show client username, check whether credential exists before requesting confirmation from frontend

2024-11-25 11:22:27 -05:00
parent 9bc9cb56c1
commit c6e22fc91b
8 changed files with 52 additions and 14 deletions
--- a/src-tauri/src/srv/creddy_server.rs
+++ b/src-tauri/src/srv/creddy_server.rs
@ -1,17 +1,17 @@
 use sqlx::types::uuid::Uuid;
 use tauri::{AppHandle, Manager};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
-use tokio::sync::oneshot;

 use crate::clientinfo::{self, Client};
 use crate::credentials::{
+    self,
    Credential,
    CredentialRecord,
    Crypto,
-    DockerCredential
+    DockerCredential,
 };
 use crate::errors::*;
-use crate::ipc::{Approval, AwsRequestNotification, RequestNotificationDetail, RequestResponse};
+use crate::ipc::{Approval, RequestNotificationDetail};
 use crate::shortcuts::{self, ShortcutAction};
 use crate::state::AppState;
 use super::{
@ -116,11 +116,22 @@ async fn get_docker_credential(
    app_handle: AppHandle,
    waiter: CloseWaiter<'_>,
 ) -> Result<CliResponse, HandlerError> {
+    let state = app_handle.state::<AppState>();
+    let credential_id = state.credential_id(&server_url).await.unwrap_or(None);
+    if  credential_id.is_none() {
+        return Err(
+            HandlerError::NoCredentials(
+                GetCredentialsError::Load(
+                    LoadCredentialsError::NoCredentials
+                )
+            )
+        );
+    }
+
    let detail = RequestNotificationDetail::new_docker(client, server_url.clone());
    let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
    match response.approval {
        Approval::Approved => {
-            let state = app_handle.state::<AppState>();
            let creds = state.get_docker_credential(&server_url).await?;
            Ok(CliResponse::Credential(CliCredential::Docker(creds)))
        },
@ -139,9 +150,12 @@ async fn store_docker_credential(

    // eventually ask the frontend to confirm here

-    // a bit weird but convenient
-    let random_bytes = Crypto::salt();
-    let id = Uuid::from_slice(&random_bytes[..16]).unwrap();
+    // for some reason Docker likes to call `store` immediately with whatever it gets
+    // back from every `get` operation, so we have to check for an existing credential
+    let id = state.credential_id(&docker_credential.server_url)
+        .await
+        .map_err(|e| GetCredentialsError::Load(e))?
+        .unwrap_or_else(|| credentials::random_uuid());

    let record = CredentialRecord {
        id,