Advanced server selection ux

[deeppandya]

Resolves brave/brave-browser#36277
Resolves brave/brave-browser#38186

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

Android

Automatic

1. Buy IAP subscription on fresh profile
2. Create VPN profile
3. Turn on VPN
4. Go to Server selection page
5. Observe -> Automatic should be selected

Optimal server location from the selected region

1. Go to Server selection page
2. Select USA as region
3. On the next page, select Optimal
4. Observe - > Best server location would be selected and it could give different location based on the available resources on the location at the time.

Specific server selection

1. Go to Server selection page
2. Select USA as region
3. On the next page, select Atlanta
4. Observe -> Atlanta should be selected as server location

Upgrade scenario

1. After the upgrade, Go to Server selection page
2. Observe -> Selected region from previous version should also be selected in the new UI
3. Tap on the region
4. And on the next page, Observe -> Optimal should be selected as we didn't have a granular details from previous version.
5. New version of the app would follow the new changes moving forward

Desktop

BraveVPNServiceTest.*
BraveVPNUtilsUnitTest.*

1. Open vpn panel and check main panel has sub label such as Optimal or city name.

6. Go to select page in vpn panel. Each country shows detailed server/city info in the sublabel

7. Click country entry and it shows Optimal sub entry and its cities

8. When click connect on Optimal, main panel's sub label has Optimal or city name if clicked on each city entry like the screen shot above at 1 step

9. When click connen on country, it goes with optimal.
   

10. Select server panel has Automatic entry at the top. When clicks it, it picks current timezone's region
    

11. Existing users will see previously selected country with Optimal region

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[fallaciousreasoning]

components/brave_vpn/resources LGTM with some nits

[fallaciousreasoning]

Do we ever call this function with a different precision?

[simonhong]

Right, we only call with this arg.
@deeppandya maybe we don't need to have param for this api(GetAllRegions)?
If you don't mind, I could change this method.

[deeppandya]

I assumed that it may be useful for the desktop as it provides a different response based on the region_precision. If it's not useful for the desktop, we can surely get rid of it.

[simonhong]

Fixed by 6f24b64

[fallaciousreasoning]

whoops accidentally commented instead of approving

[github-actions]

[puLL-Merge] - brave/brave-core@25089

Description

This PR implements significant changes to the Brave VPN feature, particularly focusing on the server selection functionality and UI improvements. The changes include updates to the region data structure, new API endpoints, UI enhancements for server selection, and modifications to the VPN service handling.

Changes

Changes

1. Android Java Changes:

   • Added new activities and adapters for VPN server selection.
   • Updated existing VPN-related activities and adapters.
   • Modified BraveVpnNativeWorker to support new region data structure.
   • Added BraveVpnServiceFactoryAndroid for mojo interface handling.

2. C++ Changes:

   • Updated BraveVpnService and related classes to support new region data structure.
   • Added new methods for handling region selection and data fetching.
   • Modified API request handling for new endpoints.

3. UI/UX Changes:

   • Updated panel UI components for improved server selection experience.
   • Added new localized strings for server selection UI.
   • Implemented new UI for displaying country and city-level server information.

4. Data Structure Changes:

   • Updated Region struct to include more detailed information (cities, server count, etc.).
   • Modified region data parsing and storage methods.

5. Preference Handling:

   • Added new preferences for VPN region list version and automatic server selection.
   • Implemented migration for older region selection preferences.

6. Mojo Interface Updates:

   • Modified brave_vpn.mojom to support new region data structure and methods.

7. Resource Updates:

   • Added new icons and updated existing ones for VPN UI.

Possible Issues

1. The changes to the region data structure and selection process may require careful testing to ensure backward compatibility with existing user configurations.
2. The new UI for server selection introduces more complexity, which could potentially lead to performance issues on lower-end devices.

Security Hotspots

No significant security hotspots were identified in this change. However, as with any network-related feature, careful review of the new API endpoints and data handling should be conducted to ensure no sensitive information is exposed.

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] RegExp() called with a replacements function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.

Source: https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp


Cc @thypon

[fallaciousreasoning]

This is just a formatting change

[fallaciousreasoning]

lgtm thanks @simonhong !

[simonhong]

lgtm thanks @simonhong !

Thanks for great review :)

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] base::Unretained is most of the time unrequited, and a weak reference is better suited for secure coding.
Consider swapping Unretained for a weak reference.
base::Unretained usage may be acceptable when a callback owner is guaranteed
to be destroyed with the object base::Unretained is pointing to, for example:

- PrefChangeRegistrar
- base::*Timer
- mojo::Receiver
- any other class member destroyed when the class is deallocated


Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/chromium-uaf.yaml


Cc @thypon @goodov @iefremov