split into workspace so CLI can be a standalone crate

src-tauri/creddy_cli/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "creddy_cli"
+version = "0.5.3"
+edition = "2021"
+
+[dependencies]
+anyhow = "1.0.86"
+clap = { version = "3.2.23", features = ["derive"] }
+dirs = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+tokio = { workspace = true }

src-tauri/creddy_cli/src/cli.rs

@@ -0,0 +1,199 @@
+use std::env;
+use std::path::PathBuf;
+use std::process::Command as ChildCommand;
+#[cfg(unix)]
+use std::os::unix::process::CommandExt;
+#[cfg(windows)]
+use std::time::Duration;
+
+use anyhow::{bail, Context};
+use clap::{
+    Command,
+    Arg,
+    ArgMatches,
+    ArgAction,
+    builder::PossibleValuesParser,
+    value_parser,
+};
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+
+use crate::proto::{
+    CliCredential,
+    CliRequest,
+    CliResponse,
+    ServerError,
+    ShortcutAction,
+};
+
+
+pub fn parser() -> Command<'static> {
+    Command::new("creddy")
+        .version(env!("CARGO_PKG_VERSION"))
+        .about("A friendly credential manager")
+        .arg(
+            Arg::new("server_addr")
+                .short('a')
+                .long("server-addr")
+                .takes_value(true)
+                .value_parser(value_parser!(PathBuf))
+                .help("Connect to the main Creddy process at this address")
+        )
+        .subcommand(
+            Command::new("run")
+                .about("Launch Creddy")
+        )
+        .subcommand(
+            Command::new("get")
+                .about("Request AWS credentials from Creddy and output to stdout")
+                .arg(
+                    Arg::new("base")
+                        .short('b')
+                        .long("base")
+                        .action(ArgAction::SetTrue)
+                        .help("Use base credentials instead of session credentials")
+                )
+                .arg(
+                    Arg::new("name")
+                        .help("If unspecified, use default credentials")
+                )
+        )
+        .subcommand(
+            Command::new("exec")
+                .about("Inject AWS credentials into the environment of another command")
+                .trailing_var_arg(true)
+                .arg(
+                    Arg::new("base")
+                        .short('b')
+                        .long("base")
+                        .action(ArgAction::SetTrue)
+                        .help("Use base credentials instead of session credentials")
+                )
+                .arg(
+                    Arg::new("name")
+                        .short('n')
+                        .long("name")
+                        .takes_value(true)
+                        .help("If unspecified, use default credentials")
+                )
+                .arg(
+                    Arg::new("command")
+                        .multiple_values(true)
+                )
+        )
+        .subcommand(
+            Command::new("shortcut")
+                .about("Invoke an action normally trigged by hotkey (e.g. launch terminal)")
+                .arg(
+                    Arg::new("action")
+                        .value_parser(
+                            PossibleValuesParser::new(["show_window", "launch_terminal"])
+                        )
+                )
+        )
+}
+
+
+pub fn get(args: &ArgMatches, global_args: &ArgMatches) -> anyhow::Result<()> {
+    let name = args.get_one("name").cloned();
+    let base = *args.get_one("base").unwrap_or(&false);
+    let addr = global_args.get_one("server_addr").cloned();
+
+    let output = match make_request(addr, &CliRequest::GetCredential { name, base })?? {
+        CliResponse::Credential(c) => serde_json::to_string_pretty(&c).unwrap(),
+        r => bail!("Unexpected response from server: {r}"),
+    };
+    println!("{output}");
+    Ok(())
+}
+
+
+pub fn exec(args: &ArgMatches, global_args: &ArgMatches) -> anyhow::Result<()> {
+    let name = args.get_one("name").cloned();
+    let base = *args.get_one("base").unwrap_or(&false);
+    let addr = global_args.get_one("server_addr").cloned();
+    // Clap guarantees that cmd_line will be a sequence of at least 1 item
+    // test this!
+    let mut cmd_line = args.get_many("command").unwrap();
+    let cmd_name: &String = cmd_line.next().unwrap();
+    let mut cmd = ChildCommand::new(cmd_name);
+    cmd.args(cmd_line);
+
+    match make_request(addr, &CliRequest::GetCredential { name, base })?? {
+        CliResponse::Credential(CliCredential::AwsBase(creds)) => {
+            cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
+            cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
+        },
+        CliResponse::Credential(CliCredential::AwsSession(creds)) => {
+            cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
+            cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
+            cmd.env("AWS_SESSION_TOKEN", creds.session_token);
+        },
+        r => bail!("Unexpected response from server: {r}"),
+    }
+
+    #[cfg(unix)]
+    {
+        // cmd.exec() never returns if successful
+        let e = cmd.exec();
+        Err(e).with_context(|| {
+            // eventually figure out how to display the actual command
+            format!("Failed to execute command")
+        })?;
+        Ok(())
+    }
+
+    #[cfg(windows)]
+    {
+        let mut child = match cmd.spawn() {
+            Ok(c) => c,
+            Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
+                let name: OsString = cmd_name.into();
+                return Err(ExecError::NotFound(name).into());
+            }
+            Err(e) => return Err(ExecError::ExecutionFailed(e).into()),
+        };
+
+        let status = child.wait()
+            .map_err(|e| ExecError::ExecutionFailed(e))?;
+        std::process::exit(status.code().unwrap_or(1));
+    };
+}
+
+
+pub fn invoke_shortcut(args: &ArgMatches, global_args: &ArgMatches) -> anyhow::Result<()> {
+    let addr = global_args.get_one("server_addr").cloned();
+    let action = match args.get_one::<String>("action").map(|s| s.as_str()) {
+        Some("show_window") => ShortcutAction::ShowWindow,
+        Some("launch_terminal") => ShortcutAction::LaunchTerminal,
+        Some(&_) | None => unreachable!("Unknown shortcut action"), // guaranteed by clap
+    };
+
+    let req = CliRequest::InvokeShortcut(action);
+    match make_request(addr, &req)?? {
+        CliResponse::Empty => Ok(()),
+        r => bail!("Unexpected response from server: {r}"),
+    }
+}
+
+
+// Explanation for double-result: the server will return a (serialized) Result
+// to indicate when the operation succeeded or failed, which we deserialize.
+// However, the operation may fail to even communicate with the server, in
+// which case we return the outer Result
+#[tokio::main]
+async fn make_request(
+    addr: Option<PathBuf>,
+    req: &CliRequest
+) -> anyhow::Result<Result<CliResponse, ServerError>> {
+    let mut data = serde_json::to_string(req).unwrap();
+    // server expects newline marking end of request
+    data.push('\n');
+
+    let mut stream = crate::connect(addr).await?;
+    stream.write_all(&data.as_bytes()).await?;
+
+    let mut buf = Vec::with_capacity(1024);
+    stream.read_to_end(&mut buf).await?;
+    let res: Result<CliResponse, ServerError> = serde_json::from_slice(&buf)?;
+    Ok(res)
+}

src-tauri/creddy_cli/src/lib.rs

@@ -0,0 +1,39 @@
+mod cli;
+pub use cli::{
+    exec,
+    get,
+    parser,
+    invoke_shortcut,
+};
+
+pub(crate) use platform::connect;
+pub use platform::server_addr;
+
+mod proto;
+
+
+#[cfg(unix)]
+mod platform {
+    use std::path::PathBuf;
+    use tokio::net::UnixStream;
+
+    pub async fn connect(addr: Option<PathBuf>) -> Result<UnixStream, std::io::Error> {
+        let path = addr.unwrap_or_else(|| server_addr("creddy-server"));
+        UnixStream::connect(&path).await
+    }
+
+    pub fn server_addr(sock_name: &str) -> PathBuf {
+        let mut path = dirs::runtime_dir()
+            .unwrap_or_else(|| PathBuf::from("/tmp"));
+        path.push(format!("{sock_name}.sock"));
+        path
+    }
+}
+
+
+#[cfg(windows)]
+mod platform {
+    pub fn server_addr(sock_name: &str) -> String {
+        format!(r"\\.\pipe\{sock_name}")
+    }
+}

src-tauri/creddy_cli/src/main.rs

@@ -0,0 +1,34 @@
+use std::env;
+use std::process::{self, Command};
+
+
+fn main() {
+    let global_matches = creddy_cli::parser().get_matches();
+    let res = match global_matches.subcommand() {
+        None | Some(("run", _)) => launch_gui(),
+        Some(("get", m)) => creddy_cli::get(m, &global_matches),
+        Some(("exec", m)) => creddy_cli::exec(m, &global_matches),
+        Some(("shortcut", m)) => creddy_cli::invoke_shortcut(m, &global_matches),
+        _ => unreachable!("Unknown subcommand"),
+    };
+
+    if let Err(e) = res {
+        eprintln!("Error: {e}");
+        process::exit(1);
+    }
+}
+
+
+fn launch_gui() -> anyhow::Result<()>  {
+    let mut path = env::current_exe()?;
+    path.pop(); // bin dir
+
+    // binaries are colocated in dev, but not in production
+    #[cfg(not(debug_assertions))]
+    path.pop(); // install dir
+
+    path.push("creddy.exe"); // exe in main install dir (aka gui exe)
+
+    Command::new(path).spawn()?;
+    Ok(())
+}

src-tauri/creddy_cli/src/proto.rs

@@ -0,0 +1,90 @@
+use std::fmt::{
+    Display,
+    Formatter,
+    Error as FmtError
+};
+
+use serde::{Serialize, Deserialize};
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub enum CliRequest {
+    GetCredential {
+        name: Option<String>,
+        base: bool,
+    },
+    InvokeShortcut(ShortcutAction),
+}
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub enum ShortcutAction {
+    ShowWindow,
+    LaunchTerminal,
+}
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub enum CliResponse {
+    Credential(CliCredential),
+    Empty,
+}
+
+impl Display for CliResponse {
+    fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> {
+        match self {
+            CliResponse::Credential(CliCredential::AwsBase(_)) => write!(f, "Credential (AwsBase)"),
+            CliResponse::Credential(CliCredential::AwsSession(_)) => write!(f, "Credential (AwsSession)"),
+            CliResponse::Empty => write!(f, "Empty"),
+        }
+    }
+}
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub enum CliCredential {
+    AwsBase(AwsBaseCredential),
+    AwsSession(AwsSessionCredential),
+}
+
+
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct AwsBaseCredential {
+    #[serde(default = "default_aws_version")]
+    pub version: usize,
+    pub access_key_id: String,
+    pub secret_access_key: String,
+}
+
+
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct AwsSessionCredential {
+    #[serde(default = "default_aws_version")]
+    pub version: usize,
+    pub access_key_id: String,
+    pub secret_access_key: String,
+    pub session_token: String,
+    // we don't need to know the expiration for the CLI, so just use a string here
+    pub expiration: String,
+}
+
+
+fn default_aws_version() -> usize { 1 }
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct ServerError {
+    code: String,
+    msg: String,
+}
+
+impl Display for ServerError {
+    fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> {
+        write!(f, "Error response ({}) from server: {}", self.code, self.msg)?;
+        Ok(())
+    }
+}
+
+impl std::error::Error for ServerError {}