finish exec subcommand

2023-05-06 12:00:31 -07:00 · 2023-05-06 12:00:31 -07:00 · 61cc570289
commit 61cc570289
parent ed4b8153bb
4 changed files with 18 additions and 4 deletions
--- a/src-tauri/src/ipc.rs
+++ b/src-tauri/src/ipc.rs
@ -12,6 +12,7 @@ use crate::state::AppState;
 pub struct Request {
    pub id: u64,
    pub clients: Vec<Option<Client>>,
+    pub base: bool,
 }


--- a/src-tauri/src/server.rs
+++ b/src-tauri/src/server.rs
@ -58,8 +58,8 @@ impl Handler {
            self.stream.write(b"HTTP/1.0 403 Access Denied\r\n\r\n").await?;
            return Ok(())
        }
-        // at present only the running exe should be permitted to access this route
-        if req_path == b"/creddy/base-credentials" {
+        let base = req_path == b"/creddy/base-credentials";
+        if base {
            if clients.len() != 1 
                || clients[0].is_none()
                || clients[0].as_ref().unwrap().exe != std::env::current_exe()?
@ -69,14 +69,14 @@ impl Handler {
            }
        }

-        let req = Request {id: self.request_id, clients};
+        let req = Request {id: self.request_id, clients, base};
        self.app.emit_all("credentials-request", &req)?;
        let starting_visibility = self.show_window()?;

        match self.wait_for_response().await? {
            Approval::Approved => {
                let state = self.app.state::<AppState>();
-                let creds = if req_path == b"/creddy/base-credentials" {
+                let creds = if base {
                    state.serialize_base_creds().await?
                }
                else {
--- a/src/App.svelte
+++ b/src/App.svelte
@ -15,6 +15,7 @@ invoke('get_config').then(config => $appState.config = config);
 listen('credentials-request', (tauriEvent) => {
    $appState.pendingRequests.put(tauriEvent.payload);
 });
+window.state = $appState;

 acceptRequest();
 </script>
--- a/src/views/Approve.svelte
+++ b/src/views/Approve.svelte
@ -80,6 +80,18 @@
            </ErrorAlert>
        {/if}

+        {#if $appState.currentRequest.base}
+            <div class="alert alert-warning shadow-lg">
+                <div>
+                    <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
+                    <span>
+                        WARNING: This application is requesting your base (long-lived) AWS credentials. 
+                        These crednetials are less secure than session credentials, since they don't expire automatically.
+                    </span>
+                </div>
+            </div>
+        {/if}
+
        <div class="space-y-1 mb-4">
            <h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>