feat: add privileged mode detection and execution support

Author: Ayideyia

bridge/bridge.go

@@ -23,14 +23,15 @@ import (
 var Config = &AppConfig{}
 
 var Env = &EnvResult{
-	IsStartup:   true,
-	FromTaskSch: false,
-	WebviewPath: "",
-	AppName:     "",
-	AppVersion:  "v1.18.0",
-	BasePath:    "",
-	OS:          sysruntime.GOOS,
-	ARCH:        sysruntime.GOARCH,
+	IsStartup:    true,
+	FromTaskSch:  false,
+	WebviewPath:  "",
+	AppName:      "",
+	AppVersion:   "v1.18.0",
+	BasePath:     "",
+	OS:           sysruntime.GOOS,
+	ARCH:         sysruntime.GOARCH,
+	IsPrivileged: false,
 }
 
 // NewApp creates a new App application struct
@@ -53,6 +54,10 @@ func CreateApp(fs embed.FS) *App {
 		Env.FromTaskSch = true
 	}
 
+	if priv, err := IsPrivileged(); err == nil {
+		Env.IsPrivileged = priv
+	}
+
 	app := NewApp()
 
 	if Env.OS == "darwin" {
@@ -96,11 +101,12 @@ func (a *App) RestartApp() FlagResult {
 
 func (a *App) GetEnv() EnvResult {
 	return EnvResult{
-		AppName:    Env.AppName,
-		AppVersion: Env.AppVersion,
-		BasePath:   Env.BasePath,
-		OS:         Env.OS,
-		ARCH:       Env.ARCH,
+		AppName:      Env.AppName,
+		AppVersion:   Env.AppVersion,
+		BasePath:     Env.BasePath,
+		OS:           Env.OS,
+		ARCH:         Env.ARCH,
+		IsPrivileged: Env.IsPrivileged,
 	}
 }
 

bridge/exec.go

@@ -35,9 +35,6 @@ func (a *App) Exec(path string, args []string, options ExecOptions) FlagResult {
 	}
 
 	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return FlagResult{false, err.Error()}
-	}
 
 	var output string
 	if options.Convert {
@@ -46,6 +43,10 @@ func (a *App) Exec(path string, args []string, options ExecOptions) FlagResult {
 		output = string(out)
 	}
 
+	if err != nil {
+		return FlagResult{false, string(output)}
+	}
+
 	return FlagResult{true, output}
 }
 

bridge/exec_others.go

@@ -35,3 +35,7 @@ func IsProcessAlive(p *os.Process) (bool, error) {
 	}
 	return false, fmt.Errorf("failed to check process %d: %w", p.Pid, err)
 }
+
+func IsPrivileged() (bool, error) {
+	return os.Geteuid() == 0, nil
+}

bridge/exec_windows.go

@@ -7,15 +7,18 @@ import (
 	"os"
 	"os/exec"
 	"syscall"
+	"unsafe"
 
 	"golang.org/x/sys/windows"
 )
 
 const ATTACH_PARENT_PROCESS uintptr = ^uintptr(0)
 
 var (
+	modAdvapi32 = windows.NewLazySystemDLL("advapi32.dll")
 	modKernel32 = windows.NewLazySystemDLL("kernel32.dll")
 
+	procCheckTokenMembership     = modAdvapi32.NewProc("CheckTokenMembership")
 	procFreeConsole              = modKernel32.NewProc("FreeConsole")
 	procAttachConsole            = modKernel32.NewProc("AttachConsole")
 	procSetConsoleCtrlHandler    = modKernel32.NewProc("SetConsoleCtrlHandler")
@@ -76,3 +79,20 @@ func IsProcessAlive(p *os.Process) (bool, error) {
 		return false, fmt.Errorf("unexpected WaitForSingleObject status: %d", s)
 	}
 }
+
+func IsPrivileged() (bool, error) {
+	var sid *windows.SID
+	sid, err := windows.CreateWellKnownSid(windows.WinBuiltinAdministratorsSid)
+	if err != nil {
+		return false, err
+	}
+
+	var isMember int32
+
+	ret, _, err := procCheckTokenMembership.Call(0, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(&isMember)))
+	if ret == 0 {
+		return false, err
+	}
+
+	return isMember != 0, nil
+}

bridge/types.go

@@ -14,14 +14,15 @@ type App struct {
 }
 
 type EnvResult struct {
-	IsStartup   bool   `json:"-"`
-	FromTaskSch bool   `json:"-"`
-	WebviewPath string `json:"-"`
-	AppName     string `json:"appName"`
-	AppVersion  string `json:"appVersion"`
-	BasePath    string `json:"basePath"`
-	OS          string `json:"os"`
-	ARCH        string `json:"arch"`
+	IsStartup    bool   `json:"-"`
+	FromTaskSch  bool   `json:"-"`
+	WebviewPath  string `json:"-"`
+	AppName      string `json:"appName"`
+	AppVersion   string `json:"appVersion"`
+	BasePath     string `json:"basePath"`
+	OS           string `json:"os"`
+	ARCH         string `json:"arch"`
+	IsPrivileged bool   `json:"isPrivileged"`
 }
 
 type RequestOptions struct {

frontend/src/bridge/wailsjs/go/models.ts

@@ -6,6 +6,7 @@ export namespace bridge {
 	    basePath: string;
 	    os: string;
 	    arch: string;
+	    isPrivileged: boolean;
 
 	    static createFrom(source: any = {}) {
 	        return new EnvResult(source);
@@ -18,6 +19,7 @@ export namespace bridge {
 	        this.basePath = source["basePath"];
 	        this.os = source["os"];
 	        this.arch = source["arch"];
+	        this.isPrivileged = source["isPrivileged"];
 	    }
 	}
 	export class ExecOptions {

frontend/src/stores/env.ts

@@ -17,6 +17,7 @@ export const useEnvStore = defineStore('env', () => {
     appPath: '',
     os: '',
     arch: '',
+    isPrivileged: false,
   })
 
   const systemProxy = ref(false)

frontend/src/utils/helper.ts

@@ -74,6 +74,31 @@ export const GrantTUNPermission = async (path: string) => {
   }
 }
 
+export const RunWithPowerShell = async (
+  path: string,
+  args: string[] = [],
+  options: { admin?: boolean; hidden?: boolean; wait?: boolean },
+) => {
+  const { admin = false, hidden = false, wait = true, ...others } = options
+  const psArgs: string[] = []
+  let command = `Start-Process -FilePath "${path}"`
+  if (args.length > 0) {
+    const argList = args.map((a) => `"${a.replace(/"/g, '""')}"`).join(',')
+    command += ` -ArgumentList ${argList}`
+  }
+  if (admin) {
+    command += ' -Verb RunAs'
+  }
+  if (hidden) {
+    command += ' -WindowStyle Hidden'
+  }
+  if (wait) {
+    command += ' -Wait'
+  }
+  psArgs.push('-NoProfile', '-Command', command)
+  await Exec('powershell', psArgs, { Convert: true, ...others })
+}
+
 // SystemProxy Helper
 export const SetSystemProxy = async (
   enable: boolean,
@@ -531,11 +556,16 @@ export const QuerySchTask = async (taskName: string) => {
 }
 
 export const CreateSchTask = async (taskName: string, xmlPath: string) => {
-  await Exec('SchTasks', ['/Create', '/F', '/TN', taskName, '/XML', xmlPath], { Convert: true })
+  const fn = useEnvStore().env.isPrivileged ? Exec : RunWithPowerShell
+  await fn('SchTasks', ['/Create', '/F', '/TN', taskName, '/XML', xmlPath], {
+    admin: true,
+    hidden: true,
+  })
 }
 
 export const DeleteSchTask = async (taskName: string) => {
-  await Exec('SchTasks', ['/Delete', '/F', '/TN', taskName], { Convert: true })
+  const fn = useEnvStore().env.isPrivileged ? Exec : RunWithPowerShell
+  await fn('SchTasks', ['/Delete', '/F', '/TN', taskName], { admin: true, hidden: true })
 }
 
 // Others

frontend/src/views/SettingsView/components/components/BehaviorSettings.vue

@@ -1,18 +1,20 @@
 <script lang="ts" setup>
 import { ref } from 'vue'
 
-import { WriteFile, RemoveFile, AbsolutePath } from '@/bridge'
+import { WriteFile, RemoveFile, AbsolutePath, ExitApp } from '@/bridge'
 import { WebviewGpuPolicyOptions, WindowStateOptions } from '@/constant/app'
 import { useAppSettingsStore, useEnvStore } from '@/stores'
 import {
   APP_TITLE,
   getTaskSchXmlString,
+  confirm,
   message,
   QuerySchTask,
   CreateSchTask,
   DeleteSchTask,
   CheckPermissions,
   SwitchPermissions,
+  RunWithPowerShell,
 } from '@/utils'
 
 const appSettings = useAppSettingsStore()
@@ -21,10 +23,22 @@ const envStore = useEnvStore()
 const isAdmin = ref(false)
 const isTaskScheduled = ref(false)
 
+const restartApp = async (admin = false) => {
+  if (admin) {
+    await RunWithPowerShell(envStore.env.appPath, [], { admin, wait: false })
+  } else {
+    await RunWithPowerShell('explorer', [envStore.env.appPath], { wait: false })
+  }
+  await ExitApp()
+}
+
 const onPermChange = async (v: boolean) => {
   try {
     await SwitchPermissions(v)
-    message.success('common.success')
+    if (v !== envStore.env.isPrivileged) {
+      const ok = await confirm('Notice', 'Restart the application now?').catch(() => 0)
+      ok && (await restartApp(v))
+    }
   } catch (error: any) {
     message.error(error)
     console.log(error)
@@ -93,7 +107,17 @@ if (envStore.env.os === 'windows') {
         {{ $t('settings.admin') }}
         <span class="font-normal text-12">({{ $t('settings.needRestart') }})</span>
       </div>
-      <Switch v-model="isAdmin" @change="onPermChange" />
+      <div class="flex items-center gap-4">
+        <Button
+          v-if="envStore.env.isPrivileged !== isAdmin"
+          v-tips="'titlebar.restart'"
+          type="primary"
+          icon="refresh"
+          size="small"
+          @click="() => restartApp(isAdmin)"
+        />
+        <Switch v-model="isAdmin" @change="onPermChange" />
+      </div>
     </div>
     <div v-platform="['windows']" class="px-8 py-12 flex items-center justify-between">
       <div class="text-16 font-bold">