jfmonty2/creddy
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 15 Wiki Activity

Compare commits

base: jfmonty2:0491cb5790614812c2d307071156dfc6ce4100e2
Branches Tags
jfmonty2:master
jfmonty2:docker-helper
jfmonty2:persistent-session
jfmonty2:ssh-agent
jfmonty2:generalized-credentials
jfmonty2:pipe
jfmonty2:terminal
jfmonty2:wincon
jfmonty2:wip
jfmonty2:dev2
jfmonty2:dev
jfmonty2:v0.6.5
jfmonty2:v0.6.3
jfmonty2:v0.6.2
jfmonty2:v0.6.0
jfmonty2:v0.5.4
jfmonty2:v0.5.3
jfmonty2:v0.5.1
jfmonty2:v0.5.0
jfmonty2:v0.4.7
jfmonty2:v0.4.6
jfmonty2:v0.4.5
jfmonty2:v0.4.4
jfmonty2:v0.4.2
jfmonty2:v0.4.1
jfmonty2:v0.4.0
jfmonty2:v0.3.3
jfmonty2:v0.3.1
jfmonty2:v0.3.0
jfmonty2:v0.2.3
jfmonty2:v0.2.1
jfmonty2:show
jfmonty2:v0.2.0
...
compare: jfmonty2:f311fde74ece70394bf4e2261e8682f4f7381307
Branches Tags
jfmonty2:master
jfmonty2:docker-helper
jfmonty2:persistent-session
jfmonty2:ssh-agent
jfmonty2:generalized-credentials
jfmonty2:pipe
jfmonty2:terminal
jfmonty2:wincon
jfmonty2:wip
jfmonty2:dev2
jfmonty2:dev
jfmonty2:v0.6.5
jfmonty2:v0.6.3
jfmonty2:v0.6.2
jfmonty2:v0.6.0
jfmonty2:v0.5.4
jfmonty2:v0.5.3
jfmonty2:v0.5.1
jfmonty2:v0.5.0
jfmonty2:v0.4.7
jfmonty2:v0.4.6
jfmonty2:v0.4.5
jfmonty2:v0.4.4
jfmonty2:v0.4.2
jfmonty2:v0.4.1
jfmonty2:v0.4.0
jfmonty2:v0.3.3
jfmonty2:v0.3.1
jfmonty2:v0.3.0
jfmonty2:v0.2.3
jfmonty2:v0.2.1
jfmonty2:show
jfmonty2:v0.2.0

10 Commits
0491cb5790 ... f311fde74e

Author SHA1 Message Date
Joseph Montanaro
f311fde74e fix permissions errors and terminal launching 2024-06-29 20:42:51 -04:00
Joseph Montanaro
acc5c71bfa rework error alerts 2024-06-28 20:35:18 -04:00
Joseph Montanaro
504c0b4156 add passphrase reset 2024-06-28 11:19:52 -04:00
Joseph Montanaro
bf0a2ca72d finish manage-credentials page and rework home screen 2024-06-28 06:25:55 -04:00
Joseph Montanaro
bb980c5eef continue working on default credentials 2024-06-26 22:24:44 -04:00
Joseph Montanaro
ce7d75f15a almost finish refactoring PersistentCredential trait 2024-06-26 15:01:07 -04:00
Joseph Montanaro
37b44ddb2e start refactoring for default credentials 2024-06-26 11:10:50 -04:00
Joseph Montanaro
8c668e51a6 still in progress 2024-06-25 15:19:29 -04:00
Joseph Montanaro
9928996fab get backend running 2024-06-19 05:10:55 -04:00
Joseph Montanaro
d0a2532c27 start working on generalizing credential logic 2024-06-16 07:08:10 -04:00
65 changed files with 5055 additions and 1719 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -5,7 +5,3 @@ src-tauri/target/
# .env is system-specific
.env
.vscode
# just in case
credentials*
!credentials.rs

2
index.html
View File

@ -1,5 +1,5 @@
<!DOCTYPE html>
<html lang="en" data-theme="dark">
<html lang="en" data-theme="creddy">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />

222
package-lock.json generated
View File

@ -1,17 +1,17 @@
{
"name": "creddy",
"version": "0.4.7",
"version": "0.4.9",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "creddy",
"version": "0.4.7",
"version": "0.4.9",
"dependencies": {
"@tauri-apps/api": "^2.0.0-beta.13",
"@tauri-apps/plugin-dialog": "^2.0.0-beta.5",
"@tauri-apps/plugin-os": "^2.0.0-beta.5",
"daisyui": "^2.51.5"
"daisyui": "^4.12.8"
},
"devDependencies": {
"@sveltejs/vite-plugin-svelte": "^1.0.1",
@ -27,6 +27,7 @@
"version": "5.2.0",
"resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz",
"integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==",
"dev": true,
"engines": {
"node": ">=10"
},
@ -70,6 +71,7 @@
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
"integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
"dev": true,
"dependencies": {
"string-width": "^5.1.2",
"string-width-cjs": "npm:string-width@^4.2.0",
@ -86,6 +88,7 @@
"version": "0.3.5",
"resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz",
"integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==",
"dev": true,
"dependencies": {
"@jridgewell/set-array": "^1.2.1",
"@jridgewell/sourcemap-codec": "^1.4.10",
@ -99,6 +102,7 @@
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
"integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
"dev": true,
"engines": {
"node": ">=6.0.0"
}
@ -107,6 +111,7 @@
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz",
"integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==",
"dev": true,
"engines": {
"node": ">=6.0.0"
}
@ -114,12 +119,14 @@
"node_modules/@jridgewell/sourcemap-codec": {
"version": "1.4.15",
"resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz",
"integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg=="
"integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==",
"dev": true
},
"node_modules/@jridgewell/trace-mapping": {
"version": "0.3.25",
"resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
"integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
"dev": true,
"dependencies": {
"@jridgewell/resolve-uri": "^3.1.0",
"@jridgewell/sourcemap-codec": "^1.4.14"
@ -129,6 +136,7 @@
"version": "2.1.5",
"resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
"integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
"dev": true,
"dependencies": {
"@nodelib/fs.stat": "2.0.5",
"run-parallel": "^1.1.9"
@ -141,6 +149,7 @@
"version": "2.0.5",
"resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
"integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
"dev": true,
"engines": {
"node": ">= 8"
}
@ -149,6 +158,7 @@
"version": "1.2.8",
"resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
"integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
"dev": true,
"dependencies": {
"@nodelib/fs.scandir": "2.1.5",
"fastq": "^1.6.0"
@ -161,6 +171,7 @@
"version": "0.11.0",
"resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
"integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
"dev": true,
"optional": true,
"engines": {
"node": ">=14"
@ -409,6 +420,7 @@
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
"integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
"dev": true,
"engines": {
"node": ">=12"
},
@ -420,6 +432,7 @@
"version": "6.2.1",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
"integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
"dev": true,
"engines": {
"node": ">=12"
},
@ -430,12 +443,14 @@
"node_modules/any-promise": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
"integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A=="
"integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==",
"dev": true
},
"node_modules/anymatch": {
"version": "3.1.3",
"resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
"integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
"dev": true,
"dependencies": {
"normalize-path": "^3.0.0",
"picomatch": "^2.0.4"
@ -447,12 +462,14 @@
"node_modules/arg": {
"version": "5.0.2",
"resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz",
"integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg=="
"integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==",
"dev": true
},
"node_modules/autoprefixer": {
"version": "10.4.19",
"resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.19.tgz",
"integrity": "sha512-BaENR2+zBZ8xXhM4pUaKUxlVdxZ0EZhjvbopwnXmxRUfqDmwSpC2lAi/QXvx7NRdPCo1WKEcEF6mV64si1z4Ew==",
"dev": true,
"funding": [
{
"type": "opencollective",
@ -488,12 +505,14 @@
"node_modules/balanced-match": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
"integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
"integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
"dev": true
},
"node_modules/binary-extensions": {
"version": "2.3.0",
"resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
"integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==",
"dev": true,
"engines": {
"node": ">=8"
},
@ -505,6 +524,7 @@
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
}
@ -513,6 +533,7 @@
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"dependencies": {
"fill-range": "^7.1.1"
},
@ -524,6 +545,7 @@
"version": "4.23.0",
"resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz",
"integrity": "sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ==",
"dev": true,
"funding": [
{
"type": "opencollective",
@ -563,6 +585,7 @@
"version": "1.0.30001625",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001625.tgz",
"integrity": "sha512-4KE9N2gcRH+HQhpeiRZXd+1niLB/XNLAhSy4z7fI8EzcbcPoAqjNInxVHTiTwWfTIV4w096XG8OtCOCQQKPv3w==",
"dev": true,
"funding": [
{
"type": "opencollective",
@ -582,6 +605,7 @@
"version": "3.6.0",
"resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
"integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
"dev": true,
"dependencies": {
"anymatch": "~3.1.2",
"braces": "~3.0.2",
@ -605,6 +629,7 @@
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
"integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
"dev": true,
"dependencies": {
"is-glob": "^4.0.1"
},
@ -612,22 +637,11 @@
"node": ">= 6"
}
},
"node_modules/color": {
"version": "4.2.3",
"resolved": "https://registry.npmjs.org/color/-/color-4.2.3.tgz",
"integrity": "sha512-1rXeuUUiGGrykh+CeBdu5Ie7OJwinCgQY0bc7GCRxy5xVHy+moaqkpL/jqQq0MtQOeYcrqEz4abc5f0KtU7W4A==",
"dependencies": {
"color-convert": "^2.0.1",
"color-string": "^1.9.0"
},
"engines": {
"node": ">=12.5.0"
}
},
"node_modules/color-convert": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
"integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
"dev": true,
"dependencies": {
"color-name": "~1.1.4"
},
@ -638,21 +652,14 @@
"node_modules/color-name": {
"version": "1.1.4",
"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
},
"node_modules/color-string": {
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz",
"integrity": "sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==",
"dependencies": {
"color-name": "^1.0.0",
"simple-swizzle": "^0.2.2"
}
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
"dev": true
},
"node_modules/commander": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz",
"integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==",
"dev": true,
"engines": {
"node": ">= 6"
}
@ -661,6 +668,7 @@
"version": "7.0.3",
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
"integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
"dev": true,
"dependencies": {
"path-key": "^3.1.0",
"shebang-command": "^2.0.0",
@ -690,23 +698,30 @@
"node": ">=4"
}
},
"node_modules/culori": {
"version": "3.3.0",
"resolved": "https://registry.npmjs.org/culori/-/culori-3.3.0.tgz",
"integrity": "sha512-pHJg+jbuFsCjz9iclQBqyL3B2HLCBF71BwVNujUYEvCeQMvV97R59MNK3R2+jgJ3a1fcZgI9B3vYgz8lzr/BFQ==",
"engines": {
"node": "^12.20.0 || ^14.13.1 || >=16.0.0"
}
},
"node_modules/daisyui": {
"version": "2.52.0",
"resolved": "https://registry.npmjs.org/daisyui/-/daisyui-2.52.0.tgz",
"integrity": "sha512-LQTA5/IVXAJHBMFoeaEMfd7/akAFPPcdQPR3O9fzzcFiczneJFM73CFPnScmW2sOgn/D83cvkP854ep2T9OfTg==",
"version": "4.12.8",
"resolved": "https://registry.npmjs.org/daisyui/-/daisyui-4.12.8.tgz",
"integrity": "sha512-FDdh0z9BsWMI0VeUSwZy6rwp9frEuUgd83SCPOaCYV3iULPzcgTEQT3IlcAbMCrsriu2ziDYZfGOUwPYHkHrfw==",
"dependencies": {
"color": "^4.2",
"css-selector-tokenizer": "^0.8.0",
"postcss-js": "^4.0.0",
"tailwindcss": "^3"
"css-selector-tokenizer": "^0.8",
"culori": "^3",
"picocolors": "^1",
"postcss-js": "^4"
},
"engines": {
"node": ">=16.9.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/daisyui"
},
"peerDependencies": {
"autoprefixer": "^10.0.2",
"postcss": "^8.1.6"
}
},
"node_modules/debug": {
@ -738,27 +753,32 @@
"node_modules/didyoumean": {
"version": "1.2.2",
"resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz",
"integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw=="
"integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==",
"dev": true
},
"node_modules/dlv": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz",
"integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA=="
"integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==",
"dev": true
},
"node_modules/eastasianwidth": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
"integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA=="
"integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
"dev": true
},
"node_modules/electron-to-chromium": {
"version": "1.4.787",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.787.tgz",
"integrity": "sha512-d0EFmtLPjctczO3LogReyM2pbBiiZbnsKnGF+cdZhsYzHm/A0GV7W94kqzLD8SN4O3f3iHlgLUChqghgyznvCQ=="
"integrity": "sha512-d0EFmtLPjctczO3LogReyM2pbBiiZbnsKnGF+cdZhsYzHm/A0GV7W94kqzLD8SN4O3f3iHlgLUChqghgyznvCQ==",
"dev": true
},
"node_modules/emoji-regex": {
"version": "9.2.2",
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
"integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg=="
"integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
"dev": true
},
"node_modules/esbuild": {
"version": "0.15.18",
@ -1121,6 +1141,7 @@
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz",
"integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==",
"dev": true,
"engines": {
"node": ">=6"
}
@ -1129,6 +1150,7 @@
"version": "3.3.2",
"resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz",
"integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==",
"dev": true,
"dependencies": {
"@nodelib/fs.stat": "^2.0.2",
"@nodelib/fs.walk": "^1.2.3",
@ -1144,6 +1166,7 @@
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
"integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
"dev": true,
"dependencies": {
"is-glob": "^4.0.1"
},
@ -1160,6 +1183,7 @@
"version": "1.17.1",
"resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz",
"integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==",
"dev": true,
"dependencies": {
"reusify": "^1.0.4"
}
@ -1168,6 +1192,7 @@
"version": "7.1.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"dependencies": {
"to-regex-range": "^5.0.1"
},
@ -1179,6 +1204,7 @@
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz",
"integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==",
"dev": true,
"dependencies": {
"cross-spawn": "^7.0.0",
"signal-exit": "^4.0.1"
@ -1194,6 +1220,7 @@
"version": "4.3.7",
"resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz",
"integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==",
"dev": true,
"engines": {
"node": "*"
},
@ -1206,6 +1233,7 @@
"version": "2.3.3",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
"integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
"dev": true,
"hasInstallScript": true,
"optional": true,
"os": [
@ -1219,6 +1247,7 @@
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
"integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
"dev": true,
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
@ -1227,6 +1256,7 @@
"version": "10.4.1",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz",
"integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==",
"dev": true,
"dependencies": {
"foreground-child": "^3.1.0",
"jackspeak": "^3.1.2",
@ -1248,6 +1278,7 @@
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
"integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
"dev": true,
"dependencies": {
"is-glob": "^4.0.3"
},
@ -1259,6 +1290,7 @@
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
"integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
"dev": true,
"dependencies": {
"function-bind": "^1.1.2"
},
@ -1266,15 +1298,11 @@
"node": ">= 0.4"
}
},
"node_modules/is-arrayish": {
"version": "0.3.2",
"resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz",
"integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ=="
},
"node_modules/is-binary-path": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
"integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
"dev": true,
"dependencies": {
"binary-extensions": "^2.0.0"
},
@ -1286,6 +1314,7 @@
"version": "2.13.1",
"resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz",
"integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==",
"dev": true,
"dependencies": {
"hasown": "^2.0.0"
},
@ -1297,6 +1326,7 @@
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
"integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
"dev": true,
"engines": {
"node": ">=0.10.0"
}
@ -1305,6 +1335,7 @@
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
"integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
"dev": true,
"engines": {
"node": ">=8"
}
@ -1313,6 +1344,7 @@
"version": "4.0.3",
"resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
"integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
"dev": true,
"dependencies": {
"is-extglob": "^2.1.1"
},
@ -1324,6 +1356,7 @@
"version": "7.0.0",
"resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
"integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
"dev": true,
"engines": {
"node": ">=0.12.0"
}
@ -1331,12 +1364,14 @@
"node_modules/isexe": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
"integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
"integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
"dev": true
},
"node_modules/jackspeak": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz",
"integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==",
"dev": true,
"dependencies": {
"@isaacs/cliui": "^8.0.2"
},
@ -1354,6 +1389,7 @@
"version": "1.21.0",
"resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz",
"integrity": "sha512-gFqAIbuKyyso/3G2qhiO2OM6shY6EPP/R0+mkDbyspxKazh8BXDC5FiFsUjlczgdNz/vfra0da2y+aHrusLG/Q==",
"dev": true,
"bin": {
"jiti": "bin/jiti.js"
}
@ -1371,6 +1407,7 @@
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz",
"integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==",
"dev": true,
"engines": {
"node": ">=10"
}
@ -1378,12 +1415,14 @@
"node_modules/lines-and-columns": {
"version": "1.2.4",
"resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz",
"integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg=="
"integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==",
"dev": true
},
"node_modules/lru-cache": {
"version": "10.2.2",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz",
"integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==",
"dev": true,
"engines": {
"node": "14 || >=16.14"
}
@ -1404,6 +1443,7 @@
"version": "1.4.1",
"resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
"integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
"dev": true,
"engines": {
"node": ">= 8"
}
@ -1412,6 +1452,7 @@
"version": "4.0.7",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz",
"integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==",
"dev": true,
"dependencies": {
"braces": "^3.0.3",
"picomatch": "^2.3.1"
@ -1424,6 +1465,7 @@
"version": "9.0.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
"integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
},
@ -1438,6 +1480,7 @@
"version": "7.1.2",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
"integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
"dev": true,
"engines": {
"node": ">=16 || 14 >=14.17"
}
@ -1452,6 +1495,7 @@
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz",
"integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==",
"dev": true,
"dependencies": {
"any-promise": "^1.0.0",
"object-assign": "^4.0.1",
@ -1478,12 +1522,14 @@
"node_modules/node-releases": {
"version": "2.0.14",
"resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz",
"integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw=="
"integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==",
"dev": true
},
"node_modules/normalize-path": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
"integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
"dev": true,
"engines": {
"node": ">=0.10.0"
}
@ -1492,6 +1538,7 @@
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz",
"integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==",
"dev": true,
"engines": {
"node": ">=0.10.0"
}
@ -1500,6 +1547,7 @@
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
"integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
"dev": true,
"engines": {
"node": ">=0.10.0"
}
@ -1508,6 +1556,7 @@
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz",
"integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==",
"dev": true,
"engines": {
"node": ">= 6"
}
@ -1516,6 +1565,7 @@
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
"integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
"dev": true,
"engines": {
"node": ">=8"
}
@ -1523,12 +1573,14 @@
"node_modules/path-parse": {
"version": "1.0.7",
"resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
"integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
"integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
"dev": true
},
"node_modules/path-scurry": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
"integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
"dev": true,
"dependencies": {
"lru-cache": "^10.2.0",
"minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
@ -1549,6 +1601,7 @@
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
"dev": true,
"engines": {
"node": ">=8.6"
},
@ -1560,6 +1613,7 @@
"version": "2.3.0",
"resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
"integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==",
"dev": true,
"engines": {
"node": ">=0.10.0"
}
@ -1568,6 +1622,7 @@
"version": "4.0.6",
"resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz",
"integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==",
"dev": true,
"engines": {
"node": ">= 6"
}
@ -1603,6 +1658,7 @@
"version": "15.1.0",
"resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz",
"integrity": "sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==",
"dev": true,
"dependencies": {
"postcss-value-parser": "^4.0.0",
"read-cache": "^1.0.0",
@ -1637,6 +1693,7 @@
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz",
"integrity": "sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==",
"dev": true,
"funding": [
{
"type": "opencollective",
@ -1671,6 +1728,7 @@
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz",
"integrity": "sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==",
"dev": true,
"engines": {
"node": ">=14"
},
@ -1682,6 +1740,7 @@
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz",
"integrity": "sha512-mEp4xPMi5bSWiMbsgoPfcP74lsWLHkQbZc3sY+jWYd65CUwXrUaTp0fmNpa01ZcETKlIgUdFN/MpS2xZtqL9dQ==",
"dev": true,
"dependencies": {
"postcss-selector-parser": "^6.0.11"
},
@ -1700,6 +1759,7 @@
"version": "6.1.0",
"resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz",
"integrity": "sha512-UMz42UD0UY0EApS0ZL9o1XnLhSTtvvvLe5Dc2H2O56fvRZi+KulDyf5ctDhhtYJBGKStV2FL1fy6253cmLgqVQ==",
"dev": true,
"dependencies": {
"cssesc": "^3.0.0",
"util-deprecate": "^1.0.2"
@ -1711,12 +1771,14 @@
"node_modules/postcss-value-parser": {
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
"integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
"integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==",
"dev": true
},
"node_modules/queue-microtask": {
"version": "1.2.3",
"resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
"integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
"dev": true,
"funding": [
{
"type": "github",
@ -1736,6 +1798,7 @@
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz",
"integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==",
"dev": true,
"dependencies": {
"pify": "^2.3.0"
}
@ -1744,6 +1807,7 @@
"version": "3.6.0",
"resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
"integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
"dev": true,
"dependencies": {
"picomatch": "^2.2.1"
},
@ -1755,6 +1819,7 @@
"version": "1.22.8",
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz",
"integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==",
"dev": true,
"dependencies": {
"is-core-module": "^2.13.0",
"path-parse": "^1.0.7",
@ -1771,6 +1836,7 @@
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
"integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
"dev": true,
"engines": {
"iojs": ">=1.0.0",
"node": ">=0.10.0"
@ -1795,6 +1861,7 @@
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
"integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
"dev": true,
"funding": [
{
"type": "github",
@ -1817,6 +1884,7 @@
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
"integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
"dev": true,
"dependencies": {
"shebang-regex": "^3.0.0"
},
@ -1828,6 +1896,7 @@
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
"integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
"dev": true,
"engines": {
"node": ">=8"
}
@ -1836,6 +1905,7 @@
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
"integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
"dev": true,
"engines": {
"node": ">=14"
},
@ -1843,14 +1913,6 @@
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/simple-swizzle": {
"version": "0.2.2",
"resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz",
"integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==",
"dependencies": {
"is-arrayish": "^0.3.1"
}
},
"node_modules/source-map-js": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz",
@ -1870,6 +1932,7 @@
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
"integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
"dev": true,
"dependencies": {
"eastasianwidth": "^0.2.0",
"emoji-regex": "^9.2.2",
@ -1887,6 +1950,7 @@
"version": "4.2.3",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
"integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
"dev": true,
"dependencies": {
"emoji-regex": "^8.0.0",
"is-fullwidth-code-point": "^3.0.0",
@ -1900,6 +1964,7 @@
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
"integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
"dev": true,
"engines": {
"node": ">=8"
}
@ -1907,12 +1972,14 @@
"node_modules/string-width-cjs/node_modules/emoji-regex": {
"version": "8.0.0",
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
"dev": true
},
"node_modules/string-width-cjs/node_modules/strip-ansi": {
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
"integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
"dev": true,
"dependencies": {
"ansi-regex": "^5.0.1"
},
@ -1924,6 +1991,7 @@
"version": "7.1.0",
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
"integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
"dev": true,
"dependencies": {
"ansi-regex": "^6.0.1"
},
@ -1939,6 +2007,7 @@
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
"integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
"dev": true,
"dependencies": {
"ansi-regex": "^5.0.1"
},
@ -1950,6 +2019,7 @@
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
"integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
"dev": true,
"engines": {
"node": ">=8"
}
@ -1958,6 +2028,7 @@
"version": "3.35.0",
"resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz",
"integrity": "sha512-8EbVDiu9iN/nESwxeSxDKe0dunta1GOlHufmSSXxMD2z2/tMZpDMpvXQGsc+ajGo8y2uYUmixaSRUc/QPoQ0GA==",
"dev": true,
"dependencies": {
"@jridgewell/gen-mapping": "^0.3.2",
"commander": "^4.0.0",
@ -1979,6 +2050,7 @@
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
"integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
"dev": true,
"engines": {
"node": ">= 0.4"
},
@ -2011,6 +2083,7 @@
"version": "3.4.3",
"resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz",
"integrity": "sha512-U7sxQk/n397Bmx4JHbJx/iSOOv5G+II3f1kpLpY2QeUv5DcPdcTsYLlusZfq1NthHS1c1cZoyFmmkex1rzke0A==",
"dev": true,
"dependencies": {
"@alloc/quick-lru": "^5.2.0",
"arg": "^5.0.2",
@ -2047,6 +2120,7 @@
"version": "3.3.1",
"resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz",
"integrity": "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==",
"dev": true,
"dependencies": {
"any-promise": "^1.0.0"
}
@ -2055,6 +2129,7 @@
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz",
"integrity": "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==",
"dev": true,
"dependencies": {
"thenify": ">= 3.1.0 < 4"
},
@ -2066,6 +2141,7 @@
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
"integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
"dev": true,
"dependencies": {
"is-number": "^7.0.0"
},
@ -2076,12 +2152,14 @@
"node_modules/ts-interface-checker": {
"version": "0.1.13",
"resolved": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz",
"integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA=="
"integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==",
"dev": true
},
"node_modules/update-browserslist-db": {
"version": "1.0.16",
"resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.16.tgz",
"integrity": "sha512-KVbTxlBYlckhF5wgfyZXTWnMn7MMZjMu9XG8bPlliUOP9ThaF4QnhP8qrjrH7DRzHfSk0oQv1wToW+iA5GajEQ==",
"dev": true,
"funding": [
{
"type": "opencollective",
@ -2110,7 +2188,8 @@
"node_modules/util-deprecate": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
"integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
"integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
"dev": true
},
"node_modules/vite": {
"version": "3.2.10",
@ -2179,6 +2258,7 @@
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
"integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
"dev": true,
"dependencies": {
"isexe": "^2.0.0"
},
@ -2193,6 +2273,7 @@
"version": "8.1.0",
"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
"integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
"dev": true,
"dependencies": {
"ansi-styles": "^6.1.0",
"string-width": "^5.0.1",
@ -2210,6 +2291,7 @@
"version": "7.0.0",
"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
"integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
"dev": true,
"dependencies": {
"ansi-styles": "^4.0.0",
"string-width": "^4.1.0",
@ -2226,6 +2308,7 @@
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
"integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
"dev": true,
"engines": {
"node": ">=8"
}
@ -2234,6 +2317,7 @@
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
"dependencies": {
"color-convert": "^2.0.1"
},
@ -2247,12 +2331,14 @@
"node_modules/wrap-ansi-cjs/node_modules/emoji-regex": {
"version": "8.0.0",
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
"dev": true
},
"node_modules/wrap-ansi-cjs/node_modules/string-width": {
"version": "4.2.3",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
"integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
"dev": true,
"dependencies": {
"emoji-regex": "^8.0.0",
"is-fullwidth-code-point": "^3.0.0",
@ -2266,6 +2352,7 @@
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
"integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
"dev": true,
"dependencies": {
"ansi-regex": "^5.0.1"
},
@ -2277,6 +2364,7 @@
"version": "2.4.2",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.2.tgz",
"integrity": "sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},

2
package.json
View File

@ -20,6 +20,6 @@
"@tauri-apps/api": "^2.0.0-beta.13",
"@tauri-apps/plugin-dialog": "^2.0.0-beta.5",
"@tauri-apps/plugin-os": "^2.0.0-beta.5",
"daisyui": "^2.51.5"
"daisyui": "^4.12.8"
}
}

2768
src-tauri/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

18
src-tauri/Cargo.toml
View File

@ -28,12 +28,11 @@ serde = { version = "1.0", features = ["derive"] }
tauri = { version = "2.0.0-beta", features = ["tray-icon"] }
sodiumoxide = "0.2.7"
tokio = { version = ">=1.19", features = ["full"] }
sqlx = { version = "0.6.2", features = ["sqlite", "runtime-tokio-rustls"] }
sysinfo = "0.26.8"
aws-types = "0.52.0"
aws-sdk-sts = "0.22.0"
aws-smithy-types = "0.52.0"
aws-config = "0.52.0"
aws-config = "1.5.3"
aws-types = "1.3.2"
aws-sdk-sts = "1.33.0"
aws-smithy-types = "1.2.0"
thiserror = "1.0.38"
once_cell = "1.16.0"
strum = "0.24"
@ -49,7 +48,14 @@ windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pi
time = "0.3.31"
tauri-plugin-single-instance = "2.0.0-beta.9"
tauri-plugin-global-shortcut = "2.0.0-beta.6"
rfd = "0.14.1"
tauri-plugin-os = "2.0.0-beta.6"
tauri-plugin-dialog = "2.0.0-beta.9"
rfd = "0.13.0"
ssh-agent-lib = "0.4.0"
ssh-key = { version = "0.6.6", features = ["rsa", "ed25519", "encryption"] }
signature = "2.2.0"
tokio-stream = "0.1.15"
sqlx = { version = "0.7.4", features = ["sqlite", "runtime-tokio", "uuid"] }
[features]
# by default Tauri runs in production mode

4
src-tauri/capabilities/migrated.json
View File

@ -12,6 +12,8 @@
"app:default",
"resources:default",
"menu:default",
"tray:default"
"tray:default",
"os:allow-os-type",
"dialog:allow-open"
]
}

2
src-tauri/gen/schemas/acl-manifests.json
View File

File diff suppressed because one or more lines are too long

2
src-tauri/gen/schemas/capabilities.json
View File

@ -1 +1 @@
{"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["path:default","event:default","window:default","app:default","resources:default","menu:default","tray:default"]}}
{"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["path:default","event:default","window:default","app:default","resources:default","menu:default","tray:default","os:allow-os-type","dialog:allow-open"]}}

194
src-tauri/gen/schemas/desktop-schema.json
View File

@ -247,6 +247,82 @@
"app:deny-version"
]
},
{
"type": "string",
"enum": [
"dialog:default"
]
},
{
"description": "dialog:allow-ask -> Enables the ask command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-ask"
]
},
{
"description": "dialog:allow-confirm -> Enables the confirm command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-confirm"
]
},
{
"description": "dialog:allow-message -> Enables the message command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-message"
]
},
{
"description": "dialog:allow-open -> Enables the open command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-open"
]
},
{
"description": "dialog:allow-save -> Enables the save command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-save"
]
},
{
"description": "dialog:deny-ask -> Denies the ask command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-ask"
]
},
{
"description": "dialog:deny-confirm -> Denies the confirm command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-confirm"
]
},
{
"description": "dialog:deny-message -> Denies the message command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-message"
]
},
{
"description": "dialog:deny-open -> Denies the open command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-open"
]
},
{
"description": "dialog:deny-save -> Denies the save command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-save"
]
},
{
"description": "event:default -> Default permissions for the plugin.",
"type": "string",
@ -778,6 +854,124 @@
"menu:deny-text"
]
},
{
"type": "string",
"enum": [
"os:default"
]
},
{
"description": "os:allow-arch -> Enables the arch command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-arch"
]
},
{
"description": "os:allow-exe-extension -> Enables the exe_extension command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-exe-extension"
]
},
{
"description": "os:allow-family -> Enables the family command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-family"
]
},
{
"description": "os:allow-hostname -> Enables the hostname command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-hostname"
]
},
{
"description": "os:allow-locale -> Enables the locale command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-locale"
]
},
{
"description": "os:allow-os-type -> Enables the os_type command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-os-type"
]
},
{
"description": "os:allow-platform -> Enables the platform command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-platform"
]
},
{
"description": "os:allow-version -> Enables the version command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-version"
]
},
{
"description": "os:deny-arch -> Denies the arch command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-arch"
]
},
{
"description": "os:deny-exe-extension -> Denies the exe_extension command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-exe-extension"
]
},
{
"description": "os:deny-family -> Denies the family command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-family"
]
},
{
"description": "os:deny-hostname -> Denies the hostname command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-hostname"
]
},
{
"description": "os:deny-locale -> Denies the locale command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-locale"
]
},
{
"description": "os:deny-os-type -> Denies the os_type command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-os-type"
]
},
{
"description": "os:deny-platform -> Denies the platform command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-platform"
]
},
{
"description": "os:deny-version -> Denies the version command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-version"
]
},
{
"description": "path:default -> Default permissions for the plugin.",
"type": "string",

194
src-tauri/gen/schemas/linux-schema.json
View File

@ -247,6 +247,82 @@
"app:deny-version"
]
},
{
"type": "string",
"enum": [
"dialog:default"
]
},
{
"description": "dialog:allow-ask -> Enables the ask command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-ask"
]
},
{
"description": "dialog:allow-confirm -> Enables the confirm command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-confirm"
]
},
{
"description": "dialog:allow-message -> Enables the message command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-message"
]
},
{
"description": "dialog:allow-open -> Enables the open command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-open"
]
},
{
"description": "dialog:allow-save -> Enables the save command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:allow-save"
]
},
{
"description": "dialog:deny-ask -> Denies the ask command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-ask"
]
},
{
"description": "dialog:deny-confirm -> Denies the confirm command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-confirm"
]
},
{
"description": "dialog:deny-message -> Denies the message command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-message"
]
},
{
"description": "dialog:deny-open -> Denies the open command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-open"
]
},
{
"description": "dialog:deny-save -> Denies the save command without any pre-configured scope.",
"type": "string",
"enum": [
"dialog:deny-save"
]
},
{
"description": "event:default -> Default permissions for the plugin.",
"type": "string",
@ -778,6 +854,124 @@
"menu:deny-text"
]
},
{
"type": "string",
"enum": [
"os:default"
]
},
{
"description": "os:allow-arch -> Enables the arch command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-arch"
]
},
{
"description": "os:allow-exe-extension -> Enables the exe_extension command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-exe-extension"
]
},
{
"description": "os:allow-family -> Enables the family command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-family"
]
},
{
"description": "os:allow-hostname -> Enables the hostname command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-hostname"
]
},
{
"description": "os:allow-locale -> Enables the locale command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-locale"
]
},
{
"description": "os:allow-os-type -> Enables the os_type command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-os-type"
]
},
{
"description": "os:allow-platform -> Enables the platform command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-platform"
]
},
{
"description": "os:allow-version -> Enables the version command without any pre-configured scope.",
"type": "string",
"enum": [
"os:allow-version"
]
},
{
"description": "os:deny-arch -> Denies the arch command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-arch"
]
},
{
"description": "os:deny-exe-extension -> Denies the exe_extension command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-exe-extension"
]
},
{
"description": "os:deny-family -> Denies the family command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-family"
]
},
{
"description": "os:deny-hostname -> Denies the hostname command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-hostname"
]
},
{
"description": "os:deny-locale -> Denies the locale command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-locale"
]
},
{
"description": "os:deny-os-type -> Denies the os_type command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-os-type"
]
},
{
"description": "os:deny-platform -> Denies the platform command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-platform"
]
},
{
"description": "os:deny-version -> Denies the version command without any pre-configured scope.",
"type": "string",
"enum": [
"os:deny-version"
]
},
{
"description": "path:default -> Default permissions for the plugin.",
"type": "string",

11
src-tauri/migrations/20240612192956_kv.sql Normal file
View File

@ -0,0 +1,11 @@
-- key-value store, will be used for various one-off values, serialized to bytes
CREATE TABLE kv (
name TEXT PRIMARY KEY,
value BLOB
);
-- config is currently stored in its own table, as text
INSERT INTO kv (name, value)
SELECT 'config', CAST(data AS BLOB) FROM config;
DROP TABLE config;

77
src-tauri/migrations/20240617142724_credential_split.sql Normal file
View File

@ -0,0 +1,77 @@
-- app structure is changing - instead of passphrase/salt being per credential,
-- we now have a single app-wide key, which is generated by hashing the passphrase
-- with the known salt. To verify the key thus produced, we store a value previously
-- encrypted with that key, and attempt decryption once the key has been re-generated.
-- For migration purposes, we want convert the passphrase for the most recent set of
-- AWS credentials and turn it into the app-wide passphrase. The only value that we
-- have which is encrypted with that passphrase is the secret key for those credentials,
-- so we will just use that as the `verify_blob`. Feels a little weird, but oh well.
WITH latest_creds AS (
SELECT *
FROM credentials
ORDER BY created_at DESC
LIMIT 1
)
INSERT INTO kv (name, value)
SELECT 'salt', salt FROM latest_creds
UNION ALL
SELECT 'verify_nonce', nonce FROM latest_creds
UNION ALL
SELECT 'verify_blob', secret_key_enc FROM latest_creds;
-- Credentials are now going to be stored in a main table
-- plus ancillary tables for type-specific data
-- stash existing AWS creds in temporary table so that we can remake it
CREATE TABLE aws_tmp (id, access_key_id, secret_key_enc, nonce, created_at);
INSERT INTO aws_tmp
SELECT randomblob(16), access_key_id, secret_key_enc, nonce, created_at
FROM credentials
ORDER BY created_at DESC
-- we only ever used one at a time in the past
LIMIT 1;
-- new master credentials table
DROP TABLE credentials;
CREATE TABLE credentials (
-- id is a UUID so we can generate it on the frontend
id BLOB UNIQUE NOT NULL,
name TEXT UNIQUE NOT NULL,
credential_type TEXT NOT NULL,
is_default BOOLEAN NOT NULL,
created_at INTEGER NOT NULL
);
-- populate with basic data from existing AWS credential
INSERT INTO credentials (id, name, credential_type, is_default, created_at)
SELECT id, 'default', 'aws', 1, created_at FROM aws_tmp;
-- new AWS-specific table
CREATE TABLE aws_credentials (
id BLOB UNIQUE NOT NULL,
access_key_id TEXT NOT NULL,
secret_key_enc BLOB NOT NULL,
nonce BLOB NOT NULL,
FOREIGN KEY(id) REFERENCES credentials(id) ON DELETE CASCADE
);
-- populate with AWS-specific data from existing credential
INSERT INTO aws_credentials (id, access_key_id, secret_key_enc, nonce)
SELECT id, access_key_id, secret_key_enc, nonce
FROM aws_tmp;
-- done with this now
DROP TABLE aws_tmp;
-- SSH keys are the new hotness
CREATE TABLE ssh_keys (
name TEXT UNIQUE NOT NULL,
public_key BLOB NOT NULL,
private_key_enc BLOB NOT NULL,
nonce BLOB NOT NULL
);

0
src-tauri/src/credentials.rs → src-tauri/src/_credentials.rs
View File

31
src-tauri/src/app.rs
View File

@ -23,7 +23,7 @@ use tauri::menu::MenuItem;
use crate::{
config::{self, AppConfig},
credentials::Session,
credentials::AppSession,
ipc,
server::Server,
errors::*,
@ -43,28 +43,26 @@ pub fn run() -> tauri::Result<()> {
.error_popup("Failed to show main window")
}))
.plugin(tauri_plugin_global_shortcut::Builder::default().build())
.plugin(tauri_plugin_os::init())
.plugin(tauri_plugin_dialog::init())
.invoke_handler(tauri::generate_handler![
ipc::unlock,
ipc::lock,
ipc::reset_session,
ipc::set_passphrase,
ipc::respond,
ipc::get_session_status,
ipc::signal_activity,
ipc::save_credentials,
ipc::save_credential,
ipc::delete_credential,
ipc::list_credentials,
ipc::get_config,
ipc::save_config,
ipc::launch_terminal,
ipc::get_setup_errors,
ipc::exit,
])
.setup(|app| {
let res = rt::block_on(setup(app));
if let Err(ref e) = res {
MessageDialog::new()
.set_level(MessageLevel::Error)
.set_title("Creddy failed to start")
.set_description(format!("{e}"))
.show();
}
res
})
.setup(|app| rt::block_on(setup(app)))
.build(tauri::generate_context!())?
.run(|app, run_event| {
if let RunEvent::WindowEvent { event, .. } = run_event {
@ -100,7 +98,7 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
let mut conf = match AppConfig::load(&pool).await {
Ok(c) => c,
Err(SetupError::ConfigParseError(_)) => {
Err(LoadKvError::Invalid(_)) => {
setup_errors.push(
"Could not load configuration from database. Reverting to defaults.".into()
);
@ -109,7 +107,7 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
err => err?,
};
let session = Session::load(&pool).await?;
let app_session = AppSession::load(&pool).await?;
Server::start(app.handle().clone())?;
config::set_auto_launch(conf.start_on_login)?;
@ -128,12 +126,11 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
.map(|names| names.split(':').any(|n| n == "GNOME"))
.unwrap_or(false);
// if session is empty, this is probably the first launch, so don't autohide
if !conf.start_minimized || is_first_launch {
show_main_window(&app.handle())?;
}
let state = AppState::new(conf, session, pool, setup_errors, desktop_is_gnome);
let state = AppState::new(conf, app_session, pool, setup_errors, desktop_is_gnome);
app.manage(state);
// make sure we do this after managing app state, so that it doesn't panic

7
src-tauri/src/bin/agent.rs Normal file
View File

@ -0,0 +1,7 @@
use creddy::server::ssh_agent;
#[tokio::main]
async fn main() {
ssh_agent::run().await;
}

13
src-tauri/src/bin/key.rs Normal file
View File

@ -0,0 +1,13 @@
use ssh_key::private::PrivateKey;
fn main() {
// let passphrase = std::env::var("PRIVKEY_PASSPHRASE").unwrap();
let p = AsRef::<std::path::Path>::as_ref("/home/joe/.ssh/test");
let privkey = PrivateKey::read_openssh_file(p)
.unwrap();
// .decrypt(passphrase.as_bytes())
// .unwrap();
dbg!(String::from_utf8_lossy(&privkey.to_bytes().unwrap()));
}

27
src-tauri/src/cli.rs
View File

@ -12,7 +12,6 @@ use clap::{
};
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use crate::credentials::Credentials;
use crate::errors::*;
use crate::server::{Request, Response};
use crate::shortcuts::ShortcutAction;
@ -80,9 +79,10 @@ pub fn parser() -> Command<'static> {
pub fn get(args: &ArgMatches) -> Result<(), CliError> {
let base = args.get_one("base").unwrap_or(&false);
let output = match get_credentials(*base)? {
Credentials::Base(creds) => serde_json::to_string(&creds).unwrap(),
Credentials::Session(creds) => serde_json::to_string(&creds).unwrap(),
let output = match make_request(&Request::GetAwsCredentials { base: *base })? {
Response::AwsBase(creds) => serde_json::to_string(&creds).unwrap(),
Response::AwsSession(creds) => serde_json::to_string(&creds).unwrap(),
r => return Err(RequestError::Unexpected(r).into()),
};
println!("{output}");
Ok(())
@ -98,16 +98,17 @@ pub fn exec(args: &ArgMatches) -> Result<(), CliError> {
let mut cmd = ChildCommand::new(cmd_name);
cmd.args(cmd_line);
match get_credentials(base)? {
Credentials::Base(creds) => {
match make_request(&Request::GetAwsCredentials { base })? {
Response::AwsBase(creds) => {
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
},
Credentials::Session(creds) => {
Response::AwsSession(creds) => {
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
cmd.env("AWS_SESSION_TOKEN", creds.session_token);
}
},
r => return Err(RequestError::Unexpected(r).into()),
}
#[cfg(unix)]
@ -157,16 +158,6 @@ pub fn invoke_shortcut(args: &ArgMatches) -> Result<(), CliError> {
}
fn get_credentials(base: bool) -> Result<Credentials, RequestError> {
let req = Request::GetAwsCredentials { base };
match make_request(&req) {
Ok(Response::Aws(creds)) => Ok(creds),
Ok(r) => Err(RequestError::Unexpected(r)),
Err(e) => Err(e),
}
}
#[tokio::main]
async fn make_request(req: &Request) -> Result<Response, RequestError> {
let mut data = serde_json::to_string(req).unwrap();

28
src-tauri/src/config.rs
View File

@ -7,6 +7,7 @@ use serde::{Serialize, Deserialize};
use sqlx::SqlitePool;
use crate::errors::*;
use crate::kv;
#[derive(Clone, Debug, Serialize, Deserialize)]
@ -77,31 +78,16 @@ impl Default for AppConfig {
impl AppConfig {
pub async fn load(pool: &SqlitePool) -> Result<AppConfig, SetupError> {
let res = sqlx::query!("SELECT * from config where name = 'main'")
.fetch_optional(pool)
.await?;
pub async fn load(pool: &SqlitePool) -> Result<AppConfig, LoadKvError> {
let config = kv::load(pool, "config")
.await?
.unwrap_or_else(|| AppConfig::default());
let row = match res {
Some(row) => row,
None => return Ok(AppConfig::default()),
};
Ok(serde_json::from_str(&row.data)?)
Ok(config)
}
pub async fn save(&self, pool: &SqlitePool) -> Result<(), sqlx::error::Error> {
let data = serde_json::to_string(self).unwrap();
sqlx::query(
"INSERT INTO config (name, data) VALUES ('main', ?)
ON CONFLICT (name) DO UPDATE SET data = ?"
)
.bind(&data)
.bind(&data)
.execute(pool)
.await?;
Ok(())
kv::save(pool, "config", self).await
}
}

258
src-tauri/src/credentials/aws.rs Normal file
View File

@ -0,0 +1,258 @@
use std::fmt::{self, Formatter};
use std::time::{SystemTime, UNIX_EPOCH};
use aws_config::BehaviorVersion;
use aws_smithy_types::date_time::{DateTime, Format};
use chacha20poly1305::XNonce;
use serde::{
Serialize,
Deserialize,
Serializer,
Deserializer,
};
use serde::de::{self, Visitor};
use sqlx::{
FromRow,
Sqlite,
Transaction,
types::Uuid,
};
use super::{Credential, Crypto, PersistentCredential};
use crate::errors::*;
#[derive(Debug, Clone, FromRow)]
pub struct AwsRow {
id: Uuid,
access_key_id: String,
secret_key_enc: Vec<u8>,
nonce: Vec<u8>,
}
#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct AwsBaseCredential {
#[serde(default = "default_credentials_version")]
pub version: usize,
pub access_key_id: String,
pub secret_access_key: String,
}
impl AwsBaseCredential {
pub fn new(access_key_id: String, secret_access_key: String) -> Self {
Self {version: 1, access_key_id, secret_access_key}
}
}
impl PersistentCredential for AwsBaseCredential {
type Row = AwsRow;
fn type_name() -> &'static str { "aws" }
fn into_credential(self) -> Credential { Credential::AwsBase(self) }
fn row_id(row: &AwsRow) -> Uuid { row.id }
fn from_row(row: AwsRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> {
let nonce = XNonce::clone_from_slice(&row.nonce);
let secret_key_bytes = crypto.decrypt(&nonce, &row.secret_key_enc)?;
let secret_key = String::from_utf8(secret_key_bytes)
.map_err(|_| LoadCredentialsError::InvalidData)?;
Ok(Self::new(row.access_key_id, secret_key))
}
async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> {
let (nonce, ciphertext) = crypto.encrypt(self.secret_access_key.as_bytes())?;
let nonce_bytes = &nonce.as_slice();
sqlx::query!(
"INSERT OR REPLACE INTO aws_credentials (
id,
access_key_id,
secret_key_enc,
nonce
)
VALUES (?, ?, ?, ?);",
id, self.access_key_id, ciphertext, nonce_bytes,
).execute(&mut **txn).await?;
Ok(())
}
}
#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct AwsSessionCredential {
#[serde(default = "default_credentials_version")]
pub version: usize,
pub access_key_id: String,
pub secret_access_key: String,
pub session_token: String,
#[serde(serialize_with = "serialize_expiration")]
#[serde(deserialize_with = "deserialize_expiration")]
pub expiration: DateTime,
}
impl AwsSessionCredential {
pub async fn from_base(base: &AwsBaseCredential) -> Result<Self, GetSessionError> {
let req_creds = aws_sdk_sts::config::Credentials::new(
&base.access_key_id,
&base.secret_access_key,
None, // token
None, //expiration
"Creddy", // "provider name" apparently
);
let config = aws_config::defaults(BehaviorVersion::latest())
.credentials_provider(req_creds)
.load()
.await;
let client = aws_sdk_sts::Client::new(&config);
let resp = client.get_session_token()
.duration_seconds(43_200)
.send()
.await?;
let aws_session = resp.credentials.ok_or(GetSessionError::EmptyResponse)?;
let session_creds = AwsSessionCredential {
version: 1,
access_key_id: aws_session.access_key_id,
secret_access_key: aws_session.secret_access_key,
session_token: aws_session.session_token,
expiration: aws_session.expiration,
};
#[cfg(debug_assertions)]
println!("Got new session:\n{}", serde_json::to_string(&session_creds).unwrap());
Ok(session_creds)
}
pub fn is_expired(&self) -> bool {
let current_ts = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap() // doesn't panic because UNIX_EPOCH won't be later than now()
.as_secs();
let expire_ts = self.expiration.secs();
let remaining = expire_ts - (current_ts as i64);
remaining < 60
}
}
fn default_credentials_version() -> usize { 1 }
struct DateTimeVisitor;
impl<'de> Visitor<'de> for DateTimeVisitor {
type Value = DateTime;
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
write!(formatter, "an RFC 3339 UTC string, e.g. \"2014-01-05T10:17:34Z\"")
}
fn visit_str<E: de::Error>(self, v: &str) -> Result<DateTime, E> {
DateTime::from_str(v, Format::DateTime)
.map_err(|_| E::custom(format!("Invalid date/time: {v}")))
}
}
fn deserialize_expiration<'de, D>(deserializer: D) -> Result<DateTime, D::Error>
where D: Deserializer<'de>
{
deserializer.deserialize_str(DateTimeVisitor)
}
fn serialize_expiration<S>(exp: &DateTime, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer
{
// this only fails if the d/t is out of range, which it can't be for this format
let time_str = exp.fmt(Format::DateTime).unwrap();
serializer.serialize_str(&time_str)
}
#[cfg(test)]
mod tests {
use super::*;
use sqlx::SqlitePool;
use sqlx::types::uuid::uuid;
fn creds() -> AwsBaseCredential {
AwsBaseCredential::new(
"AKIAIOSFODNN7EXAMPLE".into(),
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
)
}
fn creds_2() -> AwsBaseCredential {
AwsBaseCredential::new(
"AKIAIOSFODNN7EXAMPL2".into(),
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(),
)
}
fn test_uuid() -> Uuid {
Uuid::try_parse("00000000-0000-0000-0000-000000000000").unwrap()
}
fn test_uuid_2() -> Uuid {
Uuid::try_parse("ffffffff-ffff-ffff-ffff-ffffffffffff").unwrap()
}
fn test_uuid_random() -> Uuid {
let bytes = Crypto::salt();
Uuid::from_slice(&bytes[..16]).unwrap()
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_load(pool: SqlitePool) {
let crypt = Crypto::fixed();
let id = uuid!("00000000-0000-0000-0000-000000000000");
let loaded = AwsBaseCredential::load(&id, &crypt, &pool).await.unwrap();
assert_eq!(creds(), loaded);
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_load_by_name(pool: SqlitePool) {
let crypt = Crypto::fixed();
let loaded = AwsBaseCredential::load_by_name("test2", &crypt, &pool).await.unwrap();
assert_eq!(creds_2(), loaded);
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_load_default(pool: SqlitePool) {
let crypt = Crypto::fixed();
let loaded = AwsBaseCredential::load_default(&crypt, &pool).await.unwrap();
assert_eq!(creds(), loaded)
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_list(pool: SqlitePool) {
let crypt = Crypto::fixed();
let list: Vec<_> = AwsBaseCredential::list(&crypt, &pool)
.await
.expect("Failed to load credentials")
.into_iter()
.map(|(_, cred)| cred)
.collect();
assert_eq!(&creds().into_credential(), &list[0]);
assert_eq!(&creds_2().into_credential(), &list[1]);
}
}

116
src-tauri/src/credentials/crypto.rs Normal file
View File

@ -0,0 +1,116 @@
use std::fmt::{Debug, Formatter};
use argon2::{
Argon2,
Algorithm,
Version,
ParamsBuilder,
password_hash::rand_core::{RngCore, OsRng},
};
use chacha20poly1305::{
XChaCha20Poly1305,
XNonce,
aead::{
Aead,
AeadCore,
KeyInit,
generic_array::GenericArray,
},
};
use crate::errors::*;
#[derive(Clone)]
pub struct Crypto {
cipher: XChaCha20Poly1305,
}
impl Crypto {
/// Argon2 params rationale:
///
/// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB.
/// This should roughly double the memory usage of the application
/// while deriving the key.
///
/// p_cost is irrelevant since (at present) there isn't any parallelism
/// implemented, so we leave it at 1.
///
/// With the above m_cost, t_cost = 8 results in about 800ms to derive
/// a key on my (somewhat older) CPU. This is probably overkill, but
/// given that it should only have to happen ~once a day for most
/// usage, it should be acceptable.
#[cfg(not(debug_assertions))]
const MEM_COST: u32 = 128 * 1024;
#[cfg(not(debug_assertions))]
const TIME_COST: u32 = 8;
/// But since this takes a million years without optimizations,
/// we turn it way down in debug builds.
#[cfg(debug_assertions)]
const MEM_COST: u32 = 48 * 1024;
#[cfg(debug_assertions)]
const TIME_COST: u32 = 1;
pub fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> {
let params = ParamsBuilder::new()
.m_cost(Self::MEM_COST)
.p_cost(1)
.t_cost(Self::TIME_COST)
.build()
.unwrap(); // only errors if the given params are invalid
let hasher = Argon2::new(
Algorithm::Argon2id,
Version::V0x13,
params,
);
let mut key = [0; 32];
hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?;
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
Ok(Crypto { cipher })
}
#[cfg(test)]
pub fn random() -> Crypto {
// salt and key are the same length, so we can just use this
let key = Crypto::salt();
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
Crypto { cipher }
}
#[cfg(test)]
pub fn fixed() -> Crypto {
let key = [
1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
];
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
Crypto { cipher }
}
pub fn salt() -> [u8; 32] {
let mut salt = [0; 32];
OsRng.fill_bytes(&mut salt);
salt
}
pub fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), CryptoError> {
let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng);
let ciphertext = self.cipher.encrypt(&nonce, data)?;
Ok((nonce, ciphertext))
}
pub fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, CryptoError> {
let plaintext = self.cipher.decrypt(nonce, data)?;
Ok(plaintext)
}
}
impl Debug for Crypto {
fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> {
write!(f, "Crypto {{ [...] }}")
}
}

19
src-tauri/src/credentials/fixtures/aws_credentials.sql Normal file
View File

@ -0,0 +1,19 @@
INSERT INTO credentials (id, name, credential_type, is_default, created_at)
VALUES
(X'00000000000000000000000000000000', 'test', 'aws', 1, strftime('%s')),
(X'ffffffffffffffffffffffffffffffff', 'test2', 'aws', 0, strftime('%s'));
INSERT INTO aws_credentials (id, access_key_id, secret_key_enc, nonce)
VALUES
(
X'00000000000000000000000000000000',
'AKIAIOSFODNN7EXAMPLE',
X'B09ACDADD07E295A3FD9146D8D3672FA5C2518BFB15CF039E68820C42EFD3BC3BE3156ACF438C2C957EC113EF8617DBC71790EAFE39B3DE8',
X'DB777F2C6315DC0E12ADF322256E69D09D7FB586AAE614A6'
),
(
X'ffffffffffffffffffffffffffffffff',
'AKIAIOSFODNN7EXAMPL2',
X'ED6125FF40EF6F61929DF5FFD7141CD2B5A302A51C20152156477F8CC77980C614AB1B212AC06983F3CED35C4F3C54D4EE38964859930FBF',
X'962396B78DAA98DFDCC0AC0C9B7D688EC121F5759EBA790A'
);

116
src-tauri/src/credentials/mod.rs Normal file
View File

@ -0,0 +1,116 @@
use serde::{Serialize, Deserialize};
use sqlx::{
FromRow,
Sqlite,
SqlitePool,
sqlite::SqliteRow,
Transaction,
types::Uuid,
};
use tokio_stream::StreamExt;
use crate::errors::*;
mod aws;
pub use aws::{AwsBaseCredential, AwsSessionCredential};
mod record;
pub use record::CredentialRecord;
mod session;
pub use session::AppSession;
mod crypto;
pub use crypto::Crypto;
#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
#[serde(tag = "type")]
pub enum Credential {
AwsBase(AwsBaseCredential),
AwsSession(AwsSessionCredential),
}
pub trait PersistentCredential: for<'a> Deserialize<'a> + Sized {
type Row: Send + Unpin + for<'r> FromRow<'r, SqliteRow>;
fn type_name() -> &'static str;
fn into_credential(self) -> Credential;
fn row_id(row: &Self::Row) -> Uuid;
fn from_row(row: Self::Row, crypto: &Crypto) -> Result<Self, LoadCredentialsError>;
// save_details needs to be implemented per-type because we don't know the number of parameters in advance
async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError>;
fn table_name() -> String {
format!("{}_credentials", Self::type_name())
}
async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let q = format!("SELECT * FROM {} WHERE id = ?", Self::table_name());
let row: Self::Row = sqlx::query_as(&q)
.bind(id)
.fetch_optional(pool)
.await?
.ok_or(LoadCredentialsError::NoCredentials)?;
Self::from_row(row, crypto)
}
async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let q = format!(
"SELECT * FROM {} WHERE id = (SELECT id FROM credentials WHERE name = ?)",
Self::table_name(),
);
let row: Self::Row = sqlx::query_as(&q)
.bind(name)
.fetch_optional(pool)
.await?
.ok_or(LoadCredentialsError::NoCredentials)?;
Self::from_row(row, crypto)
}
async fn load_default(crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let q = format!(
"SELECT details.*
FROM {} details
JOIN credentials c
ON c.id = details.id
AND c.is_default = 1",
Self::table_name(),
);
let row: Self::Row = sqlx::query_as(&q)
.fetch_optional(pool)
.await?
.ok_or(LoadCredentialsError::NoCredentials)?;
Self::from_row(row, crypto)
}
async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<(Uuid, Credential)>, LoadCredentialsError> {
let q = format!(
"SELECT details.*
FROM
{} details
JOIN credentials c
ON c.id = details.id
ORDER BY c.created_at",
Self::table_name(),
);
let mut rows = sqlx::query_as::<_, Self::Row>(&q).fetch(pool);
let mut creds = Vec::new();
while let Some(row) = rows.try_next().await? {
let id = Self::row_id(&row);
let cred = Self::from_row(row, crypto)?.into_credential();
creds.push((id, cred));
}
Ok(creds)
}
}

410
src-tauri/src/credentials/record.rs Normal file
View File

@ -0,0 +1,410 @@
use std::collections::HashMap;
use std::fmt::{self, Debug, Formatter};
use serde::{
Serialize,
Deserialize,
Serializer,
Deserializer,
};
use serde::de::{self, Visitor};
use sqlx::{
Error as SqlxError,
FromRow,
SqlitePool,
types::Uuid,
};
use tokio_stream::StreamExt;
use crate::errors::*;
use super::{
AwsBaseCredential,
Credential,
Crypto,
PersistentCredential,
};
#[derive(Debug, Clone, FromRow)]
struct CredentialRow {
id: Uuid,
name: String,
credential_type: String,
is_default: bool,
created_at: i64,
}
#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
pub struct CredentialRecord {
#[serde(serialize_with = "serialize_uuid")]
#[serde(deserialize_with = "deserialize_uuid")]
pub id: Uuid, // UUID so it can be generated on the frontend
pub name: String, // user-facing identifier so it can be changed
pub is_default: bool,
pub credential: Credential,
}
impl CredentialRecord {
pub async fn save(&self, crypto: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
let type_name = match &self.credential {
Credential::AwsBase(_) => AwsBaseCredential::type_name(),
_ => return Err(SaveCredentialsError::NotPersistent),
};
// if the credential being saved is default, make sure it's the only default of its type
let mut txn = pool.begin().await?;
if self.is_default {
sqlx::query!(
"UPDATE credentials SET is_default = 0 WHERE credential_type = ?",
type_name
).execute(&mut *txn).await?;
}
// save to parent credentials table
let res = sqlx::query!(
"INSERT INTO credentials (id, name, credential_type, is_default, created_at)
VALUES (?, ?, ?, ?, strftime('%s'))
ON CONFLICT(id) DO UPDATE SET
name = excluded.name,
credential_type = excluded.credential_type,
is_default = excluded.is_default",
self.id, self.name, type_name, self.is_default
).execute(&mut *txn).await;
// if id is unique, but name is not, we will get an error
// (if id is not unique, this becomes an upsert due to ON CONFLICT clause)
match res {
Err(SqlxError::Database(e)) if e.is_unique_violation() => Err(SaveCredentialsError::Duplicate),
Err(e) => Err(SaveCredentialsError::DbError(e)),
Ok(_) => Ok(())
}?;
// save credential details to child table
match &self.credential {
Credential::AwsBase(b) => b.save_details(&self.id, crypto, &mut txn).await,
_ => Err(SaveCredentialsError::NotPersistent),
}?;
// make it real
txn.commit().await?;
Ok(())
}
fn from_parts(row: CredentialRow, credential: Credential) -> Self {
CredentialRecord {
id: row.id,
name: row.name,
is_default: row.is_default,
credential,
}
}
async fn load_credential(row: CredentialRow, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let credential = match row.credential_type.as_str() {
"aws" => Credential::AwsBase(AwsBaseCredential::load(&row.id, crypto, pool).await?),
_ => return Err(LoadCredentialsError::InvalidData),
};
Ok(Self::from_parts(row, credential))
}
pub async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE id = ?")
.bind(id)
.fetch_optional(pool)
.await?
.ok_or(LoadCredentialsError::NoCredentials)?;
Self::load_credential(row, crypto, pool).await
}
pub async fn load_default(credential_type: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let row: CredentialRow = sqlx::query_as(
"SELECT * FROM credentials
WHERE credential_type = ? AND is_default = 1"
).bind(credential_type)
.fetch_optional(pool)
.await?
.ok_or(LoadCredentialsError::NoCredentials)?;
Self::load_credential(row, crypto, pool).await
}
pub async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<Self>, LoadCredentialsError> {
let mut parent_rows = sqlx::query_as::<_, CredentialRow>(
"SELECT * FROM credentials"
).fetch(pool);
let mut parent_map = HashMap::new();
while let Some(row) = parent_rows.try_next().await? {
parent_map.insert(row.id, row);
}
let mut records = Vec::with_capacity(parent_map.len());
for (id, credential) in AwsBaseCredential::list(crypto, pool).await? {
let parent = parent_map.remove(&id)
.ok_or(LoadCredentialsError::InvalidData)?;
records.push(Self::from_parts(parent, credential));
}
Ok(records)
}
pub async fn rekey(old: &Crypto, new: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
for record in Self::list(old, pool).await? {
record.save(new, pool).await?;
}
Ok(())
}
}
fn serialize_uuid<S: Serializer>(u: &Uuid, s: S) -> Result<S::Ok, S::Error> {
let mut buf = Uuid::encode_buffer();
s.serialize_str(u.as_hyphenated().encode_lower(&mut buf))
}
struct UuidVisitor;
impl<'de> Visitor<'de> for UuidVisitor {
type Value = Uuid;
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
write!(formatter, "a hyphenated UUID")
}
fn visit_str<E: de::Error>(self, v: &str) -> Result<Uuid, E> {
Uuid::try_parse(v)
.map_err(|_| E::custom(format!("Could not interpret string as UUID: {v}")))
}
}
fn deserialize_uuid<'de, D: Deserializer<'de>>(ds: D) -> Result<Uuid, D::Error> {
ds.deserialize_str(UuidVisitor)
}
#[cfg(test)]
mod tests {
use super::*;
use sqlx::types::uuid::uuid;
fn aws_record() -> CredentialRecord {
let id = uuid!("00000000-0000-0000-0000-000000000000");
let aws = AwsBaseCredential::new(
"AKIAIOSFODNN7EXAMPLE".into(),
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
);
CredentialRecord {
id,
name: "test".into(),
is_default: true,
credential: Credential::AwsBase(aws),
}
}
fn aws_record_2() -> CredentialRecord {
let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff");
let aws = AwsBaseCredential::new(
"AKIAIOSFODNN7EXAMPL2".into(),
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(),
);
CredentialRecord {
id,
name: "test2".into(),
is_default: false,
credential: Credential::AwsBase(aws),
}
}
fn random_uuid() -> Uuid {
let bytes = Crypto::salt();
Uuid::from_slice(&bytes[..16]).unwrap()
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_load_aws(pool: SqlitePool) {
let crypt = Crypto::fixed();
let id = uuid!("00000000-0000-0000-0000-000000000000");
let loaded = CredentialRecord::load(&id, &crypt, &pool).await
.expect("Failed to load record");
assert_eq!(aws_record(), loaded);
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_load_aws_default(pool: SqlitePool) {
let crypt = Crypto::fixed();
let loaded = CredentialRecord::load_default("aws", &crypt, &pool).await
.expect("Failed to load record");
assert_eq!(aws_record(), loaded);
}
#[sqlx::test]
async fn test_save_aws(pool: SqlitePool) {
let crypt = Crypto::random();
let mut record = aws_record();
record.id = random_uuid();
aws_record().save(&crypt, &pool).await
.expect("Failed to save record");
}
#[sqlx::test]
async fn test_save_load(pool: SqlitePool) {
let crypt = Crypto::random();
let mut record = aws_record();
record.id = random_uuid();
record.save(&crypt, &pool).await
.expect("Failed to save record");
let loaded = CredentialRecord::load(&record.id, &crypt, &pool).await
.expect("Failed to load record");
assert_eq!(record, loaded);
}
#[sqlx::test]
async fn test_overwrite_aws(pool: SqlitePool) {
let crypt = Crypto::fixed();
let original = aws_record();
original.save(&crypt, &pool).await
.expect("Failed to save first record");
let mut updated = aws_record_2();
updated.id = original.id;
updated.save(&crypt, &pool).await
.expect("Failed to overwrite first record with second record");
// make sure update went through
let loaded = CredentialRecord::load(&updated.id, &crypt, &pool).await.unwrap();
assert_eq!(updated, loaded);
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_duplicate_name(pool: SqlitePool) {
let crypt = Crypto::random();
let mut record = aws_record();
record.id = random_uuid();
let resp = record.save(&crypt, &pool).await;
if !matches!(resp, Err(SaveCredentialsError::Duplicate)) {
panic!("Attempt to create duplicate entry returned {resp:?}")
}
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_change_default(pool: SqlitePool) {
let crypt = Crypto::fixed();
let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff");
// confirm that record as it currently exists in the database is not default
let mut record = CredentialRecord::load(&id, &crypt, &pool).await
.expect("Failed to load record");
assert!(!record.is_default);
record.is_default = true;
record.save(&crypt, &pool).await
.expect("Failed to save record");
let loaded = CredentialRecord::load(&id, &crypt, &pool).await
.expect("Failed to re-load record");
assert!(loaded.is_default);
let other_id = uuid!("00000000-0000-0000-0000-000000000000");
let other_loaded = CredentialRecord::load(&other_id, &crypt, &pool).await
.expect("Failed to load other credential");
assert!(!other_loaded.is_default);
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_list(pool: SqlitePool) {
let crypt = Crypto::fixed();
let records = CredentialRecord::list(&crypt, &pool).await
.expect("Failed to list credentials");
assert_eq!(aws_record(), records[0]);
assert_eq!(aws_record_2(), records[1]);
}
#[sqlx::test(fixtures("aws_credentials"))]
async fn test_rekey(pool: SqlitePool) {
let old = Crypto::fixed();
let new = Crypto::random();
CredentialRecord::rekey(&old, &new, &pool).await
.expect("Failed to rekey credentials");
let records = CredentialRecord::list(&new, &pool).await
.expect("Failed to re-list credentials");
assert_eq!(aws_record(), records[0]);
assert_eq!(aws_record_2(), records[1]);
}
}
#[cfg(test)]
mod uuid_tests {
use super::*;
use sqlx::types::uuid::uuid;
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
struct UuidWrapper {
#[serde(serialize_with = "serialize_uuid")]
#[serde(deserialize_with = "deserialize_uuid")]
id: Uuid,
}
#[test]
fn test_serialize_uuid() {
let u = UuidWrapper {
id: uuid!("693f84d2-4c1b-41e5-8483-cbe178324e04")
};
let computed = serde_json::to_string(&u).unwrap();
assert_eq!(
"{\"id\":\"693f84d2-4c1b-41e5-8483-cbe178324e04\"}",
&computed,
);
}
#[test]
fn test_deserialize_uuid() {
let s = "{\"id\":\"045bd359-8630-4b76-9b7d-e4a86ed2222c\"}";
let computed = serde_json::from_str(s).unwrap();
let expected = UuidWrapper {
id: uuid!("045bd359-8630-4b76-9b7d-e4a86ed2222c"),
};
assert_eq!(expected, computed);
}
#[test]
fn test_serialize_deserialize_uuid() {
let buf = Crypto::salt();
let expected = UuidWrapper{
id: Uuid::from_slice(&buf[..16]).unwrap()
};
let serialized = serde_json::to_string(&expected).unwrap();
let computed = serde_json::from_str(&serialized).unwrap();
assert_eq!(expected, computed)
}
}

120
src-tauri/src/credentials/session.rs Normal file
View File

@ -0,0 +1,120 @@
use chacha20poly1305::XNonce;
use sqlx::SqlitePool;
use crate::errors::*;
use crate::kv;
use super::Crypto;
#[derive(Clone, Debug)]
pub enum AppSession {
Unlocked {
salt: [u8; 32],
crypto: Crypto,
},
Locked {
salt: [u8; 32],
verify_nonce: XNonce,
verify_blob: Vec<u8>
},
Empty,
}
impl AppSession {
pub fn new(passphrase: &str) -> Result<Self, CryptoError> {
let salt = Crypto::salt();
let crypto = Crypto::new(passphrase, &salt)?;
Ok(Self::Unlocked {salt, crypto})
}
pub fn unlock(&mut self, passphrase: &str) -> Result<(), UnlockError> {
let (salt, nonce, blob) = match self {
Self::Empty => return Err(UnlockError::NoCredentials),
Self::Unlocked {..} => return Err(UnlockError::NotLocked),
Self::Locked {salt, verify_nonce, verify_blob} => (salt, verify_nonce, verify_blob),
};
let crypto = Crypto::new(passphrase, salt)
.map_err(|e| CryptoError::Argon2(e))?;
// if passphrase is incorrect, this will fail
let _verify = crypto.decrypt(&nonce, &blob)?;
*self = Self::Unlocked {crypto, salt: *salt};
Ok(())
}
pub async fn load(pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
match kv::load_bytes_multi!(pool, "salt", "verify_nonce", "verify_blob").await? {
Some((salt, nonce, blob)) => {
Ok(Self::Locked {
salt: salt.try_into().map_err(|_| LoadCredentialsError::InvalidData)?,
// note: replace this with try_from at some point
verify_nonce: XNonce::clone_from_slice(&nonce),
verify_blob: blob,
})
},
None => Ok(Self::Empty),
}
}
pub async fn save(&self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
match self {
Self::Unlocked {salt, crypto} => {
let (nonce, blob) = crypto.encrypt(b"correct horse battery staple")?;
kv::save_bytes(pool, "salt", salt).await?;
kv::save_bytes(pool, "verify_nonce", &nonce.as_slice()).await?;
kv::save_bytes(pool, "verify_blob", &blob).await?;
},
Self::Locked {salt, verify_nonce, verify_blob} => {
kv::save_bytes(pool, "salt", salt).await?;
kv::save_bytes(pool, "verify_nonce", &verify_nonce.as_slice()).await?;
kv::save_bytes(pool, "verify_blob", verify_blob).await?;
},
// "saving" an empty session just means doing nothing
Self::Empty => (),
};
Ok(())
}
pub async fn reset(&mut self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
match self {
Self::Unlocked {..} | Self::Locked {..} => {
kv::delete_multi(pool, &["salt", "verify_nonce", "verify_blob"]).await?;
*self = Self::Empty;
},
Self::Empty => (),
}
Ok(())
}
pub fn try_get_crypto(&self) -> Result<&Crypto, GetCredentialsError> {
match self {
Self::Empty => Err(GetCredentialsError::Empty),
Self::Locked {..} => Err(GetCredentialsError::Locked),
Self::Unlocked {crypto, ..} => Ok(crypto),
}
}
pub fn try_encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), GetCredentialsError> {
let crypto = match self {
Self::Empty => return Err(GetCredentialsError::Empty),
Self::Locked {..} => return Err(GetCredentialsError::Locked),
Self::Unlocked {crypto, ..} => crypto,
};
let res = crypto.encrypt(data)?;
Ok(res)
}
pub fn try_decrypt(&self, nonce: XNonce, data: &[u8]) -> Result<Vec<u8>, GetCredentialsError> {
let crypto = match self {
Self::Empty => return Err(GetCredentialsError::Empty),
Self::Locked {..} => return Err(GetCredentialsError::Locked),
Self::Unlocked {crypto, ..} => crypto,
};
let res = crypto.decrypt(&nonce, data)?;
Ok(res)
}
}

71
src-tauri/src/errors.rs
View File

@ -6,8 +6,9 @@ use strum_macros::AsRefStr;
use thiserror::Error as ThisError;
use aws_sdk_sts::{
types::SdkError as AwsSdkError,
error::GetSessionTokenError,
error::SdkError as AwsSdkError,
operation::get_session_token::GetSessionTokenError,
error::ProvideErrorMetadata,
};
use rfd::{
AsyncMessageDialog,
@ -127,10 +128,10 @@ pub enum SetupError {
InvalidRecord, // e.g. wrong size blob for nonce or salt
#[error("Error from database: {0}")]
DbError(#[from] SqlxError),
#[error("Error loading data: {0}")]
KvError(#[from] LoadKvError),
#[error("Error running migrations: {0}")]
MigrationError(#[from] MigrateError),
#[error("Error parsing configuration from database")]
ConfigParseError(#[from] serde_json::Error),
#[error("Failed to set up start-on-login: {0}")]
AutoLaunchError(#[from] auto_launch::Error),
#[error("Failed to start listener: {0}")]
@ -208,6 +209,12 @@ pub enum GetCredentialsError {
Locked,
#[error("No credentials are known")]
Empty,
#[error(transparent)]
Crypto(#[from] CryptoError),
#[error(transparent)]
Load(#[from] LoadCredentialsError),
#[error(transparent)]
GetSession(#[from] GetSessionError),
}
@ -245,12 +252,58 @@ pub enum UnlockError {
pub enum LockError {
#[error("App is not unlocked")]
NotUnlocked,
#[error("Database error: {0}")]
DbError(#[from] SqlxError),
#[error(transparent)]
LoadCredentials(#[from] LoadCredentialsError),
#[error(transparent)]
Setup(#[from] SetupError),
#[error(transparent)]
TauriError(#[from] tauri::Error),
#[error(transparent)]
Crypto(#[from] CryptoError),
}
#[derive(Debug, ThisError, AsRefStr)]
pub enum SaveCredentialsError {
#[error("Database error: {0}")]
DbError(#[from] SqlxError),
#[error("Encryption error: {0}")]
Crypto(#[from] CryptoError),
#[error(transparent)]
Session(#[from] GetCredentialsError),
#[error("App is locked")]
Locked,
#[error("Credential is temporary and cannot be saved")]
NotPersistent,
#[error("A credential with that name already exists")]
Duplicate,
// rekeying is fundamentally a save operation,
// but involves loading in order to re-save
#[error(transparent)]
LoadCredentials(#[from] LoadCredentialsError),
}
#[derive(Debug, ThisError, AsRefStr)]
pub enum LoadCredentialsError {
#[error("Database error: {0}")]
DbError(#[from] SqlxError),
#[error("Invalid passphrase")] // pretty sure this is the only way decryption fails
Encryption(#[from] CryptoError),
#[error("Credentials not found")]
NoCredentials,
#[error("Could not decode credential data")]
InvalidData,
#[error(transparent)]
LoadKv(#[from] LoadKvError),
}
#[derive(Debug, ThisError, AsRefStr)]
pub enum LoadKvError {
#[error("Database error: {0}")]
DbError(#[from] SqlxError),
#[error("Could not parse value from database: {0}")]
Invalid(#[from] serde_json::Error),
}
@ -260,6 +313,10 @@ pub enum CryptoError {
Argon2(#[from] argon2::Error),
#[error("Invalid passphrase")] // I think this is the only way decryption fails
Aead(#[from] chacha20poly1305::aead::Error),
#[error("App is currently locked")]
Locked,
#[error("No passphrase has been specified")]
Empty,
}
@ -377,6 +434,8 @@ impl_serialize_basic!(GetCredentialsError);
impl_serialize_basic!(ClientInfoError);
impl_serialize_basic!(WindowError);
impl_serialize_basic!(LockError);
impl_serialize_basic!(SaveCredentialsError);
impl_serialize_basic!(LoadCredentialsError);
impl Serialize for HandlerError {

13
src-tauri/src/fixtures/kv.sql Normal file
View File

@ -0,0 +1,13 @@
INSERT INTO kv (name, value)
VALUES
-- b"hello world" (raw bytes)
('test_bytes', X'68656C6C6F20776F726C64'),
-- b"\"hello world\"" (JSON string)
('test_string', X'2268656C6C6F20776F726C6422'),
-- b"123" (JSON integer)
('test_int', X'313233'),
-- b"true" (JSON bool)
('test_bool', X'74727565')

92
src-tauri/src/ipc.rs
View File

@ -1,8 +1,12 @@
use serde::{Serialize, Deserialize};
use tauri::State;
use sqlx::types::Uuid;
use tauri::{AppHandle, State};
use crate::config::AppConfig;
use crate::credentials::{Session,BaseCredentials};
use crate::credentials::{
AppSession,
CredentialRecord
};
use crate::errors::*;
use crate::clientinfo::Client;
use crate::state::AppState;
@ -17,6 +21,32 @@ pub struct AwsRequestNotification {
}
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct SshRequestNotification {
pub id: u64,
pub client: Client,
pub key_name: String,
}
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(tag = "type")]
pub enum RequestNotification {
Aws(AwsRequestNotification),
Ssh(SshRequestNotification),
}
impl RequestNotification {
pub fn new_aws(id: u64, client: Client, base: bool) -> Self {
Self::Aws(AwsRequestNotification {id, client, base})
}
pub fn new_ssh(id: u64, client: Client, key_name: String) -> Self {
Self::Ssh(SshRequestNotification {id, client, key_name})
}
}
#[derive(Debug, Serialize, Deserialize)]
pub struct RequestResponse {
pub id: u64,
@ -44,13 +74,31 @@ pub async fn unlock(passphrase: String, app_state: State<'_, AppState>) -> Resul
}
#[tauri::command]
pub async fn lock(app_state: State<'_, AppState>) -> Result<(), LockError> {
app_state.lock().await
}
#[tauri::command]
pub async fn reset_session(app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
app_state.reset_session().await
}
#[tauri::command]
pub async fn set_passphrase(passphrase: &str, app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
app_state.set_passphrase(passphrase).await
}
#[tauri::command]
pub async fn get_session_status(app_state: State<'_, AppState>) -> Result<String, ()> {
let session = app_state.session.read().await;
let session = app_state.app_session.read().await;
let status = match *session {
Session::Locked(_) => "locked".into(),
Session::Unlocked{..} => "unlocked".into(),
Session::Empty => "empty".into()
AppSession::Locked{..} => "locked".into(),
AppSession::Unlocked{..} => "unlocked".into(),
AppSession::Empty => "empty".into(),
};
Ok(status)
}
@ -64,12 +112,25 @@ pub async fn signal_activity(app_state: State<'_, AppState>) -> Result<(), ()> {
#[tauri::command]
pub async fn save_credentials(
credentials: BaseCredentials,
passphrase: String,
pub async fn save_credential(
record: CredentialRecord,
app_state: State<'_, AppState>
) -> Result<(), UnlockError> {
app_state.new_creds(credentials, &passphrase).await
) -> Result<(), SaveCredentialsError> {
app_state.save_credential(record).await
}
#[tauri::command]
pub async fn delete_credential(id: &str, app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
let id = Uuid::try_parse(id)
.map_err(|_| LoadCredentialsError::NoCredentials)?;
app_state.delete_credential(&id).await
}
#[tauri::command]
pub async fn list_credentials(app_state: State<'_, AppState>) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
app_state.list_credentials().await
}
@ -91,7 +152,8 @@ pub async fn save_config(config: AppConfig, app_state: State<'_, AppState>) -> R
#[tauri::command]
pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> {
terminal::launch(base).await
let res = terminal::launch(base).await;
res
}
@ -99,3 +161,9 @@ pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> {
pub async fn get_setup_errors(app_state: State<'_, AppState>) -> Result<Vec<String>, ()> {
Ok(app_state.setup_errors.clone())
}
#[tauri::command]
pub fn exit(app_handle: AppHandle) {
app_handle.exit(0)
}

210
src-tauri/src/kv.rs Normal file
View File

@ -0,0 +1,210 @@
use serde::Serialize;
use serde::de::DeserializeOwned;
use sqlx::SqlitePool;
use crate::errors::*;
pub async fn save<T>(pool: &SqlitePool, name: &str, value: &T) -> Result<(), sqlx::Error>
where T: Serialize + ?Sized
{
let bytes = serde_json::to_vec(value).unwrap();
save_bytes(pool, name, &bytes).await
}
pub async fn save_bytes(pool: &SqlitePool, name: &str, bytes: &[u8]) -> Result<(), sqlx::Error> {
sqlx::query!(
"INSERT INTO kv (name, value) VALUES (?, ?)
ON CONFLICT(name) DO UPDATE SET value = excluded.value;",
name,
bytes,
).execute(pool).await?;
Ok(())
}
pub async fn load<T>(pool: &SqlitePool, name: &str) -> Result<Option<T>, LoadKvError>
where T: DeserializeOwned
{
let v = load_bytes(pool, name)
.await?
.map(|bytes| serde_json::from_slice(&bytes))
.transpose()?;
Ok(v)
}
pub async fn load_bytes(pool: &SqlitePool, name: &str) -> Result<Option<Vec<u8>>, sqlx::Error> {
sqlx::query!("SELECT name, value FROM kv WHERE name = ?", name)
.map(|row| row.value)
.fetch_optional(pool)
.await
.map(|o| o.flatten())
}
pub async fn delete(pool: &SqlitePool, name: &str) -> Result<(), sqlx::Error> {
sqlx::query!("DELETE FROM kv WHERE name = ?", name)
.execute(pool)
.await?;
Ok(())
}
pub async fn delete_multi(pool: &SqlitePool, names: &[&str]) -> Result<(), sqlx::Error> {
let placeholder = names.iter()
.map(|_| "?")
.collect::<Vec<&str>>()
.join(",");
let query = format!("DELETE FROM kv WHERE name IN ({})", placeholder);
let mut q = sqlx::query(&query);
for name in names {
q = q.bind(name);
}
q.execute(pool).await?;
Ok(())
}
macro_rules! load_bytes_multi {
(
$pool:expr,
$($name:literal),*
) => {
// wrap everything up in an async block for easy short-circuiting...
async {
// ...returning a Result...
Ok::<_, sqlx::Error>(
//containing an Option...
Some(
// containing a tuple...
(
// ...with one item for each repetition of $name
$(
// load_bytes returns Result<Option<_>>, the Result is handled by
// the ? and we match on the Option
match crate::kv::load_bytes($pool, $name).await? {
Some(v) => v,
None => return Ok(None)
},
)*
)
)
)
}
}
}
pub(crate) use load_bytes_multi;
// macro_rules! load_multi {
// (
// $pool:expr,
// $($name:literal),*
// ) => {
// (|| {
// (
// $(
// match load(pool, $name)? {
// Some(v) => v,
// None => return Ok(None)
// },
// )*
// )
// })()
// }
// }
#[cfg(test)]
mod tests {
use super::*;
#[sqlx::test]
async fn test_save_bytes(pool: SqlitePool) {
save_bytes(&pool, "test_bytes", b"hello world").await
.expect("Failed to save bytes");
}
#[sqlx::test]
async fn test_save(pool: SqlitePool) {
save(&pool, "test_string", "hello world").await
.expect("Failed to save string");
save(&pool, "test_int", &123).await
.expect("Failed to save integer");
save(&pool, "test_bool", &true).await
.expect("Failed to save bool");
}
#[sqlx::test(fixtures("kv"))]
async fn test_load_bytes(pool: SqlitePool) {
let bytes = load_bytes(&pool, "test_bytes").await
.expect("Failed to load bytes")
.expect("Test data not found in database");
assert_eq!(bytes, Vec::from(b"hello world"));
}
#[sqlx::test(fixtures("kv"))]
async fn test_load(pool: SqlitePool) {
let string: String = load(&pool, "test_string").await
.expect("Failed to load string")
.expect("Test data not found in database");
assert_eq!(string, "hello world".to_string());
let integer: usize = load(&pool, "test_int").await
.expect("Failed to load integer")
.expect("Test data not found in database");
assert_eq!(integer, 123);
let boolean: bool = load(&pool, "test_bool").await
.expect("Failed to load boolean")
.expect("Test data not found in database");
assert_eq!(boolean, true);
}
#[sqlx::test(fixtures("kv"))]
async fn test_load_multi(pool: SqlitePool) {
let (bytes, boolean) = load_bytes_multi!(&pool, "test_bytes", "test_bool")
.await
.expect("Failed to load items")
.expect("Test data not found in database");
assert_eq!(bytes, Vec::from(b"hello world"));
assert_eq!(boolean, Vec::from(b"true"));
}
#[sqlx::test(fixtures("kv"))]
async fn test_delete(pool: SqlitePool) {
delete(&pool, "test_bytes").await
.expect("Failed to delete data");
let loaded = load_bytes(&pool, "test_bytes").await
.expect("Failed to load data");
assert_eq!(loaded, None);
}
#[sqlx::test(fixtures("kv"))]
async fn test_delete_multi(pool: SqlitePool) {
delete_multi(&pool, &["test_bytes", "test_string"]).await
.expect("Failed to delete keys");
let bytes_opt = load_bytes(&pool, "test_bytes").await
.expect("Failed to load bytes");
assert_eq!(bytes_opt, None);
let string_opt = load_bytes(&pool, "test_string").await
.expect("Failed to load string");
assert_eq!(string_opt, None);
}
}

3
src-tauri/src/lib.rs
View File

@ -5,8 +5,9 @@ mod credentials;
pub mod errors;
mod clientinfo;
mod ipc;
mod kv;
mod state;
mod server;
pub mod server;
mod shortcuts;
mod terminal;
mod tray;

24
src-tauri/src/server/mod.rs
View File

@ -7,8 +7,11 @@ use tauri::{AppHandle, Manager};
use crate::errors::*;
use crate::clientinfo::{self, Client};
use crate::credentials::Credentials;
use crate::ipc::{Approval, AwsRequestNotification};
use crate::credentials::{
AwsBaseCredential,
AwsSessionCredential,
};
use crate::ipc::{Approval, RequestNotification};
use crate::state::AppState;
use crate::shortcuts::{self, ShortcutAction};
@ -26,6 +29,8 @@ pub use server_unix::Server;
#[cfg(unix)]
use server_unix::Stream;
pub mod ssh_agent;
#[derive(Serialize, Deserialize)]
pub enum Request {
@ -38,7 +43,8 @@ pub enum Request {
#[derive(Debug, Serialize, Deserialize)]
pub enum Response {
Aws(Credentials),
AwsBase(AwsBaseCredential),
AwsSession(AwsSessionCredential),
Empty,
}
@ -125,8 +131,8 @@ async fn get_aws_credentials(
// but ? returns immediately, and we want to unregister the request before returning
// so we bundle it all up in an async block and return a Result so we can handle errors
let proceed = async {
let notification = AwsRequestNotification {id: request_id, client, base};
app_handle.emit("credentials-request", &notification)?;
let notification = RequestNotification::new_aws(request_id, client, base);
app_handle.emit("credential-request", &notification)?;
let response = tokio::select! {
r = chan_recv => r?,
@ -139,12 +145,12 @@ async fn get_aws_credentials(
match response.approval {
Approval::Approved => {
if response.base {
let creds = state.base_creds_cloned().await?;
Ok(Response::Aws(Credentials::Base(creds)))
let creds = state.get_aws_default().await?;
Ok(Response::AwsBase(creds))
}
else {
let creds = state.session_creds_cloned().await?;
Ok(Response::Aws(Credentials::Session(creds)))
let creds = state.get_aws_default_session().await?;
Ok(Response::AwsSession(creds.clone()))
}
},
Approval::Denied => Err(HandlerError::Denied),

77
src-tauri/src/server/ssh_agent.rs Normal file
View File

@ -0,0 +1,77 @@
use signature::Signer;
use ssh_agent_lib::agent::{Agent, Session};
use ssh_agent_lib::proto::message::Message;
use ssh_key::public::PublicKey;
use ssh_key::private::PrivateKey;
use tokio::net::UnixListener;
struct SshAgent;
impl std::default::Default for SshAgent {
fn default() -> Self {
SshAgent {}
}
}
#[ssh_agent_lib::async_trait]
impl Session for SshAgent {
async fn handle(&mut self, message: Message) -> Result<Message, Box<dyn std::error::Error>> {
println!("Received message");
match message {
Message::RequestIdentities => {
let p = std::path::PathBuf::from("/home/joe/.ssh/id_ed25519.pub");
let pubkey = PublicKey::read_openssh_file(&p).unwrap();
let id = ssh_agent_lib::proto::message::Identity {
pubkey_blob: pubkey.to_bytes().unwrap(),
comment: pubkey.comment().to_owned(),
};
Ok(Message::IdentitiesAnswer(vec![id]))
},
Message::SignRequest(req) => {
println!("Received sign request");
let mut req_bytes = vec![13];
encode_string(&mut req_bytes, &req.pubkey_blob);
encode_string(&mut req_bytes, &req.data);
req_bytes.extend(req.flags.to_be_bytes());
std::fs::File::create("/tmp/signreq").unwrap().write(&req_bytes).unwrap();
let p = std::path::PathBuf::from("/home/joe/.ssh/id_ed25519");
let passphrase = std::env::var("PRIVKEY_PASSPHRASE").unwrap();
let privkey = PrivateKey::read_openssh_file(&p)
.unwrap()
.decrypt(passphrase.as_bytes())
.unwrap();
let sig = Signer::sign(&privkey, &req.data);
use std::io::Write;
std::fs::File::create("/tmp/sig").unwrap().write(sig.as_bytes()).unwrap();
let mut payload = Vec::with_capacity(128);
encode_string(&mut payload, "ssh-ed25519".as_bytes());
encode_string(&mut payload, sig.as_bytes());
println!("Payload length: {}", payload.len());
std::fs::File::create("/tmp/payload").unwrap().write(&payload).unwrap();
Ok(Message::SignResponse(payload))
},
_ => Ok(Message::Failure),
}
}
}
fn encode_string(buf: &mut Vec<u8>, s: &[u8]) {
let len = s.len() as u32;
buf.extend(len.to_be_bytes());
buf.extend(s);
}
pub async fn run() {
let socket = "/tmp/creddy-agent.sock";
let _ = std::fs::remove_file(socket);
let listener = UnixListener::bind(socket).unwrap();
SshAgent.listen(listener).await.unwrap();
}

198
src-tauri/src/state.rs
View File

@ -1,12 +1,14 @@
use std::collections::HashMap;
use std::collections::hash_map::Entry;
use std::time::Duration;
use time::OffsetDateTime;
use tokio::{
sync::RwLock,
sync::{RwLock, RwLockReadGuard},
sync::oneshot::{self, Sender},
};
use sqlx::SqlitePool;
use sqlx::types::Uuid;
use tauri::{
Manager,
async_runtime as rt,
@ -14,12 +16,17 @@ use tauri::{
use crate::app;
use crate::credentials::{
Session,
BaseCredentials,
SessionCredentials,
AppSession,
AwsSessionCredential,
};
use crate::{config, config::AppConfig};
use crate::ipc::{self, Approval, RequestResponse};
use crate::credentials::{
AwsBaseCredential,
Credential,
CredentialRecord,
PersistentCredential
};
use crate::ipc::{self, RequestResponse};
use crate::errors::*;
use crate::shortcuts;
@ -101,7 +108,9 @@ impl VisibilityLease {
#[derive(Debug)]
pub struct AppState {
pub config: RwLock<AppConfig>,
pub session: RwLock<Session>,
pub app_session: RwLock<AppSession>,
// session cache is keyed on id rather than name because names can change
pub aws_sessions: RwLock<HashMap<Uuid, AwsSessionCredential>>,
pub last_activity: RwLock<OffsetDateTime>,
pub request_count: RwLock<u64>,
pub waiting_requests: RwLock<HashMap<u64, Sender<RequestResponse>>>,
@ -116,14 +125,15 @@ pub struct AppState {
impl AppState {
pub fn new(
config: AppConfig,
session: Session,
app_session: AppSession,
pool: SqlitePool,
setup_errors: Vec<String>,
desktop_is_gnome: bool,
) -> AppState {
AppState {
config: RwLock::new(config),
session: RwLock::new(session),
app_session: RwLock::new(app_session),
aws_sessions: RwLock::new(HashMap::new()),
last_activity: RwLock::new(OffsetDateTime::now_utc()),
request_count: RwLock::new(0),
waiting_requests: RwLock::new(HashMap::new()),
@ -135,12 +145,43 @@ impl AppState {
}
}
pub async fn new_creds(&self, base_creds: BaseCredentials, passphrase: &str) -> Result<(), UnlockError> {
let locked = base_creds.encrypt(passphrase)?;
// do this first so that if it fails we don't save bad credentials
self.new_session(base_creds).await?;
locked.save(&self.pool).await?;
pub async fn save_credential(&self, record: CredentialRecord) -> Result<(), SaveCredentialsError> {
let session = self.app_session.read().await;
let crypto = session.try_get_crypto()?;
record.save(crypto, &self.pool).await
}
pub async fn delete_credential(&self, id: &Uuid) -> Result<(), SaveCredentialsError> {
sqlx::query!("DELETE FROM credentials WHERE id = ?", id)
.execute(&self.pool)
.await?;
Ok(())
}
pub async fn list_credentials(&self) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
let session = self.app_session.read().await;
let crypto = session.try_get_crypto()?;
let list = CredentialRecord::list(crypto, &self.pool).await?;
Ok(list)
}
pub async fn set_passphrase(&self, passphrase: &str) -> Result<(), SaveCredentialsError> {
let mut cur_session = self.app_session.write().await;
if let AppSession::Locked {..} = *cur_session {
return Err(SaveCredentialsError::Locked);
}
let new_session = AppSession::new(passphrase)?;
if let AppSession::Unlocked {salt: _, ref crypto} = *cur_session {
CredentialRecord::rekey(
crypto,
new_session.try_get_crypto().expect("AppSession::new() should always return Unlocked"),
&self.pool,
).await?;
}
new_session.save(&self.pool).await?;
*cur_session = new_session;
Ok(())
}
@ -187,11 +228,6 @@ impl AppState {
}
pub async fn send_response(&self, response: ipc::RequestResponse) -> Result<(), SendResponseError> {
if let Approval::Approved = response.approval {
let mut session = self.session.write().await;
session.renew_if_expired().await?;
}
let mut waiting_requests = self.waiting_requests.write().await;
waiting_requests
.remove(&response.id)
@ -201,24 +237,17 @@ impl AppState {
}
pub async fn unlock(&self, passphrase: &str) -> Result<(), UnlockError> {
let base_creds = match *self.session.read().await {
Session::Empty => {return Err(UnlockError::NoCredentials);},
Session::Unlocked{..} => {return Err(UnlockError::NotLocked);},
Session::Locked(ref locked) => locked.decrypt(passphrase)?,
};
// Read lock is dropped here, so this doesn't deadlock
self.new_session(base_creds).await?;
Ok(())
let mut session = self.app_session.write().await;
session.unlock(passphrase)
}
pub async fn lock(&self) -> Result<(), LockError> {
let mut session = self.session.write().await;
let mut session = self.app_session.write().await;
match *session {
Session::Empty => Err(LockError::NotUnlocked),
Session::Locked(_) => Err(LockError::NotUnlocked),
Session::Unlocked{..} => {
*session = Session::load(&self.pool).await?;
AppSession::Empty => Err(LockError::NotUnlocked),
AppSession::Locked{..} => Err(LockError::NotUnlocked),
AppSession::Unlocked{..} => {
*session = AppSession::load(&self.pool).await?;
let app_handle = app::APP.get().unwrap();
app_handle.emit("locked", None::<usize>)?;
@ -228,6 +257,51 @@ impl AppState {
}
}
pub async fn reset_session(&self) -> Result<(), SaveCredentialsError> {
let mut session = self.app_session.write().await;
session.reset(&self.pool).await?;
sqlx::query!("DELETE FROM credentials").execute(&self.pool).await?;
Ok(())
}
pub async fn get_aws_default(&self) -> Result<AwsBaseCredential, GetCredentialsError> {
let app_session = self.app_session.read().await;
let crypto = app_session.try_get_crypto()?;
let record = CredentialRecord::load_default("aws", crypto, &self.pool).await?;
let creds = match record.credential {
Credential::AwsBase(b) => Ok(b),
_ => Err(LoadCredentialsError::NoCredentials)
}?;
Ok(creds)
}
pub async fn get_aws_default_session(&self) -> Result<RwLockReadGuard<'_, AwsSessionCredential>, GetCredentialsError> {
let app_session = self.app_session.read().await;
let crypto = app_session.try_get_crypto()?;
let record = CredentialRecord::load_default("aws", crypto, &self.pool).await?;
let base = match &record.credential {
Credential::AwsBase(b) => Ok(b),
_ => Err(LoadCredentialsError::NoCredentials)
}?;
{
let mut aws_sessions = self.aws_sessions.write().await;
match aws_sessions.entry(record.id) {
Entry::Vacant(e) => {
e.insert(AwsSessionCredential::from_base(&base).await?);
},
Entry::Occupied(mut e) if e.get().is_expired() => {
*(e.get_mut()) = AwsSessionCredential::from_base(&base).await?;
},
_ => ()
}
}
// we know the unwrap is safe, because we just made sure of it
let s = RwLockReadGuard::map(self.aws_sessions.read().await, |map| map.get(&record.id).unwrap());
Ok(s)
}
pub async fn signal_activity(&self) {
let mut last_activity = self.last_activity.write().await;
*last_activity = OffsetDateTime::now_utc();
@ -235,7 +309,7 @@ impl AppState {
pub async fn should_auto_lock(&self) -> bool {
let config = self.config.read().await;
if !config.auto_lock || !self.is_unlocked().await {
if !config.auto_lock || self.is_locked().await {
return false;
}
@ -244,28 +318,9 @@ impl AppState {
elapsed >= config.lock_after
}
pub async fn is_unlocked(&self) -> bool {
let session = self.session.read().await;
matches!(*session, Session::Unlocked{..})
}
pub async fn base_creds_cloned(&self) -> Result<BaseCredentials, GetCredentialsError> {
let app_session = self.session.read().await;
let (base, _session) = app_session.try_get()?;
Ok(base.clone())
}
pub async fn session_creds_cloned(&self) -> Result<SessionCredentials, GetCredentialsError> {
let app_session = self.session.read().await;
let (_base, session) = app_session.try_get()?;
Ok(session.clone())
}
async fn new_session(&self, base: BaseCredentials) -> Result<(), GetSessionError> {
let session = SessionCredentials::from_base(&base).await?;
let mut app_session = self.session.write().await;
*app_session = Session::Unlocked {base, session};
Ok(())
pub async fn is_locked(&self) -> bool {
let session = self.app_session.read().await;
matches!(*session, AppSession::Locked {..})
}
pub async fn register_terminal_request(&self) -> Result<(), ()> {
@ -285,3 +340,36 @@ impl AppState {
*req = false;
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::credentials::Crypto;
use sqlx::types::Uuid;
fn test_state(pool: SqlitePool) -> AppState {
let salt = [0u8; 32];
let crypto = Crypto::fixed();
AppState::new(
AppConfig::default(),
AppSession::Unlocked { salt, crypto },
pool,
vec![],
false,
)
}
#[sqlx::test(fixtures("./credentials/fixtures/aws_credentials.sql"))]
fn test_delete_credential(pool: SqlitePool) {
let state = test_state(pool);
let id = Uuid::try_parse("00000000-0000-0000-0000-000000000000").unwrap();
state.delete_credential(&id).await.unwrap();
// ensure delete-cascade went through correctly
let res = AwsBaseCredential::load(&id, &Crypto::fixed(), &state.pool).await;
assert!(matches!(res, Err(LoadCredentialsError::NoCredentials)));
}
}

82
src-tauri/src/terminal.rs
View File

@ -1,6 +1,8 @@
use std::process::Command;
use std::time::Duration;
use tauri::Manager;
use tauri::{AppHandle, Manager};
use tokio::time::sleep;
use crate::app::APP;
use crate::errors::*;
@ -16,6 +18,18 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> {
return Ok(());
}
let res = do_launch(app, use_base).await;
state.unregister_terminal_request().await;
res
}
// this handles most of the work, the outer function is just to ensure we properly
// unregister the request if there's an error
async fn do_launch(app: &AppHandle, use_base: bool) -> Result<(), LaunchTerminalError> {
let state = app.state::<AppState>();
let mut cmd = {
let config = state.config.read().await;
let mut cmd = Command::new(&config.terminal.exec);
@ -23,56 +37,50 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> {
cmd
};
// if session is locked or empty, wait for credentials from frontend
if !state.is_unlocked().await {
app.emit("launch-terminal-request", ())?;
// if session is locked, wait for credentials from frontend
if state.is_locked().await {
let lease = state.acquire_visibility_lease(0).await
.map_err(|_e| LaunchTerminalError::NoMainWindow)?; // automate conversion eventually?
let (tx, rx) = tokio::sync::oneshot::channel();
app.once("credentials-event", move |e| {
let success = match e.payload() {
"\"unlocked\"" | "\"entered\"" => true,
_ => false,
};
let _ = tx.send(success);
app.once("unlocked", move |_| {
let _ = tx.send(());
});
if !rx.await.unwrap_or(false) {
state.unregister_terminal_request().await;
return Ok(()); // request was canceled by user
}
lease.release();
}
// more lock-management
{
let app_session = state.session.read().await;
// session should really be unlocked at this point, but if the frontend misbehaves
// (i.e. lies about unlocking) we could end up here with a locked session
// this will result in an error popup to the user (see main hotkey handler)
let (base_creds, session_creds) = app_session.try_get()?;
if use_base {
cmd.env("AWS_ACCESS_KEY_ID", &base_creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", &base_creds.secret_access_key);
}
else {
cmd.env("AWS_ACCESS_KEY_ID", &session_creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", &session_creds.secret_access_key);
cmd.env("AWS_SESSION_TOKEN", &session_creds.session_token);
let timeout = Duration::from_secs(60);
tokio::select! {
// if the frontend is unlocked within 60 seconds, release visibility lock and proceed
_ = rx => lease.release(),
// otherwise, dump this request, but return Ok so we don't get an error popup
_ = sleep(timeout) => {
eprintln!("WARNING: Request to launch terminal timed out after 60 seconds.");
return Ok(());
},
}
}
let res = match cmd.spawn() {
// session should really be unlocked at this point, but if the frontend misbehaves
// (i.e. lies about unlocking) we could end up here with a locked session
// this will result in an error popup to the user (see main hotkey handler)
if use_base {
let base_creds = state.get_aws_default().await?;
cmd.env("AWS_ACCESS_KEY_ID", &base_creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", &base_creds.secret_access_key);
}
else {
let session_creds = state.get_aws_default_session().await?;
cmd.env("AWS_ACCESS_KEY_ID", &session_creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", &session_creds.secret_access_key);
cmd.env("AWS_SESSION_TOKEN", &session_creds.session_token);
}
match cmd.spawn() {
Ok(_) => Ok(()),
Err(e) if std::io::ErrorKind::NotFound == e.kind() => {
Err(ExecError::NotFound(cmd.get_program().to_owned()))
},
Err(e) => Err(ExecError::ExecutionFailed(e)),
};
}?;
state.unregister_terminal_request().await;
res?; // ? auto-conversion is more liberal than .into()
Ok(())
}

58
src/App.svelte
View File

@ -7,15 +7,22 @@ import { getVersion } from '@tauri-apps/api/app';
import { appState, acceptRequest, cleanupRequest } from './lib/state.js';
import { views, currentView, navigate } from './lib/routing.js';
import Approve from './views/Approve.svelte';
import CreatePassphrase from './views/CreatePassphrase.svelte';
import Unlock from './views/Unlock.svelte';
$views = import.meta.glob('./views/*.svelte', {eager: true});
navigate('Home');
// set up app state
invoke('get_config').then(config => $appState.config = config);
invoke('get_session_status').then(status => $appState.credentialStatus = status);
invoke('get_session_status').then(status => $appState.sessionStatus = status);
getVersion().then(version => $appState.appVersion = version);
invoke('get_setup_errors')
.then(errs => {
$appState.setupErrors = errs.map(e => ({msg: e, show: true}));
});
listen('credentials-request', (tauriEvent) => {
// set up event handlers
listen('credential-request', (tauriEvent) => {
$appState.pendingRequests.put(tauriEvent.payload);
});
@ -29,29 +36,17 @@ listen('request-cancelled', (tauriEvent) => {
}
});
listen('launch-terminal-request', async (tauriEvent) => {
if ($appState.currentRequest === null) {
let status = await invoke('get_session_status');
if (status === 'locked') {
navigate('Unlock');
}
else if (status === 'empty') {
navigate('EnterCredentials');
}
// else, session is unlocked, so do nothing
// (although we shouldn't even get the event in that case)
}
});
listen('locked', () => {
$appState.credentialStatus = 'locked';
$appState.sessionStatus = 'locked';
});
invoke('get_setup_errors')
.then(errs => {
$appState.setupErrors = errs.map(e => ({msg: e, show: true}));
});
// set up navigation
$views = import.meta.glob('./views/*.svelte', {eager: true});
navigate('Home');
// ready to rock and roll
acceptRequest();
</script>
@ -61,4 +56,17 @@ acceptRequest();
on:keydown={() => invoke('signal_activity')}
/>
<svelte:component this="{$currentView}" />
{#if $appState.sessionStatus === 'empty'}
<!-- Empty state (no passphrase) takes precedence over everything -->
<CreatePassphrase />
{:else if $appState.currentRequest !== null}
<!-- if a request is pending, show approval flow (will include unlock if necessary) -->
<Approve />
{:else if $appState.sessionStatus === 'locked'}
<!-- if session is locked and no request is pending, show unlock screen -->
<Unlock />
{:else}
<!-- normal operation -->
<svelte:component this="{$currentView}" />
{/if}

6
src/lib/state.js
View File

@ -7,7 +7,7 @@ import { navigate, currentView, previousView } from './routing.js';
export let appState = writable({
currentRequest: null,
pendingRequests: queue(),
credentialStatus: 'locked',
sessionStatus: 'locked',
setupErrors: [],
appVersion: '',
});
@ -25,11 +25,11 @@ export async function acceptRequest() {
export function cleanupRequest() {
currentView.set(get(previousView));
previousView.set(null);
appState.update($appState => {
$appState.currentRequest = null;
return $appState;
});
currentView.set(get(previousView));
previousView.set(null);
acceptRequest();
}

45
src/ui/ErrorAlert.svelte
View File

@ -7,11 +7,34 @@
export let slideDuration = 150;
let animationClass = "";
export function shake() {
let error = null;
function shake() {
animationClass = 'shake';
window.setTimeout(() => animationClass = "", 400);
}
export async function run(fallible) {
try {
const ret = await Promise.resolve(fallible());
error = null;
return ret;
}
catch (e) {
if (error) shake();
error = e;
// re-throw so it can be caught by the caller if necessary
throw e;
}
}
// this is a method rather than a prop so that we can re-shake every time
// the error occurs, even if the error message doesn't change
export function setError(e) {
if (error) shake();
error = e;
}
</script>
@ -51,17 +74,17 @@
</style>
<div in:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}">
<div>
{#if error}
<div transition:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}">
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" /></svg>
<span>
<slot></slot>
<slot {error}>{error.msg || error}</slot>
</span>
</div>
{#if $$slots.buttons}
<div>
<slot name="buttons"></slot>
</div>
{/if}
</div>
{#if $$slots.buttons}
<div>
<slot name="buttons"></slot>
</div>
{/if}
</div>
{/if}

2
src/ui/Icon.svelte
View File

@ -5,7 +5,7 @@
let classes = "";
export {classes as class};
let svg = ICONS[`./icons/${name}.svelte`].default;
$: svg = ICONS[`./icons/${name}.svelte`].default;
</script>
<svelte:component this={svg} class={classes} />

1
src/ui/Link.svelte
View File

@ -31,6 +31,7 @@
&& shift === event.shiftKey
) {
click();
event.preventDefault();
}
}
</script>

46
src/ui/PassphraseInput.svelte Normal file
View File

@ -0,0 +1,46 @@
<script>
import Icon from './Icon.svelte';
export let value = '';
export let placeholder = '';
export let autofocus = false;
let classes = '';
export {classes as class};
let show = false;
</script>
<style>
button {
border: 1px solid oklch(var(--bc) / 0.2);
border-left: none;
}
</style>
<div class="join w-full">
<input
type={show ? 'text' : 'password'}
{value} {placeholder} {autofocus}
on:input={e => value = e.target.value}
on:input on:change on:focus on:blur
class="input input-bordered flex-grow join-item placeholder:text-gray-500 {classes}"
/>
<button
type="button"
class="btn btn-ghost join-item swap swap-rotate"
class:swap-active={show}
on:click={() => show = !show}
>
<Icon
name="eye"
class="w-5 h-5 swap-off"
/>
<Icon
name="eye-slash"
class="w-5 h-5 swap-on"
/>
</button>
</div>

8
src/ui/icons/arrow-right-start-on-rectangle.svelte Normal file
View File

@ -0,0 +1,8 @@
<script>
let classes = '';
export {classes as class}
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0 0 13.5 3h-6a2.25 2.25 0 0 0-2.25 2.25v13.5A2.25 2.25 0 0 0 7.5 21h6a2.25 2.25 0 0 0 2.25-2.25V15m3 0 3-3m0 0-3-3m3 3H9" />
</svg>

8
src/ui/icons/command-line.svelte Normal file
View File

@ -0,0 +1,8 @@
<script>
let classes = '';
export {classes as class}
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="m6.75 7.5 3 2.25-3 2.25m4.5 0h3m-9 8.25h13.5A2.25 2.25 0 0 0 21 18V6a2.25 2.25 0 0 0-2.25-2.25H5.25A2.25 2.25 0 0 0 3 6v12a2.25 2.25 0 0 0 2.25 2.25Z" />
</svg>

9
src/ui/icons/eye-slash.svelte Normal file
View File

@ -0,0 +1,9 @@
<script>
let classes = "";
export {classes as class};
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="M3.98 8.223A10.477 10.477 0 0 0 1.934 12C3.226 16.338 7.244 19.5 12 19.5c.993 0 1.953-.138 2.863-.395M6.228 6.228A10.451 10.451 0 0 1 12 4.5c4.756 0 8.773 3.162 10.065 7.498a10.522 10.522 0 0 1-4.293 5.774M6.228 6.228 3 3m3.228 3.228 3.65 3.65m7.894 7.894L21 21m-3.228-3.228-3.65-3.65m0 0a3 3 0 1 0-4.243-4.243m4.242 4.242L9.88 9.88" />
</svg>

9
src/ui/icons/eye.svelte Normal file
View File

@ -0,0 +1,9 @@
<script>
let classes = "";
export {classes as class};
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="M2.036 12.322a1.012 1.012 0 0 1 0-.639C3.423 7.51 7.36 4.5 12 4.5c4.638 0 8.573 3.007 9.963 7.178.07.207.07.431 0 .639C20.577 16.49 16.64 19.5 12 19.5c-4.638 0-8.573-3.007-9.963-7.178Z" />
<path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" />
</svg>

8
src/ui/icons/key.svelte Normal file
View File

@ -0,0 +1,8 @@
<script>
let classes = '';
export {classes as class}
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="M15.75 5.25a3 3 0 0 1 3 3m3 0a6 6 0 0 1-7.029 5.912c-.563-.097-1.159.026-1.563.43L10.5 17.25H8.25v2.25H6v2.25H2.25v-2.818c0-.597.237-1.17.659-1.591l6.499-6.499c.404-.404.527-1 .43-1.563A6 6 0 1 1 21.75 8.25Z" />
</svg>

8
src/ui/icons/pencil.svelte Normal file
View File

@ -0,0 +1,8 @@
<script>
let classes = '';
export {classes as class};
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="m16.862 4.487 1.687-1.688a1.875 1.875 0 1 1 2.652 2.652L6.832 19.82a4.5 4.5 0 0 1-1.897 1.13l-2.685.8.8-2.685a4.5 4.5 0 0 1 1.13-1.897L16.863 4.487Zm0 0L19.5 7.125" />
</svg>

9
src/ui/icons/plus-circle-mini.svelte Normal file
View File

@ -0,0 +1,9 @@
<script>
let classes = "";
export {classes as class};
</script>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class={classes}>
<path fill-rule="evenodd" d="M10 18a8 8 0 1 0 0-16 8 8 0 0 0 0 16Zm.75-11.25a.75.75 0 0 0-1.5 0v2.5h-2.5a.75.75 0 0 0 0 1.5h2.5v2.5a.75.75 0 0 0 1.5 0v-2.5h2.5a.75.75 0 0 0 0-1.5h-2.5v-2.5Z" clip-rule="evenodd" />
</svg>

8
src/ui/icons/shield-check.svelte Normal file
View File

@ -0,0 +1,8 @@
<script>
let classes = '';
export {classes as class}
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="M9 12.75 11.25 15 15 9.75m-3-7.036A11.959 11.959 0 0 1 3.598 6 11.99 11.99 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623 5.176-1.332 9-6.03 9-11.622 0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285Z" />
</svg>

8
src/ui/icons/trash.svelte Normal file
View File

@ -0,0 +1,8 @@
<script>
let classes = '';
export {classes as class};
</script>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
<path stroke-linecap="round" stroke-linejoin="round" d="m14.74 9-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 0 1-2.244 2.077H8.084a2.25 2.25 0 0 1-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 0 0-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 0 1 3.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 0 0-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 0 0-7.5 0" />
</svg>

12
src/ui/settings/FileSetting.svelte
View File

@ -7,6 +7,13 @@
export let value;
const dispatch = createEventDispatcher();
async function pickFile() {
let file = await open();
if (file) {
value = file.path
}
}
</script>
@ -18,9 +25,10 @@
bind:value
on:change={() => dispatch('update', {value})}
>
<button
<button
type="button"
class="btn btn-sm btn-primary"
on:click={async () => value = await open()}
on:click={pickFile}
>Browse</button>
</div>
<slot name="description" slot="description"></slot>

3
src/ui/settings/Setting.svelte
View File

@ -1,13 +1,12 @@
<script>
import { slide } from 'svelte/transition';
import ErrorAlert from '../ErrorAlert.svelte';
export let title;
</script>
<div>
<div class="flex flex-wrap justify-between gap-y-4">
<div class="flex flex-wrap justify-between gap-4">
<h3 class="text-lg font-bold shrink-0">{title}</h3>
{#if $$slots.input}
<slot name="input"></slot>

167
src/views/Approve.svelte
View File

@ -1,145 +1,64 @@
<script>
import { onMount } from 'svelte';
import { appState, cleanupRequest } from '../lib/state.js';
import { invoke } from '@tauri-apps/api/core';
import { navigate } from '../lib/routing.js';
import { appState, cleanupRequest } from '../lib/state.js';
import ErrorAlert from '../ui/ErrorAlert.svelte';
import Link from '../ui/Link.svelte';
import KeyCombo from '../ui/KeyCombo.svelte';
import CollectResponse from './approve/CollectResponse.svelte';
import ShowResponse from './approve/ShowResponse.svelte';
import Unlock from './Unlock.svelte';
// Send response to backend, display error if applicable
let error, alert;
async function respond() {
const response = {
id: $appState.currentRequest.id,
...$appState.currentRequest.response,
};
// Extra 50ms so the window can finish disappearing before the redraw
const rehideDelay = Math.min(5000, $appState.config.rehide_ms + 50);
let alert;
let success = false;
async function sendResponse() {
try {
await invoke('respond', {response});
navigate('ShowResponse');
await invoke('respond', {response: $appState.currentRequest.response});
success = true;
window.setTimeout(cleanupRequest, rehideDelay);
}
catch (e) {
if (error) {
alert.shake();
}
error = e;
// reset to null so that we go back to asking for approval
$appState.currentRequest.response = null;
// setTimeout forces this to not happen until the alert has been rendered
window.setTimeout(() => alert.setError(e), 0);
}
}
// Approval has one of several outcomes depending on current credential state
async function approve(base) {
$appState.currentRequest.response = {approval: 'Approved', base};
let status = await invoke('get_session_status');
if (status === 'unlocked') {
await respond();
}
else if (status === 'locked') {
navigate('Unlock');
}
else {
navigate('EnterCredentials');
async function handleResponseCollected() {
if (
$appState.sessionStatus === 'unlocked'
|| $appState.currentRequest.response.approval === 'Denied'
) {
await sendResponse();
}
}
// Denial has only one
async function deny() {
$appState.currentRequest.response = {approval: 'Denied', base: false};
await respond();
}
// Extract executable name from full path
const client = $appState.currentRequest.client;
const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
const appName = m[1] || m[2];
// Executable paths can be long, so ensure they only break on \ or /
function breakPath(path) {
return path.replace(/(\\|\/)/g, '$1<wbr>');
}
// if the request has already been approved/denied, send response immediately
onMount(async () => {
if ($appState.currentRequest.response) {
await respond();
}
});
</script>
<!-- Don't render at all if we're just going to immediately proceed to the next screen -->
{#if error || !$appState.currentRequest?.response}
{#if success}
<!-- if we have successfully sent a response, show it -->
<ShowResponse />
{:else if !$appState.currentRequest?.response}
<!-- if a response hasn't been collected, ask for it -->
<div class="flex flex-col space-y-4 p-4 m-auto max-w-xl h-screen items-center justify-center">
{#if error}
<ErrorAlert bind:this={alert}>
{error.msg}
<svelte:fragment slot="buttons">
<button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
<button class="btn btn-sm btn-alert-error" on:click={respond}>Retry</button>
</svelte:fragment>
</ErrorAlert>
{/if}
<ErrorAlert bind:this={alert}>
<svelte:fragment slot="buttons">
<button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
<button class="btn btn-sm btn-alert-error" on:click={sendResponse}>Retry</button>
</svelte:fragment>
</ErrorAlert>
{#if $appState.currentRequest?.base}
<div class="alert alert-warning shadow-lg">
<div>
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
<span>
WARNING: This application is requesting your base AWS credentials.
These credentials are less secure than session credentials, since they don't expire automatically.
</span>
</div>
</div>
{/if}
<div class="space-y-1 mb-4">
<h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>
<div class="grid grid-cols-[auto_1fr] gap-x-3">
<div class="text-right">Path:</div>
<code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
<div class="text-right">PID:</div>
<code>{client.pid}</code>
</div>
</div>
<div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
<!-- Don't display the option to approve with session credentials if base was specifically requested -->
{#if !$appState.currentRequest?.base}
<h3 class="font-semibold">
Approve with session credentials
</h3>
<Link target={() => approve(false)} hotkey="Enter" shift={true}>
<button class="w-full btn btn-success">
<KeyCombo keys={['Shift', 'Enter']} />
</button>
</Link>
{/if}
<h3 class="font-semibold">
<span class="mr-2">
{#if $appState.currentRequest?.base}
Approve
{:else}
Approve with base credentials
{/if}
</span>
</h3>
<Link target={() => approve(true)} hotkey="Enter" shift={true} ctrl={true}>
<button class="w-full btn btn-warning">
<KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
</button>
</Link>
<h3 class="font-semibold">
<span class="mr-2">Deny</span>
</h3>
<Link target={deny} hotkey="Escape">
<button class="w-full btn btn-error">
<KeyCombo keys={['Esc']} />
</button>
</Link>
</div>
<CollectResponse on:response={handleResponseCollected} />
</div>
{:else if $appState.sessionStatus === 'locked'}
<!-- if session is locked and we do have a response, we must be waiting for unlock -->
<Unlock on:unlocked={sendResponse} />
{:else}
<!-- failsafe sanity check -->
<ErrorAlert>
Something is wrong. This message should never show up during normal operation.
</ErrorAlert>
{/if}

14
src/views/ChangePassphrase.svelte Normal file
View File

@ -0,0 +1,14 @@
<script>
import { navigate } from '../lib/routing.js';
import EnterPassphrase from './passphrase/EnterPassphrase.svelte';
</script>
<div class="flex flex-col h-screen max-w-sm m-auto gap-y-8 justify-center">
<h1 class="text-2xl font-bold text-center">
Change passphrase
</h1>
<EnterPassphrase cancellable={true} on:save={() => navigate('Home')}/>
</div>

21
src/views/CreatePassphrase.svelte Normal file
View File

@ -0,0 +1,21 @@
<script>
import EnterPassphrase from './passphrase/EnterPassphrase.svelte';
</script>
<div class="flex flex-col h-screen max-w-lg m-auto justify-center">
<div class="space-y-8">
<h1 class="text-2xl font-bold text-center">Welcome to Creddy!</h1>
<div class="space-y-4">
<p> Create a passphrase to get started.</p>
<p>Please note that if you forget your passphrase, there is no way to recover
your stored credentials. You will have to start over with a new passphrase.</p>
</div>
<div class="max-w-sm mx-auto">
<EnterPassphrase />
</div>
</div>
</div>

94
src/views/EnterCredentials.svelte
View File

@ -1,94 +0,0 @@
<script>
import { onMount } from 'svelte';
import { invoke } from '@tauri-apps/api/core';
import { emit } from '@tauri-apps/api/event';
import { getRootCause } from '../lib/errors.js';
import { appState } from '../lib/state.js';
import { navigate } from '../lib/routing.js';
import Link from '../ui/Link.svelte';
import ErrorAlert from '../ui/ErrorAlert.svelte';
import Spinner from '../ui/Spinner.svelte';
let errorMsg = null;
let alert;
let AccessKeyId, SecretAccessKey, passphrase, confirmPassphrase
function confirm() {
if (passphrase !== confirmPassphrase) {
errorMsg = 'Passphrases do not match.'
}
}
let saving = false;
async function save() {
if (passphrase !== confirmPassphrase) {
alert.shake();
return;
}
let credentials = {AccessKeyId, SecretAccessKey};
try {
saving = true;
await invoke('save_credentials', {credentials, passphrase});
emit('credentials-event', 'entered');
$appState.credentialStatus = 'unlocked';
if ($appState.currentRequest) {
navigate('Approve');
}
else {
navigate('Home');
}
}
catch (e) {
const root = getRootCause(e);
if (e.code === 'GetSession' && root.code) {
errorMsg = `Error response from AWS (${root.code}): ${root.msg}`;
}
else {
// some of the built-in Tauri errors are plain strings,
// so fall back to e if e.msg doesn't exist
errorMsg = e.msg || e;
}
// if the alert already existed, shake it
if (alert) {
alert.shake();
}
saving = false;
}
}
function cancel() {
emit('credentials-event', 'enter-canceled');
navigate('Home');
}
</script>
<form action="#" on:submit|preventDefault="{save}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center">
<h2 class="text-2xl font-bold text-center">Enter your credentials</h2>
{#if errorMsg}
<ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert>
{/if}
<input type="text" placeholder="AWS Access Key ID" bind:value="{AccessKeyId}" class="input input-bordered" />
<input type="password" placeholder="AWS Secret Access Key" bind:value="{SecretAccessKey}" class="input input-bordered" />
<input type="password" placeholder="Passphrase" bind:value="{passphrase}" class="input input-bordered" />
<input type="password" placeholder="Re-enter passphrase" bind:value={confirmPassphrase} class="input input-bordered" on:change={confirm} />
<button type="submit" class="btn btn-primary">
{#if saving }
<Spinner class="w-5 h-5" thickness="12"/>
{:else}
Submit
{/if}
</button>
<Link target={cancel} hotkey="Escape">
<button class="btn btn-sm btn-outline w-full">Cancel</button>
</Link>
</form>

94
src/views/Home.svelte
View File

@ -8,12 +8,24 @@
import Icon from '../ui/Icon.svelte';
import Link from '../ui/Link.svelte';
import vaultDoorSvg from '../assets/vault_door.svg?raw';
let launchTerminalError;
async function launchTerminal() {
try {
await invoke('launch_terminal', {base: false});
}
catch (e) {
console.log(e);
launchTerminalError = e;
}
}
let launchBase = false;
function launchTerminal() {
invoke('launch_terminal', {base: launchBase});
launchBase = false;
async function lock() {
try {
await invoke('lock');
}
catch (e) {
console.log(e);
}
}
</script>
@ -23,31 +35,38 @@
</Nav>
<div class="flex flex-col h-screen items-center justify-center p-4 space-y-4">
<div class="flex flex-col items-center space-y-4">
{@html vaultDoorSvg}
{#if $appState.credentialStatus === 'locked'}
<div class="grid grid-cols-2 gap-6">
<Link target="ManageCredentials">
<div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-primary hover:bg-base-200 transition-colors">
<Icon name="key" class="size-12 stroke-1 stroke-primary" />
<h3 class="text-lg font-bold">Credentials</h3>
<p class="text-sm">Add, remove, and change defaults credentials.</p>
</div>
</Link>
<Link target={launchTerminal}>
<div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-secondary hover:bg-base-200 transition-colors">
<Icon name="command-line" class="size-12 stroke-1 stroke-secondary" />
<h3 class="text-lg font-bold">Terminal</h3>
<p class="text-sm">Launch a terminal pre-configured with AWS credentials.</p>
</div>
</Link>
<h2 class="text-2xl font-bold">Creddy is locked</h2>
<Link target="Unlock" hotkey="Enter" class="w-64">
<button class="btn btn-primary w-full">Unlock</button>
</Link>
<Link target={lock}>
<div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-warning hover:bg-base-200 transition-colors">
<Icon name="shield-check" class="size-12 stroke-1 stroke-warning" />
<h3 class="text-lg font-bold">Lock</h3>
<p class="text-sm">Lock Creddy.</p>
</div>
</Link>
{:else if $appState.credentialStatus === 'unlocked'}
<h2 class="text-2xl font-bold">Waiting for requests</h2>
<button class="btn btn-primary w-full" on:click={launchTerminal}>
Launch Terminal
</button>
<label class="label cursor-pointer flex items-center space-x-2">
<span class="label-text">Launch with long-lived credentials</span>
<input type="checkbox" class="checkbox checkbox-sm" bind:checked={launchBase}>
</label>
{:else if $appState.credentialStatus === 'empty'}
<h2 class="text-2xl font-bold">No credentials found</h2>
<Link target="EnterCredentials" hotkey="Enter" class="w-64">
<button class="btn btn-primary w-full">Enter Credentials</button>
</Link>
{/if}
<Link target={() => invoke('exit')}>
<div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-accent hover:bg-base-200 transition-colors">
<Icon name="arrow-right-start-on-rectangle" class="size-12 stroke-1 stroke-accent" />
<h3 class="text-lg font-bold">Exit</h3>
<p class="text-sm">Close Creddy.</p>
</div>
</Link>
</div>
</div>
@ -56,10 +75,25 @@
{#each $appState.setupErrors as error}
{#if error.show}
<div class="alert alert-error shadow-lg">
{error.msg}
<button class="btn btn-sm btn-alert-error" on:click={() => error.show = false}>Ok</button>
<span>{error.msg}</span>
<div>
<button class="btn btn-sm btn-alert-error" on:click={() => error.show = false}>Ok</button>
</div>
</div>
{/if}
{/each}
</div>
{/if}
{#if launchTerminalError}
<div class="toast">
<div class="alert alert-error shadow-lg">
<span>{launchTerminalError.msg || launchTerminalError}</span>
<div>
<button class="btn btn-alert-error" on:click={() => launchTerminalError = null}>
Ok
</button>
</div>
</div>
</div>
{/if}

62
src/views/ManageCredentials.svelte Normal file
View File

@ -0,0 +1,62 @@
<script>
import { onMount } from 'svelte';
import { slide, fade } from 'svelte/transition';
import { writable } from 'svelte/store';
import { invoke } from '@tauri-apps/api/core';
import AwsCredential from './credentials/AwsCredential.svelte';
import Icon from '../ui/Icon.svelte';
import Nav from '../ui/Nav.svelte';
let show = false;
let records = []
let defaults = writable({});
async function loadCreds() {
records = await invoke('list_credentials');
let pairs = records.filter(r => r.is_default).map(r => [r.credential.type, r.id]);
$defaults = Object.fromEntries(pairs);
}
onMount(loadCreds);
function newAws() {
records.push({
id: crypto.randomUUID(),
name: null,
is_default: false,
credential: {type: 'AwsBase', AccessKeyId: null, SecretAccessKey: null},
isNew: true,
});
records = records;
}
</script>
<Nav>
<h1 slot="title" class="text-2xl font-bold">Credentials</h1>
</Nav>
<div class="max-w-xl mx-auto mb-12 flex flex-col gap-y-4 justify-center">
<div class="divider">
<h2 class="text-xl font-bold">AWS Access Keys</h2>
</div>
{#if records.length > 0}
{#each records as record (record.id)}
<AwsCredential {record} {defaults} on:update={loadCreds} />
{/each}
<button class="btn btn-primary btn-wide mx-auto" on:click={newAws}>
<Icon name="plus-circle-mini" class="size-5" />
Add
</button>
{:else}
<div class="flex flex-col gap-6 items-center rounded-box border-2 border-dashed border-neutral-content/30 p-6">
<div>You have no saved AWS credentials.</div>
<button class="btn btn-primary btn-wide mx-auto" on:click={newAws}>
<Icon name="plus-circle-mini" class="size-5" />
Add
</button>
</div>
{/if}
</div>

130
src/views/Settings.svelte
View File

@ -5,7 +5,6 @@
import { appState } from '../lib/state.js';
import Nav from '../ui/Nav.svelte';
import Link from '../ui/Link.svelte';
import ErrorAlert from '../ui/ErrorAlert.svelte';
import SettingsGroup from '../ui/settings/SettingsGroup.svelte';
import Keybind from '../ui/settings/Keybind.svelte';
import { Setting, ToggleSetting, NumericSetting, FileSetting, TextSetting, TimeSetting } from '../ui/settings';
@ -21,6 +20,7 @@
let error = null;
async function save() {
try {
throw('wtf');
await invoke('save_config', {config});
$appState.config = await invoke('get_config');
}
@ -29,6 +29,7 @@
}
}
window.getOsType = type;
let osType = null;
type().then(t => osType = t);
</script>
@ -38,77 +39,78 @@
<h1 slot="title" class="text-2xl font-bold">Settings</h1>
</Nav>
<div class="max-w-lg mx-auto my-1.5 p-4 space-y-16">
<SettingsGroup name="General">
<ToggleSetting title="Start on login" bind:value={config.start_on_login}>
<svelte:fragment slot="description">
Start Creddy when you log in to your computer.
</svelte:fragment>
</ToggleSetting>
<ToggleSetting title="Start minimized" bind:value={config.start_minimized}>
<svelte:fragment slot="description">
Minimize to the system tray at startup.
</svelte:fragment>
</ToggleSetting>
<NumericSetting title="Re-hide delay" bind:value={config.rehide_ms} min={0} unit="Milliseconds">
<svelte:fragment slot="description">
How long to wait after a request is approved/denied before minimizing
the window to tray. Only applicable if the window was minimized
to tray before the request was received.
</svelte:fragment>
</NumericSetting>
<ToggleSetting title="Lock when idle" bind:value={config.auto_lock}>
<svelte:fragment slot="description">
Automatically lock Creddy after a period of inactivity.
</svelte:fragment>
</ToggleSetting>
{#if config.auto_lock}
<TimeSetting title="Idle timeout" bind:seconds={config.lock_after.secs}>
<form on:submit|preventDefault={save}>
<div class="max-w-lg mx-auto my-1.5 p-4 space-y-16">
<SettingsGroup name="General">
<ToggleSetting title="Start on login" bind:value={config.start_on_login}>
<svelte:fragment slot="description">
How long to wait before automatically locking.
Start Creddy when you log in to your computer.
</svelte:fragment>
</TimeSetting>
{/if}
</ToggleSetting>
<Setting title="Update credentials">
<Link slot="input" target="EnterCredentials">
<button class="btn btn-sm btn-primary">Update</button>
</Link>
<svelte:fragment slot="description">
Update or re-enter your encrypted credentials.
</svelte:fragment>
</Setting>
<ToggleSetting title="Start minimized" bind:value={config.start_minimized}>
<svelte:fragment slot="description">
Minimize to the system tray at startup.
</svelte:fragment>
</ToggleSetting>
<FileSetting
title="Terminal emulator"
bind:value={config.terminal.exec}
>
<svelte:fragment slot="description">
Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>.
</svelte:fragment>
</FileSetting>
</SettingsGroup>
<NumericSetting title="Re-hide delay" bind:value={config.rehide_ms} min={0} unit="Milliseconds">
<svelte:fragment slot="description">
How long to wait after a request is approved/denied before minimizing
the window to tray. Only applicable if the window was minimized
to tray before the request was received.
</svelte:fragment>
</NumericSetting>
<SettingsGroup name="Hotkeys">
<div class="space-y-4">
<p>Click on a keybinding to modify it. Use the checkbox to enable or disable a keybinding entirely.</p>
<ToggleSetting title="Lock when idle" bind:value={config.auto_lock}>
<svelte:fragment slot="description">
Automatically lock Creddy after a period of inactivity.
</svelte:fragment>
</ToggleSetting>
<div class="grid grid-cols-[auto_1fr_auto] gap-y-3 items-center">
<Keybind description="Show Creddy" bind:value={config.hotkeys.show_window} />
<Keybind description="Launch terminal" bind:value={config.hotkeys.launch_terminal} />
{#if config.auto_lock}
<TimeSetting title="Idle timeout" bind:seconds={config.lock_after.secs}>
<svelte:fragment slot="description">
How long to wait before automatically locking.
</svelte:fragment>
</TimeSetting>
{/if}
<Setting title="Update passphrase">
<Link slot="input" target="ChangePassphrase">
<button type="button" class="btn btn-sm btn-primary">Update</button>
</Link>
<svelte:fragment slot="description">
Change your master passphrase.
</svelte:fragment>
</Setting>
<FileSetting
title="Terminal emulator"
bind:value={config.terminal.exec}
>
<svelte:fragment slot="description">
Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>.
</svelte:fragment>
</FileSetting>
</SettingsGroup>
<SettingsGroup name="Hotkeys">
<div class="space-y-4">
<p>Click on a keybinding to modify it. Use the checkbox to enable or disable a keybinding entirely.</p>
<div class="grid grid-cols-[auto_1fr_auto] gap-y-3 items-center">
<Keybind description="Show Creddy" bind:value={config.hotkeys.show_window} />
<Keybind description="Launch terminal" bind:value={config.hotkeys.launch_terminal} />
</div>
</div>
</div>
</SettingsGroup>
</SettingsGroup>
<p class="text-sm text-right">
Creddy {$appState.appVersion}
</p>
</div>
<p class="text-sm text-right">
Creddy {$appState.appVersion}
</p>
</div>
</form>
{#if error}
<div transition:fly={{y: 100, easing: backInOut, duration: 400}} class="toast">

86
src/views/Unlock.svelte
View File

@ -1,85 +1,59 @@
<script>
import { invoke } from '@tauri-apps/api/core';
import { emit } from '@tauri-apps/api/event';
import { onMount } from 'svelte';
import { onMount, createEventDispatcher } from 'svelte';
import { appState } from '../lib/state.js';
import { navigate } from '../lib/routing.js';
import { getRootCause } from '../lib/errors.js';
import ErrorAlert from '../ui/ErrorAlert.svelte';
import Link from '../ui/Link.svelte';
import PassphraseInput from '../ui/PassphraseInput.svelte';
import ResetPassphrase from './passphrase/ResetPassphrase.svelte';
import Spinner from '../ui/Spinner.svelte';
import vaultDoorSvg from '../assets/vault_door.svg?raw';
let errorMsg = null;
const dispatch = createEventDispatcher();
let alert;
let passphrase = '';
let loadTime = 0;
let saving = false;
async function unlock() {
// The hotkey for navigating here from homepage is Enter, which also
// happens to trigger the form submit event
if (Date.now() - loadTime < 10) {
return;
}
saving = true;
try {
saving = true;
let r = await invoke('unlock', {passphrase});
$appState.credentialStatus = 'unlocked';
emit('credentials-event', 'unlocked');
if ($appState.currentRequest) {
navigate('Approve');
}
else {
navigate('Home');
}
await alert.run(async () => invoke('unlock', {passphrase}));
$appState.sessionStatus = 'unlocked';
emit('unlocked');
dispatch('unlocked');
}
catch (e) {
const root = getRootCause(e);
if (e.code === 'GetSession' && root.code) {
errorMsg = `Error response from AWS (${root.code}): ${root.msg}`;
}
else {
errorMsg = e.msg;
}
// if the alert already existed, shake it
if (alert) {
alert.shake();
}
finally {
saving = false;
}
}
function cancel() {
emit('credentials-event', 'unlock-canceled');
if ($appState.currentRequest !== null) {
// dirty hack to prevent spurious error when returning to approve screen
delete $appState.currentRequest.response;
navigate('Approve');
}
else {
navigate('Home');
}
}
onMount(() => {
loadTime = Date.now();
})
</script>
<div class="fixed top-0 w-full p-2 text-center">
<h1 class="text-3xl font-bold">Creddy is locked</h1>
</div>
<form action="#" on:submit|preventDefault="{unlock}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center">
<h2 class="font-bold text-2xl text-center">Enter your passphrase</h2>
<div class="mx-auto">
{@html vaultDoorSvg}
</div>
{#if errorMsg}
<ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert>
{/if}
<label class="space-y-4">
<h2 class="font-bold text-xl text-center">Please enter your passphrase</h2>
<!-- svelte-ignore a11y-autofocus -->
<input autofocus name="password" type="password" placeholder="correct horse battery staple" bind:value="{passphrase}" class="input input-bordered" />
<ErrorAlert bind:this="{alert}" />
<!-- svelte-ignore a11y-autofocus -->
<PassphraseInput autofocus="true" bind:value={passphrase} placeholder="correct horse battery staple" />
</label>
<button type="submit" class="btn btn-primary">
{#if saving}
@ -89,7 +63,5 @@
{/if}
</button>
<Link target={cancel} hotkey="Escape">
<button class="btn btn-sm btn-outline w-full">Cancel</button>
</Link>
<ResetPassphrase />
</form>

91
src/views/approve/CollectResponse.svelte Normal file
View File

@ -0,0 +1,91 @@
<script>
import { createEventDispatcher } from 'svelte';
import { appState, cleanupRequest } from '../../lib/state.js';
import Link from '../../ui/Link.svelte';
import KeyCombo from '../../ui/KeyCombo.svelte';
// Executable paths can be long, so ensure they only break on \ or /
function breakPath(path) {
return path.replace(/(\\|\/)/g, '$1<wbr>');
}
// Extract executable name from full path
const client = $appState.currentRequest.client;
const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
const appName = m[1] || m[2];
const dispatch = createEventDispatcher();
function setResponse(approval, base) {
$appState.currentRequest.response = {
id: $appState.currentRequest.id,
approval,
base,
};
dispatch('response');
}
</script>
{#if $appState.currentRequest?.base}
<div class="alert alert-warning shadow-lg">
<div>
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
<span>
WARNING: This application is requesting your base AWS credentials.
These credentials are less secure than session credentials, since they don't expire automatically.
</span>
</div>
</div>
{/if}
<div class="space-y-1 mb-4">
<h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>
<div class="grid grid-cols-[auto_1fr] gap-x-3">
<div class="text-right">Path:</div>
<code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
<div class="text-right">PID:</div>
<code>{client.pid}</code>
</div>
</div>
<div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
<!-- Don't display the option to approve with session credentials if base was specifically requested -->
{#if !$appState.currentRequest?.base}
<h3 class="font-semibold">
Approve with session credentials
</h3>
<Link target={() => setResponse('Approved', false)} hotkey="Enter" shift={true}>
<button class="w-full btn btn-success">
<KeyCombo keys={['Shift', 'Enter']} />
</button>
</Link>
{/if}
<h3 class="font-semibold">
<span class="mr-2">
{#if $appState.currentRequest?.base}
Approve
{:else}
Approve with base credentials
{/if}
</span>
</h3>
<Link target={() => setResponse('Approved', true)} hotkey="Enter" shift={true} ctrl={true}>
<button class="w-full btn btn-warning">
<KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
</button>
</Link>
<h3 class="font-semibold">
<span class="mr-2">Deny</span>
</h3>
<Link target={() => setResponse('Denied', false)} hotkey="Escape">
<button class="w-full btn btn-error">
<KeyCombo keys={['Esc']} />
</button>
</Link>
</div>

11
src/views/ShowResponse.svelte → src/views/approve/ShowResponse.svelte
View File

@ -1,8 +1,7 @@
<script>
import { onMount } from 'svelte';
import { draw, fade } from 'svelte/transition';
import { appState, cleanupRequest } from '../lib/state.js';
import { appState } from '../../lib/state.js';
let success = false;
let error = null;
@ -10,14 +9,6 @@
let drawDuration = $appState.config.rehide_ms >= 750 ? 500 : 0;
let fadeDuration = drawDuration * 0.6;
let fadeDelay = drawDuration * 0.4;
onMount(() => {
window.setTimeout(
cleanupRequest,
// Extra 50ms so the window can finish disappearing before the redraw
Math.min(5000, $appState.config.rehide_ms + 50),
)
})
</script>

155
src/views/credentials/AwsCredential.svelte Normal file
View File

@ -0,0 +1,155 @@
<script>
import { createEventDispatcher } from 'svelte';
import { fade, slide } from 'svelte/transition';
import { invoke } from '@tauri-apps/api/core';
import ErrorAlert from '../../ui/ErrorAlert.svelte';
import Icon from '../../ui/Icon.svelte';
export let record;
export let defaults;
import PassphraseInput from '../../ui/PassphraseInput.svelte';
const dispatch = createEventDispatcher();
let showDetails = record.isNew ? true : false;
let localName = name;
let local = JSON.parse(JSON.stringify(record));
$: isModified = JSON.stringify(local) !== JSON.stringify(record);
// explicitly subscribe to updates to `default`, so that we can update
// our local copy even if the component hasn't been recreated
// (sadly we can't use a reactive binding because reasons I guess)
defaults.subscribe(d => local.is_default = local.id === d[local.credential.type])
let alert;
async function saveCredential() {
await invoke('save_credential', {record: local});
dispatch('update');
showDetails = false;
}
let deleteModal;
function conditionalDelete() {
if (!record.isNew) {
deleteModal.showModal();
}
else {
deleteCredential();
}
}
async function deleteCredential() {
try {
if (!record.isNew) {
await invoke('delete_credential', {id: record.id});
}
dispatch('update');
}
catch (e) {
showDetails = true;
// wait for showDetails to take effect and the alert to be rendered
window.setTimeout(() => alert.setError(e), 0);
}
}
</script>
<div
transition:slide|local={{duration: record.isNew ? 300 : 0}}
class="rounded-box space-y-4 bg-base-200 {record.is_default ? 'border border-accent' : ''}"
>
<div class="flex items-center px-6 py-4 gap-x-4">
<h3 class="text-lg font-bold">{record.name || ''}</h3>
{#if record.is_default}
<span class="badge badge-accent">Default</span>
{/if}
<div class="join ml-auto">
<button
type="button"
class="btn btn-outline join-item"
on:click={() => showDetails = !showDetails}
>
<Icon name="pencil" class="size-6" />
</button>
<button
type="button"
class="btn btn-outline btn-error join-item"
on:click={conditionalDelete}
>
<Icon name="trash" class="size-6" />
</button>
</div>
</div>
{#if showDetails}
<form
transition:slide|local={{duration: 200}}
class=" px-6 pb-4 space-y-4"
on:submit|preventDefault={() => alert.run(saveCredential)}
>
<ErrorAlert bind:this={alert} />
<div class="grid grid-cols-[auto_1fr] items-center gap-4">
{#if record.isNew}
<span class="justify-self-end">Name</span>
<input
type="text"
class="input input-bordered bg-transparent"
bind:value={local.name}
>
{/if}
<span class="justify-self-end">Key ID</span>
<input
type="text"
class="input input-bordered font-mono bg-transparent"
bind:value={local.credential.AccessKeyId}
>
<span>Secret key</span>
<div class="font-mono">
<PassphraseInput class="bg-transparent" bind:value={local.credential.SecretAccessKey} />
</div>
</div>
<div class="flex justify-between">
<label class="label cursor-pointer justify-self-start space-x-4">
<span class="label-text">Default AWS access key</span>
<input type="checkbox" class="toggle toggle-accent" bind:checked={local.is_default}>
</label>
{#if isModified}
<button
transition:fade={{duration: 100}}
type="submit"
class="btn btn-primary"
>
Save
</button>
{/if}
</div>
</form>
{/if}
<dialog bind:this={deleteModal} class="modal">
<div class="modal-box">
<h3 class="text-lg font-bold">Delete AWS credential "{record.name}"?</h3>
<div class="modal-action">
<form method="dialog" class="flex gap-x-4">
<button class="btn btn-outline">Cancel</button>
<button
autofocus
class="btn btn-error"
on:click={deleteCredential}
>Delete</button>
</form>
</div>
</div>
</dialog>
</div>

109
src/views/passphrase/EnterPassphrase.svelte Normal file
View File

@ -0,0 +1,109 @@
<script>
import { createEventDispatcher } from 'svelte';
import { invoke } from '@tauri-apps/api/core';
import { appState } from '../../lib/state.js';
import ErrorAlert from '../../ui/ErrorAlert.svelte';
import Link from '../../ui/Link.svelte';
import PassphraseInput from '../../ui/PassphraseInput.svelte';
import ResetPassphrase from './ResetPassphrase.svelte';
import Spinner from '../../ui/Spinner.svelte';
export let cancellable = false;
const dispatch = createEventDispatcher();
let alert;
let saving = false;
let passphrase = '';
let confirmPassphrase = '';
// onChange only fires when an input loses focus, so always set the error if not set
function onChange() {
console.log(`onChange: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`)
if (passphrase !== confirmPassphrase) {
alert.setError('Passphrases do not match.');
}
else {
alert.setError(null);
}
}
// onInput fires on every keystroke, so only dismiss the error, don't create it
function onInput() {
console.log(`onInput: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`)
if (passphrase === confirmPassphrase) {
alert.setError(null);
}
}
async function save() {
if (passphrase !== confirmPassphrase) {
return;
}
if (passphrase === '') {
alert.setError('Passphrase is empty.')
return;
}
saving = true;
try {
await alert.run(async () => {
await invoke('set_passphrase', {passphrase})
throw('something bad happened');
$appState.sessionStatus = 'unlocked';
dispatch('save');
});
}
finally {
saving = false;
}
}
</script>
<form class="form-control gap-y-4" on:submit|preventDefault={save}>
<ErrorAlert bind:this={alert} />
<label class="form-control w-full">
<div class="label">
<span class="label-text">Passphrase</span>
</div>
<PassphraseInput
bind:value={passphrase}
on:input={onInput}
placeholder="correct horse battery staple"
/>
</label>
<label class="form-control w-full">
<div class="label">
<span class="label-text">Re-enter passphrase</span>
</div>
<PassphraseInput
bind:value={confirmPassphrase}
on:input={onInput} on:change={onChange}
placeholder="correct horse battery staple"
/>
</label>
<button type="submit" class="btn btn-primary">
{#if saving}
<Spinner class="w-5 h-5" thickness="12"/>
{:else}
Submit
{/if}
</button>
{#if cancellable}
<Link target="Settings" hotkey="Escape">
<button type="button" class="btn btn-outline btn-sm w-full">Cancel</button>
</Link>
{/if}
{#if $appState.sessionStatus === 'locked'}
<ResetPassphrase />
{/if}
</form>

41
src/views/passphrase/ResetPassphrase.svelte Normal file
View File

@ -0,0 +1,41 @@
<script>
import { invoke } from '@tauri-apps/api/core';
import { appState } from '../../lib/state.js';
import ErrorAlert from '../../ui/ErrorAlert.svelte';
let modal;
let alert;
async function reset() {
await invoke('reset_session');
$appState.sessionStatus = 'empty';
}
</script>
<button type="button" class="self-end text-sm text-secondary/75 hover:underline focus:ring-accent" on:click={modal.showModal()}>
Reset passphrase
</button>
<dialog class="modal" bind:this={modal}>
<div class="modal-box space-y-6">
<ErrorAlert bind:this={alert} />
<h3 class="text-lg font-bold">Delete all credentials?</h3>
<div class="space-y-2">
<p>Credentials are encrypted with your current passphrase and will be lost if the passphrase is reset.</p>
<p>Are you sure you want to reset your passphrase and delete all saved credentials?</p>
</div>
<div class="modal-action">
<form method="dialog" class="flex gap-x-4">
<button autofocus class="btn btn-outline">Cancel</button>
<button class="btn btn-error" on:click|preventDefault={() => alert.run(reset)}>
Reset
</button>
</form>
</div>
</div>
</dialog>

36
tailwind.config.js
View File

@ -10,4 +10,40 @@ module.exports = {
plugins: [
require('daisyui'),
],
daisyui: {
themes: [
{
creddy: {
"primary": "#0ea5e9",
"secondary": "#fb923c",
"accent": "#8b5cf6",
"neutral": "#374151",
"base-100": "#252e3a",
"info": "#66cccc",
"success": "#52bf73",
"warning": "#d1a900",
"error": "#f87171",
},
},
{
"summer-night": {
"primary": "#0ea5e9",
"secondary": "#0ea5e9",
"accent": "#fb923c",
"neutral": "#393939",
"base-100": "#2d2d2d",
"info": "#66cccc",
"success": "#22c55e",
"warning": "#d1a900",
"error": "#f2777a"
},
},
"dark",
"night",
"dracula",
"sunset",
"dim",
"light"
]
},
}