Feat: Fixed push notifications on VPN connect/disconnect

chore: hide extend buttons on external premium
chore: simplify benefits
2026-06-24 02:00:24 +07:00 · 2026-04-06 17:45:24 +03:00 · 2026-04-06 20:04:39 +08:00 · 2026-04-03 20:04:52 +08:00 · 2026-04-02 17:32:42 +08:00 · 2026-04-01 14:25:47 +08:00
167 changed files with 5050 additions and 2199 deletions
@@ -24,7 +24,7 @@ jobs:
      - name: Verify git tag
        run: |
          TAG_NAME=${{ inputs.RELEASE_VERSION }}
-          CMAKE_TAG=$(grep 'project.*VERSION' CMakeLists.txt | sed -E 's/.* ([0-9]+.[0-9]+.[0-9]+.[0-9]+)$/\1/')
+          CMAKE_TAG=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/')
          if [[ "$TAG_NAME" == "$CMAKE_TAG" ]]; then
            echo "Git tag ($TAG_NAME) matches CMakeLists.txt version ($CMAKE_TAG)."
          else
@@ -140,3 +140,6 @@ ios-ne-build.sh
 macos-ne-build.sh
 macos-signed-build.sh
 macos-with-sign-build.sh
 DeveloperIdApplicationCertificate.p12
 DeveloperIdInstallerCertificate.p12
@@ -14,3 +14,7 @@
 [submodule "client/3rd/QSimpleCrypto"]
 	path = client/3rd/QSimpleCrypto
 	url = https://github.com/amnezia-vpn/QSimpleCrypto.git
 [submodule "client/3rd/qtgamepad"]
 	path = client/3rd/qtgamepad
 	url = https://github.com/amnezia-vpn/qtgamepad.git
 	branch = 6.6
@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 set(PROJECT AmneziaVPN)
-set(AMNEZIAVPN_VERSION 4.8.12.9)
+set(AMNEZIAVPN_VERSION 4.8.15.0)
 project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION}
        DESCRIPTION "AmneziaVPN"
@@ -12,7 +12,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2105)
+set(APP_ANDROID_VERSION_CODE 2118)
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
@@ -61,6 +61,9 @@ if(WIN32 AND NOT IOS AND NOT ANDROID AND NOT MACOS_NE)
    set(CPACK_PACKAGE_VENDOR "AmneziaVPN")
    set(CPACK_PACKAGE_VERSION ${AMNEZIAVPN_VERSION})
    set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "AmneziaVPN client")
    set(AMNEZIA_LICENSE_TXT "${CMAKE_BINARY_DIR}/LICENSE.txt")
    configure_file("${CMAKE_SOURCE_DIR}/LICENSE" "${AMNEZIA_LICENSE_TXT}" COPYONLY)
    set(CPACK_RESOURCE_FILE_LICENSE "${AMNEZIA_LICENSE_TXT}")
    set(CPACK_PACKAGE_INSTALL_DIRECTORY "AmneziaVPN")
    set(CPACK_PACKAGE_DIRECTORY "${CMAKE_BINARY_DIR}")
    set(CPACK_PACKAGE_EXECUTABLES "AmneziaVPN" "AmneziaVPN")
@@ -179,7 +179,7 @@ You may face compiling issues in QT Creator after you've worked in Android Studi
 ## License
-GPL v3.0
+This project is licensed under the GNU General Public License v3.0 (see LICENSE) and also includes third-party components distributed under their own terms (see THIRD_PARTY_LICENSES.md).
 ## Donate
@@ -0,0 +1,149 @@
 # Third-Party Licenses
 This project is licensed under the GNU General Public License v3.0.
 This file lists third-party software components used by this repository.
 Each component is distributed under its own license as linked below.
 ---
 ## QtKeychain
 - Source: https://github.com/frankosterfeld/qtkeychain
 - License: BSD License
 - License Text: https://www.gnu.org/licenses/license-list.html#ModifiedBSD
 ---
 ## QSimpleCrypto
 - Source: https://github.com/n1flh31mur/QSimpleCrypto
 - License: Apache License 2.0
 - License Text: https://github.com/n1flh31mur/QSimpleCrypto/blob/master/LICENSE
 ---
 ## SortFilterProxyModel
 - Source: https://github.com/oKcerG/SortFilterProxyModel
 - License: MIT License
 - License Text: https://github.com/oKcerG/SortFilterProxyModel/blob/master/LICENSE
 ---
 ## QJsonStruct
 - Source: https://github.com/Qv2ray/QJsonStruct
 - License: MIT License
 - License Text: https://github.com/Qv2ray/QJsonStruct/blob/master/LICENSE
 ---
 ## QR Code Generator (qrcodegen)
 - Source: https://github.com/nayuki/QR-Code-generator
 - License: MIT License
 - License Text: https://www.nayuki.io/page/qr-code-generator-library
 ---
 ## Qt Gamepad
 - Source: https://github.com/qt/qtgamepad
 - License: GNU General Public License v3.0 (GPL-3.0)
 - License Text: https://www.gnu.org/licenses/gpl-3.0.en.html
 ---
 ## AmneziaWG Apple (WireGuard)
 - Source: https://github.com/amnezia-vpn/amneziawg-apple
 - License: MIT License
 - License Text: https://github.com/amnezia-vpn/amneziawg-apple/blob/master/COPYING
 ---
 ## AmneziaWG Android
 - Source: https://github.com/amnezia-vpn/amneziawg-go
 - License: MIT License
 - License Text: https://github.com/amnezia-vpn/amneziawg-go/blob/master/LICENSE
 ---
 ## Xray Core
 - Source: https://github.com/XTLS/Xray-core
 - License: Mozilla Public License 2.0 (MPL-2.0)
 - License Text: https://github.com/XTLS/Xray-core/blob/main/LICENSE
 ---
 ## Cloak
 - Source: https://github.com/cbeuw/Cloak
 - License: GNU General Public License v3.0 (GPL-3.0)
 - License Text: https://github.com/cbeuw/Cloak/blob/master/LICENSE
 ---
 ## Shadowsocks
 - Source: https://github.com/shadowsocks/shadowsocks-libev
 - License: GPL-3.0-or-later
 - License Text: http://www.gnu.org/licenses/
 ---
 ## OpenSSL
 - Source: https://github.com/openssl/openssl
 - License: Apache License 2.0
 - License Text: https://www.openssl.org/source/license.html
 ---
 ## libssh
 - Source: https://www.libssh.org/
 - License: GNU Lesser General Public License (LGPL)
 - License Text: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
 ---
 ## OpenVPNAdapter
 - Source: https://github.com/ss-abramchuk/OpenVPNAdapter
 - License: GNU Affero General Public License v3.0 (AGPL-3.0)
 - License Text: https://github.com/ss-abramchuk/OpenVPNAdapter/blob/master/LICENSE
 ---
 ## Wintun
 - Source: https://www.wintun.net/
 - License: Prebuilt Binaries License
 - License Text: https://github.com/WireGuard/wintun/blob/master/prebuilt-binaries-license.txt
 ---
 ## Mullvad Split Tunnel Driver
 - Source: https://github.com/mullvad/win-split-tunnel
 - License: GNU General Public License v3.0 (GPL-3.0) and Mozilla Public License Version 2.0
 - License Text: https://github.com/mullvad/win-split-tunnel/blob/master/LICENSE-GPL.md https://github.com/mullvad/win-split-tunnel/blob/master/LICENSE-MPL.txt
 ---
 ## tun2socks
 - Source: https://github.com/eycorsican/go-tun2socks
 - License: MIT License
 - License Text: https://github.com/eycorsican/go-tun2socks/blob/master/LICENSE
 ---
 ## TAP-Windows Driver
 - Source: https://github.com/OpenVPN/tap-windows6
 - License: tap-windows6 license
 - License Text: https://github.com/OpenVPN/tap-windows6/blob/master/COPYING
@@ -59,7 +59,6 @@ target_include_directories(${PROJECT} PUBLIC
 if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_interface.rep)
    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_interface.rep)
    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_tun2socks.rep)
 endif()
 qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
@@ -79,6 +78,7 @@ set(AMNEZIAVPN_TS_FILES
 )
 file(GLOB_RECURSE AMNEZIAVPN_TS_SOURCES *.qrc *.cpp *.h *.ui)
 list(FILTER AMNEZIAVPN_TS_SOURCES EXCLUDE REGEX "qtgamepad/examples")
 qt_create_translation(AMNEZIAVPN_QM_FILES ${AMNEZIAVPN_TS_SOURCES} ${AMNEZIAVPN_TS_FILES})
@@ -228,4 +228,13 @@ if(NOT IOS AND NOT ANDROID AND NOT MACOS_NE)
 endif()
 target_sources(${PROJECT} PRIVATE ${SOURCES} ${HEADERS} ${RESOURCES} ${QRC} ${I18NQRC})
 # Finalize the executable so Qt can gather/deploy QML modules and plugins correctly (Android needs this).
 if(COMMAND qt_import_qml_plugins)
    qt_import_qml_plugins(${PROJECT})
 endif()
 if(COMMAND qt_finalize_executable)
    qt_finalize_executable(${PROJECT})
 else()
    qt_finalize_target(${PROJECT})
 endif()
@@ -109,6 +109,16 @@ void AmneziaApplication::init()
            // install filter on main window
            if (auto win = qobject_cast<QQuickWindow*>(obj)) {
                win->installEventFilter(this);
 #ifdef Q_OS_ANDROID
                QObject::connect(win, &QQuickWindow::sceneGraphError,
                    [](QQuickWindow::SceneGraphError, const QString &msg) {
                        qWarning() << "Scene graph error (suppressed):" << msg;
                    });
                // Keep graphics context alive across hide/show cycles to avoid
                // eglSwapBuffers/makeCurrent being called on a context Android has reclaimed.
                win->setPersistentSceneGraph(true);
                win->setPersistentGraphics(true);
 #endif
                win->show();
            }
        },
@@ -24,5 +24,8 @@
    <string name="notificationSettingsDialogMessage">Для показа уведомлений необходимо включить уведомления в системных настройках</string>
    <string name="openNotificationSettings">Открыть настройки уведомлений</string>
    <string name="vpnStateEventChannelName">Уведомления о VPN</string>
    <string name="vpnStateEventChannelDescription">Краткие оповещения при подключении и отключении VPN</string>
    <string name="tvNoFileBrowser">Пожалуйста, установите приложение для просмотра файлов</string>
 </resources>
@@ -24,5 +24,8 @@
    <string name="notificationSettingsDialogMessage">To show notifications, you must enable notifications in the system settings</string>
    <string name="openNotificationSettings">Open notification settings</string>
    <string name="vpnStateEventChannelName">VPN connection alerts</string>
    <string name="vpnStateEventChannelDescription">Brief alerts when VPN connects or disconnects</string>
    <string name="tvNoFileBrowser">Please install a file management utility to browse files</string>
 </resources>
@@ -26,6 +26,8 @@ import android.os.ParcelFileDescriptor
 import android.os.SystemClock
 import android.provider.OpenableColumns
 import android.provider.Settings
 import android.view.InputDevice
 import android.view.KeyEvent
 import android.view.MotionEvent
 import android.view.View
 import android.view.ViewGroup
@@ -73,6 +75,8 @@ private const val OPEN_FILE_ACTION_CODE = 3
 private const val CHECK_NOTIFICATION_PERMISSION_ACTION_CODE = 4
 private const val PREFS_NOTIFICATION_PERMISSION_ASKED = "NOTIFICATION_PERMISSION_ASKED"
 private const val OPEN_FILE_AFTER_RESUME_DELAY_MS = 400L
 private const val KEY_PENDING_OPEN_FILE_URI = "pending_open_file_uri"
 class AmneziaActivity : QtActivity() {
@@ -89,6 +93,12 @@ class AmneziaActivity : QtActivity() {
    private val actionResultHandlers = mutableMapOf<Int, ActivityResultHandler>()
    private val permissionRequestHandlers = mutableMapOf<Int, PermissionRequestHandler>()
    private var isActivityResumed = false
    private var hasWindowFocus = false
    private val resumeHandler = Handler(Looper.getMainLooper())
    private var pendingOpenFileUri: String? = null
    private var openFileDeliveryScheduled = false
    private val vpnServiceEventHandler: Handler by lazy(NONE) {
        object : Handler(Looper.getMainLooper()) {
            override fun handleMessage(msg: Message) {
@@ -190,11 +200,18 @@ class AmneziaActivity : QtActivity() {
                doBindService()
            }
        )
        pendingOpenFileUri = savedInstanceState?.getString(KEY_PENDING_OPEN_FILE_URI)
        openFileDeliveryScheduled = false
        registerBroadcastReceivers()
        intent?.let(::processIntent)
        runBlocking { vpnProto = proto.await() }
    }
    override fun onSaveInstanceState(outState: Bundle) {
        super.onSaveInstanceState(outState)
        pendingOpenFileUri?.let { outState.putString(KEY_PENDING_OPEN_FILE_URI, it) }
    }
    private fun loadLibs() {
        listOf(
            "rsapss",
@@ -260,6 +277,11 @@ class AmneziaActivity : QtActivity() {
    }
    override fun onStop() {
        isActivityResumed = false
        hasWindowFocus = false
        // Cancel all pending operations when activity stops
        resumeHandler.removeCallbacksAndMessages(null)
        openFileDeliveryScheduled = false
        Log.d(TAG, "Stop Amnezia activity")
        doUnbindService()
        mainScope.launch {
@@ -271,35 +293,129 @@ class AmneziaActivity : QtActivity() {
    override fun onWindowFocusChanged(hasFocus: Boolean) {
        super.onWindowFocusChanged(hasFocus)
        hasWindowFocus = hasFocus
        Log.d(TAG, "Window focus changed: hasFocus=$hasFocus")
        if (!hasFocus) {
            // Cancel pending operations if window loses focus
            resumeHandler.removeCallbacksAndMessages(null)
        } else if (isActivityResumed && Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
            window.decorView.apply {
                invalidate()
                resumeHandler.postDelayed({
                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
                        sendTouch(1f, 1f)
                    }
                }, 50)
                resumeHandler.postDelayed({
                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
                        sendTouch(2f, 2f)
                        requestLayout()
                        invalidate()
                    }
                }, 150)
            }
        }
    }
    override fun dispatchKeyEvent(event: KeyEvent): Boolean {
        val keyCode = event.keyCode
        val pressed = event.action == KeyEvent.ACTION_DOWN
        when (keyCode) {
            KeyEvent.KEYCODE_BUTTON_A,
            KeyEvent.KEYCODE_BUTTON_B,
            KeyEvent.KEYCODE_BUTTON_X,
            KeyEvent.KEYCODE_BUTTON_Y,
            KeyEvent.KEYCODE_BUTTON_START,
            KeyEvent.KEYCODE_BUTTON_SELECT -> {
                    nativeGamepadKeyEvent(0, keyCode, pressed)
                    return true
            }
            KeyEvent.KEYCODE_DPAD_CENTER,
            KeyEvent.KEYCODE_DPAD_UP,
            KeyEvent.KEYCODE_DPAD_DOWN,
            KeyEvent.KEYCODE_DPAD_LEFT,
            KeyEvent.KEYCODE_DPAD_RIGHT -> {
                    val syntheticKeyCode = if (keyCode == KeyEvent.KEYCODE_DPAD_CENTER) KeyEvent.KEYCODE_ENTER else keyCode
                    val synthetic = KeyEvent(
                        event.downTime, event.eventTime, event.action, syntheticKeyCode,
                        event.repeatCount, event.metaState, -1, event.scanCode,
                        event.flags, InputDevice.SOURCE_KEYBOARD
                    )
                    return super.dispatchKeyEvent(synthetic)
            }
        }
        return super.dispatchKeyEvent(event)
    }
    private external fun nativeGamepadKeyEvent(deviceId: Int, keyCode: Int, pressed: Boolean)
    override fun onPause() {
        // Notify Qt to stop rendering BEFORE super.onPause() destroys the EGL surface.
        // Using a coroutine here would be too late — the surface is gone by the time
        // the coroutine runs. A direct synchronous call gives Qt's render thread the
        // best chance to process visible=false before surface destruction.
        if (qtInitialized.isCompleted) {
            QtAndroidController.onActivityPaused()
        }
        super.onPause()
        isActivityResumed = false
        // Cancel all pending operations when activity pauses
        resumeHandler.removeCallbacksAndMessages(null)
        openFileDeliveryScheduled = false
        Log.d(TAG, "Pause Amnezia activity")
    }
    override fun onResume() {
        super.onResume()
-       /* if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+        isActivityResumed = true
        Log.d(TAG, "Resume Amnezia activity")
        if (qtInitialized.isCompleted) {
            QtAndroidController.onActivityResumed()
        }
        if (pendingOpenFileUri != null && !openFileDeliveryScheduled) {
            val uri = pendingOpenFileUri!!
            openFileDeliveryScheduled = true
            resumeHandler.postDelayed({
                if (!isFinishing && !isDestroyed) {
                    pendingOpenFileUri = null
                    openFileDeliveryScheduled = false
                    mainScope.launch {
                        qtInitialized.await()
                        QtAndroidController.onFileOpened(uri)
                    }
                }
            }, OPEN_FILE_AFTER_RESUME_DELAY_MS)
        }
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
            window.decorView.apply {
                invalidate()
-                postDelayed({
+                resumeHandler.postDelayed({
                    // Check if activity is still resumed and has focus before executing
                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
                        sendTouch(1f, 1f)
                    }
                }, 100)
-                postDelayed({
+                resumeHandler.postDelayed({
                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
                        sendTouch(2f, 2f)
                    }
                }, 200)
-                postDelayed({
+                resumeHandler.postDelayed({
                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
                        requestLayout()
                        invalidate()
                    }
                }, 250)
            }
-        }  */      
+        }
        Log.d(TAG, "Resume Amnezia activity")
    }
    private fun configureWindowForEdgeToEdge() {
@@ -362,6 +478,10 @@ class AmneziaActivity : QtActivity() {
    }
    override fun onDestroy() {
        isActivityResumed = false
        hasWindowFocus = false
        // Cancel all pending operations when activity is destroyed
        resumeHandler.removeCallbacksAndMessages(null)
        Log.d(TAG, "Destroy Amnezia activity")
        unregisterBroadcastReceiver(notificationStateReceiver)
        notificationStateReceiver = null
@@ -687,11 +807,15 @@ class AmneziaActivity : QtActivity() {
                            grantUriPermission(packageName, this, Intent.FLAG_GRANT_READ_URI_PERMISSION)
                        }?.toString() ?: ""
                        Log.v(TAG, "Open file: $uri")
                        if (uri.isNotEmpty()) {
                            pendingOpenFileUri = uri
                        } else {
                            mainScope.launch {
                                qtInitialized.await()
                                QtAndroidController.onFileOpened(uri)
                            }
                        }
                    }
                ))
            } catch (_: ActivityNotFoundException) {
                showNoFileBrowserAlertDialog()
@@ -718,7 +842,7 @@ class AmneziaActivity : QtActivity() {
    @Suppress("unused")
    fun getFd(fileName: String): Int {
        Log.v(TAG, "Get fd for $fileName")
-        return blockingCall {
+        return blockingCall(Dispatchers.IO) {
            try {
                pfd = contentResolver.openFileDescriptor(Uri.parse(fileName), "r")
                pfd?.fd ?: -1
@@ -882,6 +1006,12 @@ class AmneziaActivity : QtActivity() {
    @Suppress("unused")
    fun isNotificationPermissionGranted(): Boolean = applicationContext.isNotificationPermissionGranted()
    /** Called from Qt (AndroidController) — CLI-570 VPN connect/disconnect heads-up. */
    @Suppress("unused")
    fun showVpnStateNotification(title: String, message: String) {
        ServiceNotification.showVpnStateEvent(applicationContext, title, message)
    }
    @Suppress("unused")
    fun requestNotificationPermission() {
        val shouldShowPreRequest = shouldShowRequestPermissionRationale(Manifest.permission.POST_NOTIFICATIONS)
@@ -26,6 +26,9 @@ private const val OLD_NOTIFICATION_CHANNEL_ID: String = "org.amnezia.vpn.notific
 private const val NOTIFICATION_CHANNEL_ID: String = "org.amnezia.vpn.notifications"
 const val NOTIFICATION_ID = 1337
 const val VPN_STATE_EVENT_NOTIFICATION_ID = 1338
 private const val VPN_STATE_EVENT_CHANNEL_ID = "org.amnezia.vpn.vpn_state_events"
 private const val GET_ACTIVITY_REQUEST_CODE = 0
 private const val CONNECT_REQUEST_CODE = 1
 private const val DISCONNECT_REQUEST_CODE = 2
@@ -162,8 +165,42 @@ class ServiceNotification(private val context: Context) {
                        .setDescription(context.resources.getString(R.string.notificationChannelDescription))
                        .build()
                )
                createNotificationChannel(
                    Builder(VPN_STATE_EVENT_CHANNEL_ID, NotificationManagerCompat.IMPORTANCE_DEFAULT)
                        .setShowBadge(false)
                        .setSound(null, null)
                        .setVibrationEnabled(false)
                        .setLightsEnabled(false)
                        .setName(context.getString(R.string.vpnStateEventChannelName))
                        .setDescription(context.getString(R.string.vpnStateEventChannelDescription))
                        .build()
                )
            }
        }
        /** Brief alert when VPN connects or disconnects (invoked from Qt via AmneziaActivity). */
        fun showVpnStateEvent(context: Context, title: String, message: String) {
            if (!context.isNotificationPermissionGranted()) return
            val nm = NotificationManagerCompat.from(context)
            val notification = NotificationCompat.Builder(context, VPN_STATE_EVENT_CHANNEL_ID)
                .setSmallIcon(R.drawable.ic_amnezia_round)
                .setContentTitle(title)
                .setContentText(message)
                .setPriority(NotificationCompat.PRIORITY_DEFAULT)
                .setCategory(NotificationCompat.CATEGORY_STATUS)
                .setAutoCancel(true)
                .setOnlyAlertOnce(true)
                .setContentIntent(
                    PendingIntent.getActivity(
                        context,
                        GET_ACTIVITY_REQUEST_CODE,
                        Intent(context, AmneziaActivity::class.java),
                        PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
                    )
                )
                .build()
            nm.notify(VPN_STATE_EVENT_NOTIFICATION_ID, notification)
        }
    }
 }
@@ -1,7 +1,10 @@
 package org.amnezia.vpn
 import android.content.ActivityNotFoundException
 import android.content.Context
 import android.content.Intent
 import android.content.pm.PackageManager
 import android.os.Build
 import android.os.Bundle
 import androidx.activity.ComponentActivity
 import androidx.activity.result.contract.ActivityResultContracts
@@ -11,8 +14,29 @@ private const val TAG = "TvFilePicker"
 class TvFilePicker : ComponentActivity() {
-    private val fileChooseResultLauncher = registerForActivityResult(ActivityResultContracts.GetContent()) {
+    private val fileChooseResultLauncher = registerForActivityResult(object : ActivityResultContracts.OpenDocument() {
-        setResult(RESULT_OK, Intent().apply { data = it })
+        override fun createIntent(context: Context, input: Array<String>): Intent {
            val intent = super.createIntent(context, input)
            val activitiesToResolveIntent = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
                context.packageManager.queryIntentActivities(intent, PackageManager.ResolveInfoFlags.of(PackageManager.MATCH_DEFAULT_ONLY.toLong()))
            } else {
                @Suppress("DEPRECATION")
                context.packageManager.queryIntentActivities(intent, PackageManager.MATCH_DEFAULT_ONLY)
            }
            if (activitiesToResolveIntent.all {
                    val name = it.activityInfo.packageName
                    name.startsWith("com.google.android.tv.frameworkpackagestubs") || name.startsWith("com.android.tv.frameworkpackagestubs")
                }) {
                throw ActivityNotFoundException()
            }
            return intent
        }
    }) {
        setResult(RESULT_OK, Intent().apply {
            data = it
            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
        })
        finish()
    }
@@ -31,7 +55,7 @@ class TvFilePicker : ComponentActivity() {
    private fun getFile() {
        try {
            Log.v(TAG, "getFile")
-            fileChooseResultLauncher.launch("*/*")
+            fileChooseResultLauncher.launch(arrayOf("*/*"))
        } catch (_: ActivityNotFoundException) {
            Log.w(TAG, "Activity not found")
            setResult(RESULT_CANCELED, Intent().apply { putExtra("activityNotFound", true) })
@@ -31,4 +31,7 @@ object QtAndroidController {
    external fun onImeInsetsChanged(heightDp: Int)
    external fun onSystemBarsInsetsChanged(navBarHeightDp: Int, statusBarHeightDp: Int)
    external fun onActivityPaused()
    external fun onActivityResumed()
 }
@@ -83,6 +83,26 @@ add_compile_definitions(_WINSOCKAPI_)
 set(BUILD_SHARED_LIBS OFF CACHE BOOL "" FORCE)
 set(BUILD_WITH_QT6 ON)
 add_subdirectory(${CLIENT_ROOT_DIR}/3rd/qtkeychain)
 if(ANDROID)
    # Use qtgamepad from amnezia-vpn/qtgamepad repository
    # Only if Qt6CorePrivate is available (required by qtgamepad)
    find_package(Qt6CorePrivate CONFIG QUIET)
    if(Qt6CorePrivate_FOUND)
        add_subdirectory(${CLIENT_ROOT_DIR}/3rd/qtgamepad)
        # Link both the C++ module and QML plugin
        if(TARGET GamepadLegacy)
            target_link_libraries(${PROJECT} PRIVATE GamepadLegacy)
        endif()
        if(TARGET GamepadLegacyQuickPrivate)
            target_link_libraries(${PROJECT} PRIVATE GamepadLegacyQuickPrivate)
        endif()
        message(STATUS "Gamepad support enabled for Android")
    else()
        message(STATUS "Qt6CorePrivate not found. Gamepad support disabled for Android.")
    endif()
 endif()
 set(LIBS ${LIBS} qt6keychain)
 include_directories(
@@ -121,6 +121,7 @@ target_sources(${PROJECT} PRIVATE
    ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/ScreenProtection.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/VPNCController.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/StoreKit2Helper.swift
 )
 target_sources(${PROJECT} PRIVATE
@@ -32,6 +32,7 @@ set(LIBS ${LIBS}
 set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/macos_ne_vpn_notification.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller_wrapper.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosnotificationhandler.h
@@ -43,6 +44,7 @@ set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_contro
 set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/macos_ne_vpn_notification.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller_wrapper.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosnotificationhandler.mm
@@ -131,6 +133,7 @@ target_sources(${PROJECT} PRIVATE
    ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/ScreenProtection.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/VPNCController.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/StoreKit2Helper.swift
 )
 target_sources(${PROJECT} PRIVATE
@@ -163,7 +166,7 @@ add_custom_command(TARGET ${PROJECT} POST_BUILD
    COMMAND ${CMAKE_COMMAND} -E make_directory
            $<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks
    COMMAND /usr/bin/find "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks/OpenVPNAdapter.framework" -name "*.sha256" -delete
-    COMMAND /usr/bin/codesign --force --sign "Apple Distribution"
+    COMMAND /usr/bin/codesign --force --sign "Apple Distribution: Privacy Technologies OU"
            "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks/OpenVPNAdapter.framework/Versions/Current/OpenVPNAdapter"
    COMMAND ${QT_BIN_DIR_DETECTED}/macdeployqt $<TARGET_BUNDLE_DIR:AmneziaVPN> -appstore-compliant -qmldir=${CMAKE_CURRENT_SOURCE_DIR}
    COMMENT "Signing OpenVPNAdapter framework"
@@ -45,10 +45,13 @@ if(NOT IOS AND NOT MACOS_NE)
    )
 endif()
 if(NOT ANDROID)
 set(HEADERS ${HEADERS}
        ${CLIENT_ROOT_DIR}/ui/notificationhandler.h
 )
 if(ANDROID)
    set(HEADERS ${HEADERS}
        ${CLIENT_ROOT_DIR}/platforms/android/android_notificationhandler.h
    )
 endif()
 set(SOURCES ${SOURCES}
@@ -109,10 +112,13 @@ if(APPLE AND NOT IOS)
    )
 endif()
 if(NOT ANDROID)
 set(SOURCES ${SOURCES}
        ${CLIENT_ROOT_DIR}/ui/notificationhandler.cpp
 )
 if(ANDROID)
    set(SOURCES ${SOURCES}
        ${CLIENT_ROOT_DIR}/platforms/android/android_notificationhandler.cpp
    )
 endif()
 file(GLOB COMMON_FILES_H CONFIGURE_DEPENDS ${CLIENT_ROOT_DIR}/*.h)
@@ -181,7 +187,6 @@ if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
    set(HEADERS ${HEADERS}
        ${CLIENT_ROOT_DIR}/core/ipcclient.h
        ${CLIENT_ROOT_DIR}/core/privileged_process.h
        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.h
        ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.h
        ${CLIENT_ROOT_DIR}/protocols/openvpnovercloakprotocol.h
@@ -194,7 +199,6 @@ if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
    set(SOURCES ${SOURCES}
        ${CLIENT_ROOT_DIR}/core/ipcclient.cpp
        ${CLIENT_ROOT_DIR}/core/privileged_process.cpp
        ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.cpp
        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.cpp
        ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.cpp
@@ -10,8 +10,10 @@ namespace apiDefs
        AmneziaFreeV3,
        AmneziaPremiumV1,
        AmneziaPremiumV2,
        AmneziaTrialV2,
        SelfHosted,
-        ExternalPremium
+        ExternalPremium,
        ExternalTrial
    };
    enum ConfigSource {
@@ -32,6 +34,7 @@ namespace apiDefs
        constexpr QLatin1String stackType("stack_type");
        constexpr QLatin1String serviceType("service_type");
        constexpr QLatin1String cliVersion("cli_version");
        constexpr QLatin1String cliName("cli_name");
        constexpr QLatin1String supportedProtocols("supported_protocols");
        constexpr QLatin1String vpnKey("vpn_key");
@@ -53,8 +56,13 @@ namespace apiDefs
        constexpr QLatin1String activeDeviceCount("active_device_count");
        constexpr QLatin1String maxDeviceCount("max_device_count");
        constexpr QLatin1String subscriptionEndDate("subscription_end_date");
        constexpr QLatin1String subscriptionExpiredByServer("subscription_expired_by_server");
        constexpr QLatin1String subscription("subscription");
        constexpr QLatin1String endDate("end_date");
        constexpr QLatin1String issuedConfigs("issued_configs");
        constexpr QLatin1String subscriptionDescription("subscription_description");
        constexpr QLatin1String termsOfUseUrl("terms_of_use_url");
        constexpr QLatin1String privacyPolicyUrl("privacy_policy_url");
        constexpr QLatin1String supportInfo("support_info");
        constexpr QLatin1String email("email");
@@ -69,6 +77,7 @@ namespace apiDefs
        constexpr QLatin1String transactionId("transaction_id");
        constexpr QLatin1String isTestPurchase("is_test_purchase");
        constexpr QLatin1String isInAppPurchase("is_in_app_purchase");
        constexpr QLatin1String userCountryCode("user_country_code");
@@ -3,11 +3,32 @@
 #include <QDateTime>
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QJsonValue>
 namespace
 {
    const QByteArray AMNEZIA_CONFIG_SIGNATURE = QByteArray::fromHex("000000ff");
    constexpr QLatin1String unprocessableSubscriptionMessage("Failed to retrieve subscription information. Is it activated?");
    QDateTime subscriptionEndUtcFromString(const QString &subscriptionEndDate)
    {
        if (subscriptionEndDate.isEmpty()) {
            return {};
        }
        QDateTime endDate = QDateTime::fromString(subscriptionEndDate, Qt::ISODateWithMs).toUTC();
        if (!endDate.isValid()) {
            endDate = QDateTime::fromString(subscriptionEndDate, Qt::ISODate).toUTC();
        }
        return endDate;
    }
    QString apiErrorMessageFromJson(const QJsonObject &jsonObj)
    {
        const QJsonValue value = jsonObj.value(QStringLiteral("message"));
        return value.isString() ? value.toString().trimmed() : QString();
    }
    QString escapeUnicode(const QString &input)
    {
        QString output;
@@ -24,9 +45,30 @@ namespace
 bool apiUtils::isSubscriptionExpired(const QString &subscriptionEndDate)
 {
-    QDateTime now = QDateTime::currentDateTimeUtc();
+    if (subscriptionEndDate.isEmpty()) {
-    QDateTime endDate = QDateTime::fromString(subscriptionEndDate, Qt::ISODateWithMs);
+        return false;
-    return endDate < now;
+    }
    const QDateTime endDate = subscriptionEndUtcFromString(subscriptionEndDate);
    if (!endDate.isValid()) {
        return false;
    }
    return endDate <= QDateTime::currentDateTimeUtc();
 }
 bool apiUtils::isSubscriptionExpiringSoon(const QString &subscriptionEndDate, int withinDays)
 {
    if (subscriptionEndDate.isEmpty()) {
        return false;
    }
    const QDateTime endDate = subscriptionEndUtcFromString(subscriptionEndDate);
    if (!endDate.isValid()) {
        return false;
    }
    const QDateTime nowUtc = QDateTime::currentDateTimeUtc();
    if (endDate <= nowUtc) {
        return false;
    }
    return endDate <= nowUtc.addDays(withinDays);
 }
 bool apiUtils::isServerFromApi(const QJsonObject &serverConfigObject)
@@ -58,18 +100,24 @@ apiDefs::ConfigType apiUtils::getConfigType(const QJsonObject &serverConfigObjec
    };
    case apiDefs::ConfigSource::AmneziaGateway: {
        constexpr QLatin1String servicePremium("amnezia-premium");
        constexpr QLatin1String serviceTrial("amnezia-trial");
        constexpr QLatin1String serviceFree("amnezia-free");
        constexpr QLatin1String serviceExternalPremium("external-premium");
        constexpr QLatin1String serviceExternalTrial("external-trial");
        auto apiConfigObject = serverConfigObject.value(apiDefs::key::apiConfig).toObject();
        auto serviceType = apiConfigObject.value(apiDefs::key::serviceType).toString();
        if (serviceType == servicePremium) {
            return apiDefs::ConfigType::AmneziaPremiumV2;
        } else if (serviceType == serviceTrial) {
            return apiDefs::ConfigType::AmneziaTrialV2;
        } else if (serviceType == serviceFree) {
            return apiDefs::ConfigType::AmneziaFreeV3;
        } else if (serviceType == serviceExternalPremium) {
            return apiDefs::ConfigType::ExternalPremium;
        } else if (serviceType == serviceExternalTrial) {
            return apiDefs::ConfigType::ExternalTrial;
        }
    }
    default: {
@@ -90,39 +138,53 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
    const int httpStatusCodeConflict = 409;
    const int httpStatusCodeNotFound = 404;
    const int httpStatusCodeNotImplemented = 501;
    const int httpStatusCodePaymentRequired = 402;
    const int httpStatusCodeUnprocessableEntity = 422;
    if (!sslErrors.empty()) {
        qDebug().noquote() << sslErrors;
        return amnezia::ErrorCode::ApiConfigSslError;
-    } else if (replyError == QNetworkReply::NoError) {
+    }
    if (replyError == QNetworkReply::NoError) {
        return amnezia::ErrorCode::NoError;
-    } else if (replyError == QNetworkReply::NetworkError::OperationCanceledError
+    }
    if (replyError == QNetworkReply::NetworkError::OperationCanceledError
        || replyError == QNetworkReply::NetworkError::TimeoutError) {
        qDebug() << replyError;
        return amnezia::ErrorCode::ApiConfigTimeoutError;
-    } else if (replyError == QNetworkReply::NetworkError::OperationNotImplementedError) {
+    }
    if (replyError == QNetworkReply::NetworkError::OperationNotImplementedError) {
        qDebug() << replyError;
        return amnezia::ErrorCode::ApiUpdateRequestError;
-    } else {
+    }
    qDebug() << QString::fromUtf8(responseBody);
    qDebug() << replyError;
    qDebug() << replyErrorString;
    qDebug() << httpStatusCode;
        int httpStatusFromBody = -1;
    QJsonDocument jsonDoc = QJsonDocument::fromJson(responseBody);
    if (jsonDoc.isObject()) {
        QJsonObject jsonObj = jsonDoc.object();
-            httpStatusFromBody = jsonObj.value("http_status").toInt(-1);
+        const int httpStatusFromBody = jsonObj.value(QStringLiteral("http_status")).toInt(-1);
        }
        if (httpStatusFromBody == httpStatusCodeConflict) {
            return amnezia::ErrorCode::ApiConfigLimitError;
-        } else if (httpStatusFromBody == httpStatusCodeNotFound) {
+        }
        if (httpStatusFromBody == httpStatusCodeNotFound) {
            return amnezia::ErrorCode::ApiNotFoundError;
-        } else if (httpStatusFromBody == httpStatusCodeNotImplemented) {
+        }
        if (httpStatusFromBody == httpStatusCodeNotImplemented) {
            return amnezia::ErrorCode::ApiUpdateRequestError;
        }
        if (httpStatusFromBody == httpStatusCodeUnprocessableEntity) {
            if (apiErrorMessageFromJson(jsonObj) == unprocessableSubscriptionMessage) {
                return amnezia::ErrorCode::ApiSubscriptionExpiredError;
            }
            return amnezia::ErrorCode::ApiConfigDownloadError;
        }
        if (httpStatusFromBody == httpStatusCodePaymentRequired) {
            return amnezia::ErrorCode::ApiSubscriptionNotActiveError;
        }
        return amnezia::ErrorCode::ApiConfigDownloadError;
    }
@@ -133,7 +195,8 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
 bool apiUtils::isPremiumServer(const QJsonObject &serverConfigObject)
 {
    static const QSet<apiDefs::ConfigType> premiumTypes = { apiDefs::ConfigType::AmneziaPremiumV1, apiDefs::ConfigType::AmneziaPremiumV2,
-                                                            apiDefs::ConfigType::ExternalPremium };
+                                                            apiDefs::ConfigType::AmneziaTrialV2, apiDefs::ConfigType::ExternalPremium,
                                                            apiDefs::ConfigType::ExternalTrial };
    return premiumTypes.contains(getConfigType(serverConfigObject));
 }
@@ -177,7 +240,9 @@ QString apiUtils::getPremiumV1VpnKey(const QJsonObject &serverConfigObject)
 QString apiUtils::getPremiumV2VpnKey(const QJsonObject &serverConfigObject)
 {
-    if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV2) {
+    auto configType = apiUtils::getConfigType(serverConfigObject);
    if (configType != apiDefs::ConfigType::AmneziaPremiumV2 && configType != apiDefs::ConfigType::AmneziaTrialV2
        && configType != apiDefs::ConfigType::ExternalPremium && configType != apiDefs::ConfigType::ExternalTrial) {
        return {};
    }
@@ -13,6 +13,8 @@ namespace apiUtils
    bool isSubscriptionExpired(const QString &subscriptionEndDate);
    bool isSubscriptionExpiringSoon(const QString &subscriptionEndDate, int withinDays = 10);
    bool isPremiumServer(const QJsonObject &serverConfigObject);
    apiDefs::ConfigType getConfigType(const QJsonObject &serverConfigObject);
@@ -8,6 +8,11 @@
    #include "platforms/android/android_controller.h"
 #endif
 // SystemTrayNotificationHandler exists only on desktop + macOS NE builds (see client/cmake/sources.cmake).
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
    #include "ui/systemtray_notificationhandler.h"
 #endif
 #if defined(Q_OS_IOS)
    #include "platforms/ios/ios_controller.h"
    #include <AmneziaVPN-Swift.h>
@@ -91,6 +96,12 @@ void CoreController::initModels()
    m_apiServicesModel.reset(new ApiServicesModel(this));
    m_engine->rootContext()->setContextProperty("ApiServicesModel", m_apiServicesModel.get());
    m_apiSubscriptionPlansModel.reset(new ApiSubscriptionPlansModel(this));
    m_engine->rootContext()->setContextProperty("ApiSubscriptionPlansModel", m_apiSubscriptionPlansModel.get());
    m_apiBenefitsModel.reset(new ApiBenefitsModel(this));
    m_engine->rootContext()->setContextProperty("ApiBenefitsModel", m_apiBenefitsModel.get());
    m_apiCountryModel.reset(new ApiCountryModel(this));
    m_engine->rootContext()->setContextProperty("ApiCountryModel", m_apiCountryModel.get());
@@ -135,7 +146,7 @@ void CoreController::initControllers()
            new SettingsController(m_serversModel, m_containersModel, m_languageModel, m_sitesModel, m_appSplitTunnelingModel, m_settings));
    m_engine->rootContext()->setContextProperty("SettingsController", m_settingsController.get());
-    m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
+    m_sitesController.reset(new SitesController(m_settings, m_sitesModel));
    m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());
    m_allowedDnsController.reset(new AllowedDnsController(m_settings, m_allowedDnsModel));
@@ -151,8 +162,11 @@ void CoreController::initControllers()
            new ApiSettingsController(m_serversModel, m_apiAccountInfoModel, m_apiCountryModel, m_apiDevicesModel, m_settings));
    m_engine->rootContext()->setContextProperty("ApiSettingsController", m_apiSettingsController.get());
-    m_apiConfigsController.reset(new ApiConfigsController(m_serversModel, m_apiServicesModel, m_settings));
+    m_apiConfigsController.reset(
            new ApiConfigsController(m_serversModel, m_apiServicesModel, m_apiSubscriptionPlansModel, m_apiBenefitsModel, m_settings));
    m_engine->rootContext()->setContextProperty("ApiConfigsController", m_apiConfigsController.get());
    connect(m_apiConfigsController.get(), &ApiConfigsController::subscriptionRefreshNeeded,
            this, [this]() { m_apiSettingsController->getAccountInfo(false); });
    m_apiNewsController.reset(new ApiNewsController(m_newsModel, m_settings, m_serversModel, this));
    m_engine->rootContext()->setContextProperty("ApiNewsController", m_apiNewsController.get());
@@ -233,7 +247,6 @@ void CoreController::initSignalHandlers()
 void CoreController::initNotificationHandler()
 {
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
    m_notificationHandler.reset(NotificationHandler::create(nullptr));
    connect(m_vpnConnection.get(), &VpnConnection::connectionStateChanged, m_notificationHandler.get(),
@@ -246,8 +259,10 @@ void CoreController::initNotificationHandler()
            &ConnectionController::closeConnection);
    connect(this, &CoreController::translationsUpdated, m_notificationHandler.get(), &NotificationHandler::onTranslationsUpdated);
-    auto* trayHandler = qobject_cast<SystemTrayNotificationHandler*>(m_notificationHandler.get());
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
    if (auto *trayHandler = qobject_cast<SystemTrayNotificationHandler *>(m_notificationHandler.get())) {
        connect(this, &CoreController::websiteUrlChanged, trayHandler, &SystemTrayNotificationHandler::updateWebsiteUrl);
    }
 #endif
 }
@@ -368,7 +383,11 @@ void CoreController::initPrepareConfigHandler()
            return;
        }
-        if (!m_installController->isConfigValid()) {
+        m_installController->validateConfig();
    });
    connect(m_installController.get(), &InstallController::configValidated, this, [this](bool isValid) {
        if (!isValid) {
            emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
            return;
        }
@@ -5,9 +5,7 @@
 #include <QQmlContext>
 #include <QThread>
-#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
+#include "ui/notificationhandler.h"
    #include "ui/systemtray_notificationhandler.h"
 #endif
 #include "ui/controllers/api/apiConfigsController.h"
 #include "ui/controllers/api/apiSettingsController.h"
@@ -32,9 +30,11 @@
    #include "ui/models/protocols/ikev2ConfigModel.h"
 #endif
 #include "ui/models/api/apiAccountInfoModel.h"
 #include "ui/models/api/apiBenefitsModel.h"
 #include "ui/models/api/apiCountryModel.h"
 #include "ui/models/api/apiDevicesModel.h"
 #include "ui/models/api/apiServicesModel.h"
 #include "ui/models/api/apiSubscriptionPlansModel.h"
 #include "ui/models/appSplitTunnelingModel.h"
 #include "ui/models/clientManagementModel.h"
 #include "ui/models/protocols/awgConfigModel.h"
@@ -49,10 +49,6 @@
 #include "ui/models/sites_model.h"
 #include "ui/models/newsModel.h"
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
    #include "ui/notificationhandler.h"
 #endif
 class CoreController : public QObject
 {
    Q_OBJECT
@@ -99,9 +95,7 @@ private:
    QSharedPointer<VpnConnection> m_vpnConnection;
    QSharedPointer<QTranslator> m_translator;
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
    QScopedPointer<NotificationHandler> m_notificationHandler;
 #endif
    QMetaObject::Connection m_reloadConfigErrorOccurredConnection;
@@ -133,6 +127,8 @@ private:
    QSharedPointer<ClientManagementModel> m_clientManagementModel;
    QSharedPointer<ApiServicesModel> m_apiServicesModel;
    QSharedPointer<ApiSubscriptionPlansModel> m_apiSubscriptionPlansModel;
    QSharedPointer<ApiBenefitsModel> m_apiBenefitsModel;
    QSharedPointer<ApiCountryModel> m_apiCountryModel;
    QSharedPointer<ApiAccountInfoModel> m_apiAccountInfoModel;
    QSharedPointer<ApiDevicesModel> m_apiDevicesModel;
@@ -44,8 +44,11 @@ namespace
    constexpr int httpStatusCodeNotFound = 404;
    constexpr int httpStatusCodeConflict = 409;
    constexpr int httpStatusCodeNotImplemented = 501;
    constexpr int httpStatusCodePaymentRequired = 402;
    constexpr int httpStatusCodeUnprocessableEntity = 422;
    constexpr QLatin1String unprocessableSubscriptionMessage("Failed to retrieve subscription information. Is it activated?");
 }
 GatewayController::GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
@@ -333,11 +336,20 @@ QStringList GatewayController::getProxyUrls(const QString &serviceType, const QS
    QStringList baseUrls;
    if (m_isDevEnvironment) {
-        baseUrls = QString(DEV_S3_ENDPOINT).split(", ");
+        baseUrls = QString(DEV_S3_ENDPOINT).split(", ", Qt::SkipEmptyParts);
    } else {
-        baseUrls = QString(PROD_S3_ENDPOINT).split(", ");
+        baseUrls = QString(PROD_S3_ENDPOINT).split(", ", Qt::SkipEmptyParts);
    }
    if (baseUrls.empty()) {
        qDebug() << "empty storage endpoint list";
        return {};
    }
    std::random_device randomDevice;
    std::mt19937 generator(randomDevice());
    std::shuffle(baseUrls.begin(), baseUrls.end(), generator);
    QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
    QStringList proxyStorageUrls;
@@ -412,12 +424,14 @@ bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &rep
 {
    const QByteArray &responseBody = decryptedResponseBody;
-    int httpStatus = -1;
+    int apiHttpStatus = -1;
    QString apiErrorMessage;
    if (isDecryptionSuccessful) {
        QJsonDocument jsonDoc = QJsonDocument::fromJson(responseBody);
        if (jsonDoc.isObject()) {
            QJsonObject jsonObj = jsonDoc.object();
-            httpStatus = jsonObj.value("http_status").toInt(-1);
+            apiHttpStatus = jsonObj.value("http_status").toInt(-1);
            apiErrorMessage = jsonObj.value(QStringLiteral("message")).toString().trimmed();
        }
    } else {
        qDebug() << "failed to decrypt the data";
@@ -428,10 +442,12 @@ bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &rep
        qDebug() << "timeout occurred";
        qDebug() << replyError;
        return true;
-    } else if (responseBody.contains("html")) {
+    } 
    if (responseBody.contains("html")) {
        qDebug() << "the response contains an html tag";
        return true;
-    } else if (httpStatus == httpStatusCodeNotFound) {
+    } 
    if (apiHttpStatus == httpStatusCodeNotFound) {
        if (responseBody.contains(errorResponsePattern1) || responseBody.contains(errorResponsePattern2)
            || responseBody.contains(errorResponsePattern3)) {
            return false;
@@ -439,16 +455,25 @@ bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &rep
            qDebug() << replyError;
            return true;
        }
-    } else if (httpStatus == httpStatusCodeNotImplemented) {
+    } 
    if (apiHttpStatus == httpStatusCodeNotImplemented) {
        if (responseBody.contains(updateRequestResponsePattern)) {
            return false;
        } else {
            qDebug() << replyError;
            return true;
        }
-    } else if (httpStatus == httpStatusCodeConflict) {
+    } 
    if (apiHttpStatus == httpStatusCodeConflict) {
        return false;
-    } else if (replyError != QNetworkReply::NetworkError::NoError) {
+    } 
    if (apiHttpStatus == httpStatusCodePaymentRequired) {
        return false;
    } 
    if (apiHttpStatus == httpStatusCodeUnprocessableEntity) {
        return apiErrorMessage != unprocessableSubscriptionMessage;
    } 
    if (replyError != QNetworkReply::NetworkError::NoError) {
        qDebug() << replyError;
        return true;
    }
@@ -419,6 +419,18 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent
                      cbReadStdOut, cbReadStdErr);
    qDebug().noquote() << "ServerController::installDockerWorker" << stdOut;
    if (container == DockerContainer::Awg2) {
        QRegularExpression regex(R"(Linux\s+(\d+)\.(\d+)[^\d]*)");
        QRegularExpressionMatch match = regex.match(stdOut);
        if (match.hasMatch()) {
            int majorVersion = match.captured(1).toInt();
            int minorVersion = match.captured(2).toInt();
            if (majorVersion < 4 || (majorVersion == 4 && minorVersion < 14)) {
                return ErrorCode::ServerLinuxKernelTooOld;
            }
        }
    }
    if (stdOut.contains("lock"))
        return ErrorCode::ServerPacketManagerError;
    if (stdOut.contains("command not found"))
@@ -61,6 +61,7 @@ namespace amnezia
        ServerDockerOnCgroupsV2 = 211,
        ServerCgroupMountpoint = 212,
        DockerPullRateLimit = 213,
        ServerLinuxKernelTooOld = 214,
        // Ssh connection errors
        SshRequestDeniedError = 300,
@@ -122,6 +123,8 @@ namespace amnezia
        ApiUpdateRequestError = 1111,
        ApiSubscriptionExpiredError = 1112,
        ApiPurchaseError = 1113,
        ApiSubscriptionNotActiveError = 1114,
        ApiNoPurchasedSubscriptionsError = 1115,
        // QFile errors
        OpenError = 1200,
@@ -29,6 +29,7 @@ QString errorString(ErrorCode code) {
    case(ErrorCode::ServerDockerOnCgroupsV2): errorMessage = QObject::tr("Docker error: runc doesn't work on cgroups v2"); break;
    case(ErrorCode::ServerCgroupMountpoint): errorMessage = QObject::tr("Server error: cgroup mountpoint does not exist"); break;
    case(ErrorCode::DockerPullRateLimit): errorMessage = QObject::tr("Docker error: The pull rate limit has been reached"); break;
    case(ErrorCode::ServerLinuxKernelTooOld): errorMessage = QObject::tr("Server error: Linux kernel is too old"); break;
    // Libssh errors
    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
@@ -79,6 +80,8 @@ QString errorString(ErrorCode code) {
    case (ErrorCode::ApiUpdateRequestError): errorMessage = QObject::tr("Please update the application to use this feature"); break;
    case (ErrorCode::ApiSubscriptionExpiredError): errorMessage = QObject::tr("Your Amnezia Premium subscription has expired.\n Please check your email for renewal instructions.\n If you haven't received an email, please contact our support."); break;
    case (ErrorCode::ApiPurchaseError): errorMessage = QObject::tr("Unable to process purchase"); break;
    case (ErrorCode::ApiSubscriptionNotActiveError): errorMessage = QObject::tr("No active subscription found"); break;
    case (ErrorCode::ApiNoPurchasedSubscriptionsError): errorMessage = QObject::tr("No purchased subscriptions found. Please purchase a subscription first"); break;
    // QFile errors
    case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;
@@ -7,7 +7,6 @@ IpcClient::IpcClient(QObject *parent) : QObject(parent)
 {
    m_node.connectToNode(QUrl("local:" + amnezia::getIpcServiceUrl()));
    m_interface.reset(m_node.acquire<IpcInterfaceReplica>());
    m_tun2socks.reset(m_node.acquire<IpcProcessTun2SocksReplica>());
 }
 IpcClient& IpcClient::Instance()
@@ -33,68 +32,43 @@ QSharedPointer<IpcInterfaceReplica> IpcClient::Interface()
    return rep;
 }
-QSharedPointer<IpcProcessTun2SocksReplica> IpcClient::InterfaceTun2Socks()
+QSharedPointer<IpcProcessInterfaceReplica> IpcClient::CreatePrivilegedProcess()
 {
-    QSharedPointer<IpcProcessTun2SocksReplica> rep = Instance().m_tun2socks;
+    return withInterface([](QSharedPointer<IpcInterfaceReplica> &iface) -> QSharedPointer<IpcProcessInterfaceReplica> {
-    if (rep.isNull()) {
+        auto createPrivilegedProcess = iface->createPrivilegedProcess();
-        qCritical() << "IpcClient::InterfaceTun2Socks: Replica is undefined";
+        if (!createPrivilegedProcess.waitForFinished()) {
            qCritical() << "Failed to create privileged process";
            return nullptr;
        }
-    if (!rep->waitForSource(1000)) {
+
-        qCritical() << "IpcClient::InterfaceTun2Socks: Failed to initialize replica";
+        const int pid = createPrivilegedProcess.returnValue();
        auto* node = new QRemoteObjectNode();
        node->connectToNode(QUrl(QString("local:%1").arg(amnezia::getIpcProcessUrl(pid))));
        QSharedPointer<IpcProcessInterfaceReplica> rep(
            node->acquire<IpcProcessInterfaceReplica>(),
            [node] (IpcProcessInterfaceReplica *ptr) {
                delete ptr;
                node->deleteLater();
            }
        );
        if (rep.isNull()) {
            qCritical() << "IpcClient::CreatePrivilegedProcess(): Failed to acquire replica";
            return nullptr;
        }
        if (!rep->waitForSource()) {
            qCritical() << "IpcClient::CreatePrivilegedProcess(): Failed to initialize replica";
            return nullptr;
        }
        if (!rep->isReplicaValid()) {
-        qWarning() << "IpcClient::InterfaceTun2Socks(): Replica is invalid";
+            qCritical() << "IpcClient::CreatePrivilegedProcess(): Replica is invalid";
            return nullptr;
        }
        return rep;
-}
+    },
-
+    []() -> QSharedPointer<IpcProcessInterfaceReplica> {
 QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()
 {
    QSharedPointer<IpcInterfaceReplica> rep = Interface();
    if (!rep) {
        qCritical() << "IpcClient::createPrivilegedProcess: Replica is invalid";
        return nullptr;
    }
    QRemoteObjectPendingReply<int> pidReply = rep->createPrivilegedProcess();
    if (!pidReply.waitForFinished(5000)){
        qCritical() << "IpcClient::createPrivilegedProcess: Failed to execute RO createPrivilegedProcess call";
        return nullptr;
    }
    int pid = pidReply.returnValue();
    QSharedPointer<ProcessDescriptor> pd(new ProcessDescriptor());
    pd->localSocket.reset(new QLocalSocket(pd->replicaNode.data()));
    connect(pd->localSocket.data(), &QLocalSocket::connected, pd->replicaNode.data(), [pd]() {
        pd->replicaNode->addClientSideConnection(pd->localSocket.data());
        IpcProcessInterfaceReplica *repl = pd->replicaNode->acquire<IpcProcessInterfaceReplica>();
        // TODO: rework the unsafe cast below
        PrivilegedProcess *priv = static_cast<PrivilegedProcess *>(repl);
        pd->ipcProcess.reset(priv);
        if (!pd->ipcProcess) {
            qWarning() << "Acquire PrivilegedProcess failed";
        } else {
            pd->ipcProcess->waitForSource(1000);
            if (!pd->ipcProcess->isReplicaValid()) {
                qWarning() << "PrivilegedProcess replica is not connected!";
            }
            QObject::connect(pd->ipcProcess.data(), &PrivilegedProcess::destroyed, pd->ipcProcess.data(),
                             [pd]() { pd->replicaNode->deleteLater(); });
        }
    });
    pd->localSocket->connectToServer(amnezia::getIpcProcessUrl(pid));
    if (!pd->localSocket->waitForConnected()) {
        qCritical() << "IpcClient::createPrivilegedProcess: Failed to connect to process' socket";
        return nullptr;
    }
    auto processReplica = QSharedPointer<PrivilegedProcess>(pd->ipcProcess);
    return processReplica;
 }
@@ -5,9 +5,7 @@
 #include <QObject>
 #include "rep_ipc_interface_replica.h"
-#include "rep_ipc_process_tun2socks_replica.h"
+#include "rep_ipc_process_interface_replica.h"
 #include "privileged_process.h"
 class IpcClient : public QObject
 {
@@ -18,8 +16,7 @@ public:
    static IpcClient& Instance();
    static QSharedPointer<IpcInterfaceReplica> Interface();
-    static QSharedPointer<IpcProcessTun2SocksReplica> InterfaceTun2Socks();
+    static QSharedPointer<IpcProcessInterfaceReplica> CreatePrivilegedProcess();
    static QSharedPointer<PrivilegedProcess> CreatePrivilegedProcess();
    template <typename Func>
    static auto withInterface(Func func)
@@ -54,18 +51,6 @@ signals:
 private:
    QRemoteObjectNode m_node;
    QSharedPointer<IpcInterfaceReplica> m_interface;
    QSharedPointer<IpcProcessTun2SocksReplica> m_tun2socks;
    struct ProcessDescriptor {
        ProcessDescriptor () {
            replicaNode = QSharedPointer<QRemoteObjectNode>(new QRemoteObjectNode());
            ipcProcess = QSharedPointer<PrivilegedProcess>();
            localSocket = QSharedPointer<QLocalSocket>();
        }
        QSharedPointer<PrivilegedProcess> ipcProcess;
        QSharedPointer<QRemoteObjectNode> replicaNode;
        QSharedPointer<QLocalSocket> localSocket;
    };
 };
 #endif // IPCCLIENT_H
@@ -1,27 +0,0 @@
 #include "privileged_process.h"
 PrivilegedProcess::PrivilegedProcess() :
    IpcProcessInterfaceReplica()
 {
 }
 PrivilegedProcess::~PrivilegedProcess()
 {
    qDebug() << "PrivilegedProcess::~PrivilegedProcess()";
 }
 void PrivilegedProcess::waitForFinished(int msecs)
 {
    QSharedPointer<QEventLoop> loop(new QEventLoop);
    connect(this, &PrivilegedProcess::finished, this, [this, loop](int exitCode, QProcess::ExitStatus exitStatus) mutable{
        loop->quit();
        loop.clear();
    });
    QTimer::singleShot(msecs, this, [this, loop]() mutable {
        loop->quit();
        loop.clear();
    });
    loop->exec();
 }
@@ -1,24 +0,0 @@
 #ifndef PRIVILEGED_PROCESS_H
 #define PRIVILEGED_PROCESS_H
 #include <QObject>
 #include "rep_ipc_process_interface_replica.h"
 // This class is dangerous - instance of this class casted from base class,
 // so it support only functions
 // Do not add any members into it
 //
 class PrivilegedProcess : public IpcProcessInterfaceReplica
 {
    Q_OBJECT
 public:
    PrivilegedProcess();
    ~PrivilegedProcess() override;
    void waitForFinished(int msecs);
 };
 #endif // PRIVILEGED_PROCESS_H
@@ -0,0 +1,6 @@
 <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
 <path d="M15 21V17C15 16.4696 15.2107 15.9609 15.5858 15.5858C15.9609 15.2107 16.4696 15 17 15H21" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 <path d="M7 4V6C7.21572 6.61347 7.62494 7.14024 8.16602 7.50096C8.7071 7.86168 9.35075 8.03682 10 8V8C10.5304 8 11.0391 8.21071 11.4142 8.58579C11.7893 8.96086 12 9.46957 12 10C12 10.5304 12.2107 11.0391 12.5858 11.4142C12.9609 11.7893 13.4696 12 14 12C14.5304 12 15.0391 11.7893 15.4142 11.4142C15.7893 11.0391 16 10.5304 16 10C16 9.46957 16.2107 8.96086 16.5858 8.58579C16.9609 8.21071 17.4696 8 18 8H21" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 <path d="M3 11H5C5.53043 11 6.03914 11.2107 6.41421 11.5858C6.78929 11.9609 7 12.4696 7 13V14C7 14.5304 7.21071 15.0391 7.58579 15.4142C7.96086 15.7893 8.46957 16 9 16C9.53043 16 10.0391 16.2107 10.4142 16.5858C10.7893 16.9609 11 17.4696 11 18V22" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 <path d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 </svg>
@@ -0,0 +1,3 @@
 <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
 <path d="M18.1777 8C23.2737 8 23.2737 16 18.1777 16C13.0827 16 11.0447 8 5.43875 8C0.85375 8 0.85375 16 5.43875 16C11.0447 16 13.0828 8 18.1788 8H18.1777Z" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 </svg>
@@ -0,0 +1,4 @@
 <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
 <path d="M17 2H7C5.89543 2 5 2.89543 5 4V20C5 21.1046 5.89543 22 7 22H17C18.1046 22 19 21.1046 19 20V4C19 2.89543 18.1046 2 17 2Z" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 <path d="M12 18H12.01" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 </svg>
@@ -270,12 +270,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
             && !wgConfig.value(amnezia::config_key::initPacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::responsePacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::underloadPacketMagicHeader).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()
+             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()) {
             && !wgConfig.value(amnezia::config_key::specialJunk1).isUndefined()
             && !wgConfig.value(amnezia::config_key::specialJunk2).isUndefined()
             && !wgConfig.value(amnezia::config_key::specialJunk3).isUndefined()
             && !wgConfig.value(amnezia::config_key::specialJunk4).isUndefined()
             && !wgConfig.value(amnezia::config_key::specialJunk5).isUndefined()) {
    json.insert(amnezia::config_key::junkPacketCount, wgConfig.value(amnezia::config_key::junkPacketCount));
    json.insert(amnezia::config_key::junkPacketMinSize, wgConfig.value(amnezia::config_key::junkPacketMinSize));
    json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
@@ -72,9 +72,9 @@ void NetworkWatcher::initialize() {
  connect(m_impl, &NetworkWatcherImpl::unsecuredNetwork, this,
          &NetworkWatcher::unsecuredNetwork);
  connect(m_impl, &NetworkWatcherImpl::networkChanged, this,
-          &NetworkWatcher::networkChange);
+          &NetworkWatcher::networkChanged);
-  connect(m_impl, &NetworkWatcherImpl::sleepMode, this,
+  connect(m_impl, &NetworkWatcherImpl::wakeup, this,
-          &NetworkWatcher::onSleepMode);
+          &NetworkWatcher::wakeup);
  m_impl->initialize();
  // Enable sleep/wake monitoring for VPN auto-reconnection
@@ -97,12 +97,6 @@ void NetworkWatcher::settingsChanged() {
  logger.debug() << "NetworkWatcher settings changed - keeping sleep monitoring active";
 }
 void NetworkWatcher::onSleepMode()
 {
  logger.debug() << "Resumed from sleep mode";
  emit sleepMode();
 }
 void NetworkWatcher::unsecuredNetwork(const QString& networkName,
                                      const QString& networkId) {
  logger.debug() << "Unsecured network:" << logger.sensitive(networkName)
@@ -29,13 +29,11 @@ public:
    // false to restore.
    void simulateDisconnection(bool simulatedDisconnection);
    void onSleepMode();
    QNetworkInformation::Reachability getReachability();
 signals:
-    void networkChange();
+    void networkChanged();
-    void sleepMode();
+    void wakeup();
 private:
    void settingsChanged();
@@ -41,7 +41,7 @@ signals:
    // TODO: Only windows-networkwatcher has this, the other plattforms should
    // too.
    void networkChanged(QString newBSSID);
-    void sleepMode();
+    void wakeup();
 private:
@@ -101,7 +101,9 @@ bool AndroidController::initialize()
        {"onAuthResult", "(Z)V", reinterpret_cast<void *>(onAuthResult)},
        {"decodeQrCode", "(Ljava/lang/String;)Z", reinterpret_cast<bool *>(decodeQrCode)},
        {"onImeInsetsChanged", "(I)V", reinterpret_cast<void *>(onImeInsetsChanged)},
-        {"onSystemBarsInsetsChanged", "(II)V", reinterpret_cast<void *>(onSystemBarsInsetsChanged)}
+        {"onSystemBarsInsetsChanged", "(II)V", reinterpret_cast<void *>(onSystemBarsInsetsChanged)},
        {"onActivityPaused", "()V", reinterpret_cast<void *>(onActivityPaused)},
        {"onActivityResumed", "()V", reinterpret_cast<void *>(onActivityResumed)}
    };
    QJniEnvironment env;
@@ -305,6 +307,16 @@ void AndroidController::requestNotificationPermission()
    callActivityMethod("requestNotificationPermission", "()V");
 }
 void AndroidController::showVpnStateNotification(const QString &title, const QString &message)
 {
    if (!isNotificationPermissionGranted()) {
        return;
    }
    callActivityMethod("showVpnStateNotification", "(Ljava/lang/String;Ljava/lang/String;)V",
                       QJniObject::fromString(title).object<jstring>(),
                       QJniObject::fromString(message).object<jstring>());
 }
 bool AndroidController::requestAuthentication()
 {
    QEventLoop wait;
@@ -558,3 +570,22 @@ void AndroidController::onSystemBarsInsetsChanged(JNIEnv *env, jobject thiz, jin
    emit AndroidController::instance()->systemBarsInsetsChanged(navBarHeightDp, statusBarHeightDp);
 }
 // static
 void AndroidController::onActivityPaused(JNIEnv *env, jobject thiz)
 {
    Q_UNUSED(env);
    Q_UNUSED(thiz);
    emit AndroidController::instance()->activityPaused();
 }
 // static
 void AndroidController::onActivityResumed(JNIEnv *env, jobject thiz)
 {
    Q_UNUSED(env);
    Q_UNUSED(thiz);
    emit AndroidController::instance()->activityResumed();
 }
@@ -53,6 +53,7 @@ public:
    QPixmap getAppIcon(const QString &package, QSize *size, const QSize &requestedSize);
    bool isNotificationPermissionGranted();
    void requestNotificationPermission();
    void showVpnStateNotification(const QString &title, const QString &message);
    bool requestAuthentication();
    void sendTouch(float x, float y);
@@ -75,6 +76,8 @@ signals:
    void authenticationResult(bool result);
    void imeInsetsChanged(int heightDp);
    void systemBarsInsetsChanged(int navBarHeightDp, int statusBarHeightDp);
    void activityPaused();
    void activityResumed();
 private:
    bool isWaitingStatus = true;
@@ -105,6 +108,8 @@ private:
    static bool decodeQrCode(JNIEnv *env, jobject thiz, jstring data);
    static void onImeInsetsChanged(JNIEnv *env, jobject thiz, jint heightDp);
    static void onSystemBarsInsetsChanged(JNIEnv *env, jobject thiz, jint navBarHeightDp, jint statusBarHeightDp);
    static void onActivityPaused(JNIEnv *env, jobject thiz);
    static void onActivityResumed(JNIEnv *env, jobject thiz);
    template <typename Ret, typename ...Args>
    static auto callActivityMethod(const char *methodName, const char *signature, Args &&...args);
@@ -0,0 +1,19 @@
 #include "android_notificationhandler.h"
 #include "android_controller.h"
 AndroidNotificationHandler::AndroidNotificationHandler(QObject *parent)
    : NotificationHandler(parent)
 {
 }
 void AndroidNotificationHandler::notify(Message type, const QString &title, const QString &message, int timerMsec)
 {
    Q_UNUSED(type);
    Q_UNUSED(timerMsec);
    // Permission is checked on the Kotlin side as well; avoid JNI if already denied.
    if (!AndroidController::instance()->isNotificationPermissionGranted()) {
        return;
    }
    AndroidController::instance()->showVpnStateNotification(title, message);
 }
@@ -0,0 +1,16 @@
 #ifndef ANDROID_NOTIFICATIONHANDLER_H
 #define ANDROID_NOTIFICATIONHANDLER_H
 #include "ui/notificationhandler.h"
 class AndroidNotificationHandler final : public NotificationHandler {
    Q_OBJECT
 public:
    explicit AndroidNotificationHandler(QObject *parent = nullptr);
 protected:
    void notify(Message type, const QString &title, const QString &message, int timerMsec) override;
 };
 #endif // ANDROID_NOTIFICATIONHANDLER_H
@@ -126,8 +126,7 @@ extension PacketTunnelProvider {
        }
        vpnReachability.startTracking { [weak self] status in
-            guard status == .reachableViaWiFi else { return }
+            self?.handleOpenVPNReachabilityChange(status)
            self?.ovpnAdapter?.reconnect(afterTimeInterval: 5)
        }
        startHandler = completionHandler
@@ -21,6 +21,44 @@ extension Constants {
 }
 extension PacketTunnelProvider {
    private func applyXraySplitTunnel(_ xrayConfig: XrayConfig,
                                      settings: NEPacketTunnelNetworkSettings) {
        guard let splitTunnelType = xrayConfig.splitTunnelType else {
            return
        }
        guard let splitTunnelSites = xrayConfig.splitTunnelSites else {
            xrayLog(.error, message: "Split tunnel sites are not set")
            return
        }
        if splitTunnelType == 1 {
            var ipv4IncludedRoutes = [NEIPv4Route]()
            for allowedIPString in splitTunnelSites {
                if let allowedIP = IPAddressRange(from: allowedIPString) {
                    ipv4IncludedRoutes.append(NEIPv4Route(
                        destinationAddress: "\(allowedIP.address)",
                        subnetMask: "\(allowedIP.subnetMask())"))
                }
            }
            settings.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
        } else if splitTunnelType == 2 {
            var ipv4ExcludedRoutes = [NEIPv4Route]()
            for excludedIPString in splitTunnelSites {
                if let excludedIP = IPAddressRange(from: excludedIPString) {
                    ipv4ExcludedRoutes.append(NEIPv4Route(
                        destinationAddress: "\(excludedIP.address)",
                        subnetMask: "\(excludedIP.subnetMask())"))
                }
            }
            settings.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes
        }
    }
    func startXray(completionHandler: @escaping (Error?) -> Void) {
        // Xray configuration
@@ -72,6 +110,7 @@ extension PacketTunnelProvider {
            settings.dnsSettings = !dnsArray.isEmpty
            ? NEDNSSettings(servers: dnsArray)
            : NEDNSSettings(servers: ["1.1.1.1"])
            applyXraySplitTunnel(xrayConfig, settings: settings)
            let xrayConfigData = xrayConfig.config.data(using: .utf8)
@@ -41,10 +41,15 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
    var ovpnAdapter: OpenVPNAdapter?
    private lazy var openVPNPacketFlowAdapter = PacketTunnelFlowAdapter(flow: packetFlow)
    private let pathMonitorQueue = DispatchQueue(label: Constants.processQueueName + ".path-monitor")
    private let networkChangeQueue = DispatchQueue(label: Constants.processQueueName + ".network-change")
    private let pathMonitor = NWPathMonitor()
    private var didReceiveInitialPathUpdate = false
    private var currentPath: Network.NWPath?
    private var currentPathSignature: String?
    private var pendingOpenVPNReconnectWorkItem: DispatchWorkItem?
    private var pendingNetworkChangeWorkItem: DispatchWorkItem?
    private var isApplyingNetworkChange = false
    private var lastOpenVPNReachabilityStatus: OpenVPNReachabilityStatus?
    var splitTunnelType: Int?
    var splitTunnelSites: [String]?
@@ -78,14 +83,22 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            guard hasMeaningfulChange, let proto = self.protoType else { return }
-            // WireGuard/AWG manages network changes internally; avoid restarting the tunnel here.
+            // WireGuard/AWG manages network changes internally in its own adapter.
            if proto == .wireguard {
                return
            }
-            DispatchQueue.main.async {
+            if proto == .openvpn {
-                self.handle(networkChange: path) { _ in }
+                self.scheduleOpenVPNReconnect(reason: "NWPath changed")
                return
            }
            if self.isApplyingNetworkChange || self.reasserting {
                xrayLog(.debug, message: "Ignoring path change while xray restart is in progress")
                return
            }
            self.scheduleNetworkChangeHandling(for: proto, path: path)
        }
        pathMonitor.start(queue: pathMonitorQueue)
@@ -197,6 +210,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            return
        }
        cancelPendingOpenVPNReconnect()
        cancelPendingNetworkChangeHandling()
        didReceiveInitialPathUpdate = false
        updateActiveInterfaceIndexForCurrentPath()
@@ -215,6 +230,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
    override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
        cancelPendingOpenVPNReconnect()
        cancelPendingNetworkChangeHandling()
        guard let protoType else {
            completionHandler()
            return
@@ -259,9 +277,111 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
    }
    private func handle(networkChange changePath: Network.NWPath, completion: @escaping (Error?) -> Void) {
        guard protoType == .xray else {
            updateActiveInterfaceIndex(for: changePath)
-        wg_log(.info, message: "Tunnel restarted.")
+            completion(nil)
-        startTunnel(options: nil, completionHandler: completion)
+            return
        }
        updateActiveInterfaceIndex(for: changePath)
        reasserting = true
        xrayLog(.info, message: "Applying network change to xray tunnel")
        stopXray { }
        startXray { [weak self] error in
            self?.reasserting = false
            completion(error)
        }
    }
    private func scheduleNetworkChangeHandling(for proto: TunnelProtoType, path: Network.NWPath) {
        guard proto == .xray else { return }
        pendingNetworkChangeWorkItem?.cancel()
        let workItem = DispatchWorkItem { [weak self] in
            guard let self else { return }
            self.pendingNetworkChangeWorkItem = nil
            if self.isApplyingNetworkChange || self.reasserting {
                xrayLog(.debug, message: "Skipping network change while restart is already in progress")
                return
            }
            self.isApplyingNetworkChange = true
            DispatchQueue.main.async {
                self.handle(networkChange: path) { [weak self] _ in
                    self?.networkChangeQueue.async {
                        self?.isApplyingNetworkChange = false
                    }
                }
            }
        }
        pendingNetworkChangeWorkItem = workItem
        networkChangeQueue.asyncAfter(deadline: .now() + 1.0, execute: workItem)
    }
    private func scheduleOpenVPNReconnect(reason: String) {
        guard protoType == .openvpn else { return }
        pendingOpenVPNReconnectWorkItem?.cancel()
        let workItem = DispatchWorkItem { [weak self] in
            guard let self else { return }
            self.pendingOpenVPNReconnectWorkItem = nil
            guard self.protoType == .openvpn else { return }
            if self.reasserting {
                ovpnLog(.debug, message: "Skipping OpenVPN reconnect while session is already reasserting")
                return
            }
            DispatchQueue.main.async { [weak self] in
                guard let self else { return }
                guard !self.reasserting else {
                    ovpnLog(.debug, message: "Skipping OpenVPN reconnect while session is already reasserting")
                    return
                }
                ovpnLog(.info, message: "\(reason), reconnecting OpenVPN session")
                self.ovpnAdapter?.reconnect(afterTimeInterval: 1)
            }
        }
        pendingOpenVPNReconnectWorkItem = workItem
        networkChangeQueue.asyncAfter(deadline: .now() + 1.0, execute: workItem)
    }
    func handleOpenVPNReachabilityChange(_ status: OpenVPNReachabilityStatus) {
        defer { lastOpenVPNReachabilityStatus = status }
        guard let previousStatus = lastOpenVPNReachabilityStatus else {
            return
        }
        guard previousStatus != status else {
            return
        }
        switch status {
        case .reachableViaWiFi, .reachableViaWWAN:
            scheduleOpenVPNReconnect(reason: "Reachability changed")
        default:
            break
        }
    }
    private func cancelPendingOpenVPNReconnect() {
        pendingOpenVPNReconnectWorkItem?.cancel()
        pendingOpenVPNReconnectWorkItem = nil
        lastOpenVPNReachabilityStatus = nil
    }
    private func cancelPendingNetworkChangeHandling() {
        pendingNetworkChangeWorkItem?.cancel()
        pendingNetworkChangeWorkItem = nil
        isApplyingNetworkChange = false
    }
 }
@@ -271,8 +391,14 @@ private extension PacketTunnelProvider {
        signatureComponents.append(path.isExpensive ? "exp" : "noexp")
        signatureComponents.append(path.isConstrained ? "con" : "nocon")
-        let preferredTypes: [NWInterface.InterfaceType] = [.wiredEthernet, .wifi, .cellular, .loopback, .other]
+        // Ignore loopback and tunnel-style `.other` interfaces so Xray does not
-        let sortedInterfaces = path.availableInterfaces.sorted { lhs, rhs in
+        // react to its own utun lifecycle as if the physical uplink changed.
        let preferredTypes: [NWInterface.InterfaceType] = [.wiredEthernet, .wifi, .cellular]
        let externalInterfaces = path.availableInterfaces.filter { interface in
            interface.type == .wiredEthernet || interface.type == .wifi || interface.type == .cellular
        }
        let sortedInterfaces = externalInterfaces.sorted { lhs, rhs in
            if lhs.type == rhs.type {
                return lhs.index < rhs.index
            }
@@ -293,8 +419,8 @@ private extension PacketTunnelProvider {
            case .wiredEthernet: typeName = "ethernet"
            case .wifi: typeName = "wifi"
            case .cellular: typeName = "cellular"
-            case .loopback: typeName = "loopback"
+            case .loopback, .other:
-            case .other: typeName = "other"
+                continue
            @unknown default: typeName = "unknown"
            }
            signatureComponents.append("\(typeName):\(interface.index)")
@@ -0,0 +1,178 @@
 import Foundation
 import StoreKit
@available(iOS 15.0, macOS 12.0, *)
@objcMembers
 public class StoreKit2Helper: NSObject {
    public static let shared = StoreKit2Helper()
    private static let errorDomain = "StoreKit2Helper"
    private struct EntitlementInfo {
        let transactionId: UInt64
        let originalTransactionId: UInt64
        let productId: String
        let purchaseDate: Date
        var dictionary: NSDictionary {
            [
                "transactionId": String(transactionId),
                "originalTransactionId": String(originalTransactionId),
                "productId": productId
            ]
        }
    }
    public func fetchCurrentEntitlements(completion: @escaping (Bool, [NSDictionary]?, NSError?) -> Void) {
        Task { @MainActor in
            do {
                try await AppStore.sync()
                var entitlements: [EntitlementInfo] = []
                for await result in Transaction.currentEntitlements {
                    switch result {
                    case .verified(let transaction):
                        entitlements.append(EntitlementInfo(transactionId: transaction.id,
                                                            originalTransactionId: transaction.originalID,
                                                            productId: transaction.productID,
                                                            purchaseDate: transaction.purchaseDate))
                    case .unverified(_, let error):
                        print("[IAP][StoreKit2] Unverified transaction skipped: \(error.localizedDescription)")
                    }
                }
                let sortedEntitlements = entitlements.sorted { lhs, rhs in
                    if lhs.purchaseDate != rhs.purchaseDate {
                        return lhs.purchaseDate > rhs.purchaseDate
                    }
                    return lhs.transactionId > rhs.transactionId
                }.map { $0.dictionary }
                completion(true, sortedEntitlements, nil)
            } catch {
                completion(false, nil, error as NSError)
            }
        }
    }
    public func purchaseProduct(productIdentifier: String, completion: @escaping (Bool, String?, String?, String?, NSError?) -> Void) {
        Task {
            do {
                let products = try await Product.products(for: [productIdentifier])
                guard let product = products.first else {
                    completePurchase(completion: completion, success: false, transactionId: nil, productId: nil, originalTransactionId: nil,
                                     error: makeError(code: 0, description: "Product not found"))
                    return
                }
                let result = try await product.purchase()
                switch result {
                case .success(let verification):
                    switch verification {
                    case .verified(let transaction):
                        await transaction.finish()
                        completePurchase(completion: completion, success: true, transactionId: String(transaction.id),
                                         productId: transaction.productID, originalTransactionId: String(transaction.originalID), error: nil)
                    case .unverified(_, let error):
                        completePurchase(completion: completion, success: false, transactionId: nil, productId: nil, originalTransactionId: nil,
                                         error: error as NSError)
                    }
                case .userCancelled:
                    completePurchase(completion: completion, success: false, transactionId: nil, productId: nil, originalTransactionId: nil,
                                     error: makeError(code: 1, description: "Purchase cancelled"))
                case .pending:
                    completePurchase(completion: completion, success: false, transactionId: nil, productId: nil, originalTransactionId: nil,
                                     error: makeError(code: 2, description: "Purchase pending"))
                @unknown default:
                    completePurchase(completion: completion, success: false, transactionId: nil, productId: nil, originalTransactionId: nil,
                                     error: makeError(code: 3, description: "Unknown purchase result"))
                }
            } catch {
                completePurchase(completion: completion, success: false, transactionId: nil, productId: nil, originalTransactionId: nil,
                                 error: error as NSError)
            }
        }
    }
    private func storefrontCurrencyCode(for product: Product) -> String {
        product.priceFormatStyle.locale.currencyCode ?? ""
    }
    private func subscriptionBillingMonths(_ period: Product.SubscriptionPeriod) -> Double {
        let periodValue = Double(period.value)
        switch period.unit {
        case .day:
            return periodValue / 30.0
        case .week:
            return periodValue * 7.0 / 30.0
        case .month:
            return periodValue
        case .year:
            return periodValue * 12.0
        @unknown default:
            return periodValue
        }
    }
    public func fetchProducts(identifiers: Set<String>, completion: @escaping ([NSDictionary], [String], NSError?) -> Void) {
        Task {
            do {
                let products = try await Product.products(for: identifiers)
                let productDicts = products.map { product in productDictionary(for: product) }
                let fetchedIds = Set(products.map { $0.id })
                let invalidIdentifiers = identifiers.filter { !fetchedIds.contains($0) }
                DispatchQueue.main.async { completion(productDicts, Array(invalidIdentifiers), nil) }
            } catch {
                DispatchQueue.main.async { completion([], Array(identifiers), error as NSError) }
            }
        }
    }
    private func makeError(code: Int, description: String) -> NSError {
        NSError(domain: Self.errorDomain, code: code, userInfo: [NSLocalizedDescriptionKey: description])
    }
    private func completePurchase(completion: @escaping (Bool, String?, String?, String?, NSError?) -> Void,
                                  success: Bool,
                                  transactionId: String?,
                                  productId: String?,
                                  originalTransactionId: String?,
                                  error: NSError?) {
        DispatchQueue.main.async {
            completion(success, transactionId, productId, originalTransactionId, error)
        }
    }
    private func productDictionary(for product: Product) -> NSDictionary {
        let currencyCode = storefrontCurrencyCode(for: product)
        var productData: [String: Any] = [
            "productId": product.id,
            "title": product.displayName,
            "description": product.description,
            "price": "\(product.price)",
            "displayPrice": product.displayPrice,
            "currencyCode": currencyCode,
            "priceAmount": NSDecimalNumber(decimal: product.price).doubleValue
        ]
        if let subscription = product.subscription {
            let billingMonths = subscriptionBillingMonths(subscription.subscriptionPeriod)
            productData["subscriptionBillingMonths"] = billingMonths
            if let perMonthPrice = displayPricePerMonth(for: product, billingMonths: billingMonths, currencyCode: currencyCode) {
                productData["displayPricePerMonth"] = perMonthPrice
            }
        }
        return productData as NSDictionary
    }
    private func displayPricePerMonth(for product: Product, billingMonths: Double, currencyCode: String) -> String? {
        if billingMonths <= 1e-6 {
            return nil
        }
        let perMonthPrice = product.price / Decimal(billingMonths)
        let formatter = NumberFormatter()
        formatter.numberStyle = .currency
        formatter.locale = product.priceFormatStyle.locale
        if !currencyCode.isEmpty {
            formatter.currencyCode = currencyCode
        }
        return formatter.string(from: NSDecimalNumber(decimal: perMonthPrice))
    }
 }
@@ -4,27 +4,20 @@
 #import "StoreKitController.h"
 #import <StoreKit/StoreKit.h>
 #import <AmneziaVPN-Swift.h>
 #include <QtCore/QDebug>
 #include <QtCore/QString>
-API_AVAILABLE(ios(15.0), macos(12.0))
+namespace
-@interface StoreKitController () <SKProductsRequestDelegate, SKPaymentTransactionObserver>
+{
-@property (nonatomic, copy) void (^purchaseCompletion)(BOOL success,
+QString toQString(NSString *value)
-                                                       NSString *_Nullable transactionId,
+{
-                                                       NSString *_Nullable productId,
+    return QString::fromUtf8((value ?: @"").UTF8String);
-                                                       NSString *_Nullable originalTransactionId,
+}
-                                                       NSError *_Nullable error);
+}
@property (nonatomic, copy) void (^restoreCompletion)(BOOL success,
                                                      NSArray<NSDictionary *> *_Nullable restoredTransactions,
                                                      NSError *_Nullable error);
@property (nonatomic, copy) void (^productsFetchCompletion)(NSArray<NSDictionary *> *products,
                                                            NSArray<NSString *> *invalidIdentifiers,
                                                            NSError *_Nullable error);
@property (nonatomic, strong) SKProductsRequest *productsRequest;
@property (nonatomic, strong) NSMutableArray<NSDictionary *> *restoredTransactions;
@end
 API_AVAILABLE(ios(15.0), macos(12.0))
@implementation StoreKitController
 + (instancetype)sharedInstance
@@ -42,17 +35,9 @@ API_AVAILABLE(ios(15.0), macos(12.0))
 - (instancetype)init API_AVAILABLE(ios(15.0), macos(12.0))
 {
    self = [super init];
    if (self) {
        [[SKPaymentQueue defaultQueue] addTransactionObserver:self];
    }
    return self;
 }
 - (void)dealloc
 {
    [[SKPaymentQueue defaultQueue] removeTransactionObserver:self];
 }
 - (void)purchaseProduct:(NSString *)productIdentifier
             completion:(void (^)(BOOL success,
                                  NSString *_Nullable transactionId,
@@ -60,41 +45,48 @@ API_AVAILABLE(ios(15.0), macos(12.0))
                                  NSString *_Nullable originalTransactionId,
                                  NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
 {
-    self.purchaseCompletion = completion;
+    qInfo().noquote() << "[IAP][StoreKit2] Starting purchase for" << QString::fromUtf8(productIdentifier.UTF8String);
-    
+    [[StoreKit2Helper shared] purchaseProductWithProductIdentifier:productIdentifier
-    qInfo().noquote() << "[IAP][StoreKit] Starting purchase for" << QString::fromUtf8(productIdentifier.UTF8String);
+                                                      completion:^(BOOL success,
-    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
+                                                                   NSString *transactionId,
-        [self performPurchaseAsync:productIdentifier];
+                                                                   NSString *productId,
-    });
+                                                                   NSString *originalTransactionId,
                                                                   NSError *error) {
        if (success) {
            qInfo().noquote() << "[IAP][StoreKit2] Purchase success. transactionId =" << toQString(transactionId)
                              << "originalTransactionId =" << toQString(originalTransactionId) << "productId =" << toQString(productId);
        } else if (error) {
            qWarning().noquote() << "[IAP][StoreKit2] Purchase failed:" << toQString(error.localizedDescription);
        }
-
+        if (completion) {
- (void)performPurchaseAsync:(NSString *)productIdentifier API_AVAILABLE(ios(15.0), macos(12.0))
+            completion(success, transactionId, productId, originalTransactionId, error);
 {
    dispatch_async(dispatch_get_main_queue(), ^{
        @try {
            SKProductsRequest *request = [[SKProductsRequest alloc] initWithProductIdentifiers:[NSSet setWithObject:productIdentifier]];
            request.delegate = self;
            [request start];
        } @catch (NSException *exception) {
            NSError *error = [NSError errorWithDomain:@"StoreKitController"
                                                 code:1
                                             userInfo:@{ NSLocalizedDescriptionKey : exception.reason ?: @"Purchase failed" }];
            if (self.purchaseCompletion) {
                self.purchaseCompletion(NO, nil, nil, nil, error);
                self.purchaseCompletion = nil;
        }
-        }
+    }];
    });
 }
 - (void)restorePurchasesWithCompletion:(void (^)(BOOL success,
                                                 NSArray<NSDictionary *> *_Nullable restoredTransactions,
                                                 NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
 {
-    self.restoreCompletion = completion;
+    [[StoreKit2Helper shared] fetchCurrentEntitlementsWithCompletion:^(BOOL success,
-    self.restoredTransactions = [NSMutableArray array];
+                                                                      NSArray<NSDictionary *> *entitlements,
-    [[SKPaymentQueue defaultQueue] restoreCompletedTransactions];
+                                                                      NSError *error) {
        if (success) {
            qInfo().noquote() << "[IAP][StoreKit2] currentEntitlements returned"
                              << (int)(entitlements ? entitlements.count : 0) << "active entitlements";
            for (NSDictionary *entitlement in entitlements) {
                qInfo().noquote() << "[IAP][StoreKit2] Active entitlement:"
                                  << "transactionId=" << toQString(entitlement[@"transactionId"])
                                  << "originalTransactionId=" << toQString(entitlement[@"originalTransactionId"])
                                  << "productId=" << toQString(entitlement[@"productId"]);
            }
        } else {
            qWarning().noquote() << "[IAP][StoreKit2] fetchCurrentEntitlements failed:" << toQString(error.localizedDescription);
        }
        if (completion) {
            completion(success, entitlements, error);
        }
    }];
 }
 - (void)fetchProductsWithIdentifiers:(NSSet<NSString *> *)productIdentifiers
@@ -102,163 +94,21 @@ API_AVAILABLE(ios(15.0), macos(12.0))
                                               NSArray<NSString *> *invalidIdentifiers,
                                               NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
 {
-    self.productsFetchCompletion = completion;
+    [[StoreKit2Helper shared] fetchProductsWithIdentifiers:productIdentifiers
-    self.productsRequest = [[SKProductsRequest alloc] initWithProductIdentifiers:productIdentifiers];
+                                               completion:^(NSArray<NSDictionary *> *products,
-    self.productsRequest.delegate = self;
+                                                            NSArray<NSString *> *invalidIdentifiers,
-    [self.productsRequest start];
+                                                            NSError *error) {
-}
+        if (!error) {
-
+            for (NSDictionary *productInfo in products) {
-#pragma mark - SKProductsRequestDelegate / SKRequestDelegate
+                qInfo().noquote() << "[IAP][StoreKit2] Fetched product info" << toQString(productInfo[@"productId"])
-
+                                  << "price=" << toQString(productInfo[@"price"])
- (void)productsRequest:(SKProductsRequest *)request didReceiveResponse:(SKProductsResponse *)response
+                                  << "currency=" << toQString(productInfo[@"currencyCode"]);
 {
    if (self.purchaseCompletion) {
        SKProduct *product = response.products.firstObject;
        if (!product) {
            NSError *error = [NSError errorWithDomain:@"StoreKitController"
                                                 code:0
                                             userInfo:@{ NSLocalizedDescriptionKey : @"Product not found" }];
            self.purchaseCompletion(NO, nil, nil, nil, error);
            self.purchaseCompletion = nil;
            self.productsRequest = nil;
            return;
        }
        NSString *currencyCode = [product.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @"";
        NSString *priceString = [product.price stringValue] ?: @"";
        qInfo().noquote() << "[IAP][StoreKit] Received product" << QString::fromUtf8(product.productIdentifier.UTF8String)
                          << "price=" << QString::fromUtf8(priceString.UTF8String)
                          << "currency=" << QString::fromUtf8(currencyCode.UTF8String);
        SKPayment *payment = [SKPayment paymentWithProduct:product];
        [[SKPaymentQueue defaultQueue] addPayment:payment];
        self.productsRequest = nil;
        return;
    }
    if (self.productsFetchCompletion) {
        NSMutableArray<NSDictionary *> *productDicts = [NSMutableArray array];
        for (SKProduct *p in response.products) {
            NSDictionary *productDict = @{
                @"productId": p.productIdentifier,
                @"title": p.localizedTitle,
                @"description": p.localizedDescription,
                @"price": p.price.stringValue,
                @"currencyCode": [p.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @""
            };
            [productDicts addObject:productDict];
            NSString *productCurrency = [p.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @"";
            NSString *productPrice = [p.price stringValue] ?: @"";
            qInfo().noquote() << "[IAP][StoreKit] Fetched product info" << QString::fromUtf8(p.productIdentifier.UTF8String)
                              << "price=" << QString::fromUtf8(productPrice.UTF8String)
                              << "currency=" << QString::fromUtf8(productCurrency.UTF8String);
        }
        self.productsFetchCompletion(productDicts, response.invalidProductIdentifiers, nil);
        self.productsFetchCompletion = nil;
        self.productsRequest = nil;
        return;
            }
        }
-
+        if (completion) {
- (void)request:(SKRequest *)request didFailWithError:(NSError *)error
+            completion(products ?: @[], invalidIdentifiers ?: @[], error);
 {
    if (self.purchaseCompletion) {
        self.purchaseCompletion(NO, nil, nil, nil, error);
        self.purchaseCompletion = nil;
    }
    if (self.productsFetchCompletion) {
        self.productsFetchCompletion(@[], @[], error);
        self.productsFetchCompletion = nil;
    }
    self.productsRequest = nil;
 }
 #pragma mark - SKPaymentTransactionObserver
 - (void)paymentQueue:(SKPaymentQueue *)queue updatedTransactions:(NSArray<SKPaymentTransaction *> *)transactions
 {
    for (SKPaymentTransaction *transaction in transactions) {
        switch (transaction.transactionState) {
        case SKPaymentTransactionStatePurchased: {
            NSString *originalTransactionId = transaction.originalTransaction.transactionIdentifier ?: transaction.transactionIdentifier;
            qInfo().noquote() << "[IAP][StoreKit] Transaction purchased" << QString::fromUtf8(transaction.transactionIdentifier.UTF8String)
                              << "original=" << QString::fromUtf8((originalTransactionId ?: @"").UTF8String)
                              << "product=" << QString::fromUtf8(transaction.payment.productIdentifier.UTF8String);
            if (self.purchaseCompletion) {
                self.purchaseCompletion(YES,
                                       transaction.transactionIdentifier,
                                       transaction.payment.productIdentifier,
                                       originalTransactionId,
                                       nil);
                self.purchaseCompletion = nil;
            }
            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
            break;
        }
        case SKPaymentTransactionStateFailed:
            qInfo().noquote() << "[IAP][StoreKit] Transaction failed" << QString::fromUtf8(transaction.transactionIdentifier.UTF8String)
                              << "product=" << QString::fromUtf8(transaction.payment.productIdentifier.UTF8String)
                              << "error=" << QString::fromUtf8(transaction.error.localizedDescription.UTF8String);
            if (self.purchaseCompletion) {
                self.purchaseCompletion(NO,
                                       transaction.transactionIdentifier,
                                       transaction.payment.productIdentifier,
                                       nil,
                                       transaction.error);
                self.purchaseCompletion = nil;
            }
            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
            break;
        case SKPaymentTransactionStateRestored: {
            if (self.restoreCompletion) {
                NSString *transactionId = transaction.transactionIdentifier ?: @"";
                NSString *originalTransactionId = transaction.originalTransaction.transactionIdentifier ?: transactionId;
                NSString *productId = transaction.payment.productIdentifier ?: @"";
                qInfo().noquote() << "[IAP][StoreKit] Transaction restored"
                                  << QString::fromUtf8(transactionId.UTF8String)
                                  << "original="
                                  << QString::fromUtf8((originalTransactionId ?: @"").UTF8String)
                                  << "product="
                                  << QString::fromUtf8((productId ?: @"").UTF8String);
                NSDictionary *info = @{
                    @"transactionId": transactionId,
                    @"originalTransactionId": originalTransactionId ?: @"",
                    @"productId": productId ?: @""
                };
                if (!self.restoredTransactions) {
                    self.restoredTransactions = [NSMutableArray array];
                }
                [self.restoredTransactions addObject:info];
            }
            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
            break;
        }
        case SKPaymentTransactionStatePurchasing:
        case SKPaymentTransactionStateDeferred: 
            break;
        }
    }
 }
 - (void)paymentQueueRestoreCompletedTransactionsFinished:(SKPaymentQueue *)queue
 {
    if (self.restoreCompletion) {
        NSArray<NSDictionary *> *transactions = [self.restoredTransactions copy];
        self.restoreCompletion(YES, transactions, nil);
        self.restoreCompletion = nil;
        self.restoredTransactions = nil;
    }
 }
 - (void)paymentQueue:(SKPaymentQueue *)queue restoreCompletedTransactionsFailedWithError:(NSError *)error
 {
    if (self.restoreCompletion) {
        self.restoreCompletion(NO, nil, error);
        self.restoreCompletion = nil;
        self.restoredTransactions = nil;
        }
    }];
 }
@end
@@ -3,5 +3,7 @@ import Foundation
 struct XrayConfig: Decodable {
    let dns1: String?
    let dns2: String?
    let splitTunnelType: Int?
    let splitTunnelSites: [String]?
    let config: String
 }
@@ -179,8 +179,9 @@ bool IosController::initialize()
    [NETunnelProviderManager loadAllFromPreferencesWithCompletionHandler:^(NSArray<NETunnelProviderManager *> * _Nullable managers, NSError * _Nullable error) {
        @try {
            if (error) {
-                qDebug() << "IosController::initialize : Error:" << [error.localizedDescription UTF8String];
+                qWarning() << "IosController::initialize : loadAllFromPreferences failed:"
-                emit connectionStateChanged(Vpn::ConnectionState::Error);
+                           << [error.localizedDescription UTF8String]
                           << "domain:" << [error.domain UTF8String] << "code:" << error.code;
                ok = false;
                return;
            }
@@ -397,7 +398,13 @@ void IosController::vpnStatusDidChange(void *pNotification)
 {
    NETunnelProviderSession *session = (NETunnelProviderSession *)pNotification;
-    if (session /* && session == TunnelManager.session */ ) {
+    if (!session) {
        return;
    }
    if (!m_currentTunnel || (NETunnelProviderSession *)m_currentTunnel.connection != session) {
        return;
    }
    qDebug() << "IosController::vpnStatusDidChange" << iosStatusToState(session.status) << session;
        if (session.status == NEVPNStatusDisconnected) {
@@ -513,7 +520,6 @@ void IosController::vpnStatusDidChange(void *pNotification)
        }
        emitConnectionStateIfChanged(nextState);
 }
 }
 void IosController::vpnConfigurationDidChange(void *pNotification)
 {
@@ -684,6 +690,15 @@ bool IosController::setupXray()
    QJsonObject finalConfig;
    finalConfig.insert(config_key::dns1, m_rawConfig[config_key::dns1].toString());
    finalConfig.insert(config_key::dns2, m_rawConfig[config_key::dns2].toString());
    finalConfig.insert(config_key::splitTunnelType, m_rawConfig[config_key::splitTunnelType]);
    QJsonArray splitTunnelSites = m_rawConfig[config_key::splitTunnelSites].toArray();
    for(int index = 0; index < splitTunnelSites.count(); index++) {
        splitTunnelSites[index] = splitTunnelSites[index].toString().remove(" ");
    }
    finalConfig.insert(config_key::splitTunnelSites, splitTunnelSites);
    finalConfig.insert(config_key::config, xrayConfigStr);
    QJsonDocument finalConfigDoc(finalConfig);
@@ -835,39 +850,49 @@ void IosController::startTunnel()
    m_rxBytes = 0;
    m_txBytes = 0;
-    [m_currentTunnel setEnabled:YES];
+    NETunnelProviderManager *tunnel = m_currentTunnel;
-
+    [tunnel setEnabled:YES];
    [m_currentTunnel saveToPreferencesWithCompletionHandler:^(NSError *saveError) {
        dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
    dispatch_async(dispatch_get_main_queue(), ^{
        [tunnel saveToPreferencesWithCompletionHandler:^(NSError *saveError) {
            dispatch_async(dispatch_get_main_queue(), ^{
                if (saveError) {
-                qDebug().nospace() << "IosController::startTunnel" << protocolName << ": Connect " << protocolName << " Tunnel Save Error" << saveError.localizedDescription.UTF8String;
+                    qDebug().nospace() << "IosController::startTunnel" << protocolName << ": Connect " << protocolName
                                       << " Tunnel Save Error" << saveError.localizedDescription.UTF8String << " domain:"
                                       << saveError.domain.UTF8String << " code:" << saveError.code;
                    emit connectionStateChanged(Vpn::ConnectionState::Error);
                    return;
                }
-            [m_currentTunnel loadFromPreferencesWithCompletionHandler:^(NSError *loadError) {
+                [tunnel loadFromPreferencesWithCompletionHandler:^(NSError *loadError) {
                    dispatch_async(dispatch_get_main_queue(), ^{
                        if (loadError) {
-                        qDebug().nospace() << "IosController::startTunnel :" << m_currentTunnel.localizedDescription << protocolName << ": Connect " << protocolName << " Tunnel Load Error" << loadError.localizedDescription.UTF8String;
+                            qDebug().nospace() << "IosController::startTunnel :" << tunnel.localizedDescription << protocolName
                                               << ": Connect " << protocolName << " Tunnel Load Error"
                                               << loadError.localizedDescription.UTF8String;
                            emit connectionStateChanged(Vpn::ConnectionState::Error);
                            return;
                        }
                        NSError *startError = nil;
-                    qDebug() << iosStatusToState(m_currentTunnel.connection.status);
+                        qDebug() << iosStatusToState(tunnel.connection.status);
-                    BOOL started = [m_currentTunnel.connection startVPNTunnelWithOptions:nil andReturnError:&startError];
+                        BOOL started = [tunnel.connection startVPNTunnelWithOptions:nil andReturnError:&startError];
                        if (!started || startError) {
-                        qDebug().nospace() << "IosController::startTunnel :" << m_currentTunnel.localizedDescription << protocolName << " : Connect " << protocolName << " Tunnel Start Error"
+                            qDebug().nospace() << "IosController::startTunnel :" << tunnel.localizedDescription << protocolName
                                               << " : Connect " << protocolName << " Tunnel Start Error"
                                               << (startError ? startError.localizedDescription.UTF8String : "");
                            emit connectionStateChanged(Vpn::ConnectionState::Error);
                        } else {
-                        qDebug().nospace() << "IosController::startTunnel :" << m_currentTunnel.localizedDescription << protocolName << " : Starting the tunnel succeeded";
+                            qDebug().nospace() << "IosController::startTunnel :" << tunnel.localizedDescription << protocolName
                                               << " : Starting the tunnel succeeded";
                        }
                    });
                }];
            });
        }];
    });
 }
 bool IosController::isOurManager(NETunnelProviderManager* manager) {
@@ -1122,14 +1147,26 @@ void IosController::fetchProducts(const QStringList &productIds,
                                                   NSArray<NSString *> * _Nonnull invalidIdentifiers,
                                                   NSError * _Nullable error) {
            QList<QVariantMap> outProducts;
-            for (NSDictionary *p in products) {
+            for (NSDictionary *productInfo in products) {
-                QVariantMap m;
+                QVariantMap productData;
-                m["productId"] = QString::fromUtf8([p[@"productId"] UTF8String]);
+                productData["productId"] = QString::fromUtf8([productInfo[@"productId"] UTF8String]);
-                m["title"] = QString::fromUtf8([p[@"title"] UTF8String]);
+                productData["title"] = QString::fromUtf8([productInfo[@"title"] UTF8String]);
-                m["description"] = QString::fromUtf8([p[@"description"] UTF8String]);
+                productData["description"] = QString::fromUtf8([productInfo[@"description"] UTF8String]);
-                m["price"] = QString::fromUtf8([p[@"price"] UTF8String]);
+                productData["price"] = QString::fromUtf8([productInfo[@"price"] UTF8String]);
-                m["currencyCode"] = QString::fromUtf8([p[@"currencyCode"] UTF8String]);
+                if (productInfo[@"displayPrice"]) {
-                outProducts.push_back(m);
+                    productData["displayPrice"] = QString::fromUtf8([productInfo[@"displayPrice"] UTF8String]);
                }
                productData["currencyCode"] = QString::fromUtf8([productInfo[@"currencyCode"] UTF8String]);
                if (productInfo[@"priceAmount"]) {
                    productData["priceAmount"] = [productInfo[@"priceAmount"] doubleValue];
                }
                if (productInfo[@"subscriptionBillingMonths"]) {
                    productData["subscriptionBillingMonths"] = [productInfo[@"subscriptionBillingMonths"] doubleValue];
                }
                if (productInfo[@"displayPricePerMonth"]) {
                    productData["displayPricePerMonth"] = QString::fromUtf8([productInfo[@"displayPricePerMonth"] UTF8String]);
                }
                outProducts.push_back(productData);
            }
            QStringList invalid;
@@ -61,6 +61,8 @@ IOSNotificationHandler::~IOSNotificationHandler() { }
 void IOSNotificationHandler::notify(NotificationHandler::Message type, const QString& title,
                                    const QString& message, int timerMsec) {
  Q_UNUSED(type);
  // timerMsec is tray display hint on Windows, not a schedule delay — was wrongly used as seconds (CLI-570).
  Q_UNUSED(timerMsec);
  if (!m_delegate) {
    return;
@@ -71,11 +73,13 @@ void IOSNotificationHandler::notify(NotificationHandler::Message type, const QSt
  content.body = message.toNSString();
  content.sound = [UNNotificationSound defaultSound];
-  int timerSec = timerMsec / 1000;
+  NSTimeInterval delay = 0.1;
  UNTimeIntervalNotificationTrigger* trigger =
-      [UNTimeIntervalNotificationTrigger triggerWithTimeInterval:timerSec repeats:NO];
+      [UNTimeIntervalNotificationTrigger triggerWithTimeInterval:delay repeats:NO];
-  UNNotificationRequest* request = [UNNotificationRequest requestWithIdentifier:@"amneziavpn"
+  NSString* requestId = [NSString stringWithFormat:@"amneziavpn.vpnstate.%lld",
      (long long)([[NSDate date] timeIntervalSince1970] * 1000.0)];
  UNNotificationRequest* request = [UNNotificationRequest requestWithIdentifier:requestId
                                                                        content:content
                                                                        trigger:trigger];
@@ -143,6 +147,7 @@ IOSNotificationHandler::~IOSNotificationHandler() { }
 void IOSNotificationHandler::notify(NotificationHandler::Message type, const QString& title,
                                    const QString& message, int timerMsec) {
  Q_UNUSED(type);
  Q_UNUSED(timerMsec);
  if (!m_delegate) {
    return;
@@ -153,11 +158,13 @@ void IOSNotificationHandler::notify(NotificationHandler::Message type, const QSt
  content.body = message.toNSString();
  content.sound = [UNNotificationSound defaultSound];
-  int timerSec = timerMsec / 1000;
+  NSTimeInterval delay = 0.1;
  UNTimeIntervalNotificationTrigger* trigger =
-      [UNTimeIntervalNotificationTrigger triggerWithTimeInterval:timerSec repeats:NO];
+      [UNTimeIntervalNotificationTrigger triggerWithTimeInterval:delay repeats:NO];
-  UNNotificationRequest* request = [UNNotificationRequest requestWithIdentifier:@"amneziavpn"
+  NSString* requestId = [NSString stringWithFormat:@"amneziavpn.vpnstate.%lld",
      (long long)([[NSDate date] timeIntervalSince1970] * 1000.0)];
  UNNotificationRequest* request = [UNNotificationRequest requestWithIdentifier:requestId
                                                                        content:content
                                                                        trigger:trigger];
@@ -41,8 +41,8 @@ void LinuxNetworkWatcher::initialize() {
  connect(m_worker, &LinuxNetworkWatcherWorker::unsecuredNetwork, this,
          &LinuxNetworkWatcher::unsecuredNetwork);
-  connect(m_worker, &LinuxNetworkWatcherWorker::sleepMode, this,
+  connect(m_worker, &LinuxNetworkWatcherWorker::wakeup, this,
-          &NetworkWatcherImpl::sleepMode);
+          &NetworkWatcherImpl::wakeup);
  // Let's wait a few seconds to allow the UI to be fully loaded and shown.
  // This is not strictly needed, but it's better for user experience because
@@ -200,7 +200,7 @@ void LinuxNetworkWatcherWorker::checkDevices() {
 void LinuxNetworkWatcherWorker::NMStateChanged(quint32 state)
 {
  if (state == NM_STATE_ASLEEP) {
-    emit sleepMode();
+    emit wakeup();
  }
  logger.debug() << "NMStateChanged " << state;
@@ -23,7 +23,7 @@ class LinuxNetworkWatcherWorker final : public QObject {
 signals:
  void unsecuredNetwork(const QString& networkName, const QString& networkId);
-  void sleepMode();
+  void wakeup();
 public slots:
  void initialize();
@@ -0,0 +1,8 @@
 #ifndef MACOS_NE_VPN_NOTIFICATION_H
 #define MACOS_NE_VPN_NOTIFICATION_H
 class QString;
 void macosNePostVpnStateNotification(const QString &title, const QString &message);
 #endif
@@ -0,0 +1,91 @@
 #include "macos_ne_vpn_notification.h"
 #include <QtGlobal>
 #include <QString>
 #import <Foundation/Foundation.h>
 #import <UserNotifications/UserNotifications.h>
 namespace {
@interface MacosNeVpnNotificationDelegate : NSObject <UNUserNotificationCenterDelegate>
@end
@implementation MacosNeVpnNotificationDelegate
 - (void)userNotificationCenter:(UNUserNotificationCenter *)center
       willPresentNotification:(UNNotification *)notification
         withCompletionHandler:(void (^)(UNNotificationPresentationOptions options))completionHandler
 {
    Q_UNUSED(center)
    Q_UNUSED(notification)
    completionHandler(UNNotificationPresentationOptionList | UNNotificationPresentationOptionBanner);
 }
 - (void)userNotificationCenter:(UNUserNotificationCenter *)center
    didReceiveNotificationResponse:(UNNotificationResponse *)response
             withCompletionHandler:(void (^)(void))completionHandler
 {
    Q_UNUSED(center)
    Q_UNUSED(response)
    completionHandler();
 }
@end
 MacosNeVpnNotificationDelegate *delegateInstance()
 {
    static MacosNeVpnNotificationDelegate *d;
    static dispatch_once_t once;
    dispatch_once(&once, ^{
      d = [[MacosNeVpnNotificationDelegate alloc] init];
    });
    return d;
 }
 void ensureNotificationCenterSetup()
 {
    static dispatch_once_t once;
    dispatch_once(&once, ^{
      UNUserNotificationCenter *center = [UNUserNotificationCenter currentNotificationCenter];
      [center requestAuthorizationWithOptions:(UNAuthorizationOptionSound | UNAuthorizationOptionAlert |
                                               UNAuthorizationOptionBadge)
                            completionHandler:^(BOOL granted, NSError *_Nullable error) {
                              Q_UNUSED(granted);
                              if (!error) {
                                  center.delegate = delegateInstance();
                              }
                            }];
    });
 }
 } // namespace
 void macosNePostVpnStateNotification(const QString &title, const QString &message)
 {
    ensureNotificationCenterSetup();
    UNMutableNotificationContent *content = [[UNMutableNotificationContent alloc] init];
    content.title = title.toNSString();
    content.body = message.toNSString();
    content.sound = nil;
    NSTimeInterval delay = 0.1;
    UNTimeIntervalNotificationTrigger *trigger =
        [UNTimeIntervalNotificationTrigger triggerWithTimeInterval:delay repeats:NO];
    NSString *identifier =
        [NSString stringWithFormat:@"amneziavpn.vpnstate.%lld", (long long)([[NSDate date] timeIntervalSince1970] * 1000.0)];
    UNNotificationRequest *request = [UNNotificationRequest requestWithIdentifier:identifier
                                                                          content:content
                                                                          trigger:trigger];
    UNUserNotificationCenter *center = [UNUserNotificationCenter currentNotificationCenter];
    [center addNotificationRequest:request
             withCompletionHandler:^(NSError *_Nullable error) {
               if (error) {
                   NSLog(@"macosNePostVpnStateNotification failed: %@", error);
               }
             }];
 }
@@ -173,10 +173,10 @@ void PowerNotificationsListener::sleepWakeupCallBack(void *refParam, io_service_
    case kIOMessageSystemHasPoweredOn:
        /* Announces that the system and its devices have woken up. */
-        logger.debug() << "System has powered on - emitting sleepMode signal from dedicated CFRunLoop thread";
+        logger.debug() << "System has powered on - emitting wakeup signal from dedicated CFRunLoop thread";
        if (listener->m_watcher) {
            // Use QMetaObject::invokeMethod for thread-safe signal emission
-            QMetaObject::invokeMethod(listener->m_watcher, "sleepMode", Qt::QueuedConnection);
+            QMetaObject::invokeMethod(listener->m_watcher, "wakeup", Qt::QueuedConnection);
        }
        break;
@@ -62,6 +62,9 @@ void WindowsDaemon::prepareActivation(const InterfaceConfig& config, int inetAda
 }
 void WindowsDaemon::activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex) {
    if (m_splitTunnelManager == nullptr)
        return;
  if (config.m_vpnDisabledApps.length() > 0) {
      m_splitTunnelManager->start(m_inetAdapterIndex, vpnAdapterIndex);
      m_splitTunnelManager->excludeApps(config.m_vpnDisabledApps);
@@ -41,7 +41,7 @@ LRESULT WindowsNetworkWatcher::PowerWndProcCallback(HWND hwnd, UINT uMsg, WPARAM
  switch (uMsg) {
  case WM_POWERBROADCAST:
    if (wParam == PBT_APMRESUMESUSPEND) {
-        emit obj->sleepMode();
+        emit obj->wakeup();
    }
    break;
  default:
@@ -232,12 +232,6 @@ ErrorCode OpenVpnProtocol::start()
        return ErrorCode::AmneziaServiceConnectionFailed;
    }
    m_openVpnProcess->waitForSource(5000);
    if (!m_openVpnProcess->isInitialized()) {
        qWarning() << "IpcProcess replica is not connected!";
        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
        return ErrorCode::AmneziaServiceConnectionFailed;
    }
    m_openVpnProcess->setProgram(PermittedProcess::OpenVPN);
    QStringList arguments({
            "--config", configPath(), "--management", m_managementHost, QString::number(mgmtPort),
@@ -246,13 +240,13 @@ ErrorCode OpenVpnProtocol::start()
    m_openVpnProcess->setArguments(arguments);
    qDebug() << arguments.join(" ");
-    connect(m_openVpnProcess.data(), &PrivilegedProcess::errorOccurred,
+    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::errorOccurred,
            [&](QProcess::ProcessError error) { qDebug() << "PrivilegedProcess errorOccurred" << error; });
-    connect(m_openVpnProcess.data(), &PrivilegedProcess::stateChanged,
+    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::stateChanged,
            [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });
-    connect(m_openVpnProcess.data(), &PrivilegedProcess::finished, this,
+    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::finished, this,
            [&]() { setConnectionState(Vpn::ConnectionState::Disconnected); });
    m_openVpnProcess->start();
@@ -53,7 +53,7 @@ private:
    void updateRouteGateway(QString line);
    void updateVpnGateway(const QString &line);
-    QSharedPointer<PrivilegedProcess> m_openVpnProcess;
+    QSharedPointer<IpcProcessInterfaceReplica> m_openVpnProcess;
 };
 #endif // OPENVPNPROTOCOL_H
@@ -233,7 +233,7 @@ namespace amnezia
            constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
            constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
            constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
-            constexpr char defaultSpecialJunk1[] = "<b 0x084481800001000300000000077469636b65747306776964676574096b696e6f706f69736b0272750000010001c00c0005000100000039001806776964676574077469636b6574730679616e646578c025c0390005000100000039002b1765787465726e616c2d7469636b6574732d776964676574066166697368610679616e646578036e657400c05d000100010000001c000457fafe25>";
+            constexpr char defaultSpecialJunk1[] = "<r 2><b 0x858000010001000000000669636c6f756403636f6d0000010001c00c000100010000105a00044d583737>";
            constexpr char defaultSpecialJunk2[] = "";
            constexpr char defaultSpecialJunk3[] = "";
            constexpr char defaultSpecialJunk4[] = "";
@@ -15,7 +15,7 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
    m_impl.reset(new LocalSocketController());
    connect(m_impl.get(), &ControllerImpl::connected, this,
            [this](const QString &pubkey, const QDateTime &connectionTimestamp) {
-                emit connectionStateChanged(Vpn::ConnectionState::Connected);
+                setConnectionState(Vpn::ConnectionState::Connected);
            });
    connect(m_impl.get(), &ControllerImpl::statusUpdated, this,
            [this](const QString& serverIpv4Gateway,
@@ -38,7 +38,7 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
            });
    connect(m_impl.get(), &ControllerImpl::disconnected, this,
-            [this]() { emit connectionStateChanged(Vpn::ConnectionState::Disconnected); });
+            [this]() { setConnectionState(Vpn::ConnectionState::Disconnected); });
    m_impl->initialize(nullptr, nullptr);
 }
@@ -1,6 +1,7 @@
 #include "xrayprotocol.h"
 #include "core/ipcclient.h"
 #include "ipc.h"
 #include "utilities.h"
 #include "core/networkUtilities.h"
@@ -9,14 +10,37 @@
 #include <QJsonObject>
 #include <QNetworkInterface>
 #include <QJsonDocument>
 #include <QtCore/qlogging.h>
 #include <QtCore/qobjectdefs.h>
 #include <QtCore/qprocess.h>
 #ifdef Q_OS_MACOS
 static const QString tunName = "utun22";
 #else
 static const QString tunName = "tun2";
 #endif
 XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent) : VpnProtocol(configuration, parent)
 {
    readXrayConfiguration(configuration);
    m_routeGateway = NetworkUtilities::getGatewayAndIface().first;
    m_vpnGateway = amnezia::protocols::xray::defaultLocalAddr;
    m_vpnLocalAddress = amnezia::protocols::xray::defaultLocalAddr;
-    m_t2sProcess = IpcClient::InterfaceTun2Socks();
+    m_routeGateway = NetworkUtilities::getGatewayAndIface().first;
    m_routeMode = static_cast<Settings::RouteMode>(configuration.value(amnezia::config_key::splitTunnelType).toInt());
    m_remoteAddress = NetworkUtilities::getIPAddress(m_rawConfig.value(amnezia::config_key::hostName).toString());
    const QString primaryDns = configuration.value(amnezia::config_key::dns1).toString();
    m_dnsServers.push_back(QHostAddress(primaryDns));
    if (primaryDns != amnezia::protocols::dns::amneziaDnsIp) {
        const QString secondaryDns = configuration.value(amnezia::config_key::dns2).toString();
        m_dnsServers.push_back(QHostAddress(secondaryDns));
    }
    QJsonObject xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::Xray)).toObject();
    if (xrayConfiguration.isEmpty()) {
        xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::SSXray)).toObject();
    }
    m_xrayConfig = xrayConfiguration;
 }
 XrayProtocol::~XrayProtocol()
@@ -29,72 +53,16 @@ ErrorCode XrayProtocol::start()
 {
    qDebug() << "XrayProtocol::start()";
-    const ErrorCode err = IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
+    return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-        iface->xrayStart(QJsonDocument(m_xrayConfig).toJson());
+        auto xrayStart = iface->xrayStart(QJsonDocument(m_xrayConfig).toJson());
-        return ErrorCode::NoError;
+        if (!xrayStart.waitForFinished() || !xrayStart.returnValue()) {
            qCritical() << "Failed to start xray";
            return ErrorCode::XrayExecutableCrashed;
        }
        return startTun2Socks();
    }, [] () {
        return ErrorCode::AmneziaServiceConnectionFailed;
    });
    if (err != ErrorCode::NoError)
        return err;
    setConnectionState(Vpn::ConnectionState::Connecting);
    return startTun2Sock();
 }
 ErrorCode XrayProtocol::startTun2Sock()
 {
    m_t2sProcess->start();
    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::stateChanged, this,
            [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });
    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::setConnectionState, this, [&](int vpnState) {
        qDebug() << "PrivilegedProcess setConnectionState " << vpnState;
        IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
            if (vpnState == Vpn::ConnectionState::Connected) {
                setConnectionState(Vpn::ConnectionState::Connecting);
                QList<QHostAddress> dnsAddr;
                dnsAddr.push_back(QHostAddress(m_primaryDNS));
                // We don't use secondary DNS if primary DNS is AmneziaDNS
                if (!m_primaryDNS.contains(amnezia::protocols::dns::amneziaDnsIp)) {
                    dnsAddr.push_back(QHostAddress(m_secondaryDNS));
                }
    #ifdef Q_OS_WIN
                QThread::msleep(8000);
    #endif
    #ifdef Q_OS_MACOS
                QThread::msleep(5000);
                iface->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
                iface->updateResolvers("utun22", dnsAddr);
    #endif
    #ifdef Q_OS_LINUX
                QThread::msleep(1000);
                iface->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
                iface->updateResolvers("tun2", dnsAddr);
    #endif
                if (m_routeMode == Settings::RouteMode::VpnAllSites) {
                    iface->routeAddList(m_vpnGateway, QStringList() << "1.0.0.0/8" << "2.0.0.0/7" << "4.0.0.0/6" << "8.0.0.0/5" << "16.0.0.0/4" << "32.0.0.0/3" << "64.0.0.0/2" << "128.0.0.0/1");
                }
                iface->StopRoutingIpv6();
    #ifdef Q_OS_WIN
                iface->updateResolvers("tun2", dnsAddr);
    #endif
                setConnectionState(Vpn::ConnectionState::Connected);
            }
    #if !defined(Q_OS_MACOS)
            if (vpnState == Vpn::ConnectionState::Disconnected) {
                setConnectionState(Vpn::ConnectionState::Disconnected);
                iface->deleteTun("tun2");
                iface->StartRoutingIpv6();
                iface->clearSavedRoutes();
            }
 #endif
        });
    });
    return ErrorCode::NoError;
 }
 void XrayProtocol::stop()
@@ -102,43 +70,177 @@ void XrayProtocol::stop()
    qDebug() << "XrayProtocol::stop()";
    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
-#ifdef AMNEZIA_DESKTOP
+        auto disableKillSwitch = iface->disableKillSwitch();
-        QRemoteObjectPendingReply<bool> StartRoutingIpv6Resp = iface->StartRoutingIpv6();
+        if (!disableKillSwitch.waitForFinished() || !disableKillSwitch.returnValue())
-        if (!StartRoutingIpv6Resp.waitForFinished(1000)) {
+            qWarning() << "Failed to disable killswitch";
            qWarning() << "XrayProtocol::stop(): Failed to start routing ipv6";
        }
-        QRemoteObjectPendingReply<bool> restoreResolvers = iface->restoreResolvers();
+        auto StartRoutingIpv6 = iface->StartRoutingIpv6();
-        if (!restoreResolvers.waitForFinished(1000)) {
+        if (!StartRoutingIpv6.waitForFinished() || !StartRoutingIpv6.returnValue())
-            qWarning() << "XrayProtocol::stop(): Failed to restore resolvers";
+            qWarning() << "Failed to start routing ipv6";
        }
-    #if !defined(Q_OS_MACOS)
+        auto restoreResolvers = iface->restoreResolvers();
-        QRemoteObjectPendingReply<bool> deleteTunResp = iface->deleteTun("tun2");
+        if (!restoreResolvers.waitForFinished() || !restoreResolvers.returnValue())
-        if (!deleteTunResp.waitForFinished(1000)) {
+            qWarning() << "Failed to restore resolvers";
-            qWarning() << "XrayProtocol::stop(): Failed to delete tun";
+
-        }
+        auto deleteTun = iface->deleteTun(tunName);
-    #endif
+        if (!deleteTun.waitForFinished() || !deleteTun.returnValue())
-#endif
+            qWarning() << "Failed to delete tun";
-        iface->xrayStop();
+
        auto xrayStop = iface->xrayStop();
        if (!xrayStop.waitForFinished() || !xrayStop.returnValue())
            qWarning() << "Failed to stop xray";
    });
-    if (m_t2sProcess) {
+    if (m_tun2socksProcess) {
-        m_t2sProcess->stop();
+        m_tun2socksProcess->blockSignals(true);
-        QThread::msleep(200);
+
 #ifndef Q_OS_WIN
        m_tun2socksProcess->terminate();
        auto waitForFinished = m_tun2socksProcess->waitForFinished(1000);
        if (!waitForFinished.waitForFinished() || !waitForFinished.returnValue()) {
            qWarning() << "Failed to terminate tun2socks. Killing the process...";
            m_tun2socksProcess->kill();
        }
 #else
        // terminate does not do anything useful on Windows
        // so just kill the process
        m_tun2socksProcess->kill();
 #endif
        m_tun2socksProcess->close();
        m_tun2socksProcess.reset();
    }
    setConnectionState(Vpn::ConnectionState::Disconnected);
 }
-void XrayProtocol::readXrayConfiguration(const QJsonObject &configuration)
+ErrorCode XrayProtocol::startTun2Socks()
 {
-    QJsonObject xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::Xray)).toObject();
+    m_tun2socksProcess = IpcClient::CreatePrivilegedProcess();
-    if (xrayConfiguration.isEmpty()) {
+    if (!m_tun2socksProcess->waitForSource()) {
-        xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::SSXray)).toObject();
+        return ErrorCode::AmneziaServiceConnectionFailed;
    }
-    m_xrayConfig = xrayConfiguration;
+
-    m_routeMode = static_cast<Settings::RouteMode>(configuration.value(amnezia::config_key::splitTunnelType).toInt());
+    m_tun2socksProcess->setProgram(PermittedProcess::Tun2Socks);
-    m_primaryDNS = configuration.value(amnezia::config_key::dns1).toString();
+    m_tun2socksProcess->setArguments({"-device", QString("tun://%1").arg(tunName), "-proxy", "socks5://127.0.0.1:10808" });
-    m_secondaryDNS = configuration.value(amnezia::config_key::dns2).toString();
+
    connect(m_tun2socksProcess.data(), &IpcProcessInterfaceReplica::readyReadStandardOutput, this, [this]() {
        auto readAllStandardOutput = m_tun2socksProcess->readAllStandardOutput();
        if (!readAllStandardOutput.waitForFinished()) {
            qWarning() << "Failed to read output from tun2socks";
            return;
        }
        const QString line = readAllStandardOutput.returnValue();
        if (!line.contains("[TCP]") && !line.contains("[UDP]"))
            qDebug() << "[tun2socks]:" << line;
        if (line.contains("[STACK] tun://") && line.contains("<-> socks5://127.0.0.1")) {
            disconnect(m_tun2socksProcess.data(), &IpcProcessInterfaceReplica::readyReadStandardOutput, this, nullptr);
            if (ErrorCode res = setupRouting(); res != ErrorCode::NoError) {
                stop();
                setLastError(res);
            } else {
                setConnectionState(Vpn::ConnectionState::Connected);
            }
        }
    }, Qt::QueuedConnection);
    connect(m_tun2socksProcess.data(), &IpcProcessInterfaceReplica::finished, this, [this](int exitCode, QProcess::ExitStatus exitStatus) {
        if (exitStatus == QProcess::ExitStatus::CrashExit) {
            qCritical() << "Tun2socks process crashed!";
        } else {
            qCritical() << QString("Tun2socks process was closed with %1 exit code").arg(exitCode);
        }
        stop();
        setLastError(ErrorCode::Tun2SockExecutableCrashed);
    }, Qt::QueuedConnection);
    m_tun2socksProcess->start();
    return ErrorCode::NoError;
 }
 ErrorCode XrayProtocol::setupRouting() {
    return IpcClient::withInterface([this](QSharedPointer<IpcInterfaceReplica> iface) -> ErrorCode {
 #ifdef Q_OS_WIN
        const int inetAdapterIndex = NetworkUtilities::AdapterIndexTo(QHostAddress(m_remoteAddress));
 #endif
        auto createTun = iface->createTun(tunName, amnezia::protocols::xray::defaultLocalAddr);
        if (!createTun.waitForFinished() || !createTun.returnValue()) {
            qCritical() << "Failed to assign IP address for TUN";
            return ErrorCode::InternalError;
        }
        auto updateResolvers = iface->updateResolvers(tunName, m_dnsServers);
        if (!updateResolvers.waitForFinished() || !updateResolvers.returnValue()) {
            qCritical() << "Failed to set DNS resolvers for TUN";
            return ErrorCode::InternalError;
        }
 #ifdef Q_OS_WIN
        int vpnAdapterIndex = -1;
        QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
        for (auto& netInterface : netInterfaces) {
            for (auto& address : netInterface.addressEntries()) {
                if (m_vpnLocalAddress == address.ip().toString())
                    vpnAdapterIndex = netInterface.index();
            }
        }
 #else
        static const int vpnAdapterIndex = 0;
 #endif
        const bool killSwitchEnabled = QVariant(m_rawConfig.value(config_key::killSwitchOption).toString()).toBool();
        if (killSwitchEnabled) {
            if (vpnAdapterIndex != -1) {
                QJsonObject config = m_rawConfig;
                config.insert("vpnServer", m_remoteAddress);
                auto enableKillSwitch = IpcClient::Interface()->enableKillSwitch(config, vpnAdapterIndex);
                if (!enableKillSwitch.waitForFinished() || !enableKillSwitch.returnValue()) {
                    qCritical() << "Failed to enable killswitch";
                    return ErrorCode::InternalError;
                }
            } else
                qWarning() << "Failed to get vpnAdapterIndex. Killswitch disabled";
        }
        if (m_routeMode == Settings::RouteMode::VpnAllSites) {
            static const QStringList subnets = { "1.0.0.0/8", "2.0.0.0/7", "4.0.0.0/6", "8.0.0.0/5", "16.0.0.0/4", "32.0.0.0/3", "64.0.0.0/2", "128.0.0.0/1" };
            auto routeAddList =  iface->routeAddList(m_vpnGateway, subnets);
            if (!routeAddList.waitForFinished() || routeAddList.returnValue() != subnets.count()) {
                qCritical() << "Failed to set routes for TUN";
                return ErrorCode::InternalError;
            }
        }
        auto StopRoutingIpv6 = iface->StopRoutingIpv6();
        if (!StopRoutingIpv6.waitForFinished() || !StopRoutingIpv6.returnValue()) {
            qCritical() << "Failed to disable IPv6 routing";
            return ErrorCode::InternalError;
        }
 #ifdef Q_OS_WIN
        if (inetAdapterIndex != -1 && vpnAdapterIndex != -1) {
            QJsonObject config = m_rawConfig;
            config.insert("inetAdapterIndex", inetAdapterIndex);
            config.insert("vpnAdapterIndex", vpnAdapterIndex);
            config.insert("vpnGateway", m_vpnGateway);
            config.insert("vpnServer", m_remoteAddress);
            auto enablePeerTraffic = iface->enablePeerTraffic(config);
            if (!enablePeerTraffic.waitForFinished() || !enablePeerTraffic.returnValue()) {
                qCritical() << "Failed to enable peer traffic";
                return ErrorCode::InternalError;
            }
        } else
            qWarning() << "Failed to get adapter indexes. Split-tunneling disabled";
 #endif
        return ErrorCode::NoError;
    },
    [] () {
        return ErrorCode::AmneziaServiceConnectionFailed;
    });
 }
@@ -6,6 +6,7 @@
 #include "core/ipcclient.h"
 #include "vpnprotocol.h"
 #include "settings.h"
 #include <QtCore/qsharedpointer.h>
 class XrayProtocol : public VpnProtocol
 {
@@ -14,19 +15,18 @@ public:
    virtual ~XrayProtocol() override;
    ErrorCode start() override;
    ErrorCode startTun2Sock();
    void stop() override;
 private:
-    void readXrayConfiguration(const QJsonObject &configuration);
+    ErrorCode setupRouting();
    ErrorCode startTun2Socks();
    QJsonObject m_xrayConfig;
    Settings::RouteMode m_routeMode;
-    QString m_primaryDNS;
+    QList<QHostAddress> m_dnsServers;
-    QString m_secondaryDNS;
+    QString m_remoteAddress;
-#ifndef Q_OS_IOS
+
-    QSharedPointer<IpcProcessTun2SocksReplica> m_t2sProcess;
+    QSharedPointer<IpcProcessInterfaceReplica> m_tun2socksProcess;
 #endif
 };
 #endif // XRAYPROTOCOL_H
@@ -27,10 +27,12 @@
        <file>images/controls/folder-open.svg</file>
        <file>images/controls/folder-search-2.svg</file>
        <file>images/controls/gauge.svg</file>
        <file>images/controls/globe-2.svg</file>
        <file>images/controls/github.svg</file>
        <file>images/controls/help-circle.svg</file>
        <file>images/controls/history.svg</file>
        <file>images/controls/home.svg</file>
        <file>images/controls/infinity.svg</file>
        <file>images/controls/info.svg</file>
        <file>images/controls/mail.svg</file>
        <file>images/controls/map-pin.svg</file>
@@ -55,6 +57,7 @@
        <file>images/controls/settings-news.svg</file>
        <file>images/controls/share-2.svg</file>
        <file>images/controls/split-tunneling.svg</file>
        <file>images/controls/smartphone.svg</file>
        <file>images/controls/tag.svg</file>
        <file>images/controls/telegram.svg</file>
        <file>images/controls/text-cursor.svg</file>
@@ -129,11 +132,17 @@
        <file>ui/qml/Components/AdLabel.qml</file>
        <file>ui/qml/Components/ConnectButton.qml</file>
        <file>ui/qml/Components/ConnectionTypeSelectionDrawer.qml</file>
        <file>ui/qml/Components/GamepadLoader.qml</file>
        <file>ui/qml/Components/HomeContainersListView.qml</file>
        <file>ui/qml/Components/HomeSplitTunnelingDrawer.qml</file>
        <file>ui/qml/Components/InstalledAppsDrawer.qml</file>
        <file>ui/qml/Components/BenefitRow.qml</file>
        <file>ui/qml/Components/BenefitsPanel.qml</file>
        <file>ui/qml/Components/SubscriptionPlanCard.qml</file>
        <file>ui/qml/Components/TermsAndPrivacyText.qml</file>
        <file>ui/qml/Components/QuestionDrawer.qml</file>
        <file>ui/qml/Components/SelectLanguageDrawer.qml</file>
        <file>ui/qml/Components/SubscriptionExpiredDrawer.qml</file>
        <file>ui/qml/Components/ServersListView.qml</file>
        <file>ui/qml/Components/SettingsContainersListView.qml</file>
        <file>ui/qml/Components/TransportProtoSelector.qml</file>
@@ -179,6 +188,7 @@
        <file>ui/qml/Controls2/TextTypes/LabelTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/ListItemTitleType.qml</file>
        <file>ui/qml/Controls2/TextTypes/ParagraphTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/BadgeTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/SmallTextType.qml</file>
        <file>ui/qml/Controls2/TopCloseButtonType.qml</file>
        <file>ui/qml/Controls2/VerticalRadioButton.qml</file>
@@ -224,7 +234,9 @@
        <file>ui/qml/Pages2/PageSettingsNewsDetail.qml</file>
        <file>ui/qml/Pages2/PageProtocolAwgClientSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml</file>
-        <file>ui/qml/Pages2/PageSetupWizardApiServiceInfo.qml</file>
+        <file>ui/qml/Pages2/PageSetupWizardApiFreeInfo.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardApiPremiumInfo.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardApiTrialEmail.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardApiServicesList.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardConfigSource.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardCredentials.qml</file>
@@ -35,13 +35,12 @@ SecureQSettings::SecureQSettings(const QString &organization, const QString &app
            }
        }
        m_settings.setValue("Conf/encrypted", true);
        m_settings.sync();
    }
 }
 QVariant SecureQSettings::value(const QString &key, const QVariant &defaultValue) const
 {
-    QMutexLocker locker(&mutex);
+    QMutexLocker locker(&m_mutex);
    if (m_cache.contains(key)) {
        return m_cache.value(key);
@@ -85,7 +84,7 @@ QVariant SecureQSettings::value(const QString &key, const QVariant &defaultValue
 void SecureQSettings::setValue(const QString &key, const QVariant &value)
 {
-    QMutexLocker locker(&mutex);
+    QMutexLocker locker(&m_mutex);
    if (encryptionRequired() && encryptedKeys.contains(key)) {
        if (!getEncKey().isEmpty() && !getEncIv().isEmpty()) {
@@ -107,26 +106,20 @@ void SecureQSettings::setValue(const QString &key, const QVariant &value)
    }
    m_cache.insert(key, value);
    sync();
 }
 void SecureQSettings::remove(const QString &key)
 {
-    QMutexLocker locker(&mutex);
+    QMutexLocker locker(&m_mutex);
    m_settings.remove(key);
    m_cache.remove(key);
    sync();
 }
 void SecureQSettings::sync()
 {
    m_settings.sync();
 }
 QByteArray SecureQSettings::backupAppConfig() const
 {
    QMutexLocker locker(&m_mutex);
    QJsonObject cfg;
    const auto needToBackup = [this](const auto &key) {
@@ -161,6 +154,8 @@ QByteArray SecureQSettings::backupAppConfig() const
 bool SecureQSettings::restoreAppConfig(const QByteArray &json)
 {
    QMutexLocker locker(&m_mutex);
    QJsonObject cfg = QJsonDocument::fromJson(json).object();
    if (cfg.isEmpty())
        return false;
@@ -173,10 +168,16 @@ bool SecureQSettings::restoreAppConfig(const QByteArray &json)
        setValue(key, cfg.value(key).toVariant());
    }
    sync();
    return true;
 }
 void SecureQSettings::clearSettings()
 {
    QMutexLocker locker(&m_mutex);
    m_settings.clear();
    m_cache.clear();
 }
 QByteArray SecureQSettings::encryptText(const QByteArray &value) const
 {
    QSimpleCrypto::QBlockCipher cipher;
@@ -294,11 +295,3 @@ void SecureQSettings::setSecTag(const QString &tag, const QByteArray &data)
        qCritical() << "SecureQSettings::setSecTag Error:" << job->errorString();
    }
 }
 void SecureQSettings::clearSettings()
 {
    QMutexLocker locker(&mutex);
    m_settings.clear();
    m_cache.clear();
    sync();
 }
@@ -16,14 +16,16 @@ public:
    explicit SecureQSettings(const QString &organization, const QString &application = QString(),
                             QObject *parent = nullptr);
-    Q_INVOKABLE QVariant value(const QString &key, const QVariant &defaultValue = QVariant()) const;
+    QVariant value(const QString &key, const QVariant &defaultValue = QVariant()) const;
-    Q_INVOKABLE void setValue(const QString &key, const QVariant &value);
+    void setValue(const QString &key, const QVariant &value);
    void remove(const QString &key);
    void sync();
    QByteArray backupAppConfig() const;
    bool restoreAppConfig(const QByteArray &json);
    void clearSettings();
 private:
    QByteArray encryptText(const QByteArray &value) const;
    QByteArray decryptText(const QByteArray &ba) const;
@@ -35,9 +37,6 @@ public:
    static QByteArray getSecTag(const QString &tag);
    static void setSecTag(const QString &tag, const QByteArray &data);
    void clearSettings();
 private:
    QSettings m_settings;
    mutable QHash<QString, QVariant> m_cache;
@@ -53,7 +52,7 @@ private:
    const QByteArray magicString { "EncData" }; // Magic keyword used for mark encrypted QByteArray
-    mutable QMutex mutex;
+    mutable QRecursiveMutex m_mutex;
 };
 #endif // SECUREQSETTINGS_H
@@ -21,4 +21,5 @@ if [ "$(systemctl is-active docker)" != "active" ]; then \
  sleep 5; sudo systemctl start docker; sleep 5;\
 fi;\
 if ! command -v sudo > /dev/null 2>&1; then echo "Failed to install sudo, command not found"; exit 1; fi;\
-docker --version
+docker --version;\
 uname -sr
@@ -21,10 +21,10 @@ Settings::Settings(QObject *parent) : QObject(parent), m_settings(ORGANIZATION_N
 {
    // Import old settings
    if (serversCount() == 0) {
-        QString user = value("Server/userName").toString();
+        QString user = m_settings.value("Server/userName").toString();
-        QString password = value("Server/password").toString();
+        QString password = m_settings.value("Server/password").toString();
-        QString serverName = value("Server/serverName").toString();
+        QString serverName = m_settings.value("Server/serverName").toString();
-        int port = value("Server/serverPort").toInt();
+        int port = m_settings.value("Server/serverPort").toInt();
        if (!user.isEmpty() && !password.isEmpty() && !serverName.isEmpty()) {
            QJsonObject server;
@@ -222,7 +222,7 @@ QString Settings::nextAvailableServerName() const
 void Settings::setSaveLogs(bool enabled)
 {
-    setValue("Conf/saveLogs", enabled);
+    m_settings.setValue("Conf/saveLogs", enabled);
 #ifndef Q_OS_ANDROID
    if (!isSaveLogs()) {
        Logger::deInit();
@@ -242,12 +242,12 @@ void Settings::setSaveLogs(bool enabled)
 QDateTime Settings::getLogEnableDate()
 {
-    return value("Conf/logEnableDate").toDateTime();
+    return m_settings.value("Conf/logEnableDate").toDateTime();
 }
 void Settings::setLogEnableDate(QDateTime date)
 {
-    setValue("Conf/logEnableDate", date);
+    m_settings.setValue("Conf/logEnableDate", date);
 }
 QString Settings::routeModeString(RouteMode mode) const
@@ -261,17 +261,17 @@ QString Settings::routeModeString(RouteMode mode) const
 Settings::RouteMode Settings::routeMode() const
 {
-    return static_cast<RouteMode>(value("Conf/routeMode", 0).toInt());
+    return static_cast<RouteMode>(m_settings.value("Conf/routeMode", 0).toInt());
 }
 bool Settings::isSitesSplitTunnelingEnabled() const
 {
-    return value("Conf/sitesSplitTunnelingEnabled", false).toBool();
+    return m_settings.value("Conf/sitesSplitTunnelingEnabled", false).toBool();
 }
 void Settings::setSitesSplitTunnelingEnabled(bool enabled)
 {
-    setValue("Conf/sitesSplitTunnelingEnabled", enabled);
+    m_settings.setValue("Conf/sitesSplitTunnelingEnabled", enabled);
 }
 bool Settings::addVpnSite(RouteMode mode, const QString &site, const QString &ip)
@@ -359,12 +359,12 @@ void Settings::removeAllVpnSites(RouteMode mode)
 QString Settings::primaryDns() const
 {
-    return value("Conf/primaryDns", cloudFlareNs1).toString();
+    return m_settings.value("Conf/primaryDns", cloudFlareNs1).toString();
 }
 QString Settings::secondaryDns() const
 {
-    return value("Conf/secondaryDns", cloudFlareNs2).toString();
+    return m_settings.value("Conf/secondaryDns", cloudFlareNs2).toString();
 }
 void Settings::clearSettings()
@@ -386,18 +386,18 @@ QString Settings::appsRouteModeString(AppsRouteMode mode) const
 Settings::AppsRouteMode Settings::getAppsRouteMode() const
 {
-    return static_cast<AppsRouteMode>(value("Conf/appsRouteMode", 0).toInt());
+    return static_cast<AppsRouteMode>(m_settings.value("Conf/appsRouteMode", 0).toInt());
 }
 void Settings::setAppsRouteMode(AppsRouteMode mode)
 {
-    setValue("Conf/appsRouteMode", mode);
+    m_settings.setValue("Conf/appsRouteMode", mode);
 }
 QVector<InstalledAppInfo> Settings::getVpnApps(AppsRouteMode mode) const
 {
    QVector<InstalledAppInfo> apps;
-    auto appsArray = value("Conf/" + appsRouteModeString(mode)).toJsonArray();
+    auto appsArray = m_settings.value("Conf/" + appsRouteModeString(mode)).toJsonArray();
    for (const auto &app : appsArray) {
        InstalledAppInfo appInfo;
        appInfo.appName = app.toObject().value("appName").toString();
@@ -419,43 +419,42 @@ void Settings::setVpnApps(AppsRouteMode mode, const QVector<InstalledAppInfo> &a
        appInfo.insert("appPath", app.appPath);
        appsArray.push_back(appInfo);
    }
-    setValue("Conf/" + appsRouteModeString(mode), appsArray);
+    m_settings.setValue("Conf/" + appsRouteModeString(mode), appsArray);
    m_settings.sync();
 }
 bool Settings::isAppsSplitTunnelingEnabled() const
 {
-    return value("Conf/appsSplitTunnelingEnabled", false).toBool();
+    return m_settings.value("Conf/appsSplitTunnelingEnabled", false).toBool();
 }
 void Settings::setAppsSplitTunnelingEnabled(bool enabled)
 {
-    setValue("Conf/appsSplitTunnelingEnabled", enabled);
+    m_settings.setValue("Conf/appsSplitTunnelingEnabled", enabled);
 }
 bool Settings::isKillSwitchEnabled() const
 {
-    return value("Conf/killSwitchEnabled", true).toBool();
+    return m_settings.value("Conf/killSwitchEnabled", true).toBool();
 }
 void Settings::setKillSwitchEnabled(bool enabled)
 {
-    setValue("Conf/killSwitchEnabled", enabled);
+    m_settings.setValue("Conf/killSwitchEnabled", enabled);
 }
 bool Settings::isStrictKillSwitchEnabled() const
 {
-    return value("Conf/strictKillSwitchEnabled", false).toBool();
+    return m_settings.value("Conf/strictKillSwitchEnabled", false).toBool();
 }
 void Settings::setStrictKillSwitchEnabled(bool enabled)
 {
-    setValue("Conf/strictKillSwitchEnabled", enabled);
+    m_settings.setValue("Conf/strictKillSwitchEnabled", enabled);
 }
 QString Settings::getInstallationUuid(const bool needCreate)
 {
-    auto uuid = value("Conf/installationUuid", "").toString();
+    auto uuid = m_settings.value("Conf/installationUuid", "").toString();
    if (needCreate && uuid.isEmpty()) {
        uuid = QUuid::createUuid().toString();
@@ -476,7 +475,7 @@ QString Settings::getInstallationUuid(const bool needCreate)
 void Settings::setInstallationUuid(const QString &uuid)
 {
-    setValue("Conf/installationUuid", uuid);
+    m_settings.setValue("Conf/installationUuid", uuid);
 }
 ServerCredentials Settings::defaultServerCredentials() const
@@ -497,28 +496,6 @@ ServerCredentials Settings::serverCredentials(int index) const
    return credentials;
 }
 QVariant Settings::value(const QString &key, const QVariant &defaultValue) const
 {
    QVariant returnValue;
    if (QThread::currentThread() == QCoreApplication::instance()->thread()) {
        returnValue = m_settings.value(key, defaultValue);
    } else {
        QMetaObject::invokeMethod(&m_settings, "value", Qt::BlockingQueuedConnection, Q_RETURN_ARG(QVariant, returnValue),
                                  Q_ARG(const QString &, key), Q_ARG(const QVariant &, defaultValue));
    }
    return returnValue;
 }
 void Settings::setValue(const QString &key, const QVariant &value)
 {
    if (QThread::currentThread() == QCoreApplication::instance()->thread()) {
        m_settings.setValue(key, value);
    } else {
        QMetaObject::invokeMethod(&m_settings, "setValue", Qt::BlockingQueuedConnection, Q_ARG(const QString &, key),
                                  Q_ARG(const QVariant &, value));
    }
 }
 void Settings::resetGatewayEndpoint()
 {
    m_gatewayEndpoint = gatewayEndpoint;
@@ -541,50 +518,50 @@ QString Settings::getGatewayEndpoint(bool isTestPurchase)
 bool Settings::isDevGatewayEnv(bool isTestPurchase)
 {
-    return isTestPurchase ? true : value("Conf/devGatewayEnv", false).toBool();
+    return isTestPurchase ? true : m_settings.value("Conf/devGatewayEnv", false).toBool();
 }
 void Settings::toggleDevGatewayEnv(bool enabled)
 {
-    setValue("Conf/devGatewayEnv", enabled);
+    m_settings.setValue("Conf/devGatewayEnv", enabled);
 }
 bool Settings::isHomeAdLabelVisible()
 {
-    return value("Conf/homeAdLabelVisible", true).toBool();
+    return m_settings.value("Conf/homeAdLabelVisible", true).toBool();
 }
 void Settings::disableHomeAdLabel()
 {
-    setValue("Conf/homeAdLabelVisible", false);
+    m_settings.setValue("Conf/homeAdLabelVisible", false);
 }
 bool Settings::isPremV1MigrationReminderActive()
 {
-    return value("Conf/premV1MigrationReminderActive", true).toBool();
+    return m_settings.value("Conf/premV1MigrationReminderActive", true).toBool();
 }
 void Settings::disablePremV1MigrationReminder()
 {
-    setValue("Conf/premV1MigrationReminderActive", false);
+    m_settings.setValue("Conf/premV1MigrationReminderActive", false);
 }
 QStringList Settings::allowedDnsServers() const
 {
-    return value("Conf/allowedDnsServers").toStringList();
+    return m_settings.value("Conf/allowedDnsServers").toStringList();
 }
 void Settings::setAllowedDnsServers(const QStringList &servers)
 {
-    setValue("Conf/allowedDnsServers", servers);
+    m_settings.setValue("Conf/allowedDnsServers", servers);
 }
 QStringList Settings::readNewsIds() const
 {
-    return value("News/readIds").toStringList();
+    return m_settings.value("News/readIds").toStringList();
 }
 void Settings::setReadNewsIds(const QStringList &ids)
 {
-    setValue("News/readIds", ids);
+    m_settings.setValue("News/readIds", ids);
 }
@@ -29,11 +29,11 @@ public:
    QJsonArray serversArray() const
    {
-        return QJsonDocument::fromJson(value("Servers/serversList").toByteArray()).array();
+        return QJsonDocument::fromJson(m_settings.value("Servers/serversList").toByteArray()).array();
    }
    void setServersArray(const QJsonArray &servers)
    {
-        setValue("Servers/serversList", QJsonDocument(servers).toJson());
+        m_settings.setValue("Servers/serversList", QJsonDocument(servers).toJson());
    }
    // Servers section
@@ -45,11 +45,11 @@ public:
    int defaultServerIndex() const
    {
-        return value("Servers/defaultServerIndex", 0).toInt();
+        return m_settings.value("Servers/defaultServerIndex", 0).toInt();
    }
    void setDefaultServer(int index)
    {
-        setValue("Servers/defaultServerIndex", index);
+        m_settings.setValue("Servers/defaultServerIndex", index);
    }
    QJsonObject defaultServer() const
    {
@@ -78,25 +78,34 @@ public:
    // App settings section
    bool isAutoConnect() const
    {
-        return value("Conf/autoConnect", false).toBool();
+        return m_settings.value("Conf/autoConnect", false).toBool();
    }
    void setAutoConnect(bool enabled)
    {
-        setValue("Conf/autoConnect", enabled);
+        m_settings.setValue("Conf/autoConnect", enabled);
    }
    bool isStartMinimized() const
    {
-        return value("Conf/startMinimized", false).toBool();
+        return m_settings.value("Conf/startMinimized", false).toBool();
    }
    void setStartMinimized(bool enabled)
    {
-        setValue("Conf/startMinimized", enabled);
+        m_settings.setValue("Conf/startMinimized", enabled);
    }
    bool isNewsNotifications() const
    {
        return m_settings.value("Conf/newsNotifications", true).toBool();
    }
    void setNewsNotifications(bool enabled)
    {
        m_settings.setValue("Conf/newsNotifications", enabled);
    }
    bool isSaveLogs() const
    {
-        return value("Conf/saveLogs", false).toBool();
+        return m_settings.value("Conf/saveLogs", false).toBool();
    }
    void setSaveLogs(bool enabled);
@@ -113,19 +122,18 @@ public:
    QString routeModeString(RouteMode mode) const;
    RouteMode routeMode() const;
-    void setRouteMode(RouteMode mode) { setValue("Conf/routeMode", mode); }
+    void setRouteMode(RouteMode mode) { m_settings.setValue("Conf/routeMode", mode); }
    bool isSitesSplitTunnelingEnabled() const;
    void setSitesSplitTunnelingEnabled(bool enabled);
    QVariantMap vpnSites(RouteMode mode) const
    {
-        return value("Conf/" + routeModeString(mode)).toMap();
+        return m_settings.value("Conf/" + routeModeString(mode)).toMap();
    }
    void setVpnSites(RouteMode mode, const QVariantMap &sites)
    {
-        setValue("Conf/" + routeModeString(mode), sites);
+        m_settings.setValue("Conf/" + routeModeString(mode), sites);
        m_settings.sync();
    }
    bool addVpnSite(RouteMode mode, const QString &site, const QString &ip = "");
    void addVpnSites(RouteMode mode, const QMap<QString, QString> &sites); // map <site, ip>
@@ -138,11 +146,11 @@ public:
    bool useAmneziaDns() const
    {
-        return value("Conf/useAmneziaDns", true).toBool();
+        return m_settings.value("Conf/useAmneziaDns", true).toBool();
    }
    void setUseAmneziaDns(bool enabled)
    {
-        setValue("Conf/useAmneziaDns", enabled);
+        m_settings.setValue("Conf/useAmneziaDns", enabled);
    }
    QString primaryDns() const;
@@ -151,13 +159,13 @@ public:
    // QString primaryDns() const { return m_primaryDns; }
    void setPrimaryDns(const QString &primaryDns)
    {
-        setValue("Conf/primaryDns", primaryDns);
+        m_settings.setValue("Conf/primaryDns", primaryDns);
    }
    // QString secondaryDns() const { return m_secondaryDns; }
    void setSecondaryDns(const QString &secondaryDns)
    {
-        setValue("Conf/secondaryDns", secondaryDns);
+        m_settings.setValue("Conf/secondaryDns", secondaryDns);
    }
    //    static constexpr char openNicNs5[] = "94.103.153.176";
@@ -179,16 +187,16 @@ public:
    };
    void setAppLanguage(QLocale locale)
    {
-        setValue("Conf/appLanguage", locale.name());
+        m_settings.setValue("Conf/appLanguage", locale.name());
    };
    bool isScreenshotsEnabled() const
    {
-        return value("Conf/screenshotsEnabled", true).toBool();
+        return m_settings.value("Conf/screenshotsEnabled", true).toBool();
    }
    void setScreenshotsEnabled(bool enabled)
    {
-        setValue("Conf/screenshotsEnabled", enabled);
+        m_settings.setValue("Conf/screenshotsEnabled", enabled);
        emit screenshotsEnabledChanged(enabled);
    }
@@ -246,9 +254,6 @@ signals:
    void settingsCleared();
 private:
    QVariant value(const QString &key, const QVariant &defaultValue = QVariant()) const;
    void setValue(const QString &key, const QVariant &value);
    void setInstallationUuid(const QString &uuid);
    mutable SecureQSettings m_settings;
@@ -9,9 +9,14 @@
 #include "ui/controllers/systemController.h"
 #include "version.h"
 #include <QClipboard>
 #include <QCoreApplication>
 #include <QDebug>
 #include <QEventLoop>
 #include <QHash>
 #include <QJsonArray>
 #include <QSet>
 #include <QVariantMap>
 #include <limits>
 #include "platforms/ios/ios_controller.h"
@@ -39,6 +44,15 @@ namespace
        constexpr char serviceInfo[] = "service_info";
        constexpr char serviceProtocol[] = "service_protocol";
        constexpr char services[] = "services";
        constexpr char serviceDescription[] = "service_description";
        constexpr char subscriptionPlans[] = "subscription_plans";
        constexpr char storeProductId[] = "store_product_id";
        constexpr char priceLabel[] = "price_label";
        constexpr char subtitle[] = "subtitle";
        constexpr char isTrial[] = "is_trial";
        constexpr char minPriceLabel[] = "min_price_label";
        constexpr char apiPayload[] = "api_payload";
        constexpr char keyPayload[] = "key_payload";
@@ -47,9 +61,6 @@ namespace
        constexpr char config[] = "config";
        constexpr char subscription[] = "subscription";
        constexpr char endDate[] = "end_date";
        constexpr char isConnectEvent[] = "is_connect_event";
    }
@@ -241,13 +252,190 @@ namespace
        return ErrorCode::NoError;
    }
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
    struct StoreKitPlanQuote {
        QString displayPrice;
        double priceAmount = 0.0;
        double subscriptionBillingMonths = 0.0;
        QString displayPricePerMonth;
    };
    constexpr double kOneMonthThreshold = 1.0 + 1e-6;
    constexpr double kMonthsFallbackThreshold = 1e-6;
    constexpr double kMonthlyPriceEpsilon = 1e-9;
    QStringList collectPremiumStoreProductIds(const QJsonArray &services)
    {
        QStringList productIds;
        QSet<QString> seenProductIds;
        for (const QJsonValue &serviceValue : services) {
            const QJsonObject serviceObject = serviceValue.toObject();
            if (serviceObject.value(configKey::serviceType).toString() != serviceType::amneziaPremium) {
                continue;
            }
            const QJsonArray subscriptionPlans =
                    serviceObject.value(configKey::serviceDescription).toObject().value(configKey::subscriptionPlans).toArray();
            for (const QJsonValue &planValue : subscriptionPlans) {
                if (!planValue.isObject()) {
                    continue;
                }
                const QString storeProductId = planValue.toObject().value(configKey::storeProductId).toString();
                if (storeProductId.isEmpty() || seenProductIds.contains(storeProductId)) {
                    continue;
                }
                seenProductIds.insert(storeProductId);
                productIds.append(storeProductId);
            }
        }
        return productIds;
    }
    QHash<QString, StoreKitPlanQuote> buildStoreKitQuoteMap(const QList<QVariantMap> &fetchedProducts)
    {
        QHash<QString, StoreKitPlanQuote> quotesByProductId;
        quotesByProductId.reserve(fetchedProducts.size());
        for (const QVariantMap &productInfo : fetchedProducts) {
            const QString productId = productInfo.value(QStringLiteral("productId")).toString();
            if (productId.isEmpty()) {
                continue;
            }
            QString displayPrice = productInfo.value(QStringLiteral("displayPrice")).toString();
            if (displayPrice.isEmpty()) {
                const QString price = productInfo.value(QStringLiteral("price")).toString();
                const QString currencyCode = productInfo.value(QStringLiteral("currencyCode")).toString();
                displayPrice = currencyCode.isEmpty() ? price : (price + QLatin1Char(' ') + currencyCode);
            }
            StoreKitPlanQuote quote;
            quote.displayPrice = displayPrice;
            quote.priceAmount = productInfo.value(QStringLiteral("priceAmount")).toDouble();
            quote.subscriptionBillingMonths = productInfo.value(QStringLiteral("subscriptionBillingMonths")).toDouble();
            quote.displayPricePerMonth = productInfo.value(QStringLiteral("displayPricePerMonth")).toString();
            quotesByProductId.insert(productId, quote);
        }
        return quotesByProductId;
    }
    void mergeStoreKitPricesIntoPremiumPlans(QJsonObject &data)
    {
        QJsonArray services = data.value(configKey::services).toArray();
        if (services.isEmpty()) {
            return;
        }
        const QStringList productIds = collectPremiumStoreProductIds(services);
        if (productIds.isEmpty()) {
            qInfo().noquote() << "[IAP] No store_product_id in premium plans; skip StoreKit merge into services payload";
            return;
        }
        QList<QVariantMap> fetchedProducts;
        QEventLoop loop;
        IosController::Instance()->fetchProducts(productIds,
                                                 [&](const QList<QVariantMap> &products, const QStringList &invalidIds,
                                                     const QString &errorString) {
                                                     if (!errorString.isEmpty()) {
                                                         qWarning().noquote() << "[IAP] StoreKit merge fetch:" << errorString;
                                                     }
                                                     if (!invalidIds.isEmpty()) {
                                                         qWarning().noquote() << "[IAP] Unknown App Store product ids:" << invalidIds;
                                                     }
                                                     fetchedProducts = products;
                                                     loop.quit();
                                                 });
        loop.exec();
        const QHash<QString, StoreKitPlanQuote> quotesByProductId = buildStoreKitQuoteMap(fetchedProducts);
        for (int serviceIndex = 0; serviceIndex < services.size(); ++serviceIndex) {
            QJsonObject serviceObject = services.at(serviceIndex).toObject();
            if (serviceObject.value(configKey::serviceType).toString() != serviceType::amneziaPremium) {
                continue;
            }
            QJsonObject descriptionObject = serviceObject.value(configKey::serviceDescription).toObject();
            const QJsonArray sourcePlans = descriptionObject.value(configKey::subscriptionPlans).toArray();
            QJsonArray mergedPlans;
            double minMonthlyAmount = std::numeric_limits<double>::infinity();
            QString minMonthlyDisplay;
            for (const QJsonValue &planValue : sourcePlans) {
                if (!planValue.isObject()) {
                    continue;
                }
                QJsonObject planObject = planValue.toObject();
                const QString storeProductId = planObject.value(configKey::storeProductId).toString();
                if (storeProductId.isEmpty()) {
                    continue;
                }
                const auto quoteIterator = quotesByProductId.constFind(storeProductId);
                if (quoteIterator == quotesByProductId.cend()) {
                    continue;
                }
                const bool isTrialPlan = planObject.value(configKey::isTrial).toBool();
                const StoreKitPlanQuote &quote = *quoteIterator;
                planObject.insert(configKey::priceLabel, quote.displayPrice);
                const double months = quote.subscriptionBillingMonths;
                if (!isTrialPlan && months > kOneMonthThreshold && !quote.displayPricePerMonth.isEmpty()) {
                    planObject.insert(
                            configKey::subtitle,
                            QCoreApplication::translate("ApiConfigsController", "%1/mo", "IAP: price per month in plan subtitle")
                                    .arg(quote.displayPricePerMonth));
                }
                if (!isTrialPlan && quote.priceAmount > 0.0) {
                    const double monthsForMin = months > kMonthsFallbackThreshold ? months : 1.0;
                    const double monthly = quote.priceAmount / monthsForMin;
                    if (monthly < minMonthlyAmount - kMonthlyPriceEpsilon) {
                        minMonthlyAmount = monthly;
                        minMonthlyDisplay = !quote.displayPricePerMonth.isEmpty() ? quote.displayPricePerMonth : quote.displayPrice;
                    }
                }
                mergedPlans.append(planObject);
            }
            descriptionObject.insert(configKey::subscriptionPlans, mergedPlans);
            if (minMonthlyAmount < std::numeric_limits<double>::infinity() && !minMonthlyDisplay.isEmpty()) {
                descriptionObject.insert(configKey::minPriceLabel,
                                         QCoreApplication::translate("ApiConfigsController", "from %1 per month",
                                                                     "IAP: card footer minimum monthly price from StoreKit")
                                                 .arg(minMonthlyDisplay));
            }
            serviceObject.insert(configKey::serviceDescription, descriptionObject);
            services.replace(serviceIndex, serviceObject);
        }
        data.insert(configKey::services, services);
    }
 #endif
 }
 ApiConfigsController::ApiConfigsController(const QSharedPointer<ServersModel> &serversModel,
                                           const QSharedPointer<ApiServicesModel> &apiServicesModel,
                                           const QSharedPointer<ApiSubscriptionPlansModel> &subscriptionPlansModel,
                                           const QSharedPointer<ApiBenefitsModel> &benefitsModel,
                                           const std::shared_ptr<Settings> &settings, QObject *parent)
-    : QObject(parent), m_serversModel(serversModel), m_apiServicesModel(apiServicesModel), m_settings(settings)
+    : QObject(parent)
    , m_serversModel(serversModel)
    , m_apiServicesModel(apiServicesModel)
    , m_subscriptionPlansModel(subscriptionPlansModel)
    , m_benefitsModel(benefitsModel)
    , m_settings(settings)
 {
    connect(m_apiServicesModel.data(), &ApiServicesModel::serviceSelectionChanged, this, [this]() {
        const ApiServicesModel::ApiServicesData serviceData = m_apiServicesModel->selectedServiceData();
        m_subscriptionPlansModel->updateModel(serviceData.subscriptionPlansJson);
        m_benefitsModel->updateModel(serviceData.benefits);
    });
 }
 bool ApiConfigsController::exportVpnKey(const QString &fileName)
@@ -300,6 +488,8 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
        return false;
    }
    qDebug() << responseBody;
    QJsonObject jsonConfig = QJsonDocument::fromJson(responseBody).object();
    QString nativeConfig = jsonConfig.value(configKey::config).toString();
    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", protocolData.wireGuardClientPrivKey);
@@ -366,6 +556,8 @@ bool ApiConfigsController::fillAvailableServices()
 {
    QJsonObject apiPayload;
    apiPayload[configKey::osVersion] = QSysInfo::productType();
    apiPayload[configKey::appVersion] = QString(APP_VERSION);
    apiPayload[apiDefs::key::cliName] = QString(APPLICATION_NAME);
    apiPayload[apiDefs::key::appLanguage] = m_settings->getAppLanguage().name().split("_").first();
    QByteArray responseBody;
@@ -382,6 +574,11 @@ bool ApiConfigsController::fillAvailableServices()
    }
    QJsonObject data = QJsonDocument::fromJson(responseBody).object();
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
    mergeStoreKitPricesIntoPremiumPlans(data);
 #endif
    m_apiServicesModel->updateModel(data);
    if (m_apiServicesModel->rowCount() > 0) {
        m_apiServicesModel->setServiceIndex(0);
@@ -392,39 +589,42 @@ bool ApiConfigsController::fillAvailableServices()
 bool ApiConfigsController::importService()
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
-    bool isIosOrMacOsNe = true;
+    const bool isIosOrMacOsNe = true;
 #else
-    bool isIosOrMacOsNe = false;
+    const bool isIosOrMacOsNe = false;
 #endif
    if (m_apiServicesModel->getSelectedServiceType() == serviceType::amneziaPremium) {
        if (isIosOrMacOsNe) {
-            importSerivceFromAppStore();
+            return importPremiumFromAppStore(QString());
            return true;
        }
-    } else {
+    } else if (m_apiServicesModel->getSelectedServiceType() == serviceType::amneziaFree) {
-        importServiceFromGateway();
+        return importFreeFromGateway();
        return true;
    }
    return false;
 }
-bool ApiConfigsController::importSerivceFromAppStore()
+bool ApiConfigsController::importPremiumFromAppStore(const QString &storeProductId)
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
    QString productId = storeProductId.trimmed();
    if (productId.isEmpty()) {
        productId = QStringLiteral("amnezia_premium_6_month");
    }
    bool purchaseOk = false;
    QString originalTransactionId;
    QString storeTransactionId;
-    QString storeProductId;
+    QString purchasedStoreProductId;
    QString purchaseError;
    QEventLoop waitPurchase;
-    IosController::Instance()->purchaseProduct(QStringLiteral("amnezia_premium_6_month"),
+    IosController::Instance()->purchaseProduct(productId,
-                                               [&](bool success, const QString &txId, const QString &purchasedProductId,
+                                               [&](bool success, const QString &transactionId, const QString &purchasedProductId,
-                                                   const QString &originalTxId, const QString &errorString) {
+                                                   const QString &originalTransactionIdResponse, const QString &errorString) {
                                                   purchaseOk = success;
-                                                   originalTransactionId = originalTxId;
+                                                   originalTransactionId = originalTransactionIdResponse;
-                                                   storeTransactionId = txId;
+                                                   storeTransactionId = transactionId;
-                                                   storeProductId = purchasedProductId;
+                                                   purchasedStoreProductId = purchasedProductId;
                                                   purchaseError = errorString;
                                                   waitPurchase.quit();
                                               });
@@ -436,7 +636,7 @@ bool ApiConfigsController::importSerivceFromAppStore()
        return false;
    }
    qInfo().noquote() << "[IAP] Purchase success. transactionId =" << storeTransactionId
-                      << "originalTransactionId =" << originalTransactionId << "productId =" << storeProductId;
+                      << "originalTransactionId =" << originalTransactionId << "productId =" << purchasedStoreProductId;
    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                            QString(APP_VERSION),
@@ -460,18 +660,26 @@ bool ApiConfigsController::importSerivceFromAppStore()
        return false;
    }
-    errorCode = importServiceFromBilling(responseBody, isTestPurchase);
+    int duplicateServerIndex = -1;
    errorCode = importServiceFromBilling(responseBody, isTestPurchase, duplicateServerIndex);
    if (errorCode == ErrorCode::ApiConfigAlreadyAdded) {
        emit installServerFromApiFinished(tr("This subscription is already in the app."), duplicateServerIndex);
        return true;
    }
    if (errorCode != ErrorCode::NoError) {
        emit errorOccurred(errorCode);
        return false;
    }
-
+    emit installServerFromApiFinished(
-    emit installServerFromApiFinished(tr("%1 installed successfully.").arg(m_apiServicesModel->getSelectedServiceName()));
+            tr("%1 was added to the app.").arg(m_apiServicesModel->getSelectedServiceName()));
 #endif
    return true;
 #else
    Q_UNUSED(storeProductId);
    return false;
 #endif
 }
-bool ApiConfigsController::restoreSerivceFromAppStore()
+bool ApiConfigsController::restoreServiceFromAppStore()
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
    const QString premiumServiceType = QStringLiteral("amnezia-premium");
@@ -487,20 +695,12 @@ bool ApiConfigsController::restoreSerivceFromAppStore()
        return false;
    }
-    // Ensure we have a valid premium selection for gateway requests
+    const int premiumServiceIndex = m_apiServicesModel->serviceIndexForType(premiumServiceType);
-    bool premiumSelected = false;
+    if (premiumServiceIndex < 0) {
    for (int i = 0; i < m_apiServicesModel->rowCount(); ++i) {
        m_apiServicesModel->setServiceIndex(i);
        if (m_apiServicesModel->getSelectedServiceType() == premiumServiceType) {
            premiumSelected = true;
            break;
        }
    }
    if (!premiumSelected) {
        emit errorOccurred(ErrorCode::ApiServicesMissingError);
        return false;
    }
    m_apiServicesModel->setServiceIndex(premiumServiceIndex);
    bool restoreSuccess = false;
    QList<QVariantMap> restoredTransactions;
@@ -522,15 +722,23 @@ bool ApiConfigsController::restoreSerivceFromAppStore()
    }
    if (restoredTransactions.isEmpty()) {
-        qInfo().noquote() << "[IAP] Restore completed, but no transactions were returned";
+        qInfo().noquote() << "[IAP] Restore completed, but no active entitlements found";
-        emit errorOccurred(ErrorCode::ApiPurchaseError);
+        emit errorOccurred(ErrorCode::ApiNoPurchasedSubscriptionsError);
        return false;
    }
    const bool isTestPurchase = IosController::Instance()->isTestFlight();
    const QString serviceType = m_apiServicesModel->getSelectedServiceType();
    const QString serviceProtocol = m_apiServicesModel->getSelectedServiceProtocol();
    const QString countryCode = m_apiServicesModel->getCountryCode();
    const QString appLanguage = m_settings->getAppLanguage().name().split("_").first();
    const QString installationUuid = m_settings->getInstallationUuid(true);
    bool hasInstalledConfig = false;
    bool duplicateConfigAlreadyPresent = false;
-    int duplicateCount = 0;
+    int duplicateServerIndex = -1;
-    QSet<QString> processedTransactions;
+    QSet<QString> processedOriginalTransactionIds;
    for (const QVariantMap &transaction : restoredTransactions) {
        const QString originalTransactionId = transaction.value(QStringLiteral("originalTransactionId")).toString();
        const QString transactionId = transaction.value(QStringLiteral("transactionId")).toString();
@@ -541,28 +749,28 @@ bool ApiConfigsController::restoreSerivceFromAppStore()
            continue;
        }
-        if (processedTransactions.contains(originalTransactionId)) {
+        if (processedOriginalTransactionIds.contains(originalTransactionId)) {
-            duplicateCount++;
+            qInfo().noquote() << "[IAP] Skipping duplicate restored transaction" << originalTransactionId;
            continue;
        }
-        processedTransactions.insert(originalTransactionId);
+        processedOriginalTransactionIds.insert(originalTransactionId);
        qInfo().noquote() << "[IAP] Restoring subscription. transactionId =" << transactionId
                          << "originalTransactionId =" << originalTransactionId << "productId =" << productId;
        GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                                QString(APP_VERSION),
-                                                m_settings->getAppLanguage().name().split("_").first(),
+                                                appLanguage,
-                                                m_settings->getInstallationUuid(true),
+                                                installationUuid,
-                                                m_apiServicesModel->getCountryCode(),
+                                                countryCode,
                                                "",
-                                                m_apiServicesModel->getSelectedServiceType(),
+                                                serviceType,
-                                                m_apiServicesModel->getSelectedServiceProtocol(),
+                                                serviceProtocol,
                                                QJsonObject() };
        QJsonObject apiPayload = gatewayRequestData.toJsonObject();
        apiPayload[apiDefs::key::transactionId] = originalTransactionId;
-        auto isTestPurchase = IosController::Instance()->isTestFlight();
+
        QByteArray responseBody;
        ErrorCode errorCode = executeRequest(QString("%1v1/subscriptions"), apiPayload, responseBody, isTestPurchase);
        if (errorCode != ErrorCode::NoError) {
@@ -571,34 +779,42 @@ bool ApiConfigsController::restoreSerivceFromAppStore()
            continue;
        }
-        ErrorCode installError = importServiceFromBilling(responseBody, isTestPurchase);
+        int currentDuplicateServerIndex = -1;
        errorCode = importServiceFromBilling(responseBody, isTestPurchase, currentDuplicateServerIndex);
        if (errorCode == ErrorCode::ApiConfigAlreadyAdded) {
            duplicateConfigAlreadyPresent = true;
-            qInfo().noquote() << "[IAP] Skipping restored transaction" << originalTransactionId
+            if (duplicateServerIndex < 0) {
-                              << "because subscription config with the same vpn_key already exists";
+                duplicateServerIndex = currentDuplicateServerIndex;
        } else if (errorCode != ErrorCode::NoError) {
            qWarning().noquote() << "[IAP] Failed to process restored subscription response for transaction" << originalTransactionId;
        } else {
            hasInstalledConfig = true;
            }
            qInfo().noquote() << "[IAP] Subscription config with the same vpn_key already exists" << originalTransactionId;
            continue;
        }
        if (errorCode != ErrorCode::NoError) {
            qWarning().noquote() << "[IAP] Failed to process restored subscription response for transaction" << originalTransactionId
                                 << "errorCode =" << static_cast<int>(errorCode);
            continue;
        }
        hasInstalledConfig = true;
    }
    if (!hasInstalledConfig) {
-        const ErrorCode restoreError = duplicateConfigAlreadyPresent ? ErrorCode::ApiConfigAlreadyAdded : ErrorCode::ApiPurchaseError;
+        if (duplicateConfigAlreadyPresent) {
-        emit errorOccurred(restoreError);
+            emit installServerFromApiFinished(tr("This subscription is already in the app."), duplicateServerIndex);
            return true;
        }
        emit errorOccurred(ErrorCode::ApiPurchaseError);
        return false;
    }
    emit installServerFromApiFinished(tr("Subscription restored successfully."));
    if (duplicateCount > 0) {
        qInfo().noquote() << "[IAP] Skipped" << duplicateCount
                          << "duplicate restored transactions for original transaction IDs already processed";
    }
 #endif
    return true;
 }
-bool ApiConfigsController::importServiceFromGateway()
+bool ApiConfigsController::importFreeFromGateway()
 {
    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                            QString(APP_VERSION),
@@ -650,6 +866,72 @@ bool ApiConfigsController::importServiceFromGateway()
    }
 }
 bool ApiConfigsController::importTrialFromGateway(const QString &email)
 {
    const QString trimmedEmail = email.trimmed();
    if (trimmedEmail.isEmpty()) {
        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
        return false;
    }
    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                            QString(APP_VERSION),
                                            m_settings->getAppLanguage().name().split("_").first(),
                                            m_settings->getInstallationUuid(true),
                                            m_apiServicesModel->getCountryCode(),
                                            "",
                                            m_apiServicesModel->getSelectedServiceType(),
                                            m_apiServicesModel->getSelectedServiceProtocol(),
                                            QJsonObject() };
    if (m_serversModel->isServerFromApiAlreadyExists(gatewayRequestData.userCountryCode, gatewayRequestData.serviceType,
                                                     gatewayRequestData.serviceProtocol)) {
        emit errorOccurred(ErrorCode::ApiConfigAlreadyAdded);
        return false;
    }
    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
    apiPayload.insert(apiDefs::key::email, trimmedEmail);
    QByteArray responseBody;
    ErrorCode errorCode = executeRequest(QString("%1v1/trial"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError) {
        emit errorOccurred(errorCode);
        return false;
    }
    QJsonObject responseObject = QJsonDocument::fromJson(responseBody).object();
    QString key = responseObject.value(apiDefs::key::config).toString();
    if (key.isEmpty()) {
        qWarning().noquote() << "[Trial] trial response does not contain config field";
        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
        return false;
    }
    key.replace(QStringLiteral("vpn://"), QString());
    QByteArray configBytes = QByteArray::fromBase64(key.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
    QByteArray uncompressed = qUncompress(configBytes);
    if (!uncompressed.isEmpty()) {
        configBytes = uncompressed;
    }
    if (configBytes.isEmpty()) {
        qWarning().noquote() << "[Trial] trial response config payload is empty";
        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
        return false;
    }
    QJsonObject configObject = QJsonDocument::fromJson(configBytes).object();
    quint16 crc = qChecksum(QJsonDocument(configObject).toJson());
    configObject.insert(config_key::crc, crc);
    m_serversModel->addServer(configObject);
    emit installServerFromApiFinished(tr("%1 installed successfully.").arg(m_apiServicesModel->getSelectedServiceName()));
    return true;
 }
 bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                                    bool reloadServiceConfig)
 {
@@ -676,6 +958,7 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
    }
    bool isTestPurchase = apiConfig.value(apiDefs::key::isTestPurchase).toBool(false);
    bool wasSubscriptionExpired = m_serversModel->data(serverIndex, ServersModel::IsSubscriptionExpiredRole).toBool();
    QByteArray responseBody;
    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody, isTestPurchase);
@@ -692,6 +975,12 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
        newApiConfig.insert(configKey::serviceType, apiConfig.value(configKey::serviceType));
        newApiConfig.insert(configKey::serviceProtocol, apiConfig.value(configKey::serviceProtocol));
        newApiConfig.insert(apiDefs::key::vpnKey, apiConfig.value(apiDefs::key::vpnKey));
        if (apiConfig.contains(apiDefs::key::isInAppPurchase)) {
            newApiConfig.insert(apiDefs::key::isInAppPurchase, apiConfig.value(apiDefs::key::isInAppPurchase));
        }
        if (apiConfig.contains(apiDefs::key::isTestPurchase)) {
            newApiConfig.insert(apiDefs::key::isTestPurchase, apiConfig.value(apiDefs::key::isTestPurchase));
        }
        newServerConfig.insert(configKey::apiConfig, newApiConfig);
        newServerConfig.insert(configKey::authData, gatewayRequestData.authData);
@@ -702,6 +991,11 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
            newServerConfig.insert(config_key::nameOverriddenByUser, true);
        }
        m_serversModel->editServer(newServerConfig, serverIndex);
        if (wasSubscriptionExpired) {
            emit subscriptionRefreshNeeded();
        }
        if (reloadServiceConfig) {
            emit reloadServerFromApiFinished(tr("API config reloaded"));
        } else if (newCountryName.isEmpty()) {
@@ -710,8 +1004,19 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
            emit changeApiCountryFinished(tr("Successfully changed the country of connection to %1").arg(newCountryName));
        }
        return true;
    } else {
        if (errorCode == ErrorCode::ApiSubscriptionExpiredError) {
            if (!apiConfig.value(apiDefs::key::isInAppPurchase).toBool(false)) {
                apiConfig.insert(apiDefs::key::subscriptionExpiredByServer, true);
                serverConfig.insert(configKey::apiConfig, apiConfig);
                m_serversModel->editServer(serverConfig, serverIndex);
                emit subscriptionExpiredOnServer();
            } else {
                emit errorOccurred(errorCode);
            }
        } else {
            emit errorOccurred(errorCode);
        }
        return false;
    }
 }
@@ -897,43 +1202,63 @@ QString ApiConfigsController::getVpnKey()
    return m_vpnKey;
 }
-ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase)
+ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase,
                                                         int &duplicateServerIndex)
 {
-#ifdef Q_OS_IOS
+#if defined(Q_OS_IOS) || defined(MACOS_NE)
    duplicateServerIndex = -1;
    QJsonObject responseObject = QJsonDocument::fromJson(responseBody).object();
-    QString key = responseObject.value(QStringLiteral("key")).toString();
+    const QString rawVpnKey = responseObject.value(QStringLiteral("key")).toString();
-    if (key.isEmpty()) {
+    if (rawVpnKey.isEmpty()) {
        qWarning().noquote() << "[IAP] Subscription response does not contain a key field";
        return ErrorCode::ApiPurchaseError;
    }
-    if (m_serversModel->hasServerWithVpnKey(key)) {
+    QString normalizedVpnKey = rawVpnKey;
    normalizedVpnKey.replace(QStringLiteral("vpn://"), QString());
    duplicateServerIndex = m_serversModel->indexOfServerWithVpnKey(normalizedVpnKey);
    if (duplicateServerIndex >= 0) {
        qInfo().noquote() << "[IAP] Subscription config with the same vpn_key already exists";
        return ErrorCode::ApiConfigAlreadyAdded;
    }
-    QString normalizedKey = key;
+    QByteArray configPayload =
-    normalizedKey.replace(QStringLiteral("vpn://"), QString());
+            QByteArray::fromBase64(normalizedVpnKey.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
-
+    QByteArray configUncompressed = qUncompress(configPayload);
-    QByteArray configString = QByteArray::fromBase64(normalizedKey.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+    const bool payloadWasCompressed = !configUncompressed.isEmpty();
-    QByteArray configUncompressed = qUncompress(configString);
+    if (payloadWasCompressed) {
-    if (!configUncompressed.isEmpty()) {
+        configPayload = configUncompressed;
        configString = configUncompressed;
    }
-    if (configString.isEmpty()) {
+    if (configPayload.isEmpty()) {
        qWarning().noquote() << "[IAP] Subscription response config payload is empty";
        return ErrorCode::ApiPurchaseError;
    }
-    QJsonObject configObject = QJsonDocument::fromJson(configString).object();
+    QJsonObject configObject = QJsonDocument::fromJson(configPayload).object();
    auto apiConfig = configObject.value(apiDefs::key::apiConfig).toObject();
    apiConfig.insert(apiDefs::key::isTestPurchase, isTestPurchase);
    apiConfig.insert(apiDefs::key::isInAppPurchase, true);
    configObject.insert(apiDefs::key::apiConfig, apiConfig);
    configPayload = QJsonDocument(configObject).toJson();
    if (payloadWasCompressed) {
        configPayload = qCompress(configPayload, 8);
    }
    normalizedVpnKey = QString(configPayload.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals));
    duplicateServerIndex = m_serversModel->indexOfServerWithVpnKey(normalizedVpnKey);
    if (duplicateServerIndex >= 0) {
        qInfo().noquote() << "[IAP] Subscription config with the same vpn_key already exists";
        return ErrorCode::ApiConfigAlreadyAdded;
    }
    apiConfig.insert(apiDefs::key::vpnKey, normalizedVpnKey);
    configObject.insert(apiDefs::key::apiConfig, apiConfig);
    quint16 crc = qChecksum(QJsonDocument(configObject).toJson());
    auto apiConfig = configObject.value(apiDefs::key::apiConfig).toObject();
    apiConfig[apiDefs::key::vpnKey] = normalizedKey;
    apiConfig[apiDefs::key::isTestPurchase] = isTestPurchase;
    configObject.insert(apiDefs::key::apiConfig, apiConfig);
    configObject.insert(config_key::crc, crc);
    m_serversModel->addServer(configObject);
@@ -941,6 +1266,7 @@ ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &respo
 #else
    Q_UNUSED(responseBody)
    Q_UNUSED(isTestPurchase)
    duplicateServerIndex = -1;
    return ErrorCode::NoError;
 #endif
 }
@@ -1,10 +1,13 @@
 #ifndef APICONFIGSCONTROLLER_H
 #define APICONFIGSCONTROLLER_H
 #include <QList>
 #include <QObject>
 #include "configurators/openvpn_configurator.h"
 #include "ui/models/api/apiBenefitsModel.h"
 #include "ui/models/api/apiServicesModel.h"
 #include "ui/models/api/apiSubscriptionPlansModel.h"
 #include "ui/models/servers_model.h"
 class ApiConfigsController : public QObject
@@ -12,7 +15,9 @@ class ApiConfigsController : public QObject
    Q_OBJECT
 public:
    ApiConfigsController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ApiServicesModel> &apiServicesModel,
-                         const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
+                         const QSharedPointer<ApiSubscriptionPlansModel> &subscriptionPlansModel,
                         const QSharedPointer<ApiBenefitsModel> &benefitsModel, const std::shared_ptr<Settings> &settings,
                         QObject *parent = nullptr);
    Q_PROPERTY(QList<QString> qrCodes READ getQrCodes NOTIFY vpnKeyExportReady)
    Q_PROPERTY(int qrCodesCount READ getQrCodesCount NOTIFY vpnKeyExportReady)
@@ -27,9 +32,10 @@ public slots:
    bool fillAvailableServices();
    bool importService();
-    bool importSerivceFromAppStore();
+    bool importPremiumFromAppStore(const QString &storeProductId);
-    bool restoreSerivceFromAppStore();
+    bool restoreServiceFromAppStore();
-    bool importServiceFromGateway();
+    bool importFreeFromGateway();
    bool importTrialFromGateway(const QString &email);
    bool updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                  bool reloadServiceConfig = false);
    bool updateServiceFromTelegram(const int serverIndex);
@@ -43,8 +49,10 @@ public slots:
 signals:
    void errorOccurred(ErrorCode errorCode);
    void subscriptionExpiredOnServer();
    void subscriptionRefreshNeeded();
-    void installServerFromApiFinished(const QString &message);
+    void installServerFromApiFinished(const QString &message, int preferredDefaultServerIndex = -1);
    void changeApiCountryFinished(const QString &message);
    void reloadServerFromApiFinished(const QString &message);
    void updateServerFromApiFinished();
@@ -57,7 +65,7 @@ private:
    QString getVpnKey();
    ErrorCode executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody, bool isTestPurchase = false);
-    ErrorCode importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase);
+    ErrorCode importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase, int &duplicateServerIndex);
    QList<QString> m_qrCodes;
    QString m_vpnKey;
@@ -65,6 +73,9 @@ private:
    QSharedPointer<ServersModel> m_serversModel;
    QSharedPointer<ApiServicesModel> m_apiServicesModel;
    std::shared_ptr<Settings> m_settings;
    QSharedPointer<ApiSubscriptionPlansModel> m_subscriptionPlansModel;
    QSharedPointer<ApiBenefitsModel> m_benefitsModel;
 };
-#endif // APICONFIGSCONTROLLER_H
+#endif
@@ -1,6 +1,7 @@
 #include "apiSettingsController.h"
 #include <QEventLoop>
 #include <QJsonDocument>
 #include <QTimer>
 #include "core/api/apiUtils.h"
@@ -85,6 +86,42 @@ bool ApiSettingsController::getAccountInfo(bool reload)
    return true;
 }
 void ApiSettingsController::getRenewalLink()
 {
    auto processedIndex = m_serversModel->getProcessedServerIndex();
    auto serverConfig = m_serversModel->getServerConfig(processedIndex);
    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
    auto authData = serverConfig.value(configKey::authData).toObject();
    bool isTestPurchase = apiConfig.value(apiDefs::key::isTestPurchase).toBool(false);
    auto gatewayController = QSharedPointer<GatewayController>::create(m_settings->getGatewayEndpoint(isTestPurchase),
                                                                       m_settings->isDevGatewayEnv(isTestPurchase),
                                                                       requestTimeoutMsecs,
                                                                       m_settings->isStrictKillSwitchEnabled());
    QJsonObject apiPayload;
    apiPayload[configKey::userCountryCode] = apiConfig.value(configKey::userCountryCode).toString();
    apiPayload[configKey::serviceType] = apiConfig.value(configKey::serviceType).toString();
    apiPayload[configKey::authData] = authData;
    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
    apiPayload[apiDefs::key::appLanguage] = m_settings->getAppLanguage().name().split("_").first();
    auto future = gatewayController->postAsync(QString("%1v1/renewal_link"), apiPayload);
    future.then(this, [this, gatewayController](QPair<ErrorCode, QByteArray> result) {
        auto [errorCode, responseBody] = result;
        if (errorCode != ErrorCode::NoError) {
            emit errorOccurred(errorCode);
            return;
        }
        QJsonObject responseJson = QJsonDocument::fromJson(responseBody).object();
        QString url = responseJson.value("renewal_url").toString();
        if (!url.isEmpty()) {
            emit renewalLinkReceived(url);
        }
    });
 }
 void ApiSettingsController::updateApiCountryModel()
 {
    m_apiCountryModel->updateModel(m_apiAccountInfoModel->getAvailableCountries(), "");
@@ -21,9 +21,11 @@ public slots:
    bool getAccountInfo(bool reload);
    void updateApiCountryModel();
    void updateApiDevicesModel();
    void getRenewalLink();
 signals:
    void errorOccurred(ErrorCode errorCode);
    void renewalLinkReceived(const QString &url);
 private:
    QSharedPointer<ServersModel> m_serversModel;
@@ -6,6 +6,7 @@
    #include <QApplication>
 #endif
 #include "amnezia_application.h"
 #include "utilities.h"
 #include "core/controllers/vpnConfigurationController.h"
 #include "version.h"
@@ -81,6 +82,8 @@ void ConnectionController::onConnectionStateChanged(Vpn::ConnectionState state)
    m_connectionStateText = tr("Connecting...");
    switch (state) {
    case Vpn::ConnectionState::Connected: {
        amnApp->networkManager()->clearConnectionCache();
        m_isConnectionInProgress = false;
        m_isConnected = true;
        m_connectionStateText = tr("Connected");
@@ -7,7 +7,6 @@
 #include <QFileInfo>
 #include <QImage>
 #include <QStandardPaths>
 #include "core/controllers/vpnConfigurationController.h"
 #include "core/qrCodeUtils.h"
 #include "core/serialization/serialization.h"
@@ -170,8 +169,7 @@ void ExportController::generateWireGuardConfig(const QString &clientName)
        m_config.append(line + "\n");
    }
-    auto qr = qrCodeUtils::generateQrCode(m_config.toUtf8());
+    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(m_config.toUtf8());
    m_qrCodes << qrCodeUtils::svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
    emit exportConfigChanged();
 }
@@ -191,8 +189,7 @@ void ExportController::generateAwgConfig(const QString &clientName)
        m_config.append(line + "\n");
    }
-    auto qr = qrCodeUtils::generateQrCode(m_config.toUtf8());
+    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(m_config.toUtf8());
    m_qrCodes << qrCodeUtils::svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
    emit exportConfigChanged();
 }
@@ -291,6 +291,8 @@ void ImportController::processNativeWireGuardConfig()
        clientProtocolConfig[config_key::cookieReplyPacketJunkSize] = "0";
        clientProtocolConfig[config_key::transportPacketJunkSize] = "0";
        clientProtocolConfig[config_key::specialJunk1] = protocols::awg::defaultSpecialJunk1;
        clientProtocolConfig[config_key::isObfuscationEnabled] = true;
        serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(clientProtocolConfig).toJson());
@@ -83,8 +83,8 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                int s1 = QRandomGenerator::global()->bounded(15, 150);
                int s2 = QRandomGenerator::global()->bounded(15, 150);
-                int s3 = QRandomGenerator::global()->bounded(0, 64);
+                int s3 = QRandomGenerator::global()->bounded(1, 64);
-                int s4 = QRandomGenerator::global()->bounded(0, 20);
+                int s4 = QRandomGenerator::global()->bounded(1, 20);
                // Ensure all values are unique and don't create equal packet sizes
                QSet<int> usedValues;
@@ -97,12 +97,12 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                while (usedValues.contains(s3) || s1 + AwgConstant::messageInitiationSize == s3 + AwgConstant::messageCookieReplySize
                       || s2 + AwgConstant::messageResponseSize == s3 + AwgConstant::messageCookieReplySize) {
-                    s3 = QRandomGenerator::global()->bounded(0, 64);
+                    s3 = QRandomGenerator::global()->bounded(1, 64);
                }
                usedValues.insert(s3);
                while (usedValues.contains(s4)) {
-                    s4 = QRandomGenerator::global()->bounded(0, 20);
+                    s4 = QRandomGenerator::global()->bounded(1, 20);
                }
                QString initPacketJunkSize = QString::number(s1);
@@ -987,37 +987,33 @@ void InstallController::addEmptyServer()
    emit installServerFinished(tr("Server added successfully"));
 }
-bool InstallController::isConfigValid()
+void InstallController::validateConfig()
 {
    int serverIndex = m_serversModel->getDefaultServerIndex();
    QJsonObject serverConfigObject = m_serversModel->getServerConfig(serverIndex);
    if (apiUtils::isServerFromApi(serverConfigObject)) {
-        return true;
+        emit configValidated(true);
        return;
    }
    if (!m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
        emit noInstalledContainers();
-        return false;
+        emit configValidated(false);
        return;
    }
    DockerContainer container = qvariant_cast<DockerContainer>(m_serversModel->data(serverIndex, ServersModel::Roles::DefaultContainerRole));
    if (container == DockerContainer::None) {
        emit installationErrorOccurred(ErrorCode::NoInstalledContainersError);
-        return false;
+        emit configValidated(false);
        return;
    }
    QSharedPointer<ServerController> serverController(new ServerController(m_settings));
    VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-
+    QSharedPointer<ServerController> serverController(new ServerController(m_settings));
    QFutureWatcher<ErrorCode> watcher;
    QFuture<ErrorCode> future = QtConcurrent::run([this, container, &credentials, &containerConfig, &serverController]() {
        ErrorCode errorCode = ErrorCode::NoError;
    auto isProtocolConfigExists = [](const QJsonObject &containerConfig, const DockerContainer container) {
        for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
@@ -1031,35 +1027,54 @@ bool InstallController::isConfigValid()
        return true;
    };
-        if (!isProtocolConfigExists(containerConfig, container)) {
+    if (isProtocolConfigExists(containerConfig, container)) {
-            VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
+        emit configValidated(true);
-            errorCode = vpnConfigurationController.createProtocolConfigForContainer(credentials, container, containerConfig);
+        return;
            if (errorCode != ErrorCode::NoError) {
                return errorCode;
    }
            m_serversModel->updateContainerConfig(container, containerConfig);
-            errorCode = m_clientManagementModel->appendClient(container, credentials, containerConfig,
+    struct ValidationResult {
-                                                              QString("Admin [%1]").arg(QSysInfo::prettyProductName()), serverController);
+        ErrorCode errorCode = ErrorCode::NoError;
-            if (errorCode != ErrorCode::NoError) {
+        QJsonObject containerConfig;
-                return errorCode;
+    };
-            }
+
-        }
+    QFuture<ValidationResult> future =
-        return errorCode;
+            QtConcurrent::run([settings = m_settings, serverController, credentials, containerConfig, container]() mutable {
                ValidationResult result;
                result.containerConfig = containerConfig;
                VpnConfigurationsController vpnConfigurationController(settings, serverController);
                result.errorCode = vpnConfigurationController.createProtocolConfigForContainer(credentials, container,
                                                                                               result.containerConfig);
                return result;
            });
-    QEventLoop wait;
+    auto *watcher = new QFutureWatcher<ValidationResult>(this);
-    connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
+    connect(watcher, &QFutureWatcher<ValidationResult>::finished, this,
-    watcher.setFuture(future);
+            [this, watcher, container, credentials, serverController]() {
-    wait.exec();
+                auto result = watcher->result();
                watcher->deleteLater();
-    ErrorCode errorCode = watcher.result();
+                if (result.errorCode != ErrorCode::NoError) {
-
+                    emit installationErrorOccurred(result.errorCode);
-    if (errorCode != ErrorCode::NoError) {
+                    emit configValidated(false);
-        emit installationErrorOccurred(errorCode);
+                    return;
        return false;
                }
-    return true;
+
                m_serversModel->updateContainerConfig(container, result.containerConfig);
                ErrorCode appendError = m_clientManagementModel->appendClient(
                        container, credentials, result.containerConfig,
                        QString("Admin [%1]").arg(QSysInfo::prettyProductName()), serverController);
                if (appendError != ErrorCode::NoError) {
                    emit installationErrorOccurred(appendError);
                    emit configValidated(false);
                    return;
                }
                emit configValidated(true);
            });
    watcher->setFuture(future);
 }
 bool InstallController::isUpdateDockerContainerRequired(const DockerContainer container, const QJsonObject &oldConfig,
@@ -1070,7 +1085,7 @@ bool InstallController::isUpdateDockerContainerRequired(const DockerContainer co
    const QJsonObject &oldProtoConfig = oldConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
    const QJsonObject &newProtoConfig = newConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
-    if (container == DockerContainer::Awg2) {
+    if (ContainerProps::isAwgContainer(container)) {
        const AwgConfig oldConfig(oldProtoConfig);
        const AwgConfig newConfig(newProtoConfig);
@@ -50,9 +50,10 @@ public slots:
    void addEmptyServer();
-    bool isConfigValid();
+    void validateConfig();
 signals:
    void configValidated(bool isValid);
    void installContainerFinished(const QString &finishMessage, bool isServiceInstall);
    void installServerFinished(const QString &finishMessage);
@@ -59,7 +59,7 @@ namespace PageLoader
        PageSetupWizardViewConfig,
        PageSetupWizardQrReader,
        PageSetupWizardApiServicesList,
-        PageSetupWizardApiServiceInfo,
+        PageSetupWizardApiFreeInfo,
        PageProtocolOpenVpnSettings,
        PageProtocolShadowSocksSettings,
@@ -76,6 +76,9 @@ namespace PageLoader
        PageShareFullAccess,
        PageShareConnection,
        PageSetupWizardApiPremiumInfo,
        PageSetupWizardApiTrialEmail,
        PageDevMenu
    };
    Q_ENUM_NS(PageEnum)
@@ -45,6 +45,8 @@ SettingsController::SettingsController(const QSharedPointer<ServersModel> &serve
        emit safeAreaBottomMarginChanged();
        emit safeAreaTopMarginChanged();
    });
    connect(AndroidController::instance(), &AndroidController::activityPaused, this, &SettingsController::activityPaused);
    connect(AndroidController::instance(), &AndroidController::activityResumed, this, &SettingsController::activityResumed);
 #endif
    m_isDevModeEnabled = m_settings->isDevGatewayEnv();
@@ -178,12 +180,11 @@ void SettingsController::backupAppConfig(const QString &fileName)
 void SettingsController::restoreAppConfig(const QString &fileName)
 {
-    QFile file(fileName);
+    QByteArray data;
-
+    if (!SystemController::readFile(fileName, data)) {
-    file.open(QIODevice::ReadOnly);
+        emit changeSettingsErrorOccurred(tr("Can't open file: %1").arg(fileName));
-
+        return;
-    QByteArray data = file.readAll();
+    }
    restoreAppConfigFromData(data);
 }
@@ -308,6 +309,15 @@ void SettingsController::toggleStartMinimized(bool enable)
    emit startMinimizedChanged();
 }
 bool SettingsController::isNewsNotificationsEnabled()
 {
    return m_settings->isNewsNotifications();
 }
 void SettingsController::toggleNewsNotificationsEnabled(bool enable)
 {
    m_settings->setNewsNotifications(enable);
 }
 bool SettingsController::isScreenshotsEnabled()
 {
    return m_settings->isScreenshotsEnabled();
@@ -73,6 +73,9 @@ public slots:
    bool isStartMinimizedEnabled();
    void toggleStartMinimized(bool enable);
    bool isNewsNotificationsEnabled();
    void toggleNewsNotificationsEnabled(bool enable);
    bool isScreenshotsEnabled();
    void toggleScreenshotsEnabled(bool enable);
@@ -138,6 +141,9 @@ signals:
    void safeAreaTopMarginChanged();
    void safeAreaBottomMarginChanged();
    void activityPaused();
    void activityResumed();
    void isHomeAdLabelVisibleChanged(bool visible);
    void startMinimizedChanged();
@@ -7,10 +7,8 @@
 #include "systemController.h"
 #include "core/networkUtilities.h"
-SitesController::SitesController(const std::shared_ptr<Settings> &settings,
+SitesController::SitesController(const std::shared_ptr<Settings> &settings, const QSharedPointer<SitesModel> &sitesModel, QObject *parent)
-                                 const QSharedPointer<VpnConnection> &vpnConnection,
+    : QObject(parent), m_settings(settings), m_sitesModel(sitesModel)
                                 const QSharedPointer<SitesModel> &sitesModel, QObject *parent)
    : QObject(parent), m_settings(settings), m_vpnConnection(vpnConnection), m_sitesModel(sitesModel)
 {
 }
@@ -34,32 +32,20 @@ void SitesController::addSite(QString hostname)
        hostname = hostname.split("/", Qt::SkipEmptyParts).first();
    }
-    const auto &processSite = [this](const QString &hostname, const QString &ip) {
+    const auto &resolveCallback = [this](const QHostInfo &hostInfo) {
        m_sitesModel->addSite(hostname, ip);
        if (!ip.isEmpty()) {
            QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection,
                                      Q_ARG(QStringList, QStringList() << ip));
        } else if (NetworkUtilities::ipAddressWithSubnetRegExp().exactMatch(hostname)) {
            QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection,
                                      Q_ARG(QStringList, QStringList() << hostname));
        }
    };
    const auto &resolveCallback = [this, processSite](const QHostInfo &hostInfo) {
        const QList<QHostAddress> &addresses = hostInfo.addresses();
        for (const QHostAddress &addr : hostInfo.addresses()) {
            if (addr.protocol() == QAbstractSocket::NetworkLayerProtocol::IPv4Protocol) {
-                processSite(hostInfo.hostName(), addr.toString());
+                m_sitesModel->addSite(hostInfo.hostName(), addr.toString());
                break;
            }
        }
    };
    if (NetworkUtilities::ipAddressWithSubnetRegExp().exactMatch(hostname)) {
-        processSite(hostname, "");
+        m_sitesModel->addSite(hostname, "");
    } else {
-        processSite(hostname, "");
+        m_sitesModel->addSite(hostname, "");
        QHostInfo::lookupHost(hostname, this, resolveCallback);
    }
@@ -72,9 +58,6 @@ void SitesController::removeSite(int index)
    auto hostname = m_sitesModel->data(modelIndex, SitesModel::Roles::UrlRole).toString();
    m_sitesModel->removeSite(modelIndex);
    QMetaObject::invokeMethod(m_vpnConnection.get(), "deleteRoutes", Qt::QueuedConnection,
                              Q_ARG(QStringList, QStringList() << hostname));
    emit finished(tr("Site removed: %1").arg(hostname));
 }
@@ -128,8 +111,6 @@ void SitesController::importSites(const QString &fileName, bool replaceExisting)
    m_sitesModel->addSites(sites, replaceExisting);
    QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection, Q_ARG(QStringList, ips));
    emit finished(tr("Import completed"));
 }
@@ -11,9 +11,8 @@ class SitesController : public QObject
 {
    Q_OBJECT
 public:
-    explicit SitesController(const std::shared_ptr<Settings> &settings,
+    explicit SitesController(const std::shared_ptr<Settings> &settings, const QSharedPointer<SitesModel> &sitesModel,
-                             const QSharedPointer<VpnConnection> &vpnConnection,
+                             QObject *parent = nullptr);
                             const QSharedPointer<SitesModel> &sitesModel, QObject *parent = nullptr);
 public slots:
    void addSite(QString hostname);
@@ -31,8 +30,6 @@ signals:
 private:
    std::shared_ptr<Settings> m_settings;
    QSharedPointer<VpnConnection> m_vpnConnection;
    QSharedPointer<SitesModel> m_sitesModel;
 };
@@ -1,5 +1,6 @@
 #include "apiAccountInfoModel.h"
 #include <QDateTime>
 #include <QJsonObject>
 #include "core/api/apiUtils.h"
@@ -32,7 +33,7 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
        }
        return apiUtils::isSubscriptionExpired(m_accountInfoData.subscriptionEndDate) ? tr("<p><a style=\"color: #EB5757;\">Inactive</a>")
-                                                                                      : tr("Active");
+                                                                                      : tr("<p><a style=\"color: #28c840;\">Active</a>");
    }
    case EndDateRole: {
        if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaFreeV3) {
@@ -52,7 +53,14 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
    }
    case IsComponentVisibleRole: {
        return m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2
-                || m_accountInfoData.configType == apiDefs::ConfigType::ExternalPremium;
+                || m_accountInfoData.configType == apiDefs::ConfigType::AmneziaTrialV2
                || m_accountInfoData.configType == apiDefs::ConfigType::ExternalPremium
                || m_accountInfoData.configType == apiDefs::ConfigType::ExternalTrial;
    }
    case IsSubscriptionRenewalAvailableRole: {
        return m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2
                || m_accountInfoData.configType == apiDefs::ConfigType::AmneziaTrialV2
                || m_accountInfoData.configType == apiDefs::ConfigType::ExternalTrial;
    }
    case HasExpiredWorkerRole: {
        for (int i = 0; i < m_issuedConfigsInfo.size(); i++) {
@@ -73,6 +81,33 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
        }
        return false;
    }
    case IsSubscriptionExpiredRole: {
        if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaFreeV3) {
            return false;
        }
        if (m_accountInfoData.isInAppPurchase) {
            return false;
        }
        if (m_accountInfoData.subscriptionEndDate.isEmpty()) {
            return false;
        }
        return apiUtils::isSubscriptionExpired(m_accountInfoData.subscriptionEndDate);
    }
    case IsSubscriptionExpiringSoonRole: {
        if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaFreeV3) {
            return false;
        }
        if (m_accountInfoData.isInAppPurchase) {
            return false;
        }
        if (m_accountInfoData.subscriptionEndDate.isEmpty()) {
            return false;
        }
        return apiUtils::isSubscriptionExpiringSoon(m_accountInfoData.subscriptionEndDate);
    }
    case IsInAppPurchaseRole: {
        return m_accountInfoData.isInAppPurchase;
    }
    }
    return QVariant();
@@ -93,6 +128,9 @@ void ApiAccountInfoModel::updateModel(const QJsonObject &accountInfoObject, cons
    accountInfoData.configType = apiUtils::getConfigType(serverConfig);
    const QJsonObject apiConfig = serverConfig.value(apiDefs::key::apiConfig).toObject();
    accountInfoData.isInAppPurchase = apiConfig.value(apiDefs::key::isInAppPurchase).toBool(false);
    accountInfoData.subscriptionDescription = accountInfoObject.value(apiDefs::key::subscriptionDescription).toString();
    for (const auto &protocol : accountInfoObject.value(apiDefs::key::supportedProtocols).toArray()) {
@@ -162,8 +200,12 @@ QHash<int, QByteArray> ApiAccountInfoModel::roleNames() const
    roles[ConnectedDevicesRole] = "connectedDevices";
    roles[ServiceDescriptionRole] = "serviceDescription";
    roles[IsComponentVisibleRole] = "isComponentVisible";
    roles[IsSubscriptionRenewalAvailableRole] = "isSubscriptionRenewalAvailable";
    roles[HasExpiredWorkerRole] = "hasExpiredWorker";
    roles[IsProtocolSelectionSupportedRole] = "isProtocolSelectionSupported";
    roles[IsSubscriptionExpiredRole] = "isSubscriptionExpired";
    roles[IsSubscriptionExpiringSoonRole] = "isSubscriptionExpiringSoon";
    roles[IsInAppPurchaseRole] = "isInAppPurchase";
    return roles;
 }
@@ -18,8 +18,12 @@ public:
        ServiceDescriptionRole,
        EndDateRole,
        IsComponentVisibleRole,
        IsSubscriptionRenewalAvailableRole,
        HasExpiredWorkerRole,
-        IsProtocolSelectionSupportedRole
+        IsProtocolSelectionSupportedRole,
        IsSubscriptionExpiredRole,
        IsSubscriptionExpiringSoonRole,
        IsInAppPurchaseRole
    };
    explicit ApiAccountInfoModel(QObject *parent = nullptr);
@@ -31,7 +35,6 @@ public:
 public slots:
    void updateModel(const QJsonObject &accountInfoObject, const QJsonObject &serverConfig);
    QVariant data(const QString &roleString);
    QJsonArray getAvailableCountries();
    QJsonArray getIssuedConfigsInfo();
@@ -56,6 +59,8 @@ private:
        QStringList supportedProtocols;
        QString subscriptionDescription;
        bool isInAppPurchase = false;
    };
    AccountInfoData m_accountInfoData;
@@ -0,0 +1,112 @@
 #include "apiBenefitsModel.h"
 #include <QHash>
 #include <utility>
 #include <QJsonObject>
 #include <QJsonValue>
 namespace
 {
 namespace configKey
 {
    constexpr char title[] = "title";
    constexpr char body[] = "body";
    constexpr char icon[] = "icon";
    constexpr char accent[] = "accent";
 }
 QString gatewayIconKeyToUrl(const QString &iconKey)
 {
    if (iconKey.startsWith(QLatin1String("qrc:"))) {
        return iconKey;
    }
    static const QHash<QString, QString> map = {
        { QStringLiteral("globe-2"), QStringLiteral("qrc:/images/controls/globe-2.svg") },
        { QStringLiteral("smartphone"), QStringLiteral("qrc:/images/controls/smartphone.svg") },
        { QStringLiteral("gauge"), QStringLiteral("qrc:/images/controls/gauge.svg") },
        { QStringLiteral("infinity"), QStringLiteral("qrc:/images/controls/infinity.svg") },
        { QStringLiteral("tag"), QStringLiteral("qrc:/images/controls/tag.svg") },
        { QStringLiteral("history"), QStringLiteral("qrc:/images/controls/history.svg") },
        { QStringLiteral("info"), QStringLiteral("qrc:/images/controls/info.svg") },
        { QStringLiteral("app"), QStringLiteral("qrc:/images/controls/app.svg") },
        { QStringLiteral("download"), QStringLiteral("qrc:/images/controls/download.svg") },
        { QStringLiteral("help-circle"), QStringLiteral("qrc:/images/controls/help-circle.svg") },
    };
    return map.value(iconKey, QStringLiteral("qrc:/images/controls/info.svg"));
 }
 }
 ApiBenefitsModel::ApiBenefitsModel(QObject *parent)
    : QAbstractListModel(parent)
 {
 }
 int ApiBenefitsModel::rowCount(const QModelIndex &parent) const
 {
    if (parent.isValid()) {
        return 0;
    }
    return m_serviceBenefits.size();
 }
 QVariant ApiBenefitsModel::data(const QModelIndex &index, int role) const
 {
    if (!index.isValid() || index.row() < 0 || index.row() >= m_serviceBenefits.size()) {
        return {};
    }
    const ServiceBenefitItem &item = m_serviceBenefits.at(index.row());
    switch (role) {
    case IconRole:
        return item.icon;
    case TitleRole:
        return item.title;
    case BodyRole:
        return item.body;
    case AccentRole:
        return item.accent;
    default:
        return {};
    }
 }
 QHash<int, QByteArray> ApiBenefitsModel::roleNames() const
 {
    return {
        { IconRole, "icon" },
        { TitleRole, "title" },
        { BodyRole, "body" },
        { AccentRole, "accent" },
    };
 }
 void ApiBenefitsModel::updateModel(const QJsonArray &benefits)
 {
    beginResetModel();
    m_serviceBenefits.clear();
    for (const QJsonValue &benefitValue : benefits) {
        if (!benefitValue.isObject()) {
            continue;
        }
        const QJsonObject benefitObject = benefitValue.toObject();
        QString title = benefitObject.value(configKey::title).toString();
        QString body = benefitObject.value(configKey::body).toString();
        const QString iconKey = benefitObject.value(configKey::icon).toString();
        if (title.isEmpty() && body.isEmpty()) {
            continue;
        }
        ServiceBenefitItem item;
        item.icon = gatewayIconKeyToUrl(iconKey);
        item.title = std::move(title);
        item.body = std::move(body);
        item.accent = benefitObject.value(configKey::accent).toBool();
        m_serviceBenefits.append(std::move(item));
    }
    endResetModel();
 }
 void ApiBenefitsModel::clear()
 {
    beginResetModel();
    m_serviceBenefits.clear();
    endResetModel();
 }
@@ -0,0 +1,43 @@
 #ifndef APIBENEFITSMODEL_H
 #define APIBENEFITSMODEL_H
 #include <QAbstractListModel>
 #include <QJsonArray>
 #include <QString>
 #include <QVector>
 class ApiBenefitsModel : public QAbstractListModel
 {
    Q_OBJECT
 public:
    enum Roles {
        IconRole = Qt::UserRole + 1,
        TitleRole,
        BodyRole,
        AccentRole
    };
    Q_ENUM(Roles)
    explicit ApiBenefitsModel(QObject *parent = nullptr);
    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
    QHash<int, QByteArray> roleNames() const override;
    void updateModel(const QJsonArray &benefits);
    void clear();
 private:
    struct ServiceBenefitItem
    {
        QString icon;
        QString title;
        QString body;
        bool accent = false;
    };
    QVector<ServiceBenefitItem> m_serviceBenefits;
 };
 #endif
@@ -1,7 +1,11 @@
 #include "apiServicesModel.h"
 #include <QDateTime>
 #include <QHash>
 #include <QJsonArray>
 #include <QJsonObject>
 #include "core/api/apiDefs.h"
 #include "logger.h"
 namespace
@@ -17,15 +21,9 @@ namespace
        constexpr char serviceProtocol[] = "service_protocol";
        constexpr char serviceDescription[] = "service_description";
        constexpr char name[] = "name";
        constexpr char price[] = "price";
        constexpr char speed[] = "speed";
        constexpr char timelimit[] = "timelimit";
        constexpr char region[] = "region";
        constexpr char description[] = "description";
        constexpr char cardDescription[] = "card_description";
-        constexpr char features[] = "features";
+        constexpr char serviceName[] = "service_name";
        constexpr char availableCountries[] = "available_countries";
@@ -33,8 +31,9 @@ namespace
        constexpr char isAvailable[] = "is_available";
-        constexpr char subscription[] = "subscription";
+        constexpr char subscriptionPlans[] = "subscription_plans";
-        constexpr char endDate[] = "end_date";
+        constexpr char minPriceLabel[] = "min_price_label";
        constexpr char benefits[] = "benefits";
    }
    namespace serviceType
@@ -44,7 +43,9 @@ namespace
    }
 }
-ApiServicesModel::ApiServicesModel(QObject *parent) : QAbstractListModel(parent)
+ApiServicesModel::ApiServicesModel(QObject *parent)
    : QAbstractListModel(parent)
    , m_selectedServiceIndex(0)
 {
 }
@@ -68,9 +69,8 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
        return apiServiceData.serviceInfo.name;
    }
    case CardDescriptionRole: {
        auto speed = apiServiceData.serviceInfo.speed;
        if (serviceType == serviceType::amneziaPremium) {
-            return apiServiceData.serviceInfo.cardDescription.arg(speed);
+            return apiServiceData.serviceInfo.cardDescription;
        } else if (serviceType == serviceType::amneziaFree) {
            QString description = apiServiceData.serviceInfo.cardDescription;
            if (!isServiceAvailable) {
@@ -91,38 +91,29 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
        }
        return true;
    }
    case SpeedRole: {
        return tr("%1 MBit/s").arg(apiServiceData.serviceInfo.speed);
    }
    case TimeLimitRole: {
        auto timeLimit = apiServiceData.serviceInfo.timeLimit;
        if (timeLimit == "0") {
            return "";
        }
        return tr("%1 days").arg(timeLimit);
    }
    case RegionRole: {
        return apiServiceData.serviceInfo.region;
    }
    case FeaturesRole: {
        return apiServiceData.serviceInfo.features;
    }
    case PriceRole: {
-        auto price = apiServiceData.serviceInfo.price;
+        return apiServiceData.minPriceLabel;
        if (price == "free") {
            return tr("Free");
        }
        return tr("%1 $/month").arg(price);
    }
    case EndDateRole: {
        return QDateTime::fromString(apiServiceData.subscription.endDate, Qt::ISODate).toLocalTime().toString("d MMM yyyy");
    }
    case TermsOfUseUrlRole: {
        return apiServiceData.serviceInfo.termsOfUseUrl;
    }
    case PrivacyPolicyUrlRole: {
        return apiServiceData.serviceInfo.privacyPolicyUrl;
    }
    case ShowRecommendedRole: {
        return serviceType == serviceType::amneziaPremium;
    }
    case OrderRole: {
        if (serviceType == serviceType::amneziaPremium) {
            return 0;
-        } else if (serviceType == serviceType::amneziaFree) {
+        }
        if (serviceType == serviceType::amneziaFree) {
            return 1;
        }
        return QVariant();
    }
    }
@@ -148,12 +139,27 @@ void ApiServicesModel::updateModel(const QJsonObject &data)
        }
    }
    if (!m_services.isEmpty() && m_selectedServiceIndex >= m_services.size()) {
        m_selectedServiceIndex = 0;
    }
    endResetModel();
    emit serviceSelectionChanged();
 }
 void ApiServicesModel::setServiceIndex(const int index)
 {
    m_selectedServiceIndex = index;
    emit serviceSelectionChanged();
 }
 ApiServicesModel::ApiServicesData ApiServicesModel::selectedServiceData() const
 {
    if (m_services.isEmpty() || m_selectedServiceIndex < 0 || m_selectedServiceIndex >= m_services.size()) {
        return {};
    }
    return m_services.at(m_selectedServiceIndex);
 }
 QJsonObject ApiServicesModel::getSelectedServiceInfo()
@@ -210,6 +216,16 @@ QVariant ApiServicesModel::getSelectedServiceData(const QString roleString)
    return {};
 }
 int ApiServicesModel::serviceIndexForType(const QString &type) const
 {
    for (int serviceIndex = 0; serviceIndex < m_services.size(); ++serviceIndex) {
        if (m_services.at(serviceIndex).type == type) {
            return serviceIndex;
        }
    }
    return -1;
 }
 QHash<int, QByteArray> ApiServicesModel::roleNames() const
 {
    QHash<int, QByteArray> roles;
@@ -217,12 +233,11 @@ QHash<int, QByteArray> ApiServicesModel::roleNames() const
    roles[CardDescriptionRole] = "cardDescription";
    roles[ServiceDescriptionRole] = "serviceDescription";
    roles[IsServiceAvailableRole] = "isServiceAvailable";
    roles[SpeedRole] = "speed";
    roles[TimeLimitRole] = "timeLimit";
    roles[RegionRole] = "region";
    roles[FeaturesRole] = "features";
    roles[PriceRole] = "price";
    roles[EndDateRole] = "endDate";
    roles[TermsOfUseUrlRole] = "termsOfUseUrl";
    roles[PrivacyPolicyUrlRole] = "privacyPolicyUrl";
    roles[ShowRecommendedRole] = "showRecommended";
    roles[OrderRole] = "order";
    return roles;
@@ -236,18 +251,22 @@ ApiServicesModel::ApiServicesData ApiServicesModel::getApiServicesData(const QJs
    auto availableCountries = data.value(configKey::availableCountries).toArray();
    auto serviceDescription = data.value(configKey::serviceDescription).toObject();
-    auto subscriptionObject = data.value(configKey::subscription).toObject();
+    auto subscriptionObject = data.value(apiDefs::key::subscription).toObject();
    ApiServicesData serviceData;
-    serviceData.serviceInfo.name = serviceInfo.value(configKey::name).toString();
+    serviceData.serviceInfo.name = serviceDescription.value(configKey::serviceName).toString();
    serviceData.serviceInfo.price = serviceInfo.value(configKey::price).toString();
    serviceData.serviceInfo.region = serviceInfo.value(configKey::region).toString();
    serviceData.serviceInfo.speed = serviceInfo.value(configKey::speed).toString();
    serviceData.serviceInfo.timeLimit = serviceInfo.value(configKey::timelimit).toString();
    serviceData.serviceInfo.cardDescription = serviceDescription.value(configKey::cardDescription).toString();
    serviceData.serviceInfo.description = serviceDescription.value(configKey::description).toString();
-    serviceData.serviceInfo.features = serviceDescription.value(configKey::features).toString();
+    serviceData.serviceInfo.termsOfUseUrl = serviceDescription.value(apiDefs::key::termsOfUseUrl).toString();
    serviceData.serviceInfo.privacyPolicyUrl = serviceDescription.value(apiDefs::key::privacyPolicyUrl).toString();
    serviceData.subscriptionPlansJson = serviceDescription.value(configKey::subscriptionPlans).toArray();
    serviceData.benefits = serviceDescription.value(configKey::benefits).toArray();
    serviceData.minPriceLabel = serviceDescription.value(configKey::minPriceLabel).toString().trimmed();
    serviceData.supportInfo = data.value(apiDefs::key::supportInfo).toObject();
    serviceData.type = serviceType;
    serviceData.protocol = serviceProtocol;
@@ -263,7 +282,7 @@ ApiServicesModel::ApiServicesData ApiServicesModel::getApiServicesData(const QJs
    serviceData.serviceInfo.object = serviceInfo;
    serviceData.availableCountries = availableCountries;
-    serviceData.subscription.endDate = subscriptionObject.value(configKey::endDate).toString();
+    serviceData.subscription.endDate = subscriptionObject.value(apiDefs::key::endDate).toString();
    return serviceData;
 }
@@ -4,65 +4,23 @@
 #include <QAbstractListModel>
 #include <QJsonArray>
 #include <QJsonObject>
 #include <QVector>
 class ApiServicesModel : public QAbstractListModel
 {
    Q_OBJECT
 public:
    enum Roles {
        NameRole = Qt::UserRole + 1,
        CardDescriptionRole,
        ServiceDescriptionRole,
        IsServiceAvailableRole,
        SpeedRole,
        TimeLimitRole,
        RegionRole,
        FeaturesRole,
        PriceRole,
        EndDateRole,
        OrderRole
    };
    explicit ApiServicesModel(QObject *parent = nullptr);
    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
 public slots:
    void updateModel(const QJsonObject &data);
    void setServiceIndex(const int index);
    QJsonObject getSelectedServiceInfo();
    QString getSelectedServiceType();
    QString getSelectedServiceProtocol();
    QString getSelectedServiceName();
    QJsonArray getSelectedServiceCountries();
    QString getCountryCode();
    QString getStoreEndpoint();
    QVariant getSelectedServiceData(const QString roleString);
 protected:
    QHash<int, QByteArray> roleNames() const override;
 private:
    struct ServiceInfo
    {
        QString name;
        QString speed;
        QString timeLimit;
        QString region;
        QString price;
        QString description;
        QString features;
        QString cardDescription;
        QString termsOfUseUrl;
        QString privacyPolicyUrl;
        QJsonObject object;
    };
@@ -80,11 +38,64 @@ private:
        QString storeEndpoint;
        ServiceInfo serviceInfo;
        QJsonObject supportInfo;
        Subscription subscription;
        QJsonArray availableCountries;
        QJsonArray subscriptionPlansJson;
        QJsonArray benefits;
        QString minPriceLabel;
    };
    enum Roles {
        NameRole = Qt::UserRole + 1,
        CardDescriptionRole,
        ServiceDescriptionRole,
        IsServiceAvailableRole,
        PriceRole,
        EndDateRole,
        TermsOfUseUrlRole,
        PrivacyPolicyUrlRole,
        ShowRecommendedRole,
        OrderRole
    };
    explicit ApiServicesModel(QObject *parent = nullptr);
    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
    ApiServicesData selectedServiceData() const;
 public slots:
    void updateModel(const QJsonObject &data);
    void setServiceIndex(const int index);
    QJsonObject getSelectedServiceInfo();
    QString getSelectedServiceType();
    QString getSelectedServiceProtocol();
    QString getSelectedServiceName();
    QJsonArray getSelectedServiceCountries();
    QString getCountryCode();
    QString getStoreEndpoint();
    QVariant getSelectedServiceData(const QString roleString);
    Q_INVOKABLE int serviceIndexForType(const QString &type) const;
 signals:
    void serviceSelectionChanged();
 protected:
    QHash<int, QByteArray> roleNames() const override;
 private:
    ApiServicesData getApiServicesData(const QJsonObject &data);
    QString m_countryCode;
@@ -93,4 +104,4 @@ private:
    int m_selectedServiceIndex;
 };
-#endif // APISERVICESMODEL_H
+#endif
@@ -0,0 +1,131 @@
 #include "apiSubscriptionPlansModel.h"
 #include <QJsonObject>
 #include <QJsonValue>
 #include <QModelIndex>
 #include <utility>
 namespace
 {
 namespace configKey
 {
    constexpr char billingPeriod[] = "billing_period";
    constexpr char priceLabel[] = "price_label";
    constexpr char subtitle[] = "subtitle";
    constexpr char recommended[] = "recommended";
    constexpr char checkoutUrl[] = "checkout_url";
    constexpr char isTrial[] = "is_trial";
    constexpr char serviceProtocol[] = "service_protocol";
    constexpr char storeProductId[] = "store_product_id";
 }
 }
 ApiSubscriptionPlansModel::ApiSubscriptionPlansModel(QObject *parent)
    : QAbstractListModel(parent)
 {
 }
 int ApiSubscriptionPlansModel::rowCount(const QModelIndex &parent) const
 {
    if (parent.isValid()) {
        return 0;
    }
    return m_subscriptionPlans.size();
 }
 QVariant ApiSubscriptionPlansModel::data(const QModelIndex &index, int role) const
 {
    if (!index.isValid() || index.row() < 0 || index.row() >= m_subscriptionPlans.size()) {
        return {};
    }
    const SubscriptionPlanItem &plan = m_subscriptionPlans.at(index.row());
    switch (role) {
    case BillingPeriodRole:
        return plan.billingPeriod;
    case PriceLabelRole:
        return plan.priceLabel;
    case SubtitleRole:
        return plan.subtitle;
    case RecommendedRole:
        return plan.recommended;
    case CheckoutUrlRole:
        return plan.checkoutUrl;
    case IsTrialRole:
        return plan.isTrial;
    case ServiceProtocolRole:
        return plan.serviceProtocol;
    case StoreProductIdRole:
        return plan.storeProductId;
    default:
        return {};
    }
 }
 QHash<int, QByteArray> ApiSubscriptionPlansModel::roleNames() const
 {
    return {
        { BillingPeriodRole, "billingPeriod" },
        { PriceLabelRole, "priceLabel" },
        { SubtitleRole, "subtitle" },
        { RecommendedRole, "recommended" },
        { CheckoutUrlRole, "checkoutUrl" },
        { IsTrialRole, "isTrial" },
        { ServiceProtocolRole, "serviceProtocol" },
        { StoreProductIdRole, "storeProductId" },
    };
 }
 void ApiSubscriptionPlansModel::updateModel(const QJsonArray &arr)
 {
    beginResetModel();
    m_subscriptionPlans.clear();
    m_subscriptionPlans.reserve(arr.size());
    for (const QJsonValue &planValue : arr) {
        if (!planValue.isObject()) {
            continue;
        }
        const QJsonObject planObject = planValue.toObject();
        SubscriptionPlanItem subscriptionPlan;
        subscriptionPlan.billingPeriod = planObject.value(configKey::billingPeriod).toString();
        subscriptionPlan.priceLabel = planObject.value(configKey::priceLabel).toString();
        subscriptionPlan.subtitle = planObject.value(configKey::subtitle).toString();
        subscriptionPlan.recommended = planObject.value(configKey::recommended).toBool();
        subscriptionPlan.checkoutUrl = planObject.value(configKey::checkoutUrl).toString();
        subscriptionPlan.isTrial = planObject.value(configKey::isTrial).toBool();
        subscriptionPlan.serviceProtocol = planObject.value(configKey::serviceProtocol).toString();
        subscriptionPlan.storeProductId = planObject.value(configKey::storeProductId).toString();
        m_subscriptionPlans.append(std::move(subscriptionPlan));
    }
    endResetModel();
 }
 void ApiSubscriptionPlansModel::clear()
 {
    beginResetModel();
    m_subscriptionPlans.clear();
    endResetModel();
 }
 QVariantMap ApiSubscriptionPlansModel::planAt(int row) const
 {
    if (row < 0 || row >= m_subscriptionPlans.size()) {
        return {};
    }
    const QModelIndex modelIndex = index(row, 0);
    QVariantMap planMap;
    const QHash<int, QByteArray> roles = roleNames();
    for (auto roleIt = roles.cbegin(); roleIt != roles.cend(); ++roleIt) {
        planMap.insert(QString::fromUtf8(roleIt.value()), data(modelIndex, roleIt.key()));
    }
    return planMap;
 }
 int ApiSubscriptionPlansModel::recommendedRowIndex() const
 {
    for (int planIndex = 0; planIndex < m_subscriptionPlans.size(); ++planIndex) {
        if (m_subscriptionPlans.at(planIndex).recommended) {
            return planIndex;
        }
    }
    return 0;
 }
@@ -0,0 +1,53 @@
 #ifndef APISUBSCRIPTIONPLANSMODEL_H
 #define APISUBSCRIPTIONPLANSMODEL_H
 #include <QAbstractListModel>
 #include <QJsonArray>
 #include <QVector>
 class ApiSubscriptionPlansModel : public QAbstractListModel
 {
    Q_OBJECT
 public:
    enum Roles {
        BillingPeriodRole = Qt::UserRole + 1,
        PriceLabelRole,
        SubtitleRole,
        RecommendedRole,
        CheckoutUrlRole,
        IsTrialRole,
        ServiceProtocolRole,
        StoreProductIdRole
    };
    Q_ENUM(Roles)
    explicit ApiSubscriptionPlansModel(QObject *parent = nullptr);
    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
    QHash<int, QByteArray> roleNames() const override;
    void updateModel(const QJsonArray &arr);
    void clear();
    Q_INVOKABLE QVariantMap planAt(int row) const;
    Q_INVOKABLE int recommendedRowIndex() const;
 private:
    struct SubscriptionPlanItem
    {
        QString billingPeriod;
        QString priceLabel;
        QString subtitle;
        bool recommended = false;
        QString checkoutUrl;
        bool isTrial = false;
        QString serviceProtocol;
        QString storeProductId;
    };
    QVector<SubscriptionPlanItem> m_subscriptionPlans;
 };
 #endif
@@ -141,10 +141,12 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
            serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
    m_serverProtocolConfig[config_key::responsePacketJunkSize] =
            serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
    if (protocolVersion == protocols::awg::awgV2) {
        m_serverProtocolConfig[config_key::cookieReplyPacketJunkSize] =
                serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
        m_serverProtocolConfig[config_key::transportPacketJunkSize] =
                serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
    }
    m_serverProtocolConfig[config_key::initPacketMagicHeader] =
            serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
    m_serverProtocolConfig[config_key::responsePacketMagicHeader] =
@@ -179,6 +179,37 @@ QVariant ServersModel::data(const QModelIndex &index, int role) const
    case AdEndpointRole: {
        return apiConfig.value(apiDefs::key::serviceInfo).toObject().value(apiDefs::key::adEndpoint).toString();
    }
    case IsSubscriptionExpiredRole: {
        if (configVersion != apiDefs::ConfigSource::AmneziaGateway) {
            return false;
        }
        if (apiConfig.value(apiDefs::key::isInAppPurchase).toBool(false)) {
            return false;
        }
        if (apiConfig.value(apiDefs::key::subscriptionExpiredByServer).toBool(false)) {
            return true;
        }
        const QString endDate =
                apiConfig.value(apiDefs::key::subscription).toObject().value(apiDefs::key::endDate).toString();
        if (endDate.isEmpty()) {
            return false;
        }
        return apiUtils::isSubscriptionExpired(endDate);
    }
    case IsSubscriptionExpiringSoonRole: {
        if (configVersion != apiDefs::ConfigSource::AmneziaGateway) {
            return false;
        }
        if (apiConfig.value(apiDefs::key::isInAppPurchase).toBool(false)) {
            return false;
        }
        const QString endDate =
                apiConfig.value(apiDefs::key::subscription).toObject().value(apiDefs::key::endDate).toString();
        if (endDate.isEmpty()) {
            return false;
        }
        return apiUtils::isSubscriptionExpiringSoon(endDate);
    }
    }
    return QVariant();
@@ -443,6 +474,9 @@ QHash<int, QByteArray> ServersModel::roleNames() const
    roles[AdDescriptionRole] = "adDescription";
    roles[AdEndpointRole] = "adEndpoint";
    roles[IsSubscriptionExpiredRole] = "isSubscriptionExpired";
    roles[IsSubscriptionExpiringSoonRole] = "isSubscriptionExpiringSoon";
    return roles;
 }
@@ -727,21 +761,21 @@ bool ServersModel::isServerFromApiAlreadyExists(const QString &userCountryCode,
    return false;
 }
-bool ServersModel::hasServerWithVpnKey(const QString &vpnKey) const
+int ServersModel::indexOfServerWithVpnKey(const QString &vpnKey) const
 {
    const QString normalizedInput = normalizeVpnKey(vpnKey);
    if (normalizedInput.isEmpty()) {
-        return false;
+        return -1;
    }
-    for (const auto &server : std::as_const(m_servers)) {
+    for (int i = 0; i < m_servers.size(); ++i) {
-        const auto apiConfig = server.toObject().value(configKey::apiConfig).toObject();
+        const auto apiConfig = m_servers.at(i).toObject().value(configKey::apiConfig).toObject();
        const QString existingKey = normalizeVpnKey(apiConfig.value(apiDefs::key::vpnKey).toString());
        if (!existingKey.isEmpty() && existingKey == normalizedInput) {
-            return true;
+            return i;
        }
    }
-    return false;
+    return -1;
 }
 bool ServersModel::serverHasInstalledContainers(const int serverIndex) const
@@ -52,6 +52,9 @@ public:
        AdDescriptionRole,
        AdEndpointRole,
        IsSubscriptionExpiredRole,
        IsSubscriptionExpiringSoonRole,
        HasAmneziaDns
    };
@@ -140,7 +143,7 @@ public slots:
    bool isServerFromApiAlreadyExists(const quint16 crc);
    bool isServerFromApiAlreadyExists(const QString &userCountryCode, const QString &serviceType, const QString &serviceProtocol);
-    bool hasServerWithVpnKey(const QString &vpnKey) const;
+    int indexOfServerWithVpnKey(const QString &vpnKey) const;
    QVariant getDefaultServerData(const QString roleString);
@@ -5,16 +5,19 @@
 #include <QDebug>
 #include "notificationhandler.h"
-#if defined(Q_OS_IOS)
+#if defined(Q_OS_ANDROID)
 #  include "platforms/android/android_notificationhandler.h"
 #elif defined(Q_OS_IOS)
 #  include "platforms/ios/iosnotificationhandler.h"
 #else
 #  include "systemtray_notificationhandler.h"
 #endif
 // static
 NotificationHandler* NotificationHandler::create(QObject* parent) {
-#if defined(Q_OS_IOS)
+#if defined(Q_OS_ANDROID)
    return new AndroidNotificationHandler(parent);
 #elif defined(Q_OS_IOS)
    return new IOSNotificationHandler(parent);
 #else
    return new SystemTrayNotificationHandler(parent);
@@ -0,0 +1,65 @@
 import QtQuick
 import QtQuick.Layouts
 import Style 1.0
 import "../Controls2/TextTypes"
 RowLayout {
    id: root
    property string iconSource: ""
    property string titleText: ""
    property string bodyText: ""
    property bool accent: false
    spacing: 12
    Image {
        Layout.alignment: Qt.AlignTop
        Layout.preferredWidth: 22
        Layout.preferredHeight: 22
        source: root.iconSource
        fillMode: Image.PreserveAspectFit
    }
    ColumnLayout {
        Layout.fillWidth: true
        spacing: 4
        LabelTextType {
            Layout.fillWidth: true
            text: root.titleText
            color: AmneziaStyle.color.paleGray
            font.pixelSize: 16
            font.weight: Font.DemiBold
            wrapMode: Text.Wrap
        }
        Item {
            Layout.fillWidth: true
            implicitHeight: bodyLabel.implicitHeight
            LabelTextType {
                id: bodyLabel
                width: parent.width
                text: root.bodyText
                color: root.accent ? AmneziaStyle.color.goldenApricot : AmneziaStyle.color.mutedGray
                font.pixelSize: 14
                wrapMode: Text.Wrap
            }
            MouseArea {
                anchors.fill: bodyLabel
                visible: root.accent && root.bodyText.length > 0
                cursorShape: Qt.PointingHandCursor
                onClicked: {
                    var t = root.bodyText.trim()
                    if (t.startsWith("@")) {
                        Qt.openUrlExternally("https://t.me/" + t.substring(1))
                    }
                }
            }
        }
    }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Pavel Yaumenau	541437e83b	Feat: Fixed push notifications on VPN connect/disconnect	2026-04-06 17:45:24 +03:00
vkamn	ccf8b63633	chore: hide extend buttons on external premium	2026-04-06 20:04:39 +08:00
vkamn	af3a0e1701	chore: simplify benefits	2026-04-03 20:04:52 +08:00
vkamn	d3eaead779	chore: minor codestyle fixes	2026-04-02 17:32:42 +08:00
vkamn	6249eea905	feat: additional parsing for storekit subscription plans	2026-04-01 14:25:47 +08:00
vkamn	fa0ba4afd4	chore: minor fixes	2026-04-01 13:06:33 +08:00
vkamn	15fb5b20f0	chore: minor fix	2026-03-31 16:31:37 +08:00
vkamn	4b625fe70f	chore: minor fixes	2026-03-31 16:17:55 +08:00
vkamn	a4b97e8764	feat: add iap support for new premium info page	2026-03-31 16:12:34 +08:00
vkamn	285b9344c4	feat: move privacy policy and term of use to gateway	2026-03-30 19:21:27 +08:00
vkamn	2db1416d9f	chore: add api message parsing for 422 error	2026-03-30 12:33:16 +08:00
vkamn	bae2dd452b	feat: add trial api support	2026-03-26 20:03:18 +08:00
vkamn	041219187b	fix: fixed expired status when configs without an end date	2026-03-26 17:23:19 +08:00
vkamn	a231bf9ab7	refactor: move plan and benefits into separate models	2026-03-26 17:16:41 +08:00
vkamn	c29984ce60	chore: minor fixes	2026-03-26 14:53:45 +08:00
vkamn	cb5cde1a37	feat: add new free info page	2026-03-26 14:17:54 +08:00
vkamn	7da5f1c368	feat: add new premium info page	2026-03-25 23:57:52 +08:00
vkamn	ea645df7ec	fix: hide renew button for appstore purchases	2026-03-25 22:21:58 +08:00
vkamn	8799d841a3	fix: hide renew button for free	2026-03-25 22:21:13 +08:00
vkamn	5a51814b2a	refactor: use end_date from primary config for renew ui	2026-03-25 21:53:25 +08:00
vkamn	4531a0b4b7	Merge branch 'dev' of github-amnezia:amnezia-vpn/amnezia-client into HEAD	2026-03-25 19:51:26 +08:00
NickVs2015	bf3d11e5c4	feat: renewal new status logic (#2409 ) * fix: renewal add status logic * fix: wakeup activity resumed android	2026-03-25 19:48:32 +08:00
vkamn	b9f4ff56d8	chore: add isInAppPurchase and isTestPurchase in primary config	2026-03-25 13:57:47 +08:00
vkamn	edc42fb7e4	Merge branch 'dev' of github-amnezia:amnezia-vpn/amnezia-client into HEAD	2026-03-25 12:56:23 +08:00
NickVs2015	9a0222aee3	fix: ui fixes for renewal subscription (#2406 )	2026-03-25 12:34:42 +08:00
spectrum	4e4f8a5ec5	feat: enhance StoreKit2Helper to handle entitlements and improve restore service from App Store functionality	2026-03-24 17:52:46 +02:00
NickVs2015	f0f0f7c5be	feat: add subscription renewal (#2389 ) * feat: add renewal subsribe * fix: after review	2026-03-24 22:45:02 +08:00
NickVs2015	36b1a863bf	fix: black screen resume / pause (#2400 )	2026-03-24 22:13:31 +08:00
yyy-amnezia	4103c5bbcf	refactor: extract and simplify OpenVPN reachability and network change handling logic (#2402 )	2026-03-24 22:12:59 +08:00
vkamn	fa69da6d56	chore: send app version in services request (#2403 )	2026-03-24 20:25:04 +08:00
yyy-amnezia	aaf2c9ddeb	feat: add Xray split tunnel support for iOS PacketTunnelProvider (#2332 )	2026-03-24 16:07:36 +08:00
Mitternacht822	dbbc7119ec	feat: add warning info for ssh keys (#2252 ) * fix: fixed da typo * feat: added warning about available ssh keys info	2026-03-24 16:06:40 +08:00
vkamn	6de556e730	fix: fixed error 101 on connection event	2026-03-24 15:56:37 +08:00
vkamn	1134dc194b	feat: iap for apple now use storekit2	2026-03-24 15:56:01 +08:00
vkamn	c57162c4cc	feat: add base amnezia trial support (#2366 ) * feat: add base amnezia trial support * feat: add external-trial	2026-03-24 10:29:51 +08:00
NickVs2015	40e39895c9	fix openfile deadlock (#2373 )	2026-03-21 11:46:46 +08:00
vkamn	ec3ab2a03c	chore: update licnese file (#2376 )	2026-03-20 21:04:13 +08:00
yyy-amnezia	ddecfcad26	fix: apple platform network switch fix (#2359 ) * Apple platform network switch fix * macos_ne exclusion fixed	2026-03-20 20:51:36 +08:00
NickVs2015	67bd880cdf	fix: swap buffers error (#2347 )	2026-03-16 13:03:20 +08:00
vkamn	477afb9d85	chore: bump version (#2336 )	2026-03-10 22:22:37 +08:00
NickVs2015	f969fcdbb8	fix: restore dpad functionality ATV (#2335 )	2026-03-10 22:19:55 +08:00
vkamn	b0ca16d861	chore: bump version (#2331 )	2026-03-09 18:29:56 +08:00
NickVs2015	9963359948	fix: disable gamepad for GP (#2321 )	2026-03-09 17:39:50 +08:00
vkamn	ca639d293d	chore: bump version (#2319 )	2026-03-06 23:11:03 +08:00
NickVs2015	83d045af64	fix: GP requrements (#2312 )	2026-03-06 17:05:16 +08:00
NickVs2015	aea8ff4961	fix: add handle handleContextCreationFailure (#2309 )	2026-03-03 22:04:45 +08:00
vkamn	1892db4375	fix: remove nested qeventloop from isConfigValid (also rename to validateConfig) (#2305 ) * fix: remove nested qeventloop from isConfigValid (also rename to validateConfig) * chore: bump version	2026-03-03 20:58:32 +08:00
NickVs2015	c86a641e05	fix: add suppord android 9 gamepad and remote control (#2302 )	2026-03-03 15:14:51 +08:00
vkamn	befb2bf19a	chore: bump version (#2295 )	2026-02-27 23:33:37 +08:00
vkamn	7ad6bc340c	chore: add translations for ru (#2285 ) * chore: add translations for ru * chore: text fixes	2026-02-27 20:00:31 +08:00
vkamn	9164e38c34	fix: restore backup android (#2291 ) * fix: fixed restore backup on android * chore: add resume helper for android * chore: add ResumeHelper.runWhenActive call after all native android dialogs * fix: add permission for tv file picker * fix: add file picker handler in kotlin --------- Co-authored-by: NickVs2015 <nv@amnezia.org>	2026-02-27 18:43:36 +08:00
vkamn	8f7559f01b	chore: revert PR #2222 (#2290 )	2026-02-27 14:29:25 +08:00
vkamn	af56200735	fix: fixed adding s3 s4 when updating the server conf for awg lagacy (#2289 )	2026-02-27 14:11:40 +08:00
vkamn	3874050fae	fix: again fixed s3, s4 ranges (#2288 )	2026-02-27 13:37:49 +08:00
vkamn	3087163e34	fix: fixed s3, s4 ranges (#2283 )	2026-02-26 22:31:41 +08:00
Mitternacht822	1fa152845c	fix: generate native awg config as qr series (#2221 )	2026-02-26 22:31:18 +08:00
vkamn	50e23ef233	fix: awg config update (#2281 ) * fix: fixed client config update for awg container * chore: bump version	2026-02-26 22:12:58 +08:00
Yaroslav Gurov	ea648466de	chore: remove redundant VpnConnection usage from SitesController (#2278 )	2026-02-26 17:55:08 +08:00
Yaroslav Gurov	b782775016	fix: change event looping to mutexes for settings and secureqsettings (#2270 )	2026-02-26 11:41:08 +08:00
NickVs2015	89a7fe1081	fix: fixed remote control for ATV (#2277 )	2026-02-26 11:40:16 +08:00
Yaroslav Gurov	e8bb096025	fix: ios wrong awg blob (#2272 )	2026-02-24 17:56:17 +07:00
Mitternacht822	fd5c7c8322	fix: copy LICENSE to build as LICENSE.txt for WiX CPack (#2265 ) * fix(installer): copy LICENSE to build as LICENSE.txt for WiX CPack * fix: fixed a typo * fix: fixed a typo	2026-02-24 14:07:48 +08:00
Yaroslav Gurov	e798d0f503	feat: update amneziawg-android dependencies (#2269 )	2026-02-24 00:54:55 +08:00
Yaroslav Gurov	bbb0abb596	feat: update xray (#2267 )	2026-02-24 00:27:29 +08:00
vkamn	0925aec86a	chore: bump version (#2264 )	2026-02-23 18:01:59 +08:00
Yaroslav Gurov	b084c4c284	fix: ios connection status stuck (#2263 )	2026-02-23 18:00:13 +08:00
vkamn	87288ebccd	chore: bump version (#2262 )	2026-02-23 17:16:24 +08:00
vkamn	fcd7eadf4c	chore: bump version (#2261 )	2026-02-23 15:38:27 +08:00
Mitternacht822	0373338fb7	fix: randomized baseUrls traversal order in GatewayController::getProxyUrls (#2247 )	2026-02-23 15:33:35 +08:00
Yaroslav Gurov	42f070fe9d	fix: handle Android disconnected status properly (#2255 )	2026-02-23 15:31:15 +08:00
Mitternacht822	02be6dc5f9	chore: add license to msi installer (#2227 )	2026-02-20 12:13:08 +08:00
vkamn	bfcf7f0305	chore: bump version (#2244 )	2026-02-19 20:27:42 +08:00
Mitternacht822	2bce595ade	fix: remove revoke from remove subscription flow (#2226 ) * fix(revoke): now revoke calls only for unlink device action * fix: removed revoke call when removing a subscription from the app	2026-02-19 20:23:13 +08:00
Yaroslav Gurov	cd1e561fd4	fix: add network watcher back (#2240 ) * feat: add reconnect in case of changing network * fix: reconnect to VPN on wakeup * fix: linux wakeup build	2026-02-19 20:21:49 +08:00
Mitternacht822	9bd1e6a0f5	fix: added stop and delete AmneziaVPNSplitTunnel on uninstall (#2222 )	2026-02-18 11:21:59 +08:00
Yaroslav Gurov	5058c9aa6f	fix: do not enable killswitch by default when service starts (#2232 )	2026-02-18 10:59:16 +08:00
vkamn	d78416835c	chore: change default i1 value (#2216 )	2026-02-13 17:10:10 +08:00
vkamn	40e6c6aae3	feat: native wg with obfuscation (#2209 ) * chore: change default i1 value * feat: add i1 to native wg with obfuscation	2026-02-12 11:34:52 +08:00
Yaroslav Gurov	911a999c64	fix: xray stability and split-tunneling (#2187 ) * fix: xray heap corruption * fix: use proper configuration for split-tunneled apps * chore: enable killswitch * chore: xray windows split-tunneling cleanup * chore: proper xray killswitch log * feat: add wait for the tun device * chore: update amnezia_xray deps for macos * fix: add nullptr check for split-tunnel on win * fix: modernize vpnAdapter grabbing function * fix: remove network watcher due to its fragileness * chore: xrayprotocol cleanup * fix: correct wrong iface index on win * chore: move tun2socks implementation to the client from the service * chore: xrayprotocol cleanup * chore: more xrayprotocol cleanup * fix: consistent tun device with GUID specified * chore: tun2socks logs * chore: PrivilegedProcess cleanup * better error handling in establishment phase * terminate&kill ops for remote process * fix: straighforward killing the process on windows * fix: finally remove GUID setting from tun2socks due to instability * fix: add sanitizer to ipc process * chore: do not collect sensitive info from tun2socks	2026-02-11 23:47:28 +08:00
MrMirDan	b4f4184aa6	fix: returned mentioned lines (#2205 )	2026-02-11 23:44:11 +08:00
NickVs2015	5c6db4b7a4	fix OpenGl error (#2185 )	2026-02-10 11:15:31 +08:00
vkamn	f6277cdbb2	fix: native wg obfuscation (#2199 ) * chore: bump version * fix: fixed native wg obfuscation	2026-02-09 10:54:30 +08:00
NickVs2015	99312e61d3	fix: allow start Gamepad only Android (#2198 )	2026-02-09 10:40:48 +08:00
NickVs2015	9f0ae75a2f	feat: add gamepad buttons support android (#2066 ) * feat: add support gamepad buttons * feat: add support gamepad with github repo * feat: add gitmodules dependency * feat: add submodule qtgamepad * chore: update qtgamepad submodule to commit 4e57142e563b931766056b4c7507c16892260222 * fix: update qtgamepad with standard CMake and private headers support Update qtgamepad to commit f72b3e0 which: - Replaces qt_add_library with standard add_library to avoid Qt 6.10 macro conflicts - Copies private headers to build include tree for Android backend - Creates Qt:: and Qt6:: namespace aliases for proper linking	2026-02-05 22:57:15 +08:00
vkamn	7960d8015d	feat: add EULA and policy on IAP page (#2189 )	2026-02-05 20:23:06 +08:00
vkamn	5dcc64e5e5	fix: deploy qopensslbackend on windows (#2190 )	2026-02-05 20:22:47 +08:00
MrMirDan	964436ad43	fix: placeholder color, hide button image transparency, removed some lines (#2123 ) * fix: placeholder color, hide button image transparency, removed unneccessary lines * update: removed opacity on tunneling page * update: remove opacity on app tunneling page	2026-02-05 12:56:41 +08:00
ik	4fc3900fd5	Merge pull request #2184 from amnezia-vpn/chore/add-release-date-upload chore: add sending of release_date to s3	2026-02-04 12:20:23 +03:00
irvinklause	8f5e42dd61	chore: add sending of release_date to s3	2026-02-04 07:38:44 +00:00
Yaroslav Gurov	24895752c1	fix: added enablePeerTraffic call to xray (#2179 ) * fix: add enablePeerTraffic call to xray * chore: remove unnecessary steps during xray TUN setup phase * chore: move tun init from tun2socks code to ipcserver * chore: rework xray routing * get rid of redundant delays * check if remote calls are successful * chore: xray routing fine-tuning * fix: add service qt deps to deployment build	2026-02-04 12:35:53 +08:00
vkamn	87eccfb4ca	fix: fix scrolling on drawers (#2183 )	2026-02-04 12:35:17 +08:00
ik	a983d0504e	fix: add checks for script components to find out where it can fall (#2169 )	2026-01-30 14:43:30 +08:00
vkamn	d0b8535395	fix: update tag deploy (#2168 )	2026-01-30 13:15:50 +08:00
dpamnezia	f84480cf56	chore: fix artifacts upload (#1961 )	2026-01-30 12:43:21 +08:00
MrMirDan	de7a026ec1	fix: change drawer parents interactivity (#2004 ) * fix: change drawer parents interactivity * update: better vars names	2026-01-30 12:42:53 +08:00
MrMirDan	a128c7d247	fix: keyboard navigation (#2023 ) * fix: self-hosted easy install card * fix: label double click when enter/return pressed	2026-01-30 12:42:29 +08:00
MrMirDan	f316f0e25a	feat: news notifications switch (#2126 ) * feat: news notifications switch * update: text changes * fix: notifications enabled by default	2026-01-30 12:19:50 +08:00
NickVs2015	ea5242e29b	fix: fixed cipher selection (#2110 )	2026-01-30 12:18:54 +08:00
NickVs2015	b31a62c55f	feat: add support open files by atv (#2082 )	2026-01-30 12:11:26 +08:00
yyy-amnezia	02e3107a23	feat: implement service kickstart and improve macos post install script (#2131 )	2026-01-30 12:05:20 +08:00
lunardunno	1862850108	feat: checking linux kernel version when installing amneziawg-go (#2098 ) * Checking Linux kernel version when installing amneziawg-go print the Linux kernel version to stdOut for subsequent checking by the server controller. * Add error for old linux kernel Add error 214 ServerLinuxKernelTooOld * Add case for old linux kernel Add case for error 214 ServerLinuxKernelTooOld * Added kernel check for Awg2 Added Linux kernel version check and introduced corresponding ServerLinuxKernelTooOld error for Awg2.	2026-01-30 12:04:27 +08:00