jfmonty2/creddy
2
1
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 15 Wiki Activity

start refactoring for default credentials

Browse Source
This commit is contained in:
Joseph Montanaro
2024-06-26 11:10:50 -04:00
parent 8c668e51a6
commit 37b44ddb2e
21 changed files with 708 additions and 632 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
src/views/Approve.svelte
View File

@ -1,24 +1,23 @@
<script>
import { onMount } from 'svelte';
import { appState, cleanupRequest } from '../lib/state.js';
import { invoke } from '@tauri-apps/api/core';
import { navigate } from '../lib/routing.js';
import { appState, cleanupRequest } from '../lib/state.js';
import ErrorAlert from '../ui/ErrorAlert.svelte';
import Link from '../ui/Link.svelte';
import KeyCombo from '../ui/KeyCombo.svelte';
import CollectResponse from './approve/CollectResponse.svelte';
import ShowResponse from './approve/ShowResponse.svelte';
import Unlock from './Unlock.svelte';
// Send response to backend, display error if applicable
// Extra 50ms so the window can finish disappearing before the redraw
const rehideDelay = Math.min(5000, $appState.config.rehide_ms + 50);
let error, alert;
async function respond() {
const response = {
id: $appState.currentRequest.id,
...$appState.currentRequest.response,
};
let success = false;
async function sendResponse() {
try {
await invoke('respond', {response});
navigate('ShowResponse');
await invoke('respond', {response: $appState.currentRequest.response});
success = true;
window.setTimeout(cleanupRequest, rehideDelay);
}
catch (e) {
if (error) {
@ -28,118 +27,41 @@
}
}
// Approval has one of several outcomes depending on current credential state
async function approve(base) {
$appState.currentRequest.response = {approval: 'Approved', base};
let status = await invoke('get_session_status');
if (status === 'unlocked') {
await respond();
}
else if (status === 'locked') {
navigate('Unlock');
}
else {
navigate('EnterCredentials');
async function handleResponse() {
if (
$appState.sessionStatus === 'unlocked'
|| $appState.currentRequest.response.approval === 'Denied'
) {
await sendResponse();
}
}
// Denial has only one
async function deny() {
$appState.currentRequest.response = {approval: 'Denied', base: false};
await respond();
}
// Extract executable name from full path
const client = $appState.currentRequest.client;
const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
const appName = m[1] || m[2];
// Executable paths can be long, so ensure they only break on \ or /
function breakPath(path) {
return path.replace(/(\\|\/)/g, '$1<wbr>');
}
// if the request has already been approved/denied, send response immediately
onMount(async () => {
if ($appState.currentRequest.response) {
await respond();
}
});
</script>
<!-- Don't render at all if we're just going to immediately proceed to the next screen -->
{#if error || !$appState.currentRequest?.response}
{#if success}
<!-- if we have successfully sent a response, show it -->
<ShowResponse />
{:else if !$appState.currentRequest?.response || error}
<!-- if there's no response, or if there was an error sending it, ask for response -->
<div class="flex flex-col space-y-4 p-4 m-auto max-w-xl h-screen items-center justify-center">
{#if error}
<ErrorAlert bind:this={alert}>
{error.msg}
<svelte:fragment slot="buttons">
<button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
<button class="btn btn-sm btn-alert-error" on:click={respond}>Retry</button>
<button class="btn btn-sm btn-alert-error" on:click={sendResponse}>Retry</button>
</svelte:fragment>
</ErrorAlert>
{/if}
{#if $appState.currentRequest?.base}
<div class="alert alert-warning shadow-lg">
<div>
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
<span>
WARNING: This application is requesting your base AWS credentials.
These credentials are less secure than session credentials, since they don't expire automatically.
</span>
</div>
</div>
{/if}
<div class="space-y-1 mb-4">
<h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>
<div class="grid grid-cols-[auto_1fr] gap-x-3">
<div class="text-right">Path:</div>
<code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
<div class="text-right">PID:</div>
<code>{client.pid}</code>
</div>
</div>
<div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
<!-- Don't display the option to approve with session credentials if base was specifically requested -->
{#if !$appState.currentRequest?.base}
<h3 class="font-semibold">
Approve with session credentials
</h3>
<Link target={() => approve(false)} hotkey="Enter" shift={true}>
<button class="w-full btn btn-success">
<KeyCombo keys={['Shift', 'Enter']} />
</button>
</Link>
{/if}
<h3 class="font-semibold">
<span class="mr-2">
{#if $appState.currentRequest?.base}
Approve
{:else}
Approve with base credentials
{/if}
</span>
</h3>
<Link target={() => approve(true)} hotkey="Enter" shift={true} ctrl={true}>
<button class="w-full btn btn-warning">
<KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
</button>
</Link>
<h3 class="font-semibold">
<span class="mr-2">Deny</span>
</h3>
<Link target={deny} hotkey="Escape">
<button class="w-full btn btn-error">
<KeyCombo keys={['Esc']} />
</button>
</Link>
</div>
<CollectResponse on:response={handleResponse} />
</div>
{:else if $appState.sessionStatus === 'locked'}
<!-- if session is locked and we do have a response, we must be waiting for unlock -->
<Unlock on:unlocked={sendResponse} />
{:else}
<!-- failsafe sanity check -->
<ErrorAlert>
Something is wrong. This message should never show up during normal operation.
</ErrorAlert>
{/if}