working implementation of docker get
This commit is contained in:
parent
e4a7c62828
commit
c7a7b45468
@ -1,4 +1,4 @@
|
||||
use std::io;
|
||||
use std::io::{self, Read};
|
||||
|
||||
use anyhow::bail;
|
||||
|
||||
@ -12,7 +12,6 @@ use super::{
|
||||
|
||||
pub fn docker_store(global_args: GlobalArgs) -> anyhow::Result<()> {
|
||||
let input: DockerCredential = serde_json::from_reader(io::stdin())?;
|
||||
dbg!(&input);
|
||||
|
||||
let req = CliRequest::SaveCredential {
|
||||
name: input.username.clone(),
|
||||
@ -25,3 +24,20 @@ pub fn docker_store(global_args: GlobalArgs) -> anyhow::Result<()> {
|
||||
r => bail!("Unexpected response from server: {r}"),
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
pub fn docker_get(global_args: GlobalArgs) -> anyhow::Result<()> {
|
||||
let mut server_url = String::new();
|
||||
io::stdin().read_to_string(&mut server_url)?;
|
||||
let req = CliRequest::GetDockerCredential {
|
||||
server_url: server_url.trim().to_owned()
|
||||
};
|
||||
|
||||
match super::make_request(global_args.server_addr, &req)?? {
|
||||
CliResponse::Credential(CliCredential::Docker(d)) => {
|
||||
println!("{}", serde_json::to_string(&d)?);
|
||||
},
|
||||
r => bail!("Unexpected response from server: {r}"),
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@ -118,7 +118,7 @@ pub enum DockerCmd {
|
||||
|
||||
|
||||
pub fn get(args: GetArgs, global: GlobalArgs) -> anyhow::Result<()> {
|
||||
let req = CliRequest::GetCredential {
|
||||
let req = CliRequest::GetAwsCredential {
|
||||
name: args.name,
|
||||
base: args.base,
|
||||
};
|
||||
@ -145,7 +145,7 @@ pub fn exec(args: ExecArgs, global: GlobalArgs) -> anyhow::Result<()> {
|
||||
let mut cmd = ChildCommand::new(cmd_name);
|
||||
cmd.args(cmd_line);
|
||||
|
||||
let req = CliRequest::GetCredential {
|
||||
let req = CliRequest::GetAwsCredential {
|
||||
name: args.get_args.name,
|
||||
base: args.get_args.base,
|
||||
};
|
||||
@ -203,7 +203,7 @@ pub fn invoke_shortcut(args: InvokeArgs, global: GlobalArgs) -> anyhow::Result<(
|
||||
|
||||
pub fn docker_credential_helper(cmd: DockerCmd, global_args: GlobalArgs) -> anyhow::Result<()> {
|
||||
match cmd {
|
||||
DockerCmd::Get => todo!(),
|
||||
DockerCmd::Get => docker::docker_get(global_args),
|
||||
DockerCmd::Store => docker::docker_store(global_args),
|
||||
DockerCmd::Erase => todo!(),
|
||||
}
|
||||
|
||||
@ -10,10 +10,13 @@ use serde::{Serialize, Deserialize};
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub enum CliRequest {
|
||||
GetCredential {
|
||||
GetAwsCredential {
|
||||
name: Option<String>,
|
||||
base: bool,
|
||||
},
|
||||
GetDockerCredential {
|
||||
server_url: String,
|
||||
},
|
||||
SaveCredential {
|
||||
name: String,
|
||||
is_default: bool,
|
||||
|
||||
@ -31,7 +31,6 @@ pub struct DockerCredential {
|
||||
pub secret: String,
|
||||
}
|
||||
|
||||
|
||||
impl PersistentCredential for DockerCredential {
|
||||
type Row = DockerRow;
|
||||
|
||||
|
||||
@ -83,6 +83,23 @@ pub trait PersistentCredential: for<'a> Deserialize<'a> + Sized {
|
||||
Self::from_row(row, crypto)
|
||||
}
|
||||
|
||||
async fn load_by<T>(column: &str, value: T, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError>
|
||||
where T: Send + for<'q> sqlx::Encode<'q, Sqlite> + sqlx::Type<Sqlite>
|
||||
{
|
||||
let query = format!(
|
||||
"SELECT * FROM {} where {} = ?",
|
||||
Self::table_name(),
|
||||
column,
|
||||
);
|
||||
let row: Self::Row = sqlx::query_as(&query)
|
||||
.bind(value)
|
||||
.fetch_optional(pool)
|
||||
.await?
|
||||
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||
|
||||
Self::from_row(row, crypto)
|
||||
}
|
||||
|
||||
async fn load_default(crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||
let q = format!(
|
||||
"SELECT details.*
|
||||
|
||||
@ -173,7 +173,7 @@ pub enum HandlerError {
|
||||
StreamIOError(#[from] std::io::Error),
|
||||
#[error("Received invalid UTF-8 in request")]
|
||||
InvalidUtf8(#[from] FromUtf8Error),
|
||||
#[error("HTTP request malformed")]
|
||||
#[error("Request malformed: {0}")]
|
||||
BadRequest(#[from] serde_json::Error),
|
||||
#[error("HTTP request too large")]
|
||||
RequestTooLarge,
|
||||
@ -183,6 +183,8 @@ pub enum HandlerError {
|
||||
Internal(#[from] RecvError),
|
||||
#[error("Error accessing credentials: {0}")]
|
||||
NoCredentials(#[from] GetCredentialsError),
|
||||
#[error("Error saving credentials: {0}")]
|
||||
SaveCredentials(#[from] SaveCredentialsError),
|
||||
#[error("Error getting client details: {0}")]
|
||||
ClientInfo(#[from] ClientInfoError),
|
||||
#[error("Error from Tauri: {0}")]
|
||||
|
||||
@ -16,7 +16,6 @@ use crate::terminal;
|
||||
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
pub struct AwsRequestNotification {
|
||||
pub id: u64,
|
||||
pub client: Client,
|
||||
pub name: Option<String>,
|
||||
pub base: bool,
|
||||
@ -25,27 +24,46 @@ pub struct AwsRequestNotification {
|
||||
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
pub struct SshRequestNotification {
|
||||
pub id: u64,
|
||||
pub client: Client,
|
||||
pub key_name: String,
|
||||
}
|
||||
|
||||
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
pub struct DockerRequestNotification {
|
||||
pub client: Client,
|
||||
pub server_url: String,
|
||||
}
|
||||
|
||||
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
#[serde(tag = "type")]
|
||||
pub enum RequestNotification {
|
||||
pub enum RequestNotificationDetail {
|
||||
Aws(AwsRequestNotification),
|
||||
Ssh(SshRequestNotification),
|
||||
Docker(DockerRequestNotification),
|
||||
}
|
||||
|
||||
impl RequestNotification {
|
||||
pub fn new_aws(id: u64, client: Client, name: Option<String>, base: bool) -> Self {
|
||||
Self::Aws(AwsRequestNotification {id, client, name, base})
|
||||
impl RequestNotificationDetail {
|
||||
pub fn new_aws(client: Client, name: Option<String>, base: bool) -> Self {
|
||||
Self::Aws(AwsRequestNotification {client, name, base})
|
||||
}
|
||||
|
||||
pub fn new_ssh(id: u64, client: Client, key_name: String) -> Self {
|
||||
Self::Ssh(SshRequestNotification {id, client, key_name})
|
||||
pub fn new_ssh(client: Client, key_name: String) -> Self {
|
||||
Self::Ssh(SshRequestNotification {client, key_name})
|
||||
}
|
||||
|
||||
pub fn new_docker(client: Client, server_url: String) -> Self {
|
||||
Self::Docker(DockerRequestNotification {client, server_url})
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
pub struct RequestNotification {
|
||||
pub id: u64,
|
||||
#[serde(flatten)]
|
||||
pub detail: RequestNotificationDetail,
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@ use tokio_util::codec::Framed;
|
||||
|
||||
use crate::clientinfo;
|
||||
use crate::errors::*;
|
||||
use crate::ipc::{Approval, RequestNotification};
|
||||
use crate::ipc::{Approval, RequestNotification, RequestNotificationDetail};
|
||||
use crate::state::AppState;
|
||||
|
||||
use super::{CloseWaiter, Stream};
|
||||
@ -69,47 +69,21 @@ async fn sign_request(
|
||||
req: SignRequest,
|
||||
app_handle: AppHandle,
|
||||
client_pid: u32,
|
||||
mut waiter: CloseWaiter<'_>,
|
||||
waiter: CloseWaiter<'_>,
|
||||
) -> Result<Message, HandlerError> {
|
||||
let state = app_handle.state::<AppState>();
|
||||
let rehide_ms = {
|
||||
let config = state.config.read().await;
|
||||
config.rehide_ms
|
||||
};
|
||||
|
||||
let client = clientinfo::get_client(client_pid, false)?;
|
||||
let lease = state.acquire_visibility_lease(rehide_ms).await
|
||||
.map_err(|_e| HandlerError::NoMainWindow)?;
|
||||
|
||||
let (chan_send, chan_recv) = oneshot::channel();
|
||||
let request_id = state.register_request(chan_send).await;
|
||||
|
||||
let proceed = async {
|
||||
let key_name = state.ssh_name_from_pubkey(&req.pubkey_blob).await?;
|
||||
let notification = RequestNotification::new_ssh(request_id, client, key_name.clone());
|
||||
app_handle.emit("credential-request", ¬ification)?;
|
||||
|
||||
let response = tokio::select! {
|
||||
r = chan_recv => r?,
|
||||
_ = waiter.wait_for_close() => {
|
||||
app_handle.emit("request-cancelled", request_id)?;
|
||||
return Err(HandlerError::Abandoned);
|
||||
},
|
||||
};
|
||||
|
||||
if let Approval::Denied = response.approval {
|
||||
return Ok(Message::Failure);
|
||||
}
|
||||
let detail = RequestNotificationDetail::new_ssh(client, key_name.clone());
|
||||
|
||||
let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
|
||||
match response.approval {
|
||||
Approval::Approved => {
|
||||
let key = state.sshkey_by_name(&key_name).await?;
|
||||
let sig = key.sign_request(&req)?;
|
||||
Ok(Message::SignResponse(sig))
|
||||
};
|
||||
|
||||
let res = proceed.await;
|
||||
if let Err(_) = &res {
|
||||
state.unregister_request(request_id).await;
|
||||
},
|
||||
Approval::Denied => Err(HandlerError::Abandoned),
|
||||
}
|
||||
|
||||
lease.release();
|
||||
res
|
||||
}
|
||||
|
||||
@ -1,10 +1,16 @@
|
||||
use sqlx::types::uuid::Uuid;
|
||||
use tauri::{AppHandle, Manager};
|
||||
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
||||
use tokio::sync::oneshot;
|
||||
|
||||
use crate::clientinfo::{self, Client};
|
||||
use crate::credentials::{
|
||||
Credential,
|
||||
CredentialRecord,
|
||||
Crypto
|
||||
};
|
||||
use crate::errors::*;
|
||||
use crate::ipc::{Approval, RequestNotification};
|
||||
use crate::ipc::{Approval, AwsRequestNotification, RequestNotificationDetail, RequestResponse};
|
||||
use crate::shortcuts::{self, ShortcutAction};
|
||||
use crate::state::AppState;
|
||||
use super::{
|
||||
@ -46,9 +52,15 @@ async fn handle(
|
||||
|
||||
let req: CliRequest = serde_json::from_slice(&buf)?;
|
||||
let res = match req {
|
||||
CliRequest::GetCredential{ name, base } => get_aws_credentials(
|
||||
CliRequest::GetAwsCredential{ name, base } => get_aws_credentials(
|
||||
name, base, client, app_handle, waiter
|
||||
).await,
|
||||
CliRequest::GetDockerCredential{ server_url } => get_docker_credentials (
|
||||
server_url, client, app_handle, waiter
|
||||
).await,
|
||||
CliRequest::SaveCredential{ name, is_default, credential } => save_credential(
|
||||
name, is_default, credential, app_handle
|
||||
).await,
|
||||
CliRequest::InvokeShortcut(action) => invoke_shortcut(action).await,
|
||||
};
|
||||
|
||||
@ -74,38 +86,13 @@ async fn get_aws_credentials(
|
||||
base: bool,
|
||||
client: Client,
|
||||
app_handle: AppHandle,
|
||||
mut waiter: CloseWaiter<'_>,
|
||||
waiter: CloseWaiter<'_>,
|
||||
) -> Result<CliResponse, HandlerError> {
|
||||
let state = app_handle.state::<AppState>();
|
||||
let rehide_ms = {
|
||||
let config = state.config.read().await;
|
||||
config.rehide_ms
|
||||
};
|
||||
let lease = state.acquire_visibility_lease(rehide_ms).await
|
||||
.map_err(|_e| HandlerError::NoMainWindow)?; // automate this conversion eventually?
|
||||
|
||||
let (chan_send, chan_recv) = oneshot::channel();
|
||||
let request_id = state.register_request(chan_send).await;
|
||||
|
||||
// if an error occurs in any of the following, we want to abort the operation
|
||||
// but ? returns immediately, and we want to unregister the request before returning
|
||||
// so we bundle it all up in an async block and return a Result so we can handle errors
|
||||
let proceed = async {
|
||||
let notification = RequestNotification::new_aws(
|
||||
request_id, client, name.clone(), base
|
||||
);
|
||||
app_handle.emit("credential-request", ¬ification)?;
|
||||
|
||||
let response = tokio::select! {
|
||||
r = chan_recv => r?,
|
||||
_ = waiter.wait_for_close() => {
|
||||
app_handle.emit("request-cancelled", request_id)?;
|
||||
return Err(HandlerError::Abandoned);
|
||||
},
|
||||
};
|
||||
|
||||
let detail = RequestNotificationDetail::new_aws(client, name.clone(), base);
|
||||
let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
|
||||
match response.approval {
|
||||
Approval::Approved => {
|
||||
let state = app_handle.state::<AppState>();
|
||||
if response.base {
|
||||
let creds = state.get_aws_base(name).await?;
|
||||
Ok(CliResponse::Credential(CliCredential::AwsBase(creds)))
|
||||
@ -117,16 +104,46 @@ async fn get_aws_credentials(
|
||||
},
|
||||
Approval::Denied => Err(HandlerError::Denied),
|
||||
}
|
||||
};
|
||||
|
||||
let result = match proceed.await {
|
||||
Ok(r) => Ok(r),
|
||||
Err(e) => {
|
||||
state.unregister_request(request_id).await;
|
||||
Err(e)
|
||||
},
|
||||
};
|
||||
|
||||
lease.release();
|
||||
result
|
||||
}
|
||||
|
||||
async fn get_docker_credentials(
|
||||
server_url: String,
|
||||
client: Client,
|
||||
app_handle: AppHandle,
|
||||
waiter: CloseWaiter<'_>,
|
||||
) -> Result<CliResponse, HandlerError> {
|
||||
let detail = RequestNotificationDetail::new_docker(client, server_url.clone());
|
||||
let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
|
||||
match response.approval {
|
||||
Approval::Approved => {
|
||||
let state = app_handle.state::<AppState>();
|
||||
let creds = state.get_docker_credential(&server_url).await?;
|
||||
Ok(CliResponse::Credential(CliCredential::Docker(creds)))
|
||||
},
|
||||
Approval::Denied => {
|
||||
Err(HandlerError::Denied)
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn save_credential(
|
||||
name: String,
|
||||
is_default: bool,
|
||||
credential: Credential,
|
||||
app_handle: AppHandle,
|
||||
) -> Result<CliResponse, HandlerError> {
|
||||
let state = app_handle.state::<AppState>();
|
||||
|
||||
// eventually ask the frontend to unlock here
|
||||
|
||||
// a bit weird but convenient
|
||||
let random_bytes = Crypto::salt();
|
||||
let id = Uuid::from_slice(&random_bytes[..16]).unwrap();
|
||||
|
||||
let record = CredentialRecord {
|
||||
id, name, is_default, credential
|
||||
};
|
||||
state.save_credential(record).await?;
|
||||
|
||||
Ok(CliResponse::Empty)
|
||||
}
|
||||
|
||||
@ -3,13 +3,23 @@ use std::future::Future;
|
||||
use tauri::{
|
||||
AppHandle,
|
||||
async_runtime as rt,
|
||||
Manager,
|
||||
};
|
||||
use tokio::io::AsyncReadExt;
|
||||
use tokio::sync::oneshot;
|
||||
use serde::{Serialize, Deserialize};
|
||||
|
||||
use crate::credentials::{AwsBaseCredential, AwsSessionCredential};
|
||||
use crate::clientinfo::Client;
|
||||
use crate::credentials::{
|
||||
AwsBaseCredential,
|
||||
AwsSessionCredential,
|
||||
Credential,
|
||||
DockerCredential,
|
||||
};
|
||||
use crate::errors::*;
|
||||
use crate::ipc::{RequestNotification, RequestNotificationDetail, RequestResponse};
|
||||
use crate::shortcuts::ShortcutAction;
|
||||
use crate::state::AppState;
|
||||
|
||||
pub mod creddy_server;
|
||||
pub mod agent;
|
||||
@ -21,10 +31,18 @@ use platform::Stream;
|
||||
// that would make it impossible to build a completely static-linked version
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
pub enum CliRequest {
|
||||
GetCredential {
|
||||
GetAwsCredential {
|
||||
name: Option<String>,
|
||||
base: bool,
|
||||
},
|
||||
GetDockerCredential {
|
||||
server_url: String,
|
||||
},
|
||||
SaveCredential {
|
||||
name: String,
|
||||
is_default: bool,
|
||||
credential: Credential,
|
||||
},
|
||||
InvokeShortcut(ShortcutAction),
|
||||
}
|
||||
|
||||
@ -40,6 +58,7 @@ pub enum CliResponse {
|
||||
pub enum CliCredential {
|
||||
AwsBase(AwsBaseCredential),
|
||||
AwsSession(AwsSessionCredential),
|
||||
Docker(DockerCredential),
|
||||
}
|
||||
|
||||
|
||||
@ -87,6 +106,48 @@ fn serve<H, F>(sock_name: &str, app_handle: AppHandle, handler: H) -> std::io::R
|
||||
}
|
||||
|
||||
|
||||
async fn send_credentials_request(
|
||||
detail: RequestNotificationDetail,
|
||||
app_handle: AppHandle,
|
||||
mut waiter: CloseWaiter<'_>
|
||||
) -> Result<RequestResponse, HandlerError> {
|
||||
let state = app_handle.state::<AppState>();
|
||||
let rehide_ms = {
|
||||
let config = state.config.read().await;
|
||||
config.rehide_ms
|
||||
};
|
||||
|
||||
let lease = state.acquire_visibility_lease(rehide_ms).await
|
||||
.map_err(|_e| HandlerError::NoMainWindow)?;
|
||||
|
||||
let (chan_send, chan_recv) = oneshot::channel();
|
||||
let request_id = state.register_request(chan_send).await;
|
||||
let notification = RequestNotification { id: request_id, detail };
|
||||
|
||||
// the following could fail in various ways, but we want to make sure
|
||||
// the request gets unregistered on any failure, so we wrap this all
|
||||
// up in an async block so that we only have to handle the error case once
|
||||
let proceed = async {
|
||||
app_handle.emit("credential-request", ¬ification)?;
|
||||
tokio::select! {
|
||||
r = chan_recv => Ok(r?),
|
||||
_ = waiter.wait_for_close() => {
|
||||
app_handle.emit("request-cancelled", request_id)?;
|
||||
Err(HandlerError::Abandoned)
|
||||
},
|
||||
}
|
||||
};
|
||||
|
||||
let res = proceed.await;
|
||||
if let Err(_) = &res {
|
||||
state.unregister_request(request_id).await;
|
||||
}
|
||||
|
||||
lease.release();
|
||||
res
|
||||
}
|
||||
|
||||
|
||||
#[cfg(unix)]
|
||||
mod platform {
|
||||
use std::io::ErrorKind;
|
||||
|
||||
@ -19,6 +19,7 @@ use crate::app;
|
||||
use crate::credentials::{
|
||||
AppSession,
|
||||
AwsSessionCredential,
|
||||
DockerCredential,
|
||||
SshKey,
|
||||
};
|
||||
use crate::{config, config::AppConfig};
|
||||
@ -322,6 +323,13 @@ impl AppState {
|
||||
Ok(k)
|
||||
}
|
||||
|
||||
pub async fn get_docker_credential(&self, server_url: &str) -> Result<DockerCredential, GetCredentialsError> {
|
||||
let app_session = self.app_session.read().await;
|
||||
let crypto = app_session.try_get_crypto()?;
|
||||
let d = DockerCredential::load_by("server_url", server_url.to_owned(), crypto, &self.pool).await?;
|
||||
Ok(d)
|
||||
}
|
||||
|
||||
pub async fn signal_activity(&self) {
|
||||
let mut last_activity = self.last_activity.write().await;
|
||||
*last_activity = OffsetDateTime::now_utc();
|
||||
|
||||
@ -51,6 +51,8 @@
|
||||
{/if}
|
||||
{:else if $appState.currentRequest.type === 'Ssh'}
|
||||
{appName ? `"${appName}"` : 'An application'} would like to use your SSH key "{$appState.currentRequest.key_name}".
|
||||
{:else if $appState.currentRequest.type === 'Docker'}
|
||||
{appName ? `"${appName}"` : 'An application'} would like to use your Docker credentials for <code>{$appState.currentRequest.server_url}</code>.
|
||||
{/if}
|
||||
</h2>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user