}
#endif