Remove `ApiEndpointUpdateHandler`

Previously, the `mullvad-api` would tell the `mullvad-daemon` that it
wanted a new API endpoint by calling a certain callback
(`ApiEndpointUpdateCallback`), which would asynchronously resolve a new
API endpoint and tell the daemon to punch an appropriate hole in the
firewall for that particular endpoint before the `mullvad-api` crate
would consume it.

The logic of the callback can be moved inside `AccessModeSelector`,
which simplifies the contract between `mullvad-daemon` and `mullvad-api`
somewhat.

4 files changed, 23 insertions, 86 deletions

diff --git a/mullvad-api/src/bin/relay_list.rs b/mullvad-api/src/bin/relay_list.rs
index ffb65c28b2..c016b4c8a1 100644
--- a/mullvad-api/src/bin/relay_list.rs
+++ b/mullvad-api/src/bin/relay_list.rs
@@ -13,7 +13,7 @@ async fn main() {
 
     let relay_list_request = RelayListProxy::new(
         runtime
-            .mullvad_rest_handle(ApiConnectionMode::Direct.into_repeat(), |_| async { true })
+            .mullvad_rest_handle(ApiConnectionMode::Direct.into_repeat())
             .await,
     )
     .relay_list(None)
diff --git a/mullvad-api/src/lib.rs b/mullvad-api/src/lib.rs
index ae7929deec..237ed100d4 100644
--- a/mullvad-api/src/lib.rs
+++ b/mullvad-api/src/lib.rs
@@ -18,7 +18,7 @@ use std::{
     path::Path,
     sync::OnceLock,
 };
-use talpid_types::{net::AllowedEndpoint, ErrorExt};
+use talpid_types::ErrorExt;
 
 pub mod availability;
 use availability::{ApiAvailability, ApiAvailabilityHandle};
@@ -216,19 +216,6 @@ pub enum Error {
     ApiCheckError(#[error(source)] availability::Error),
 }
 
-/// Closure that receives the next API (real or proxy) endpoint to use for `api.mullvad.net`.
-/// It should return a future that determines whether to reject the new endpoint or not.
-pub trait ApiEndpointUpdateCallback: Fn(AllowedEndpoint) -> Self::AcceptedNewEndpoint {
-    type AcceptedNewEndpoint: Future<Output = bool> + Send;
-}
-
-impl<U, T: Future<Output = bool> + Send> ApiEndpointUpdateCallback for U
-where
-    U: Fn(AllowedEndpoint) -> T,
-{
-    type AcceptedNewEndpoint = T;
-}
-
 impl Runtime {
     /// Create a new `Runtime`.
     pub fn new(handle: tokio::runtime::Handle) -> Result<Self, Error> {
@@ -305,7 +292,6 @@ impl Runtime {
         &self,
         sni_hostname: Option<String>,
         proxy_provider: T,
-        new_address_callback: impl ApiEndpointUpdateCallback + Send + Sync + 'static,
         #[cfg(target_os = "android")] socket_bypass_tx: Option<mpsc::Sender<SocketBypassRequest>>,
     ) -> rest::RequestServiceHandle {
         rest::RequestService::spawn(
@@ -313,7 +299,6 @@ impl Runtime {
             self.api_availability.handle(),
             self.address_cache.clone(),
             proxy_provider,
-            new_address_callback,
             #[cfg(target_os = "android")]
             socket_bypass_tx,
         )
@@ -326,13 +311,11 @@ impl Runtime {
     >(
         &self,
         proxy_provider: T,
-        new_address_callback: impl ApiEndpointUpdateCallback + Send + Sync + 'static,
     ) -> rest::MullvadRestHandle {
         let service = self
             .new_request_service(
                 Some(API.host.clone()),
                 proxy_provider,
-                new_address_callback,
                 #[cfg(target_os = "android")]
                 self.socket_bypass_tx.clone(),
             )
@@ -353,7 +336,6 @@ impl Runtime {
         self.new_request_service(
             None,
             ApiConnectionMode::Direct.into_repeat(),
-            |_| async { true },
             #[cfg(target_os = "android")]
             None,
         )
diff --git a/mullvad-api/src/proxy.rs b/mullvad-api/src/proxy.rs
index 3c7d071d92..2b4821ba64 100644
--- a/mullvad-api/src/proxy.rs
+++ b/mullvad-api/src/proxy.rs
@@ -8,7 +8,7 @@ use std::{
     task::{self, Poll},
 };
 use talpid_types::{
-    net::{proxy, AllowedClients, Endpoint, TransportProtocol},
+    net::{proxy, Endpoint, TransportProtocol},
     ErrorExt,
 };
 use tokio::{
@@ -70,6 +70,16 @@ impl fmt::Display for ProxyConfig {
     }
 }
 
+impl From<proxy::CustomProxy> for ProxyConfig {
+    fn from(value: proxy::CustomProxy) -> Self {
+        match value {
+            proxy::CustomProxy::Shadowsocks(shadowsocks) => ProxyConfig::Shadowsocks(shadowsocks),
+            proxy::CustomProxy::Socks5Local(socks) => ProxyConfig::Socks5Local(socks),
+            proxy::CustomProxy::Socks5Remote(socks) => ProxyConfig::Socks5Remote(socks),
+        }
+    }
+}
+
 impl ApiConnectionMode {
     /// Reads the proxy config from `CURRENT_CONFIG_FILENAME`.
     /// This returns `ApiConnectionMode::Direct` if reading from disk fails for any reason.
@@ -139,32 +149,6 @@ impl ApiConnectionMode {
         }
     }
 
-    #[cfg(unix)]
-    pub fn allowed_clients(&self) -> AllowedClients {
-        match self {
-            ApiConnectionMode::Proxied(ProxyConfig::Socks5Local(_)) => AllowedClients::All,
-            ApiConnectionMode::Direct | ApiConnectionMode::Proxied(_) => AllowedClients::Root,
-        }
-    }
-
-    #[cfg(windows)]
-    pub fn allowed_clients(&self) -> AllowedClients {
-        match self {
-            ApiConnectionMode::Proxied(ProxyConfig::Socks5Local(_)) => AllowedClients::all(),
-            ApiConnectionMode::Direct | ApiConnectionMode::Proxied(_) => {
-                let daemon_exe = std::env::current_exe().expect("failed to obtain executable path");
-                vec![
-                    daemon_exe
-                        .parent()
-                        .expect("missing executable parent directory")
-                        .join("mullvad-problem-report.exe"),
-                    daemon_exe,
-                ]
-                .into()
-            }
-        }
-    }
-
     pub fn is_proxy(&self) -> bool {
         *self != ApiConnectionMode::Direct
     }
diff --git a/mullvad-api/src/rest.rs b/mullvad-api/src/rest.rs
index 6332c1266e..9f1e88a751 100644
--- a/mullvad-api/src/rest.rs
+++ b/mullvad-api/src/rest.rs
@@ -24,10 +24,7 @@ use std::{
     sync::{Arc, Weak},
     time::Duration,
 };
-use talpid_types::{
-    net::{AllowedEndpoint, Endpoint, TransportProtocol},
-    ErrorExt,
-};
+use talpid_types::ErrorExt;
 
 #[cfg(feature = "api-override")]
 use crate::API;
@@ -123,36 +120,24 @@ impl Error {
     }
 }
 
-use super::ApiEndpointUpdateCallback;
-
 /// A service that executes HTTP requests, allowing for on-demand termination of all in-flight
 /// requests
-pub(crate) struct RequestService<
-    T: Stream<Item = ApiConnectionMode>,
-    F: ApiEndpointUpdateCallback + Send,
-> {
+pub(crate) struct RequestService<T: Stream<Item = ApiConnectionMode>> {
     command_tx: Weak<mpsc::UnboundedSender<RequestCommand>>,
     command_rx: mpsc::UnboundedReceiver<RequestCommand>,
     connector_handle: HttpsConnectorWithSniHandle,
     client: hyper::Client<HttpsConnectorWithSni, hyper::Body>,
     proxy_config_provider: T,
-    new_address_callback: F,
-    address_cache: AddressCache,
     api_availability: ApiAvailabilityHandle,
 }
 
-impl<
-        T: Stream<Item = ApiConnectionMode> + Unpin + Send + 'static,
-        F: ApiEndpointUpdateCallback + Send + Sync + 'static,
-    > RequestService<T, F>
-{
+impl<T: Stream<Item = ApiConnectionMode> + Unpin + Send + 'static> RequestService<T> {
     /// Constructs a new request service.
     pub async fn spawn(
         sni_hostname: Option<String>,
         api_availability: ApiAvailabilityHandle,
         address_cache: AddressCache,
         mut proxy_config_provider: T,
-        new_address_callback: F,
         #[cfg(target_os = "android")] socket_bypass_tx: Option<mpsc::Sender<SocketBypassRequest>>,
     ) -> RequestServiceHandle {
         let (connector, connector_handle) = HttpsConnectorWithSni::new(
@@ -184,8 +169,6 @@ impl<
             connector_handle,
             client,
             proxy_config_provider,
-            new_address_callback,
-            address_cache,
             api_availability,
         };
         let handle = RequestServiceHandle { tx: command_tx };
@@ -203,26 +186,14 @@ impl<
             }
             RequestCommand::NextApiConfig(completion_tx) => {
                 #[cfg(feature = "api-override")]
-                if API.force_direct_connection {
-                    log::debug!("Ignoring API connection mode");
-                    let _ = completion_tx.send(Ok(()));
-                    return;
-                }
+                let force_direct_connection = API.force_direct_connection;
+                #[cfg(not(feature = "api-override"))]
+                let force_direct_connection = false;
 
-                if let Some(new_config) = self.proxy_config_provider.next().await {
-                    let endpoint = match new_config.get_endpoint() {
-                        Some(endpoint) => endpoint,
-                        None => Endpoint::from_socket_address(
-                            self.address_cache.get_address().await,
-                            TransportProtocol::Tcp,
-                        ),
-                    };
-                    let clients = new_config.allowed_clients();
-                    let allowed_endpoint = AllowedEndpoint { endpoint, clients };
-                    // Switch to new connection mode unless rejected by address change callback
-                    if (self.new_address_callback)(allowed_endpoint).await {
-                        self.connector_handle.set_connection_mode(new_config);
-                    }
+                if force_direct_connection {
+                    log::debug!("Ignoring API connection mode");
+                } else if let Some(connection_mode) = self.proxy_config_provider.next().await {
+                    self.connector_handle.set_connection_mode(connection_mode);
                 }
 
                 let _ = completion_tx.send(Ok(()));