Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_APK/llms.txt

Use this file to discover all available pages before exploring further.

Dragon Guard Handheld uses a layered URL strategy so the same APK binary can target a local development server during testing and a production backend in official releases — without recompiling. The ApiSettingsService owns the active base URL, DynamicBaseUrlMessageHandler rewrites every outgoing request at runtime, and AppExperienceService controls whether a manual override is allowed.

Base URL Constants

All compiled default addresses live in Constants/ApiConstants.cs:
Constants/ApiConstants.cs
public static class ApiConstants
{
    public const string DefaultAndroidBaseUrl = "http://192.168.100.4:5262/";
    public const string DefaultDesktopBaseUrl  = "http://localhost:5262/";
    public const string PlaceholderBaseUrl     = "http://placeholder.invalid/";
}
Every HttpClient registered in MauiProgram.cs starts with PlaceholderBaseUrl. The DynamicBaseUrlMessageHandler replaces it before each request fires, so changing the target server never requires recompilation.

ApiSettingsService

ApiSettingsService is a singleton that owns CurrentBaseUrl for the lifetime of the app.
Method / PropertyDescription
CurrentBaseUrlThe resolved base URL currently in use
GetDefaultBaseUrl()Returns the compiled Android or Desktop default
NormalizeOrDefault(string?)Normalizes a candidate URL or falls back to the default
TryNormalize(string?, out string)Validates and normalizes a URL candidate — adds http:// prefix if missing, ensures trailing slash
Save(string?, out string, out string)Persists a custom URL to Preferences; fails with an error message in official builds
BuildUri(string)Combines CurrentBaseUrl with a relative or absolute path
TestConnectionAsync(string?, CancellationToken)Probes api/auth/registration-options on the candidate URL with an 8-second timeout
Changed eventFires when the active base URL is updated

DynamicBaseUrlMessageHandler

Every HTTP pipeline (public and protected) includes DynamicBaseUrlMessageHandler as an HttpMessageHandler. Before each request is sent, it asks ApiSettingsService for the current URL and rewrites the request’s BaseAddress:
// Simplified behavior
protected override Task<HttpResponseMessage> SendAsync(
    HttpRequestMessage request, CancellationToken ct)
{
    // Rewrite placeholder base URL with the current live address
    var currentBase = _apiSettings.CurrentBaseUrl;
    // ... rebuild request Uri with currentBase ...
    return base.SendAsync(request, ct);
}
This means no ViewModel or Service needs to know the current server address — they all build paths relative to PlaceholderBaseUrl and the handler fixes them transparently.

Debug vs Official Behavior

In a DEBUG build, AppExperienceService.AllowConnectionOverride returns true:
  • The Settings screen shows a URL input field.
  • ApiSettingsService.Save() persists the custom URL to Preferences.
  • The override survives app restarts.
  • Changing the URL does not clear the local JWT — if the new server rejects the token, normal 401/403 handling returns the app to Login.
// AppExperienceService (DEBUG)
public bool ShowConnectionSettings => true;
public bool AllowConnectionOverride => true;
public string ExperienceMode => "TEST";
Changing the base URL in a DEBUG build does not log out the operator. If the new server rejects the saved JWT (returns 401 or 403), AuthenticatedHttpMessageHandler will call SessionService.SignOutAsync() and redirect to LoginPage automatically.

Network Security (Android)

Android blocks HTTP cleartext traffic by default. The app ships a network_security_config.xml that explicitly allows it for local development:
Platforms/Android/Resources/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>

    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">10.0.2.2</domain>
        <domain includeSubdomains="true">localhost</domain>
        <domain includeSubdomains="true">192.168.100.4</domain>
    </domain-config>
</network-security-config>
The <base-config> permits cleartext globally and trusts both system and user certificate authorities. The <domain-config> explicitly permits cleartext for the three development addresses: 10.0.2.2 (Android emulator host), localhost, and 192.168.100.4 (the default LAN test server from DefaultAndroidBaseUrl). The manifest references it via android:networkSecurityConfig="@xml/network_security_config" and sets android:usesCleartextTraffic="true" on the <application> element.
For production deployments, set your backend behind HTTPS and update network_security_config.xml to restrict cleartext to specific IP ranges or remove the override entirely.

Changing the Default URL for a New Environment

To permanently retarget an official build to a different server, update the constant before building:
Constants/ApiConstants.cs
// Change this to your production server
public const string DefaultAndroidBaseUrl = "https://your-server.example.com/";
Rebuild with dotnet publish -f net8.0-android -c Release and redistribute the APK.

Build docs developers (and LLMs) love