feat(mobile): use shared native client (#25942)

* use shared client in dart

fix android

* websocket integration

platform-side headers

update comment

consistent platform check

tweak websocket handling

support streaming

* redundant logging

* fix proguard

* formatting

* handle onProgress

* support videos on ios

* inline return

* improved ios impl

* cleanup

* sync stopForegroundBackup

* voidify

* future already completed

* stream request on android

* outdated ios ws code

* use `choosePrivateKeyAlias`

* return result

* formatting

* update tests

* redundant check

* handle custom headers

* move completer outside of state

* persist auth

* dispose old socket

* use group id for cookies

* redundant headers

* cache global ref

* handle network switching

* handle basic auth

* apply custom headers immediately

* video player update

* fix

* persist url

* potential logout fix

---------

Co-authored-by: Alex <alex.tran1502@gmail.com>

mobile/lib/utils/http_ssl_cert_override.dart

@@ -1,61 +0,0 @@
-import 'dart:io';
-
-import 'package:immich_mobile/entities/store.entity.dart';
-import 'package:logging/logging.dart';
-
-class HttpSSLCertOverride extends HttpOverrides {
-  static final Logger _log = Logger("HttpSSLCertOverride");
-  final bool _allowSelfSignedSSLCert;
-  final String? _serverHost;
-  final SSLClientCertStoreVal? _clientCert;
-  late final SecurityContext? _ctxWithCert;
-
-  HttpSSLCertOverride(this._allowSelfSignedSSLCert, this._serverHost, this._clientCert) {
-    if (_clientCert != null) {
-      _ctxWithCert = SecurityContext(withTrustedRoots: true);
-      if (_ctxWithCert != null) {
-        setClientCert(_ctxWithCert, _clientCert);
-      } else {
-        _log.severe("Failed to create security context with client cert!");
-      }
-    } else {
-      _ctxWithCert = null;
-    }
-  }
-
-  static bool setClientCert(SecurityContext ctx, SSLClientCertStoreVal cert) {
-    try {
-      _log.info("Setting client certificate");
-      ctx.usePrivateKeyBytes(cert.data, password: cert.password);
-      ctx.useCertificateChainBytes(cert.data, password: cert.password);
-    } catch (e) {
-      _log.severe("Failed to set SSL client cert: $e");
-      return false;
-    }
-    return true;
-  }
-
-  @override
-  HttpClient createHttpClient(SecurityContext? context) {
-    if (context != null) {
-      if (_clientCert != null) {
-        setClientCert(context, _clientCert);
-      }
-    } else {
-      context = _ctxWithCert;
-    }
-
-    return super.createHttpClient(context)
-      ..badCertificateCallback = (X509Certificate cert, String host, int port) {
-        if (_allowSelfSignedSSLCert) {
-          // Conduct server host checks if user is logged in to avoid making
-          // insecure SSL connections to services that are not the immich server.
-          if (_serverHost == null || _serverHost.contains(host)) {
-            return true;
-          }
-        }
-        _log.severe("Invalid SSL certificate for $host:$port");
-        return false;
-      };
-  }
-}

mobile/lib/utils/http_ssl_options.dart

@@ -1,27 +0,0 @@
-import 'dart:io';
-
-import 'package:immich_mobile/domain/models/store.model.dart';
-import 'package:immich_mobile/entities/store.entity.dart';
-import 'package:immich_mobile/services/app_settings.service.dart';
-import 'package:immich_mobile/utils/http_ssl_cert_override.dart';
-
-class HttpSSLOptions {
-  static void apply() {
-    AppSettingsEnum setting = AppSettingsEnum.allowSelfSignedSSLCert;
-    bool allowSelfSignedSSLCert = Store.get(setting.storeKey as StoreKey<bool>, setting.defaultValue);
-    return _apply(allowSelfSignedSSLCert);
-  }
-
-  static void applyFromSettings(bool newValue) => _apply(newValue);
-
-  static void _apply(bool allowSelfSignedSSLCert) {
-    String? serverHost;
-    if (allowSelfSignedSSLCert && Store.tryGet(StoreKey.currentUser) != null) {
-      serverHost = Uri.parse(Store.tryGet(StoreKey.serverEndpoint) ?? "").host;
-    }
-
-    SSLClientCertStoreVal? clientCert = SSLClientCertStoreVal.load();
-
-    HttpOverrides.global = HttpSSLCertOverride(allowSelfSignedSSLCert, serverHost, clientCert);
-  }
-}

mobile/lib/utils/isolate.dart

@@ -10,7 +10,6 @@ import 'package:immich_mobile/providers/infrastructure/cancel.provider.dart';
 import 'package:immich_mobile/providers/infrastructure/db.provider.dart';
 import 'package:immich_mobile/utils/bootstrap.dart';
 import 'package:immich_mobile/utils/debug_print.dart';
-import 'package:immich_mobile/utils/http_ssl_options.dart';
 import 'package:immich_mobile/wm_executor.dart';
 import 'package:logging/logging.dart';
 import 'package:worker_manager/worker_manager.dart';
@@ -54,7 +53,6 @@ Cancelable<T?> runInIsolateGentle<T>({
         Logger log = Logger("IsolateLogger");
 
         try {
-          HttpSSLOptions.apply();
           result = await computation(ref);
         } on CanceledError {
           log.warning("Computation cancelled ${debugLabel == null ? '' : ' for $debugLabel'}");