From 46b8d810c5dc483aab044e4be331ebab6899aec3 Mon Sep 17 00:00:00 2001
From: Joseph Montanaro <jfmonty2@gmail.com>
Date: Wed, 10 Jan 2024 16:31:16 -0800
Subject: [PATCH] allow user to choose whether to send base credentials at
 approval screen

---
 package.json                |  2 +-
 src-tauri/Cargo.toml        |  2 +-
 src-tauri/src/errors.rs     |  3 ++-
 src-tauri/src/ipc.rs        |  1 +
 src-tauri/src/server/mod.rs | 10 +++++-----
 src-tauri/src/state.rs      |  8 ++++----
 src-tauri/tauri.conf.json   |  2 +-
 src/style.css               |  5 +++++
 src/views/Approve.svelte    | 14 +++++++++++---
 src/views/Home.svelte       |  2 +-
 10 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/package.json b/package.json
index ac406c3..4fb5754 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "creddy",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "scripts": {
     "dev": "vite",
     "build": "vite build",
diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml
index edd021f..98d250a 100644
--- a/src-tauri/Cargo.toml
+++ b/src-tauri/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "creddy"
-version = "0.4.1"
+version = "0.4.2"
 description = "A friendly AWS credentials manager"
 authors = ["Joseph Montanaro"]
 license = ""
diff --git a/src-tauri/src/errors.rs b/src-tauri/src/errors.rs
index de7c823..4e329bc 100644
--- a/src-tauri/src/errors.rs
+++ b/src-tauri/src/errors.rs
@@ -18,6 +18,7 @@ use tauri::api::dialog::{
     MessageDialogBuilder, 
     MessageDialogKind,
 };
+use tokio::sync::oneshot::error::RecvError;
 use serde::{
     Serialize,
     Serializer,
@@ -164,7 +165,7 @@ pub enum HandlerError {
     #[error("HTTP request too large")]
     RequestTooLarge,
     #[error("Internal server error")]
-    Internal,
+    Internal(#[from] RecvError),
     #[error("Error accessing credentials: {0}")]
     NoCredentials(#[from] GetCredentialsError),
     #[error("Error getting client details: {0}")]
diff --git a/src-tauri/src/ipc.rs b/src-tauri/src/ipc.rs
index 03e487a..cf231d3 100644
--- a/src-tauri/src/ipc.rs
+++ b/src-tauri/src/ipc.rs
@@ -21,6 +21,7 @@ pub struct AwsRequestNotification {
 pub struct RequestResponse {
     pub id: u64,
     pub approval: Approval,
+    pub base: bool,
 }
 
 
diff --git a/src-tauri/src/server/mod.rs b/src-tauri/src/server/mod.rs
index e1f8463..584ac70 100644
--- a/src-tauri/src/server/mod.rs
+++ b/src-tauri/src/server/mod.rs
@@ -97,9 +97,10 @@ async fn get_aws_credentials(base: bool, client: Client, app_handle: AppHandle)
         let notification = AwsRequestNotification {id: request_id, client, base};
         app_handle.emit_all("credentials-request", &notification)?;
 
-        match chan_recv.await {
-            Ok(Approval::Approved) => {
-                if base {
+        let response = chan_recv.await?;
+        match response.approval {
+            Approval::Approved => {
+                if response.base {
                     let creds = state.base_creds_cloned().await?;
                     Ok(Response::Aws(Credentials::Base(creds)))
                 }
@@ -108,8 +109,7 @@ async fn get_aws_credentials(base: bool, client: Client, app_handle: AppHandle)
                     Ok(Response::Aws(Credentials::Session(creds)))
                 }
             },
-            Ok(Approval::Denied) => Err(HandlerError::Denied),
-            Err(_e) => Err(HandlerError::Internal),
+            Approval::Denied => Err(HandlerError::Denied),
         }
     };
 
diff --git a/src-tauri/src/state.rs b/src-tauri/src/state.rs
index e6af889..6d590c1 100644
--- a/src-tauri/src/state.rs
+++ b/src-tauri/src/state.rs
@@ -17,7 +17,7 @@ use crate::credentials::{
     SessionCredentials,
 };
 use crate::{config, config::AppConfig};
-use crate::ipc::{self, Approval};
+use crate::ipc::{self, Approval, RequestResponse};
 use crate::errors::*;
 use crate::shortcuts;
 
@@ -102,7 +102,7 @@ pub struct AppState {
     pub config: RwLock<AppConfig>,
     pub session: RwLock<Session>,
     pub request_count: RwLock<u64>,
-    pub waiting_requests: RwLock<HashMap<u64, Sender<Approval>>>,
+    pub waiting_requests: RwLock<HashMap<u64, Sender<RequestResponse>>>,
     pub pending_terminal_request: RwLock<bool>,
     // these are never modified and so don't need to be wrapped in RwLocks
     pub setup_errors: Vec<String>,
@@ -161,7 +161,7 @@ impl AppState {
         Ok(())
     }
 
-    pub async fn register_request(&self, sender: Sender<Approval>) -> u64 {
+    pub async fn register_request(&self, sender: Sender<RequestResponse>) -> u64 {
         let count = {
             let mut c = self.request_count.write().await;
             *c += 1;
@@ -193,7 +193,7 @@ impl AppState {
         waiting_requests
             .remove(&response.id)
             .ok_or(SendResponseError::NotFound)?
-            .send(response.approval)
+            .send(response)
             .map_err(|_| SendResponseError::Abandoned)
     }
 
diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json
index 18d19f9..d030f56 100644
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -8,7 +8,7 @@
   },
   "package": {
     "productName": "creddy",
-    "version": "0.4.1"
+    "version": "0.4.2"
   },
   "tauri": {
     "allowlist": {
diff --git a/src/style.css b/src/style.css
index 8253df9..0d18ca9 100644
--- a/src/style.css
+++ b/src/style.css
@@ -5,3 +5,8 @@
 .btn-alert-error {
     @apply bg-transparent hover:bg-[#cd5a5a] border border-error-content text-error-content
 }
+
+/* I like alert icons to be top-aligned */
+.alert > :where(*) {
+    align-items: flex-start;
+}
diff --git a/src/views/Approve.svelte b/src/views/Approve.svelte
index 6ccc86c..8d9a39d 100644
--- a/src/views/Approve.svelte
+++ b/src/views/Approve.svelte
@@ -11,10 +11,11 @@
 
     // Send response to backend, display error if applicable
     let error, alert;
+    let base = $appState.currentRequest.base;
     async function respond() {
         let {id, approval} = $appState.currentRequest;
         try {
-            await invoke('respond', {response: {id, approval}});
+            await invoke('respond', {response: {id, approval, base}});
             navigate('ShowResponse');
         }
         catch (e) {
@@ -83,7 +84,7 @@
                 <div>
                     <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
                     <span>
-                        WARNING: This application is requesting your base (long-lived) AWS credentials. 
+                        WARNING: This application is requesting your long-lived AWS credentials. 
                         These credentials are less secure than session credentials, since they don't expire automatically.
                     </span>
                 </div>
@@ -116,5 +117,12 @@
                 </button>
             </Link>
         </div>
+
+        <div class="w-full">
+            <label class="label cursor-pointer justify-end gap-x-2">
+                <span class="label-text">Send long-lived credentials</span>
+                <input type="checkbox" class="checkbox checkbox-success" bind:checked={base}>
+            </label>
+        </div>
     </div>
-{/if}
\ No newline at end of file
+{/if}
diff --git a/src/views/Home.svelte b/src/views/Home.svelte
index a37d042..70ff152 100644
--- a/src/views/Home.svelte
+++ b/src/views/Home.svelte
@@ -39,8 +39,8 @@
                     Launch Terminal
                 </button>
                 <label class="label cursor-pointer flex items-center space-x-2">
+                    <span class="label-text">Launch with long-lived credentials</span>
                     <input type="checkbox" class="checkbox checkbox-sm" bind:checked={launchBase}>
-                    <span class="label-text">Launch with base credentials</span>
                 </label>
 
             {:else if status === 'empty'}