feat: 修复权限检查并优化TUN与自启联动 (#977)

1. 修复管理员权限检查不准导致TUN无法开启的问题
   - 增加 'fltmc' 命令作为主要判断，'net session' 作为备用，提高在特定环境下的准确性。

2. 优化自启动以自动保持TUN模式开启
   - 设置自启动时，根据当前运行身份决定任务权限。
   - 为TUN模式提权而重启后，若自启已开启，则自动将计划任务更新为管理员权限。
   - 普通权限启动但TUN开启时，主动提示用户需以管理员身份重启。

src/main/core/manager.ts

@@ -290,13 +290,7 @@ export async function checkTunPermissions(): Promise<boolean> {
 
   try {
     if (process.platform === 'win32') {
-      const execPromise = promisify(exec)
+      return await checkAdminPrivileges()
-      try {
-        await execPromise('net session')
-        return true
-      } catch {
-        return false
-      }
     }
 
     if (process.platform === 'darwin' || process.platform === 'linux') {
@@ -341,13 +335,26 @@ export async function checkAdminPrivileges(): Promise<boolean> {
     return true
   }
 
-  try {
   const execPromise = promisify(exec)
-    await execPromise('net session')
+  
+  try {
+    // 首先尝试 fltmc 命令检测管理员权限
+    await execPromise('fltmc')
+    await managerLogger.info('Admin privileges confirmed via fltmc')
     return true
-  } catch {
+  } catch (fltmcError) {
+    await managerLogger.info('fltmc failed, trying net session as fallback', fltmcError)
+    
+    try {
+      // 如果 fltmc 失败，尝试 net session 命令作为备用检测方法
+      await execPromise('net session')
+      await managerLogger.info('Admin privileges confirmed via net session')
+      return true
+    } catch (netSessionError) {
+      await managerLogger.info('Both fltmc and net session failed, no admin privileges', netSessionError)
       return false
     }
+  }
 }
 
 // TUN 权限确认框
@@ -604,6 +611,13 @@ export async function checkAdminRestartForTun(): Promise<void> {
         const hasAdminPrivileges = await checkAdminPrivileges()
         if (hasAdminPrivileges) {
           await patchControledMihomoConfig({ tun: { enable: true }, dns: { enable: true } })
+
+          const { checkAutoRun, enableAutoRun } = await import('../sys/autoRun')
+          const autoRunEnabled = await checkAutoRun()
+          if (autoRunEnabled) {
+            await enableAutoRun()
+          }
+
           await restartCore()
 
           await managerLogger.info('TUN mode auto-enabled after admin restart')
@@ -635,8 +649,16 @@ export async function validateTunPermissionsOnStartup(): Promise<void> {
     const hasPermissions = await checkMihomoCorePermissions()
 
     if (!hasPermissions) {
-      await managerLogger.warn('TUN is enabled but insufficient permissions detected, auto-disabling TUN...')
+      await managerLogger.warn(
+        'TUN is enabled but insufficient permissions detected, prompting user...'
+      )
+      const confirmed = await showTunPermissionDialog()
+      if (confirmed) {
+        await restartAsAdmin()
+        return
+      }
 
+      await managerLogger.warn('User declined admin restart, auto-disabling TUN...')
       await patchControledMihomoConfig({ tun: { enable: false } })
 
       const { mainWindow } = await import('../index')

src/main/sys/autoRun.ts

@@ -9,7 +9,8 @@ import { managerLogger } from '../utils/logger'
 
 const appName = 'mihomo-party'
 
-function getTaskXml(): string {
+function getTaskXml(asAdmin: boolean): string {
+  const runLevel = asAdmin ? 'HighestAvailable' : 'LeastPrivilege'
   return `<?xml version="1.0" encoding="UTF-16"?>
 <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
   <Triggers>
@@ -21,7 +22,7 @@ function getTaskXml(): string {
   <Principals>
     <Principal id="Author">
       <LogonType>InteractiveToken</LogonType>
-      <RunLevel>LeastPrivilege</RunLevel>
+      <RunLevel>${runLevel}</RunLevel>
     </Principal>
   </Principals>
   <Settings>
@@ -83,9 +84,9 @@ export async function enableAutoRun(): Promise<void> {
   if (process.platform === 'win32') {
     const execPromise = promisify(exec)
     const taskFilePath = path.join(tmpdir(), `${appName}.xml`)
-    await writeFile(taskFilePath, Buffer.from(`\ufeff${getTaskXml()}`, 'utf-16le'))
     const { checkAdminPrivileges } = await import('../core/manager')
     const isAdmin = await checkAdminPrivileges()
+    await writeFile(taskFilePath, Buffer.from(`\ufeff${getTaskXml(isAdmin)}`, 'utf-16le'))
     if (isAdmin) {
       await execPromise(`%SystemRoot%\\System32\\schtasks.exe /create /tn "${appName}" /xml "${taskFilePath}" /f`)
     } else {

src/renderer/src/components/sider/tun-switcher.tsx

@@ -75,6 +75,9 @@ const TunSwitcher: React.FC<Props> = (props) => {
       }
 
       await patchControledMihomoConfig({ tun: { enable }, dns: { enable: true } })
+      if (enable && appConfig?.silentStart) {
+        await window.electron.ipcRenderer.invoke('enableAutoRun')
+      }
     } else {
       await patchControledMihomoConfig({ tun: { enable } })
     }