jfmonty2/creddy
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 15 Wiki Activity

Compare commits

base: jfmonty2:a32e36be7edb7244ee355ecde65959ef6ffa7261
Branches Tags
jfmonty2:master
jfmonty2:docker-helper
jfmonty2:persistent-session
jfmonty2:ssh-agent
jfmonty2:generalized-credentials
jfmonty2:pipe
jfmonty2:terminal
jfmonty2:wincon
jfmonty2:wip
jfmonty2:dev2
jfmonty2:dev
jfmonty2:v0.6.5
jfmonty2:v0.6.3
jfmonty2:v0.6.2
jfmonty2:v0.6.0
jfmonty2:v0.5.4
jfmonty2:v0.5.3
jfmonty2:v0.5.1
jfmonty2:v0.5.0
jfmonty2:v0.4.7
jfmonty2:v0.4.6
jfmonty2:v0.4.5
jfmonty2:v0.4.4
jfmonty2:v0.4.2
jfmonty2:v0.4.1
jfmonty2:v0.4.0
jfmonty2:v0.3.3
jfmonty2:v0.3.1
jfmonty2:v0.3.0
jfmonty2:v0.2.3
jfmonty2:v0.2.1
jfmonty2:show
jfmonty2:v0.2.0
...
compare: jfmonty2:a49bd47e8ccd6f83d636305c11aa91664cabb0ce
Branches Tags
jfmonty2:master
jfmonty2:docker-helper
jfmonty2:persistent-session
jfmonty2:ssh-agent
jfmonty2:generalized-credentials
jfmonty2:pipe
jfmonty2:terminal
jfmonty2:wincon
jfmonty2:wip
jfmonty2:dev2
jfmonty2:dev
jfmonty2:v0.6.5
jfmonty2:v0.6.3
jfmonty2:v0.6.2
jfmonty2:v0.6.0
jfmonty2:v0.5.4
jfmonty2:v0.5.3
jfmonty2:v0.5.1
jfmonty2:v0.5.0
jfmonty2:v0.4.7
jfmonty2:v0.4.6
jfmonty2:v0.4.5
jfmonty2:v0.4.4
jfmonty2:v0.4.2
jfmonty2:v0.4.1
jfmonty2:v0.4.0
jfmonty2:v0.3.3
jfmonty2:v0.3.1
jfmonty2:v0.3.0
jfmonty2:v0.2.3
jfmonty2:v0.2.1
jfmonty2:show
jfmonty2:v0.2.0

2 Commits
a32e36be7e ... a49bd47e8c

Author SHA1 Message Date
Joseph Montanaro
a49bd47e8c make server_addr configurable for client 2024-07-12 14:33:09 -04:00
Joseph Montanaro
5cf848f7fe clean up warnings 2024-07-11 06:04:56 -04:00
11 changed files with 65 additions and 68 deletions
Show Stats Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "creddy", "name": "creddy",
"version": "0.5.2", "version": "0.5.3",
"scripts": { "scripts": {
"dev": "vite", "dev": "vite",
"build": "vite build", "build": "vite build",

2
src-tauri/Cargo.lock generated
View File

@ -1196,7 +1196,7 @@ dependencies = [
[[package]] [[package]]
name = "creddy" name = "creddy"
version = "0.5.2" version = "0.5.3"
dependencies = [ dependencies = [
"argon2", "argon2",
"auto-launch", "auto-launch",

2
src-tauri/Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "creddy" name = "creddy"
version = "0.5.2" version = "0.5.3"
description = "A friendly AWS credentials manager" description = "A friendly AWS credentials manager"
authors = ["Joseph Montanaro"] authors = ["Joseph Montanaro"]
license = "" license = ""

10
src-tauri/src/bin/creddy_cli.rs
View File

@ -11,13 +11,7 @@ use std::{
fn main() { fn main() {
let args = cli::parser().get_matches(); let res = match cli::parser().get_matches().subcommand() {
if let Some(true) = args.get_one::<bool>("help") {
cli::parser().print_help().unwrap(); // if we can't print help we can't print an error
process::exit(0);
}
let res = match args.subcommand() {
None | Some(("run", _)) => launch_gui(), None | Some(("run", _)) => launch_gui(),
Some(("get", m)) => cli::get(m), Some(("get", m)) => cli::get(m),
Some(("exec", m)) => cli::exec(m), Some(("exec", m)) => cli::exec(m),
@ -35,7 +29,7 @@ fn main() {
fn launch_gui() -> Result<(), CliError> { fn launch_gui() -> Result<(), CliError> {
let mut path = env::current_exe()?; let mut path = env::current_exe()?;
path.pop(); // bin dir path.pop(); // bin dir
// binaries are colocated in dev, but not in production // binaries are colocated in dev, but not in production
#[cfg(not(debug_assertions))] #[cfg(not(debug_assertions))]
path.pop(); // install dir path.pop(); // install dir

36
src-tauri/src/cli.rs
View File

@ -1,4 +1,5 @@
use std::ffi::OsString; use std::ffi::OsString;
use std::path::PathBuf;
use std::process::Command as ChildCommand; use std::process::Command as ChildCommand;
#[cfg(windows)] #[cfg(windows)]
use std::time::Duration; use std::time::Duration;
@ -9,6 +10,7 @@ use clap::{
ArgMatches, ArgMatches,
ArgAction, ArgAction,
builder::PossibleValuesParser, builder::PossibleValuesParser,
value_parser,
}; };
use tokio::io::{AsyncReadExt, AsyncWriteExt}; use tokio::io::{AsyncReadExt, AsyncWriteExt};
@ -37,6 +39,14 @@ pub fn parser() -> Command<'static> {
Command::new("creddy") Command::new("creddy")
.version(env!("CARGO_PKG_VERSION")) .version(env!("CARGO_PKG_VERSION"))
.about("A friendly AWS credentials manager") .about("A friendly AWS credentials manager")
.arg(
Arg::new("server_addr")
.short('a')
.long("server-addr")
.takes_value(true)
.value_parser(value_parser!(PathBuf))
.help("Connect to the main Creddy process at this address")
)
.subcommand( .subcommand(
Command::new("run") Command::new("run")
.about("Launch Creddy") .about("Launch Creddy")
@ -71,6 +81,7 @@ pub fn parser() -> Command<'static> {
Arg::new("name") Arg::new("name")
.short('n') .short('n')
.long("name") .long("name")
.takes_value(true)
.help("If unspecified, use default credentials") .help("If unspecified, use default credentials")
) )
.arg( .arg(
@ -94,8 +105,9 @@ pub fn parser() -> Command<'static> {
pub fn get(args: &ArgMatches) -> Result<(), CliError> { pub fn get(args: &ArgMatches) -> Result<(), CliError> {
let name = args.get_one("name").cloned(); let name = args.get_one("name").cloned();
let base = *args.get_one("base").unwrap_or(&false); let base = *args.get_one("base").unwrap_or(&false);
let addr = args.get_one("server_addr").cloned();
let output = match make_request(&Request::GetAwsCredentials { name, base })? {
let output = match make_request(addr, &Request::GetAwsCredentials { name, base })? {
Response::AwsBase(creds) => serde_json::to_string(&creds).unwrap(), Response::AwsBase(creds) => serde_json::to_string(&creds).unwrap(),
Response::AwsSession(creds) => serde_json::to_string(&creds).unwrap(), Response::AwsSession(creds) => serde_json::to_string(&creds).unwrap(),
r => return Err(RequestError::Unexpected(r).into()), r => return Err(RequestError::Unexpected(r).into()),
@ -108,14 +120,15 @@ pub fn get(args: &ArgMatches) -> Result<(), CliError> {
pub fn exec(args: &ArgMatches) -> Result<(), CliError> { pub fn exec(args: &ArgMatches) -> Result<(), CliError> {
let name = args.get_one("name").cloned(); let name = args.get_one("name").cloned();
let base = *args.get_one("base").unwrap_or(&false); let base = *args.get_one("base").unwrap_or(&false);
let addr = args.get_one("server_addr").cloned();
let mut cmd_line = args.get_many("command") let mut cmd_line = args.get_many("command")
.ok_or(ExecError::NoCommand)?; .ok_or(ExecError::NoCommand)?;
let cmd_name: &String = cmd_line.next().unwrap(); // Clap guarantees that there will be at least one let cmd_name: &String = cmd_line.next().unwrap(); // Clap guarantees that there will be at least one
let mut cmd = ChildCommand::new(cmd_name); let mut cmd = ChildCommand::new(cmd_name);
cmd.args(cmd_line); cmd.args(cmd_line);
match make_request(&Request::GetAwsCredentials { name, base })? { match make_request(addr, &Request::GetAwsCredentials { name, base })? {
Response::AwsBase(creds) => { Response::AwsBase(creds) => {
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id); cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key); cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
@ -160,6 +173,7 @@ pub fn exec(args: &ArgMatches) -> Result<(), CliError> {
pub fn invoke_shortcut(args: &ArgMatches) -> Result<(), CliError> { pub fn invoke_shortcut(args: &ArgMatches) -> Result<(), CliError> {
let addr = args.get_one("server_addr").cloned();
let action = match args.get_one::<String>("action").map(|s| s.as_str()) { let action = match args.get_one::<String>("action").map(|s| s.as_str()) {
Some("show_window") => ShortcutAction::ShowWindow, Some("show_window") => ShortcutAction::ShowWindow,
Some("launch_terminal") => ShortcutAction::LaunchTerminal, Some("launch_terminal") => ShortcutAction::LaunchTerminal,
@ -167,7 +181,7 @@ pub fn invoke_shortcut(args: &ArgMatches) -> Result<(), CliError> {
}; };
let req = Request::InvokeShortcut(action); let req = Request::InvokeShortcut(action);
match make_request(&req) { match make_request(addr, &req) {
Ok(Response::Empty) => Ok(()), Ok(Response::Empty) => Ok(()),
Ok(r) => Err(RequestError::Unexpected(r).into()), Ok(r) => Err(RequestError::Unexpected(r).into()),
Err(e) => Err(e.into()), Err(e) => Err(e.into()),
@ -176,12 +190,12 @@ pub fn invoke_shortcut(args: &ArgMatches) -> Result<(), CliError> {
#[tokio::main] #[tokio::main]
async fn make_request(req: &Request) -> Result<Response, RequestError> { async fn make_request(addr: Option<PathBuf>, req: &Request) -> Result<Response, RequestError> {
let mut data = serde_json::to_string(req).unwrap(); let mut data = serde_json::to_string(req).unwrap();
// server expects newline marking end of request // server expects newline marking end of request
data.push('\n'); data.push('\n');
let mut stream = connect().await?; let mut stream = connect(addr).await?;
stream.write_all(&data.as_bytes()).await?; stream.write_all(&data.as_bytes()).await?;
let mut buf = Vec::with_capacity(1024); let mut buf = Vec::with_capacity(1024);
@ -192,10 +206,10 @@ async fn make_request(req: &Request) -> Result<Response, RequestError> {
#[cfg(windows)] #[cfg(windows)]
async fn connect() -> Result<NamedPipeClient, std::io::Error> { async fn connect(addr: Option<PathBuf>) -> Result<NamedPipeClient, std::io::Error> {
// apparently attempting to connect can fail if there's already a client connected // apparently attempting to connect can fail if there's already a client connected
loop { loop {
let addr = srv::addr("creddy-server"); let addr = addr.unwrap_or_else(|| srv::addr("creddy-server"));
match ClientOptions::new().open(&addr) { match ClientOptions::new().open(&addr) {
Ok(stream) => return Ok(stream), Ok(stream) => return Ok(stream),
Err(e) if e.raw_os_error() == Some(ERROR_PIPE_BUSY.0 as i32) => (), Err(e) if e.raw_os_error() == Some(ERROR_PIPE_BUSY.0 as i32) => (),
@ -207,7 +221,7 @@ async fn connect() -> Result<NamedPipeClient, std::io::Error> {
#[cfg(unix)] #[cfg(unix)]
async fn connect() -> Result<UnixStream, std::io::Error> { async fn connect(addr: Option<PathBuf>) -> Result<UnixStream, std::io::Error> {
let path = srv::addr("creddy-server"); let path = addr.unwrap_or_else(|| srv::addr("creddy-server"));
UnixStream::connect(&path).await UnixStream::connect(&path).await
} }

17
src-tauri/src/credentials/aws.rs
View File

@ -76,7 +76,7 @@ impl PersistentCredential for AwsBaseCredential {
access_key_id, access_key_id,
secret_key_enc, secret_key_enc,
nonce nonce
) )
VALUES (?, ?, ?, ?);", VALUES (?, ?, ?, ?);",
id, self.access_key_id, ciphertext, nonce_bytes, id, self.access_key_id, ciphertext, nonce_bytes,
).execute(&mut **txn).await?; ).execute(&mut **txn).await?;
@ -203,19 +203,6 @@ mod tests {
) )
} }
fn test_uuid() -> Uuid {
Uuid::try_parse("00000000-0000-0000-0000-000000000000").unwrap()
}
fn test_uuid_2() -> Uuid {
Uuid::try_parse("ffffffff-ffff-ffff-ffff-ffffffffffff").unwrap()
}
fn test_uuid_random() -> Uuid {
let bytes = Crypto::salt();
Uuid::from_slice(&bytes[..16]).unwrap()
}
#[sqlx::test(fixtures("aws_credentials"))] #[sqlx::test(fixtures("aws_credentials"))]
async fn test_load(pool: SqlitePool) { async fn test_load(pool: SqlitePool) {
@ -254,5 +241,5 @@ mod tests {
assert_eq!(&creds().into_credential(), &list[0]); assert_eq!(&creds().into_credential(), &list[0]);
assert_eq!(&creds_2().into_credential(), &list[1]); assert_eq!(&creds_2().into_credential(), &list[1]);
} }
} }

21
src-tauri/src/credentials/record.rs
View File

@ -112,15 +112,16 @@ impl CredentialRecord {
Ok(Self::from_parts(row, credential)) Ok(Self::from_parts(row, credential))
} }
// pub async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { #[cfg(test)]
// let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE id = ?") pub async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
// .bind(id) let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE id = ?")
// .fetch_optional(pool) .bind(id)
// .await? .fetch_optional(pool)
// .ok_or(LoadCredentialsError::NoCredentials)?; .await?
.ok_or(LoadCredentialsError::NoCredentials)?;
// Self::load_credential(row, crypto, pool).await Self::load_credential(row, crypto, pool).await
// } }
pub async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { pub async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE name = ?") let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE name = ?")
@ -134,7 +135,7 @@ impl CredentialRecord {
pub async fn load_default(credential_type: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { pub async fn load_default(credential_type: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let row: CredentialRow = sqlx::query_as( let row: CredentialRow = sqlx::query_as(
"SELECT * FROM credentials "SELECT * FROM credentials
WHERE credential_type = ? AND is_default = 1" WHERE credential_type = ? AND is_default = 1"
).bind(credential_type) ).bind(credential_type)
.fetch_optional(pool) .fetch_optional(pool)
@ -419,7 +420,7 @@ mod uuid_tests {
#[test] #[test]
fn test_serialize_deserialize_uuid() { fn test_serialize_deserialize_uuid() {
let buf = Crypto::salt(); let buf = Crypto::salt();
let expected = UuidWrapper{ let expected = UuidWrapper{
id: Uuid::from_slice(&buf[..16]).unwrap() id: Uuid::from_slice(&buf[..16]).unwrap()
}; };
let serialized = serde_json::to_string(&expected).unwrap(); let serialized = serde_json::to_string(&expected).unwrap();

15
src-tauri/src/credentials/ssh.rs
View File

@ -99,7 +99,7 @@ impl SshKey {
let row = sqlx::query!( let row = sqlx::query!(
"SELECT c.name "SELECT c.name
FROM credentials c FROM credentials c
JOIN ssh_credentials s JOIN ssh_credentials s
ON s.id = c.id ON s.id = c.id
WHERE s.public_key = ?", WHERE s.public_key = ?",
pubkey pubkey
@ -168,7 +168,7 @@ impl PersistentCredential for SshKey {
let nonce = XNonce::clone_from_slice(&row.nonce); let nonce = XNonce::clone_from_slice(&row.nonce);
let privkey_bytes = crypto.decrypt(&nonce, &row.private_key_enc)?; let privkey_bytes = crypto.decrypt(&nonce, &row.private_key_enc)?;
let algorithm = Algorithm::new(&row.algorithm) let algorithm = Algorithm::new(&row.algorithm)
.map_err(|_| LoadCredentialsError::InvalidData)?; .map_err(|_| LoadCredentialsError::InvalidData)?;
let public_key = PublicKey::from_bytes(&row.public_key) let public_key = PublicKey::from_bytes(&row.public_key)
@ -298,7 +298,6 @@ fn deserialize_algorithm<'de, D>(deserializer: D) -> Result<Algorithm, D::Error>
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use std::fs::{self, File}; use std::fs::{self, File};
use ssh_key::Fingerprint;
use sqlx::types::uuid::uuid; use sqlx::types::uuid::uuid;
use super::*; use super::*;
@ -341,7 +340,7 @@ mod tests {
let k = rsa_plain(); let k = rsa_plain();
assert_eq!(k.algorithm.as_str(), "ssh-rsa"); assert_eq!(k.algorithm.as_str(), "ssh-rsa");
assert_eq!(&k.comment, "hello world"); assert_eq!(&k.comment, "hello world");
assert_eq!( assert_eq!(
k.public_key.fingerprint(Default::default()), k.public_key.fingerprint(Default::default()),
k.private_key.fingerprint(Default::default()), k.private_key.fingerprint(Default::default()),
@ -359,7 +358,7 @@ mod tests {
let k = rsa_enc(); let k = rsa_enc();
assert_eq!(k.algorithm.as_str(), "ssh-rsa"); assert_eq!(k.algorithm.as_str(), "ssh-rsa");
assert_eq!(&k.comment, "hello world"); assert_eq!(&k.comment, "hello world");
assert_eq!( assert_eq!(
k.public_key.fingerprint(Default::default()), k.public_key.fingerprint(Default::default()),
k.private_key.fingerprint(Default::default()), k.private_key.fingerprint(Default::default()),
@ -377,7 +376,7 @@ mod tests {
let k = ed25519_plain(); let k = ed25519_plain();
assert_eq!(k.algorithm.as_str(),"ssh-ed25519"); assert_eq!(k.algorithm.as_str(),"ssh-ed25519");
assert_eq!(&k.comment, "hello world"); assert_eq!(&k.comment, "hello world");
assert_eq!( assert_eq!(
k.public_key.fingerprint(Default::default()), k.public_key.fingerprint(Default::default()),
k.private_key.fingerprint(Default::default()), k.private_key.fingerprint(Default::default()),
@ -395,7 +394,7 @@ mod tests {
let k = ed25519_enc(); let k = ed25519_enc();
assert_eq!(k.algorithm.as_str(), "ssh-ed25519"); assert_eq!(k.algorithm.as_str(), "ssh-ed25519");
assert_eq!(&k.comment, "hello world"); assert_eq!(&k.comment, "hello world");
assert_eq!( assert_eq!(
k.public_key.fingerprint(Default::default()), k.public_key.fingerprint(Default::default()),
k.private_key.fingerprint(Default::default()), k.private_key.fingerprint(Default::default()),
@ -447,7 +446,7 @@ mod tests {
async fn test_load_db(pool: SqlitePool) { async fn test_load_db(pool: SqlitePool) {
let crypto = Crypto::fixed(); let crypto = Crypto::fixed();
let id = uuid!("11111111-1111-1111-1111-111111111111"); let id = uuid!("11111111-1111-1111-1111-111111111111");
let k = SshKey::load(&id, &crypto, &pool).await SshKey::load(&id, &crypto, &pool).await
.expect("Failed to load SSH key from database"); .expect("Failed to load SSH key from database");
} }

22
src-tauri/src/kv.rs
View File

@ -44,21 +44,23 @@ pub async fn load_bytes(pool: &SqlitePool, name: &str) -> Result<Option<Vec<u8>>
} }
// pub async fn delete(pool: &SqlitePool, name: &str) -> Result<(), sqlx::Error> { // we don't have a need for this right now, but we will some day
// sqlx::query!("DELETE FROM kv WHERE name = ?", name) #[cfg(test)]
// .execute(pool) pub async fn delete(pool: &SqlitePool, name: &str) -> Result<(), sqlx::Error> {
// .await?; sqlx::query!("DELETE FROM kv WHERE name = ?", name)
// Ok(()) .execute(pool)
// } .await?;
Ok(())
}
pub async fn delete_multi(pool: &SqlitePool, names: &[&str]) -> Result<(), sqlx::Error> { pub async fn delete_multi(pool: &SqlitePool, names: &[&str]) -> Result<(), sqlx::Error> {
let placeholder = names.iter() let placeholder = names.iter()
.map(|_| "?") .map(|_| "?")
.collect::<Vec<&str>>() .collect::<Vec<&str>>()
.join(","); .join(",");
let query = format!("DELETE FROM kv WHERE name IN ({})", placeholder); let query = format!("DELETE FROM kv WHERE name IN ({})", placeholder);
let mut q = sqlx::query(&query); let mut q = sqlx::query(&query);
for name in names { for name in names {
q = q.bind(name); q = q.bind(name);
@ -83,7 +85,7 @@ macro_rules! load_bytes_multi {
( (
// ...with one item for each repetition of $name // ...with one item for each repetition of $name
$( $(
// load_bytes returns Result<Option<_>>, the Result is handled by // load_bytes returns Result<Option<_>>, the Result is handled by
// the ? and we match on the Option // the ? and we match on the Option
match crate::kv::load_bytes($pool, $name).await? { match crate::kv::load_bytes($pool, $name).await? {
Some(v) => v, Some(v) => v,
@ -187,7 +189,7 @@ mod tests {
async fn test_delete(pool: SqlitePool) { async fn test_delete(pool: SqlitePool) {
delete(&pool, "test_bytes").await delete(&pool, "test_bytes").await
.expect("Failed to delete data"); .expect("Failed to delete data");
let loaded = load_bytes(&pool, "test_bytes").await let loaded = load_bytes(&pool, "test_bytes").await
.expect("Failed to load data"); .expect("Failed to load data");
assert_eq!(loaded, None); assert_eq!(loaded, None);

2
src-tauri/src/srv/mod.rs
View File

@ -20,7 +20,7 @@ pub use platform::addr;
#[derive(Debug, Serialize, Deserialize)] #[derive(Debug, Serialize, Deserialize)]
pub enum Request { pub enum Request {
GetAwsCredentials { GetAwsCredentials {
name: Option<String>, name: Option<String>,
base: bool, base: bool,
}, },

4
src-tauri/tauri.conf.json
View File

@ -50,7 +50,7 @@
} }
}, },
"productName": "creddy", "productName": "creddy",
"version": "0.5.2", "version": "0.5.3",
"identifier": "creddy", "identifier": "creddy",
"plugins": {}, "plugins": {},
"app": { "app": {
@ -85,4 +85,4 @@
} }
} }
} }
} }