finish extremely basic implementation of docker credentials

2024-11-25 07:57:59 -05:00 · 2024-11-25 07:57:59 -05:00 · 9bc9cb56c1
commit 9bc9cb56c1
parent 8bcdc5420a
6 changed files with 64 additions and 26 deletions
--- a/src-tauri/creddy_cli/src/cli/docker.rs
+++ b/src-tauri/creddy_cli/src/cli/docker.rs
@ -13,11 +13,7 @@ use super::{
 pub fn docker_store(global_args: GlobalArgs) -> anyhow::Result<()> {
    let input: DockerCredential = serde_json::from_reader(io::stdin())?;

-    let req = CliRequest::SaveCredential {
-        name: input.username.clone(),
-        is_default: false, // is_default doesn't really mean anything for Docker credentials
-        credential: CliCredential::Docker(input),
-    };
+    let req = CliRequest::StoreDockerCredential(input);

    match super::make_request(global_args.server_addr, &req)?? {
        CliResponse::Empty => Ok(()),
@ -41,3 +37,17 @@ pub fn docker_get(global_args: GlobalArgs) -> anyhow::Result<()> {
    }
    Ok(())
 }
+
+
+pub fn docker_erase(global_args: GlobalArgs) -> anyhow::Result<()> {
+    let mut server_url = String::new();
+    io::stdin().read_to_string(&mut server_url)?;
+    let req = CliRequest::EraseDockerCredential {
+        server_url: server_url.trim().to_owned()
+    };
+
+    match super::make_request(global_args.server_addr, &req)?? {
+        CliResponse::Empty => Ok(()),
+        r => bail!("Unexpected response from server: {r}"),
+    }
+}
--- a/src-tauri/creddy_cli/src/cli/mod.rs
+++ b/src-tauri/creddy_cli/src/cli/mod.rs
@ -193,7 +193,7 @@ pub fn exec(args: ExecArgs, global: GlobalArgs) -> anyhow::Result<()> {


 pub fn invoke_shortcut(args: InvokeArgs, global: GlobalArgs) -> anyhow::Result<()> {
-    let req = CliRequest::InvokeShortcut(args.shortcut_action);
+    let req = CliRequest::InvokeShortcut{action: args.shortcut_action};
    match make_request(global.server_addr, &req)?? {
        CliResponse::Empty => Ok(()),
        r => bail!("Unexpected response from server: {r}"),
@ -205,7 +205,7 @@ pub fn docker_credential_helper(cmd: DockerCmd, global_args: GlobalArgs) -> anyh
    match cmd {
        DockerCmd::Get => docker::docker_get(global_args),
        DockerCmd::Store => docker::docker_store(global_args),
-        DockerCmd::Erase => todo!(),
+        DockerCmd::Erase => docker::docker_erase(global_args),
    }
 }

--- a/src-tauri/migrations/20240919135710_docker_creds.sql
+++ b/src-tauri/migrations/20240919135710_docker_creds.sql
@ -7,5 +7,6 @@ CREATE TABLE docker_credentials (
    server_url TEXT UNIQUE NOT NULL,
    username TEXT NOT NULL,
    secret_enc BLOB NOT NULL,
-    nonce BLOB NOT NULL
+    nonce BLOB NOT NULL,
+    FOREIGN KEY(id) REFERENCES credentials(id) ON DELETE CASCADE
 );
--- a/src-tauri/src/srv/creddy_server.rs
+++ b/src-tauri/src/srv/creddy_server.rs
@ -7,7 +7,8 @@ use crate::clientinfo::{self, Client};
 use crate::credentials::{
    Credential,
    CredentialRecord,
-    Crypto
+    Crypto,
+    DockerCredential
 };
 use crate::errors::*;
 use crate::ipc::{Approval, AwsRequestNotification, RequestNotificationDetail, RequestResponse};
@ -55,13 +56,16 @@ async fn handle(
        CliRequest::GetAwsCredential{ name, base } => get_aws_credentials(
            name, base, client, app_handle, waiter
        ).await,
-        CliRequest::GetDockerCredential{ server_url } => get_docker_credentials (
+        CliRequest::GetDockerCredential{ server_url } => get_docker_credential (
            server_url, client, app_handle, waiter
        ).await,
-        CliRequest::SaveCredential{ name, is_default, credential } => save_credential(
-            name, is_default, credential, app_handle
+        CliRequest::StoreDockerCredential(docker_credential) => store_docker_credential(
+             docker_credential, app_handle, waiter
        ).await,
-        CliRequest::InvokeShortcut(action) => invoke_shortcut(action).await,
+        CliRequest::EraseDockerCredential { server_url } => erase_docker_credential(
+            server_url, app_handle, waiter
+        ).await,
+        CliRequest::InvokeShortcut{ action } => invoke_shortcut(action).await,
    };

    // doesn't make sense to send the error to the client if the client has already left
@ -106,7 +110,7 @@ async fn get_aws_credentials(
    }
 }

-async fn get_docker_credentials(
+async fn get_docker_credential(
    server_url: String,
    client: Client,
    app_handle: AppHandle,
@ -126,24 +130,39 @@ async fn get_docker_credentials(
    }
 }

-pub async fn save_credential(
-    name: String,
-    is_default: bool,
-    credential: Credential,
+async fn store_docker_credential(
+    docker_credential: DockerCredential,
    app_handle: AppHandle,
+    _waiter: CloseWaiter<'_>,
 ) -> Result<CliResponse, HandlerError> {
    let state = app_handle.state::<AppState>();

-    // eventually ask the frontend to unlock here
+    // eventually ask the frontend to confirm here

    // a bit weird but convenient
    let random_bytes = Crypto::salt();
    let id = Uuid::from_slice(&random_bytes[..16]).unwrap();

    let record = CredentialRecord {
-        id, name, is_default, credential
+        id,
+        name: docker_credential.server_url.clone(),
+        is_default: false,
+        credential: Credential::Docker(docker_credential)
    };
    state.save_credential(record).await?;

    Ok(CliResponse::Empty)
 }
+
+async fn erase_docker_credential(
+    server_url: String,
+    app_handle: AppHandle,
+    _waiter: CloseWaiter<'_>
+) -> Result<CliResponse, HandlerError> {
+    let state = app_handle.state::<AppState>();
+
+    // eventually ask the frontend to confirm here
+
+    state.delete_credential_by_name(&server_url).await?;
+    Ok(CliResponse::Empty)
+}
--- a/src-tauri/src/srv/mod.rs
+++ b/src-tauri/src/srv/mod.rs
@ -13,7 +13,6 @@ use crate::clientinfo::Client;
 use crate::credentials::{
    AwsBaseCredential,
    AwsSessionCredential,
-    Credential,
    DockerCredential,
 };
 use crate::errors::*;
@ -30,6 +29,7 @@ use platform::Stream;
 // so that we avoid polluting the standalone CLI with a bunch of dependencies
 // that would make it impossible to build a completely static-linked version
 #[derive(Debug, Serialize, Deserialize)]
+#[serde(tag = "type")]
 pub enum CliRequest {
    GetAwsCredential {
        name: Option<String>,
@ -38,12 +38,13 @@ pub enum CliRequest {
    GetDockerCredential {
        server_url: String,
    },
-    SaveCredential {
-        name: String,
-        is_default: bool,
-        credential: Credential,
+    StoreDockerCredential(DockerCredential),
+    EraseDockerCredential {
+        server_url: String,
+    },
+    InvokeShortcut{
+        action: ShortcutAction,
    },
-    InvokeShortcut(ShortcutAction),
 }


--- a/src-tauri/src/state.rs
+++ b/src-tauri/src/state.rs
@ -161,6 +161,13 @@ impl AppState {
        Ok(())
    }

+    pub async fn delete_credential_by_name(&self, name: &str) -> Result<(), SaveCredentialsError> {
+        sqlx::query!("DELETE FROM credentials WHERE name = ?", name)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
    pub async fn list_credentials(&self) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
        let session = self.app_session.read().await;
        let crypto = session.try_get_crypto()?;