Compare commits
	
		
			30 Commits
		
	
	
		
			d0a2532c27
			...
			docker-hel
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 064cc03573 | |||
| c7a7b45468 | |||
| e4a7c62828 | |||
| 0fc97d28e0 | |||
| b1a5f9f11a | |||
| 295698e62f | |||
| 3b61aa924a | |||
| 02ba19d709 | |||
| 55801384eb | |||
| 27c2f467c4 | |||
| cab5ec40cc | |||
| 5cf848f7fe | |||
| a32e36be7e | |||
| 10231df860 | |||
| ae93a57aab | |||
| 9fd355b68e | |||
| 00089d7efb | |||
| 0124f77f7b | |||
| 6711ce2c43 | |||
| a3a11897c2 | |||
| 5e6542d08e | |||
| f311fde74e | |||
| acc5c71bfa | |||
| 504c0b4156 | |||
| bf0a2ca72d | |||
| bb980c5eef | |||
| ce7d75f15a | |||
| 37b44ddb2e | |||
| 8c668e51a6 | |||
| 9928996fab | 
| @@ -1,5 +1,5 @@ | ||||
| <!DOCTYPE html> | ||||
| <html lang="en" data-theme="dark"> | ||||
| <html lang="en" data-theme="creddy"> | ||||
|   <head> | ||||
|     <meta charset="UTF-8" /> | ||||
|     <link rel="icon" type="image/svg+xml" href="/vite.svg" /> | ||||
|   | ||||
							
								
								
									
										222
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										222
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							| @@ -1,17 +1,17 @@ | ||||
| { | ||||
|   "name": "creddy", | ||||
|   "version": "0.4.7", | ||||
|   "version": "0.4.9", | ||||
|   "lockfileVersion": 3, | ||||
|   "requires": true, | ||||
|   "packages": { | ||||
|     "": { | ||||
|       "name": "creddy", | ||||
|       "version": "0.4.7", | ||||
|       "version": "0.4.9", | ||||
|       "dependencies": { | ||||
|         "@tauri-apps/api": "^2.0.0-beta.13", | ||||
|         "@tauri-apps/plugin-dialog": "^2.0.0-beta.5", | ||||
|         "@tauri-apps/plugin-os": "^2.0.0-beta.5", | ||||
|         "daisyui": "^2.51.5" | ||||
|         "daisyui": "^4.12.8" | ||||
|       }, | ||||
|       "devDependencies": { | ||||
|         "@sveltejs/vite-plugin-svelte": "^1.0.1", | ||||
| @@ -27,6 +27,7 @@ | ||||
|       "version": "5.2.0", | ||||
|       "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", | ||||
|       "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=10" | ||||
|       }, | ||||
| @@ -70,6 +71,7 @@ | ||||
|       "version": "8.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", | ||||
|       "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "string-width": "^5.1.2", | ||||
|         "string-width-cjs": "npm:string-width@^4.2.0", | ||||
| @@ -86,6 +88,7 @@ | ||||
|       "version": "0.3.5", | ||||
|       "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", | ||||
|       "integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@jridgewell/set-array": "^1.2.1", | ||||
|         "@jridgewell/sourcemap-codec": "^1.4.10", | ||||
| @@ -99,6 +102,7 @@ | ||||
|       "version": "3.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", | ||||
|       "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=6.0.0" | ||||
|       } | ||||
| @@ -107,6 +111,7 @@ | ||||
|       "version": "1.2.1", | ||||
|       "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", | ||||
|       "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=6.0.0" | ||||
|       } | ||||
| @@ -114,12 +119,14 @@ | ||||
|     "node_modules/@jridgewell/sourcemap-codec": { | ||||
|       "version": "1.4.15", | ||||
|       "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", | ||||
|       "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" | ||||
|       "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/@jridgewell/trace-mapping": { | ||||
|       "version": "0.3.25", | ||||
|       "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", | ||||
|       "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@jridgewell/resolve-uri": "^3.1.0", | ||||
|         "@jridgewell/sourcemap-codec": "^1.4.14" | ||||
| @@ -129,6 +136,7 @@ | ||||
|       "version": "2.1.5", | ||||
|       "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", | ||||
|       "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@nodelib/fs.stat": "2.0.5", | ||||
|         "run-parallel": "^1.1.9" | ||||
| @@ -141,6 +149,7 @@ | ||||
|       "version": "2.0.5", | ||||
|       "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", | ||||
|       "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">= 8" | ||||
|       } | ||||
| @@ -149,6 +158,7 @@ | ||||
|       "version": "1.2.8", | ||||
|       "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", | ||||
|       "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@nodelib/fs.scandir": "2.1.5", | ||||
|         "fastq": "^1.6.0" | ||||
| @@ -161,6 +171,7 @@ | ||||
|       "version": "0.11.0", | ||||
|       "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", | ||||
|       "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", | ||||
|       "dev": true, | ||||
|       "optional": true, | ||||
|       "engines": { | ||||
|         "node": ">=14" | ||||
| @@ -409,6 +420,7 @@ | ||||
|       "version": "6.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", | ||||
|       "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=12" | ||||
|       }, | ||||
| @@ -420,6 +432,7 @@ | ||||
|       "version": "6.2.1", | ||||
|       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", | ||||
|       "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=12" | ||||
|       }, | ||||
| @@ -430,12 +443,14 @@ | ||||
|     "node_modules/any-promise": { | ||||
|       "version": "1.3.0", | ||||
|       "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", | ||||
|       "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==" | ||||
|       "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/anymatch": { | ||||
|       "version": "3.1.3", | ||||
|       "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", | ||||
|       "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "normalize-path": "^3.0.0", | ||||
|         "picomatch": "^2.0.4" | ||||
| @@ -447,12 +462,14 @@ | ||||
|     "node_modules/arg": { | ||||
|       "version": "5.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", | ||||
|       "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==" | ||||
|       "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/autoprefixer": { | ||||
|       "version": "10.4.19", | ||||
|       "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.19.tgz", | ||||
|       "integrity": "sha512-BaENR2+zBZ8xXhM4pUaKUxlVdxZ0EZhjvbopwnXmxRUfqDmwSpC2lAi/QXvx7NRdPCo1WKEcEF6mV64si1z4Ew==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
|           "type": "opencollective", | ||||
| @@ -488,12 +505,14 @@ | ||||
|     "node_modules/balanced-match": { | ||||
|       "version": "1.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", | ||||
|       "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" | ||||
|       "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/binary-extensions": { | ||||
|       "version": "2.3.0", | ||||
|       "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", | ||||
|       "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       }, | ||||
| @@ -505,6 +524,7 @@ | ||||
|       "version": "2.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", | ||||
|       "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "balanced-match": "^1.0.0" | ||||
|       } | ||||
| @@ -513,6 +533,7 @@ | ||||
|       "version": "3.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", | ||||
|       "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "fill-range": "^7.1.1" | ||||
|       }, | ||||
| @@ -524,6 +545,7 @@ | ||||
|       "version": "4.23.0", | ||||
|       "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", | ||||
|       "integrity": "sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
|           "type": "opencollective", | ||||
| @@ -563,6 +585,7 @@ | ||||
|       "version": "1.0.30001625", | ||||
|       "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001625.tgz", | ||||
|       "integrity": "sha512-4KE9N2gcRH+HQhpeiRZXd+1niLB/XNLAhSy4z7fI8EzcbcPoAqjNInxVHTiTwWfTIV4w096XG8OtCOCQQKPv3w==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
|           "type": "opencollective", | ||||
| @@ -582,6 +605,7 @@ | ||||
|       "version": "3.6.0", | ||||
|       "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", | ||||
|       "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "anymatch": "~3.1.2", | ||||
|         "braces": "~3.0.2", | ||||
| @@ -605,6 +629,7 @@ | ||||
|       "version": "5.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", | ||||
|       "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "is-glob": "^4.0.1" | ||||
|       }, | ||||
| @@ -612,22 +637,11 @@ | ||||
|         "node": ">= 6" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/color": { | ||||
|       "version": "4.2.3", | ||||
|       "resolved": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", | ||||
|       "integrity": "sha512-1rXeuUUiGGrykh+CeBdu5Ie7OJwinCgQY0bc7GCRxy5xVHy+moaqkpL/jqQq0MtQOeYcrqEz4abc5f0KtU7W4A==", | ||||
|       "dependencies": { | ||||
|         "color-convert": "^2.0.1", | ||||
|         "color-string": "^1.9.0" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": ">=12.5.0" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/color-convert": { | ||||
|       "version": "2.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", | ||||
|       "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "color-name": "~1.1.4" | ||||
|       }, | ||||
| @@ -638,21 +652,14 @@ | ||||
|     "node_modules/color-name": { | ||||
|       "version": "1.1.4", | ||||
|       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", | ||||
|       "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" | ||||
|     }, | ||||
|     "node_modules/color-string": { | ||||
|       "version": "1.9.1", | ||||
|       "resolved": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", | ||||
|       "integrity": "sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==", | ||||
|       "dependencies": { | ||||
|         "color-name": "^1.0.0", | ||||
|         "simple-swizzle": "^0.2.2" | ||||
|       } | ||||
|       "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/commander": { | ||||
|       "version": "4.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", | ||||
|       "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">= 6" | ||||
|       } | ||||
| @@ -661,6 +668,7 @@ | ||||
|       "version": "7.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", | ||||
|       "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "path-key": "^3.1.0", | ||||
|         "shebang-command": "^2.0.0", | ||||
| @@ -690,23 +698,30 @@ | ||||
|         "node": ">=4" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/culori": { | ||||
|       "version": "3.3.0", | ||||
|       "resolved": "https://registry.npmjs.org/culori/-/culori-3.3.0.tgz", | ||||
|       "integrity": "sha512-pHJg+jbuFsCjz9iclQBqyL3B2HLCBF71BwVNujUYEvCeQMvV97R59MNK3R2+jgJ3a1fcZgI9B3vYgz8lzr/BFQ==", | ||||
|       "engines": { | ||||
|         "node": "^12.20.0 || ^14.13.1 || >=16.0.0" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/daisyui": { | ||||
|       "version": "2.52.0", | ||||
|       "resolved": "https://registry.npmjs.org/daisyui/-/daisyui-2.52.0.tgz", | ||||
|       "integrity": "sha512-LQTA5/IVXAJHBMFoeaEMfd7/akAFPPcdQPR3O9fzzcFiczneJFM73CFPnScmW2sOgn/D83cvkP854ep2T9OfTg==", | ||||
|       "version": "4.12.8", | ||||
|       "resolved": "https://registry.npmjs.org/daisyui/-/daisyui-4.12.8.tgz", | ||||
|       "integrity": "sha512-FDdh0z9BsWMI0VeUSwZy6rwp9frEuUgd83SCPOaCYV3iULPzcgTEQT3IlcAbMCrsriu2ziDYZfGOUwPYHkHrfw==", | ||||
|       "dependencies": { | ||||
|         "color": "^4.2", | ||||
|         "css-selector-tokenizer": "^0.8.0", | ||||
|         "postcss-js": "^4.0.0", | ||||
|         "tailwindcss": "^3" | ||||
|         "css-selector-tokenizer": "^0.8", | ||||
|         "culori": "^3", | ||||
|         "picocolors": "^1", | ||||
|         "postcss-js": "^4" | ||||
|       }, | ||||
|       "engines": { | ||||
|         "node": ">=16.9.0" | ||||
|       }, | ||||
|       "funding": { | ||||
|         "type": "opencollective", | ||||
|         "url": "https://opencollective.com/daisyui" | ||||
|       }, | ||||
|       "peerDependencies": { | ||||
|         "autoprefixer": "^10.0.2", | ||||
|         "postcss": "^8.1.6" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/debug": { | ||||
| @@ -738,27 +753,32 @@ | ||||
|     "node_modules/didyoumean": { | ||||
|       "version": "1.2.2", | ||||
|       "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", | ||||
|       "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==" | ||||
|       "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/dlv": { | ||||
|       "version": "1.1.3", | ||||
|       "resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", | ||||
|       "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==" | ||||
|       "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/eastasianwidth": { | ||||
|       "version": "0.2.0", | ||||
|       "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", | ||||
|       "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==" | ||||
|       "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/electron-to-chromium": { | ||||
|       "version": "1.4.787", | ||||
|       "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.787.tgz", | ||||
|       "integrity": "sha512-d0EFmtLPjctczO3LogReyM2pbBiiZbnsKnGF+cdZhsYzHm/A0GV7W94kqzLD8SN4O3f3iHlgLUChqghgyznvCQ==" | ||||
|       "integrity": "sha512-d0EFmtLPjctczO3LogReyM2pbBiiZbnsKnGF+cdZhsYzHm/A0GV7W94kqzLD8SN4O3f3iHlgLUChqghgyznvCQ==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/emoji-regex": { | ||||
|       "version": "9.2.2", | ||||
|       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", | ||||
|       "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" | ||||
|       "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/esbuild": { | ||||
|       "version": "0.15.18", | ||||
| @@ -1121,6 +1141,7 @@ | ||||
|       "version": "3.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", | ||||
|       "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=6" | ||||
|       } | ||||
| @@ -1129,6 +1150,7 @@ | ||||
|       "version": "3.3.2", | ||||
|       "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", | ||||
|       "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@nodelib/fs.stat": "^2.0.2", | ||||
|         "@nodelib/fs.walk": "^1.2.3", | ||||
| @@ -1144,6 +1166,7 @@ | ||||
|       "version": "5.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", | ||||
|       "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "is-glob": "^4.0.1" | ||||
|       }, | ||||
| @@ -1160,6 +1183,7 @@ | ||||
|       "version": "1.17.1", | ||||
|       "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", | ||||
|       "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "reusify": "^1.0.4" | ||||
|       } | ||||
| @@ -1168,6 +1192,7 @@ | ||||
|       "version": "7.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", | ||||
|       "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "to-regex-range": "^5.0.1" | ||||
|       }, | ||||
| @@ -1179,6 +1204,7 @@ | ||||
|       "version": "3.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", | ||||
|       "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "cross-spawn": "^7.0.0", | ||||
|         "signal-exit": "^4.0.1" | ||||
| @@ -1194,6 +1220,7 @@ | ||||
|       "version": "4.3.7", | ||||
|       "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", | ||||
|       "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": "*" | ||||
|       }, | ||||
| @@ -1206,6 +1233,7 @@ | ||||
|       "version": "2.3.3", | ||||
|       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", | ||||
|       "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", | ||||
|       "dev": true, | ||||
|       "hasInstallScript": true, | ||||
|       "optional": true, | ||||
|       "os": [ | ||||
| @@ -1219,6 +1247,7 @@ | ||||
|       "version": "1.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", | ||||
|       "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", | ||||
|       "dev": true, | ||||
|       "funding": { | ||||
|         "url": "https://github.com/sponsors/ljharb" | ||||
|       } | ||||
| @@ -1227,6 +1256,7 @@ | ||||
|       "version": "10.4.1", | ||||
|       "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz", | ||||
|       "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "foreground-child": "^3.1.0", | ||||
|         "jackspeak": "^3.1.2", | ||||
| @@ -1248,6 +1278,7 @@ | ||||
|       "version": "6.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", | ||||
|       "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "is-glob": "^4.0.3" | ||||
|       }, | ||||
| @@ -1259,6 +1290,7 @@ | ||||
|       "version": "2.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", | ||||
|       "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "function-bind": "^1.1.2" | ||||
|       }, | ||||
| @@ -1266,15 +1298,11 @@ | ||||
|         "node": ">= 0.4" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/is-arrayish": { | ||||
|       "version": "0.3.2", | ||||
|       "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", | ||||
|       "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==" | ||||
|     }, | ||||
|     "node_modules/is-binary-path": { | ||||
|       "version": "2.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", | ||||
|       "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "binary-extensions": "^2.0.0" | ||||
|       }, | ||||
| @@ -1286,6 +1314,7 @@ | ||||
|       "version": "2.13.1", | ||||
|       "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", | ||||
|       "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "hasown": "^2.0.0" | ||||
|       }, | ||||
| @@ -1297,6 +1326,7 @@ | ||||
|       "version": "2.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", | ||||
|       "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=0.10.0" | ||||
|       } | ||||
| @@ -1305,6 +1335,7 @@ | ||||
|       "version": "3.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", | ||||
|       "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
| @@ -1313,6 +1344,7 @@ | ||||
|       "version": "4.0.3", | ||||
|       "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", | ||||
|       "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "is-extglob": "^2.1.1" | ||||
|       }, | ||||
| @@ -1324,6 +1356,7 @@ | ||||
|       "version": "7.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", | ||||
|       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=0.12.0" | ||||
|       } | ||||
| @@ -1331,12 +1364,14 @@ | ||||
|     "node_modules/isexe": { | ||||
|       "version": "2.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", | ||||
|       "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" | ||||
|       "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/jackspeak": { | ||||
|       "version": "3.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz", | ||||
|       "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@isaacs/cliui": "^8.0.2" | ||||
|       }, | ||||
| @@ -1354,6 +1389,7 @@ | ||||
|       "version": "1.21.0", | ||||
|       "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", | ||||
|       "integrity": "sha512-gFqAIbuKyyso/3G2qhiO2OM6shY6EPP/R0+mkDbyspxKazh8BXDC5FiFsUjlczgdNz/vfra0da2y+aHrusLG/Q==", | ||||
|       "dev": true, | ||||
|       "bin": { | ||||
|         "jiti": "bin/jiti.js" | ||||
|       } | ||||
| @@ -1371,6 +1407,7 @@ | ||||
|       "version": "2.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", | ||||
|       "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=10" | ||||
|       } | ||||
| @@ -1378,12 +1415,14 @@ | ||||
|     "node_modules/lines-and-columns": { | ||||
|       "version": "1.2.4", | ||||
|       "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", | ||||
|       "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==" | ||||
|       "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/lru-cache": { | ||||
|       "version": "10.2.2", | ||||
|       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", | ||||
|       "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": "14 || >=16.14" | ||||
|       } | ||||
| @@ -1404,6 +1443,7 @@ | ||||
|       "version": "1.4.1", | ||||
|       "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", | ||||
|       "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">= 8" | ||||
|       } | ||||
| @@ -1412,6 +1452,7 @@ | ||||
|       "version": "4.0.7", | ||||
|       "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz", | ||||
|       "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "braces": "^3.0.3", | ||||
|         "picomatch": "^2.3.1" | ||||
| @@ -1424,6 +1465,7 @@ | ||||
|       "version": "9.0.4", | ||||
|       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", | ||||
|       "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "brace-expansion": "^2.0.1" | ||||
|       }, | ||||
| @@ -1438,6 +1480,7 @@ | ||||
|       "version": "7.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", | ||||
|       "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=16 || 14 >=14.17" | ||||
|       } | ||||
| @@ -1452,6 +1495,7 @@ | ||||
|       "version": "2.7.0", | ||||
|       "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", | ||||
|       "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "any-promise": "^1.0.0", | ||||
|         "object-assign": "^4.0.1", | ||||
| @@ -1478,12 +1522,14 @@ | ||||
|     "node_modules/node-releases": { | ||||
|       "version": "2.0.14", | ||||
|       "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", | ||||
|       "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==" | ||||
|       "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/normalize-path": { | ||||
|       "version": "3.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", | ||||
|       "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=0.10.0" | ||||
|       } | ||||
| @@ -1492,6 +1538,7 @@ | ||||
|       "version": "0.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", | ||||
|       "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=0.10.0" | ||||
|       } | ||||
| @@ -1500,6 +1547,7 @@ | ||||
|       "version": "4.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", | ||||
|       "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=0.10.0" | ||||
|       } | ||||
| @@ -1508,6 +1556,7 @@ | ||||
|       "version": "3.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", | ||||
|       "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">= 6" | ||||
|       } | ||||
| @@ -1516,6 +1565,7 @@ | ||||
|       "version": "3.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", | ||||
|       "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
| @@ -1523,12 +1573,14 @@ | ||||
|     "node_modules/path-parse": { | ||||
|       "version": "1.0.7", | ||||
|       "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", | ||||
|       "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" | ||||
|       "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/path-scurry": { | ||||
|       "version": "1.11.1", | ||||
|       "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", | ||||
|       "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "lru-cache": "^10.2.0", | ||||
|         "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" | ||||
| @@ -1549,6 +1601,7 @@ | ||||
|       "version": "2.3.1", | ||||
|       "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", | ||||
|       "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8.6" | ||||
|       }, | ||||
| @@ -1560,6 +1613,7 @@ | ||||
|       "version": "2.3.0", | ||||
|       "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", | ||||
|       "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=0.10.0" | ||||
|       } | ||||
| @@ -1568,6 +1622,7 @@ | ||||
|       "version": "4.0.6", | ||||
|       "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", | ||||
|       "integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">= 6" | ||||
|       } | ||||
| @@ -1603,6 +1658,7 @@ | ||||
|       "version": "15.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", | ||||
|       "integrity": "sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "postcss-value-parser": "^4.0.0", | ||||
|         "read-cache": "^1.0.0", | ||||
| @@ -1637,6 +1693,7 @@ | ||||
|       "version": "4.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", | ||||
|       "integrity": "sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
|           "type": "opencollective", | ||||
| @@ -1671,6 +1728,7 @@ | ||||
|       "version": "3.1.1", | ||||
|       "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", | ||||
|       "integrity": "sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=14" | ||||
|       }, | ||||
| @@ -1682,6 +1740,7 @@ | ||||
|       "version": "6.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", | ||||
|       "integrity": "sha512-mEp4xPMi5bSWiMbsgoPfcP74lsWLHkQbZc3sY+jWYd65CUwXrUaTp0fmNpa01ZcETKlIgUdFN/MpS2xZtqL9dQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "postcss-selector-parser": "^6.0.11" | ||||
|       }, | ||||
| @@ -1700,6 +1759,7 @@ | ||||
|       "version": "6.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz", | ||||
|       "integrity": "sha512-UMz42UD0UY0EApS0ZL9o1XnLhSTtvvvLe5Dc2H2O56fvRZi+KulDyf5ctDhhtYJBGKStV2FL1fy6253cmLgqVQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "cssesc": "^3.0.0", | ||||
|         "util-deprecate": "^1.0.2" | ||||
| @@ -1711,12 +1771,14 @@ | ||||
|     "node_modules/postcss-value-parser": { | ||||
|       "version": "4.2.0", | ||||
|       "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", | ||||
|       "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==" | ||||
|       "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/queue-microtask": { | ||||
|       "version": "1.2.3", | ||||
|       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", | ||||
|       "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
|           "type": "github", | ||||
| @@ -1736,6 +1798,7 @@ | ||||
|       "version": "1.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", | ||||
|       "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "pify": "^2.3.0" | ||||
|       } | ||||
| @@ -1744,6 +1807,7 @@ | ||||
|       "version": "3.6.0", | ||||
|       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", | ||||
|       "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "picomatch": "^2.2.1" | ||||
|       }, | ||||
| @@ -1755,6 +1819,7 @@ | ||||
|       "version": "1.22.8", | ||||
|       "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", | ||||
|       "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "is-core-module": "^2.13.0", | ||||
|         "path-parse": "^1.0.7", | ||||
| @@ -1771,6 +1836,7 @@ | ||||
|       "version": "1.0.4", | ||||
|       "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", | ||||
|       "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "iojs": ">=1.0.0", | ||||
|         "node": ">=0.10.0" | ||||
| @@ -1795,6 +1861,7 @@ | ||||
|       "version": "1.2.0", | ||||
|       "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", | ||||
|       "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
|           "type": "github", | ||||
| @@ -1817,6 +1884,7 @@ | ||||
|       "version": "2.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", | ||||
|       "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "shebang-regex": "^3.0.0" | ||||
|       }, | ||||
| @@ -1828,6 +1896,7 @@ | ||||
|       "version": "3.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", | ||||
|       "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
| @@ -1836,6 +1905,7 @@ | ||||
|       "version": "4.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", | ||||
|       "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=14" | ||||
|       }, | ||||
| @@ -1843,14 +1913,6 @@ | ||||
|         "url": "https://github.com/sponsors/isaacs" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/simple-swizzle": { | ||||
|       "version": "0.2.2", | ||||
|       "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", | ||||
|       "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==", | ||||
|       "dependencies": { | ||||
|         "is-arrayish": "^0.3.1" | ||||
|       } | ||||
|     }, | ||||
|     "node_modules/source-map-js": { | ||||
|       "version": "1.2.0", | ||||
|       "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", | ||||
| @@ -1870,6 +1932,7 @@ | ||||
|       "version": "5.1.2", | ||||
|       "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", | ||||
|       "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "eastasianwidth": "^0.2.0", | ||||
|         "emoji-regex": "^9.2.2", | ||||
| @@ -1887,6 +1950,7 @@ | ||||
|       "version": "4.2.3", | ||||
|       "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", | ||||
|       "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "emoji-regex": "^8.0.0", | ||||
|         "is-fullwidth-code-point": "^3.0.0", | ||||
| @@ -1900,6 +1964,7 @@ | ||||
|       "version": "5.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", | ||||
|       "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
| @@ -1907,12 +1972,14 @@ | ||||
|     "node_modules/string-width-cjs/node_modules/emoji-regex": { | ||||
|       "version": "8.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", | ||||
|       "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" | ||||
|       "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/string-width-cjs/node_modules/strip-ansi": { | ||||
|       "version": "6.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", | ||||
|       "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "ansi-regex": "^5.0.1" | ||||
|       }, | ||||
| @@ -1924,6 +1991,7 @@ | ||||
|       "version": "7.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", | ||||
|       "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "ansi-regex": "^6.0.1" | ||||
|       }, | ||||
| @@ -1939,6 +2007,7 @@ | ||||
|       "version": "6.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", | ||||
|       "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "ansi-regex": "^5.0.1" | ||||
|       }, | ||||
| @@ -1950,6 +2019,7 @@ | ||||
|       "version": "5.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", | ||||
|       "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
| @@ -1958,6 +2028,7 @@ | ||||
|       "version": "3.35.0", | ||||
|       "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", | ||||
|       "integrity": "sha512-8EbVDiu9iN/nESwxeSxDKe0dunta1GOlHufmSSXxMD2z2/tMZpDMpvXQGsc+ajGo8y2uYUmixaSRUc/QPoQ0GA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@jridgewell/gen-mapping": "^0.3.2", | ||||
|         "commander": "^4.0.0", | ||||
| @@ -1979,6 +2050,7 @@ | ||||
|       "version": "1.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", | ||||
|       "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">= 0.4" | ||||
|       }, | ||||
| @@ -2011,6 +2083,7 @@ | ||||
|       "version": "3.4.3", | ||||
|       "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", | ||||
|       "integrity": "sha512-U7sxQk/n397Bmx4JHbJx/iSOOv5G+II3f1kpLpY2QeUv5DcPdcTsYLlusZfq1NthHS1c1cZoyFmmkex1rzke0A==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "@alloc/quick-lru": "^5.2.0", | ||||
|         "arg": "^5.0.2", | ||||
| @@ -2047,6 +2120,7 @@ | ||||
|       "version": "3.3.1", | ||||
|       "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", | ||||
|       "integrity": "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "any-promise": "^1.0.0" | ||||
|       } | ||||
| @@ -2055,6 +2129,7 @@ | ||||
|       "version": "1.6.0", | ||||
|       "resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", | ||||
|       "integrity": "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "thenify": ">= 3.1.0 < 4" | ||||
|       }, | ||||
| @@ -2066,6 +2141,7 @@ | ||||
|       "version": "5.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", | ||||
|       "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "is-number": "^7.0.0" | ||||
|       }, | ||||
| @@ -2076,12 +2152,14 @@ | ||||
|     "node_modules/ts-interface-checker": { | ||||
|       "version": "0.1.13", | ||||
|       "resolved": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", | ||||
|       "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==" | ||||
|       "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/update-browserslist-db": { | ||||
|       "version": "1.0.16", | ||||
|       "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.16.tgz", | ||||
|       "integrity": "sha512-KVbTxlBYlckhF5wgfyZXTWnMn7MMZjMu9XG8bPlliUOP9ThaF4QnhP8qrjrH7DRzHfSk0oQv1wToW+iA5GajEQ==", | ||||
|       "dev": true, | ||||
|       "funding": [ | ||||
|         { | ||||
|           "type": "opencollective", | ||||
| @@ -2110,7 +2188,8 @@ | ||||
|     "node_modules/util-deprecate": { | ||||
|       "version": "1.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", | ||||
|       "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==" | ||||
|       "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/vite": { | ||||
|       "version": "3.2.10", | ||||
| @@ -2179,6 +2258,7 @@ | ||||
|       "version": "2.0.2", | ||||
|       "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", | ||||
|       "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "isexe": "^2.0.0" | ||||
|       }, | ||||
| @@ -2193,6 +2273,7 @@ | ||||
|       "version": "8.1.0", | ||||
|       "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", | ||||
|       "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "ansi-styles": "^6.1.0", | ||||
|         "string-width": "^5.0.1", | ||||
| @@ -2210,6 +2291,7 @@ | ||||
|       "version": "7.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", | ||||
|       "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "ansi-styles": "^4.0.0", | ||||
|         "string-width": "^4.1.0", | ||||
| @@ -2226,6 +2308,7 @@ | ||||
|       "version": "5.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", | ||||
|       "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", | ||||
|       "dev": true, | ||||
|       "engines": { | ||||
|         "node": ">=8" | ||||
|       } | ||||
| @@ -2234,6 +2317,7 @@ | ||||
|       "version": "4.3.0", | ||||
|       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", | ||||
|       "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "color-convert": "^2.0.1" | ||||
|       }, | ||||
| @@ -2247,12 +2331,14 @@ | ||||
|     "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": { | ||||
|       "version": "8.0.0", | ||||
|       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", | ||||
|       "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" | ||||
|       "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", | ||||
|       "dev": true | ||||
|     }, | ||||
|     "node_modules/wrap-ansi-cjs/node_modules/string-width": { | ||||
|       "version": "4.2.3", | ||||
|       "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", | ||||
|       "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "emoji-regex": "^8.0.0", | ||||
|         "is-fullwidth-code-point": "^3.0.0", | ||||
| @@ -2266,6 +2352,7 @@ | ||||
|       "version": "6.0.1", | ||||
|       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", | ||||
|       "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", | ||||
|       "dev": true, | ||||
|       "dependencies": { | ||||
|         "ansi-regex": "^5.0.1" | ||||
|       }, | ||||
| @@ -2277,6 +2364,7 @@ | ||||
|       "version": "2.4.2", | ||||
|       "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.2.tgz", | ||||
|       "integrity": "sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==", | ||||
|       "dev": true, | ||||
|       "bin": { | ||||
|         "yaml": "bin.mjs" | ||||
|       }, | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| { | ||||
|   "name": "creddy", | ||||
|   "version": "0.4.9", | ||||
|   "version": "0.5.4", | ||||
|   "scripts": { | ||||
|     "dev": "vite", | ||||
|     "build": "vite build", | ||||
| @@ -20,6 +20,6 @@ | ||||
|     "@tauri-apps/api": "^2.0.0-beta.13", | ||||
|     "@tauri-apps/plugin-dialog": "^2.0.0-beta.5", | ||||
|     "@tauri-apps/plugin-os": "^2.0.0-beta.5", | ||||
|     "daisyui": "^2.51.5" | ||||
|     "daisyui": "^4.12.8" | ||||
|   } | ||||
| } | ||||
|   | ||||
							
								
								
									
										2396
									
								
								src-tauri/Cargo.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										2396
									
								
								src-tauri/Cargo.lock
									
									
									
										generated
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @@ -1,6 +1,6 @@ | ||||
| [package] | ||||
| name = "creddy" | ||||
| version = "0.4.9" | ||||
| version = "0.5.4" | ||||
| description = "A friendly AWS credentials manager" | ||||
| authors = ["Joseph Montanaro"] | ||||
| license = "" | ||||
| @@ -9,38 +9,40 @@ default-run = "creddy" | ||||
| edition = "2021" | ||||
| rust-version = "1.57" | ||||
|  | ||||
| [[bin]] | ||||
| name = "creddy_cli" | ||||
| path = "src/bin/creddy_cli.rs" | ||||
|  | ||||
| [[bin]] | ||||
| name = "creddy" | ||||
| path = "src/main.rs" | ||||
|  | ||||
| # we use a workspace so that we can split out the CLI and make it possible to build independently | ||||
| [workspace] | ||||
| members = ["creddy_cli"] | ||||
|  | ||||
| [workspace.dependencies] | ||||
| dirs = "5.0" | ||||
| serde = { version = "1.0", features = ["derive"] } | ||||
| serde_json = "1.0" | ||||
| tokio = { version = ">=1.19", features = ["full"] } | ||||
|  | ||||
| # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | ||||
|  | ||||
| [build-dependencies] | ||||
| tauri-build = { version = "2.0.0-beta", features = [] } | ||||
|  | ||||
| [dependencies] | ||||
| serde_json = "1.0" | ||||
| serde = { version = "1.0", features = ["derive"] } | ||||
| creddy_cli = { path = "./creddy_cli" } | ||||
| tauri = { version = "2.0.0-beta", features = ["tray-icon"] } | ||||
| sodiumoxide = "0.2.7" | ||||
| tokio = { version = ">=1.19", features = ["full"] } | ||||
| sqlx = { version = "0.6.2", features = ["sqlite", "runtime-tokio-rustls"] } | ||||
| sysinfo = "0.26.8" | ||||
| aws-types = "0.52.0" | ||||
| aws-sdk-sts = "0.22.0" | ||||
| aws-smithy-types = "0.52.0" | ||||
| aws-config = "0.52.0" | ||||
| aws-config = "1.5.3" | ||||
| aws-types = "1.3.2" | ||||
| aws-sdk-sts = "1.33.0" | ||||
| aws-smithy-types = "1.2.0" | ||||
| dirs = { workspace = true } | ||||
| thiserror = "1.0.38" | ||||
| once_cell = "1.16.0" | ||||
| strum = "0.24" | ||||
| strum_macros = "0.24" | ||||
| auto-launch = "0.4.0" | ||||
| dirs = "5.0" | ||||
| clap = { version = "3.2.23", features = ["derive"] } | ||||
| is-terminal = "0.4.7" | ||||
| argon2 = { version = "0.5.0", features = ["std"] } | ||||
| chacha20poly1305 = { version = "0.10.1", features = ["std"] } | ||||
| @@ -49,10 +51,23 @@ windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pi | ||||
| time = "0.3.31" | ||||
| tauri-plugin-single-instance = "2.0.0-beta.9" | ||||
| tauri-plugin-global-shortcut = "2.0.0-beta.6" | ||||
| rfd = "0.14.1" | ||||
| tauri-plugin-os = "2.0.0-beta.6" | ||||
| tauri-plugin-dialog = "2.0.0-beta.9" | ||||
| rfd = "0.13.0" | ||||
| ssh-agent-lib = "0.4.0" | ||||
| ssh-key = { version = "0.6.6", features = ["rsa", "ed25519", "encryption"] } | ||||
| signature = "2.2.0" | ||||
| tokio-stream = "0.1.15" | ||||
| serde = { workspace = true } | ||||
| serde_json = { workspace = true } | ||||
| sqlx = { version = "0.7.4", features = ["sqlite", "runtime-tokio", "uuid"] } | ||||
| tokio = { workspace = true } | ||||
| tokio-util = { version = "0.7.11", features = ["codec"] } | ||||
| futures = "0.3.30" | ||||
| openssl = "0.10.64" | ||||
| rsa = "0.9.6" | ||||
| sha2 = "0.10.8" | ||||
| ssh-encoding = "0.2.0" | ||||
|  | ||||
| [features] | ||||
| # by default Tauri runs in production mode | ||||
|   | ||||
| @@ -12,6 +12,8 @@ | ||||
|     "app:default", | ||||
|     "resources:default", | ||||
|     "menu:default", | ||||
|     "tray:default" | ||||
|     "tray:default", | ||||
|     "os:allow-os-type", | ||||
|     "dialog:allow-open" | ||||
|   ] | ||||
| } | ||||
							
								
								
									
										12
									
								
								src-tauri/creddy_cli/Cargo.toml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								src-tauri/creddy_cli/Cargo.toml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| [package] | ||||
| name = "creddy_cli" | ||||
| version = "0.5.4" | ||||
| edition = "2021" | ||||
|  | ||||
| [dependencies] | ||||
| anyhow = "1.0.86" | ||||
| clap = { version = "4", features = ["derive"] } | ||||
| dirs = { workspace = true } | ||||
| serde = { workspace = true } | ||||
| serde_json = { workspace = true } | ||||
| tokio = { workspace = true } | ||||
							
								
								
									
										43
									
								
								src-tauri/creddy_cli/src/cli/docker.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								src-tauri/creddy_cli/src/cli/docker.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| use std::io::{self, Read}; | ||||
|  | ||||
| use anyhow::bail; | ||||
|  | ||||
| use crate::proto::{CliResponse, DockerCredential}; | ||||
| use super::{ | ||||
|     CliCredential, | ||||
|     CliRequest, | ||||
|     GlobalArgs | ||||
| }; | ||||
|  | ||||
|  | ||||
| pub fn docker_store(global_args: GlobalArgs) -> anyhow::Result<()> { | ||||
|     let input: DockerCredential = serde_json::from_reader(io::stdin())?; | ||||
|  | ||||
|     let req = CliRequest::SaveCredential { | ||||
|         name: input.username.clone(), | ||||
|         is_default: false, // is_default doesn't really mean anything for Docker credentials | ||||
|         credential: CliCredential::Docker(input), | ||||
|     }; | ||||
|  | ||||
|     match super::make_request(global_args.server_addr, &req)?? { | ||||
|         CliResponse::Empty => Ok(()), | ||||
|         r => bail!("Unexpected response from server: {r}"), | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn docker_get(global_args: GlobalArgs) -> anyhow::Result<()> { | ||||
|     let mut server_url = String::new(); | ||||
|     io::stdin().read_to_string(&mut server_url)?; | ||||
|     let req = CliRequest::GetDockerCredential { | ||||
|        server_url: server_url.trim().to_owned() | ||||
|     }; | ||||
|  | ||||
|     match super::make_request(global_args.server_addr, &req)?? { | ||||
|         CliResponse::Credential(CliCredential::Docker(d)) => { | ||||
|             println!("{}", serde_json::to_string(&d)?); | ||||
|         }, | ||||
|         r => bail!("Unexpected response from server: {r}"), | ||||
|     } | ||||
|     Ok(()) | ||||
| } | ||||
							
								
								
									
										234
									
								
								src-tauri/creddy_cli/src/cli/mod.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										234
									
								
								src-tauri/creddy_cli/src/cli/mod.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,234 @@ | ||||
| use std::path::PathBuf; | ||||
| use std::process::Command as ChildCommand; | ||||
| #[cfg(unix)] | ||||
| use std::os::unix::process::CommandExt; | ||||
| #[cfg(windows)] | ||||
| use std::time::Duration; | ||||
|  | ||||
| use anyhow::{bail, Context}; | ||||
| use clap::{ | ||||
|     Args, | ||||
|     Parser, | ||||
|     Subcommand | ||||
| }; | ||||
| use clap::builder::styling::{Styles, AnsiColor}; | ||||
| use tokio::io::{AsyncReadExt, AsyncWriteExt}; | ||||
|  | ||||
| use crate::proto::{ | ||||
|     CliCredential, | ||||
|     CliRequest, | ||||
|     CliResponse, | ||||
|     ServerError, | ||||
|     ShortcutAction, | ||||
| }; | ||||
|  | ||||
| mod docker; | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Parser)] | ||||
| #[command( | ||||
|     about, | ||||
|     version, | ||||
|     name = "creddy", | ||||
|     bin_name = "creddy", | ||||
|     styles = Styles::styled() | ||||
|         .header(AnsiColor::Yellow.on_default()) | ||||
|         .usage(AnsiColor::Yellow.on_default()) | ||||
|         .literal(AnsiColor::Green.on_default()) | ||||
|         .placeholder(AnsiColor::Green.on_default()) | ||||
| )] | ||||
| /// A friendly credential manager | ||||
| pub struct Cli { | ||||
|     #[command(flatten)] | ||||
|     pub global_args: GlobalArgs, | ||||
|  | ||||
|     #[command(subcommand)] | ||||
|     pub action: Option<Action>, | ||||
| } | ||||
|  | ||||
| impl Cli { | ||||
|     // proxy the Parser method so that main crate doesn't have to depend on Clap | ||||
|     pub fn parse() -> Self { | ||||
|         <Self as Parser>::parse() | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Clone, Args)] | ||||
| pub struct GlobalArgs { | ||||
|     /// Connect to the main Creddy application at this path | ||||
|     #[arg(long, short = 'a')] | ||||
|     server_addr: Option<PathBuf>, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Subcommand)] | ||||
| pub enum Action { | ||||
|     /// Launch Creddy | ||||
|     Run, | ||||
|     /// Request credentials from Creddy and output to stdout | ||||
|     Get(GetArgs), | ||||
|     /// Inject credentials into the environment of another command | ||||
|     Exec(ExecArgs), | ||||
|     /// Invoke an action normally triggered by hotkey (e.g. launch terminal) | ||||
|     Shortcut(InvokeArgs), | ||||
|     /// Interact with Docker credentials via the docker-credential-helper protocol | ||||
|     #[command(subcommand)] | ||||
|     Docker(DockerCmd), | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Args)] | ||||
| pub struct GetArgs { | ||||
|     /// If unspecified, use default credentials | ||||
|     #[arg(short, long)] | ||||
|     name: Option<String>, | ||||
|     /// Use base credentials instead of session credentials (only applicable to AWS) | ||||
|     #[arg(long, short, default_value_t = false)] | ||||
|     base: bool, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Args)] | ||||
| pub struct ExecArgs { | ||||
|     #[command(flatten)] | ||||
|     get_args: GetArgs, | ||||
|     #[arg(trailing_var_arg = true)] | ||||
|     /// Command to be wrapped | ||||
|     command: Vec<String>, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Args)] | ||||
| pub struct InvokeArgs { | ||||
|     #[arg(value_name = "ACTION", value_enum)] | ||||
|     shortcut_action: ShortcutAction, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Subcommand)] | ||||
| pub enum DockerCmd { | ||||
|     /// Get a stored Docker credential | ||||
|     Get, | ||||
|     /// Store a new Docker credential | ||||
|     Store, | ||||
|     /// Remove a stored Docker credential | ||||
|     Erase, | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn get(args: GetArgs, global: GlobalArgs) -> anyhow::Result<()> { | ||||
|     let req = CliRequest::GetAwsCredential { | ||||
|         name: args.name, | ||||
|         base: args.base, | ||||
|     }; | ||||
|  | ||||
|     let output = match make_request(global.server_addr, &req)?? { | ||||
|         CliResponse::Credential(CliCredential::AwsBase(c)) => { | ||||
|             serde_json::to_string_pretty(&c).unwrap() | ||||
|         }, | ||||
|         CliResponse::Credential(CliCredential::AwsSession(c)) => { | ||||
|             serde_json::to_string_pretty(&c).unwrap() | ||||
|         }, | ||||
|         r => bail!("Unexpected response from server: {r}"), | ||||
|     }; | ||||
|     println!("{output}"); | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn exec(args: ExecArgs, global: GlobalArgs) -> anyhow::Result<()> { | ||||
|     // Clap guarantees that cmd_line will be a sequence of at least 1 item | ||||
|     // test this! | ||||
|     let mut cmd_line = args.command.iter(); | ||||
|     let cmd_name = cmd_line.next().unwrap(); | ||||
|     let mut cmd = ChildCommand::new(cmd_name); | ||||
|     cmd.args(cmd_line); | ||||
|  | ||||
|     let req = CliRequest::GetAwsCredential { | ||||
|         name: args.get_args.name, | ||||
|         base: args.get_args.base, | ||||
|     }; | ||||
|  | ||||
|     match make_request(global.server_addr, &req)?? { | ||||
|         CliResponse::Credential(CliCredential::AwsBase(creds)) => { | ||||
|             cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id); | ||||
|             cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key); | ||||
|         }, | ||||
|         CliResponse::Credential(CliCredential::AwsSession(creds)) => { | ||||
|             cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id); | ||||
|             cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key); | ||||
|             cmd.env("AWS_SESSION_TOKEN", creds.session_token); | ||||
|         }, | ||||
|         r => bail!("Unexpected response from server: {r}"), | ||||
|     } | ||||
|  | ||||
|     #[cfg(unix)] | ||||
|     { | ||||
|         let e = cmd.exec(); | ||||
|         // cmd.exec() never returns if successful, so we never hit this line unless there's an error | ||||
|         Err(e).with_context(|| { | ||||
|             // eventually figure out how to display the actual command | ||||
|             format!("Failed to execute command: {}", args.command.join(" ")) | ||||
|         })?; | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     #[cfg(windows)] | ||||
|     { | ||||
|         let mut child = match cmd.spawn() { | ||||
|             Ok(c) => c, | ||||
|             Err(e) if e.kind() == std::io::ErrorKind::NotFound => { | ||||
|                 let name: OsString = cmd_name.into(); | ||||
|                 return Err(ExecError::NotFound(name).into()); | ||||
|             } | ||||
|             Err(e) => return Err(ExecError::ExecutionFailed(e).into()), | ||||
|         }; | ||||
|  | ||||
|         let status = child.wait() | ||||
|             .map_err(|e| ExecError::ExecutionFailed(e))?; | ||||
|         std::process::exit(status.code().unwrap_or(1)); | ||||
|     }; | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn invoke_shortcut(args: InvokeArgs, global: GlobalArgs) -> anyhow::Result<()> { | ||||
|     let req = CliRequest::InvokeShortcut(args.shortcut_action); | ||||
|     match make_request(global.server_addr, &req)?? { | ||||
|         CliResponse::Empty => Ok(()), | ||||
|         r => bail!("Unexpected response from server: {r}"), | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn docker_credential_helper(cmd: DockerCmd, global_args: GlobalArgs) -> anyhow::Result<()> { | ||||
|     match cmd { | ||||
|         DockerCmd::Get => docker::docker_get(global_args), | ||||
|         DockerCmd::Store => docker::docker_store(global_args), | ||||
|         DockerCmd::Erase => todo!(), | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| // Explanation for double-result: the server will return a (serialized) Result | ||||
| // to indicate when the operation succeeded or failed, which we deserialize. | ||||
| // However, the operation may fail to even communicate with the server, in | ||||
| // which case we return the outer Result | ||||
| // (probably this should be modeled differently) | ||||
| #[tokio::main] | ||||
| async fn make_request( | ||||
|     addr: Option<PathBuf>, | ||||
|     req: &CliRequest | ||||
| ) -> anyhow::Result<Result<CliResponse, ServerError>> { | ||||
|     let mut data = serde_json::to_string(req).unwrap(); | ||||
|     // server expects newline marking end of request | ||||
|     data.push('\n'); | ||||
|  | ||||
|     let mut stream = crate::connect(addr).await?; | ||||
|     stream.write_all(&data.as_bytes()).await?; | ||||
|  | ||||
|     let mut buf = Vec::with_capacity(1024); | ||||
|     stream.read_to_end(&mut buf).await?; | ||||
|     let res: Result<CliResponse, ServerError> = serde_json::from_slice(&buf)?; | ||||
|     Ok(res) | ||||
| } | ||||
							
								
								
									
										41
									
								
								src-tauri/creddy_cli/src/lib.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								src-tauri/creddy_cli/src/lib.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,41 @@ | ||||
| mod cli; | ||||
| pub use cli::{ | ||||
|     Cli, | ||||
|     Action, | ||||
|     exec, | ||||
|     get, | ||||
|     invoke_shortcut, | ||||
|     docker_credential_helper, | ||||
| }; | ||||
|  | ||||
| pub(crate) use platform::connect; | ||||
| pub use platform::server_addr; | ||||
|  | ||||
| pub mod proto; | ||||
|  | ||||
|  | ||||
| #[cfg(unix)] | ||||
| mod platform { | ||||
|     use std::path::PathBuf; | ||||
|     use tokio::net::UnixStream; | ||||
|  | ||||
|     pub async fn connect(addr: Option<PathBuf>) -> Result<UnixStream, std::io::Error> { | ||||
|         let path = addr.unwrap_or_else(|| server_addr("creddy-server")); | ||||
|         UnixStream::connect(&path).await | ||||
|     } | ||||
|  | ||||
|     pub fn server_addr(sock_name: &str) -> PathBuf { | ||||
|         let mut path = dirs::runtime_dir() | ||||
|             .unwrap_or_else(|| PathBuf::from("/tmp")); | ||||
|         path.push(format!("{sock_name}.sock")); | ||||
|         path | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(windows)] | ||||
| mod platform { | ||||
|     pub fn server_addr(sock_name: &str) -> String { | ||||
|         format!(r"\\.\pipe\{sock_name}") | ||||
|     } | ||||
| } | ||||
							
								
								
									
										36
									
								
								src-tauri/creddy_cli/src/main.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								src-tauri/creddy_cli/src/main.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,36 @@ | ||||
| use std::env; | ||||
| use std::process::{self, Command}; | ||||
|  | ||||
| use creddy_cli::{Action, Cli}; | ||||
|  | ||||
|  | ||||
| fn main() { | ||||
|     let cli = Cli::parse(); | ||||
|     let res = match cli.action { | ||||
|         None | Some(Action::Run)=> launch_gui(), | ||||
|         Some(Action::Get(args)) => creddy_cli::get(args, cli.global_args), | ||||
|         Some(Action::Exec(args)) => creddy_cli::exec(args, cli.global_args), | ||||
|         Some(Action::Shortcut(args)) => creddy_cli::invoke_shortcut(args, cli.global_args), | ||||
|         Some(Action::Docker(cmd)) => creddy_cli::docker_credential_helper(cmd, cli.global_args), | ||||
|     }; | ||||
|  | ||||
|     if let Err(e) = res { | ||||
|         eprintln!("Error: {e:?}"); | ||||
|         process::exit(1); | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn launch_gui() -> anyhow::Result<()>  { | ||||
|     let mut path = env::current_exe()?; | ||||
|     path.pop(); // bin dir | ||||
|  | ||||
|     // binaries are colocated in dev, but not in production | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     path.pop(); // install dir | ||||
|  | ||||
|     path.push("creddy.exe"); // exe in main install dir (aka gui exe) | ||||
|  | ||||
|     Command::new(path).spawn()?; | ||||
|     Ok(()) | ||||
| } | ||||
							
								
								
									
										113
									
								
								src-tauri/creddy_cli/src/proto.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										113
									
								
								src-tauri/creddy_cli/src/proto.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,113 @@ | ||||
| use std::fmt::{ | ||||
|     Display, | ||||
|     Formatter, | ||||
|     Error as FmtError | ||||
| }; | ||||
|  | ||||
| use clap::ValueEnum; | ||||
| use serde::{Serialize, Deserialize}; | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| #[serde(tag = "type")] | ||||
| pub enum CliRequest { | ||||
|     GetAwsCredential { | ||||
|         name: Option<String>, | ||||
|         base: bool, | ||||
|     }, | ||||
|     GetDockerCredential { | ||||
|         server_url: String, | ||||
|     }, | ||||
|     StoreDockerCredential(DockerCredential), | ||||
|     EraseDockerCredential { | ||||
|         server_url: String, | ||||
|     }, | ||||
|     InvokeShortcut{ | ||||
|         action: ShortcutAction, | ||||
|     }, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Copy, Clone, Serialize, Deserialize, ValueEnum)] | ||||
| pub enum ShortcutAction { | ||||
|     ShowWindow, | ||||
|     LaunchTerminal, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub enum CliResponse { | ||||
|     Credential(CliCredential), | ||||
|     Empty, | ||||
| } | ||||
|  | ||||
| impl Display for CliResponse { | ||||
|     fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> { | ||||
|         match self { | ||||
|             CliResponse::Credential(CliCredential::AwsBase(_)) => write!(f, "Credential (AwsBase)"), | ||||
|             CliResponse::Credential(CliCredential::AwsSession(_)) => write!(f, "Credential (AwsSession)"), | ||||
|             CliResponse::Credential(CliCredential::Docker(_)) => write!(f, "Credential (Docker)"), | ||||
|             CliResponse::Empty => write!(f, "Empty"), | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub enum CliCredential { | ||||
|     AwsBase(AwsBaseCredential), | ||||
|     AwsSession(AwsSessionCredential), | ||||
|     Docker(DockerCredential), | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Eq, PartialEq, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct AwsBaseCredential { | ||||
|     #[serde(default = "default_aws_version")] | ||||
|     pub version: usize, | ||||
|     pub access_key_id: String, | ||||
|     pub secret_access_key: String, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Eq, PartialEq, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct AwsSessionCredential { | ||||
|     #[serde(default = "default_aws_version")] | ||||
|     pub version: usize, | ||||
|     pub access_key_id: String, | ||||
|     pub secret_access_key: String, | ||||
|     pub session_token: String, | ||||
|     // we don't need to know the expiration for the CLI, so just use a string here | ||||
|     pub expiration: String, | ||||
| } | ||||
|  | ||||
|  | ||||
| fn default_aws_version() -> usize { 1 } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Eq, PartialEq, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct DockerCredential { | ||||
|     #[serde(rename = "ServerURL")] | ||||
|     pub server_url: String, | ||||
|     pub username: String, | ||||
|     pub secret: String, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub struct ServerError { | ||||
|     code: String, | ||||
|     msg: String, | ||||
| } | ||||
|  | ||||
| impl Display for ServerError { | ||||
|     fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> { | ||||
|         write!(f, "Error response ({}) from server: {}", self.code, self.msg)?; | ||||
|         Ok(()) | ||||
|     } | ||||
| } | ||||
|  | ||||
| impl std::error::Error for ServerError {} | ||||
										
											
												File diff suppressed because one or more lines are too long
											
										
									
								
							| @@ -1 +1 @@ | ||||
| {"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["path:default","event:default","window:default","app:default","resources:default","menu:default","tray:default"]}} | ||||
| {"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["path:default","event:default","window:default","app:default","resources:default","menu:default","tray:default","os:allow-os-type","dialog:allow-open"]}} | ||||
| @@ -247,6 +247,82 @@ | ||||
|             "app:deny-version" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:default" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-ask -> Enables the ask command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-ask" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-confirm -> Enables the confirm command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-confirm" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-message -> Enables the message command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-message" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-open -> Enables the open command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-open" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-save -> Enables the save command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-save" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-ask -> Denies the ask command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-ask" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-confirm -> Denies the confirm command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-confirm" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-message -> Denies the message command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-message" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-open -> Denies the open command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-open" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-save -> Denies the save command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-save" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "event:default -> Default permissions for the plugin.", | ||||
|           "type": "string", | ||||
| @@ -778,6 +854,124 @@ | ||||
|             "menu:deny-text" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:default" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-arch -> Enables the arch command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-arch" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-exe-extension -> Enables the exe_extension command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-exe-extension" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-family -> Enables the family command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-family" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-hostname -> Enables the hostname command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-hostname" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-locale -> Enables the locale command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-locale" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-os-type -> Enables the os_type command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-os-type" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-platform -> Enables the platform command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-platform" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-version -> Enables the version command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-version" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-arch -> Denies the arch command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-arch" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-exe-extension -> Denies the exe_extension command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-exe-extension" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-family -> Denies the family command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-family" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-hostname -> Denies the hostname command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-hostname" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-locale -> Denies the locale command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-locale" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-os-type -> Denies the os_type command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-os-type" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-platform -> Denies the platform command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-platform" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-version -> Denies the version command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-version" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "path:default -> Default permissions for the plugin.", | ||||
|           "type": "string", | ||||
|   | ||||
| @@ -247,6 +247,82 @@ | ||||
|             "app:deny-version" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:default" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-ask -> Enables the ask command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-ask" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-confirm -> Enables the confirm command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-confirm" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-message -> Enables the message command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-message" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-open -> Enables the open command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-open" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:allow-save -> Enables the save command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:allow-save" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-ask -> Denies the ask command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-ask" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-confirm -> Denies the confirm command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-confirm" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-message -> Denies the message command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-message" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-open -> Denies the open command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-open" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "dialog:deny-save -> Denies the save command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "dialog:deny-save" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "event:default -> Default permissions for the plugin.", | ||||
|           "type": "string", | ||||
| @@ -778,6 +854,124 @@ | ||||
|             "menu:deny-text" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:default" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-arch -> Enables the arch command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-arch" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-exe-extension -> Enables the exe_extension command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-exe-extension" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-family -> Enables the family command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-family" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-hostname -> Enables the hostname command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-hostname" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-locale -> Enables the locale command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-locale" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-os-type -> Enables the os_type command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-os-type" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-platform -> Enables the platform command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-platform" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:allow-version -> Enables the version command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:allow-version" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-arch -> Denies the arch command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-arch" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-exe-extension -> Denies the exe_extension command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-exe-extension" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-family -> Denies the family command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-family" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-hostname -> Denies the hostname command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-hostname" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-locale -> Denies the locale command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-locale" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-os-type -> Denies the os_type command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-os-type" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-platform -> Denies the platform command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-platform" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "os:deny-version -> Denies the version command without any pre-configured scope.", | ||||
|           "type": "string", | ||||
|           "enum": [ | ||||
|             "os:deny-version" | ||||
|           ] | ||||
|         }, | ||||
|         { | ||||
|           "description": "path:default -> Default permissions for the plugin.", | ||||
|           "type": "string", | ||||
|   | ||||
							
								
								
									
										80
									
								
								src-tauri/migrations/20240617142724_credential_split.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										80
									
								
								src-tauri/migrations/20240617142724_credential_split.sql
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,80 @@ | ||||
| -- app structure is changing - instead of passphrase/salt being per credential, | ||||
| -- we now have a single app-wide key, which is generated by hashing the passphrase | ||||
| -- with the known salt. To verify the key thus produced, we store a value previously | ||||
| -- encrypted with that key, and attempt decryption once the key has been re-generated. | ||||
|  | ||||
| -- For migration purposes, we want convert the passphrase for the most recent set of | ||||
| -- AWS credentials and turn it into the app-wide passphrase. The only value that we | ||||
| -- have which is encrypted with that passphrase is the secret key for those credentials, | ||||
| -- so we will just use that as the `verify_blob`. Feels a little weird, but oh well. | ||||
| WITH latest_creds AS ( | ||||
|     SELECT * | ||||
|     FROM credentials | ||||
|     ORDER BY created_at DESC | ||||
|     LIMIT 1 | ||||
| ) | ||||
|  | ||||
| INSERT INTO kv (name, value) | ||||
| SELECT 'salt', salt FROM latest_creds | ||||
| UNION ALL | ||||
| SELECT 'verify_nonce', nonce FROM latest_creds | ||||
| UNION ALL | ||||
| SELECT 'verify_blob', secret_key_enc FROM latest_creds; | ||||
|  | ||||
|  | ||||
| -- Credentials are now going to be stored in a main table | ||||
| -- plus ancillary tables for type-specific data | ||||
|  | ||||
| -- stash existing AWS creds in temporary table so that we can remake it | ||||
| CREATE TABLE aws_tmp (id, access_key_id, secret_key_enc, nonce, created_at); | ||||
|  | ||||
| INSERT INTO aws_tmp  | ||||
| SELECT randomblob(16), access_key_id, secret_key_enc, nonce, created_at | ||||
| FROM credentials | ||||
| ORDER BY created_at DESC | ||||
| -- we only ever used one at a time in the past | ||||
| LIMIT 1; | ||||
|  | ||||
| -- new master credentials table | ||||
| DROP TABLE credentials; | ||||
| CREATE TABLE credentials ( | ||||
|     -- id is a UUID so we can generate it on the frontend | ||||
|     id BLOB UNIQUE NOT NULL, | ||||
|     name TEXT UNIQUE NOT NULL, | ||||
|     credential_type TEXT NOT NULL, | ||||
|     is_default BOOLEAN NOT NULL, | ||||
|     created_at INTEGER NOT NULL | ||||
| ); | ||||
|  | ||||
| -- populate with basic data from existing AWS credential | ||||
| INSERT INTO credentials (id, name, credential_type, is_default, created_at) | ||||
| SELECT id, 'default', 'aws', 1, created_at FROM aws_tmp; | ||||
|  | ||||
| -- new AWS-specific table | ||||
| CREATE TABLE aws_credentials ( | ||||
|     id BLOB UNIQUE NOT NULL, | ||||
|     access_key_id TEXT NOT NULL, | ||||
|     secret_key_enc BLOB NOT NULL, | ||||
|     nonce BLOB NOT NULL, | ||||
|     FOREIGN KEY(id) REFERENCES credentials(id) ON DELETE CASCADE | ||||
| ); | ||||
|  | ||||
| -- populate with AWS-specific data from existing credential | ||||
| INSERT INTO aws_credentials (id, access_key_id, secret_key_enc, nonce) | ||||
| SELECT id, access_key_id, secret_key_enc, nonce | ||||
| FROM aws_tmp; | ||||
|  | ||||
| -- done with this now | ||||
| DROP TABLE aws_tmp; | ||||
|  | ||||
|  | ||||
| -- SSH keys are the new hotness | ||||
| CREATE TABLE ssh_credentials ( | ||||
|     id BLOB UNIQUE NOT NULL, | ||||
|     algorithm TEXT NOT NULL, | ||||
|     comment TEXT NOT NULL, | ||||
|     public_key BLOB NOT NULL, | ||||
|     private_key_enc BLOB NOT NULL, | ||||
|     nonce BLOB NOT NULL, | ||||
|     FOREIGN KEY(id) REFERENCES credentials(id) ON DELETE CASCADE | ||||
| ); | ||||
							
								
								
									
										11
									
								
								src-tauri/migrations/20240919135710_docker_creds.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								src-tauri/migrations/20240919135710_docker_creds.sql
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| CREATE TABLE docker_credentials ( | ||||
|     id BLOB UNIQUE NOT NULL, | ||||
|     -- The Docker credential helper protocol only sends the server_url, so | ||||
|     -- we should guarantee that we will only ever have one matching credential. | ||||
|     -- Also, it's easier to go from unique -> not-unique than vice versa if we | ||||
|     -- decide that's necessary in the future | ||||
|     server_url TEXT UNIQUE NOT NULL, | ||||
|     username TEXT NOT NULL, | ||||
|     secret_enc BLOB NOT NULL, | ||||
|     nonce BLOB NOT NULL | ||||
| ); | ||||
| @@ -1,350 +0,0 @@ | ||||
| use std::fmt::{self, Formatter}; | ||||
| use std::time::{SystemTime, UNIX_EPOCH}; | ||||
|  | ||||
|  use aws_smithy_types::date_time::{DateTime, Format}; | ||||
| use argon2::{ | ||||
|     Argon2, | ||||
|     Algorithm, | ||||
|     Version, | ||||
|     ParamsBuilder, | ||||
|     password_hash::rand_core::{RngCore, OsRng}, | ||||
| }; | ||||
| use chacha20poly1305::{ | ||||
|     XChaCha20Poly1305, | ||||
|     XNonce, | ||||
|     aead::{ | ||||
|         Aead, | ||||
|         AeadCore, | ||||
|         KeyInit, | ||||
|         Error as AeadError, | ||||
|         generic_array::GenericArray, | ||||
|     }, | ||||
| }; | ||||
| use serde::{ | ||||
|     Serialize, | ||||
|     Deserialize, | ||||
|     Serializer, | ||||
|     Deserializer, | ||||
| }; | ||||
| use serde::de::{self, Visitor}; | ||||
| use sqlx::SqlitePool; | ||||
|  | ||||
|  | ||||
| use crate::errors::*; | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug)] | ||||
| pub enum Session { | ||||
|     Unlocked{ | ||||
|         base: BaseCredentials, | ||||
|         session: SessionCredentials, | ||||
|     }, | ||||
|     Locked(LockedCredentials), | ||||
|     Empty, | ||||
| } | ||||
|  | ||||
| impl Session { | ||||
|     pub async fn load(pool: &SqlitePool) -> Result<Self, SetupError> { | ||||
|         let res = sqlx::query!("SELECT * FROM credentials ORDER BY created_at desc") | ||||
|             .fetch_optional(pool) | ||||
|             .await?; | ||||
|         let row = match res { | ||||
|             Some(r) => r, | ||||
|             None => {return Ok(Session::Empty);} | ||||
|         }; | ||||
|  | ||||
|         let salt: [u8; 32] = row.salt | ||||
|             .try_into() | ||||
|             .map_err(|_e| SetupError::InvalidRecord)?; | ||||
|         let nonce = XNonce::from_exact_iter(row.nonce.into_iter()) | ||||
|             .ok_or(SetupError::InvalidRecord)?; | ||||
|  | ||||
|         let creds = LockedCredentials { | ||||
|             access_key_id: row.access_key_id, | ||||
|             secret_key_enc: row.secret_key_enc, | ||||
|             salt, | ||||
|             nonce, | ||||
|         }; | ||||
|         Ok(Session::Locked(creds)) | ||||
|     } | ||||
|  | ||||
|     pub async fn renew_if_expired(&mut self) -> Result<bool, GetSessionError> { | ||||
|         match self { | ||||
|             Session::Unlocked{ref base, ref mut session} => { | ||||
|                 if !session.is_expired() { | ||||
|                     return Ok(false); | ||||
|                 } | ||||
|                 *session = SessionCredentials::from_base(base).await?; | ||||
|                 Ok(true) | ||||
|             }, | ||||
|             Session::Locked(_) => Err(GetSessionError::CredentialsLocked), | ||||
|             Session::Empty => Err(GetSessionError::CredentialsEmpty), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     pub fn try_get( | ||||
|         &self | ||||
|     ) -> Result<(&BaseCredentials, &SessionCredentials), GetCredentialsError> { | ||||
|         match self { | ||||
|             Self::Empty => Err(GetCredentialsError::Empty), | ||||
|             Self::Locked(_) => Err(GetCredentialsError::Locked), | ||||
|             Self::Unlocked{ ref base, ref session } => Ok((base, session)) | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug)] | ||||
| pub struct LockedCredentials { | ||||
|     pub access_key_id: String, | ||||
|     pub secret_key_enc: Vec<u8>, | ||||
|     pub salt: [u8; 32], | ||||
|     pub nonce: XNonce, | ||||
| } | ||||
|  | ||||
| impl LockedCredentials { | ||||
|     pub async fn save(&self, pool: &SqlitePool) -> Result<(), sqlx::Error> { | ||||
|         sqlx::query( | ||||
|             "INSERT INTO credentials (access_key_id, secret_key_enc, salt, nonce, created_at) | ||||
|             VALUES (?, ?, ?, ?, strftime('%s'))" | ||||
|         ) | ||||
|             .bind(&self.access_key_id) | ||||
|             .bind(&self.secret_key_enc) | ||||
|             .bind(&self.salt[..]) | ||||
|             .bind(&self.nonce[..]) | ||||
|             .execute(pool) | ||||
|             .await?; | ||||
|  | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub fn decrypt(&self, passphrase: &str) -> Result<BaseCredentials, UnlockError> { | ||||
|         let crypto = Crypto::new(passphrase, &self.salt) | ||||
|             .map_err(|e| CryptoError::Argon2(e))?; | ||||
|         let decrypted = crypto.decrypt(&self.nonce, &self.secret_key_enc) | ||||
|             .map_err(|e| CryptoError::Aead(e))?; | ||||
|         let secret_access_key = String::from_utf8(decrypted) | ||||
|             .map_err(|_| UnlockError::InvalidUtf8)?; | ||||
|  | ||||
|         let creds = BaseCredentials::new( | ||||
|             self.access_key_id.clone(), | ||||
|             secret_access_key, | ||||
|         ); | ||||
|         Ok(creds) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn default_credentials_version() -> usize { 1 } | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct BaseCredentials { | ||||
|     #[serde(default = "default_credentials_version")] | ||||
|     pub version: usize, | ||||
|     pub access_key_id: String, | ||||
|     pub secret_access_key: String, | ||||
| } | ||||
|  | ||||
| impl BaseCredentials { | ||||
|     pub fn new(access_key_id: String, secret_access_key: String) -> Self { | ||||
|         Self {version: 1, access_key_id, secret_access_key} | ||||
|     } | ||||
|  | ||||
|     pub fn encrypt(&self, passphrase: &str) -> Result<LockedCredentials, CryptoError> { | ||||
|         let salt = Crypto::salt(); | ||||
|         let crypto = Crypto::new(passphrase, &salt)?; | ||||
|         let (nonce, secret_key_enc) = crypto.encrypt(self.secret_access_key.as_bytes())?; | ||||
|  | ||||
|         let locked = LockedCredentials { | ||||
|             access_key_id: self.access_key_id.clone(), | ||||
|             secret_key_enc, | ||||
|             salt, | ||||
|             nonce, | ||||
|         }; | ||||
|         Ok(locked) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct SessionCredentials { | ||||
|     #[serde(default = "default_credentials_version")] | ||||
|     pub version: usize, | ||||
|     pub access_key_id: String, | ||||
|     pub secret_access_key: String, | ||||
|     pub session_token: String, | ||||
|     #[serde(serialize_with = "serialize_expiration")] | ||||
|     #[serde(deserialize_with = "deserialize_expiration")] | ||||
|     pub expiration: DateTime, | ||||
| } | ||||
|  | ||||
| impl SessionCredentials { | ||||
|     pub async fn from_base(base: &BaseCredentials) -> Result<Self, GetSessionError> { | ||||
|         let req_creds = aws_sdk_sts::Credentials::new( | ||||
|             &base.access_key_id, | ||||
|             &base.secret_access_key, | ||||
|             None, // token | ||||
|             None, //expiration | ||||
|             "Creddy", // "provider name" apparently | ||||
|         ); | ||||
|         let config = aws_config::from_env() | ||||
|             .credentials_provider(req_creds) | ||||
|             .load() | ||||
|             .await; | ||||
|  | ||||
|         let client = aws_sdk_sts::Client::new(&config); | ||||
|         let resp = client.get_session_token() | ||||
|             .duration_seconds(43_200) | ||||
|             .send() | ||||
|             .await?; | ||||
|  | ||||
|         let aws_session = resp.credentials().ok_or(GetSessionError::EmptyResponse)?; | ||||
|  | ||||
|         let access_key_id = aws_session.access_key_id() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .to_string(); | ||||
|         let secret_access_key = aws_session.secret_access_key() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .to_string(); | ||||
|         let session_token = aws_session.session_token() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .to_string(); | ||||
|         let expiration = aws_session.expiration() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .clone(); | ||||
|  | ||||
|         let session_creds = SessionCredentials { | ||||
|             version: 1, | ||||
|             access_key_id, | ||||
|             secret_access_key, | ||||
|             session_token, | ||||
|             expiration, | ||||
|         }; | ||||
|  | ||||
|         #[cfg(debug_assertions)] | ||||
|         println!("Got new session:\n{}", serde_json::to_string(&session_creds).unwrap()); | ||||
|  | ||||
|         Ok(session_creds) | ||||
|     } | ||||
|  | ||||
|     pub fn is_expired(&self) -> bool { | ||||
|         let current_ts = SystemTime::now() | ||||
|             .duration_since(UNIX_EPOCH) | ||||
|             .unwrap() // doesn't panic because UNIX_EPOCH won't be later than now() | ||||
|             .as_secs(); | ||||
|  | ||||
|         let expire_ts = self.expiration.secs(); | ||||
|         let remaining = expire_ts - (current_ts as i64); | ||||
|         remaining < 60 | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub enum Credentials { | ||||
|     Base(BaseCredentials), | ||||
|     Session(SessionCredentials), | ||||
| } | ||||
|  | ||||
|  | ||||
| fn serialize_expiration<S>(exp: &DateTime, serializer: S) -> Result<S::Ok, S::Error> | ||||
| where S: Serializer | ||||
| { | ||||
|     // this only fails if the d/t is out of range, which it can't be for this format | ||||
|     let time_str = exp.fmt(Format::DateTime).unwrap(); | ||||
|     serializer.serialize_str(&time_str) | ||||
| } | ||||
|  | ||||
|  | ||||
| struct DateTimeVisitor; | ||||
|  | ||||
| impl<'de> Visitor<'de> for DateTimeVisitor { | ||||
|     type Value = DateTime; | ||||
|  | ||||
|     fn expecting(&self, formatter: &mut Formatter) -> fmt::Result { | ||||
|         write!(formatter, "an RFC 3339 UTC string, e.g. \"2014-01-05T10:17:34Z\"") | ||||
|     } | ||||
|  | ||||
|     fn visit_str<E: de::Error>(self, v: &str) -> Result<DateTime, E> { | ||||
|         DateTime::from_str(v, Format::DateTime) | ||||
|             .map_err(|_| E::custom(format!("Invalid date/time: {v}"))) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn deserialize_expiration<'de, D>(deserializer: D) -> Result<DateTime, D::Error> | ||||
| where D: Deserializer<'de> | ||||
| { | ||||
|     deserializer.deserialize_str(DateTimeVisitor) | ||||
| } | ||||
|  | ||||
|  | ||||
| struct Crypto { | ||||
|     cipher: XChaCha20Poly1305, | ||||
| } | ||||
|  | ||||
| impl Crypto { | ||||
|     /// Argon2 params rationale: | ||||
|     /// | ||||
|     /// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB. | ||||
|     /// This should roughly double the memory usage of the application | ||||
|     /// while deriving the key. | ||||
|     /// | ||||
|     /// p_cost is irrelevant since (at present) there isn't any parallelism | ||||
|     /// implemented, so we leave it at 1. | ||||
|     /// | ||||
|     /// With the above m_cost, t_cost = 8 results in about 800ms to derive | ||||
|     /// a key on my (somewhat older) CPU. This is probably overkill, but | ||||
|     /// given that it should only have to happen ~once a day for most  | ||||
|     /// usage, it should be acceptable. | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     const MEM_COST: u32 = 128 * 1024; | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     const TIME_COST: u32 = 8; | ||||
|  | ||||
|     /// But since this takes a million years without optimizations, | ||||
|     /// we turn it way down in debug builds. | ||||
|     #[cfg(debug_assertions)] | ||||
|     const MEM_COST: u32 = 48 * 1024; | ||||
|     #[cfg(debug_assertions)] | ||||
|     const TIME_COST: u32 = 1; | ||||
|      | ||||
|  | ||||
|     fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> { | ||||
|         let params = ParamsBuilder::new() | ||||
|             .m_cost(Self::MEM_COST) | ||||
|             .p_cost(1) | ||||
|             .t_cost(Self::TIME_COST) | ||||
|             .build() | ||||
|             .unwrap(); // only errors if the given params are invalid | ||||
|  | ||||
|         let hasher = Argon2::new( | ||||
|             Algorithm::Argon2id, | ||||
|             Version::V0x13, | ||||
|             params, | ||||
|         ); | ||||
|  | ||||
|         let mut key = [0; 32]; | ||||
|         hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?; | ||||
|         let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key)); | ||||
|         Ok(Crypto { cipher }) | ||||
|     } | ||||
|  | ||||
|     fn salt() -> [u8; 32] { | ||||
|         let mut salt = [0; 32]; | ||||
|         OsRng.fill_bytes(&mut salt); | ||||
|         salt | ||||
|     } | ||||
|  | ||||
|     fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), AeadError> { | ||||
|         let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng); | ||||
|         let ciphertext = self.cipher.encrypt(&nonce, data)?; | ||||
|         Ok((nonce, ciphertext)) | ||||
|     } | ||||
|  | ||||
|     fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, AeadError> { | ||||
|         self.cipher.decrypt(nonce, data) | ||||
|     } | ||||
| } | ||||
| @@ -2,10 +2,6 @@ use std::error::Error; | ||||
| use std::time::Duration; | ||||
|  | ||||
| use once_cell::sync::OnceCell; | ||||
| use rfd::{ | ||||
|     MessageDialog, | ||||
|     MessageLevel, | ||||
| }; | ||||
| use sqlx::{ | ||||
|     SqlitePool, | ||||
|     sqlite::SqlitePoolOptions, | ||||
| @@ -23,9 +19,9 @@ use tauri::menu::MenuItem; | ||||
|  | ||||
| use crate::{ | ||||
|     config::{self, AppConfig}, | ||||
|     credentials::Session, | ||||
|     credentials::AppSession, | ||||
|     ipc, | ||||
|     server::Server, | ||||
|     srv::{creddy_server, agent}, | ||||
|     errors::*, | ||||
|     shortcuts, | ||||
|     state::AppState, | ||||
| @@ -43,28 +39,28 @@ pub fn run() -> tauri::Result<()> { | ||||
|                 .error_popup("Failed to show main window") | ||||
|         })) | ||||
|         .plugin(tauri_plugin_global_shortcut::Builder::default().build()) | ||||
|         .plugin(tauri_plugin_os::init()) | ||||
|         .plugin(tauri_plugin_dialog::init()) | ||||
|         .invoke_handler(tauri::generate_handler![ | ||||
|             ipc::unlock, | ||||
|             ipc::lock, | ||||
|             ipc::reset_session, | ||||
|             ipc::set_passphrase, | ||||
|             ipc::respond, | ||||
|             ipc::get_session_status, | ||||
|             ipc::signal_activity, | ||||
|             ipc::save_credentials, | ||||
|             ipc::save_credential, | ||||
|             ipc::delete_credential, | ||||
|             ipc::list_credentials, | ||||
|             ipc::sshkey_from_file, | ||||
|             ipc::sshkey_from_private_key, | ||||
|             ipc::get_config, | ||||
|             ipc::save_config, | ||||
|             ipc::launch_terminal, | ||||
|             ipc::get_setup_errors, | ||||
|             ipc::exit, | ||||
|         ]) | ||||
|         .setup(|app| { | ||||
|             let res = rt::block_on(setup(app)); | ||||
|             if let Err(ref e) = res { | ||||
|                 MessageDialog::new() | ||||
|                     .set_level(MessageLevel::Error) | ||||
|                     .set_title("Creddy failed to start") | ||||
|                     .set_description(format!("{e}")) | ||||
|                     .show(); | ||||
|             } | ||||
|             res | ||||
|         }) | ||||
|         .setup(|app| rt::block_on(setup(app))) | ||||
|         .build(tauri::generate_context!())? | ||||
|         .run(|app, run_event| { | ||||
|             if let RunEvent::WindowEvent { event, .. } = run_event { | ||||
| @@ -109,8 +105,9 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> { | ||||
|         err => err?, | ||||
|     }; | ||||
|  | ||||
|     let session = Session::load(&pool).await?; | ||||
|     Server::start(app.handle().clone())?; | ||||
|     let app_session = AppSession::load(&pool).await?; | ||||
|     creddy_server::serve(app.handle().clone())?; | ||||
|     agent::serve(app.handle().clone())?; | ||||
|  | ||||
|     config::set_auto_launch(conf.start_on_login)?; | ||||
|     if let Err(_e) = config::set_auto_launch(conf.start_on_login) { | ||||
| @@ -128,12 +125,11 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> { | ||||
|         .map(|names| names.split(':').any(|n| n == "GNOME")) | ||||
|         .unwrap_or(false); | ||||
|  | ||||
|     // if session is empty, this is probably the first launch, so don't autohide | ||||
|     if !conf.start_minimized || is_first_launch { | ||||
|         show_main_window(&app.handle())?; | ||||
|     } | ||||
|  | ||||
|     let state = AppState::new(conf, session, pool, setup_errors, desktop_is_gnome); | ||||
|     let state = AppState::new(conf, app_session, pool, setup_errors, desktop_is_gnome); | ||||
|     app.manage(state); | ||||
|  | ||||
|     // make sure we do this after managing app state, so that it doesn't panic | ||||
|   | ||||
| @@ -1,7 +0,0 @@ | ||||
| use creddy::server::ssh_agent; | ||||
|  | ||||
|  | ||||
| #[tokio::main] | ||||
| async fn main() { | ||||
|     ssh_agent::run().await; | ||||
| } | ||||
| @@ -1,47 +0,0 @@ | ||||
| // Windows isn't really amenable to having a single executable work as both a CLI and GUI app, | ||||
| // so we just have a second binary for CLI usage | ||||
| use creddy::{ | ||||
|     cli, | ||||
|     errors::CliError, | ||||
| }; | ||||
| use std::{ | ||||
|     env, | ||||
|     process::{self, Command}, | ||||
| }; | ||||
|  | ||||
|  | ||||
| fn main() { | ||||
|     let args = cli::parser().get_matches(); | ||||
|     if let Some(true) = args.get_one::<bool>("help") { | ||||
|         cli::parser().print_help().unwrap(); // if we can't print help we can't print an error | ||||
|         process::exit(0); | ||||
|     } | ||||
|  | ||||
|     let res = match args.subcommand() { | ||||
|         None | Some(("run", _)) => launch_gui(), | ||||
|         Some(("get", m)) => cli::get(m), | ||||
|         Some(("exec", m)) => cli::exec(m), | ||||
|         Some(("shortcut", m)) => cli::invoke_shortcut(m), | ||||
|         _ => unreachable!("Unknown subcommand"), | ||||
|     }; | ||||
|  | ||||
|     if let Err(e) = res { | ||||
|         eprintln!("Error: {e}"); | ||||
|         process::exit(1); | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn launch_gui() -> Result<(), CliError>  { | ||||
|     let mut path = env::current_exe()?; | ||||
|     path.pop(); // bin dir | ||||
|      | ||||
|     // binaries are colocated in dev, but not in production | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     path.pop(); // install dir | ||||
|  | ||||
|     path.push("creddy.exe"); // exe in main install dir (aka gui exe) | ||||
|  | ||||
|     Command::new(path).spawn()?; | ||||
|     Ok(()) | ||||
| } | ||||
| @@ -1,13 +0,0 @@ | ||||
| use ssh_key::private::PrivateKey; | ||||
|  | ||||
|  | ||||
| fn main() { | ||||
|     // let passphrase = std::env::var("PRIVKEY_PASSPHRASE").unwrap(); | ||||
|     let p = AsRef::<std::path::Path>::as_ref("/home/joe/.ssh/test"); | ||||
|     let privkey = PrivateKey::read_openssh_file(p) | ||||
|         .unwrap(); | ||||
|         // .decrypt(passphrase.as_bytes()) | ||||
|         // .unwrap(); | ||||
|  | ||||
|     dbg!(String::from_utf8_lossy(&privkey.to_bytes().unwrap())); | ||||
| } | ||||
| @@ -1,203 +0,0 @@ | ||||
| use std::ffi::OsString; | ||||
| use std::process::Command as ChildCommand; | ||||
| #[cfg(windows)] | ||||
| use std::time::Duration; | ||||
|  | ||||
| use clap::{ | ||||
|     Command, | ||||
|     Arg, | ||||
|     ArgMatches, | ||||
|     ArgAction, | ||||
|     builder::PossibleValuesParser, | ||||
|  }; | ||||
| use tokio::io::{AsyncReadExt, AsyncWriteExt}; | ||||
|  | ||||
| use crate::credentials::Credentials; | ||||
| use crate::errors::*; | ||||
| use crate::server::{Request, Response}; | ||||
| use crate::shortcuts::ShortcutAction; | ||||
|  | ||||
| #[cfg(unix)] | ||||
| use { | ||||
|     std::os::unix::process::CommandExt, | ||||
|     tokio::net::UnixStream, | ||||
| }; | ||||
|  | ||||
| #[cfg(windows)] | ||||
| use { | ||||
|     tokio::net::windows::named_pipe::{NamedPipeClient, ClientOptions}, | ||||
|     windows::Win32::Foundation::ERROR_PIPE_BUSY, | ||||
| }; | ||||
|  | ||||
|  | ||||
| pub fn parser() -> Command<'static> { | ||||
|     Command::new("creddy") | ||||
|         .version(env!("CARGO_PKG_VERSION")) | ||||
|         .about("A friendly AWS credentials manager") | ||||
|         .subcommand( | ||||
|             Command::new("run") | ||||
|                 .about("Launch Creddy") | ||||
|         ) | ||||
|         .subcommand( | ||||
|             Command::new("get") | ||||
|                 .about("Request AWS credentials from Creddy and output to stdout") | ||||
|                 .arg( | ||||
|                     Arg::new("base") | ||||
|                         .short('b') | ||||
|                         .long("base") | ||||
|                         .action(ArgAction::SetTrue) | ||||
|                         .help("Use base credentials instead of session credentials") | ||||
|                 ) | ||||
|         ) | ||||
|         .subcommand( | ||||
|             Command::new("exec") | ||||
|                 .about("Inject AWS credentials into the environment of another command") | ||||
|                 .trailing_var_arg(true) | ||||
|                 .arg( | ||||
|                     Arg::new("base") | ||||
|                         .short('b') | ||||
|                         .long("base") | ||||
|                         .action(ArgAction::SetTrue) | ||||
|                         .help("Use base credentials instead of session credentials") | ||||
|                 ) | ||||
|                 .arg( | ||||
|                     Arg::new("command") | ||||
|                         .multiple_values(true) | ||||
|                 ) | ||||
|         ) | ||||
|         .subcommand( | ||||
|             Command::new("shortcut") | ||||
|                 .about("Invoke an action normally trigged by hotkey (e.g. launch terminal)") | ||||
|                 .arg( | ||||
|                     Arg::new("action") | ||||
|                         .value_parser( | ||||
|                             PossibleValuesParser::new(["show_window", "launch_terminal"]) | ||||
|                         ) | ||||
|                 ) | ||||
|         ) | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn get(args: &ArgMatches) -> Result<(), CliError> { | ||||
|     let base = args.get_one("base").unwrap_or(&false); | ||||
|     let output = match get_credentials(*base)? { | ||||
|         Credentials::Base(creds) => serde_json::to_string(&creds).unwrap(), | ||||
|         Credentials::Session(creds) => serde_json::to_string(&creds).unwrap(), | ||||
|     }; | ||||
|     println!("{output}"); | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn exec(args: &ArgMatches) -> Result<(), CliError> { | ||||
|     let base = *args.get_one("base").unwrap_or(&false); | ||||
|     let mut cmd_line = args.get_many("command") | ||||
|         .ok_or(ExecError::NoCommand)?; | ||||
|  | ||||
|     let cmd_name: &String = cmd_line.next().unwrap(); // Clap guarantees that there will be at least one | ||||
|     let mut cmd = ChildCommand::new(cmd_name); | ||||
|     cmd.args(cmd_line); | ||||
|      | ||||
|     match get_credentials(base)? { | ||||
|         Credentials::Base(creds) => { | ||||
|             cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id); | ||||
|             cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key); | ||||
|         }, | ||||
|         Credentials::Session(creds) => { | ||||
|             cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id); | ||||
|             cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key); | ||||
|             cmd.env("AWS_SESSION_TOKEN", creds.session_token); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     #[cfg(unix)] | ||||
|     { | ||||
|         // cmd.exec() never returns if successful | ||||
|         let e = cmd.exec(); | ||||
|         match e.kind() { | ||||
|             std::io::ErrorKind::NotFound => { | ||||
|                 let name: OsString = cmd_name.into(); | ||||
|                 Err(ExecError::NotFound(name).into()) | ||||
|             } | ||||
|             _ => Err(ExecError::ExecutionFailed(e).into()), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     #[cfg(windows)] | ||||
|     { | ||||
|         let mut child = match cmd.spawn() { | ||||
|             Ok(c) => c, | ||||
|             Err(e) if e.kind() == std::io::ErrorKind::NotFound => { | ||||
|                 let name: OsString = cmd_name.into(); | ||||
|                 return Err(ExecError::NotFound(name).into()); | ||||
|             } | ||||
|             Err(e) => return Err(ExecError::ExecutionFailed(e).into()), | ||||
|         }; | ||||
|  | ||||
|         let status = child.wait() | ||||
|             .map_err(|e| ExecError::ExecutionFailed(e))?; | ||||
|         std::process::exit(status.code().unwrap_or(1)); | ||||
|     }; | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn invoke_shortcut(args: &ArgMatches) -> Result<(), CliError> { | ||||
|     let action = match args.get_one::<String>("action").map(|s| s.as_str()) { | ||||
|         Some("show_window") => ShortcutAction::ShowWindow, | ||||
|         Some("launch_terminal") => ShortcutAction::LaunchTerminal, | ||||
|         Some(&_) | None => unreachable!("Unknown shortcut action"), // guaranteed by clap | ||||
|     }; | ||||
|  | ||||
|     let req = Request::InvokeShortcut(action); | ||||
|     match make_request(&req) { | ||||
|         Ok(Response::Empty) => Ok(()), | ||||
|         Ok(r) => Err(RequestError::Unexpected(r).into()), | ||||
|         Err(e) => Err(e.into()), | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn get_credentials(base: bool) -> Result<Credentials, RequestError> { | ||||
|     let req = Request::GetAwsCredentials { base }; | ||||
|     match make_request(&req) { | ||||
|         Ok(Response::Aws(creds)) => Ok(creds), | ||||
|         Ok(r) => Err(RequestError::Unexpected(r)), | ||||
|         Err(e) => Err(e), | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tokio::main] | ||||
| async fn make_request(req: &Request) -> Result<Response, RequestError> { | ||||
|     let mut data = serde_json::to_string(req).unwrap(); | ||||
|     // server expects newline marking end of request | ||||
|     data.push('\n'); | ||||
|  | ||||
|     let mut stream = connect().await?; | ||||
|     stream.write_all(&data.as_bytes()).await?; | ||||
|  | ||||
|     let mut buf = Vec::with_capacity(1024); | ||||
|     stream.read_to_end(&mut buf).await?; | ||||
|     let res: Result<Response, ServerError> = serde_json::from_slice(&buf)?; | ||||
|     Ok(res?) | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(windows)] | ||||
| async fn connect() -> Result<NamedPipeClient, std::io::Error> { | ||||
|     // apparently attempting to connect can fail if there's already a client connected | ||||
|     loop { | ||||
|         match ClientOptions::new().open(r"\\.\pipe\creddy-requests") { | ||||
|             Ok(stream) => return Ok(stream), | ||||
|             Err(e) if e.raw_os_error() == Some(ERROR_PIPE_BUSY.0 as i32) => (), | ||||
|             Err(e) => return Err(e), | ||||
|         } | ||||
|         tokio::time::sleep(Duration::from_millis(10)).await; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(unix)] | ||||
| async fn connect() -> Result<UnixStream, std::io::Error> { | ||||
|     UnixStream::connect("/tmp/creddy.sock").await | ||||
| } | ||||
| @@ -1,6 +1,12 @@ | ||||
| use std::path::{Path, PathBuf}; | ||||
|  | ||||
| use sysinfo::{System, SystemExt, Pid, PidExt, ProcessExt}; | ||||
| use sysinfo::{ | ||||
|     System, | ||||
|     SystemExt, | ||||
|     Pid, | ||||
|     PidExt, | ||||
|     ProcessExt | ||||
| }; | ||||
| use serde::{Serialize, Deserialize}; | ||||
|  | ||||
| use crate::errors::*; | ||||
| @@ -13,23 +19,25 @@ pub struct Client { | ||||
| } | ||||
|  | ||||
|  | ||||
| pub fn get_process_parent_info(pid: u32) -> Result<Client, ClientInfoError> { | ||||
| pub fn get_client(pid: u32, parent: bool) -> Result<Client, ClientInfoError> { | ||||
|     let sys_pid = Pid::from_u32(pid); | ||||
|     let mut sys = System::new();    | ||||
|     sys.refresh_process(sys_pid); | ||||
|     let proc = sys.process(sys_pid) | ||||
|     let mut proc = sys.process(sys_pid) | ||||
|         .ok_or(ClientInfoError::ProcessNotFound)?; | ||||
|  | ||||
|     let parent_pid_sys = proc.parent() | ||||
|         .ok_or(ClientInfoError::ParentPidNotFound)?; | ||||
|     sys.refresh_process(parent_pid_sys); | ||||
|     let parent = sys.process(parent_pid_sys) | ||||
|         .ok_or(ClientInfoError::ParentProcessNotFound)?; | ||||
|     if parent { | ||||
|         let parent_pid_sys = proc.parent() | ||||
|             .ok_or(ClientInfoError::ParentPidNotFound)?; | ||||
|         sys.refresh_process(parent_pid_sys); | ||||
|         proc = sys.process(parent_pid_sys) | ||||
|             .ok_or(ClientInfoError::ParentProcessNotFound)?; | ||||
|     } | ||||
|  | ||||
|     let exe = match parent.exe() { | ||||
|     let exe = match proc.exe() { | ||||
|         p if p == Path::new("") => None, | ||||
|         p => Some(PathBuf::from(p)), | ||||
|     }; | ||||
|  | ||||
|     Ok(Client { pid: parent_pid_sys.as_u32(), exe }) | ||||
|     Ok(Client { pid: proc.pid().as_u32(), exe }) | ||||
| } | ||||
|   | ||||
| @@ -1,17 +1,38 @@ | ||||
| use std::fmt::{self, Formatter}; | ||||
| use std::time::{SystemTime, UNIX_EPOCH}; | ||||
|  | ||||
| use aws_config::BehaviorVersion; | ||||
| use aws_smithy_types::date_time::{DateTime, Format}; | ||||
| use chacha20poly1305::XNonce; | ||||
| use serde::{ | ||||
|     Serialize, | ||||
|     Deserialize, | ||||
|     Serializer, | ||||
|     Deserializer, | ||||
| }; | ||||
| use sqlx::SqlitePool; | ||||
| use serde::de::{self, Visitor}; | ||||
| use sqlx::{ | ||||
|     FromRow, | ||||
|     Sqlite, | ||||
|     Transaction, | ||||
|     types::Uuid, | ||||
| }; | ||||
|  | ||||
| use super::{Crypto, PersistentCredential}; | ||||
| use super::{Credential, Crypto, PersistentCredential}; | ||||
|  | ||||
| use crate::errors::*; | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| #[derive(Debug, Clone, FromRow)] | ||||
| pub struct AwsRow { | ||||
|     id: Uuid, | ||||
|     access_key_id: String, | ||||
|     secret_key_enc: Vec<u8>, | ||||
|     nonce: Vec<u8>, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct AwsBaseCredential { | ||||
|     #[serde(default = "default_credentials_version")] | ||||
| @@ -20,6 +41,7 @@ pub struct AwsBaseCredential { | ||||
|     pub secret_access_key: String, | ||||
| } | ||||
|  | ||||
|  | ||||
| impl AwsBaseCredential { | ||||
|     pub fn new(access_key_id: String, secret_access_key: String) -> Self { | ||||
|         Self {version: 1, access_key_id, secret_access_key} | ||||
| @@ -27,48 +49,44 @@ impl AwsBaseCredential { | ||||
| } | ||||
|  | ||||
| impl PersistentCredential for AwsBaseCredential { | ||||
|     pub async fn save(&self, crypt: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> { | ||||
|         let (nonce, ciphertext) = crypto.encrypt(self.secret_access_key.as_bytes())?; | ||||
|         sqlx::query!( | ||||
|             "INSERT INTO aws_credentials ( | ||||
|                 name, | ||||
|                 key_id, | ||||
|                 secret_key_enc, | ||||
|                 nonce, | ||||
|                 updated_at | ||||
|             )  | ||||
|             VALUES ('main', ?, ?, ? strftime('%s')) | ||||
|             ON CONFLICT DO UPDATE SET  | ||||
|                 key_id = excluded.key_id, | ||||
|                 secret_key_enc = excluded.secret_key_enc, | ||||
|                 nonce = excluded.nonce | ||||
|                 updated_at = excluded.updated_at", | ||||
|             self.access_key_id, | ||||
|             ciphertext, | ||||
|             nonce, | ||||
|         ).execute(pool).await?; | ||||
|     type Row = AwsRow; | ||||
|  | ||||
|         Ok(()) | ||||
|     fn type_name() -> &'static str { "aws" } | ||||
|  | ||||
|     fn into_credential(self) -> Credential { Credential::AwsBase(self) } | ||||
|  | ||||
|     fn row_id(row: &AwsRow) -> Uuid { row.id } | ||||
|  | ||||
|     fn from_row(row: AwsRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> { | ||||
|         let nonce = XNonce::clone_from_slice(&row.nonce); | ||||
|         let secret_key_bytes = crypto.decrypt(&nonce, &row.secret_key_enc)?; | ||||
|         let secret_key = String::from_utf8(secret_key_bytes) | ||||
|             .map_err(|_| LoadCredentialsError::InvalidData)?; | ||||
|  | ||||
|         Ok(Self::new(row.access_key_id, secret_key)) | ||||
|     } | ||||
|  | ||||
|     pub async fn load(crypt: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let row = sqlx::query!("SELECT * FROM aws_credentials WHERE name = 'main'") | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials); | ||||
|     async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> { | ||||
|         let (nonce, ciphertext) = crypto.encrypt(self.secret_access_key.as_bytes())?; | ||||
|         let nonce_bytes = &nonce.as_slice(); | ||||
|  | ||||
|         let secret_key = crypto.decrypt(&row.nonce, &row.secret_key_enc)?; | ||||
|         let creds = Self { | ||||
|             version: 1, | ||||
|             access_key_id: row.key_id, | ||||
|             secret_access_key: secret_key, | ||||
|         }; | ||||
|         Ok(creds) | ||||
|         sqlx::query!( | ||||
|             "INSERT OR REPLACE INTO aws_credentials ( | ||||
|                 id, | ||||
|                 access_key_id, | ||||
|                 secret_key_enc, | ||||
|                 nonce | ||||
|             ) | ||||
|             VALUES (?, ?, ?, ?);", | ||||
|             id, self.access_key_id, ciphertext, nonce_bytes, | ||||
|         ).execute(&mut **txn).await?; | ||||
|  | ||||
|         Ok(()) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct AwsSessionCredential { | ||||
|     #[serde(default = "default_credentials_version")] | ||||
| @@ -82,15 +100,15 @@ pub struct AwsSessionCredential { | ||||
| } | ||||
|  | ||||
| impl AwsSessionCredential { | ||||
|     pub async fn from_base(base: &BaseCredentials) -> Result<Self, GetSessionError> { | ||||
|         let req_creds = aws_sdk_sts::Credentials::new( | ||||
|     pub async fn from_base(base: &AwsBaseCredential) -> Result<Self, GetSessionError> { | ||||
|         let req_creds = aws_sdk_sts::config::Credentials::new( | ||||
|             &base.access_key_id, | ||||
|             &base.secret_access_key, | ||||
|             None, // token | ||||
|             None, //expiration | ||||
|             "Creddy", // "provider name" apparently | ||||
|         ); | ||||
|         let config = aws_config::from_env() | ||||
|         let config = aws_config::defaults(BehaviorVersion::latest()) | ||||
|             .credentials_provider(req_creds) | ||||
|             .load() | ||||
|             .await; | ||||
| @@ -101,27 +119,14 @@ impl AwsSessionCredential { | ||||
|             .send() | ||||
|             .await?; | ||||
|  | ||||
|         let aws_session = resp.credentials().ok_or(GetSessionError::EmptyResponse)?; | ||||
|         let aws_session = resp.credentials.ok_or(GetSessionError::EmptyResponse)?; | ||||
|  | ||||
|         let access_key_id = aws_session.access_key_id() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .to_string(); | ||||
|         let secret_access_key = aws_session.secret_access_key() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .to_string(); | ||||
|         let session_token = aws_session.session_token() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .to_string(); | ||||
|         let expiration = aws_session.expiration() | ||||
|             .ok_or(GetSessionError::EmptyResponse)? | ||||
|             .clone(); | ||||
|  | ||||
|         let session_creds = SessionCredentials { | ||||
|         let session_creds = AwsSessionCredential { | ||||
|             version: 1, | ||||
|             access_key_id, | ||||
|             secret_access_key, | ||||
|             session_token, | ||||
|             expiration, | ||||
|             access_key_id: aws_session.access_key_id, | ||||
|             secret_access_key: aws_session.secret_access_key, | ||||
|             session_token: aws_session.session_token, | ||||
|             expiration: aws_session.expiration, | ||||
|         }; | ||||
|  | ||||
|         #[cfg(debug_assertions)] | ||||
| @@ -143,6 +148,9 @@ impl AwsSessionCredential { | ||||
| } | ||||
|  | ||||
|  | ||||
| fn default_credentials_version() -> usize { 1 } | ||||
|  | ||||
|  | ||||
| struct DateTimeVisitor; | ||||
|  | ||||
| impl<'de> Visitor<'de> for DateTimeVisitor { | ||||
| @@ -172,3 +180,166 @@ where S: Serializer | ||||
|     let time_str = exp.fmt(Format::DateTime).unwrap(); | ||||
|     serializer.serialize_str(&time_str) | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(test)] | ||||
| mod tests { | ||||
|     use super::*; | ||||
|     use aws_sdk_sts::primitives::DateTimeFormat; | ||||
|     use creddy_cli::proto::{ | ||||
|         AwsBaseCredential as CliBase, | ||||
|         AwsSessionCredential as CliSession, | ||||
|     }; | ||||
|     use sqlx::SqlitePool; | ||||
|     use sqlx::types::uuid::uuid; | ||||
|  | ||||
|  | ||||
|  | ||||
|     fn creds() -> AwsBaseCredential { | ||||
|         AwsBaseCredential::new( | ||||
|             "AKIAIOSFODNN7EXAMPLE".into(), | ||||
|             "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|         ) | ||||
|     } | ||||
|  | ||||
|     fn creds_2() -> AwsBaseCredential { | ||||
|         AwsBaseCredential::new( | ||||
|             "AKIAIOSFODNN7EXAMPL2".into(), | ||||
|             "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(), | ||||
|         ) | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_load(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let id = uuid!("00000000-0000-0000-0000-000000000000"); | ||||
|         let loaded = AwsBaseCredential::load(&id, &crypt, &pool).await.unwrap(); | ||||
|         assert_eq!(creds(), loaded); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_load_by_name(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let loaded = AwsBaseCredential::load_by_name("test2", &crypt, &pool).await.unwrap(); | ||||
|         assert_eq!(creds_2(), loaded); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_load_default(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let loaded = AwsBaseCredential::load_default(&crypt, &pool).await.unwrap(); | ||||
|         assert_eq!(creds(), loaded) | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_list(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let list: Vec<_> = AwsBaseCredential::list(&crypt, &pool) | ||||
|             .await | ||||
|             .expect("Failed to load credentials") | ||||
|             .into_iter() | ||||
|             .map(|(_, cred)| cred) | ||||
|             .collect(); | ||||
|  | ||||
|         assert_eq!(&creds().into_credential(), &list[0]); | ||||
|         assert_eq!(&creds_2().into_credential(), &list[1]); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     // In order to avoid the CLI depending on the main app (and thus defeating the purpose | ||||
|     // of having a separate CLI at all) it re-defines the credentials that need to be sent | ||||
|     // back and forth. To prevent the separate definitions from drifting aprt, we test | ||||
|     // serializing/deserializing in both directions. | ||||
|  | ||||
|     #[test] | ||||
|     fn test_cli_to_app_base() { | ||||
|         let cli_base = CliBase { | ||||
|             version: 1, | ||||
|             access_key_id: "AKIAIOSFODNN7EXAMPLE".into(), | ||||
|             secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|         }; | ||||
|  | ||||
|         let json = serde_json::to_string(&cli_base).unwrap(); | ||||
|         let computed: AwsBaseCredential = serde_json::from_str(&json) | ||||
|             .expect("Failed to deserialize base credentials from CLI -> main app"); | ||||
|  | ||||
|         assert_eq!(creds(), computed); | ||||
|     } | ||||
|  | ||||
|     #[test] | ||||
|     fn test_app_to_cli_base() { | ||||
|         let base = creds(); | ||||
|         let json = serde_json::to_string(&base).unwrap(); | ||||
|  | ||||
|         let computed: CliBase = serde_json::from_str(&json) | ||||
|             .expect("Failed to deserialize base credentials from main app -> CLI"); | ||||
|  | ||||
|         let expected = CliBase { | ||||
|             version: 1, | ||||
|             access_key_id: "AKIAIOSFODNN7EXAMPLE".into(), | ||||
|             secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|         }; | ||||
|  | ||||
|         assert_eq!(expected, computed); | ||||
|     } | ||||
|  | ||||
|     #[test] | ||||
|     fn test_cli_to_app_session() { | ||||
|         let cli_session = CliSession { | ||||
|             version: 1, | ||||
|             access_key_id: "ASIAIOSFODNN7EXAMPLE".into(), | ||||
|             secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|             session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(), | ||||
|             expiration: "2024-07-21T00:00:00Z".into(), | ||||
|         }; | ||||
|  | ||||
|         let json = serde_json::to_string(&cli_session).unwrap(); | ||||
|         let computed: AwsSessionCredential = serde_json::from_str(&json) | ||||
|             .expect("Failed to deserialize session credentials from CLI -> main app"); | ||||
|  | ||||
|         let expected = AwsSessionCredential { | ||||
|             version: 1, | ||||
|             access_key_id: "ASIAIOSFODNN7EXAMPLE".into(), | ||||
|             secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|             session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(), | ||||
|             expiration: DateTime::from_str( | ||||
|                 "2024-07-21T00:00:00Z", | ||||
|                 DateTimeFormat::DateTimeWithOffset | ||||
|             ).unwrap(), | ||||
|         }; | ||||
|  | ||||
|         assert_eq!(expected, computed); | ||||
|     } | ||||
|  | ||||
|     #[test] | ||||
|     fn test_app_to_cli_session() { | ||||
|         let session = AwsSessionCredential { | ||||
|             version: 1, | ||||
|             access_key_id: "ASIAIOSFODNN7EXAMPLE".into(), | ||||
|             secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|             session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(), | ||||
|             expiration: DateTime::from_str( | ||||
|                 "2024-07-21T00:00:00Z", | ||||
|                 DateTimeFormat::DateTimeWithOffset | ||||
|             ).unwrap(), | ||||
|         }; | ||||
|  | ||||
|         let json = serde_json::to_string(&session).unwrap(); | ||||
|         let computed: CliSession = serde_json::from_str(&json) | ||||
|             .expect("Failed to deserialize session credentials from main app -> CLI"); | ||||
|  | ||||
|         let expected = CliSession { | ||||
|             version: 1, | ||||
|             access_key_id: "ASIAIOSFODNN7EXAMPLE".into(), | ||||
|             secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|             session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(), | ||||
|             expiration: "2024-07-21T00:00:00Z".into(), | ||||
|         }; | ||||
|  | ||||
|         assert_eq!(expected, computed); | ||||
|     } | ||||
| } | ||||
|   | ||||
							
								
								
									
										116
									
								
								src-tauri/src/credentials/crypto.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										116
									
								
								src-tauri/src/credentials/crypto.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,116 @@ | ||||
| use std::fmt::{Debug, Formatter}; | ||||
| use argon2::{ | ||||
|     Argon2, | ||||
|     Algorithm, | ||||
|     Version, | ||||
|     ParamsBuilder, | ||||
|     password_hash::rand_core::{RngCore, OsRng}, | ||||
| }; | ||||
| use chacha20poly1305::{ | ||||
|     XChaCha20Poly1305, | ||||
|     XNonce, | ||||
|     aead::{ | ||||
|         Aead, | ||||
|         AeadCore, | ||||
|         KeyInit, | ||||
|         generic_array::GenericArray, | ||||
|     }, | ||||
| }; | ||||
|  | ||||
| use crate::errors::*; | ||||
|  | ||||
|  | ||||
| #[derive(Clone)] | ||||
| pub struct Crypto { | ||||
|     cipher: XChaCha20Poly1305, | ||||
| } | ||||
|  | ||||
| impl Crypto { | ||||
|     /// Argon2 params rationale: | ||||
|     /// | ||||
|     /// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB. | ||||
|     /// This should roughly double the memory usage of the application | ||||
|     /// while deriving the key. | ||||
|     /// | ||||
|     /// p_cost is irrelevant since (at present) there isn't any parallelism | ||||
|     /// implemented, so we leave it at 1. | ||||
|     /// | ||||
|     /// With the above m_cost, t_cost = 8 results in about 800ms to derive | ||||
|     /// a key on my (somewhat older) CPU. This is probably overkill, but | ||||
|     /// given that it should only have to happen ~once a day for most  | ||||
|     /// usage, it should be acceptable. | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     const MEM_COST: u32 = 128 * 1024; | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     const TIME_COST: u32 = 8; | ||||
|  | ||||
|     /// But since this takes a million years without optimizations, | ||||
|     /// we turn it way down in debug builds. | ||||
|     #[cfg(debug_assertions)] | ||||
|     const MEM_COST: u32 = 48 * 1024; | ||||
|     #[cfg(debug_assertions)] | ||||
|     const TIME_COST: u32 = 1; | ||||
|      | ||||
|  | ||||
|     pub fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> { | ||||
|         let params = ParamsBuilder::new() | ||||
|             .m_cost(Self::MEM_COST) | ||||
|             .p_cost(1) | ||||
|             .t_cost(Self::TIME_COST) | ||||
|             .build() | ||||
|             .unwrap(); // only errors if the given params are invalid | ||||
|  | ||||
|         let hasher = Argon2::new( | ||||
|             Algorithm::Argon2id, | ||||
|             Version::V0x13, | ||||
|             params, | ||||
|         ); | ||||
|  | ||||
|         let mut key = [0; 32]; | ||||
|         hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?; | ||||
|         let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key)); | ||||
|         Ok(Crypto { cipher }) | ||||
|     } | ||||
|  | ||||
|     #[cfg(test)] | ||||
|     pub fn random() -> Crypto { | ||||
|         // salt and key are the same length, so we can just use this | ||||
|         let key = Crypto::salt(); | ||||
|         let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key)); | ||||
|         Crypto { cipher } | ||||
|     } | ||||
|  | ||||
|     #[cfg(test)] | ||||
|     pub fn fixed() -> Crypto { | ||||
|         let key = [ | ||||
|             1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, | ||||
|             17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, | ||||
|         ]; | ||||
|  | ||||
|         let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key)); | ||||
|         Crypto { cipher } | ||||
|     } | ||||
|  | ||||
|     pub fn salt() -> [u8; 32] { | ||||
|         let mut salt = [0; 32]; | ||||
|         OsRng.fill_bytes(&mut salt); | ||||
|         salt | ||||
|     } | ||||
|  | ||||
|     pub fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), CryptoError> { | ||||
|         let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng); | ||||
|         let ciphertext = self.cipher.encrypt(&nonce, data)?; | ||||
|         Ok((nonce, ciphertext)) | ||||
|     } | ||||
|  | ||||
|     pub fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, CryptoError> { | ||||
|         let plaintext = self.cipher.decrypt(nonce, data)?; | ||||
|         Ok(plaintext) | ||||
|     } | ||||
| } | ||||
|  | ||||
| impl Debug for Crypto { | ||||
|     fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> { | ||||
|         write!(f, "Crypto {{ [...] }}") | ||||
|     } | ||||
| } | ||||
							
								
								
									
										196
									
								
								src-tauri/src/credentials/docker.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										196
									
								
								src-tauri/src/credentials/docker.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,196 @@ | ||||
| use chacha20poly1305::XNonce; | ||||
| use serde::{Serialize, Deserialize}; | ||||
| use sqlx::{ | ||||
|     FromRow, | ||||
|     Sqlite, | ||||
|     Transaction, | ||||
|     types::Uuid, | ||||
| }; | ||||
|  | ||||
| use super::{Credential, Crypto, PersistentCredential}; | ||||
|  | ||||
| use crate::errors::*; | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Clone, FromRow)] | ||||
| pub struct DockerRow { | ||||
|     id: Uuid, | ||||
|     server_url: String, | ||||
|     username: String, | ||||
|     secret_enc: Vec<u8>, | ||||
|     nonce: Vec<u8>, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] | ||||
| #[serde(rename_all = "PascalCase")] | ||||
| pub struct DockerCredential { | ||||
|     #[serde(rename = "ServerURL")] | ||||
|     pub server_url: String, | ||||
|     pub username: String, | ||||
|     pub secret: String, | ||||
| } | ||||
|  | ||||
| impl PersistentCredential for DockerCredential { | ||||
|     type Row = DockerRow; | ||||
|  | ||||
|     fn type_name() -> &'static str { "docker" } | ||||
|  | ||||
|     fn into_credential(self) -> Credential { Credential::Docker(self) } | ||||
|  | ||||
|     fn row_id(row: &DockerRow) -> Uuid { row.id } | ||||
|  | ||||
|     fn from_row(row: DockerRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> { | ||||
|         let nonce = XNonce::clone_from_slice(&row.nonce); | ||||
|         let secret_bytes = crypto.decrypt(&nonce, &row.secret_enc)?; | ||||
|         let secret = String::from_utf8(secret_bytes) | ||||
|             .map_err(|_| LoadCredentialsError::InvalidData)?; | ||||
|  | ||||
|         Ok(DockerCredential { | ||||
|             server_url: row.server_url, | ||||
|             username: row.username, | ||||
|             secret | ||||
|         }) | ||||
|     } | ||||
|  | ||||
|     async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> { | ||||
|         let (nonce, ciphertext) = crypto.encrypt(self.secret.as_bytes())?; | ||||
|         let nonce_bytes = &nonce.as_slice(); | ||||
|  | ||||
|         sqlx::query!( | ||||
|             "INSERT OR REPLACE INTO docker_credentials ( | ||||
|                 id, | ||||
|                 server_url, | ||||
|                 username, | ||||
|                 secret_enc, | ||||
|                 nonce | ||||
|             ) | ||||
|             VALUES (?, ?, ?, ?, ?)", | ||||
|             id, self.server_url, self.username, ciphertext, nonce_bytes, | ||||
|         ).execute(&mut **txn).await?; | ||||
|  | ||||
|         Ok(()) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(test)] | ||||
| mod tests { | ||||
|     use super::*; | ||||
|     use crate::credentials::CredentialRecord; | ||||
|     use creddy_cli::proto::DockerCredential as CliDockerCredential; | ||||
|     use sqlx::SqlitePool; | ||||
|     use sqlx::types::uuid::uuid; | ||||
|  | ||||
|  | ||||
|  | ||||
|     fn test_credential() -> DockerCredential { | ||||
|         DockerCredential { | ||||
|             server_url: "https://registry.jfmonty2.com".into(), | ||||
|             username: "joe@jfmonty2.com".into(), | ||||
|             secret: "correct horse battery staple".into(), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     fn test_credential_2() -> DockerCredential { | ||||
|         DockerCredential { | ||||
|             server_url: "https://index.docker.io/v1".into(), | ||||
|             username: "test@example.com".into(), | ||||
|             secret: "a very secure passphrase".into(), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     fn test_record() -> CredentialRecord { | ||||
|         CredentialRecord { | ||||
|             id: uuid!("00000000-0000-0000-0000-000000000000"), | ||||
|             name: "docker_test".into(), | ||||
|             is_default: false, | ||||
|             credential: Credential::Docker(test_credential()), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     fn test_record_2() -> CredentialRecord { | ||||
|         CredentialRecord { | ||||
|             id: uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff"), | ||||
|             name: "docker_test_2".into(), | ||||
|             is_default: false, | ||||
|             credential: Credential::Docker(test_credential_2()), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     fn test_save(pool: SqlitePool) { | ||||
|         let crypt = Crypto::random(); | ||||
|         test_record().save(&crypt, &pool).await | ||||
|             .expect("Failed to save record"); | ||||
|     } | ||||
|  | ||||
|     #[sqlx::test(fixtures("docker_credentials"))] | ||||
|     fn test_load(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let id = uuid!("00000000-0000-0000-0000-000000000000"); | ||||
|         let loaded = DockerCredential::load(&id, &crypt, &pool).await | ||||
|             .expect("Failed to load record"); | ||||
|  | ||||
|         assert_eq!(test_credential(), loaded); | ||||
|     } | ||||
|  | ||||
|     #[sqlx::test(fixtures("docker_credentials"))] | ||||
|     async fn test_overwrite(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let mut record = test_record_2(); | ||||
|         // give it the same id as test_record so that it overwrites | ||||
|         let id = uuid!("00000000-0000-0000-0000-000000000000"); | ||||
|         record.id = id; | ||||
|         record.save(&crypt, &pool).await | ||||
|             .expect("Failed to overwrite original record with second record"); | ||||
|  | ||||
|         let loaded = DockerCredential::load(&id, &crypt, &pool).await | ||||
|             .expect("Failed to load again after overwriting"); | ||||
|  | ||||
|         assert_eq!(test_credential_2(), loaded); | ||||
|     } | ||||
|  | ||||
|     #[sqlx::test(fixtures("docker_credentials"))] | ||||
|     async fn test_list(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let records = CredentialRecord::list(&crypt, &pool).await | ||||
|             .expect("Failed to list credentials"); | ||||
|  | ||||
|         assert_eq!(test_record(), records[0]); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     // make sure that CLI credentials and app credentials don't drift apart | ||||
|     #[test] | ||||
|     fn test_cli_to_app() { | ||||
|         let cli_creds = CliDockerCredential { | ||||
|             server_url: "https://registry.jfmonty2.com".into(), | ||||
|             username: "joe@jfmonty2.com".into(), | ||||
|             secret: "correct horse battery staple".into(), | ||||
|         }; | ||||
|  | ||||
|         let json = serde_json::to_string(&cli_creds).unwrap(); | ||||
|         let computed: DockerCredential = serde_json::from_str(&json) | ||||
|             .expect("Failed to deserialize Docker credentials from CLI -> main app"); | ||||
|  | ||||
|         assert_eq!(test_credential(), computed); | ||||
|     } | ||||
|  | ||||
|     #[test] | ||||
|     fn test_app_to_cli() { | ||||
|         let app_creds = test_credential(); | ||||
|         let json = serde_json::to_string(&app_creds).unwrap(); | ||||
|  | ||||
|         let computed: CliDockerCredential = serde_json::from_str(&json) | ||||
|             .expect("Failed to deserialize Docker credentials from main app -> CLI"); | ||||
|  | ||||
|         let expected = CliDockerCredential { | ||||
|             server_url: "https://registry.jfmonty2.com".into(), | ||||
|             username: "joe@jfmonty2.com".into(), | ||||
|             secret: "correct horse battery staple".into(), | ||||
|         }; | ||||
|         assert_eq!(expected, computed); | ||||
|     } | ||||
| } | ||||
							
								
								
									
										19
									
								
								src-tauri/src/credentials/fixtures/aws_credentials.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								src-tauri/src/credentials/fixtures/aws_credentials.sql
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| INSERT INTO credentials (id, name, credential_type, is_default, created_at) | ||||
| VALUES | ||||
|     (X'00000000000000000000000000000000', 'test', 'aws', 1, strftime('%s')), | ||||
|     (X'ffffffffffffffffffffffffffffffff', 'test2', 'aws', 0, strftime('%s')); | ||||
|  | ||||
| INSERT INTO aws_credentials (id, access_key_id, secret_key_enc, nonce) | ||||
| VALUES  | ||||
|     ( | ||||
|         X'00000000000000000000000000000000', | ||||
|         'AKIAIOSFODNN7EXAMPLE', | ||||
|         X'B09ACDADD07E295A3FD9146D8D3672FA5C2518BFB15CF039E68820C42EFD3BC3BE3156ACF438C2C957EC113EF8617DBC71790EAFE39B3DE8', | ||||
|         X'DB777F2C6315DC0E12ADF322256E69D09D7FB586AAE614A6' | ||||
|     ), | ||||
|     ( | ||||
|         X'ffffffffffffffffffffffffffffffff', | ||||
|         'AKIAIOSFODNN7EXAMPL2', | ||||
|         X'ED6125FF40EF6F61929DF5FFD7141CD2B5A302A51C20152156477F8CC77980C614AB1B212AC06983F3CED35C4F3C54D4EE38964859930FBF', | ||||
|         X'962396B78DAA98DFDCC0AC0C9B7D688EC121F5759EBA790A' | ||||
|     ); | ||||
							
								
								
									
										11
									
								
								src-tauri/src/credentials/fixtures/docker_credentials.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								src-tauri/src/credentials/fixtures/docker_credentials.sql
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| INSERT INTO credentials (id, name, credential_type, is_default, created_at) | ||||
| VALUES (X'00000000000000000000000000000000', 'docker_test', 'docker', 0, 1726756380); | ||||
|  | ||||
| INSERT INTO docker_credentials (id, server_url, username, secret_enc, nonce) | ||||
| VALUES ( | ||||
|     X'00000000000000000000000000000000', | ||||
|     'https://registry.jfmonty2.com', | ||||
|     'joe@jfmonty2.com', | ||||
|     X'C0B36EE54539D4113A8F73E99FB96B2BF4D87E91F7C3B48256C07E83E3E7EC738888B2FDE2B4DB0BE48BEFDE', | ||||
|     X'C5F7F627BBE09A1BB275BE8D2390596C76143881A7766E60' | ||||
| ); | ||||
							
								
								
									
										42
									
								
								src-tauri/src/credentials/fixtures/ssh_credentials.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										42
									
								
								src-tauri/src/credentials/fixtures/ssh_credentials.sql
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,42 @@ | ||||
| INSERT INTO credentials (id, name, credential_type, is_default, created_at) | ||||
| VALUES | ||||
|     (X'11111111111111111111111111111111', 'ssh-plain', 'ssh', 1, 1721557273), | ||||
|     (X'22222222222222222222222222222222', 'ssh-enc', 'ssh', 0, 1721557274), | ||||
|     (X'33333333333333333333333333333333', 'ed25519-plain', 'ssh', 0, 1721557275), | ||||
|     (X'44444444444444444444444444444444', 'ed25519-enc', 'ssh', 0, 1721557276); | ||||
|  | ||||
|  | ||||
| INSERT INTO ssh_credentials (id, algorithm, comment, public_key, private_key_enc, nonce) | ||||
| VALUES | ||||
|     ( | ||||
|         X'11111111111111111111111111111111', | ||||
|         'ssh-rsa', | ||||
|         'hello world', | ||||
|         X'000000077373682D727361000000030100010000018100C4ABCE6D69400912EBAD527733401E30EBF3DC9433B79C8E343D7AFBE19A9F309934822577D9807346B48D4FB0604D022DA826E5624635E4CE19851AA5D30DFD2007DE99B04AE4C2F00823DFFC3C8DDE62F074831C1F8903067C83DCCD7D9CEE8643C93C5291F6B5047F53646A37C84098934FFDE5882B5DD7696CDDC4421C39E2894768CFD6650CE585E35A3F739B015650AA469ABDEFC6987E55DAFEC7D40B4388654ED3205D18528D881927C42CBE210CCF6F49A90619AD6E6ACBF1768D7EC52FF9CB85BE607B9414961566292016875164C1C1D1FBD4C3569D4424A7F19D043ABCDEE50573DFC4FC7F2C2718AA76528FA226C0DD5530DC705C30901E1BDE88FE5CC35CAE5AB8826D1E7F970DBED0A0F7E9833CFC7323A1F1323528D5CC3C00AEB98165D677CAF64BD69729132264D971B5C491D0AEAF53AAD22D03756B2E43754502E84488117EEBB962CCDF5DF59682C1E9BA472D5AB9B83DB2862E7EA380E8FD20DE9368CABCBBC5C95C233A52DE5DFE5E91CB59019D00B529C70C4305', | ||||
|         X'DB9B6A3B97FBAE6AC12BDAF9DA57DBEE4DDF6A92DD682958AF147FF5EF64C18255D2A1714D543F2D16BEFD7ED4C419C7A0E9C18754C4CAA251BCFA5AA46508B006CDB08A7C0DB63D8A7FE27F99CCC2F351203B36D2BC3D02302318ECC741574CEF70D956C5CCA41E538F2CA29B20E04778A596B0C3E5CD991A423443B01E3F811E004E2547C5D3DDAEBCFBFB68CDB03D0C16538224BBAA0A80767D64D8F3D2840975DD12B4F648F81B4D4B541CB500BAA99F9808F450A02688D583A924B8AE2B0BE777BC35CE808FD53B5DB8C0838D24A6CE31C3973880CF3174E63E3404F2E77783140A62DDBA06F9CD89ADE448A54FBCBD6C0EC8C0641724CDDEF2A8126EC0D0F5BDF89EB8112366D7EB6D3CE3565DF9E4036EAF3109E50BED5D7BD3558FFF69AD823F6522C5701CE26BCAFCC03D27D87547728A3C700719FF564EAEC961FA209252B113B404D75AD67CA4E40C5DAA36E9B0FB4ECDD6E5F853C81682123E8DF311A3C495F61A2CEE6A2B04C7FD3D0906583B9C724BC0D00D71106B7167983D6A0FBD3EA7361EE063A0B05E5A6B5CD82D0F795820BFC90E4F422E7CE2BDEBEAEE9493F5408F38732EB41741F15632185131CD6160433DD286869DF38679F6797A268EDE8ED0F442C4394FF52EFDE82EBEC5871A087288F7A12964615DA5AA02149FB661B0F76551CD53771B0DD180837A9D52A2BDF4757C4CF56DCD90B968F32B9F9EE5EE09EF5B791DB0366A4E6CCBBF0AF7D9CB5B7760BABAF4DE16BCC971DC95DCBD068A92DB8E8C709C0FBE9E2AB5B770EDFBCC6FB5045B706FB31DDEB6C52647618CD3B222CEF2DFD8D08ABAE6333A2E3C8768B8DB970BFF1777B75AE6DCE54DA7063F76846EFBDB92E55192A031DBA889D9DEDB0BF0FAA2FA6B4A0B0151B6F03D142D6B140EBB874CAF0A44D67AAD121127946DA90A14176EBB7B6C03DD2034987A100855E23F440CF6A404DEE46617B52581C7A248B7393FF56D8652855B23D19C35E1B535E5EC5EE87F3FF455458A740A55CDCB806053D4BCF44CDC2D76A1998418A60E11728BBC69F12C7E52A539E3834362C47A3E1863D265B3A7C2A41FA1953BB0FC64508679BB5F068DAF84C394A1497D564A3D6023B90D9A1C50E30FDC3E1C9B925EB0C19F960E7377B0678D662362129677E4B9AA515D2E4408A17A260D862F3C5D4291841855B91FE6EEA11C8E8EC19449CD9C31E6505BA364A45E7E3B89C5FA1C55708AF521F97440CED0ED0FAF06B7930E6A6F3A2B547E33EF73163D4C2E75B1AFA24BEB3129FFA978BC4EC43D0919ED262C0BE29AB78A87A57EAA55D51BE479A9E4015F9C3F2381745808AECF3783DEF5AB82E37C6EF68B97485CD36F7018B59C37E0EB93EAA32385E5E8CB95A5A3818B70F4CBE6102FC197946AAAAAABAD8B93750031CAC73C3F1B6B2F825B29435F2426B6AFABE35B1F8468E5A1CF73CC78E2FBB639AEFC171B7AD5D1728A536AB384B3F4AE924D5CEFA3F5EE5412094AE97303B8E728C7ACBCD9F9FB7C4FE7893145A55D96B7EDC1DD6257368C03AAC98B4F23D9AF15EF730BFD3FF09C2A11747035C8FD58EF97003503F568090C02A63117F3304989CFBAF20A281A729C8A8A4470524B3FDD2B4183E78BDE58BBB0B58B16D1E81702E58E225F7EED1A8E7F3920870FC9EE44D1433EEB39248A38108000EC1E151A26399A3F36CC41F6D272B3441198E8B56616E9A6C5A16303E562A62B4E6C27D16E9FADAF7E5A4AC7EFBD912883474302D5C9BB7D35C671DDECE68482A9472DAFA56B9AFF4E811A5BE7462FA6A988FED04178786DDB490A2010B8C178BD5601C23BBF5E3B1D13E86BB9980892B9999A6511FE2ECDAC681123745F676C155BB4627EFFAA65B1110B590A7FEE6D3359AED898D73C1B51AC8D534E94731934CCA9514F89E74C2BE5A799D8072C52399A7A647AF8F37F2D536C1B29D64214C490FE00565D912772256BF5E68F888E02FB704017F4D9FDD22E1C007A5FB4FCB51BC7A101DCAA56529231A59ACE14368268B7820C7C2BFBB0F5F78625E442C6EA83C88A9DEE318B2323AF0F3687ACF7B2B791D0B42B0576F0FF73E046DE1A56A5C2CBF6731E8D9485A02E9AD67D7752EBDBF3EBE703A760264363650CB9639B75985A9D00D210FFEBC93894E8E4BEAE7053FB6619BA9A8F0ECC4F822CF27606A6E58A8D5DAF55B519E7729B65A83FB859A3A028477BFBB7C8C01ABBE38EEDAAE11AA10ECC75868A281281792FA8D4EBDCC47DEB03868779A84D992D56612A8F46CAFADF65C5B32CFEA2974ECE34E4EDE9AF0AB4365C55D1A95FE551453BCFA5DF28CAF5AFA025CD5BD1CF86FB19AEB581135BFE2CBAA78643F209DE6A4D58206B0B236ADDD5A9122E8A21630907D0C5F23E86C151B8BFD8EA874DFF37DA7DE49D520DDAB7D074B37A726883211A788684A74D4E13A80CBC7655D8BBFF901CC44EF0A0368A3A69200695E277857AD620F2872D83224405A4DDD1E34AF68B72145AA442278C02DB7453AA8C184893AEBBCD4E15252CB8AF5972C49E047318362322CFAE99C38C5989A76C57E9D997BAACF6E13C19F66FCD618878D218DE7846C3D042E7E631B9AC126935AD6A3E15A659A3C4B9B5E521545A5A9B8A3CDFD21EADC2A5A74DBFA0769D63EC4F758D', | ||||
|         X'1A44F10CBD2579B378EF1ECE61005DBD0ED6189512B41293' | ||||
|     ), | ||||
|     ( | ||||
|         X'22222222222222222222222222222222', | ||||
|         'ssh-rsa', | ||||
|         'hello world', | ||||
|         X'000000077373682D727361000000030100010000018100B021E0FE494231E75D4CFC9CED6DF524122F0E86717710BB066236D1ABF001CB4C7CB58964E998E5385836912300129A1334E549A7EF5E0EC4115D97E099038ACFBBA0AD2FE5D574F7F3FF122A97B59F75D8B62DCD921FF1A5BBFDCB55D77779A41ABD46528AEF8B2C0DA96370FCEC79387EED6AC1C0CED041AE979CBB880BEC6C17917711143F1C4D035548D273773D01E3F643463811B7339D9F4B3FC8D1FECF761C8878C135E2E600D9D230F11A3AD8E0415D1A923A398D108E9043F630A9B7BB1310927CA8A46455096E1A272BA56B6F06FEE5764E3C8AC85EA5DE408AED8EC549BE749FB231C1A2CC95DA0035DB009A9DFB2C622833A54CFCCB9FFB173159065F3335C6DDAFBB52A82CD5C327198C496C2A4404F1A544D82175F915954492A4488954B37C78C1F81B467A05F96CCC26146CDF517AF71674046947B11CE80B0E277B2ABA23915AF11E9A9F9D05717E1F0ED70341F470085569F88D8F5CBB8179605A0BF88537A57893329D15F1F8CA3582BE3612410F06568533F801602F', | ||||
|         X'AD54C319103CFBA088A4B70AEC743CDED7B0A3EE3DDE370BBD14AA4FA4EACBDD1BBE2FCEF499BB4EC4DDEA9D472F27BBF93453C612BF1689B714C9718212E78C0E1B2133AEB0E7C954413F6EBFC4155CC975A252962AB7C1BBEAE8DA8C6F990B9DE96313F0158AA8DD7896000AE2A4406080B81C37605B3986E463D5DEC01AC0BC4981A74BAF6413DF99119F65A337692885E9C5FBA9B483AA83783823981A0E66105083EB6CDB07AB93714AAF6AAF9A6239D256D8C9C56992AC846CF104E2B1B9DF96D0E67DF2EC9258E914EDFAA5AC36ABE3E9D5D641C92C6188D90D9B083DC3AFA9409B7809718279B52399145FE3173DA8E8A7E5C21715E0B140B22BFF8A0116E102B55C9BCB19B5B4FCCA88FBC5A2844E7E2AEC84ACA303BE8AC9448F93BB35366DFC2E38CEE31C66748847DA11CBB8A31F2CA4DD905362A8C513B6B8E3040EFCEC5BCFEB2E52902F33BF6DFEF911E56A00E51274C1548546DCA62261F94F580DCBAF7357F0C8F5058D2D1D5C91E0AAAB396A305E79350FC0F9879CAFD33316DB77586C36A8246F4D5A14EEC495CFCFA108B70A00008CE64ABC2EBC656DFE760612194B526BC1AE8C08325E3FE76999E6341D6C2BA35BA87CB9FB30A269891A0013E989246E80D5CF7590A66D8494CA79D5E2FD6A8FF7ECA1169379C2D45F4108BA5A796309D4CBDBEE6F45A0F6536B45666E1CF977B26612BC8108FCF32FF0D9296C9C414812C221032B2E5107CFCE1E4FCC2E07C5D31F1A1492732D0ECEB3920E50DFBCAA89561CE52436D23DA40D8678CE901BDC57C3F80233BBAF7AE5CA432547EB51DFBABF5B8BC94C0F6EAE47C94649CECE192D6436D609EE040A3AC059529E7CAAFA45D1B2E331E0E73BAFB1C6E05F71EBF28E222D2B15E724D5EBB3B9C3A709F0F9BCD41C87DF158BDCD3C1FCA86A8D4B57B98F4386AA6956BC3DC6BC2AF6A479560C1598B866935795C29F22CB93072E9D8D4D110AAC2B0F22CD8662354BF5D509750068613C052E88629EFF9488BD1C0B3E6FFD010A5B739F943234AA456F998B4DC7FA7B877961DE1CC744760712337B70971EED7AA4B97121F26298DCFDC2282D721CAB90098585ACFD31EC776EEE2C0211AB711BE94F31ED0D2BA4A9D8EFFC155FC68AB02EA1DC380A1525EF2BD14B55CC71210B54E5F55A8C3C876A6667EFA271095B1280B9ED6FAE9E73601A698FE2732756780BF453F927FD171F497F9C1FA6ADE7DC8187FEDA309E807E2E7895E1763DE1758E50035CE24D54A814745F05446FFD91F8E27770577384BBDC6E11E435658404533D32C461A0DB1CC6AE0847ABB744FB61C524CF9162E3660941CA3DA96F56EA5C036BF5E633C6CA0F033335AB5B623D08A024E87235FF8324B284FB981A9998DD0028A0DE54B4D6BE04C51E8D71DD09B3563C84E5C43826418365FB7912DFABDC5BB25BDE2C558DAC14AEED79F705F34E2D04F17829515C725675571EE1E4BDD21D8EBAA9C6075DE48EF8F2ED7814E20836A2721E46B5C71EE365CFE996A07ADABD84FE5B1E25EF5D9CC66B945084A4207004372AA792BA1BE97B67397635EA7DCC2F99C6AD5C394A8F4C0B7CBC87C38DE52F120993E6DC6BEA27D5B90D90E1C8F7626C860386121E53BE3D4F7B4005A69EB0334E118E70B7207CEDFCEE1EC2A30C789174AAA6531EAAD2E0BED7400CA44911E896E4C82DCA85ADBA92CA01B2CE75924AE81FE286C4CBD8073B7546313A75E52CA1882D8935D2F6058FECEBA4626B4445FCED2E9986632F9F5597C7BBD44F375027727D51B0033B87D23395EEC26EE06378B247B0C1469286F868828C942FCE2BF1BFFDC07CAEC1E214D37ADE737A7DFF082972C6E8411591BEE4B54BED231A7F856C022B26887ADD115A252807D3C58DCD8FB5D7D71DC3766C288438DB3D9D98FC8A22FEC92A7E6E3855ACD36BBEA79C5F98C7ABD9CCECB37C18C3315E5CC7B3BFF699FD201419F8EA402E422EFE62A25D4A76B2CCA0F6D43313BA7DF6537619FD2AE8ACF55B17F709961228076DBBB3592B6B7A1C3C271D54C06403902B0384492AE486E931DD63F68E739769E174D97EA46E7D780D03529EA21B418E0A68E44ED15AB9471B5F139E29EA25C7AE881E216A2863D6E908790002B0B1CC23B1DB3266CEACA2771BD661941AEDEE196316E8D8D7CE361C23E7C1BFFBFD0467329E948CD936B54C7313DC053F96BAFD139500ACB0CCDCA7C0AFBFEC02CFD31FECF4193C1E13F8E59378959BE3360C3B57BD325E5D87CA3D9CE08EFD00980200004D01EE4C6D4450C545A82BE0E1A527AE3432AD6500AF6C8B4400095D9CA7DAA0AA956DC8CD6A4336B876988128119997DB4847AFEFDF2CB8E3F88D5B66CC1E5A32229F79324063584C95C775C5D8D3B05956F0BC8432B9FB28D006247F1DF22C431515BDB4234C91B10CA20B5C05924CAAF82094C8C49123776F1C7170218FEC6C1D2D94F242277765EB9A6C48BE8751D92FFC4C3314155C7685940CA07BB70722D0B65585BC50253A9A6F793CD7A3269657B234C72EC8F2DD4F3B61A7260B3028FFB2B866A311E027C3D8D56592AB4795AA22452CBE37AEE68D7952EE473BB67CE6839E0F5DAA7C9B09F26CBF99CF5BF1181A41B683B9EA939A1823C3733B1EE8066614D3A692C99E5F9EA22231', | ||||
|         X'B9DF74AE34E4E7E17EA2EABECE5FD85B14ADB53EDB5BF27C' | ||||
|     ), | ||||
|     ( | ||||
|         X'33333333333333333333333333333333', | ||||
|         'ssh-ed25519', | ||||
|         'hello world', | ||||
|         X'0000000B7373682D6564323535313900000020BBB05846908A7F4819CA69BE50E94658FD6F51D24FFECED678566D43E1DD6BF2', | ||||
|         X'7E3719254AB02100F159D971C17322CF51ECB60AC9E2CDA511EDFD88E75D9828A5A308F1F6A7D6919ED080FD0E6D3FAB64583A946334EE8870006AB7EDC57E6D7BCD145485D1F2A06D946B4DB69591467F289A5CD3BBF922FAAF5B54275F56CF81CC450DE4C8C0F24078C395BA02E8C646731FA6A50480392B13784FD2A85D094DDB8E73C56120936C02C3F94E910C23787FC307369239E264600BBE799EA851CE16FD653BE71D024AA73A582AACC390DD1F341C095788ECE6F4CC37D045A2BFFEC9F14AEBE73E43C6E78E00A9645C6A46D03F2847355DBCD33DA09C76148089A0FC1B3793AB5DA577B879D25EF7B8A8661387F19F392522CFD2886F6FEB65584841', | ||||
|         x'58E67EEE49A11FFDD9D32F63ED99053008091B415F87F1BA' | ||||
|     ), | ||||
|     ( | ||||
|         X'44444444444444444444444444444444', | ||||
|         'ssh-ed25519', | ||||
|         'hello world', | ||||
|         X'0000000B7373682D65643235353139000000200491C64AD1D7E9C20D989937677C32EBE5FB35BCBA77422550A8FAA54C023923', | ||||
|         X'6BA994C263935729D807579173B377323F6353A88F660143EA92DE1E1A92F00682B8A1FAD838F0D211BD69855E8E34AE84D5A7B3C23F23A822B2AFF6E861BC81D89AFDDEB0DED063C84644B3EFEF2612DA1DA9C3C12EDAEFCBEA3542EA0ED1903FC1922E5F56E19FAD8CC75A2A30D64C83BF27ADE00E66BCCFE1CA67E95A00819F7BF91DDD22C4A1FB419E91B5D61544175D8D69EB5B416E6547DFD55CD386B62293B778322FB840D1F4DBBDCE2364A6FE4A7B090425031E7DB347314CEBD9BA09F85CC45CF3B4D02FE78B7F365D5C7E95331AA7A6F91A619E8A8663B77A31BAF639652D72B4FD11C8D430C8A1C5542C69DF4ACA74BAB7608B7E9ADD15BAF4674AFB', | ||||
|         X'46F31DCF22250039168D80F26D50C129C9AFDA166682C89A' | ||||
|     ); | ||||
							
								
								
									
										8
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_enc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_enc
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| -----BEGIN OPENSSH PRIVATE KEY----- | ||||
| b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAWtYanP1 | ||||
| TBKT8lBL4IzKpYAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIASRxkrR1+nCDZiZ | ||||
| N2d8Muvl+zW8undCJVCo+qVMAjkjAAAAkI021XFPzB9VnO8uGAQ8f3bwP/ki5fDVuWD7Fc | ||||
| crN+yfT8Ugjhc7IL2dIt/xj9iJIa9fJDw0pg1Y8issqp9C8HVhasyWpf2iwJIalUHTOekn | ||||
| WdoxA+/OQBstRBKSv43sI801+9OC8dXCMNM2QzpiGNs0QxdLJpcJQhHEvqq/yDIODF0p7M | ||||
| h3e9eYGVPOR0CjlQ== | ||||
| -----END OPENSSH PRIVATE KEY----- | ||||
							
								
								
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_enc.pub
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_enc.pub
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASRxkrR1+nCDZiZN2d8Muvl+zW8undCJVCo+qVMAjkj hello world | ||||
							
								
								
									
										7
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_plain
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_plain
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| -----BEGIN OPENSSH PRIVATE KEY----- | ||||
| b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | ||||
| QyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8gAAAJAwEcgHMBHI | ||||
| BwAAAAtzc2gtZWQyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8g | ||||
| AAAEB9VXgjePmpl6Q3Y1t2a4DZhsdRf+183vWAJWAonDOneLuwWEaQin9IGcppvlDpRlj9 | ||||
| b1HST/7O1nhWbUPh3WvyAAAAC2hlbGxvIHdvcmxkAQI= | ||||
| -----END OPENSSH PRIVATE KEY----- | ||||
| @@ -0,0 +1 @@ | ||||
| {"algorithm":"ssh-ed25519","comment":"hello world","public_key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILuwWEaQin9IGcppvlDpRlj9b1HST/7O1nhWbUPh3Wvy hello world","private_key":"-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8gAAAJAwEcgHMBHI\nBwAAAAtzc2gtZWQyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8g\nAAAEB9VXgjePmpl6Q3Y1t2a4DZhsdRf+183vWAJWAonDOneLuwWEaQin9IGcppvlDpRlj9\nb1HST/7O1nhWbUPh3WvyAAAAC2hlbGxvIHdvcmxkAQI=\n-----END OPENSSH PRIVATE KEY-----\n"} | ||||
							
								
								
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_plain.pub
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_ed25519_plain.pub
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILuwWEaQin9IGcppvlDpRlj9b1HST/7O1nhWbUPh3Wvy hello world | ||||
							
								
								
									
										39
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_enc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_enc
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,39 @@ | ||||
| -----BEGIN OPENSSH PRIVATE KEY----- | ||||
| b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAanK91R1 | ||||
| FN66oOcvNyslkhAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCwIeD+SUIx | ||||
| 511M/JztbfUkEi8OhnF3ELsGYjbRq/ABy0x8tYlk6ZjlOFg2kSMAEpoTNOVJp+9eDsQRXZ | ||||
| fgmQOKz7ugrS/l1XT38/8SKpe1n3XYti3Nkh/xpbv9y1XXd3mkGr1GUorviywNqWNw/Ox5 | ||||
| OH7tasHAztBBrpecu4gL7GwXkXcRFD8cTQNVSNJzdz0B4/ZDRjgRtzOdn0s/yNH+z3YciH | ||||
| jBNeLmANnSMPEaOtjgQV0akjo5jRCOkEP2MKm3uxMQknyopGRVCW4aJyula28G/uV2TjyK | ||||
| yF6l3kCK7Y7FSb50n7IxwaLMldoANdsAmp37LGIoM6VM/Muf+xcxWQZfMzXG3a+7Uqgs1c | ||||
| MnGYxJbCpEBPGlRNghdfkVlUSSpEiJVLN8eMH4G0Z6BflszCYUbN9RevcWdARpR7Ec6AsO | ||||
| J3squiORWvEemp+dBXF+Hw7XA0H0cAhVafiNj1y7gXlgWgv4hTeleJMynRXx+Mo1gr42Ek | ||||
| EPBlaFM/gBYC8AAAWQf6woBjAp1r47e3HsH4DyTDNF+u98eyCXLb86Lf8G9IFzOACMx4Bh | ||||
| auNdB2dZ/Re2FZ6bdzb+h9snQf0PY4y4zJ7bmJ5VbRcYAM/XnVcKP+Q2254te15DLAsKXA | ||||
| rzGVdEB8vshTloEHZTBVGiWRSFvn/rzPTNRhw5X/OMX21EAFR2yFXFHSxKwuPTWRCTTan3 | ||||
| PA7BqJX8k6XtzwafPo9as0ui3jds/aL9VBlxlQB3x5uWfo7Kw73qReDzaIS94VVsm667tI | ||||
| KIN/0/e3mDpfXmWLH2Xc7BLZcs5eSHztwakYDPc5VzFTdAfb4juVdVmiLUs0ttj+aXnJo9 | ||||
| 6p/kX5ISSs5gzAaL2yGmPjNeeEXgV38ysYnNUB0fIoceuda54oM8kYAeZnQGpgV0Rh6ku+ | ||||
| KNWajrJF22cH6QQ61VO4ymoDrw+oxyTog/M5n7IhCROGAJOQV4CRYKELHwMIt6niiihDfI | ||||
| +YbIs7Qs0ap4mHeVKbLS3WsSK7mZI70yCeLzT+ilNaqW28RLHxAEM86lRfuH1vmABKdy8D | ||||
| 3e1K0WivbY5zmGvFGP1DIl3NXr6M7ZaFg5bgohssOXzMucAOR9mZpzMg20jF4SOt7IC9SU | ||||
| pWg+OIIP7pVfS2FjATMrh25xgeqD2BcDSoJWEH4xrlviyBS1wVA9W35npHiJSQptppn8cj | ||||
| EhwuS916OMhWOsXHPssqHFA+DrLByCZKcORD/mFPpsnI4/3TvA4PL6pqv2Kup0YBDqkyko | ||||
| wIyZQMjr4DjR6xYR3W0Mjzn2UG0Grn96QGrjnj1l/LAXAw00NeYktI4m5YX4wIIdhP/RT8 | ||||
| RL9d4SE0YicneoDPtcLaaa4TTIvcbHJsP8aUP723reUzyxvw9Bdo9wC2bzE1xlOhm/WCmF | ||||
| 0SNvEl6H/kivTjQkI2HQuGVq037eIAB5rToT6cVD3TiNmN6UuOX7Ec+8kw4JPGgLA/l+AB | ||||
| w3gCsyK7MyZoeWNw2+b1utkjMcqG0bjju0yTdjSho6KazGtoBQ4P+Jx9KIwiJT13Nr1WMz | ||||
| KBW98YojZCfCxPeNx6RPsp6PzM673R9DVRNXSs3yYhEZDXJEHCS7jDptR8r8uScogIIUEx | ||||
| YShJU0/WSVHgHZ4Ef2S7MDX1RLU4WGoUtbwxnTEQ26iNLjskYzV9/O88PajJSc2Wcz5vES | ||||
| I4BFROg2px+ViLlWqiegXIZc5NnN2HSJQ7ucTObSL0+oT5SzQiRfHy2TLa4w+c5hgO1VNx | ||||
| Xmq0doKjMW9DmU2ygwzFgnaQp9S8NlIIA/4mKkAODbCgWFqXz99gMgfL+dnUhwo4WHN3lU | ||||
| D/uVxRxwTKWWNp39z/p5hBYLKpqJbDCp+ysM9VpyllAkjk9aDihUq5dQVzpA1iTFH2DdbM | ||||
| TrclBWaXr9QQiH+F73mZvJPhP2//gT9qped6XumkSpuNXFrXoZ/P49xKgQ/51rg8Ri5ZJ7 | ||||
| cIiofoppfat5ex20oBqAnumrM0JrhUrVxzhSd5tPPH5JGeZYml3sK1rM4pV7K7bnugXg9f | ||||
| C6HVxe/l2klAOvg0U9yJAvR35mS0+F0dpwvjRrFS/+JxG6RzzAAunDJHjADNne5FhKFNLB | ||||
| WRzsXHTCT+wGp497Nq8uS/0sgZAMHsy2KMK6n5h8V6kHL9t5VgsD18g0neu9ytwYrjvAuM | ||||
| AoDdwpuUkCJVNOiMHumxPvivGRNhSHwW7fTDHX+yI6/j1i/Wl1unjCxNgNCbgCMRCg1+dN | ||||
| wRw/wqs4mQyGf70AUA5JIVx/W7gAxlt3YWCFHfTRiK5A/BHa0qs+RPMzVlIJhAx0TGAOze | ||||
| BBJIg2kH26rWLV2aosOx8FFH/rZVj6gyYLw0JlsoTCva383SkifvlfiLY3DxfU+bwvJ9p0 | ||||
| bnzyMMiKRuZb16OucNli84FIAuI= | ||||
| -----END OPENSSH PRIVATE KEY----- | ||||
							
								
								
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_enc.pub
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_enc.pub
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwIeD+SUIx511M/JztbfUkEi8OhnF3ELsGYjbRq/ABy0x8tYlk6ZjlOFg2kSMAEpoTNOVJp+9eDsQRXZfgmQOKz7ugrS/l1XT38/8SKpe1n3XYti3Nkh/xpbv9y1XXd3mkGr1GUorviywNqWNw/Ox5OH7tasHAztBBrpecu4gL7GwXkXcRFD8cTQNVSNJzdz0B4/ZDRjgRtzOdn0s/yNH+z3YciHjBNeLmANnSMPEaOtjgQV0akjo5jRCOkEP2MKm3uxMQknyopGRVCW4aJyula28G/uV2TjyKyF6l3kCK7Y7FSb50n7IxwaLMldoANdsAmp37LGIoM6VM/Muf+xcxWQZfMzXG3a+7Uqgs1cMnGYxJbCpEBPGlRNghdfkVlUSSpEiJVLN8eMH4G0Z6BflszCYUbN9RevcWdARpR7Ec6AsOJ3squiORWvEemp+dBXF+Hw7XA0H0cAhVafiNj1y7gXlgWgv4hTeleJMynRXx+Mo1gr42EkEPBlaFM/gBYC8= hello world | ||||
							
								
								
									
										38
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_plain
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_plain
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,38 @@ | ||||
| -----BEGIN OPENSSH PRIVATE KEY----- | ||||
| b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn | ||||
| NhAAAAAwEAAQAAAYEAxKvObWlACRLrrVJ3M0AeMOvz3JQzt5yOND16++GanzCZNIIld9mA | ||||
| c0a0jU+wYE0CLagm5WJGNeTOGYUapdMN/SAH3pmwSuTC8Agj3/w8jd5i8HSDHB+JAwZ8g9 | ||||
| zNfZzuhkPJPFKR9rUEf1NkajfIQJiTT/3liCtd12ls3cRCHDniiUdoz9ZlDOWF41o/c5sB | ||||
| VlCqRpq978aYflXa/sfUC0OIZU7TIF0YUo2IGSfELL4hDM9vSakGGa1uasvxdo1+xS/5y4 | ||||
| W+YHuUFJYVZikgFodRZMHB0fvUw1adRCSn8Z0EOrze5QVz38T8fywnGKp2Uo+iJsDdVTDc | ||||
| cFwwkB4b3oj+XMNcrlq4gm0ef5cNvtCg9+mDPPxzI6HxMjUo1cw8AK65gWXWd8r2S9aXKR | ||||
| MiZNlxtcSR0K6vU6rSLQN1ay5DdUUC6ESIEX7ruWLM3131loLB6bpHLVq5uD2yhi5+o4Do | ||||
| /SDek2jKvLvFyVwjOlLeXf5ekctZAZ0AtSnHDEMFAAAFgMFqGjPBahozAAAAB3NzaC1yc2 | ||||
| EAAAGBAMSrzm1pQAkS661SdzNAHjDr89yUM7ecjjQ9evvhmp8wmTSCJXfZgHNGtI1PsGBN | ||||
| Ai2oJuViRjXkzhmFGqXTDf0gB96ZsErkwvAII9/8PI3eYvB0gxwfiQMGfIPczX2c7oZDyT | ||||
| xSkfa1BH9TZGo3yECYk0/95YgrXddpbN3EQhw54olHaM/WZQzlheNaP3ObAVZQqkaave/G | ||||
| mH5V2v7H1AtDiGVO0yBdGFKNiBknxCy+IQzPb0mpBhmtbmrL8XaNfsUv+cuFvmB7lBSWFW | ||||
| YpIBaHUWTBwdH71MNWnUQkp/GdBDq83uUFc9/E/H8sJxiqdlKPoibA3VUw3HBcMJAeG96I | ||||
| /lzDXK5auIJtHn+XDb7QoPfpgzz8cyOh8TI1KNXMPACuuYFl1nfK9kvWlykTImTZcbXEkd | ||||
| Cur1Oq0i0DdWsuQ3VFAuhEiBF+67lizN9d9ZaCwem6Ry1aubg9soYufqOA6P0g3pNoyry7 | ||||
| xclcIzpS3l3+XpHLWQGdALUpxwxDBQAAAAMBAAEAAAGABsfTnKMR0Z5E4Ntkf7BYuiAQbs | ||||
| zvQYfUwUlTWabMEWv4BD7ucsTdcFwCMpMKRi+xgQh4mtT6DbafQnL72ba+lzkI/Gw5D0P2 | ||||
| 0pa9QeYs4klGCPtDX+9YZnHNTjCJJykHcjqZEAravHI+PvONlTnqHgwEnC/pP3obSKd6WO | ||||
| UA0H9QZ6I+I1hFcJ3jMVT1thMkhyjNzhRcsw0aSdTE8Z7LGT5RUAjZL5b2FTaK+C8OTOqb | ||||
| MhlewV/h9XWsxmLUpt0277I8ShvjJbJg6TEPJh6D7FRTU+tY4rjGK12DP9lVq6M7Md4ULV | ||||
| JW3aW350xVV2p9031HLDUfWs7dqZ5ufoD3EopOVZGvfGAE3C4aHvJB5D6K7wG7ptWsPgte | ||||
| EcCz84DpsoJ7KICTs8QoXt5bl68qnW3YvzCcqZc7DjLdKNh/wzjdMdzx8AMS4yBF2ceOSE | ||||
| I7Og9UZZtmGzZ0g4Dhg3jMUyWBA++sUayJUqg0izzA/htt+tVd9ABMkJOufcCpnuPRAAAA | ||||
| wCdCy66KXCLx5HCMIsd2/TdbGAZnuirYCn9ee3T5xhJyZjmwIfmZEXUuENKq8e+vYldwey | ||||
| EjdnevM+OCTc8xo77yowgYRBzguDa2R9UH3bg9cWZIpQGzXmnL35Dux4nZPUKs69WMht92 | ||||
| bpRh9roPs2M5tSAcSpmfohFYhMwRxqVooSeSg+kGE4dCXnVqK1tURExnqKy8CkoDW4fhbH | ||||
| HNmPsBnbdTNtfAlg8MO1v1Hk+/+6mpNhiJ7bKF4au9lm+QHgAAAMEA11frEHqordrzlTRg | ||||
| kmqGq9qaORev2g/7n719DlXb2HjGfy5gK9iUCxsgGN6GiFF0mUD7hMY6UMIVfsC/Rm07aE | ||||
| 700u7OJAm8AcnFkEANlZ3ucWltnumVtxyMBlKq7PxkcIG5X+nJ6N8oVw3zZTsjaYCMe1s1 | ||||
| 806oE5D3GZk10pnfVIrY9DFZBtT3+mBpF2uQZk0ZSwh8Hh9xGFGxsm6blkgpcip7v+26PR | ||||
| hqA88WlXAPMnvFpXthr0mny+cy7Q59AAAAwQDpzWi1Prhi3JtVolyac/ygvzje4lhuz5ei | ||||
| 3pC7b1cepdFoQCS33tixwfzqKCp6RfHrtrKzZMqREaX5sor1Hha7S+Vo+KLtZWkFUONTHR | ||||
| 987wmXIu8ziRWKBeuk6g9OSXI5w8hyLwn4XLEeVri4fAUIUwpi4B0Eazp4P/9AUf1188xz | ||||
| a4ACWXDYkUFoLQo9J07HWDhKbEKFZVlIznyfmLVXc8JEzwrPThW+viGK1AFi9FxeLB4QmK | ||||
| PkAC2GY5AmhSkAAAALaGVsbG8gd29ybGQ= | ||||
| -----END OPENSSH PRIVATE KEY----- | ||||
							
								
								
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_plain.pub
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								src-tauri/src/credentials/fixtures/ssh_rsa_plain.pub
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEq85taUAJEuutUnczQB4w6/PclDO3nI40PXr74ZqfMJk0giV32YBzRrSNT7BgTQItqCblYkY15M4ZhRql0w39IAfembBK5MLwCCPf/DyN3mLwdIMcH4kDBnyD3M19nO6GQ8k8UpH2tQR/U2RqN8hAmJNP/eWIK13XaWzdxEIcOeKJR2jP1mUM5YXjWj9zmwFWUKpGmr3vxph+Vdr+x9QLQ4hlTtMgXRhSjYgZJ8QsviEMz29JqQYZrW5qy/F2jX7FL/nLhb5ge5QUlhVmKSAWh1FkwcHR+9TDVp1EJKfxnQQ6vN7lBXPfxPx/LCcYqnZSj6ImwN1VMNxwXDCQHhveiP5cw1yuWriCbR5/lw2+0KD36YM8/HMjofEyNSjVzDwArrmBZdZ3yvZL1pcpEyJk2XG1xJHQrq9TqtItA3VrLkN1RQLoRIgRfuu5YszfXfWWgsHpukctWrm4PbKGLn6jgOj9IN6TaMq8u8XJXCM6Ut5d/l6Ry1kBnQC1KccMQwU= hello world | ||||
| @@ -1,193 +1,141 @@ | ||||
| use argon2::{ | ||||
|     Argon2, | ||||
|     Algorithm, | ||||
|     Version, | ||||
|     ParamsBuilder, | ||||
|     password_hash::rand_core::{RngCore, OsRng}, | ||||
| }; | ||||
| use chacha20poly1305::{ | ||||
|     XChaCha20Poly1305, | ||||
|     XNonce, | ||||
|     aead::{ | ||||
|         Aead, | ||||
|         AeadCore, | ||||
|         KeyInit, | ||||
|         Error as AeadError, | ||||
|         generic_array::GenericArray, | ||||
|     }, | ||||
| }; | ||||
| use serde::{Serialize, Deserialize}; | ||||
| use sqlx::{FromRow, SqlitePool}; | ||||
| use sqlx::{ | ||||
|     FromRow, | ||||
|     Sqlite, | ||||
|     SqlitePool, | ||||
|     sqlite::SqliteRow, | ||||
|     Transaction, | ||||
|     types::Uuid, | ||||
| }; | ||||
| use tokio_stream::StreamExt; | ||||
|  | ||||
| use crate::kv; | ||||
| use crate::errors::*; | ||||
|  | ||||
| mod aws; | ||||
| pub use aws::{AwsBaseCredential, AwsSessionCredential}; | ||||
|  | ||||
| mod crypto; | ||||
| pub use crypto::Crypto; | ||||
|  | ||||
| pub enum CredentialKind { | ||||
|     AwsBase, | ||||
|     AwsSession, | ||||
| mod docker; | ||||
| pub use docker::DockerCredential; | ||||
|  | ||||
| mod record; | ||||
| pub use record::CredentialRecord; | ||||
|  | ||||
| mod session; | ||||
| pub use session::AppSession; | ||||
|  | ||||
| mod ssh; | ||||
| pub use ssh::SshKey; | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] | ||||
| #[serde(tag = "type")] | ||||
| pub enum Credential { | ||||
|     AwsBase(AwsBaseCredential), | ||||
|     AwsSession(AwsSessionCredential), | ||||
|     Docker(DockerCredential), | ||||
|     Ssh(SshKey), | ||||
| } | ||||
|  | ||||
|  | ||||
| pub trait PersistentCredential { | ||||
|     async fn load(crypt: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError>; | ||||
|     async fn save(&self, crypt: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError>; | ||||
| } | ||||
| pub trait PersistentCredential: for<'a> Deserialize<'a> + Sized { | ||||
|     type Row: Send + Unpin + for<'r> FromRow<'r, SqliteRow>; | ||||
|  | ||||
|     fn type_name() -> &'static str; | ||||
|  | ||||
| #[derive(Debug, Clone)] | ||||
| pub enum AppSession { | ||||
|     Unlocked { | ||||
|         salt: [u8; 32], | ||||
|         crypto: Crypto, | ||||
|     }, | ||||
|     Locked { | ||||
|         salt: [u8; 32], | ||||
|         verify_nonce: XNonce, | ||||
|         verify_blob: Vec<u8> | ||||
|     }, | ||||
|     Empty, | ||||
| } | ||||
|     fn into_credential(self) -> Credential; | ||||
|  | ||||
| impl AppSession { | ||||
|     pub fn new(passphrase: &str) -> Result<Self, CryptoError> { | ||||
|         let salt = Crypto::salt(); | ||||
|         let crypto = Crypto::new(passphrase, &salt); | ||||
|         Ok(Self::Unlocked {salt, crypto}) | ||||
|     fn row_id(row: &Self::Row) -> Uuid; | ||||
|  | ||||
|     fn from_row(row: Self::Row, crypto: &Crypto) -> Result<Self, LoadCredentialsError>; | ||||
|  | ||||
|     // save_details needs to be implemented per-type because we don't know the number of parameters in advance | ||||
|     async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError>; | ||||
|  | ||||
|     fn table_name() -> String { | ||||
|         format!("{}_credentials", Self::type_name()) | ||||
|     } | ||||
|  | ||||
|     pub fn unlock(self, passphrase: &str) -> Result<Self, UnlockError> { | ||||
|         let (salt, nonce, blob) = match self { | ||||
|             Self::Empty => return Err(UnlockError::NoCredentials), | ||||
|             Self::Unlocked => return Err(UnlockError::NotLocked), | ||||
|             Self::Locked {salt, verify_nonce, verify_blob} => (salt, verify_nonce, verify_blob), | ||||
|         }; | ||||
|     async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let q = format!("SELECT * FROM {} WHERE id = ?", Self::table_name()); | ||||
|         let row: Self::Row = sqlx::query_as(&q) | ||||
|             .bind(id) | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         let crypto = Crypto::new(passphrase, salt) | ||||
|             .map_err(|e| CryptoError::Argon2(e))?; | ||||
|  | ||||
|         // if passphrase is incorrect, this will fail | ||||
|         let verify = crypto.decrypt(&nonce, &blob)?; | ||||
|  | ||||
|         Ok(Self::Unlocked{crypto, salt}) | ||||
|         Self::from_row(row, crypto) | ||||
|     } | ||||
|  | ||||
|     pub async fn load(pool: &SqlitePool) -> Result<Self, LoadKvError> { | ||||
|         match kv::load_bytes_multi!(pool, "salt", "verify_nonce", "verify_blob").await? { | ||||
|             Some((salt, verify_nonce, verify_blob)) => { | ||||
|                 Ok(Self::Locked {salt, verify_nonce, verify_blob}), | ||||
|             }, | ||||
|             None => Ok(Self::Empty), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     pub async fn save(&self, pool: &SqlitePool) -> Result<(), LockError> { | ||||
|         let (salt, nonce, blob) = match self { | ||||
|             Self::Unlocked {salt, crypto} => { | ||||
|                 let (nonce, blob) = crypto.encrypt(b"correct horse battery staple") | ||||
|                     .map_err(|e| CryptoError::Aead(e))?; | ||||
|                 (salt, nonce, blob) | ||||
|             }, | ||||
|             Self::Locked {salt, verify_nonce, verify_blob} => (salt, verify_nonce, verify_blob), | ||||
|             // "saving" an empty session just means doing nothing | ||||
|             Self::Empty => return Ok(()), | ||||
|         }; | ||||
|  | ||||
|         kv::save(pool, "salt", salt).await?; | ||||
|         kv::save(pool, "verify_nonce", nonce).await?; | ||||
|         kv::save(pool, "verify_blob", blob).await?; | ||||
|  | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub fn try_encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), CryptoError> { | ||||
|         let crypto = match self { | ||||
|             Self::Empty => Err(GetCredentialsError::Empty), | ||||
|             Self::Locked => Err(GetCredentialsError::Locked), | ||||
|             Self::Unlocked {crypto, ..} => crypto, | ||||
|         }?; | ||||
|         let res = crypto.encrypt(data)?; | ||||
|         Ok(res) | ||||
|     } | ||||
|  | ||||
|     pub fn try_decrypt(&self, nonce: XNonce, data: &[u8]) -> Result<Vec<u8>, CryptoError> { | ||||
|         let crypto = match self { | ||||
|             Self::Empty => Err(GetCredentialsError::Empty), | ||||
|             Self::Locked => Err(GetCredentialsError::Locked), | ||||
|             Self::Unlocked {crypto, ..} => crypto, | ||||
|         }?; | ||||
|         let res = crypto.decrypt(nonce, data)?; | ||||
|         Ok(res) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| pub struct Crypto { | ||||
|     cipher: XChaCha20Poly1305, | ||||
| } | ||||
|  | ||||
| impl Crypto { | ||||
|     /// Argon2 params rationale: | ||||
|     /// | ||||
|     /// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB. | ||||
|     /// This should roughly double the memory usage of the application | ||||
|     /// while deriving the key. | ||||
|     /// | ||||
|     /// p_cost is irrelevant since (at present) there isn't any parallelism | ||||
|     /// implemented, so we leave it at 1. | ||||
|     /// | ||||
|     /// With the above m_cost, t_cost = 8 results in about 800ms to derive | ||||
|     /// a key on my (somewhat older) CPU. This is probably overkill, but | ||||
|     /// given that it should only have to happen ~once a day for most  | ||||
|     /// usage, it should be acceptable. | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     const MEM_COST: u32 = 128 * 1024; | ||||
|     #[cfg(not(debug_assertions))] | ||||
|     const TIME_COST: u32 = 8; | ||||
|  | ||||
|     /// But since this takes a million years without optimizations, | ||||
|     /// we turn it way down in debug builds. | ||||
|     #[cfg(debug_assertions)] | ||||
|     const MEM_COST: u32 = 48 * 1024; | ||||
|     #[cfg(debug_assertions)] | ||||
|     const TIME_COST: u32 = 1; | ||||
|      | ||||
|  | ||||
|     fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> { | ||||
|         let params = ParamsBuilder::new() | ||||
|             .m_cost(Self::MEM_COST) | ||||
|             .p_cost(1) | ||||
|             .t_cost(Self::TIME_COST) | ||||
|             .build() | ||||
|             .unwrap(); // only errors if the given params are invalid | ||||
|  | ||||
|         let hasher = Argon2::new( | ||||
|             Algorithm::Argon2id, | ||||
|             Version::V0x13, | ||||
|             params, | ||||
|     async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let q = format!( | ||||
|             "SELECT * FROM {} WHERE id = (SELECT id FROM credentials WHERE name = ?)", | ||||
|             Self::table_name(), | ||||
|         ); | ||||
|         let row: Self::Row = sqlx::query_as(&q) | ||||
|             .bind(name) | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         let mut key = [0; 32]; | ||||
|         hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?; | ||||
|         let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key)); | ||||
|         Ok(Crypto { cipher }) | ||||
|         Self::from_row(row, crypto) | ||||
|     } | ||||
|  | ||||
|     fn salt() -> [u8; 32] { | ||||
|         let mut salt = [0; 32]; | ||||
|         OsRng.fill_bytes(&mut salt); | ||||
|         salt | ||||
|     async fn load_by<T>(column: &str, value: T, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> | ||||
|     where T: Send + for<'q> sqlx::Encode<'q, Sqlite> + sqlx::Type<Sqlite> | ||||
|     { | ||||
|         let query = format!( | ||||
|             "SELECT * FROM {} where {} = ?", | ||||
|             Self::table_name(), | ||||
|             column, | ||||
|         ); | ||||
|         let row: Self::Row = sqlx::query_as(&query) | ||||
|             .bind(value) | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         Self::from_row(row, crypto) | ||||
|     } | ||||
|  | ||||
|     fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), AeadError> { | ||||
|         let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng); | ||||
|         let ciphertext = self.cipher.encrypt(&nonce, data)?; | ||||
|         Ok((nonce, ciphertext)) | ||||
|     async fn load_default(crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let q = format!( | ||||
|             "SELECT details.* | ||||
|             FROM {} details | ||||
|                 JOIN credentials c | ||||
|                     ON c.id = details.id | ||||
|                     AND c.is_default = 1", | ||||
|             Self::table_name(), | ||||
|         ); | ||||
|         let row: Self::Row = sqlx::query_as(&q) | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         Self::from_row(row, crypto) | ||||
|     } | ||||
|  | ||||
|     fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, AeadError> { | ||||
|         self.cipher.decrypt(nonce, data) | ||||
|     async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<(Uuid, Credential)>, LoadCredentialsError> { | ||||
|         let q = format!( | ||||
|             "SELECT details.* | ||||
|             FROM | ||||
|                 {} details | ||||
|                 JOIN credentials c | ||||
|                     ON c.id = details.id | ||||
|              ORDER BY c.created_at", | ||||
|              Self::table_name(), | ||||
|         ); | ||||
|         let mut rows = sqlx::query_as::<_, Self::Row>(&q).fetch(pool); | ||||
|  | ||||
|         let mut creds = Vec::new(); | ||||
|         while let Some(row) = rows.try_next().await? { | ||||
|             let id = Self::row_id(&row); | ||||
|             let cred = Self::from_row(row, crypto)?.into_credential(); | ||||
|             creds.push((id, cred)); | ||||
|         } | ||||
|  | ||||
|         Ok(creds) | ||||
|     } | ||||
| } | ||||
|   | ||||
							
								
								
									
										438
									
								
								src-tauri/src/credentials/record.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										438
									
								
								src-tauri/src/credentials/record.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,438 @@ | ||||
| use std::collections::HashMap; | ||||
| use std::fmt::{self, Debug, Formatter}; | ||||
| use serde::{ | ||||
|     Serialize, | ||||
|     Deserialize, | ||||
|     Serializer, | ||||
|     Deserializer, | ||||
| }; | ||||
| use serde::de::{self, Visitor}; | ||||
| use sqlx::{ | ||||
|     Error as SqlxError, | ||||
|     FromRow, | ||||
|     SqlitePool, | ||||
|     types::Uuid, | ||||
| }; | ||||
| use tokio_stream::StreamExt; | ||||
|  | ||||
| use crate::errors::*; | ||||
| use super::{ | ||||
|     AwsBaseCredential, | ||||
|     Credential, | ||||
|     Crypto, | ||||
|     DockerCredential, | ||||
|     PersistentCredential, | ||||
|     SshKey, | ||||
| }; | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Clone, FromRow)] | ||||
| #[allow(dead_code)] | ||||
| struct CredentialRow { | ||||
|     id: Uuid, | ||||
|     name: String, | ||||
|     credential_type: String, | ||||
|     is_default: bool, | ||||
|     created_at: i64, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] | ||||
| pub struct CredentialRecord { | ||||
|     #[serde(serialize_with = "serialize_uuid")] | ||||
|     #[serde(deserialize_with = "deserialize_uuid")] | ||||
|     pub id: Uuid, // UUID so it can be generated on the frontend | ||||
|     pub name: String, // user-facing identifier so it can be changed | ||||
|     pub is_default: bool, | ||||
|     pub credential: Credential, | ||||
| } | ||||
|  | ||||
| impl CredentialRecord { | ||||
|     pub async fn save(&self, crypto: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> { | ||||
|         let type_name = match &self.credential { | ||||
|             Credential::AwsBase(_) => AwsBaseCredential::type_name(), | ||||
|             Credential::Ssh(_) => SshKey::type_name(), | ||||
|             Credential::Docker(_) => DockerCredential::type_name(), | ||||
|             _ => return Err(SaveCredentialsError::NotPersistent), | ||||
|         }; | ||||
|  | ||||
|         // if the credential being saved is default, make sure it's the only default of its type | ||||
|         let mut txn = pool.begin().await?; | ||||
|         if self.is_default { | ||||
|             sqlx::query!( | ||||
|                 "UPDATE credentials SET is_default = 0 WHERE credential_type = ?", | ||||
|                 type_name | ||||
|             ).execute(&mut *txn).await?; | ||||
|         } | ||||
|  | ||||
|         // save to parent credentials table | ||||
|         let res = sqlx::query!( | ||||
|             "INSERT INTO credentials (id, name, credential_type, is_default, created_at) | ||||
|             VALUES (?, ?, ?, ?, strftime('%s')) | ||||
|             ON CONFLICT(id) DO UPDATE SET | ||||
|                 name = excluded.name, | ||||
|                 credential_type = excluded.credential_type, | ||||
|                 is_default = excluded.is_default", | ||||
|             self.id, self.name, type_name, self.is_default | ||||
|         ).execute(&mut *txn).await; | ||||
|  | ||||
|         // if id is unique, but name is not, we will get an error | ||||
|         // (if id is not unique, this becomes an upsert due to ON CONFLICT clause) | ||||
|         match res { | ||||
|             Err(SqlxError::Database(e)) if e.is_unique_violation() => Err(SaveCredentialsError::Duplicate), | ||||
|             Err(e) => Err(SaveCredentialsError::DbError(e)), | ||||
|             Ok(_) => Ok(()) | ||||
|         }?; | ||||
|  | ||||
|         // save credential details to child table | ||||
|         match &self.credential { | ||||
|             Credential::AwsBase(b) => b.save_details(&self.id, crypto, &mut txn).await, | ||||
|             Credential::Ssh(s) => s.save_details(&self.id, crypto, &mut txn).await, | ||||
|             Credential::Docker(d) => d.save_details(&self.id, crypto, &mut txn).await, | ||||
|             _ => Err(SaveCredentialsError::NotPersistent), | ||||
|         }?; | ||||
|  | ||||
|         // make it real | ||||
|         txn.commit().await?; | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     fn from_parts(row: CredentialRow, credential: Credential) -> Self { | ||||
|         CredentialRecord { | ||||
|             id: row.id, | ||||
|             name: row.name, | ||||
|             is_default: row.is_default, | ||||
|             credential, | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     async fn load_credential(row: CredentialRow, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let credential = match row.credential_type.as_str() { | ||||
|             "aws" => Credential::AwsBase(AwsBaseCredential::load(&row.id, crypto, pool).await?), | ||||
|             _ => return Err(LoadCredentialsError::InvalidData), | ||||
|         }; | ||||
|  | ||||
|         Ok(Self::from_parts(row, credential)) | ||||
|     } | ||||
|  | ||||
|     #[cfg(test)] | ||||
|     pub async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE id = ?") | ||||
|             .bind(id) | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         Self::load_credential(row, crypto, pool).await | ||||
|     } | ||||
|  | ||||
|     pub async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE name = ?") | ||||
|             .bind(name) | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         Self::load_credential(row, crypto, pool).await | ||||
|     } | ||||
|  | ||||
|     pub async fn load_default(credential_type: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         let row: CredentialRow = sqlx::query_as( | ||||
|             "SELECT * FROM credentials | ||||
|             WHERE credential_type = ? AND is_default = 1" | ||||
|         ).bind(credential_type) | ||||
|             .fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         Self::load_credential(row, crypto, pool).await | ||||
|     } | ||||
|  | ||||
|     pub async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<Self>, LoadCredentialsError> { | ||||
|         let mut parent_rows = sqlx::query_as::<_, CredentialRow>( | ||||
|             "SELECT * FROM credentials" | ||||
|         ).fetch(pool); | ||||
|  | ||||
|         let mut parent_map = HashMap::new(); | ||||
|         while let Some(row) = parent_rows.try_next().await? { | ||||
|             parent_map.insert(row.id, row); | ||||
|         } | ||||
|  | ||||
|         let mut records = Vec::with_capacity(parent_map.len()); | ||||
|  | ||||
|         for (id, credential) in AwsBaseCredential::list(crypto, pool).await? { | ||||
|             let parent = parent_map.remove(&id) | ||||
|                 .ok_or(LoadCredentialsError::InvalidData)?; | ||||
|             records.push(Self::from_parts(parent, credential)); | ||||
|         } | ||||
|         for (id, credential) in SshKey::list(crypto, pool).await? { | ||||
|             let parent = parent_map.remove(&id) | ||||
|                 .ok_or(LoadCredentialsError::InvalidData)?; | ||||
|             records.push(Self::from_parts(parent, credential)); | ||||
|         } | ||||
|         for (id, credential) in DockerCredential::list(crypto, pool).await? { | ||||
|             let parent = parent_map.remove(&id) | ||||
|                 .ok_or(LoadCredentialsError::InvalidData)?; | ||||
|             records.push(Self::from_parts(parent, credential)); | ||||
|         } | ||||
|  | ||||
|         Ok(records) | ||||
|     } | ||||
|  | ||||
|     pub async fn rekey(old: &Crypto, new: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> { | ||||
|         for record in Self::list(old, pool).await? { | ||||
|             record.save(new, pool).await?; | ||||
|         } | ||||
|         Ok(()) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn serialize_uuid<S: Serializer>(u: &Uuid, s: S) -> Result<S::Ok, S::Error> { | ||||
|     let mut buf = Uuid::encode_buffer(); | ||||
|     s.serialize_str(u.as_hyphenated().encode_lower(&mut buf)) | ||||
| } | ||||
|  | ||||
| struct UuidVisitor; | ||||
|  | ||||
| impl<'de> Visitor<'de> for UuidVisitor { | ||||
|     type Value = Uuid; | ||||
|  | ||||
|     fn expecting(&self, formatter: &mut Formatter) -> fmt::Result { | ||||
|         write!(formatter, "a hyphenated UUID") | ||||
|     } | ||||
|  | ||||
|     fn visit_str<E: de::Error>(self, v: &str) -> Result<Uuid, E> { | ||||
|         Uuid::try_parse(v) | ||||
|             .map_err(|_| E::custom(format!("Could not interpret string as UUID: {v}"))) | ||||
|     } | ||||
| } | ||||
|  | ||||
| fn deserialize_uuid<'de, D: Deserializer<'de>>(ds: D) -> Result<Uuid, D::Error> { | ||||
|     ds.deserialize_str(UuidVisitor) | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(test)] | ||||
| mod tests { | ||||
|     use super::*; | ||||
|     use sqlx::types::uuid::uuid; | ||||
|  | ||||
|  | ||||
|     fn aws_record() -> CredentialRecord { | ||||
|         let id = uuid!("00000000-0000-0000-0000-000000000000"); | ||||
|         let aws = AwsBaseCredential::new( | ||||
|             "AKIAIOSFODNN7EXAMPLE".into(), | ||||
|             "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(), | ||||
|         ); | ||||
|  | ||||
|         CredentialRecord { | ||||
|             id, | ||||
|             name: "test".into(), | ||||
|             is_default: true, | ||||
|             credential: Credential::AwsBase(aws), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     fn aws_record_2() -> CredentialRecord { | ||||
|         let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff"); | ||||
|         let aws = AwsBaseCredential::new( | ||||
|             "AKIAIOSFODNN7EXAMPL2".into(), | ||||
|             "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(), | ||||
|         ); | ||||
|  | ||||
|         CredentialRecord { | ||||
|             id, | ||||
|             name: "test2".into(), | ||||
|             is_default: false, | ||||
|             credential: Credential::AwsBase(aws), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     fn random_uuid() -> Uuid { | ||||
|         let bytes = Crypto::salt(); | ||||
|         Uuid::from_slice(&bytes[..16]).unwrap() | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_load_aws(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let id = uuid!("00000000-0000-0000-0000-000000000000"); | ||||
|         let loaded = CredentialRecord::load(&id, &crypt, &pool).await | ||||
|             .expect("Failed to load record"); | ||||
|  | ||||
|         assert_eq!(aws_record(), loaded); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_load_aws_default(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let loaded = CredentialRecord::load_default("aws", &crypt, &pool).await | ||||
|             .expect("Failed to load record"); | ||||
|  | ||||
|         assert_eq!(aws_record(), loaded); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     async fn test_save_aws(pool: SqlitePool) { | ||||
|         let crypt = Crypto::random(); | ||||
|         let mut record = aws_record(); | ||||
|         record.id = random_uuid(); | ||||
|  | ||||
|         aws_record().save(&crypt, &pool).await | ||||
|             .expect("Failed to save record"); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     async fn test_save_load_aws(pool: SqlitePool) { | ||||
|         let crypt = Crypto::random(); | ||||
|         let mut record = aws_record(); | ||||
|         record.id = random_uuid(); | ||||
|  | ||||
|         record.save(&crypt, &pool).await | ||||
|             .expect("Failed to save record"); | ||||
|         let loaded = CredentialRecord::load(&record.id, &crypt, &pool).await | ||||
|             .expect("Failed to load record"); | ||||
|  | ||||
|         assert_eq!(record, loaded); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     async fn test_overwrite_aws(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|  | ||||
|         let original = aws_record(); | ||||
|         original.save(&crypt, &pool).await | ||||
|             .expect("Failed to save first record"); | ||||
|  | ||||
|         let mut updated = aws_record_2(); | ||||
|         updated.id = original.id; | ||||
|         updated.save(&crypt, &pool).await | ||||
|             .expect("Failed to overwrite first record with second record"); | ||||
|  | ||||
|         // make sure update went through | ||||
|         let loaded = CredentialRecord::load(&updated.id, &crypt, &pool).await.unwrap(); | ||||
|         assert_eq!(updated, loaded); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_duplicate_name(pool: SqlitePool) { | ||||
|         let crypt = Crypto::random(); | ||||
|  | ||||
|         let mut record = aws_record(); | ||||
|         record.id = random_uuid(); | ||||
|         let resp = record.save(&crypt, &pool).await; | ||||
|  | ||||
|         if !matches!(resp, Err(SaveCredentialsError::Duplicate)) { | ||||
|             panic!("Attempt to create duplicate entry returned {resp:?}") | ||||
|         } | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_change_default(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|         let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff"); | ||||
|  | ||||
|         // confirm that record as it currently exists in the database is not default | ||||
|         let mut record = CredentialRecord::load(&id, &crypt, &pool).await | ||||
|             .expect("Failed to load record"); | ||||
|         assert!(!record.is_default); | ||||
|  | ||||
|         record.is_default = true; | ||||
|         record.save(&crypt, &pool).await | ||||
|             .expect("Failed to save record"); | ||||
|  | ||||
|         let loaded = CredentialRecord::load(&id, &crypt, &pool).await | ||||
|             .expect("Failed to re-load record"); | ||||
|         assert!(loaded.is_default); | ||||
|  | ||||
|         let other_id = uuid!("00000000-0000-0000-0000-000000000000"); | ||||
|         let other_loaded = CredentialRecord::load(&other_id, &crypt, &pool).await | ||||
|             .expect("Failed to load other credential"); | ||||
|         assert!(!other_loaded.is_default); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_list(pool: SqlitePool) { | ||||
|         let crypt = Crypto::fixed(); | ||||
|  | ||||
|         let records = CredentialRecord::list(&crypt, &pool).await | ||||
|             .expect("Failed to list credentials"); | ||||
|  | ||||
|         assert_eq!(aws_record(), records[0]); | ||||
|         assert_eq!(aws_record_2(), records[1]); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("aws_credentials"))] | ||||
|     async fn test_rekey(pool: SqlitePool) { | ||||
|         let old = Crypto::fixed(); | ||||
|         let new = Crypto::random(); | ||||
|  | ||||
|         CredentialRecord::rekey(&old, &new, &pool).await | ||||
|             .expect("Failed to rekey credentials"); | ||||
|  | ||||
|         let records = CredentialRecord::list(&new, &pool).await | ||||
|             .expect("Failed to re-list credentials"); | ||||
|  | ||||
|         assert_eq!(aws_record(), records[0]); | ||||
|         assert_eq!(aws_record_2(), records[1]); | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(test)] | ||||
| mod uuid_tests { | ||||
|     use super::*; | ||||
|     use sqlx::types::uuid::uuid; | ||||
|  | ||||
|  | ||||
|     #[derive(Debug, Eq, PartialEq, Serialize, Deserialize)] | ||||
|     struct UuidWrapper { | ||||
|         #[serde(serialize_with = "serialize_uuid")] | ||||
|         #[serde(deserialize_with = "deserialize_uuid")] | ||||
|         id: Uuid, | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[test] | ||||
|     fn test_serialize_uuid() { | ||||
|         let u = UuidWrapper { | ||||
|             id: uuid!("693f84d2-4c1b-41e5-8483-cbe178324e04") | ||||
|         }; | ||||
|         let computed = serde_json::to_string(&u).unwrap(); | ||||
|         assert_eq!( | ||||
|             "{\"id\":\"693f84d2-4c1b-41e5-8483-cbe178324e04\"}", | ||||
|             &computed, | ||||
|         ); | ||||
|     } | ||||
|  | ||||
|     #[test] | ||||
|     fn test_deserialize_uuid() { | ||||
|         let s = "{\"id\":\"045bd359-8630-4b76-9b7d-e4a86ed2222c\"}"; | ||||
|         let computed = serde_json::from_str(s).unwrap(); | ||||
|         let expected = UuidWrapper { | ||||
|             id: uuid!("045bd359-8630-4b76-9b7d-e4a86ed2222c"), | ||||
|         }; | ||||
|         assert_eq!(expected, computed); | ||||
|     } | ||||
|  | ||||
|     #[test] | ||||
|     fn test_serialize_deserialize_uuid() { | ||||
|         let buf = Crypto::salt(); | ||||
|         let expected = UuidWrapper{ | ||||
|             id: Uuid::from_slice(&buf[..16]).unwrap() | ||||
|         }; | ||||
|         let serialized = serde_json::to_string(&expected).unwrap(); | ||||
|         let computed = serde_json::from_str(&serialized).unwrap(); | ||||
|         assert_eq!(expected, computed) | ||||
|     } | ||||
| } | ||||
							
								
								
									
										100
									
								
								src-tauri/src/credentials/session.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										100
									
								
								src-tauri/src/credentials/session.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,100 @@ | ||||
| use chacha20poly1305::XNonce; | ||||
| use sqlx::SqlitePool; | ||||
|  | ||||
| use crate::errors::*; | ||||
| use crate::kv; | ||||
| use super::Crypto; | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug)] | ||||
| pub enum AppSession { | ||||
|     Unlocked { | ||||
|         salt: [u8; 32], | ||||
|         crypto: Crypto, | ||||
|     }, | ||||
|     Locked { | ||||
|         salt: [u8; 32], | ||||
|         verify_nonce: XNonce, | ||||
|         verify_blob: Vec<u8> | ||||
|     }, | ||||
|     Empty, | ||||
| } | ||||
|  | ||||
| impl AppSession { | ||||
|     pub fn new(passphrase: &str) -> Result<Self, CryptoError> { | ||||
|         let salt = Crypto::salt(); | ||||
|         let crypto = Crypto::new(passphrase, &salt)?; | ||||
|         Ok(Self::Unlocked {salt, crypto}) | ||||
|     } | ||||
|  | ||||
|     pub fn unlock(&mut self, passphrase: &str) -> Result<(), UnlockError> { | ||||
|         let (salt, nonce, blob) = match self { | ||||
|             Self::Empty => return Err(UnlockError::NoCredentials), | ||||
|             Self::Unlocked {..} => return Err(UnlockError::NotLocked), | ||||
|             Self::Locked {salt, verify_nonce, verify_blob} => (salt, verify_nonce, verify_blob), | ||||
|         }; | ||||
|  | ||||
|         let crypto = Crypto::new(passphrase, salt) | ||||
|             .map_err(|e| CryptoError::Argon2(e))?; | ||||
|  | ||||
|         // if passphrase is incorrect, this will fail | ||||
|         let _verify = crypto.decrypt(&nonce, &blob)?; | ||||
|  | ||||
|         *self = Self::Unlocked {crypto, salt: *salt}; | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub async fn load(pool: &SqlitePool) -> Result<Self, LoadCredentialsError> { | ||||
|         match kv::load_bytes_multi!(pool, "salt", "verify_nonce", "verify_blob").await? { | ||||
|             Some((salt, nonce, blob)) => { | ||||
|  | ||||
|                 Ok(Self::Locked { | ||||
|                     salt: salt.try_into().map_err(|_| LoadCredentialsError::InvalidData)?, | ||||
|                     // note: replace this with try_from at some point | ||||
|                     verify_nonce: XNonce::clone_from_slice(&nonce), | ||||
|                     verify_blob: blob, | ||||
|                 }) | ||||
|             }, | ||||
|             None => Ok(Self::Empty), | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     pub async fn save(&self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> { | ||||
|         match self { | ||||
|             Self::Unlocked {salt, crypto} => { | ||||
|                 let (nonce, blob) = crypto.encrypt(b"correct horse battery staple")?; | ||||
|                 kv::save_bytes(pool, "salt", salt).await?; | ||||
|                 kv::save_bytes(pool, "verify_nonce", &nonce.as_slice()).await?; | ||||
|                 kv::save_bytes(pool, "verify_blob", &blob).await?; | ||||
|             }, | ||||
|             Self::Locked {salt, verify_nonce, verify_blob} => { | ||||
|                 kv::save_bytes(pool, "salt", salt).await?; | ||||
|                 kv::save_bytes(pool, "verify_nonce", &verify_nonce.as_slice()).await?; | ||||
|                 kv::save_bytes(pool, "verify_blob", verify_blob).await?; | ||||
|             }, | ||||
|             // "saving" an empty session just means doing nothing | ||||
|             Self::Empty => (), | ||||
|         }; | ||||
|  | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub async fn reset(&mut self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> { | ||||
|         match self {             | ||||
|             Self::Unlocked {..} | Self::Locked {..} => { | ||||
|                 kv::delete_multi(pool, &["salt", "verify_nonce", "verify_blob"]).await?; | ||||
|                 *self = Self::Empty; | ||||
|             }, | ||||
|             Self::Empty => (), | ||||
|         } | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub fn try_get_crypto(&self) -> Result<&Crypto, GetCredentialsError> { | ||||
|         match self { | ||||
|             Self::Empty => Err(GetCredentialsError::Empty), | ||||
|             Self::Locked {..} => Err(GetCredentialsError::Locked), | ||||
|             Self::Unlocked {crypto, ..} => Ok(crypto), | ||||
|         } | ||||
|     } | ||||
| } | ||||
							
								
								
									
										481
									
								
								src-tauri/src/credentials/ssh.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										481
									
								
								src-tauri/src/credentials/ssh.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,481 @@ | ||||
| use std::fmt::{self, Formatter}; | ||||
|  | ||||
| use chacha20poly1305::XNonce; | ||||
| use serde::{ | ||||
|     Deserialize, | ||||
|     Deserializer, | ||||
|     Serialize, | ||||
|     Serializer, | ||||
| }; | ||||
| use serde::ser::{ | ||||
|     Error as SerError, | ||||
|     SerializeStruct, | ||||
| }; | ||||
| use serde::de::{self, Visitor}; | ||||
| use sha2::{Sha256, Sha512}; | ||||
| use signature::{Signer, SignatureEncoding}; | ||||
| use sqlx::{ | ||||
|     FromRow, | ||||
|     Sqlite, | ||||
|     SqlitePool, | ||||
|     Transaction, | ||||
|     types::Uuid, | ||||
| }; | ||||
| use ssh_agent_lib::proto::message::{ | ||||
|     Identity, | ||||
|     SignRequest, | ||||
| }; | ||||
| use ssh_encoding::Encode; | ||||
| use ssh_key::{ | ||||
|     Algorithm, | ||||
|     LineEnding, | ||||
|     private::{PrivateKey, KeypairData}, | ||||
|     public::PublicKey, | ||||
| }; | ||||
| use tokio_stream::StreamExt; | ||||
|  | ||||
| use crate::errors::*; | ||||
| use super::{ | ||||
|     Credential, | ||||
|     Crypto, | ||||
|     PersistentCredential, | ||||
| }; | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Clone, FromRow)] | ||||
| pub struct SshRow { | ||||
|     id: Uuid, | ||||
|     algorithm: String, | ||||
|     comment: String, | ||||
|     public_key: Vec<u8>, | ||||
|     private_key_enc: Vec<u8>, | ||||
|     nonce: Vec<u8>, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Clone, Eq, PartialEq, Deserialize)] | ||||
| pub struct SshKey { | ||||
|     #[serde(deserialize_with = "deserialize_algorithm")] | ||||
|     pub algorithm: Algorithm, | ||||
|     pub comment: String, | ||||
|     #[serde(deserialize_with = "deserialize_pubkey")] | ||||
|     pub public_key: PublicKey, | ||||
|     #[serde(deserialize_with = "deserialize_privkey")] | ||||
|     pub private_key: PrivateKey, | ||||
| } | ||||
|  | ||||
| impl SshKey { | ||||
|     pub fn from_file(path: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> { | ||||
|         let mut privkey = PrivateKey::read_openssh_file(path.as_ref())?; | ||||
|         if privkey.is_encrypted() { | ||||
|             privkey = privkey.decrypt(passphrase) | ||||
|                 .map_err(|_| LoadSshKeyError::InvalidPassphrase)?; | ||||
|         } | ||||
|  | ||||
|         Ok(SshKey { | ||||
|             algorithm: privkey.algorithm(), | ||||
|             comment: privkey.comment().into(), | ||||
|             public_key: privkey.public_key().clone(), | ||||
|             private_key: privkey, | ||||
|         }) | ||||
|     } | ||||
|  | ||||
|     pub fn from_private_key(private_key: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> { | ||||
|         let mut privkey = PrivateKey::from_openssh(private_key)?; | ||||
|         if privkey.is_encrypted() { | ||||
|             privkey = privkey.decrypt(passphrase) | ||||
|                 .map_err(|_| LoadSshKeyError::InvalidPassphrase)?; | ||||
|         } | ||||
|  | ||||
|         Ok(SshKey { | ||||
|             algorithm: privkey.algorithm(), | ||||
|             comment: privkey.comment().into(), | ||||
|             public_key: privkey.public_key().clone(), | ||||
|             private_key: privkey, | ||||
|         }) | ||||
|     } | ||||
|  | ||||
|     pub async fn name_from_pubkey(pubkey: &[u8], pool: &SqlitePool) -> Result<String, LoadCredentialsError> { | ||||
|         let row = sqlx::query!( | ||||
|             "SELECT c.name | ||||
|             FROM credentials c | ||||
|             JOIN ssh_credentials s | ||||
|                 ON s.id = c.id | ||||
|             WHERE s.public_key = ?", | ||||
|             pubkey | ||||
|         ).fetch_optional(pool) | ||||
|             .await? | ||||
|             .ok_or(LoadCredentialsError::NoCredentials)?; | ||||
|  | ||||
|         Ok(row.name) | ||||
|     } | ||||
|  | ||||
|     pub async fn list_identities(pool: &SqlitePool) -> Result<Vec<Identity>, LoadCredentialsError> { | ||||
|         let mut rows = sqlx::query!( | ||||
|             "SELECT public_key, comment FROM ssh_credentials" | ||||
|         ).fetch(pool); | ||||
|  | ||||
|         let mut identities = Vec::new(); | ||||
|         while let Some(row) = rows.try_next().await? { | ||||
|             identities.push(Identity { | ||||
|                 pubkey_blob: row.public_key, | ||||
|                 comment: row.comment, | ||||
|             }); | ||||
|         } | ||||
|  | ||||
|         Ok(identities) | ||||
|     } | ||||
|  | ||||
|     pub fn sign_request(&self, req: &SignRequest) -> Result<Vec<u8>, HandlerError> { | ||||
|         let mut sig = Vec::new(); | ||||
|         match self.private_key.key_data() { | ||||
|             KeypairData::Rsa(keypair) => { | ||||
|                 // 2 is the flag value for `SSH_AGENT_RSA_SHA2_256` | ||||
|                 if req.flags & 2 > 0 { | ||||
|                     let signer = rsa::pkcs1v15::SigningKey::<Sha256>::try_from(keypair)?; | ||||
|                     let sig_data = signer.try_sign(&req.data)?.to_vec(); | ||||
|                     "rsa-sha-256".encode(&mut sig)?; | ||||
|                     sig_data.encode(&mut sig)?; | ||||
|                 } | ||||
|                 else { | ||||
|                     let signer = rsa::pkcs1v15::SigningKey::<Sha512>::try_from(keypair)?; | ||||
|                     let sig_data = signer.try_sign(&req.data)?.to_vec(); | ||||
|                     "rsa-sha2-512".encode(&mut sig)?; | ||||
|                     sig_data.encode(&mut sig)?; | ||||
|                 } | ||||
|             }, | ||||
|             _ => { | ||||
|                 let sig_data = self.private_key.try_sign(&req.data)?; | ||||
|                 self.algorithm.as_str().encode(&mut sig)?; | ||||
|                 sig_data.as_bytes().encode(&mut sig)?; | ||||
|             }, | ||||
|         } | ||||
|         Ok(sig) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| impl PersistentCredential for SshKey { | ||||
|     type Row = SshRow; | ||||
|  | ||||
|     fn type_name() -> &'static str { "ssh" } | ||||
|  | ||||
|     fn into_credential(self) -> Credential { Credential::Ssh(self) } | ||||
|  | ||||
|     fn row_id(row: &SshRow) -> Uuid { row.id } | ||||
|  | ||||
|     fn from_row(row: SshRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> { | ||||
|         let nonce = XNonce::clone_from_slice(&row.nonce); | ||||
|         let privkey_bytes = crypto.decrypt(&nonce, &row.private_key_enc)?; | ||||
|  | ||||
|  | ||||
|         let algorithm = Algorithm::new(&row.algorithm) | ||||
|             .map_err(|_| LoadCredentialsError::InvalidData)?; | ||||
|         let public_key = PublicKey::from_bytes(&row.public_key) | ||||
|             .map_err(|_| LoadCredentialsError::InvalidData)?; | ||||
|         let private_key = PrivateKey::from_bytes(&privkey_bytes) | ||||
|             .map_err(|_| LoadCredentialsError::InvalidData)?; | ||||
|  | ||||
|         Ok(SshKey { | ||||
|             algorithm, | ||||
|             comment: row.comment, | ||||
|             public_key, | ||||
|             private_key, | ||||
|         }) | ||||
|     } | ||||
|  | ||||
|     async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> { | ||||
|         let alg = self.algorithm.as_str(); | ||||
|         let pubkey_bytes = self.public_key.to_bytes()?; | ||||
|         let privkey_bytes = self.private_key.to_bytes()?; | ||||
|         let (nonce, ciphertext) = crypto.encrypt(privkey_bytes.as_ref())?; | ||||
|         let nonce_bytes = nonce.as_slice(); | ||||
|  | ||||
|         sqlx::query!( | ||||
|             "INSERT OR REPLACE INTO ssh_credentials ( | ||||
|                 id, | ||||
|                 algorithm, | ||||
|                 comment, | ||||
|                 public_key, | ||||
|                 private_key_enc, | ||||
|                 nonce | ||||
|             ) | ||||
|             VALUES (?, ?, ?, ?, ?, ?)", | ||||
|             id, alg, self.comment, pubkey_bytes, ciphertext, nonce_bytes, | ||||
|         ).execute(&mut **txn).await?; | ||||
|  | ||||
|         Ok(()) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| impl Serialize for SshKey { | ||||
|     fn serialize<S: Serializer>(&self, s: S) -> Result<S::Ok, S::Error> { | ||||
|         let mut key = s.serialize_struct("SshKey", 5)?; | ||||
|         key.serialize_field("algorithm", self.algorithm.as_str())?; | ||||
|         key.serialize_field("comment", &self.comment)?; | ||||
|  | ||||
|         let pubkey_str = self.public_key.to_openssh() | ||||
|             .map_err(|e| S::Error::custom(format!("Failed to encode SSH public key: {e}")))?; | ||||
|         key.serialize_field("public_key", &pubkey_str)?; | ||||
|  | ||||
|         let privkey_str = self.private_key.to_openssh(LineEnding::LF) | ||||
|             .map_err(|e| S::Error::custom(format!("Failed to encode SSH private key: {e}")))?; | ||||
|         key.serialize_field::<str>("private_key", privkey_str.as_ref())?; | ||||
|  | ||||
|         key.end() | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| struct PubkeyVisitor; | ||||
|  | ||||
| impl<'de> Visitor<'de> for PubkeyVisitor { | ||||
|     type Value = PublicKey; | ||||
|  | ||||
|     fn expecting(&self, formatter: &mut Formatter) -> fmt::Result { | ||||
|         write!(formatter, "an OpenSSH-encoded public key, e.g. `ssh-rsa ...`") | ||||
|     } | ||||
|  | ||||
|     fn visit_str<E: de::Error>(self, v: &str) -> Result<Self::Value, E> { | ||||
|         PublicKey::from_openssh(v) | ||||
|             .map_err(|e| E::custom(format!("{e}"))) | ||||
|     } | ||||
| } | ||||
|  | ||||
| fn deserialize_pubkey<'de, D>(deserializer: D) -> Result<PublicKey, D::Error> | ||||
|     where D: Deserializer<'de> | ||||
| { | ||||
|     deserializer.deserialize_str(PubkeyVisitor) | ||||
| } | ||||
|  | ||||
|  | ||||
| struct PrivkeyVisitor; | ||||
|  | ||||
| impl<'de> Visitor<'de> for PrivkeyVisitor { | ||||
|     type Value = PrivateKey; | ||||
|  | ||||
|     fn expecting(&self, formatter: &mut Formatter) -> fmt::Result { | ||||
|         write!(formatter, "an OpenSSH-encoded private key") | ||||
|     } | ||||
|  | ||||
|     fn visit_str<E: de::Error>(self, v: &str) -> Result<Self::Value, E> { | ||||
|         PrivateKey::from_openssh(v) | ||||
|             .map_err(|e| E::custom(format!("{e}"))) | ||||
|     } | ||||
| } | ||||
|  | ||||
| fn deserialize_privkey<'de, D>(deserializer: D) -> Result<PrivateKey, D::Error> | ||||
|     where D: Deserializer<'de> | ||||
| { | ||||
|     deserializer.deserialize_str(PrivkeyVisitor) | ||||
| } | ||||
|  | ||||
|  | ||||
| struct AlgorithmVisitor; | ||||
|  | ||||
| impl<'de> Visitor<'de> for AlgorithmVisitor { | ||||
|     type Value = Algorithm; | ||||
|  | ||||
|     fn expecting(&self, formatter: &mut Formatter) -> fmt::Result { | ||||
|         write!(formatter, "an SSH key algorithm identifier, e.g. `ssh-rsa`") | ||||
|     } | ||||
|  | ||||
|     fn visit_str<E: de::Error>(self, v: &str) -> Result<Self::Value, E> { | ||||
|         Algorithm::new(v) | ||||
|             .map_err(|e| E::custom(format!("{e}"))) | ||||
|     } | ||||
| } | ||||
|  | ||||
| fn deserialize_algorithm<'de, D>(deserializer: D) -> Result<Algorithm, D::Error> | ||||
|     where D: Deserializer<'de> | ||||
| { | ||||
|     deserializer.deserialize_str(AlgorithmVisitor) | ||||
| } | ||||
|  | ||||
|  | ||||
|  | ||||
| #[cfg(test)] | ||||
| mod tests { | ||||
|     use std::fs::{self, File}; | ||||
|     use sqlx::types::uuid::uuid; | ||||
|     use crate::credentials::CredentialRecord; | ||||
|  | ||||
|     use super::*; | ||||
|  | ||||
|     fn path(name: &str) -> String { | ||||
|         format!("./src/credentials/fixtures/{name}") | ||||
|     } | ||||
|  | ||||
|     fn random_uuid() -> Uuid { | ||||
|         let bytes = Crypto::salt(); | ||||
|         Uuid::from_slice(&bytes[..16]).unwrap() | ||||
|     } | ||||
|  | ||||
|     fn rsa_plain() -> SshKey { | ||||
|         SshKey::from_file(&path("ssh_rsa_plain"), "") | ||||
|             .expect("Failed to load SSH key") | ||||
|     } | ||||
|  | ||||
|     fn rsa_enc() -> SshKey { | ||||
|         SshKey::from_file( | ||||
|             &path("ssh_rsa_enc"), | ||||
|             "correct horse battery staple" | ||||
|         ).expect("Failed to load SSH key") | ||||
|     } | ||||
|  | ||||
|     fn ed25519_plain() -> SshKey { | ||||
|         SshKey::from_file(&path("ssh_ed25519_plain"), "") | ||||
|             .expect("Failed to load SSH key") | ||||
|     } | ||||
|  | ||||
|     fn ed25519_enc() -> SshKey { | ||||
|         SshKey::from_file( | ||||
|             &path("ssh_ed25519_enc"), | ||||
|             "correct horse battery staple" | ||||
|         ).expect("Failed to load SSH key") | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[test] | ||||
|     fn test_from_file_rsa_plain() { | ||||
|         let k = rsa_plain(); | ||||
|         assert_eq!(k.algorithm.as_str(), "ssh-rsa"); | ||||
|         assert_eq!(&k.comment, "hello world"); | ||||
|  | ||||
|         assert_eq!( | ||||
|             k.public_key.fingerprint(Default::default()), | ||||
|             k.private_key.fingerprint(Default::default()), | ||||
|         ); | ||||
|         assert_eq!( | ||||
|             k.private_key.fingerprint(Default::default()).as_bytes(), | ||||
|             [90,162,92,235,160,164,88,179,144,234,84,135,1,249,9,206, | ||||
|             201,172,233,129,82,11,145,191,186,144,209,43,81,119,197,18], | ||||
|         ); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[test] | ||||
|     fn test_from_file_rsa_enc() { | ||||
|         let k = rsa_enc(); | ||||
|         assert_eq!(k.algorithm.as_str(), "ssh-rsa"); | ||||
|         assert_eq!(&k.comment, "hello world"); | ||||
|  | ||||
|         assert_eq!( | ||||
|             k.public_key.fingerprint(Default::default()), | ||||
|             k.private_key.fingerprint(Default::default()), | ||||
|         ); | ||||
|         assert_eq!( | ||||
|             k.private_key.fingerprint(Default::default()).as_bytes(), | ||||
|             [254,147,219,185,96,234,125,190,195,128,37,243,214,193,8,162, | ||||
|             34,237,126,199,241,91,195,251,232,84,144,120,25,63,224,157], | ||||
|         ); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[test] | ||||
|     fn test_from_file_ed25519_plain() { | ||||
|         let k = ed25519_plain(); | ||||
|         assert_eq!(k.algorithm.as_str(),"ssh-ed25519"); | ||||
|         assert_eq!(&k.comment, "hello world"); | ||||
|  | ||||
|         assert_eq!( | ||||
|             k.public_key.fingerprint(Default::default()), | ||||
|             k.private_key.fingerprint(Default::default()), | ||||
|         ); | ||||
|         assert_eq!( | ||||
|             k.private_key.fingerprint(Default::default()).as_bytes(), | ||||
|             [29,30,193,72,239,167,35,89,1,206,126,186,123,112,78,187, | ||||
|             240,59,1,15,107,189,72,30,44,64,114,216,32,195,22,201], | ||||
|         ); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[test] | ||||
|     fn test_from_file_ed25519_enc() { | ||||
|         let k = ed25519_enc(); | ||||
|         assert_eq!(k.algorithm.as_str(), "ssh-ed25519"); | ||||
|         assert_eq!(&k.comment, "hello world"); | ||||
|  | ||||
|         assert_eq!( | ||||
|             k.public_key.fingerprint(Default::default()), | ||||
|             k.private_key.fingerprint(Default::default()), | ||||
|         ); | ||||
|         assert_eq!( | ||||
|             k.private_key.fingerprint(Default::default()).as_bytes(), | ||||
|             [87,233,161,170,18,47,245,116,30,177,120,211,248,54,65,255, | ||||
|             41,45,113,107,182,221,189,167,110,9,245,254,44,6,118,141], | ||||
|         ); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[test] | ||||
|     fn test_serialize() { | ||||
|         let expected = fs::read_to_string(path("ssh_ed25519_plain.json")).unwrap(); | ||||
|  | ||||
|         let k = ed25519_plain(); | ||||
|         let computed = serde_json::to_string(&k) | ||||
|             .expect("Failed to serialize SshKey"); | ||||
|  | ||||
|         assert_eq!(expected, computed); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[test] | ||||
|     fn test_deserialize() { | ||||
|         let expected = ed25519_plain(); | ||||
|  | ||||
|         let json_file = File::open(path("ssh_ed25519_plain.json")).unwrap(); | ||||
|         let computed = serde_json::from_reader(json_file) | ||||
|             .expect("Failed to deserialize json file"); | ||||
|  | ||||
|         assert_eq!(expected, computed); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     async fn test_save_db(pool: SqlitePool) { | ||||
|         let crypto = Crypto::random(); | ||||
|         let record = CredentialRecord { | ||||
|             id: random_uuid(), | ||||
|             name: "save_test".into(), | ||||
|             is_default: false, | ||||
|             credential: Credential::Ssh(rsa_plain()), | ||||
|         }; | ||||
|         record.save(&crypto, &pool).await | ||||
|             .expect("Failed to save SSH key CredentialRecord to database"); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("ssh_credentials"))] | ||||
|     async fn test_load_db(pool: SqlitePool) { | ||||
|         let crypto = Crypto::fixed(); | ||||
|         let id = uuid!("11111111-1111-1111-1111-111111111111"); | ||||
|         SshKey::load(&id, &crypto, &pool).await | ||||
|             .expect("Failed to load SSH key from database"); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     async fn test_save_load_db(pool: SqlitePool) { | ||||
|         let crypto = Crypto::random(); | ||||
|  | ||||
|         let id = random_uuid(); | ||||
|         let record = CredentialRecord { | ||||
|             id, | ||||
|             name: "save_load_test".into(), | ||||
|             is_default: false, | ||||
|             credential: Credential::Ssh(ed25519_plain()), | ||||
|         }; | ||||
|  | ||||
|         record.save(&crypto, &pool).await.unwrap(); | ||||
|         let loaded = SshKey::load(&id, &crypto, &pool).await.unwrap(); | ||||
|         let known = ed25519_plain(); | ||||
|  | ||||
|         assert_eq!(known.algorithm, loaded.algorithm); | ||||
|         assert_eq!(known.comment, loaded.comment); | ||||
|         // comment gets stripped by saving as bytes, so we just compare raw key data | ||||
|         assert_eq!(known.public_key.key_data(), loaded.public_key.key_data()); | ||||
|         assert_eq!(known.private_key, loaded.private_key); | ||||
|     } | ||||
| } | ||||
| @@ -6,8 +6,9 @@ use strum_macros::AsRefStr; | ||||
|  | ||||
| use thiserror::Error as ThisError; | ||||
| use aws_sdk_sts::{ | ||||
|     types::SdkError as AwsSdkError,  | ||||
|     error::GetSessionTokenError, | ||||
|     error::SdkError as AwsSdkError, | ||||
|     operation::get_session_token::GetSessionTokenError, | ||||
|     error::ProvideErrorMetadata, | ||||
| }; | ||||
| use rfd::{ | ||||
|     AsyncMessageDialog, | ||||
| @@ -35,7 +36,7 @@ pub trait ShowError<T, E> | ||||
|     fn error_print_prefix(self, prefix: &str); | ||||
| } | ||||
|  | ||||
| impl<T, E> ShowError<T, E> for Result<T, E>  | ||||
| impl<T, E> ShowError<T, E> for Result<T, E> | ||||
| where E: std::fmt::Display | ||||
| { | ||||
|     fn error_popup(self, title: &str) { | ||||
| @@ -90,7 +91,7 @@ impl<E: Error> Serialize for SerializeUpstream<E> { | ||||
|     } | ||||
| } | ||||
|  | ||||
| fn serialize_upstream_err<E, M>(err: &E, map: &mut M) -> Result<(), M::Error>  | ||||
| fn serialize_upstream_err<E, M>(err: &E, map: &mut M) -> Result<(), M::Error> | ||||
| where | ||||
|     E: Error, | ||||
|     M: serde::ser::SerializeMap, | ||||
| @@ -172,7 +173,7 @@ pub enum HandlerError { | ||||
|     StreamIOError(#[from] std::io::Error), | ||||
|     #[error("Received invalid UTF-8 in request")] | ||||
|     InvalidUtf8(#[from] FromUtf8Error), | ||||
|     #[error("HTTP request malformed")] | ||||
|     #[error("Request malformed: {0}")] | ||||
|     BadRequest(#[from] serde_json::Error), | ||||
|     #[error("HTTP request too large")] | ||||
|     RequestTooLarge, | ||||
| @@ -182,6 +183,8 @@ pub enum HandlerError { | ||||
|     Internal(#[from] RecvError), | ||||
|     #[error("Error accessing credentials: {0}")] | ||||
|     NoCredentials(#[from] GetCredentialsError), | ||||
|     #[error("Error saving credentials: {0}")] | ||||
|     SaveCredentials(#[from] SaveCredentialsError), | ||||
|     #[error("Error getting client details: {0}")] | ||||
|     ClientInfo(#[from] ClientInfoError), | ||||
|     #[error("Error from Tauri: {0}")] | ||||
| @@ -190,6 +193,14 @@ pub enum HandlerError { | ||||
|     NoMainWindow, | ||||
|     #[error("Request was denied")] | ||||
|     Denied, | ||||
|     #[error(transparent)] | ||||
|     SshAgent(#[from] ssh_agent_lib::error::AgentError), | ||||
|     #[error(transparent)] | ||||
|     SshKey(#[from] ssh_key::Error), | ||||
|     #[error(transparent)] | ||||
|     Signature(#[from] signature::Error), | ||||
|     #[error(transparent)] | ||||
|     Encoding(#[from] ssh_encoding::Error), | ||||
| } | ||||
|  | ||||
|  | ||||
| @@ -208,6 +219,12 @@ pub enum GetCredentialsError { | ||||
|     Locked, | ||||
|     #[error("No credentials are known")] | ||||
|     Empty, | ||||
|     #[error(transparent)] | ||||
|     Crypto(#[from] CryptoError), | ||||
|     #[error(transparent)] | ||||
|     Load(#[from] LoadCredentialsError), | ||||
|     #[error(transparent)] | ||||
|     GetSession(#[from] GetSessionError), | ||||
| } | ||||
|  | ||||
|  | ||||
| @@ -245,8 +262,8 @@ pub enum UnlockError { | ||||
| pub enum LockError { | ||||
|     #[error("App is not unlocked")] | ||||
|     NotUnlocked, | ||||
|     #[error("Database error: {0}")] | ||||
|     DbError(#[from] SqlxError), | ||||
|     #[error(transparent)] | ||||
|     LoadCredentials(#[from] LoadCredentialsError), | ||||
|     #[error(transparent)] | ||||
|     Setup(#[from] SetupError), | ||||
|     #[error(transparent)] | ||||
| @@ -261,19 +278,35 @@ pub enum SaveCredentialsError { | ||||
|     #[error("Database error: {0}")] | ||||
|     DbError(#[from] SqlxError), | ||||
|     #[error("Encryption error: {0}")] | ||||
|     Encryption(#[from] chacha20poly1305::Error), | ||||
|     Crypto(#[from] CryptoError), | ||||
|     #[error(transparent)] | ||||
|     Session(#[from] GetCredentialsError), | ||||
|     #[error("App is locked")] | ||||
|     Locked, | ||||
|     #[error("Credential is temporary and cannot be saved")] | ||||
|     NotPersistent, | ||||
|     #[error("A credential with that name already exists")] | ||||
|     Duplicate, | ||||
|     #[error("Failed to save credentials: {0}")] | ||||
|     Encode(#[from] ssh_key::Error), | ||||
|     // rekeying is fundamentally a save operation, | ||||
|     // but involves loading in order to re-save | ||||
|     #[error(transparent)] | ||||
|     LoadCredentials(#[from] LoadCredentialsError), | ||||
| } | ||||
|  | ||||
| #[derive(Debug, ThisError, AsRefStr)] | ||||
| pub enum LoadCredentialsError { | ||||
|     #[error("Database error: {0}")] | ||||
|     DbError(#[from] SqlxError), | ||||
|     #[error("Encryption error: {0}")] | ||||
|     Encryption(#[from] chacha20poly1305::Error), | ||||
|     #[error("Invalid passphrase")] // pretty sure this is the only way decryption fails | ||||
|     Encryption(#[from] CryptoError), | ||||
|     #[error("Credentials not found")] | ||||
|     NoCredentials, | ||||
|     #[error("Could not decode credentials: {0}")] | ||||
|     Invalid(#[from] serde_json::Error), | ||||
|     #[error("Could not decode credential data")] | ||||
|     InvalidData, | ||||
|     #[error(transparent)] | ||||
|     LoadKv(#[from] LoadKvError), | ||||
| } | ||||
|  | ||||
|  | ||||
| @@ -292,6 +325,10 @@ pub enum CryptoError { | ||||
|     Argon2(#[from] argon2::Error), | ||||
|     #[error("Invalid passphrase")] // I think this is the only way decryption fails | ||||
|     Aead(#[from] chacha20poly1305::aead::Error), | ||||
|     #[error("App is currently locked")] | ||||
|     Locked, | ||||
|     #[error("No passphrase has been specified")] | ||||
|     Empty, | ||||
| } | ||||
|  | ||||
|  | ||||
| @@ -307,6 +344,8 @@ pub enum ClientInfoError { | ||||
|     #[cfg(windows)] | ||||
|     #[error("Could not determine PID of connected client")] | ||||
|     WindowsError(#[from] windows::core::Error), | ||||
|     #[error("Could not determine PID of connected client")] | ||||
|     PidNotFound, | ||||
|     #[error(transparent)] | ||||
|     Io(#[from] std::io::Error), | ||||
| } | ||||
| @@ -333,7 +372,7 @@ pub enum RequestError { | ||||
|     #[error("Error response from server: {0}")] | ||||
|     Server(ServerError), | ||||
|     #[error("Unexpected response from server")] | ||||
|     Unexpected(crate::server::Response), | ||||
|     Unexpected(crate::srv::CliResponse), | ||||
|     #[error("The server did not respond with valid JSON")] | ||||
|     InvalidJson(#[from] serde_json::Error), | ||||
|     #[error("Error reading/writing stream: {0}")] | ||||
| @@ -385,6 +424,17 @@ pub enum LaunchTerminalError { | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, ThisError, AsRefStr)] | ||||
| pub enum LoadSshKeyError { | ||||
|     #[error("Passphrase is invalid")] | ||||
|     InvalidPassphrase, | ||||
|     #[error("Could not parse SSH private key data")] | ||||
|     InvalidData(#[from] ssh_key::Error), | ||||
|     #[error(transparent)] | ||||
|     Io(#[from] std::io::Error), | ||||
| } | ||||
|  | ||||
|  | ||||
| // ========================= | ||||
| // Serialize implementations | ||||
| // ========================= | ||||
| @@ -409,6 +459,9 @@ impl_serialize_basic!(GetCredentialsError); | ||||
| impl_serialize_basic!(ClientInfoError); | ||||
| impl_serialize_basic!(WindowError); | ||||
| impl_serialize_basic!(LockError); | ||||
| impl_serialize_basic!(SaveCredentialsError); | ||||
| impl_serialize_basic!(LoadCredentialsError); | ||||
| impl_serialize_basic!(LoadSshKeyError); | ||||
|  | ||||
|  | ||||
| impl Serialize for HandlerError { | ||||
|   | ||||
							
								
								
									
										13
									
								
								src-tauri/src/fixtures/kv.sql
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								src-tauri/src/fixtures/kv.sql
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| INSERT INTO kv (name, value) | ||||
| VALUES | ||||
|     -- b"hello world" (raw bytes) | ||||
|     ('test_bytes', X'68656C6C6F20776F726C64'), | ||||
|  | ||||
|     -- b"\"hello world\"" (JSON string) | ||||
|     ('test_string', X'2268656C6C6F20776F726C6422'), | ||||
|  | ||||
|     -- b"123" (JSON integer) | ||||
|     ('test_int', X'313233'), | ||||
|  | ||||
|     -- b"true" (JSON bool) | ||||
|     ('test_bool', X'74727565') | ||||
| @@ -1,8 +1,13 @@ | ||||
| use serde::{Serialize, Deserialize}; | ||||
| use tauri::State; | ||||
| use sqlx::types::Uuid; | ||||
| use tauri::{AppHandle, State}; | ||||
|  | ||||
| use crate::config::AppConfig; | ||||
| use crate::credentials::{Session,BaseCredentials}; | ||||
| use crate::credentials::{ | ||||
|     AppSession, | ||||
|     CredentialRecord, | ||||
|     SshKey, | ||||
| }; | ||||
| use crate::errors::*; | ||||
| use crate::clientinfo::Client; | ||||
| use crate::state::AppState; | ||||
| @@ -11,12 +16,57 @@ use crate::terminal; | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| pub struct AwsRequestNotification { | ||||
|     pub id: u64, | ||||
|     pub client: Client, | ||||
|     pub name: Option<String>, | ||||
|     pub base: bool, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| pub struct SshRequestNotification { | ||||
|     pub client: Client, | ||||
|     pub key_name: String, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| pub struct DockerRequestNotification { | ||||
|     pub client: Client, | ||||
|     pub server_url: String, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| #[serde(tag = "type")] | ||||
| pub enum RequestNotificationDetail { | ||||
|     Aws(AwsRequestNotification), | ||||
|     Ssh(SshRequestNotification), | ||||
|     Docker(DockerRequestNotification), | ||||
| } | ||||
|  | ||||
| impl RequestNotificationDetail { | ||||
|     pub fn new_aws(client: Client, name: Option<String>, base: bool) -> Self { | ||||
|         Self::Aws(AwsRequestNotification {client, name, base}) | ||||
|     } | ||||
|  | ||||
|     pub fn new_ssh(client: Client, key_name: String) -> Self { | ||||
|         Self::Ssh(SshRequestNotification {client, key_name}) | ||||
|     } | ||||
|  | ||||
|     pub fn new_docker(client: Client, server_url: String) -> Self { | ||||
|         Self::Docker(DockerRequestNotification {client, server_url}) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Clone, Debug, Serialize, Deserialize)] | ||||
| pub struct RequestNotification { | ||||
|     pub id: u64, | ||||
|     #[serde(flatten)] | ||||
|     pub detail: RequestNotificationDetail, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub struct RequestResponse { | ||||
|     pub id: u64, | ||||
| @@ -44,13 +94,31 @@ pub async fn unlock(passphrase: String, app_state: State<'_, AppState>) -> Resul | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn lock(app_state: State<'_, AppState>) -> Result<(), LockError> { | ||||
|     app_state.lock().await | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn reset_session(app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> { | ||||
|     app_state.reset_session().await | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn set_passphrase(passphrase: &str, app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> { | ||||
|     app_state.set_passphrase(passphrase).await | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn get_session_status(app_state: State<'_, AppState>) -> Result<String, ()> { | ||||
|     let session = app_state.session.read().await; | ||||
|     let session = app_state.app_session.read().await; | ||||
|     let status = match *session { | ||||
|         Session::Locked(_) => "locked".into(), | ||||
|         Session::Unlocked{..} => "unlocked".into(), | ||||
|         Session::Empty => "empty".into() | ||||
|         AppSession::Locked{..} => "locked".into(), | ||||
|         AppSession::Unlocked{..} => "unlocked".into(), | ||||
|         AppSession::Empty => "empty".into(), | ||||
|     }; | ||||
|     Ok(status) | ||||
| } | ||||
| @@ -64,12 +132,37 @@ pub async fn signal_activity(app_state: State<'_, AppState>) -> Result<(), ()> { | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn save_credentials( | ||||
|     credentials: BaseCredentials, | ||||
|     passphrase: String, | ||||
| pub async fn save_credential( | ||||
|     record: CredentialRecord, | ||||
|     app_state: State<'_, AppState> | ||||
| ) -> Result<(), UnlockError> { | ||||
|     app_state.new_creds(credentials, &passphrase).await | ||||
| ) -> Result<(), SaveCredentialsError> { | ||||
|     app_state.save_credential(record).await | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn delete_credential(id: &str, app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> { | ||||
|     let id = Uuid::try_parse(id) | ||||
|         .map_err(|_| LoadCredentialsError::NoCredentials)?; | ||||
|     app_state.delete_credential(&id).await | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn list_credentials(app_state: State<'_, AppState>) -> Result<Vec<CredentialRecord>, GetCredentialsError> { | ||||
|     app_state.list_credentials().await | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn sshkey_from_file(path: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> { | ||||
|     SshKey::from_file(path, passphrase) | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn sshkey_from_private_key(private_key: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> { | ||||
|     SshKey::from_private_key(private_key, passphrase) | ||||
| } | ||||
|  | ||||
|  | ||||
| @@ -91,7 +184,8 @@ pub async fn save_config(config: AppConfig, app_state: State<'_, AppState>) -> R | ||||
|  | ||||
| #[tauri::command] | ||||
| pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> { | ||||
|     terminal::launch(base).await | ||||
|     let res = terminal::launch(base).await; | ||||
|     res | ||||
| } | ||||
|  | ||||
|  | ||||
| @@ -99,3 +193,9 @@ pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> { | ||||
| pub async fn get_setup_errors(app_state: State<'_, AppState>) -> Result<Vec<String>, ()> { | ||||
|     Ok(app_state.setup_errors.clone()) | ||||
| } | ||||
|  | ||||
|  | ||||
| #[tauri::command] | ||||
| pub fn exit(app_handle: AppHandle) { | ||||
|     app_handle.exit(0) | ||||
| } | ||||
|   | ||||
| @@ -6,7 +6,7 @@ use crate::errors::*; | ||||
|  | ||||
|  | ||||
| pub async fn save<T>(pool: &SqlitePool, name: &str, value: &T) -> Result<(), sqlx::Error> | ||||
|     where T: Serialize | ||||
|     where T: Serialize + ?Sized | ||||
| { | ||||
|     let bytes = serde_json::to_vec(value).unwrap(); | ||||
|     save_bytes(pool, name, &bytes).await | ||||
| @@ -44,49 +44,67 @@ pub async fn load_bytes(pool: &SqlitePool, name: &str) -> Result<Option<Vec<u8>> | ||||
| } | ||||
|  | ||||
|  | ||||
| // pub async fn load_bytes_multi<const N: usize>( | ||||
| //     pool: &SqlitePool, | ||||
| //     names: [&str; N], | ||||
| // ) -> Result<Option<[Vec<u8>; N]>, sqlx::Error> { | ||||
| //     // just use multiple queries, who cares | ||||
| //     let res: [Vec<u8>; N] = Default::default(); | ||||
| //     for (i, name) in names.as_slice().iter().enumerate() { | ||||
| //         match load_bytes(pool, name).await? { | ||||
| //             Some(bytes) => res[i] = bytes, | ||||
| //             None => return Ok(None), | ||||
| //         } | ||||
| //     } | ||||
| //     Ok(res); | ||||
| // } | ||||
| // we don't have a need for this right now, but we will some day | ||||
| #[cfg(test)] | ||||
| pub async fn delete(pool: &SqlitePool, name: &str) -> Result<(), sqlx::Error> { | ||||
|     sqlx::query!("DELETE FROM kv WHERE name = ?", name) | ||||
|         .execute(pool) | ||||
|         .await?; | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| pub async fn delete_multi(pool: &SqlitePool, names: &[&str]) -> Result<(), sqlx::Error> { | ||||
|     let placeholder = names.iter() | ||||
|         .map(|_| "?") | ||||
|         .collect::<Vec<&str>>() | ||||
|         .join(","); | ||||
|     let query = format!("DELETE FROM kv WHERE name IN ({})", placeholder); | ||||
|  | ||||
|     let mut q = sqlx::query(&query); | ||||
|     for name in names { | ||||
|         q = q.bind(name); | ||||
|     } | ||||
|     q.execute(pool).await?; | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| macro_rules! load_bytes_multi { | ||||
|     ( | ||||
|         $pool:ident, | ||||
|         $pool:expr, | ||||
|         $($name:literal),* | ||||
|     ) => { | ||||
|         // wrap everything up in an immediately-invoked closure for easy short-circuiting | ||||
|         (|| { | ||||
|             // a tuple, with one item for each repetition of $name | ||||
|             ( | ||||
|                 // repeat this match block for every name | ||||
|                 $( | ||||
|                     // load_bytes returns Result<Option<_>>, the Result is handled by  | ||||
|                     // the ? and we match on the Option | ||||
|                     match load_bytes(pool, $name)? { | ||||
|                         Some(v) => v, | ||||
|                         None => return Ok(None) | ||||
|                     }, | ||||
|                 )* | ||||
|         // wrap everything up in an async block for easy short-circuiting... | ||||
|         async { | ||||
|             // ...returning a Result... | ||||
|             Ok::<_, sqlx::Error>( | ||||
|                 //containing an Option... | ||||
|                 Some( | ||||
|                     // containing a tuple... | ||||
|                     ( | ||||
|                         // ...with one item for each repetition of $name | ||||
|                         $( | ||||
|                             // load_bytes returns Result<Option<_>>, the Result is handled by | ||||
|                             // the ? and we match on the Option | ||||
|                             match crate::kv::load_bytes($pool, $name).await? { | ||||
|                                 Some(v) => v, | ||||
|                                 None => return Ok(None) | ||||
|                             }, | ||||
|                         )* | ||||
|                     ) | ||||
|                 ) | ||||
|             ) | ||||
|         })() | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| pub(crate) use load_bytes_multi; | ||||
|  | ||||
|  | ||||
| // macro_rules! load_multi { | ||||
| //     ( | ||||
| //         $pool:ident, | ||||
| //         $pool:expr, | ||||
| //         $($name:literal),* | ||||
| //     ) => { | ||||
| //         (|| { | ||||
| @@ -101,3 +119,94 @@ macro_rules! load_bytes_multi { | ||||
| //         })() | ||||
| //     } | ||||
| // } | ||||
|  | ||||
|  | ||||
| #[cfg(test)] | ||||
| mod tests { | ||||
|     use super::*; | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     async fn test_save_bytes(pool: SqlitePool) { | ||||
|         save_bytes(&pool, "test_bytes", b"hello world").await | ||||
|             .expect("Failed to save bytes"); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test] | ||||
|     async fn test_save(pool: SqlitePool) { | ||||
|         save(&pool, "test_string", "hello world").await | ||||
|             .expect("Failed to save string"); | ||||
|         save(&pool, "test_int", &123).await | ||||
|             .expect("Failed to save integer"); | ||||
|         save(&pool, "test_bool", &true).await | ||||
|             .expect("Failed to save bool"); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("kv"))] | ||||
|     async fn test_load_bytes(pool: SqlitePool) { | ||||
|         let bytes = load_bytes(&pool, "test_bytes").await | ||||
|             .expect("Failed to load bytes") | ||||
|             .expect("Test data not found in database"); | ||||
|  | ||||
|         assert_eq!(bytes, Vec::from(b"hello world")); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("kv"))] | ||||
|     async fn test_load(pool: SqlitePool) { | ||||
|         let string: String = load(&pool, "test_string").await | ||||
|             .expect("Failed to load string") | ||||
|             .expect("Test data not found in database"); | ||||
|         assert_eq!(string, "hello world".to_string()); | ||||
|  | ||||
|         let integer: usize = load(&pool, "test_int").await | ||||
|             .expect("Failed to load integer") | ||||
|             .expect("Test data not found in database"); | ||||
|         assert_eq!(integer, 123); | ||||
|  | ||||
|         let boolean: bool = load(&pool, "test_bool").await | ||||
|             .expect("Failed to load boolean") | ||||
|             .expect("Test data not found in database"); | ||||
|         assert_eq!(boolean, true); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("kv"))] | ||||
|     async fn test_load_multi(pool: SqlitePool) { | ||||
|         let (bytes, boolean) = load_bytes_multi!(&pool, "test_bytes", "test_bool") | ||||
|             .await | ||||
|             .expect("Failed to load items") | ||||
|             .expect("Test data not found in database"); | ||||
|  | ||||
|         assert_eq!(bytes, Vec::from(b"hello world")); | ||||
|         assert_eq!(boolean, Vec::from(b"true")); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("kv"))] | ||||
|     async fn test_delete(pool: SqlitePool) { | ||||
|         delete(&pool, "test_bytes").await | ||||
|             .expect("Failed to delete data"); | ||||
|  | ||||
|         let loaded = load_bytes(&pool, "test_bytes").await | ||||
|             .expect("Failed to load data"); | ||||
|         assert_eq!(loaded, None); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("kv"))] | ||||
|     async fn test_delete_multi(pool: SqlitePool) { | ||||
|         delete_multi(&pool, &["test_bytes", "test_string"]).await | ||||
|             .expect("Failed to delete keys"); | ||||
|  | ||||
|         let bytes_opt = load_bytes(&pool, "test_bytes").await | ||||
|             .expect("Failed to load bytes"); | ||||
|         assert_eq!(bytes_opt, None); | ||||
|  | ||||
|         let string_opt = load_bytes(&pool, "test_string").await | ||||
|             .expect("Failed to load string"); | ||||
|         assert_eq!(string_opt, None); | ||||
|     } | ||||
| } | ||||
|   | ||||
| @@ -1,5 +1,4 @@ | ||||
| pub mod app; | ||||
| pub mod cli; | ||||
| mod config; | ||||
| mod credentials; | ||||
| pub mod errors; | ||||
| @@ -7,7 +6,7 @@ mod clientinfo; | ||||
| mod ipc; | ||||
| mod kv; | ||||
| mod state; | ||||
| pub mod server; | ||||
| mod srv; | ||||
| mod shortcuts; | ||||
| mod terminal; | ||||
| mod tray; | ||||
|   | ||||
| @@ -3,23 +3,25 @@ | ||||
|     windows_subsystem = "windows" | ||||
| )] | ||||
|  | ||||
|  | ||||
| use creddy::{ | ||||
|     app, | ||||
|     cli, | ||||
|     errors::ShowError, | ||||
| }; | ||||
| use creddy_cli::{Action, Cli}; | ||||
|  | ||||
|  | ||||
| fn main() { | ||||
|     let res = match cli::parser().get_matches().subcommand() { | ||||
|         None | Some(("run", _)) => { | ||||
|     let cli = Cli::parse(); | ||||
|     let res = match cli.action { | ||||
|         None | Some(Action::Run) => { | ||||
|             app::run().error_popup("Creddy encountered an error"); | ||||
|             Ok(()) | ||||
|         }, | ||||
|         Some(("get", m)) => cli::get(m), | ||||
|         Some(("exec", m)) => cli::exec(m), | ||||
|         Some(("shortcut", m)) => cli::invoke_shortcut(m), | ||||
|         _ => unreachable!(), | ||||
|         Some(Action::Get(args)) => creddy_cli::get(args, cli.global_args), | ||||
|         Some(Action::Exec(args)) => creddy_cli::exec(args, cli.global_args), | ||||
|         Some(Action::Shortcut(args)) => creddy_cli::invoke_shortcut(args, cli.global_args), | ||||
|         Some(Action::Docker(cmd)) => creddy_cli::docker_credential_helper(cmd, cli.global_args), | ||||
|     }; | ||||
|  | ||||
|     if let Err(e) = res { | ||||
|   | ||||
| @@ -1,166 +0,0 @@ | ||||
| use tokio::io::{AsyncReadExt, AsyncWriteExt}; | ||||
| use tokio::sync::oneshot; | ||||
|  | ||||
| use serde::{Serialize, Deserialize}; | ||||
|  | ||||
| use tauri::{AppHandle, Manager}; | ||||
|  | ||||
| use crate::errors::*; | ||||
| use crate::clientinfo::{self, Client}; | ||||
| use crate::credentials::Credentials; | ||||
| use crate::ipc::{Approval, AwsRequestNotification}; | ||||
| use crate::state::AppState; | ||||
| use crate::shortcuts::{self, ShortcutAction}; | ||||
|  | ||||
| #[cfg(windows)] | ||||
| mod server_win; | ||||
| #[cfg(windows)] | ||||
| pub use server_win::Server; | ||||
| #[cfg(windows)] | ||||
| use server_win::Stream; | ||||
|  | ||||
| #[cfg(unix)] | ||||
| mod server_unix; | ||||
| #[cfg(unix)] | ||||
| pub use server_unix::Server; | ||||
| #[cfg(unix)] | ||||
| use server_unix::Stream; | ||||
|  | ||||
| pub mod ssh_agent; | ||||
|  | ||||
|  | ||||
| #[derive(Serialize, Deserialize)] | ||||
| pub enum Request { | ||||
|     GetAwsCredentials{  | ||||
|         base: bool, | ||||
|     }, | ||||
|     InvokeShortcut(ShortcutAction), | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub enum Response { | ||||
|     Aws(Credentials), | ||||
|     Empty, | ||||
| } | ||||
|  | ||||
|  | ||||
| struct CloseWaiter<'s> { | ||||
|     stream: &'s mut Stream, | ||||
| } | ||||
|  | ||||
| impl<'s> CloseWaiter<'s> { | ||||
|     async fn wait_for_close(&mut self) -> std::io::Result<()> { | ||||
|         let mut buf = [0u8; 8]; | ||||
|         loop { | ||||
|             match self.stream.read(&mut buf).await { | ||||
|                 Ok(0) => break Ok(()), | ||||
|                 Ok(_) => (), | ||||
|                 Err(e) => break Err(e), | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn handle(mut stream: Stream, app_handle: AppHandle, client_pid: u32) -> Result<(), HandlerError>  | ||||
| { | ||||
|     // read from stream until delimiter is reached | ||||
|     let mut buf: Vec<u8> = Vec::with_capacity(1024); // requests are small, 1KiB is more than enough | ||||
|     let mut n = 0; | ||||
|     loop { | ||||
|         n += stream.read_buf(&mut buf).await?; | ||||
|         if let Some(&b'\n') = buf.last() { | ||||
|             break; | ||||
|         } | ||||
|         else if n >= 1024 { | ||||
|             return Err(HandlerError::RequestTooLarge); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     let client = clientinfo::get_process_parent_info(client_pid)?; | ||||
|     let waiter = CloseWaiter { stream: &mut stream }; | ||||
|  | ||||
|     let req: Request = serde_json::from_slice(&buf)?; | ||||
|     let res = match req { | ||||
|         Request::GetAwsCredentials{ base } => get_aws_credentials( | ||||
|             base, client, app_handle, waiter | ||||
|         ).await, | ||||
|         Request::InvokeShortcut(action) => invoke_shortcut(action).await, | ||||
|     }; | ||||
|  | ||||
|     // doesn't make sense to send the error to the client if the client has already left | ||||
|     if let Err(HandlerError::Abandoned) = res { | ||||
|         return Err(HandlerError::Abandoned); | ||||
|     } | ||||
|  | ||||
|     let res = serde_json::to_vec(&res).unwrap(); | ||||
|     stream.write_all(&res).await?; | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn invoke_shortcut(action: ShortcutAction) -> Result<Response, HandlerError> { | ||||
|     shortcuts::exec_shortcut(action); | ||||
|     Ok(Response::Empty) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn get_aws_credentials( | ||||
|     base: bool, | ||||
|     client: Client, | ||||
|     app_handle: AppHandle, | ||||
|     mut waiter: CloseWaiter<'_>, | ||||
| ) -> Result<Response, HandlerError> { | ||||
|     let state = app_handle.state::<AppState>(); | ||||
|     let rehide_ms = { | ||||
|         let config = state.config.read().await; | ||||
|         config.rehide_ms | ||||
|     }; | ||||
|     let lease = state.acquire_visibility_lease(rehide_ms).await | ||||
|         .map_err(|_e| HandlerError::NoMainWindow)?; // automate this conversion eventually? | ||||
|  | ||||
|     let (chan_send, chan_recv) = oneshot::channel(); | ||||
|     let request_id = state.register_request(chan_send).await; | ||||
|  | ||||
|     // if an error occurs in any of the following, we want to abort the operation | ||||
|     // but ? returns immediately, and we want to unregister the request before returning | ||||
|     // so we bundle it all up in an async block and return a Result so we can handle errors | ||||
|     let proceed = async { | ||||
|         let notification = AwsRequestNotification {id: request_id, client, base}; | ||||
|         app_handle.emit("credentials-request", ¬ification)?; | ||||
|  | ||||
|         let response = tokio::select! { | ||||
|             r = chan_recv => r?, | ||||
|             _ = waiter.wait_for_close() => { | ||||
|                 app_handle.emit("request-cancelled", request_id)?; | ||||
|                 return Err(HandlerError::Abandoned); | ||||
|             }, | ||||
|         }; | ||||
|  | ||||
|         match response.approval { | ||||
|             Approval::Approved => { | ||||
|                 if response.base { | ||||
|                     let creds = state.base_creds_cloned().await?; | ||||
|                     Ok(Response::Aws(Credentials::Base(creds))) | ||||
|                 } | ||||
|                 else { | ||||
|                     let creds = state.session_creds_cloned().await?; | ||||
|                     Ok(Response::Aws(Credentials::Session(creds))) | ||||
|                 } | ||||
|             }, | ||||
|             Approval::Denied => Err(HandlerError::Denied), | ||||
|         } | ||||
|     }; | ||||
|  | ||||
|     let result = match proceed.await { | ||||
|         Ok(r) => Ok(r), | ||||
|         Err(e) => { | ||||
|             state.unregister_request(request_id).await; | ||||
|             Err(e) | ||||
|         } | ||||
|     }; | ||||
|  | ||||
|     lease.release(); | ||||
|     result | ||||
| } | ||||
| @@ -1,58 +0,0 @@ | ||||
| use std::io::ErrorKind; | ||||
| use tokio::net::{UnixListener, UnixStream}; | ||||
| use tauri::{ | ||||
|     AppHandle, | ||||
|     async_runtime as rt, | ||||
| }; | ||||
|  | ||||
| use crate::errors::*; | ||||
|  | ||||
|  | ||||
| pub type Stream = UnixStream; | ||||
|  | ||||
|  | ||||
| pub struct Server { | ||||
|     listener: UnixListener, | ||||
|     app_handle: AppHandle, | ||||
| } | ||||
|  | ||||
| impl Server { | ||||
|     pub fn start(app_handle: AppHandle) -> std::io::Result<()> { | ||||
|         match std::fs::remove_file("/tmp/creddy.sock") { | ||||
|             Ok(_) => (), | ||||
|             Err(e) if e.kind() == ErrorKind::NotFound => (), | ||||
|             Err(e) => return Err(e), | ||||
|         } | ||||
|  | ||||
|         let listener = UnixListener::bind("/tmp/creddy.sock")?; | ||||
|         let srv = Server { listener, app_handle }; | ||||
|         rt::spawn(srv.serve()); | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     async fn serve(self) { | ||||
|         loop { | ||||
|             self.try_serve() | ||||
|                 .await | ||||
|                 .error_print_prefix("Error accepting request: "); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     async fn try_serve(&self) -> Result<(), HandlerError> { | ||||
|         let (stream, _addr) = self.listener.accept().await?; | ||||
|         let new_handle = self.app_handle.clone(); | ||||
|         let client_pid = get_client_pid(&stream)?; | ||||
|         rt::spawn(async move { | ||||
|             super::handle(stream, new_handle, client_pid) | ||||
|                 .await | ||||
|                 .error_print_prefix("Error responding to request: "); | ||||
|         }); | ||||
|         Ok(()) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn get_client_pid(stream: &UnixStream) -> std::io::Result<u32> { | ||||
|     let cred = stream.peer_cred()?; | ||||
|     Ok(cred.pid().unwrap() as u32) | ||||
| } | ||||
| @@ -1,74 +0,0 @@ | ||||
| use tokio::net::windows::named_pipe::{ | ||||
|     NamedPipeServer, | ||||
|     ServerOptions, | ||||
| }; | ||||
|  | ||||
| use tauri::{AppHandle, Manager}; | ||||
|  | ||||
| use windows::Win32:: { | ||||
|     Foundation::HANDLE, | ||||
|     System::Pipes::GetNamedPipeClientProcessId, | ||||
| }; | ||||
|  | ||||
| use std::os::windows::io::AsRawHandle; | ||||
|  | ||||
| use tauri::async_runtime as rt; | ||||
|  | ||||
| use crate::errors::*; | ||||
|  | ||||
|  | ||||
| // used by parent module | ||||
| pub type Stream = NamedPipeServer; | ||||
|  | ||||
|  | ||||
| pub struct Server { | ||||
|     listener: NamedPipeServer, | ||||
|     app_handle: AppHandle, | ||||
| } | ||||
|  | ||||
| impl Server { | ||||
|     pub fn start(app_handle: AppHandle) -> std::io::Result<()> { | ||||
|         let listener = ServerOptions::new() | ||||
|             .first_pipe_instance(true) | ||||
|             .create(r"\\.\pipe\creddy-requests")?; | ||||
|  | ||||
|         let srv = Server {listener, app_handle}; | ||||
|         rt::spawn(srv.serve()); | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     async fn serve(mut self) { | ||||
|         loop { | ||||
|             if let Err(e) = self.try_serve().await { | ||||
|                 eprintln!("Error accepting connection: {e}"); | ||||
|             } | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     async fn try_serve(&mut self) -> Result<(), HandlerError> { | ||||
|         // connect() just waits for a client to connect, it doesn't return anything | ||||
|         self.listener.connect().await?; | ||||
|  | ||||
|         // create a new pipe instance to listen for the next client, and swap it in | ||||
|         let new_listener = ServerOptions::new().create(r"\\.\pipe\creddy-requests")?; | ||||
|         let stream = std::mem::replace(&mut self.listener, new_listener); | ||||
|         let new_handle = self.app_handle.clone(); | ||||
|         let client_pid = get_client_pid(&stream)?; | ||||
|         rt::spawn(async move { | ||||
|             super::handle(stream, new_handle, client_pid) | ||||
|                 .await | ||||
|                 .error_print_prefix("Error responding to request: "); | ||||
|         }); | ||||
|  | ||||
|         Ok(()) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn get_client_pid(pipe: &NamedPipeServer) -> Result<u32, ClientInfoError> { | ||||
|     let raw_handle = pipe.as_raw_handle(); | ||||
|     let mut pid = 0u32; | ||||
|     let handle = HANDLE(raw_handle as _); | ||||
|     unsafe { GetNamedPipeClientProcessId(handle, &mut pid as *mut u32)? }; | ||||
|     Ok(pid) | ||||
| } | ||||
| @@ -1,77 +0,0 @@ | ||||
| use signature::Signer; | ||||
| use ssh_agent_lib::agent::{Agent, Session}; | ||||
| use ssh_agent_lib::proto::message::Message; | ||||
| use ssh_key::public::PublicKey; | ||||
| use ssh_key::private::PrivateKey; | ||||
| use tokio::net::UnixListener; | ||||
|  | ||||
|  | ||||
| struct SshAgent; | ||||
|  | ||||
| impl std::default::Default for SshAgent { | ||||
|     fn default() -> Self { | ||||
|         SshAgent {} | ||||
|     } | ||||
| } | ||||
|  | ||||
| #[ssh_agent_lib::async_trait] | ||||
| impl Session for SshAgent { | ||||
|     async fn handle(&mut self, message: Message) -> Result<Message, Box<dyn std::error::Error>> { | ||||
|         println!("Received message"); | ||||
|         match message { | ||||
|             Message::RequestIdentities => { | ||||
|                 let p = std::path::PathBuf::from("/home/joe/.ssh/id_ed25519.pub"); | ||||
|                 let pubkey = PublicKey::read_openssh_file(&p).unwrap(); | ||||
|                 let id = ssh_agent_lib::proto::message::Identity { | ||||
|                     pubkey_blob: pubkey.to_bytes().unwrap(), | ||||
|                     comment: pubkey.comment().to_owned(), | ||||
|                 }; | ||||
|                 Ok(Message::IdentitiesAnswer(vec![id])) | ||||
|             }, | ||||
|             Message::SignRequest(req) => { | ||||
|                 println!("Received sign request"); | ||||
|                 let mut req_bytes = vec![13]; | ||||
|                 encode_string(&mut req_bytes, &req.pubkey_blob); | ||||
|                 encode_string(&mut req_bytes, &req.data); | ||||
|                 req_bytes.extend(req.flags.to_be_bytes()); | ||||
|                 std::fs::File::create("/tmp/signreq").unwrap().write(&req_bytes).unwrap(); | ||||
|  | ||||
|                 let p = std::path::PathBuf::from("/home/joe/.ssh/id_ed25519"); | ||||
|                 let passphrase = std::env::var("PRIVKEY_PASSPHRASE").unwrap(); | ||||
|                 let privkey = PrivateKey::read_openssh_file(&p) | ||||
|                     .unwrap() | ||||
|                     .decrypt(passphrase.as_bytes()) | ||||
|                     .unwrap(); | ||||
|  | ||||
|  | ||||
|  | ||||
|                 let sig = Signer::sign(&privkey, &req.data); | ||||
|                 use std::io::Write; | ||||
|                 std::fs::File::create("/tmp/sig").unwrap().write(sig.as_bytes()).unwrap(); | ||||
|  | ||||
|                 let mut payload = Vec::with_capacity(128); | ||||
|                 encode_string(&mut payload, "ssh-ed25519".as_bytes()); | ||||
|                 encode_string(&mut payload, sig.as_bytes()); | ||||
|                 println!("Payload length: {}", payload.len()); | ||||
|                 std::fs::File::create("/tmp/payload").unwrap().write(&payload).unwrap(); | ||||
|                 Ok(Message::SignResponse(payload)) | ||||
|             }, | ||||
|             _ => Ok(Message::Failure), | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn encode_string(buf: &mut Vec<u8>, s: &[u8]) { | ||||
|     let len = s.len() as u32; | ||||
|     buf.extend(len.to_be_bytes()); | ||||
|     buf.extend(s); | ||||
| } | ||||
|  | ||||
|  | ||||
| pub async fn run() { | ||||
|     let socket = "/tmp/creddy-agent.sock"; | ||||
|     let _ = std::fs::remove_file(socket); | ||||
|     let listener = UnixListener::bind(socket).unwrap(); | ||||
|     SshAgent.listen(listener).await.unwrap(); | ||||
| } | ||||
							
								
								
									
										89
									
								
								src-tauri/src/srv/agent.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										89
									
								
								src-tauri/src/srv/agent.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,89 @@ | ||||
| use futures::SinkExt; | ||||
| use ssh_agent_lib::agent::MessageCodec; | ||||
| use ssh_agent_lib::proto::message::{ | ||||
|     Message, | ||||
|     SignRequest, | ||||
| }; | ||||
| use tauri::{AppHandle, Manager}; | ||||
| use tokio_stream::StreamExt; | ||||
| use tokio::sync::oneshot; | ||||
| use tokio_util::codec::Framed; | ||||
|  | ||||
| use crate::clientinfo; | ||||
| use crate::errors::*; | ||||
| use crate::ipc::{Approval, RequestNotification, RequestNotificationDetail}; | ||||
| use crate::state::AppState; | ||||
|  | ||||
| use super::{CloseWaiter, Stream}; | ||||
|  | ||||
|  | ||||
| pub fn serve(app_handle: AppHandle) -> std::io::Result<()> { | ||||
|     super::serve("creddy-agent", app_handle, handle) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn handle( | ||||
|     stream: Stream, | ||||
|     app_handle: AppHandle, | ||||
|     client_pid: u32 | ||||
| ) -> Result<(), HandlerError> { | ||||
|     let mut adapter = Framed::new(stream, MessageCodec); | ||||
|     while let Some(message) = adapter.try_next().await? { | ||||
|         match message { | ||||
|             Message::RequestIdentities => { | ||||
|                 let resp = list_identities(app_handle.clone()).await?; | ||||
|                 adapter.send(resp).await?; | ||||
|             }, | ||||
|             Message::SignRequest(req) => { | ||||
|                 // Note: If the client writes more data to the stream *while* at the | ||||
|                 // same time waiting for a resopnse to a previous request, this will | ||||
|                 // corrupt the framing. Clients don't seem to behave that way though? | ||||
|                 let waiter = CloseWaiter { stream: adapter.get_mut() }; | ||||
|                 let resp = sign_request(req, app_handle.clone(), client_pid, waiter).await?; | ||||
|  | ||||
|                 // have to do this before we send since we can't inspect the message after | ||||
|                 let is_failure = matches!(resp, Message::Failure); | ||||
|                 adapter.send(resp).await?; | ||||
|  | ||||
|                 if is_failure { | ||||
|                     // this way we don't get spammed with requests for other keys | ||||
|                     // after denying the first | ||||
|                     break | ||||
|                 } | ||||
|             }, | ||||
|             _ => adapter.send(Message::Failure).await?, | ||||
|         }; | ||||
|     } | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn list_identities(app_handle: AppHandle) -> Result<Message, HandlerError> { | ||||
|     let state = app_handle.state::<AppState>(); | ||||
|     let identities = state.list_ssh_identities().await?; | ||||
|     Ok(Message::IdentitiesAnswer(identities)) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn sign_request( | ||||
|     req: SignRequest, | ||||
|     app_handle: AppHandle, | ||||
|     client_pid: u32, | ||||
|     waiter: CloseWaiter<'_>, | ||||
| ) -> Result<Message, HandlerError> { | ||||
|     let state = app_handle.state::<AppState>(); | ||||
|  | ||||
|     let client = clientinfo::get_client(client_pid, false)?; | ||||
|     let key_name = state.ssh_name_from_pubkey(&req.pubkey_blob).await?; | ||||
|     let detail = RequestNotificationDetail::new_ssh(client, key_name.clone()); | ||||
|  | ||||
|     let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?; | ||||
|     match response.approval { | ||||
|         Approval::Approved => { | ||||
|             let key = state.sshkey_by_name(&key_name).await?; | ||||
|             let sig = key.sign_request(&req)?; | ||||
|             Ok(Message::SignResponse(sig)) | ||||
|         }, | ||||
|         Approval::Denied => Err(HandlerError::Abandoned), | ||||
|     } | ||||
| } | ||||
							
								
								
									
										149
									
								
								src-tauri/src/srv/creddy_server.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										149
									
								
								src-tauri/src/srv/creddy_server.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,149 @@ | ||||
| use sqlx::types::uuid::Uuid; | ||||
| use tauri::{AppHandle, Manager}; | ||||
| use tokio::io::{AsyncReadExt, AsyncWriteExt}; | ||||
| use tokio::sync::oneshot; | ||||
|  | ||||
| use crate::clientinfo::{self, Client}; | ||||
| use crate::credentials::{ | ||||
|     Credential, | ||||
|     CredentialRecord, | ||||
|     Crypto | ||||
| }; | ||||
| use crate::errors::*; | ||||
| use crate::ipc::{Approval, AwsRequestNotification, RequestNotificationDetail, RequestResponse}; | ||||
| use crate::shortcuts::{self, ShortcutAction}; | ||||
| use crate::state::AppState; | ||||
| use super::{ | ||||
|     CloseWaiter, | ||||
|     CliCredential, | ||||
|     CliRequest, | ||||
|     CliResponse, | ||||
|     Stream, | ||||
| }; | ||||
|  | ||||
|  | ||||
| pub fn serve(app_handle: AppHandle) -> std::io::Result<()> { | ||||
|     super::serve("creddy-server", app_handle, handle) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn handle( | ||||
|     mut stream: Stream, | ||||
|     app_handle: AppHandle, | ||||
|     client_pid: u32 | ||||
| ) -> Result<(), HandlerError> { | ||||
|     // read from stream until delimiter is reached | ||||
|     let mut buf: Vec<u8> = Vec::with_capacity(1024); // requests are small, 1KiB is more than enough | ||||
|     let mut n = 0; | ||||
|     loop { | ||||
|         n += stream.read_buf(&mut buf).await?; | ||||
|         if let Some(&b'\n') = buf.last() { | ||||
|             break; | ||||
|         } | ||||
|         // sanity check, no request should ever be within a mile of 1MB | ||||
|         else if n >= (1024 * 1024) { | ||||
|             return Err(HandlerError::RequestTooLarge); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     let client = clientinfo::get_client(client_pid, true)?; | ||||
|     let waiter = CloseWaiter { stream: &mut stream }; | ||||
|  | ||||
|  | ||||
|     let req: CliRequest = serde_json::from_slice(&buf)?; | ||||
|     let res = match req { | ||||
|         CliRequest::GetAwsCredential{ name, base } => get_aws_credentials( | ||||
|             name, base, client, app_handle, waiter | ||||
|         ).await, | ||||
|         CliRequest::GetDockerCredential{ server_url } => get_docker_credentials ( | ||||
|             server_url, client, app_handle, waiter | ||||
|         ).await, | ||||
|         CliRequest::SaveCredential{ name, is_default, credential } => save_credential( | ||||
|             name, is_default, credential, app_handle | ||||
|         ).await, | ||||
|         CliRequest::InvokeShortcut(action) => invoke_shortcut(action).await, | ||||
|     }; | ||||
|  | ||||
|     // doesn't make sense to send the error to the client if the client has already left | ||||
|     if let Err(HandlerError::Abandoned) = res { | ||||
|         return Err(HandlerError::Abandoned); | ||||
|     } | ||||
|  | ||||
|     let res = serde_json::to_vec(&res).unwrap(); | ||||
|     stream.write_all(&res).await?; | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn invoke_shortcut(action: ShortcutAction) -> Result<CliResponse, HandlerError> { | ||||
|     shortcuts::exec_shortcut(action); | ||||
|     Ok(CliResponse::Empty) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn get_aws_credentials( | ||||
|     name: Option<String>, | ||||
|     base: bool, | ||||
|     client: Client, | ||||
|     app_handle: AppHandle, | ||||
|     waiter: CloseWaiter<'_>, | ||||
| ) -> Result<CliResponse, HandlerError> { | ||||
|     let detail = RequestNotificationDetail::new_aws(client, name.clone(), base); | ||||
|     let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?; | ||||
|     match response.approval { | ||||
|         Approval::Approved => { | ||||
|             let state = app_handle.state::<AppState>(); | ||||
|             if response.base { | ||||
|                 let creds = state.get_aws_base(name).await?; | ||||
|                 Ok(CliResponse::Credential(CliCredential::AwsBase(creds))) | ||||
|             } | ||||
|             else { | ||||
|                 let creds = state.get_aws_session(name).await?.clone(); | ||||
|                 Ok(CliResponse::Credential(CliCredential::AwsSession(creds))) | ||||
|             } | ||||
|         }, | ||||
|         Approval::Denied => Err(HandlerError::Denied), | ||||
|     } | ||||
| } | ||||
|  | ||||
| async fn get_docker_credentials( | ||||
|     server_url: String, | ||||
|     client: Client, | ||||
|     app_handle: AppHandle, | ||||
|     waiter: CloseWaiter<'_>, | ||||
| ) -> Result<CliResponse, HandlerError> { | ||||
|     let detail = RequestNotificationDetail::new_docker(client, server_url.clone()); | ||||
|     let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?; | ||||
|     match response.approval { | ||||
|         Approval::Approved => { | ||||
|             let state = app_handle.state::<AppState>(); | ||||
|             let creds = state.get_docker_credential(&server_url).await?; | ||||
|             Ok(CliResponse::Credential(CliCredential::Docker(creds))) | ||||
|         }, | ||||
|         Approval::Denied => { | ||||
|             Err(HandlerError::Denied) | ||||
|         }, | ||||
|     } | ||||
| } | ||||
|  | ||||
| pub async fn save_credential( | ||||
|     name: String, | ||||
|     is_default: bool, | ||||
|     credential: Credential, | ||||
|     app_handle: AppHandle, | ||||
| ) -> Result<CliResponse, HandlerError> { | ||||
|     let state = app_handle.state::<AppState>(); | ||||
|  | ||||
|     // eventually ask the frontend to unlock here | ||||
|  | ||||
|     // a bit weird but convenient | ||||
|     let random_bytes = Crypto::salt(); | ||||
|     let id = Uuid::from_slice(&random_bytes[..16]).unwrap(); | ||||
|  | ||||
|     let record = CredentialRecord { | ||||
|         id, name, is_default, credential | ||||
|     }; | ||||
|     state.save_credential(record).await?; | ||||
|  | ||||
|     Ok(CliResponse::Empty) | ||||
| } | ||||
							
								
								
									
										225
									
								
								src-tauri/src/srv/mod.rs
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										225
									
								
								src-tauri/src/srv/mod.rs
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,225 @@ | ||||
| use std::future::Future; | ||||
|  | ||||
| use tauri::{ | ||||
|     AppHandle, | ||||
|     async_runtime as rt, | ||||
|     Manager, | ||||
| }; | ||||
| use tokio::io::AsyncReadExt; | ||||
| use tokio::sync::oneshot; | ||||
| use serde::{Serialize, Deserialize}; | ||||
|  | ||||
| use crate::clientinfo::Client; | ||||
| use crate::credentials::{ | ||||
|     AwsBaseCredential, | ||||
|     AwsSessionCredential, | ||||
|     Credential, | ||||
|     DockerCredential, | ||||
| }; | ||||
| use crate::errors::*; | ||||
| use crate::ipc::{RequestNotification, RequestNotificationDetail, RequestResponse}; | ||||
| use crate::shortcuts::ShortcutAction; | ||||
| use crate::state::AppState; | ||||
|  | ||||
| pub mod creddy_server; | ||||
| pub mod agent; | ||||
| use platform::Stream; | ||||
|  | ||||
|  | ||||
| // These types match what's defined in creddy_cli, but they are separate types | ||||
| // so that we avoid polluting the standalone CLI with a bunch of dependencies | ||||
| // that would make it impossible to build a completely static-linked version | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub enum CliRequest { | ||||
|     GetAwsCredential { | ||||
|         name: Option<String>, | ||||
|         base: bool, | ||||
|     }, | ||||
|     GetDockerCredential { | ||||
|         server_url: String, | ||||
|     }, | ||||
|     SaveCredential { | ||||
|         name: String, | ||||
|         is_default: bool, | ||||
|         credential: Credential, | ||||
|     }, | ||||
|     InvokeShortcut(ShortcutAction), | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub enum CliResponse { | ||||
|     Credential(CliCredential), | ||||
|     Empty, | ||||
| } | ||||
|  | ||||
|  | ||||
| #[derive(Debug, Serialize, Deserialize)] | ||||
| pub enum CliCredential { | ||||
|     AwsBase(AwsBaseCredential), | ||||
|     AwsSession(AwsSessionCredential), | ||||
|     Docker(DockerCredential), | ||||
| } | ||||
|  | ||||
|  | ||||
| struct CloseWaiter<'s> { | ||||
|     stream: &'s mut Stream, | ||||
| } | ||||
|  | ||||
| impl<'s> CloseWaiter<'s> { | ||||
|     async fn wait_for_close(&mut self) -> std::io::Result<()> { | ||||
|         let mut buf = [0u8; 8]; | ||||
|         loop { | ||||
|             match self.stream.read(&mut buf).await { | ||||
|                 Ok(0) => break Ok(()), | ||||
|                 Ok(_) => (), | ||||
|                 Err(e) => break Err(e), | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| fn serve<H, F>(sock_name: &str, app_handle: AppHandle, handler: H) -> std::io::Result<()> | ||||
|     where H: Copy + Send + Fn(Stream, AppHandle, u32) -> F + 'static, | ||||
|           F: Send + Future<Output = Result<(), HandlerError>>, | ||||
| { | ||||
|     let (mut listener, addr) = platform::bind(sock_name)?; | ||||
|     rt::spawn(async move { | ||||
|         loop { | ||||
|             let (stream, client_pid) = match platform::accept(&mut listener, &addr).await { | ||||
|                 Ok((s, c)) => (s, c), | ||||
|                 Err(e) => { | ||||
|                     eprintln!("Error accepting request: {e}"); | ||||
|                     continue; | ||||
|                 }, | ||||
|             }; | ||||
|             let new_handle = app_handle.clone(); | ||||
|             rt::spawn(async move { | ||||
|                 handler(stream, new_handle, client_pid) | ||||
|                     .await | ||||
|                     .error_print_prefix("Error responding to request: "); | ||||
|             }); | ||||
|         } | ||||
|     }); | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
|  | ||||
| async fn send_credentials_request( | ||||
|     detail: RequestNotificationDetail, | ||||
|     app_handle: AppHandle, | ||||
|     mut waiter: CloseWaiter<'_> | ||||
| ) -> Result<RequestResponse, HandlerError> { | ||||
|     let state = app_handle.state::<AppState>(); | ||||
|     let rehide_ms = { | ||||
|         let config = state.config.read().await; | ||||
|         config.rehide_ms | ||||
|     }; | ||||
|  | ||||
|     let lease = state.acquire_visibility_lease(rehide_ms).await | ||||
|         .map_err(|_e| HandlerError::NoMainWindow)?; | ||||
|  | ||||
|     let (chan_send, chan_recv) = oneshot::channel(); | ||||
|     let request_id = state.register_request(chan_send).await; | ||||
|     let notification = RequestNotification { id: request_id, detail }; | ||||
|  | ||||
|     // the following could fail in various ways, but we want to make sure | ||||
|     // the request gets unregistered on any failure, so we wrap this all | ||||
|     // up in an async block so that we only have to handle the error case once | ||||
|     let proceed = async { | ||||
|         app_handle.emit("credential-request", ¬ification)?; | ||||
|         tokio::select! { | ||||
|             r = chan_recv => Ok(r?), | ||||
|             _ = waiter.wait_for_close() => { | ||||
|                 app_handle.emit("request-cancelled", request_id)?; | ||||
|                 Err(HandlerError::Abandoned) | ||||
|             }, | ||||
|         } | ||||
|     }; | ||||
|  | ||||
|     let res = proceed.await; | ||||
|     if let Err(_) = &res { | ||||
|         state.unregister_request(request_id).await; | ||||
|     } | ||||
|  | ||||
|     lease.release(); | ||||
|     res | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(unix)] | ||||
| mod platform { | ||||
|     use std::io::ErrorKind; | ||||
|     use std::path::PathBuf; | ||||
|     use tokio::net::{UnixListener, UnixStream}; | ||||
|     use super::*; | ||||
|  | ||||
|  | ||||
|     pub type Stream = UnixStream; | ||||
|  | ||||
|     pub fn bind(sock_name: &str) -> std::io::Result<(UnixListener, PathBuf)> { | ||||
|         let path = creddy_cli::server_addr(sock_name); | ||||
|         match std::fs::remove_file(&path) { | ||||
|             Ok(_) => (), | ||||
|             Err(e) if e.kind() == ErrorKind::NotFound => (), | ||||
|             Err(e) => return Err(e), | ||||
|         } | ||||
|  | ||||
|         let listener = UnixListener::bind(&path)?; | ||||
|         Ok((listener, path)) | ||||
|     } | ||||
|  | ||||
|     pub async fn accept(listener: &mut UnixListener, _addr: &PathBuf) -> Result<(UnixStream, u32), HandlerError> { | ||||
|         let (stream, _addr) = listener.accept().await?; | ||||
|         let pid = stream.peer_cred()? | ||||
|             .pid() | ||||
|             .ok_or(ClientInfoError::PidNotFound)? | ||||
|             as u32; | ||||
|  | ||||
|         Ok((stream, pid)) | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(windows)] | ||||
| mod platform { | ||||
|     use std::os::windows::io::AsRawHandle; | ||||
|     use tokio::net::windows::named_pipe::{ | ||||
|         NamedPipeServer, | ||||
|         ServerOptions, | ||||
|     }; | ||||
|     use windows::Win32::{ | ||||
|         Foundation::HANDLE, | ||||
|         System::Pipes::GetNamedPipeClientProcessId, | ||||
|     }; | ||||
|     use super::*; | ||||
|  | ||||
|  | ||||
|     pub type Stream = NamedPipeServer; | ||||
|  | ||||
|     pub fn bind(sock_name: &str) -> std::io::Result<(String, NamedPipeServer)> { | ||||
|         let addr = creddy_cli::server_addr(sock_name); | ||||
|         let listener = ServerOptions::new() | ||||
|             .first_pipe_instance(true) | ||||
|             .create(&addr)?; | ||||
|         Ok((listener, addr)) | ||||
|     } | ||||
|  | ||||
|     pub async fn accept(listener: &mut NamedPipeServer, addr: &String) -> Result<(NamedPipeServer, u32), HandlerError> { | ||||
|         // connect() just waits for a client to connect, it doesn't return anything | ||||
|         listener.connect().await?; | ||||
|  | ||||
|         // unlike Unix sockets, a Windows NamedPipeServer *becomes* the open stream | ||||
|         // once a client connects. If we want to keep listening, we have to construct | ||||
|         // a new server and swap it in. | ||||
|         let new_listener = ServerOptions::new().create(addr)?; | ||||
|         let stream = std::mem::replace(listener, new_listener); | ||||
|  | ||||
|         let raw_handle = stream.as_raw_handle(); | ||||
|         let mut pid = 0u32; | ||||
|         let handle = HANDLE(raw_handle as _); | ||||
|         unsafe { GetNamedPipeClientProcessId(handle, &mut pid as *mut u32)? }; | ||||
|         Ok((stream, pid)) | ||||
|     } | ||||
| } | ||||
| @@ -1,12 +1,15 @@ | ||||
| use std::collections::HashMap; | ||||
| use std::collections::hash_map::Entry; | ||||
| use std::time::Duration; | ||||
| use time::OffsetDateTime; | ||||
|  | ||||
| use tokio::{ | ||||
|     sync::RwLock, | ||||
|     sync::{RwLock, RwLockReadGuard}, | ||||
|     sync::oneshot::{self, Sender}, | ||||
| }; | ||||
| use ssh_agent_lib::proto::message::Identity; | ||||
| use sqlx::SqlitePool; | ||||
| use sqlx::types::Uuid; | ||||
| use tauri::{ | ||||
|     Manager, | ||||
|     async_runtime as rt, | ||||
| @@ -14,12 +17,19 @@ use tauri::{ | ||||
|  | ||||
| use crate::app; | ||||
| use crate::credentials::{ | ||||
|     Session, | ||||
|     BaseCredentials, | ||||
|     SessionCredentials, | ||||
|     AppSession, | ||||
|     AwsSessionCredential, | ||||
|     DockerCredential, | ||||
|     SshKey, | ||||
| }; | ||||
| use crate::{config, config::AppConfig}; | ||||
| use crate::ipc::{self, Approval, RequestResponse}; | ||||
| use crate::credentials::{ | ||||
|     AwsBaseCredential, | ||||
|     Credential, | ||||
|     CredentialRecord, | ||||
|     PersistentCredential | ||||
| }; | ||||
| use crate::ipc::{self, RequestResponse}; | ||||
| use crate::errors::*; | ||||
| use crate::shortcuts; | ||||
|  | ||||
| @@ -101,7 +111,9 @@ impl VisibilityLease { | ||||
| #[derive(Debug)] | ||||
| pub struct AppState { | ||||
|     pub config: RwLock<AppConfig>, | ||||
|     pub session: RwLock<Session>, | ||||
|     pub app_session: RwLock<AppSession>, | ||||
|     // session cache is keyed on id rather than name because names can change | ||||
|     pub aws_sessions: RwLock<HashMap<Uuid, AwsSessionCredential>>, | ||||
|     pub last_activity: RwLock<OffsetDateTime>, | ||||
|     pub request_count: RwLock<u64>, | ||||
|     pub waiting_requests: RwLock<HashMap<u64, Sender<RequestResponse>>>, | ||||
| @@ -116,14 +128,15 @@ pub struct AppState { | ||||
| impl AppState { | ||||
|     pub fn new( | ||||
|         config: AppConfig, | ||||
|         session: Session, | ||||
|         app_session: AppSession, | ||||
|         pool: SqlitePool, | ||||
|         setup_errors: Vec<String>, | ||||
|         desktop_is_gnome: bool, | ||||
|     ) -> AppState { | ||||
|         AppState { | ||||
|             config: RwLock::new(config), | ||||
|             session: RwLock::new(session), | ||||
|             app_session: RwLock::new(app_session), | ||||
|             aws_sessions: RwLock::new(HashMap::new()), | ||||
|             last_activity: RwLock::new(OffsetDateTime::now_utc()), | ||||
|             request_count: RwLock::new(0), | ||||
|             waiting_requests: RwLock::new(HashMap::new()), | ||||
| @@ -135,18 +148,53 @@ impl AppState { | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     pub async fn new_creds(&self, base_creds: BaseCredentials, passphrase: &str) -> Result<(), UnlockError> { | ||||
|         let locked = base_creds.encrypt(passphrase)?; | ||||
|         // do this first so that if it fails we don't save bad credentials | ||||
|         self.new_session(base_creds).await?; | ||||
|         locked.save(&self.pool).await?; | ||||
|     pub async fn save_credential(&self, record: CredentialRecord) -> Result<(), SaveCredentialsError> { | ||||
|         let session = self.app_session.read().await; | ||||
|         let crypto = session.try_get_crypto()?; | ||||
|         record.save(crypto, &self.pool).await | ||||
|     } | ||||
|  | ||||
|     pub async fn delete_credential(&self, id: &Uuid) -> Result<(), SaveCredentialsError> { | ||||
|         sqlx::query!("DELETE FROM credentials WHERE id = ?", id) | ||||
|             .execute(&self.pool) | ||||
|             .await?; | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub async fn list_credentials(&self) -> Result<Vec<CredentialRecord>, GetCredentialsError> { | ||||
|         let session = self.app_session.read().await; | ||||
|         let crypto = session.try_get_crypto()?; | ||||
|         let list = CredentialRecord::list(crypto, &self.pool).await?; | ||||
|         Ok(list) | ||||
|     } | ||||
|  | ||||
|     pub async fn list_ssh_identities(&self) -> Result<Vec<Identity>, GetCredentialsError> { | ||||
|         Ok(SshKey::list_identities(&self.pool).await?) | ||||
|     } | ||||
|  | ||||
|     pub async fn set_passphrase(&self, passphrase: &str) -> Result<(), SaveCredentialsError> { | ||||
|         let mut cur_session = self.app_session.write().await; | ||||
|         if let AppSession::Locked {..} = *cur_session { | ||||
|             return Err(SaveCredentialsError::Locked); | ||||
|         } | ||||
|  | ||||
|         let new_session = AppSession::new(passphrase)?; | ||||
|         if let AppSession::Unlocked {salt: _, ref crypto} = *cur_session { | ||||
|             CredentialRecord::rekey( | ||||
|                 crypto, | ||||
|                 new_session.try_get_crypto().expect("AppSession::new() should always return Unlocked"), | ||||
|                 &self.pool, | ||||
|             ).await?; | ||||
|         } | ||||
|  | ||||
|         new_session.save(&self.pool).await?; | ||||
|         *cur_session = new_session; | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub async fn update_config(&self, new_config: AppConfig) -> Result<(), SetupError> { | ||||
|         let mut live_config = self.config.write().await; | ||||
|          | ||||
|  | ||||
|         // update autostart if necessary | ||||
|         if new_config.start_on_login != live_config.start_on_login { | ||||
|             config::set_auto_launch(new_config.start_on_login)?; | ||||
| @@ -187,11 +235,6 @@ impl AppState { | ||||
|     } | ||||
|  | ||||
|     pub async fn send_response(&self, response: ipc::RequestResponse) -> Result<(), SendResponseError> { | ||||
|         if let Approval::Approved = response.approval { | ||||
|             let mut session = self.session.write().await; | ||||
|             session.renew_if_expired().await?; | ||||
|         } | ||||
|  | ||||
|         let mut waiting_requests = self.waiting_requests.write().await; | ||||
|         waiting_requests | ||||
|             .remove(&response.id) | ||||
| @@ -201,24 +244,17 @@ impl AppState { | ||||
|     } | ||||
|  | ||||
|     pub async fn unlock(&self, passphrase: &str) -> Result<(), UnlockError> { | ||||
|         let base_creds = match *self.session.read().await { | ||||
|             Session::Empty => {return Err(UnlockError::NoCredentials);}, | ||||
|             Session::Unlocked{..} => {return Err(UnlockError::NotLocked);}, | ||||
|             Session::Locked(ref locked) => locked.decrypt(passphrase)?, | ||||
|         }; | ||||
|         // Read lock is dropped here, so this doesn't deadlock | ||||
|         self.new_session(base_creds).await?; | ||||
|  | ||||
|         Ok(()) | ||||
|         let mut session = self.app_session.write().await; | ||||
|         session.unlock(passphrase) | ||||
|     } | ||||
|  | ||||
|     pub async fn lock(&self) -> Result<(), LockError> { | ||||
|         let mut session = self.session.write().await; | ||||
|         let mut session = self.app_session.write().await; | ||||
|         match *session { | ||||
|             Session::Empty => Err(LockError::NotUnlocked), | ||||
|             Session::Locked(_) => Err(LockError::NotUnlocked), | ||||
|             Session::Unlocked{..} => { | ||||
|                 *session = Session::load(&self.pool).await?; | ||||
|             AppSession::Empty => Err(LockError::NotUnlocked), | ||||
|             AppSession::Locked{..} => Err(LockError::NotUnlocked), | ||||
|             AppSession::Unlocked{..} => { | ||||
|                 *session = AppSession::load(&self.pool).await?; | ||||
|  | ||||
|                 let app_handle = app::APP.get().unwrap(); | ||||
|                 app_handle.emit("locked", None::<usize>)?; | ||||
| @@ -228,6 +264,72 @@ impl AppState { | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     pub async fn reset_session(&self) -> Result<(), SaveCredentialsError> { | ||||
|         let mut session = self.app_session.write().await; | ||||
|         session.reset(&self.pool).await?; | ||||
|         sqlx::query!("DELETE FROM credentials").execute(&self.pool).await?; | ||||
|         Ok(()) | ||||
|     } | ||||
|  | ||||
|     pub async fn get_aws_base(&self, name: Option<String>) -> Result<AwsBaseCredential, GetCredentialsError> { | ||||
|         let app_session = self.app_session.read().await; | ||||
|         let crypto = app_session.try_get_crypto()?; | ||||
|         let creds = match name { | ||||
|             Some(n) => AwsBaseCredential::load_by_name(&n, crypto, &self.pool).await?, | ||||
|             None => AwsBaseCredential::load_default(crypto, &self.pool).await?, | ||||
|         }; | ||||
|         Ok(creds) | ||||
|     } | ||||
|  | ||||
|     pub async fn get_aws_session(&self, name: Option<String>) -> Result<RwLockReadGuard<'_, AwsSessionCredential>, GetCredentialsError> { | ||||
|         let app_session = self.app_session.read().await; | ||||
|         let crypto = app_session.try_get_crypto()?; | ||||
|         let record = match name { | ||||
|             Some(n) => CredentialRecord::load_by_name(&n, crypto, &self.pool).await?, | ||||
|             None => CredentialRecord::load_default("aws", crypto, &self.pool).await?, | ||||
|         }; | ||||
|         let base = match &record.credential { | ||||
|             Credential::AwsBase(b) => Ok(b), | ||||
|             _ => Err(LoadCredentialsError::NoCredentials) | ||||
|         }?; | ||||
|  | ||||
|         { | ||||
|             let mut aws_sessions = self.aws_sessions.write().await; | ||||
|             match aws_sessions.entry(record.id) { | ||||
|                 Entry::Vacant(e) => { | ||||
|                     e.insert(AwsSessionCredential::from_base(&base).await?); | ||||
|                 }, | ||||
|                 Entry::Occupied(mut e) if e.get().is_expired() => { | ||||
|                     *(e.get_mut()) = AwsSessionCredential::from_base(&base).await?; | ||||
|                 }, | ||||
|                 _ => () | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         // we know the unwrap is safe, because we just made sure of it | ||||
|         let s = RwLockReadGuard::map(self.aws_sessions.read().await, |map| map.get(&record.id).unwrap()); | ||||
|         Ok(s) | ||||
|     } | ||||
|  | ||||
|     pub async fn ssh_name_from_pubkey(&self, pubkey: &[u8]) -> Result<String, GetCredentialsError> { | ||||
|         let k = SshKey::name_from_pubkey(pubkey, &self.pool).await?; | ||||
|         Ok(k) | ||||
|     } | ||||
|  | ||||
|     pub async fn sshkey_by_name(&self, name: &str) -> Result<SshKey, GetCredentialsError> { | ||||
|         let app_session = self.app_session.read().await; | ||||
|         let crypto = app_session.try_get_crypto()?; | ||||
|         let k = SshKey::load_by_name(name, crypto, &self.pool).await?; | ||||
|         Ok(k) | ||||
|     } | ||||
|  | ||||
|     pub async fn get_docker_credential(&self, server_url: &str) -> Result<DockerCredential, GetCredentialsError> { | ||||
|         let app_session = self.app_session.read().await; | ||||
|         let crypto = app_session.try_get_crypto()?; | ||||
|         let d = DockerCredential::load_by("server_url", server_url.to_owned(), crypto, &self.pool).await?; | ||||
|         Ok(d) | ||||
|     } | ||||
|  | ||||
|     pub async fn signal_activity(&self) { | ||||
|         let mut last_activity = self.last_activity.write().await; | ||||
|         *last_activity = OffsetDateTime::now_utc(); | ||||
| @@ -235,7 +337,7 @@ impl AppState { | ||||
|  | ||||
|     pub async fn should_auto_lock(&self) -> bool { | ||||
|         let config = self.config.read().await; | ||||
|         if !config.auto_lock || !self.is_unlocked().await { | ||||
|         if !config.auto_lock || self.is_locked().await { | ||||
|             return false; | ||||
|         } | ||||
|  | ||||
| @@ -244,28 +346,9 @@ impl AppState { | ||||
|         elapsed >= config.lock_after | ||||
|     } | ||||
|  | ||||
|     pub async fn is_unlocked(&self) -> bool { | ||||
|         let session = self.session.read().await; | ||||
|         matches!(*session, Session::Unlocked{..}) | ||||
|     } | ||||
|  | ||||
|     pub async fn base_creds_cloned(&self) -> Result<BaseCredentials, GetCredentialsError> { | ||||
|         let app_session = self.session.read().await; | ||||
|         let (base, _session) = app_session.try_get()?; | ||||
|         Ok(base.clone()) | ||||
|     } | ||||
|  | ||||
|     pub async fn session_creds_cloned(&self) -> Result<SessionCredentials, GetCredentialsError> { | ||||
|         let app_session = self.session.read().await; | ||||
|         let (_base, session) = app_session.try_get()?; | ||||
|         Ok(session.clone()) | ||||
|     } | ||||
|  | ||||
|     async fn new_session(&self, base: BaseCredentials) -> Result<(), GetSessionError> { | ||||
|         let session = SessionCredentials::from_base(&base).await?; | ||||
|         let mut app_session = self.session.write().await; | ||||
|         *app_session = Session::Unlocked {base, session}; | ||||
|         Ok(()) | ||||
|     pub async fn is_locked(&self) -> bool { | ||||
|         let session = self.app_session.read().await; | ||||
|         matches!(*session, AppSession::Locked {..}) | ||||
|     } | ||||
|  | ||||
|     pub async fn register_terminal_request(&self) -> Result<(), ()> { | ||||
| @@ -285,3 +368,36 @@ impl AppState { | ||||
|         *req = false; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| #[cfg(test)] | ||||
| mod tests { | ||||
|     use super::*; | ||||
|     use crate::credentials::Crypto; | ||||
|     use sqlx::types::Uuid; | ||||
|  | ||||
|  | ||||
|     fn test_state(pool: SqlitePool) -> AppState { | ||||
|         let salt = [0u8; 32]; | ||||
|         let crypto = Crypto::fixed(); | ||||
|         AppState::new( | ||||
|             AppConfig::default(), | ||||
|             AppSession::Unlocked { salt, crypto }, | ||||
|             pool, | ||||
|             vec![], | ||||
|             false, | ||||
|         ) | ||||
|     } | ||||
|  | ||||
|  | ||||
|     #[sqlx::test(fixtures("./credentials/fixtures/aws_credentials.sql"))] | ||||
|     fn test_delete_credential(pool: SqlitePool) { | ||||
|         let state = test_state(pool); | ||||
|         let id = Uuid::try_parse("00000000-0000-0000-0000-000000000000").unwrap(); | ||||
|         state.delete_credential(&id).await.unwrap(); | ||||
|  | ||||
|         // ensure delete-cascade went through correctly | ||||
|         let res = AwsBaseCredential::load(&id, &Crypto::fixed(), &state.pool).await; | ||||
|         assert!(matches!(res, Err(LoadCredentialsError::NoCredentials))); | ||||
|     } | ||||
| } | ||||
|   | ||||
| @@ -1,6 +1,8 @@ | ||||
| use std::process::Command; | ||||
| use std::time::Duration; | ||||
|  | ||||
| use tauri::Manager; | ||||
| use tauri::{AppHandle, Manager}; | ||||
| use tokio::time::sleep; | ||||
|  | ||||
| use crate::app::APP; | ||||
| use crate::errors::*; | ||||
| @@ -16,6 +18,18 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> { | ||||
|         return Ok(()); | ||||
|     } | ||||
|  | ||||
|     let res = do_launch(app, use_base).await; | ||||
|  | ||||
|     state.unregister_terminal_request().await; | ||||
|     res | ||||
| } | ||||
|  | ||||
|  | ||||
| // this handles most of the work, the outer function is just to ensure we properly | ||||
| // unregister the request if there's an error | ||||
| async fn do_launch(app: &AppHandle, use_base: bool) -> Result<(), LaunchTerminalError> { | ||||
|     let state = app.state::<AppState>(); | ||||
|  | ||||
|     let mut cmd = { | ||||
|         let config = state.config.read().await; | ||||
|         let mut cmd = Command::new(&config.terminal.exec); | ||||
| @@ -23,56 +37,50 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> { | ||||
|         cmd | ||||
|     }; | ||||
|  | ||||
|     // if session is locked or empty, wait for credentials from frontend | ||||
|     if !state.is_unlocked().await { | ||||
|         app.emit("launch-terminal-request", ())?; | ||||
|     // if session is locked, wait for credentials from frontend | ||||
|     if state.is_locked().await { | ||||
|         let lease = state.acquire_visibility_lease(0).await | ||||
|             .map_err(|_e| LaunchTerminalError::NoMainWindow)?; // automate conversion eventually? | ||||
|  | ||||
|         let (tx, rx) = tokio::sync::oneshot::channel(); | ||||
|         app.once("credentials-event", move |e| { | ||||
|             let success = match e.payload() { | ||||
|                 "\"unlocked\"" | "\"entered\"" => true, | ||||
|                 _ => false, | ||||
|             }; | ||||
|             let _ = tx.send(success); | ||||
|         app.once("unlocked", move |_| { | ||||
|             let _ = tx.send(()); | ||||
|         }); | ||||
|  | ||||
|         if !rx.await.unwrap_or(false) { | ||||
|             state.unregister_terminal_request().await; | ||||
|             return Ok(()); // request was canceled by user | ||||
|         } | ||||
|         lease.release(); | ||||
|     } | ||||
|  | ||||
|     // more lock-management | ||||
|     { | ||||
|         let app_session = state.session.read().await; | ||||
|         // session should really be unlocked at this point, but if the frontend misbehaves | ||||
|         // (i.e. lies about unlocking) we could end up here with a locked session | ||||
|         // this will result in an error popup to the user (see main hotkey handler) | ||||
|         let (base_creds, session_creds) = app_session.try_get()?; | ||||
|         if use_base { | ||||
|             cmd.env("AWS_ACCESS_KEY_ID", &base_creds.access_key_id); | ||||
|             cmd.env("AWS_SECRET_ACCESS_KEY", &base_creds.secret_access_key); | ||||
|         } | ||||
|         else { | ||||
|             cmd.env("AWS_ACCESS_KEY_ID", &session_creds.access_key_id); | ||||
|             cmd.env("AWS_SECRET_ACCESS_KEY", &session_creds.secret_access_key); | ||||
|             cmd.env("AWS_SESSION_TOKEN", &session_creds.session_token); | ||||
|         let timeout = Duration::from_secs(60); | ||||
|         tokio::select! { | ||||
|             // if the frontend is unlocked within 60 seconds, release visibility lock and proceed | ||||
|             _ = rx => lease.release(), | ||||
|             // otherwise, dump this request, but return Ok so we don't get an error popup | ||||
|             _ = sleep(timeout) => { | ||||
|                 eprintln!("WARNING: Request to launch terminal timed out after 60 seconds."); | ||||
|                 return Ok(()); | ||||
|             }, | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     let res = match cmd.spawn() { | ||||
|     // session should really be unlocked at this point, but if the frontend misbehaves | ||||
|     // (i.e. lies about unlocking) we could end up here with a locked session | ||||
|     // this will result in an error popup to the user (see main hotkey handler) | ||||
|     if use_base { | ||||
|         let base_creds = state.get_aws_base(None).await?; | ||||
|         cmd.env("AWS_ACCESS_KEY_ID", &base_creds.access_key_id); | ||||
|         cmd.env("AWS_SECRET_ACCESS_KEY", &base_creds.secret_access_key); | ||||
|     } | ||||
|     else { | ||||
|         let session_creds = state.get_aws_session(None).await?; | ||||
|         cmd.env("AWS_ACCESS_KEY_ID", &session_creds.access_key_id); | ||||
|         cmd.env("AWS_SECRET_ACCESS_KEY", &session_creds.secret_access_key); | ||||
|         cmd.env("AWS_SESSION_TOKEN", &session_creds.session_token); | ||||
|     } | ||||
|  | ||||
|     match cmd.spawn() { | ||||
|         Ok(_) => Ok(()), | ||||
|         Err(e) if std::io::ErrorKind::NotFound == e.kind() => { | ||||
|             Err(ExecError::NotFound(cmd.get_program().to_owned())) | ||||
|         }, | ||||
|         Err(e) => Err(ExecError::ExecutionFailed(e)), | ||||
|     }; | ||||
|     }?; | ||||
|  | ||||
|     state.unregister_terminal_request().await; | ||||
|  | ||||
|     res?; // ? auto-conversion is more liberal than .into() | ||||
|     Ok(()) | ||||
| } | ||||
|   | ||||
| @@ -50,7 +50,7 @@ | ||||
|     } | ||||
|   }, | ||||
|   "productName": "creddy", | ||||
|   "version": "0.4.9", | ||||
|   "version": "0.5.4", | ||||
|   "identifier": "creddy", | ||||
|   "plugins": {}, | ||||
|   "app": { | ||||
| @@ -85,4 +85,4 @@ | ||||
|       } | ||||
|     } | ||||
|   } | ||||
| } | ||||
| } | ||||
|   | ||||
| @@ -7,15 +7,22 @@ import { getVersion } from '@tauri-apps/api/app'; | ||||
| import { appState, acceptRequest, cleanupRequest } from './lib/state.js'; | ||||
| import { views, currentView, navigate } from './lib/routing.js'; | ||||
|  | ||||
| import Approve from './views/Approve.svelte'; | ||||
| import CreatePassphrase from './views/CreatePassphrase.svelte'; | ||||
| import Unlock from './views/Unlock.svelte'; | ||||
|  | ||||
| $views = import.meta.glob('./views/*.svelte', {eager: true}); | ||||
| navigate('Home'); | ||||
|  | ||||
| // set up app state | ||||
| invoke('get_config').then(config => $appState.config = config); | ||||
| invoke('get_session_status').then(status => $appState.credentialStatus = status); | ||||
| invoke('get_session_status').then(status => $appState.sessionStatus = status); | ||||
| getVersion().then(version => $appState.appVersion = version); | ||||
| invoke('get_setup_errors') | ||||
|     .then(errs => { | ||||
|         $appState.setupErrors = errs.map(e => ({msg: e, show: true})); | ||||
|     }); | ||||
|  | ||||
| listen('credentials-request', (tauriEvent) => { | ||||
|  | ||||
| // set up event handlers | ||||
| listen('credential-request', (tauriEvent) => { | ||||
|     $appState.pendingRequests.put(tauriEvent.payload); | ||||
| }); | ||||
|  | ||||
| @@ -29,29 +36,17 @@ listen('request-cancelled', (tauriEvent) => { | ||||
|     } | ||||
| }); | ||||
|  | ||||
| listen('launch-terminal-request', async (tauriEvent) => { | ||||
|     if ($appState.currentRequest === null) { | ||||
|         let status = await invoke('get_session_status'); | ||||
|         if (status === 'locked') { | ||||
|             navigate('Unlock'); | ||||
|         } | ||||
|         else if (status === 'empty') { | ||||
|             navigate('EnterCredentials'); | ||||
|         } | ||||
|         // else, session is unlocked, so do nothing | ||||
|         // (although we shouldn't even get the event in that case) | ||||
|     } | ||||
| }); | ||||
|  | ||||
| listen('locked', () => { | ||||
|     $appState.credentialStatus = 'locked'; | ||||
|     $appState.sessionStatus = 'locked'; | ||||
| }); | ||||
|  | ||||
| invoke('get_setup_errors') | ||||
|     .then(errs => { | ||||
|         $appState.setupErrors = errs.map(e => ({msg: e, show: true})); | ||||
|     }); | ||||
|  | ||||
| // set up navigation | ||||
| $views = import.meta.glob('./views/*.svelte', {eager: true}); | ||||
| navigate('Home'); | ||||
|  | ||||
|  | ||||
| // ready to rock and roll | ||||
| acceptRequest(); | ||||
| </script> | ||||
|  | ||||
| @@ -61,4 +56,17 @@ acceptRequest(); | ||||
|     on:keydown={() => invoke('signal_activity')} | ||||
| /> | ||||
|  | ||||
| <svelte:component this="{$currentView}" /> | ||||
|  | ||||
| {#if $appState.sessionStatus === 'empty'} | ||||
|     <!-- Empty state (no passphrase) takes precedence over everything --> | ||||
|     <CreatePassphrase /> | ||||
| {:else if $appState.currentRequest !== null} | ||||
|     <!-- if a request is pending, show approval flow (will include unlock if necessary) --> | ||||
|     <Approve /> | ||||
| {:else if $appState.sessionStatus === 'locked'} | ||||
|     <!-- if session is locked and no request is pending, show unlock screen --> | ||||
|     <Unlock /> | ||||
| {:else} | ||||
|     <!-- normal operation --> | ||||
|     <svelte:component this="{$currentView}" /> | ||||
| {/if} | ||||
|   | ||||
| @@ -6,3 +6,12 @@ export function getRootCause(error) { | ||||
|         return error; | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| export function fullMessage(error) { | ||||
|     let msg = error?.msg ? error.msg : error; | ||||
|     if (error.source) { | ||||
|         msg = `${msg}: ${fullMessage(error.source)}`; | ||||
|     } | ||||
|     return msg | ||||
| } | ||||
|   | ||||
| @@ -7,7 +7,7 @@ import { navigate, currentView, previousView } from './routing.js'; | ||||
| export let appState = writable({ | ||||
|     currentRequest: null, | ||||
|     pendingRequests: queue(), | ||||
|     credentialStatus: 'locked', | ||||
|     sessionStatus: 'locked', | ||||
|     setupErrors: [], | ||||
|     appVersion: '', | ||||
| }); | ||||
| @@ -25,11 +25,11 @@ export async function acceptRequest() { | ||||
|  | ||||
|  | ||||
| export function cleanupRequest() { | ||||
|     currentView.set(get(previousView)); | ||||
|     previousView.set(null); | ||||
|     appState.update($appState => { | ||||
|         $appState.currentRequest = null; | ||||
|         return $appState; | ||||
|     }); | ||||
|     currentView.set(get(previousView)); | ||||
|     previousView.set(null); | ||||
|     acceptRequest(); | ||||
| } | ||||
|   | ||||
| @@ -2,16 +2,42 @@ | ||||
|     import { onMount } from 'svelte'; | ||||
|     import { slide } from 'svelte/transition'; | ||||
|  | ||||
|     import { fullMessage } from '../lib/errors.js'; | ||||
|  | ||||
|  | ||||
|     let extraClasses = ""; | ||||
|     export {extraClasses as class}; | ||||
|     export let slideDuration = 150; | ||||
|     let animationClass = ""; | ||||
|  | ||||
|     export function shake() { | ||||
|     let error = null; | ||||
|  | ||||
|     function shake() { | ||||
|         animationClass = 'shake'; | ||||
|         window.setTimeout(() => animationClass = "", 400); | ||||
|     } | ||||
|  | ||||
|     export async function run(fallible) { | ||||
|         try { | ||||
|             const ret = await Promise.resolve(fallible()); | ||||
|             error = null; | ||||
|             return ret; | ||||
|         } | ||||
|         catch (e) { | ||||
|             if (error) shake(); | ||||
|             error = e; | ||||
|             // re-throw so it can be caught by the caller if necessary | ||||
|             throw e; | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     // this is a method rather than a prop so that we can re-shake every time | ||||
|     // the error occurs, even if the error message doesn't change | ||||
|     export function setError(e) { | ||||
|         if (error) shake(); | ||||
|         error = e; | ||||
|     } | ||||
|  | ||||
| </script> | ||||
|  | ||||
|  | ||||
| @@ -51,17 +77,17 @@ | ||||
| </style> | ||||
|  | ||||
|  | ||||
| <div in:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}"> | ||||
|     <div> | ||||
| {#if error} | ||||
|     <div transition:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}"> | ||||
|         <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" /></svg> | ||||
|         <span> | ||||
|             <slot></slot> | ||||
|             <slot {error}>{fullMessage(error)}</slot> | ||||
|         </span> | ||||
|     </div> | ||||
|  | ||||
|     {#if $$slots.buttons} | ||||
|         <div> | ||||
|             <slot name="buttons"></slot> | ||||
|         </div> | ||||
|     {/if} | ||||
| </div> | ||||
|         {#if $$slots.buttons} | ||||
|             <div> | ||||
|                 <slot name="buttons"></slot> | ||||
|             </div> | ||||
|         {/if} | ||||
|     </div> | ||||
| {/if} | ||||
|   | ||||
							
								
								
									
										53
									
								
								src/ui/FileInput.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										53
									
								
								src/ui/FileInput.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,53 @@ | ||||
| <script> | ||||
|     // import { listen } from '@tauri-apps/api/event'; | ||||
|     import { open } from '@tauri-apps/plugin-dialog'; | ||||
|     import { sep } from '@tauri-apps/api/path'; | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|  | ||||
|     import Icon from './Icon.svelte'; | ||||
|  | ||||
|  | ||||
|     export let value = {}; | ||||
|     export let params = {}; | ||||
|     let displayValue = value?.name || ''; | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     async function chooseFile() { | ||||
|         let file = await open(params); | ||||
|         if (file) { | ||||
|             value = file; | ||||
|             displayValue = file.name; | ||||
|             dispatch('update', value); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     function handleInput(evt) { | ||||
|         const segments = evt.target.value.split(sep()); | ||||
|         const name = segments[segments.length - 1]; | ||||
|         value = {name, path: evt.target.value}; | ||||
|     } | ||||
|  | ||||
|     // some day, figure out drag-and-drop | ||||
|     // let drag = null; | ||||
|     // listen('tauri://drag', e => drag = e); | ||||
|     // listen('tauri://drop', e => console.log(e)); | ||||
|     // listen('tauri://drag-cancelled', e => console.log(e)); | ||||
|     // listen('tauri://drop-over', e => console.log(e)); | ||||
|  | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <div class="relative flex join has-[:focus]:outline outline-2 outline-offset-2 outline-base-content/20"> | ||||
|     <button type="button" class="btn btn-neutral join-item" on:click={chooseFile}> | ||||
|         Choose file | ||||
|     </button> | ||||
|     <input  | ||||
|         type="text" | ||||
|         class="join-item grow input input-bordered border-l-0 bg-transparent focus:outline-none" | ||||
|         value={displayValue} | ||||
|         on:input={handleInput} | ||||
|         on:change={() => dispatch('update', value)} | ||||
|         on:focus on:blur | ||||
|     > | ||||
| </div> | ||||
| @@ -5,7 +5,7 @@ | ||||
|     let classes = ""; | ||||
|     export {classes as class}; | ||||
|  | ||||
|     let svg = ICONS[`./icons/${name}.svelte`].default; | ||||
|     $: svg = ICONS[`./icons/${name}.svelte`].default; | ||||
| </script> | ||||
|  | ||||
| <svelte:component this={svg} class={classes} /> | ||||
| @@ -31,6 +31,7 @@ | ||||
|             && shift === event.shiftKey | ||||
|         ) { | ||||
|             click(); | ||||
|             event.preventDefault(); | ||||
|         } | ||||
|     } | ||||
| </script> | ||||
|   | ||||
							
								
								
									
										52
									
								
								src/ui/PassphraseInput.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										52
									
								
								src/ui/PassphraseInput.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,52 @@ | ||||
| <script> | ||||
|     import Icon from './Icon.svelte'; | ||||
|  | ||||
|     export let value = ''; | ||||
|     export let placeholder = ''; | ||||
|     export let autofocus = false; | ||||
|     let classes = ''; | ||||
|     export {classes as class}; | ||||
|  | ||||
|     let show = false; | ||||
|     let input; | ||||
|  | ||||
|     export function focus() { | ||||
|         input.focus(); | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <style> | ||||
|     button { | ||||
|         border: 1px solid oklch(var(--bc) / 0.2); | ||||
|         border-left: none; | ||||
|     } | ||||
| </style> | ||||
|  | ||||
|  | ||||
| <div class="join w-full has-[:focus]:outline outline-2 outline-offset-2 outline-base-content/20"> | ||||
|     <input | ||||
|         bind:this={input} | ||||
|         type={show ? 'text' : 'password'} | ||||
|         {value} {placeholder} {autofocus} | ||||
|         on:input={e => value = e.target.value} | ||||
|         on:input on:change on:focus on:blur | ||||
|         class="input input-bordered flex-grow join-item placeholder:text-gray-500 focus:outline-none {classes}" | ||||
|     /> | ||||
|  | ||||
|     <button | ||||
|         type="button" | ||||
|         class="btn btn-ghost join-item swap swap-rotate" | ||||
|         class:swap-active={show} | ||||
|         on:click={() => show = !show} | ||||
|     > | ||||
|         <Icon | ||||
|             name="eye" | ||||
|             class="w-5 h-5 swap-off" | ||||
|         /> | ||||
|         <Icon | ||||
|             name="eye-slash" | ||||
|             class="w-5 h-5 swap-on" | ||||
|         /> | ||||
|     </button> | ||||
| </div> | ||||
							
								
								
									
										8
									
								
								src/ui/icons/arrow-right-start-on-rectangle.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src/ui/icons/arrow-right-start-on-rectangle.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| <script> | ||||
|   let classes = ''; | ||||
|   export {classes as class} | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0 0 13.5 3h-6a2.25 2.25 0 0 0-2.25 2.25v13.5A2.25 2.25 0 0 0 7.5 21h6a2.25 2.25 0 0 0 2.25-2.25V15m3 0 3-3m0 0-3-3m3 3H9" /> | ||||
| </svg> | ||||
							
								
								
									
										8
									
								
								src/ui/icons/command-line.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src/ui/icons/command-line.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| <script> | ||||
|   let classes = ''; | ||||
|   export {classes as class} | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="m6.75 7.5 3 2.25-3 2.25m4.5 0h3m-9 8.25h13.5A2.25 2.25 0 0 0 21 18V6a2.25 2.25 0 0 0-2.25-2.25H5.25A2.25 2.25 0 0 0 3 6v12a2.25 2.25 0 0 0 2.25 2.25Z" /> | ||||
| </svg> | ||||
							
								
								
									
										9
									
								
								src/ui/icons/eye-slash.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								src/ui/icons/eye-slash.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| <script> | ||||
|     let classes = ""; | ||||
|     export {classes as class}; | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="M3.98 8.223A10.477 10.477 0 0 0 1.934 12C3.226 16.338 7.244 19.5 12 19.5c.993 0 1.953-.138 2.863-.395M6.228 6.228A10.451 10.451 0 0 1 12 4.5c4.756 0 8.773 3.162 10.065 7.498a10.522 10.522 0 0 1-4.293 5.774M6.228 6.228 3 3m3.228 3.228 3.65 3.65m7.894 7.894L21 21m-3.228-3.228-3.65-3.65m0 0a3 3 0 1 0-4.243-4.243m4.242 4.242L9.88 9.88" /> | ||||
| </svg> | ||||
|  | ||||
							
								
								
									
										9
									
								
								src/ui/icons/eye.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								src/ui/icons/eye.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| <script> | ||||
|     let classes = ""; | ||||
|     export {classes as class}; | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="M2.036 12.322a1.012 1.012 0 0 1 0-.639C3.423 7.51 7.36 4.5 12 4.5c4.638 0 8.573 3.007 9.963 7.178.07.207.07.431 0 .639C20.577 16.49 16.64 19.5 12 19.5c-4.638 0-8.573-3.007-9.963-7.178Z" /> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" /> | ||||
| </svg> | ||||
							
								
								
									
										8
									
								
								src/ui/icons/key.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src/ui/icons/key.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| <script> | ||||
|   let classes = ''; | ||||
|   export {classes as class} | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 5.25a3 3 0 0 1 3 3m3 0a6 6 0 0 1-7.029 5.912c-.563-.097-1.159.026-1.563.43L10.5 17.25H8.25v2.25H6v2.25H2.25v-2.818c0-.597.237-1.17.659-1.591l6.499-6.499c.404-.404.527-1 .43-1.563A6 6 0 1 1 21.75 8.25Z" /> | ||||
| </svg> | ||||
							
								
								
									
										8
									
								
								src/ui/icons/pencil.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src/ui/icons/pencil.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| <script> | ||||
|     let classes = ''; | ||||
|     export {classes as class}; | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="m16.862 4.487 1.687-1.688a1.875 1.875 0 1 1 2.652 2.652L6.832 19.82a4.5 4.5 0 0 1-1.897 1.13l-2.685.8.8-2.685a4.5 4.5 0 0 1 1.13-1.897L16.863 4.487Zm0 0L19.5 7.125" /> | ||||
| </svg> | ||||
							
								
								
									
										9
									
								
								src/ui/icons/plus-circle-mini.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								src/ui/icons/plus-circle-mini.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| <script> | ||||
|   let classes = ""; | ||||
|   export {classes as class}; | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class={classes}> | ||||
|   <path fill-rule="evenodd" d="M10 18a8 8 0 1 0 0-16 8 8 0 0 0 0 16Zm.75-11.25a.75.75 0 0 0-1.5 0v2.5h-2.5a.75.75 0 0 0 0 1.5h2.5v2.5a.75.75 0 0 0 1.5 0v-2.5h2.5a.75.75 0 0 0 0-1.5h-2.5v-2.5Z" clip-rule="evenodd" /> | ||||
| </svg> | ||||
|  | ||||
							
								
								
									
										8
									
								
								src/ui/icons/shield-check.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src/ui/icons/shield-check.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| <script> | ||||
|   let classes = ''; | ||||
|   export {classes as class} | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="M9 12.75 11.25 15 15 9.75m-3-7.036A11.959 11.959 0 0 1 3.598 6 11.99 11.99 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623 5.176-1.332 9-6.03 9-11.622 0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285Z" /> | ||||
| </svg> | ||||
							
								
								
									
										8
									
								
								src/ui/icons/trash.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src/ui/icons/trash.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| <script> | ||||
|     let classes = ''; | ||||
|     export {classes as class}; | ||||
| </script> | ||||
|  | ||||
| <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}> | ||||
|   <path stroke-linecap="round" stroke-linejoin="round" d="m14.74 9-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 0 1-2.244 2.077H8.084a2.25 2.25 0 0 1-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 0 0-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 0 1 3.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 0 0-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 0 0-7.5 0" /> | ||||
| </svg> | ||||
| @@ -7,6 +7,13 @@ | ||||
|     export let value; | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     async function pickFile() { | ||||
|         let file = await open(); | ||||
|         if (file) { | ||||
|             value = file.path | ||||
|         } | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
| @@ -18,9 +25,10 @@ | ||||
|             bind:value | ||||
|             on:change={() => dispatch('update', {value})} | ||||
|         > | ||||
|         <button  | ||||
|         <button | ||||
|             type="button" | ||||
|             class="btn btn-sm btn-primary" | ||||
|             on:click={async () => value = await open()} | ||||
|             on:click={pickFile} | ||||
|         >Browse</button> | ||||
|     </div> | ||||
|     <slot name="description" slot="description"></slot> | ||||
|   | ||||
| @@ -1,13 +1,12 @@ | ||||
| <script> | ||||
|     import { slide } from 'svelte/transition'; | ||||
|     import ErrorAlert from '../ErrorAlert.svelte'; | ||||
|  | ||||
|     export let title; | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <div> | ||||
|     <div class="flex flex-wrap justify-between gap-y-4"> | ||||
|     <div class="flex flex-wrap justify-between gap-4"> | ||||
|         <h3 class="text-lg font-bold shrink-0">{title}</h3> | ||||
|         {#if $$slots.input} | ||||
|             <slot name="input"></slot> | ||||
|   | ||||
| @@ -1,145 +1,64 @@ | ||||
| <script> | ||||
|     import { onMount } from 'svelte'; | ||||
|     import { appState, cleanupRequest } from '../lib/state.js'; | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|  | ||||
|     import { navigate } from '../lib/routing.js'; | ||||
|     import { appState, cleanupRequest } from '../lib/state.js'; | ||||
|     import ErrorAlert from '../ui/ErrorAlert.svelte'; | ||||
|     import Link from '../ui/Link.svelte'; | ||||
|     import KeyCombo from '../ui/KeyCombo.svelte'; | ||||
|     import CollectResponse from './approve/CollectResponse.svelte'; | ||||
|     import ShowResponse from './approve/ShowResponse.svelte'; | ||||
|     import Unlock from './Unlock.svelte'; | ||||
|  | ||||
|  | ||||
|     // Send response to backend, display error if applicable | ||||
|     let error, alert; | ||||
|     async function respond() { | ||||
|         const response = { | ||||
|             id: $appState.currentRequest.id, | ||||
|             ...$appState.currentRequest.response, | ||||
|         }; | ||||
|     // Extra 50ms so the window can finish disappearing before the redraw | ||||
|     const rehideDelay = Math.min(5000, $appState.config.rehide_ms + 100); | ||||
|  | ||||
|     let alert; | ||||
|     let success = false; | ||||
|     async function sendResponse() { | ||||
|         try { | ||||
|             await invoke('respond', {response}); | ||||
|             navigate('ShowResponse'); | ||||
|             await invoke('respond', {response: $appState.currentRequest.response}); | ||||
|             success = true; | ||||
|             window.setTimeout(cleanupRequest, rehideDelay); | ||||
|         } | ||||
|         catch (e) { | ||||
|             if (error) { | ||||
|                 alert.shake(); | ||||
|             } | ||||
|             error = e; | ||||
|             // reset to null so that we go back to asking for approval | ||||
|             $appState.currentRequest.response = null; | ||||
|             // setTimeout forces this to not happen until the alert has been rendered | ||||
|             window.setTimeout(() => alert.setError(e), 0); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     // Approval has one of several outcomes depending on current credential state | ||||
|     async function approve(base) { | ||||
|         $appState.currentRequest.response = {approval: 'Approved', base}; | ||||
|         let status = await invoke('get_session_status'); | ||||
|         if (status === 'unlocked') { | ||||
|             await respond(); | ||||
|         } | ||||
|         else if (status === 'locked') { | ||||
|             navigate('Unlock'); | ||||
|         } | ||||
|         else { | ||||
|             navigate('EnterCredentials'); | ||||
|     async function handleResponseCollected() { | ||||
|         if ( | ||||
|             $appState.sessionStatus === 'unlocked' | ||||
|             || $appState.currentRequest.response.approval === 'Denied' | ||||
|         ) { | ||||
|             await sendResponse(); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     // Denial has only one | ||||
|     async function deny() { | ||||
|         $appState.currentRequest.response = {approval: 'Denied', base: false}; | ||||
|         await respond(); | ||||
|     } | ||||
|  | ||||
|     // Extract executable name from full path | ||||
|     const client = $appState.currentRequest.client; | ||||
|     const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/); | ||||
|     const appName = m[1] || m[2]; | ||||
|  | ||||
|     // Executable paths can be long, so ensure they only break on \ or / | ||||
|     function breakPath(path) { | ||||
|         return path.replace(/(\\|\/)/g, '$1<wbr>'); | ||||
|     } | ||||
|  | ||||
|     // if the request has already been approved/denied, send response immediately | ||||
|     onMount(async () => { | ||||
|         if ($appState.currentRequest.response) { | ||||
|             await respond(); | ||||
|         } | ||||
|     }); | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <!-- Don't render at all if we're just going to immediately proceed to the next screen --> | ||||
| {#if error || !$appState.currentRequest?.response} | ||||
| {#if success} | ||||
|     <!-- if we have successfully sent a response, show it --> | ||||
|     <ShowResponse /> | ||||
| {:else if !$appState.currentRequest?.response} | ||||
|     <!-- if a response hasn't been collected, ask for it --> | ||||
|     <div class="flex flex-col space-y-4 p-4 m-auto max-w-xl h-screen items-center justify-center"> | ||||
|         {#if error} | ||||
|             <ErrorAlert bind:this={alert}> | ||||
|                 {error.msg} | ||||
|                 <svelte:fragment slot="buttons"> | ||||
|                     <button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button> | ||||
|                     <button class="btn btn-sm btn-alert-error" on:click={respond}>Retry</button> | ||||
|                 </svelte:fragment> | ||||
|             </ErrorAlert> | ||||
|         {/if} | ||||
|         <ErrorAlert bind:this={alert}> | ||||
|             <svelte:fragment slot="buttons"> | ||||
|                 <button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button> | ||||
|                 <button class="btn btn-sm btn-alert-error" on:click={sendResponse}>Retry</button> | ||||
|             </svelte:fragment> | ||||
|         </ErrorAlert> | ||||
|  | ||||
|         {#if $appState.currentRequest?.base} | ||||
|             <div class="alert alert-warning shadow-lg"> | ||||
|                 <div> | ||||
|                     <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg> | ||||
|                     <span> | ||||
|                         WARNING: This application is requesting your base AWS credentials.  | ||||
|                         These credentials are less secure than session credentials, since they don't expire automatically. | ||||
|                     </span> | ||||
|                 </div> | ||||
|             </div> | ||||
|         {/if} | ||||
|  | ||||
|         <div class="space-y-1 mb-4"> | ||||
|             <h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2> | ||||
|  | ||||
|             <div class="grid grid-cols-[auto_1fr] gap-x-3"> | ||||
|                 <div class="text-right">Path:</div> | ||||
|                 <code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code> | ||||
|                 <div class="text-right">PID:</div> | ||||
|                 <code>{client.pid}</code> | ||||
|             </div> | ||||
|         </div> | ||||
|  | ||||
|         <div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6"> | ||||
|                 <!-- Don't display the option to approve with session credentials if base was specifically requested --> | ||||
|                 {#if !$appState.currentRequest?.base} | ||||
|                     <h3 class="font-semibold"> | ||||
|                         Approve with session credentials | ||||
|                     </h3> | ||||
|                     <Link target={() => approve(false)} hotkey="Enter" shift={true}> | ||||
|                         <button class="w-full btn btn-success"> | ||||
|                             <KeyCombo keys={['Shift', 'Enter']} /> | ||||
|                         </button> | ||||
|                     </Link> | ||||
|                 {/if} | ||||
|  | ||||
|                 <h3 class="font-semibold"> | ||||
|                     <span class="mr-2"> | ||||
|                         {#if $appState.currentRequest?.base} | ||||
|                             Approve | ||||
|                         {:else} | ||||
|                             Approve with base credentials | ||||
|                         {/if} | ||||
|                     </span> | ||||
|                 </h3> | ||||
|                 <Link target={() => approve(true)} hotkey="Enter" shift={true} ctrl={true}> | ||||
|                     <button class="w-full btn btn-warning"> | ||||
|                         <KeyCombo keys={['Ctrl', 'Shift', 'Enter']} /> | ||||
|                     </button> | ||||
|                 </Link> | ||||
|  | ||||
|                 <h3 class="font-semibold"> | ||||
|                     <span class="mr-2">Deny</span> | ||||
|                 </h3> | ||||
|                 <Link target={deny} hotkey="Escape"> | ||||
|                     <button class="w-full btn btn-error"> | ||||
|                         <KeyCombo keys={['Esc']} /> | ||||
|                     </button> | ||||
|                 </Link> | ||||
|         </div> | ||||
|         <CollectResponse  on:response={handleResponseCollected} /> | ||||
|     </div> | ||||
| {:else if $appState.sessionStatus === 'locked'} | ||||
|     <!-- if session is locked and we do have a response, we must be waiting for unlock --> | ||||
|     <Unlock on:unlocked={sendResponse} /> | ||||
| {:else} | ||||
|     <!-- failsafe sanity check --> | ||||
|     <ErrorAlert> | ||||
|         Something is wrong. This message should never show up during normal operation. | ||||
|     </ErrorAlert> | ||||
| {/if} | ||||
|   | ||||
							
								
								
									
										14
									
								
								src/views/ChangePassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								src/views/ChangePassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | ||||
| <script> | ||||
|     import { navigate } from '../lib/routing.js'; | ||||
|  | ||||
|     import EnterPassphrase from './passphrase/EnterPassphrase.svelte'; | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <div class="flex flex-col h-screen max-w-sm m-auto gap-y-8 justify-center"> | ||||
|         <h1 class="text-2xl font-bold text-center"> | ||||
|             Change passphrase | ||||
|         </h1> | ||||
|  | ||||
|         <EnterPassphrase cancellable={true} on:save={() => navigate('Home')}/> | ||||
| </div> | ||||
							
								
								
									
										21
									
								
								src/views/CreatePassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								src/views/CreatePassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| <script> | ||||
|     import EnterPassphrase from './passphrase/EnterPassphrase.svelte'; | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <div class="flex flex-col h-screen max-w-lg m-auto justify-center"> | ||||
|     <div class="space-y-8"> | ||||
|         <h1 class="text-2xl font-bold text-center">Welcome to Creddy!</h1> | ||||
|  | ||||
|         <div class="space-y-4"> | ||||
|             <p> Create a passphrase to get started.</p> | ||||
|  | ||||
|             <p>Please note that if you forget your passphrase, there is no way to recover  | ||||
|             your stored credentials. You will have to start over with a new passphrase.</p> | ||||
|         </div> | ||||
|  | ||||
|         <div class="max-w-sm mx-auto"> | ||||
|             <EnterPassphrase /> | ||||
|         </div> | ||||
|     </div> | ||||
| </div> | ||||
| @@ -1,94 +0,0 @@ | ||||
| <script> | ||||
|     import { onMount } from 'svelte'; | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|     import { emit } from '@tauri-apps/api/event'; | ||||
|     import { getRootCause } from '../lib/errors.js'; | ||||
|  | ||||
|     import { appState } from '../lib/state.js'; | ||||
|     import { navigate } from '../lib/routing.js'; | ||||
|     import Link from '../ui/Link.svelte'; | ||||
|     import ErrorAlert from '../ui/ErrorAlert.svelte'; | ||||
|     import Spinner from '../ui/Spinner.svelte'; | ||||
|  | ||||
|  | ||||
|     let errorMsg = null; | ||||
|     let alert; | ||||
|     let AccessKeyId, SecretAccessKey, passphrase, confirmPassphrase | ||||
|  | ||||
|     function confirm() { | ||||
|         if (passphrase !== confirmPassphrase) { | ||||
|             errorMsg = 'Passphrases do not match.' | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     let saving = false; | ||||
|     async function save() { | ||||
|         if (passphrase !== confirmPassphrase) { | ||||
|             alert.shake(); | ||||
|             return; | ||||
|         } | ||||
|  | ||||
|         let credentials = {AccessKeyId, SecretAccessKey}; | ||||
|         try { | ||||
|             saving = true; | ||||
|             await invoke('save_credentials', {credentials, passphrase}); | ||||
|             emit('credentials-event', 'entered'); | ||||
|             $appState.credentialStatus = 'unlocked'; | ||||
|             if ($appState.currentRequest) { | ||||
|                 navigate('Approve'); | ||||
|             } | ||||
|             else { | ||||
|                 navigate('Home'); | ||||
|             } | ||||
|         } | ||||
|         catch (e) { | ||||
|             const root = getRootCause(e); | ||||
|             if (e.code === 'GetSession' && root.code) { | ||||
|                 errorMsg = `Error response from AWS (${root.code}): ${root.msg}`; | ||||
|             } | ||||
|             else { | ||||
|                 // some of the built-in Tauri errors are plain strings, | ||||
|                 // so fall back to e if e.msg doesn't exist | ||||
|                 errorMsg = e.msg || e; | ||||
|             } | ||||
|  | ||||
|             // if the alert already existed, shake it | ||||
|             if (alert) { | ||||
|                 alert.shake(); | ||||
|             } | ||||
|  | ||||
|             saving = false; | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     function cancel() { | ||||
|         emit('credentials-event', 'enter-canceled'); | ||||
|         navigate('Home'); | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
|  | ||||
| <form action="#" on:submit|preventDefault="{save}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center"> | ||||
|     <h2 class="text-2xl font-bold text-center">Enter your credentials</h2> | ||||
|  | ||||
|     {#if errorMsg} | ||||
|         <ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert> | ||||
|     {/if} | ||||
|  | ||||
|     <input type="text" placeholder="AWS Access Key ID" bind:value="{AccessKeyId}" class="input input-bordered" /> | ||||
|     <input type="password" placeholder="AWS Secret Access Key" bind:value="{SecretAccessKey}" class="input input-bordered" /> | ||||
|     <input type="password" placeholder="Passphrase" bind:value="{passphrase}" class="input input-bordered" /> | ||||
|     <input type="password" placeholder="Re-enter passphrase" bind:value={confirmPassphrase} class="input input-bordered" on:change={confirm} /> | ||||
|  | ||||
|     <button type="submit" class="btn btn-primary"> | ||||
|         {#if saving } | ||||
|             <Spinner class="w-5 h-5" thickness="12"/> | ||||
|         {:else} | ||||
|             Submit | ||||
|         {/if} | ||||
|     </button> | ||||
|     <Link target={cancel} hotkey="Escape"> | ||||
|         <button class="btn btn-sm btn-outline w-full">Cancel</button> | ||||
|     </Link> | ||||
| </form> | ||||
| @@ -8,12 +8,24 @@ | ||||
|     import Icon from '../ui/Icon.svelte'; | ||||
|     import Link from '../ui/Link.svelte'; | ||||
|  | ||||
|     import vaultDoorSvg from '../assets/vault_door.svg?raw'; | ||||
|     let launchTerminalError; | ||||
|     async function launchTerminal() { | ||||
|         try { | ||||
|             await invoke('launch_terminal', {base: false}); | ||||
|         } | ||||
|         catch (e) { | ||||
|             console.log(e); | ||||
|             launchTerminalError = e; | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     let launchBase = false; | ||||
|     function launchTerminal() { | ||||
|         invoke('launch_terminal', {base: launchBase}); | ||||
|         launchBase = false; | ||||
|     async function lock() { | ||||
|         try { | ||||
|             await invoke('lock'); | ||||
|         } | ||||
|         catch (e) { | ||||
|             console.log(e); | ||||
|         } | ||||
|     } | ||||
| </script> | ||||
|  | ||||
| @@ -23,31 +35,42 @@ | ||||
| </Nav> | ||||
|  | ||||
| <div class="flex flex-col h-screen items-center justify-center p-4 space-y-4"> | ||||
|     <div class="flex flex-col items-center space-y-4"> | ||||
|         {@html vaultDoorSvg} | ||||
|         {#if $appState.credentialStatus === 'locked'} | ||||
|     <div class="grid grid-cols-2 gap-6"> | ||||
|         <button | ||||
|             on:click={() => navigate('ManageCredentials')} | ||||
|             class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-primary hover:bg-base-200 transition-transform active:scale-[.98] transition-transform" | ||||
|         > | ||||
|             <Icon name="key" class="size-12 stroke-1 stroke-primary" /> | ||||
|             <h3 class="text-lg font-bold">Credentials</h3> | ||||
|             <p class="text-sm">Add, remove, and change default credentials.</p> | ||||
|         </button> | ||||
|          | ||||
|         <button  | ||||
|             on:click={launchTerminal} | ||||
|             class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-secondary hover:bg-base-200 transition-colors active:scale-[.98] transition-transform" | ||||
|         > | ||||
|             <Icon name="command-line" class="size-12 stroke-1 stroke-secondary" /> | ||||
|             <h3 class="text-lg font-bold">Terminal</h3> | ||||
|             <p class="text-sm">Launch a terminal pre-configured with AWS credentials.</p> | ||||
|         </button> | ||||
|  | ||||
|             <h2 class="text-2xl font-bold">Creddy is locked</h2> | ||||
|             <Link target="Unlock" hotkey="Enter" class="w-64"> | ||||
|                 <button class="btn btn-primary w-full">Unlock</button> | ||||
|             </Link> | ||||
|         <button  | ||||
|             on:click={lock} | ||||
|             class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-warning hover:bg-base-200 transition-colors active:scale-[.98] transition-transform" | ||||
|         > | ||||
|             <Icon name="shield-check" class="size-12 stroke-1 stroke-warning" /> | ||||
|             <h3 class="text-lg font-bold">Lock</h3> | ||||
|             <p class="text-sm">Lock Creddy.</p> | ||||
|         </button> | ||||
|  | ||||
|         {:else if $appState.credentialStatus === 'unlocked'} | ||||
|             <h2 class="text-2xl font-bold">Waiting for requests</h2> | ||||
|             <button class="btn btn-primary w-full" on:click={launchTerminal}> | ||||
|                 Launch Terminal | ||||
|             </button> | ||||
|             <label class="label cursor-pointer flex items-center space-x-2"> | ||||
|                 <span class="label-text">Launch with long-lived credentials</span> | ||||
|                 <input type="checkbox" class="checkbox checkbox-sm" bind:checked={launchBase}> | ||||
|             </label> | ||||
|  | ||||
|         {:else if $appState.credentialStatus === 'empty'} | ||||
|             <h2 class="text-2xl font-bold">No credentials found</h2> | ||||
|             <Link target="EnterCredentials" hotkey="Enter" class="w-64"> | ||||
|                 <button class="btn btn-primary w-full">Enter Credentials</button> | ||||
|             </Link> | ||||
|         {/if} | ||||
|         <button  | ||||
|             on:click={() => invoke('exit')} | ||||
|             class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-accent hover:bg-base-200 transition-colors active:scale-[.98] transition-transform" | ||||
|         > | ||||
|             <Icon name="arrow-right-start-on-rectangle" class="size-12 stroke-1 stroke-accent" /> | ||||
|             <h3 class="text-lg font-bold">Exit</h3> | ||||
|             <p class="text-sm">Close Creddy.</p> | ||||
|         </button> | ||||
|     </div> | ||||
| </div> | ||||
|  | ||||
| @@ -56,10 +79,25 @@ | ||||
|         {#each $appState.setupErrors as error} | ||||
|             {#if error.show} | ||||
|                 <div class="alert alert-error shadow-lg"> | ||||
|                     {error.msg} | ||||
|                     <button class="btn btn-sm btn-alert-error" on:click={() => error.show = false}>Ok</button> | ||||
|                     <span>{error.msg}</span> | ||||
|                     <div> | ||||
|                         <button class="btn btn-sm btn-alert-error" on:click={() => error.show = false}>Ok</button> | ||||
|                     </div> | ||||
|                 </div> | ||||
|             {/if} | ||||
|         {/each} | ||||
|     </div> | ||||
| {/if} | ||||
|  | ||||
| {#if launchTerminalError} | ||||
|     <div class="toast"> | ||||
|         <div class="alert alert-error shadow-lg"> | ||||
|             <span>{launchTerminalError.msg || launchTerminalError}</span> | ||||
|             <div> | ||||
|                 <button class="btn btn-alert-error" on:click={() => launchTerminalError = null}> | ||||
|                     Ok | ||||
|                 </button> | ||||
|             </div> | ||||
|         </div> | ||||
|     </div> | ||||
| {/if} | ||||
							
								
								
									
										122
									
								
								src/views/ManageCredentials.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										122
									
								
								src/views/ManageCredentials.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,122 @@ | ||||
| <script> | ||||
|     import { onMount } from 'svelte'; | ||||
|     import { slide, fade } from 'svelte/transition'; | ||||
|     import { writable } from 'svelte/store'; | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|  | ||||
|     import AwsCredential from './credentials/AwsCredential.svelte'; | ||||
|     import ConfirmDelete from './credentials/ConfirmDelete.svelte'; | ||||
|     import SshKey from './credentials/SshKey.svelte'; | ||||
|     // import NewSshKey from './credentials/NewSshKey.svelte'; | ||||
|     // import EditSshKey from './credentials/EditSshKey.svelte'; | ||||
|     import Icon from '../ui/Icon.svelte'; | ||||
|     import Nav from '../ui/Nav.svelte'; | ||||
|  | ||||
|  | ||||
|     let records = null | ||||
|     $: awsRecords = (records || []).filter(r => r.credential.type === 'AwsBase'); | ||||
|     $: sshRecords = (records || []).filter(r => r.credential.type === 'Ssh'); | ||||
|  | ||||
|     let defaults = writable({}); | ||||
|     async function loadCreds() { | ||||
|         records = await invoke('list_credentials'); | ||||
|         let pairs = records.filter(r => r.is_default).map(r => [r.credential.type, r.id]); | ||||
|         $defaults = Object.fromEntries(pairs); | ||||
|     } | ||||
|     onMount(loadCreds); | ||||
|  | ||||
|     function newAws() { | ||||
|         records.push({ | ||||
|             id: crypto.randomUUID(), | ||||
|             name: null, | ||||
|             is_default: false, | ||||
|             credential: {type: 'AwsBase', AccessKeyId: '', SecretAccessKey: ''}, | ||||
|             isNew: true, | ||||
|         }); | ||||
|         records = records; | ||||
|     } | ||||
|  | ||||
|     function newSsh() { | ||||
|         records.push({ | ||||
|             id: crypto.randomUUID(), | ||||
|             name: null, | ||||
|             is_default: false, | ||||
|             credential: {type: 'Ssh', algorithm: '', comment: '', private_key: '', public_key: '',}, | ||||
|             isNew: true, | ||||
|         }); | ||||
|         records = records; | ||||
|     } | ||||
|  | ||||
|     let confirmDelete; | ||||
|     function handleDelete(evt) { | ||||
|         const record = evt.detail; | ||||
|         if (record.isNew) { | ||||
|             records = records.filter(r => r.id !== record.id); | ||||
|         } | ||||
|         else { | ||||
|             confirmDelete.confirm(record); | ||||
|         } | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <Nav> | ||||
|     <h1 slot="title" class="text-2xl font-bold">Credentials</h1> | ||||
| </Nav> | ||||
|  | ||||
| <div class="max-w-xl mx-auto mb-12 flex flex-col gap-y-12 justify-center"> | ||||
|     <div class="flex flex-col gap-y-4"> | ||||
|         <div class="divider"> | ||||
|             <h2 class="text-xl font-bold">AWS Access Keys</h2> | ||||
|         </div> | ||||
|  | ||||
|         {#if awsRecords.length > 0} | ||||
|             {#each awsRecords as record (record.id)} | ||||
|                 <AwsCredential | ||||
|                     {record} {defaults} | ||||
|                     on:update={loadCreds} | ||||
|                     on:delete={handleDelete} | ||||
|                 /> | ||||
|             {/each} | ||||
|             <button class="btn btn-primary btn-wide mx-auto" on:click={newAws}> | ||||
|                 <Icon name="plus-circle-mini" class="size-5" /> | ||||
|                 Add | ||||
|             </button> | ||||
|         {:else if records !== null} | ||||
|             <div class="flex flex-col gap-6 items-center rounded-box border-2 border-dashed border-neutral-content/30 p-6"> | ||||
|                 <div>You have no saved AWS credentials.</div> | ||||
|                 <button class="btn btn-primary btn-wide mx-auto" on:click={newAws}> | ||||
|                     <Icon name="plus-circle-mini" class="size-5" /> | ||||
|                     Add | ||||
|                 </button> | ||||
|             </div> | ||||
|         {/if} | ||||
|     </div> | ||||
|  | ||||
|     <div class="flex flex-col gap-y-4"> | ||||
|         <div class="divider"> | ||||
|             <h2 class="text-xl font-bold">SSH Keys</h2> | ||||
|         </div> | ||||
|  | ||||
|         {#if sshRecords.length > 0} | ||||
|             {#each sshRecords as record (record.id)} | ||||
|                 <SshKey {record} on:save={loadCreds} on:delete={handleDelete} /> | ||||
|             {/each} | ||||
|             <button class="btn btn-primary btn-wide mx-auto" on:click={newSsh}> | ||||
|                 <Icon name="plus-circle-mini" class="size-5" /> | ||||
|                 Add | ||||
|             </button> | ||||
|         {:else if records !== null} | ||||
|             <div class="flex flex-col gap-6 items-center rounded-box border-2 border-dashed border-neutral-content/30 p-6"> | ||||
|                 <div>You have no saved SSH keys.</div> | ||||
|                 <button class="btn btn-primary btn-wide mx-auto" on:click={newSsh}> | ||||
|                     <Icon name="plus-circle-mini" class="size-5" /> | ||||
|                     Add | ||||
|                 </button> | ||||
|             </div> | ||||
|         {/if} | ||||
|     </div> | ||||
|  | ||||
| </div> | ||||
|  | ||||
| <ConfirmDelete bind:this={confirmDelete} on:confirm={loadCreds} /> | ||||
| @@ -5,7 +5,6 @@ | ||||
|     import { appState } from '../lib/state.js'; | ||||
|     import Nav from '../ui/Nav.svelte'; | ||||
|     import Link from '../ui/Link.svelte'; | ||||
|     import ErrorAlert from '../ui/ErrorAlert.svelte'; | ||||
|     import SettingsGroup from '../ui/settings/SettingsGroup.svelte'; | ||||
|     import Keybind from '../ui/settings/Keybind.svelte'; | ||||
|     import { Setting, ToggleSetting, NumericSetting, FileSetting, TextSetting, TimeSetting } from '../ui/settings'; | ||||
| @@ -21,6 +20,7 @@ | ||||
|     let error = null; | ||||
|     async function save() { | ||||
|         try { | ||||
|             throw('wtf'); | ||||
|             await invoke('save_config', {config}); | ||||
|             $appState.config = await invoke('get_config'); | ||||
|         } | ||||
| @@ -29,6 +29,7 @@ | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     window.getOsType = type; | ||||
|     let osType = null; | ||||
|     type().then(t => osType = t); | ||||
| </script> | ||||
| @@ -38,77 +39,78 @@ | ||||
|     <h1 slot="title" class="text-2xl font-bold">Settings</h1> | ||||
| </Nav> | ||||
|  | ||||
| <div class="max-w-lg mx-auto my-1.5 p-4 space-y-16"> | ||||
|     <SettingsGroup name="General">             | ||||
|         <ToggleSetting title="Start on login" bind:value={config.start_on_login}> | ||||
|             <svelte:fragment slot="description"> | ||||
|                 Start Creddy when you log in to your computer. | ||||
|             </svelte:fragment> | ||||
|         </ToggleSetting> | ||||
|  | ||||
|         <ToggleSetting title="Start minimized" bind:value={config.start_minimized}> | ||||
|             <svelte:fragment slot="description"> | ||||
|                 Minimize to the system tray at startup. | ||||
|             </svelte:fragment> | ||||
|         </ToggleSetting> | ||||
|  | ||||
|         <NumericSetting title="Re-hide delay" bind:value={config.rehide_ms} min={0} unit="Milliseconds"> | ||||
|             <svelte:fragment slot="description"> | ||||
|                 How long to wait after a request is approved/denied before minimizing | ||||
|                 the window to tray. Only applicable if the window was minimized | ||||
|                 to tray before the request was received. | ||||
|             </svelte:fragment> | ||||
|         </NumericSetting> | ||||
|  | ||||
|         <ToggleSetting title="Lock when idle" bind:value={config.auto_lock}> | ||||
|             <svelte:fragment slot="description"> | ||||
|                 Automatically lock Creddy after a period of inactivity. | ||||
|             </svelte:fragment> | ||||
|         </ToggleSetting> | ||||
|  | ||||
|         {#if config.auto_lock} | ||||
|             <TimeSetting title="Idle timeout" bind:seconds={config.lock_after.secs}> | ||||
| <form on:submit|preventDefault={save}> | ||||
|     <div class="max-w-lg mx-auto my-1.5 p-4 space-y-16"> | ||||
|         <SettingsGroup name="General">             | ||||
|             <ToggleSetting title="Start on login" bind:value={config.start_on_login}> | ||||
|                 <svelte:fragment slot="description"> | ||||
|                     How long to wait before automatically locking. | ||||
|                     Start Creddy when you log in to your computer. | ||||
|                 </svelte:fragment> | ||||
|             </TimeSetting> | ||||
|         {/if} | ||||
|             </ToggleSetting> | ||||
|  | ||||
|         <Setting title="Update credentials"> | ||||
|             <Link slot="input" target="EnterCredentials"> | ||||
|                 <button class="btn btn-sm btn-primary">Update</button> | ||||
|             </Link> | ||||
|             <svelte:fragment slot="description"> | ||||
|                 Update or re-enter your encrypted credentials. | ||||
|             </svelte:fragment> | ||||
|         </Setting> | ||||
|             <ToggleSetting title="Start minimized" bind:value={config.start_minimized}> | ||||
|                 <svelte:fragment slot="description"> | ||||
|                     Minimize to the system tray at startup. | ||||
|                 </svelte:fragment> | ||||
|             </ToggleSetting> | ||||
|  | ||||
|         <FileSetting | ||||
|             title="Terminal emulator" | ||||
|             bind:value={config.terminal.exec} | ||||
|          | ||||
|         > | ||||
|             <svelte:fragment slot="description"> | ||||
|                 Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>. | ||||
|             </svelte:fragment> | ||||
|         </FileSetting> | ||||
|     </SettingsGroup> | ||||
|             <NumericSetting title="Re-hide delay" bind:value={config.rehide_ms} min={0} unit="Milliseconds"> | ||||
|                 <svelte:fragment slot="description"> | ||||
|                     How long to wait after a request is approved/denied before minimizing | ||||
|                     the window to tray. Only applicable if the window was minimized | ||||
|                     to tray before the request was received. | ||||
|                 </svelte:fragment> | ||||
|             </NumericSetting> | ||||
|  | ||||
|     <SettingsGroup name="Hotkeys"> | ||||
|         <div class="space-y-4"> | ||||
|             <p>Click on a keybinding to modify it. Use the checkbox to enable or disable a keybinding entirely.</p> | ||||
|             <ToggleSetting title="Lock when idle" bind:value={config.auto_lock}> | ||||
|                 <svelte:fragment slot="description"> | ||||
|                     Automatically lock Creddy after a period of inactivity. | ||||
|                 </svelte:fragment> | ||||
|             </ToggleSetting> | ||||
|  | ||||
|             <div class="grid grid-cols-[auto_1fr_auto] gap-y-3 items-center"> | ||||
|                 <Keybind description="Show Creddy" bind:value={config.hotkeys.show_window} /> | ||||
|                 <Keybind description="Launch terminal" bind:value={config.hotkeys.launch_terminal} /> | ||||
|             {#if config.auto_lock} | ||||
|                 <TimeSetting title="Idle timeout" bind:seconds={config.lock_after.secs}> | ||||
|                     <svelte:fragment slot="description"> | ||||
|                         How long to wait before automatically locking. | ||||
|                     </svelte:fragment> | ||||
|                 </TimeSetting> | ||||
|             {/if} | ||||
|  | ||||
|             <Setting title="Update passphrase"> | ||||
|                 <Link slot="input" target="ChangePassphrase"> | ||||
|                     <button type="button" class="btn btn-sm btn-primary">Update</button> | ||||
|                 </Link> | ||||
|                 <svelte:fragment slot="description"> | ||||
|                     Change your master passphrase. | ||||
|                 </svelte:fragment> | ||||
|             </Setting> | ||||
|  | ||||
|             <FileSetting | ||||
|                 title="Terminal emulator" | ||||
|                 bind:value={config.terminal.exec} | ||||
|             > | ||||
|                 <svelte:fragment slot="description"> | ||||
|                     Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>. | ||||
|                 </svelte:fragment> | ||||
|             </FileSetting> | ||||
|         </SettingsGroup> | ||||
|  | ||||
|         <SettingsGroup name="Hotkeys"> | ||||
|             <div class="space-y-4"> | ||||
|                 <p>Click on a keybinding to modify it. Use the checkbox to enable or disable a keybinding entirely.</p> | ||||
|  | ||||
|                 <div class="grid grid-cols-[auto_1fr_auto] gap-y-3 items-center"> | ||||
|                     <Keybind description="Show Creddy" bind:value={config.hotkeys.show_window} /> | ||||
|                     <Keybind description="Launch terminal" bind:value={config.hotkeys.launch_terminal} /> | ||||
|                 </div> | ||||
|             </div> | ||||
|         </div> | ||||
|     </SettingsGroup> | ||||
|         </SettingsGroup> | ||||
|  | ||||
|     <p class="text-sm text-right"> | ||||
|         Creddy {$appState.appVersion} | ||||
|     </p> | ||||
| </div> | ||||
|         <p class="text-sm text-right"> | ||||
|             Creddy {$appState.appVersion} | ||||
|         </p> | ||||
|     </div> | ||||
| </form> | ||||
|  | ||||
| {#if error} | ||||
|     <div transition:fly={{y: 100, easing: backInOut, duration: 400}} class="toast"> | ||||
|   | ||||
| @@ -1,85 +1,68 @@ | ||||
| <script> | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|     import { emit } from '@tauri-apps/api/event'; | ||||
|     import { onMount } from 'svelte'; | ||||
|     import { onMount, createEventDispatcher } from 'svelte'; | ||||
|  | ||||
|     import { appState } from '../lib/state.js'; | ||||
|     import { navigate } from '../lib/routing.js'; | ||||
|     import { getRootCause } from '../lib/errors.js'; | ||||
|  | ||||
|     import ErrorAlert from '../ui/ErrorAlert.svelte'; | ||||
|     import Link from '../ui/Link.svelte'; | ||||
|     import PassphraseInput from '../ui/PassphraseInput.svelte'; | ||||
|     import ResetPassphrase from './passphrase/ResetPassphrase.svelte'; | ||||
|     import Spinner from '../ui/Spinner.svelte'; | ||||
|     import vaultDoorSvg from '../assets/vault_door.svg?raw'; | ||||
|  | ||||
|  | ||||
|     let errorMsg = null; | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     let alert; | ||||
|     let passphrase = ''; | ||||
|     let loadTime = 0; | ||||
|  | ||||
|     let saving = false; | ||||
|     async function unlock() { | ||||
|         // The hotkey for navigating here from homepage is Enter, which also | ||||
|         // happens to trigger the form submit event | ||||
|         if (Date.now() - loadTime < 10) { | ||||
|             return; | ||||
|         } | ||||
|  | ||||
|         saving = true; | ||||
|         try { | ||||
|             saving = true; | ||||
|             let r = await invoke('unlock', {passphrase}); | ||||
|             $appState.credentialStatus = 'unlocked'; | ||||
|             emit('credentials-event', 'unlocked'); | ||||
|             if ($appState.currentRequest) { | ||||
|                 navigate('Approve'); | ||||
|             } | ||||
|             else { | ||||
|                 navigate('Home'); | ||||
|             } | ||||
|             await alert.run(async () => invoke('unlock', {passphrase})); | ||||
|             $appState.sessionStatus = 'unlocked'; | ||||
|             emit('unlocked'); | ||||
|             dispatch('unlocked'); | ||||
|         } | ||||
|         catch (e) { | ||||
|             const root = getRootCause(e); | ||||
|             if (e.code === 'GetSession' && root.code) { | ||||
|                 errorMsg = `Error response from AWS (${root.code}): ${root.msg}`; | ||||
|             } | ||||
|             else { | ||||
|                 errorMsg = e.msg; | ||||
|             } | ||||
|              | ||||
|             // if the alert already existed, shake it | ||||
|             if (alert) { | ||||
|                 alert.shake(); | ||||
|             } | ||||
|  | ||||
|         finally { | ||||
|             saving = false; | ||||
|         } | ||||
|  | ||||
|     } | ||||
|  | ||||
|     function cancel() { | ||||
|         emit('credentials-event', 'unlock-canceled'); | ||||
|         if ($appState.currentRequest !== null) { | ||||
|             // dirty hack to prevent spurious error when returning to approve screen | ||||
|             delete $appState.currentRequest.response; | ||||
|             navigate('Approve'); | ||||
|         } | ||||
|         else { | ||||
|             navigate('Home'); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     onMount(() => { | ||||
|         loadTime = Date.now(); | ||||
|     }) | ||||
|     let input; | ||||
|     onMount(() => input.focus()); | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <svelte:window on:focus={input.focus} /> | ||||
|  | ||||
| <div class="fixed top-0 w-full p-2 text-center"> | ||||
|     <h1 class="text-3xl font-bold">Creddy is locked</h1> | ||||
| </div> | ||||
|  | ||||
| <form action="#" on:submit|preventDefault="{unlock}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center"> | ||||
|     <h2 class="font-bold text-2xl text-center">Enter your passphrase</h2> | ||||
|     <div class="mx-auto"> | ||||
|         {@html vaultDoorSvg} | ||||
|     </div> | ||||
|  | ||||
|     {#if errorMsg} | ||||
|         <ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert> | ||||
|     {/if} | ||||
|     <label class="space-y-4"> | ||||
|         <h2 class="font-bold text-xl text-center">Please enter your passphrase</h2> | ||||
|  | ||||
|     <!-- svelte-ignore a11y-autofocus --> | ||||
|     <input autofocus name="password" type="password" placeholder="correct horse battery staple" bind:value="{passphrase}" class="input input-bordered" /> | ||||
|         <ErrorAlert bind:this="{alert}" /> | ||||
|  | ||||
|         <!-- svelte-ignore a11y-autofocus --> | ||||
|         <PassphraseInput | ||||
|             bind:this={input} | ||||
|             bind:value={passphrase} | ||||
|             placeholder="correct horse battery staple" | ||||
|         /> | ||||
|     </label> | ||||
|  | ||||
|     <button type="submit" class="btn btn-primary"> | ||||
|         {#if saving} | ||||
| @@ -89,7 +72,5 @@ | ||||
|         {/if} | ||||
|     </button> | ||||
|  | ||||
|     <Link target={cancel} hotkey="Escape"> | ||||
|         <button class="btn btn-sm btn-outline w-full">Cancel</button> | ||||
|     </Link> | ||||
|     <ResetPassphrase /> | ||||
| </form> | ||||
|   | ||||
							
								
								
									
										109
									
								
								src/views/approve/CollectResponse.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										109
									
								
								src/views/approve/CollectResponse.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,109 @@ | ||||
| <script> | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|     import { appState, cleanupRequest } from '../../lib/state.js'; | ||||
|  | ||||
|     import Link from '../../ui/Link.svelte'; | ||||
|     import KeyCombo from '../../ui/KeyCombo.svelte'; | ||||
|  | ||||
|  | ||||
|     // Executable paths can be long, so ensure they only break on \ or / | ||||
|     function breakPath(path) { | ||||
|         return path.replace(/(\\|\/)/g, '$1<wbr>'); | ||||
|     } | ||||
|  | ||||
|     // Extract executable name from full path | ||||
|     const client = $appState.currentRequest.client; | ||||
|     const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/); | ||||
|     const appName = m[1] || m[2]; | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     function setResponse(approval, base) { | ||||
|         $appState.currentRequest.response = { | ||||
|             id: $appState.currentRequest.id, | ||||
|             approval, | ||||
|             base, | ||||
|         }; | ||||
|         dispatch('response'); | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
| {#if $appState.currentRequest?.base} | ||||
|     <div class="alert alert-warning shadow-lg"> | ||||
|         <div> | ||||
|             <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg> | ||||
|             <span> | ||||
|                 WARNING: This application is requesting your base AWS credentials. | ||||
|                 These credentials are less secure than session credentials, since they don't expire automatically. | ||||
|             </span> | ||||
|         </div> | ||||
|     </div> | ||||
| {/if} | ||||
|  | ||||
| <div class="space-y-1 mb-4"> | ||||
|     <h2 class="text-xl font-bold"> | ||||
|         {#if $appState.currentRequest.type === 'Aws'} | ||||
|             {#if $appState.currentRequest.name} | ||||
|                 {appName ? `"${appName}"` : 'An appplication'} would like to access your AWS access key "{$appState.currentRequest.name}". | ||||
|             {:else} | ||||
|                 {appName ? `"${appName}"` : 'An appplication'} would like to access your default AWS access key | ||||
|             {/if} | ||||
|         {:else if $appState.currentRequest.type === 'Ssh'} | ||||
|             {appName ? `"${appName}"` : 'An application'} would like to use your SSH key "{$appState.currentRequest.key_name}". | ||||
|         {:else if $appState.currentRequest.type === 'Docker'} | ||||
|             {appName ? `"${appName}"` : 'An application'} would like to use your Docker credentials for <code>{$appState.currentRequest.server_url}</code>. | ||||
|         {/if} | ||||
|     </h2> | ||||
|  | ||||
|     <div class="grid grid-cols-[auto_1fr] gap-x-3"> | ||||
|         <div class="text-right">Path:</div> | ||||
|         <code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code> | ||||
|         <div class="text-right">PID:</div> | ||||
|         <code>{client.pid}</code> | ||||
|     </div> | ||||
| </div> | ||||
|  | ||||
| <div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6"> | ||||
|         <!-- Don't display the option to approve with session credentials if base was specifically requested --> | ||||
|         {#if !$appState.currentRequest?.base} | ||||
|             <h3 class="font-semibold"> | ||||
|                 {#if $appState.currentRequest.type === 'Aws'} | ||||
|                     Approve with session credentials | ||||
|                 {:else} | ||||
|                     Approve | ||||
|                 {/if} | ||||
|             </h3> | ||||
|             <Link target={() => setResponse('Approved', false)} hotkey="Enter" shift={true}> | ||||
|                 <button class="w-full btn btn-success"> | ||||
|                     <KeyCombo keys={['Shift', 'Enter']} /> | ||||
|                 </button> | ||||
|             </Link> | ||||
|         {/if} | ||||
|  | ||||
|         {#if $appState.currentRequest.type === 'Aws'} | ||||
|             <h3 class="font-semibold"> | ||||
|                 <span class="mr-2"> | ||||
|                     {#if $appState.currentRequest?.base} | ||||
|                         Approve | ||||
|                     {:else} | ||||
|                         Approve with base credentials | ||||
|                     {/if} | ||||
|                 </span> | ||||
|             </h3> | ||||
|             <Link target={() => setResponse('Approved', true)} hotkey="Enter" shift={true} ctrl={true}> | ||||
|                 <button class="w-full btn btn-warning"> | ||||
|                     <KeyCombo keys={['Ctrl', 'Shift', 'Enter']} /> | ||||
|                 </button> | ||||
|             </Link> | ||||
|         {/if} | ||||
|  | ||||
|         <h3 class="font-semibold"> | ||||
|             <span class="mr-2">Deny</span> | ||||
|         </h3> | ||||
|         <Link target={() => setResponse('Denied', false)} hotkey="Escape"> | ||||
|             <button class="w-full btn btn-error"> | ||||
|                 <KeyCombo keys={['Esc']} /> | ||||
|             </button> | ||||
|         </Link> | ||||
| </div> | ||||
| @@ -1,8 +1,7 @@ | ||||
| <script> | ||||
|     import { onMount } from 'svelte'; | ||||
|     import { draw, fade } from 'svelte/transition'; | ||||
| 
 | ||||
|     import { appState, cleanupRequest } from '../lib/state.js'; | ||||
|     import { appState } from '../../lib/state.js'; | ||||
|      | ||||
|     let success = false; | ||||
|     let error = null; | ||||
| @@ -10,14 +9,6 @@ | ||||
|     let drawDuration = $appState.config.rehide_ms >= 750 ? 500 : 0; | ||||
|     let fadeDuration = drawDuration * 0.6; | ||||
|     let fadeDelay = drawDuration * 0.4; | ||||
| 
 | ||||
|     onMount(() => { | ||||
|         window.setTimeout( | ||||
|             cleanupRequest, | ||||
|             // Extra 50ms so the window can finish disappearing before the redraw | ||||
|             Math.min(5000, $appState.config.rehide_ms + 50), | ||||
|         ) | ||||
|     }) | ||||
| </script> | ||||
| 
 | ||||
| 
 | ||||
							
								
								
									
										119
									
								
								src/views/credentials/AwsCredential.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										119
									
								
								src/views/credentials/AwsCredential.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,119 @@ | ||||
| <script> | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|     import { fade, slide } from 'svelte/transition'; | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|  | ||||
|     import ErrorAlert from '../../ui/ErrorAlert.svelte'; | ||||
|     import Icon from '../../ui/Icon.svelte'; | ||||
|  | ||||
|     export let record; | ||||
|     export let defaults; | ||||
|  | ||||
|     import PassphraseInput from '../../ui/PassphraseInput.svelte'; | ||||
|  | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     let showDetails = record.isNew ? true : false; | ||||
|  | ||||
|     let local = JSON.parse(JSON.stringify(record)); | ||||
|     $: isModified = JSON.stringify(local) !== JSON.stringify(record); | ||||
|      | ||||
|     // explicitly subscribe to updates to `default`, so that we can update | ||||
|     // our local copy even if the component hasn't been recreated | ||||
|     // (sadly we can't use a reactive binding because reasons I guess) | ||||
|     defaults.subscribe(d => local.is_default = local.id === d[local.credential.type]) | ||||
|  | ||||
|     let alert; | ||||
|     async function saveCredential() { | ||||
|         await invoke('save_credential', {record: local}); | ||||
|         dispatch('update'); | ||||
|         showDetails = false; | ||||
|     } | ||||
|  | ||||
|      | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <div class="rounded-box space-y-4 bg-base-200 {record.is_default ? 'border border-accent' : ''}"> | ||||
|     <div class="flex items-center px-6 py-4 gap-x-4"> | ||||
|         <h3 class="text-lg font-bold"> | ||||
|             {#if !record?.isNew && showDetails} | ||||
|                 <input type="text" class="input input-bordered bg-transparent" bind:value={local.name}> | ||||
|             {:else} | ||||
|                 {record.name || ''} | ||||
|             {/if} | ||||
|         </h3> | ||||
|  | ||||
|         {#if record.is_default} | ||||
|             <span class="badge badge-accent">Default</span> | ||||
|         {/if} | ||||
|  | ||||
|         <div class="join ml-auto"> | ||||
|             <button | ||||
|                 type="button" | ||||
|                 class="btn btn-outline join-item" | ||||
|                 on:click={() => showDetails = !showDetails} | ||||
|             > | ||||
|                 <Icon name="pencil" class="size-6" /> | ||||
|             </button> | ||||
|             <button | ||||
|                 type="button" | ||||
|                 class="btn btn-outline btn-error join-item" | ||||
|                 on:click={() => dispatch('delete', record)} | ||||
|             > | ||||
|                 <Icon name="trash" class="size-6" /> | ||||
|             </button> | ||||
|         </div> | ||||
|     </div> | ||||
|  | ||||
|  | ||||
|     {#if showDetails} | ||||
|         <form | ||||
|             transition:slide|local={{duration: 200}} | ||||
|             class=" px-6 pb-4 space-y-4" | ||||
|             on:submit|preventDefault={() => alert.run(saveCredential)} | ||||
|         > | ||||
|             <ErrorAlert bind:this={alert} /> | ||||
|  | ||||
|             <div class="grid grid-cols-[auto_1fr] items-center gap-4"> | ||||
|                 {#if record.isNew} | ||||
|                     <span class="justify-self-end">Name</span> | ||||
|                     <input | ||||
|                         type="text" | ||||
|                         class="input input-bordered bg-transparent" | ||||
|                         bind:value={local.name} | ||||
|                     > | ||||
|                 {/if} | ||||
|  | ||||
|                 <span class="justify-self-end">Key ID</span> | ||||
|                 <input | ||||
|                     type="text" | ||||
|                     class="input input-bordered font-mono bg-transparent" | ||||
|                     bind:value={local.credential.AccessKeyId} | ||||
|                 > | ||||
|  | ||||
|                 <span>Secret key</span> | ||||
|                 <div class="font-mono"> | ||||
|                     <PassphraseInput class="bg-transparent" bind:value={local.credential.SecretAccessKey} /> | ||||
|                 </div> | ||||
|             </div> | ||||
|  | ||||
|             <div class="flex justify-between"> | ||||
|                 <label class="label cursor-pointer justify-self-start space-x-4"> | ||||
|                     <span class="label-text">Default AWS access key</span> | ||||
|                     <input type="checkbox" class="toggle toggle-accent" bind:checked={local.is_default}> | ||||
|                 </label> | ||||
|                 {#if isModified} | ||||
|                     <button | ||||
|                         transition:fade={{duration: 100}} | ||||
|                         type="submit" | ||||
|                         class="btn btn-primary" | ||||
|                     > | ||||
|                         Save | ||||
|                     </button> | ||||
|                 {/if} | ||||
|             </div> | ||||
|         </form> | ||||
|     {/if} | ||||
| </div> | ||||
							
								
								
									
										62
									
								
								src/views/credentials/ConfirmDelete.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										62
									
								
								src/views/credentials/ConfirmDelete.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,62 @@ | ||||
| <script> | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|  | ||||
|     import ErrorAlert from '../../ui/ErrorAlert.svelte'; | ||||
|  | ||||
|     let record; | ||||
|     let modal; | ||||
|     let alert; | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     export function confirm(r) { | ||||
|         record = r; | ||||
|         modal.showModal(); | ||||
|     } | ||||
|  | ||||
|     async function deleteCredential() { | ||||
|         await invoke('delete_credential', {id: record.id}) | ||||
|         // closing the modal is dependent on the previous step succeeding | ||||
|         modal.close(); | ||||
|         dispatch('confirm'); | ||||
|     } | ||||
|  | ||||
|     function credentialDescription(record) { | ||||
|         if (record.credential.type === 'AwsBase') { | ||||
|             return 'AWS credential'; | ||||
|         } | ||||
|         if (record.credential.type === 'Ssh') { | ||||
|             return 'SSH key'; | ||||
|         } | ||||
|     } | ||||
| </script> | ||||
|  | ||||
| <dialog bind:this={modal} class="modal"> | ||||
|     <div class="modal-box space-y-6"> | ||||
|         <ErrorAlert bind:this={alert} /> | ||||
|         <h3 class="text-lg font-bold"> | ||||
|             {#if record} | ||||
|                 Delete {credentialDescription(record)} "{record.name}"? | ||||
|             {/if} | ||||
|         </h3> | ||||
|         <div class="modal-action"> | ||||
|             <form method="dialog" class="flex gap-x-4"> | ||||
|                 <button | ||||
|                     class="btn btn-outline" | ||||
|                     on:click={() => alert.setError(null)} | ||||
|                 > | ||||
|                     Cancel | ||||
|                 </button> | ||||
|  | ||||
|                 <button | ||||
|                     autofocus | ||||
|                     class="btn btn-error" | ||||
|                     on:click|preventDefault={() => alert.run(deleteCredential)} | ||||
|                 > | ||||
|                     Delete | ||||
|                 </button> | ||||
|             </form> | ||||
|         </div> | ||||
|     </div> | ||||
| </dialog> | ||||
							
								
								
									
										84
									
								
								src/views/credentials/EditSshKey.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										84
									
								
								src/views/credentials/EditSshKey.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,84 @@ | ||||
| <script> | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|     import { fade } from 'svelte/transition'; | ||||
|  | ||||
|     import ErrorAlert from '../../ui/ErrorAlert.svelte'; | ||||
|  | ||||
|  | ||||
|     export let local; | ||||
|     export let isModified; | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|     let alert; | ||||
|  | ||||
|     async function saveCredential() { | ||||
|         await invoke('save_credential', {record: local}); | ||||
|         dispatch('save', local); | ||||
|     } | ||||
|  | ||||
|     async function copyText(evt) { | ||||
|         const tooltip = event.currentTarget; | ||||
|         await navigator.clipboard.writeText(tooltip.dataset.copyText); | ||||
|         const prevText = tooltip.dataset.tip; | ||||
|         tooltip.dataset.tip = 'Copied!'; | ||||
|         window.setTimeout(() => tooltip.dataset.tip = prevText, 2000); | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <style> | ||||
|     .grid { | ||||
|         grid-template-columns: auto minmax(0, 1fr); | ||||
|     } | ||||
| </style> | ||||
|  | ||||
|  | ||||
| <form class="space-y-4" on:submit|preventDefault={() => alert.run(saveCredential)}> | ||||
|     <ErrorAlert bind:this={alert} /> | ||||
|  | ||||
|     <div class="grid items-baseline gap-4"> | ||||
|         <span class="justify-self-end">Comment</span> | ||||
|         <input | ||||
|             type="text" | ||||
|             class="input input-bordered bg-transparent" | ||||
|             bind:value={local.credential.comment} | ||||
|         > | ||||
|  | ||||
|         <span class="justify-self-end">Public key</span> | ||||
|         <div | ||||
|             class="tooltip tooltip-right" | ||||
|             data-tip="Click to copy" | ||||
|             data-copy-text={local.credential.public_key} | ||||
|             on:click={copyText} | ||||
|         > | ||||
|             <div class="cursor-pointer text-left textarea textarea-bordered bg-transparent font-mono break-all"> | ||||
|                 {local.credential.public_key} | ||||
|             </div> | ||||
|         </div> | ||||
|  | ||||
|         <span class="justify-self-end">Private key</span> | ||||
|         <div | ||||
|             class="tooltip tooltip-right" | ||||
|             data-tip="Click to copy" | ||||
|             data-copy-text={local.credential.private_key} | ||||
|             on:click={copyText} | ||||
|         > | ||||
|             <div class="cursor-pointer text-left textarea textarea-bordered bg-transparent font-mono whitespace-pre overflow-x-auto"> | ||||
|                 {local.credential.private_key} | ||||
|             </div> | ||||
|         </div> | ||||
|     </div> | ||||
|  | ||||
|     <div class="flex justify-end"> | ||||
|         {#if isModified} | ||||
|             <button | ||||
|                 transition:fade={{duration: 100}} | ||||
|                 type="submit" | ||||
|                 class="btn btn-primary" | ||||
|             > | ||||
|                 Save | ||||
|             </button> | ||||
|         {/if} | ||||
|     </div> | ||||
| </form> | ||||
							
								
								
									
										119
									
								
								src/views/credentials/NewSshKey.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										119
									
								
								src/views/credentials/NewSshKey.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,119 @@ | ||||
| <script> | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|     import { homeDir } from '@tauri-apps/api/path'; | ||||
|     import { fade } from 'svelte/transition'; | ||||
|  | ||||
|     import ErrorAlert from '../../ui/ErrorAlert.svelte'; | ||||
|     import FileInput from '../../ui/FileInput.svelte'; | ||||
|     import PassphraseInput from '../../ui/PassphraseInput.svelte'; | ||||
|     import Spinner from '../../ui/Spinner.svelte'; | ||||
|  | ||||
|     export let record; | ||||
|  | ||||
|     let name; | ||||
|     let file; | ||||
|     let privateKey = ''; | ||||
|     let passphrase = ''; | ||||
|     let showDetails = true; | ||||
|     let mode = 'file'; | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     let defaultPath = null; | ||||
|     homeDir().then(d => defaultPath = `${d}/.ssh`); | ||||
|  | ||||
|  | ||||
|     let alert; | ||||
|     let saving = false; | ||||
|     async function saveCredential() { | ||||
|         saving = true; | ||||
|         try { | ||||
|             let key = await getKey(); | ||||
|             const payload = { | ||||
|                 id: record.id, | ||||
|                 name, | ||||
|                 is_default: false, // ssh keys don't care about defaults | ||||
|                 credential: {type: 'Ssh', ...key}, | ||||
|             }; | ||||
|             await invoke('save_credential', {record: payload}); | ||||
|             dispatch('save', payload); | ||||
|         } | ||||
|         finally { | ||||
|             saving = false; | ||||
|         } | ||||
|     } | ||||
|  | ||||
|     async function getKey() { | ||||
|         if (mode === 'file') { | ||||
|             return await invoke('sshkey_from_file', {path: file.path, passphrase}); | ||||
|         } | ||||
|         else { | ||||
|             return await invoke('sshkey_from_private_key', {privateKey, passphrase}); | ||||
|         } | ||||
|     } | ||||
|  | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <div role="tablist" class="join max-w-sm mx-auto flex justify-center"> | ||||
|         <button | ||||
|             type="button" | ||||
|             role="tab" | ||||
|             class="join-item flex-1 btn border border-primary hover:border-primary" | ||||
|             class:btn-primary={mode === 'file'} | ||||
|             on:click={() => mode = 'file'} | ||||
|         > | ||||
|             From file | ||||
|         </button> | ||||
|         <button | ||||
|             type="button" | ||||
|             role="tab" | ||||
|             class="join-item flex-1 btn border border-primary hover:border-primary" | ||||
|             class:btn-primary={mode === 'direct'} | ||||
|             on:click={() => mode = 'direct'} | ||||
|         > | ||||
|             From private key | ||||
|         </button> | ||||
| </div> | ||||
|  | ||||
|  | ||||
| <form class="space-y-4" on:submit|preventDefault={alert.run(saveCredential)}> | ||||
|     <ErrorAlert bind:this={alert} /> | ||||
|  | ||||
|     <div class="grid grid-cols-[auto_1fr] items-center gap-4"> | ||||
|         <span class="justify-self-end">Name</span> | ||||
|         <input | ||||
|             type="text" | ||||
|             class="input input-bordered bg-transparent" | ||||
|             bind:value={name} | ||||
|         > | ||||
|  | ||||
|         {#if mode === 'file'} | ||||
|             <span class="justify-self-end">File</span> | ||||
|             <FileInput params={{defaultPath}} bind:value={file} on:update={() => name = file.name} /> | ||||
|         {:else} | ||||
|             <span class="justify-self-end">Private key</span> | ||||
|             <textarea bind:value={privateKey} rows="5" class="textarea textarea-bordered bg-transparent font-mono whitespace-pre overflow-x-auto"></textarea> | ||||
|         {/if} | ||||
|  | ||||
|         <span class="justify-self-end">Passphrase</span> | ||||
|         <PassphraseInput class="bg-transparent" bind:value={passphrase} /> | ||||
|     </div> | ||||
|  | ||||
|     <div class="flex justify-end"> | ||||
|         {#if file?.path || privateKey !== ''} | ||||
|             <button | ||||
|                 transition:fade={{duration: 100}} | ||||
|                 type="submit" | ||||
|                 class="btn btn-primary" | ||||
|             > | ||||
|                 {#if saving} | ||||
|                     <Spinner class="size-5 min-w-16" thickness="12" /> | ||||
|                 {:else} | ||||
|                     <span class="min-w-16">Save</span> | ||||
|                 {/if} | ||||
|             </button> | ||||
|         {/if} | ||||
|     </div> | ||||
| </form> | ||||
							
								
								
									
										71
									
								
								src/views/credentials/SshKey.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										71
									
								
								src/views/credentials/SshKey.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,71 @@ | ||||
| <script> | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|     import { slide } from 'svelte/transition'; | ||||
|  | ||||
|     import NewSshKey from './NewSshKey.svelte'; | ||||
|     import EditSshKey from './EditSshKey.svelte'; | ||||
|     import Icon from '../../ui/Icon.svelte'; | ||||
|  | ||||
|     export let record; | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     function copy(obj) { | ||||
|         return JSON.parse(JSON.stringify(obj)); | ||||
|     } | ||||
|  | ||||
|     let local = copy(record); | ||||
|     $: isModified = JSON.stringify(local) !== JSON.stringify(record); | ||||
|     let showDetails = record?.isNew; | ||||
|  | ||||
|     function handleSave(evt) { | ||||
|         local = copy(evt.detail); | ||||
|         showDetails = false; | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <div class="rounded-box space-y-4 bg-base-200"> | ||||
|     <div class="flex items-center px-6 py-4 gap-x-4"> | ||||
|         {#if !record.isNew} | ||||
|             {#if showDetails} | ||||
|                 <input  | ||||
|                     type="text" | ||||
|                     class="input input-bordered bg-transparent text-lg font-bold" | ||||
|                     bind:value={local.name} | ||||
|                 > | ||||
|             {:else} | ||||
|                 <h3 class="text-lg font-bold"> | ||||
|                     {record.name} | ||||
|                 </h3> | ||||
|             {/if} | ||||
|         {/if} | ||||
|  | ||||
|         <div class="join ml-auto"> | ||||
|             <button | ||||
|                 type="button" | ||||
|                 class="btn btn-outline join-item" | ||||
|                 on:click={() => showDetails = !showDetails} | ||||
|             > | ||||
|                 <Icon name="pencil" class="size-6" /> | ||||
|             </button> | ||||
|             <button | ||||
|                 type="button" | ||||
|                 class="btn btn-outline btn-error join-item" | ||||
|                 on:click={() => dispatch('delete', record)} | ||||
|             > | ||||
|                 <Icon name="trash" class="size-6" /> | ||||
|             </button> | ||||
|         </div> | ||||
|     </div> | ||||
|  | ||||
|     {#if record && showDetails} | ||||
|         <div transition:slide|local={{duration: 200}} class="px-6 pb-4 space-y-4"> | ||||
|             {#if record.isNew} | ||||
|                 <NewSshKey {record} on:save on:save={handleSave} /> | ||||
|             {:else} | ||||
|                 <EditSshKey bind:local={local} {isModified} on:save={handleSave} on:save /> | ||||
|             {/if} | ||||
|         </div> | ||||
|     {/if} | ||||
| </div> | ||||
							
								
								
									
										109
									
								
								src/views/passphrase/EnterPassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										109
									
								
								src/views/passphrase/EnterPassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,109 @@ | ||||
| <script> | ||||
|     import { createEventDispatcher } from 'svelte'; | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|     import { appState } from '../../lib/state.js'; | ||||
|  | ||||
|     import ErrorAlert from '../../ui/ErrorAlert.svelte'; | ||||
|     import Link from '../../ui/Link.svelte'; | ||||
|     import PassphraseInput from '../../ui/PassphraseInput.svelte'; | ||||
|     import ResetPassphrase from './ResetPassphrase.svelte'; | ||||
|     import Spinner from '../../ui/Spinner.svelte'; | ||||
|  | ||||
|     export let cancellable = false; | ||||
|  | ||||
|  | ||||
|     const dispatch = createEventDispatcher(); | ||||
|  | ||||
|     let alert; | ||||
|     let saving = false; | ||||
|     let passphrase = ''; | ||||
|     let confirmPassphrase = ''; | ||||
|  | ||||
|     // onChange only fires when an input loses focus, so always set the error if not set | ||||
|     function onChange() { | ||||
|         console.log(`onChange: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`) | ||||
|         if (passphrase !== confirmPassphrase) { | ||||
|             alert.setError('Passphrases do not match.'); | ||||
|         } | ||||
|         else { | ||||
|             alert.setError(null); | ||||
|         } | ||||
|     } | ||||
|     // onInput fires on every keystroke, so only dismiss the error, don't create it | ||||
|     function onInput() { | ||||
|         console.log(`onInput: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`) | ||||
|         if (passphrase === confirmPassphrase) { | ||||
|             alert.setError(null); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|  | ||||
|     async function save() { | ||||
|         if (passphrase !== confirmPassphrase) { | ||||
|             return; | ||||
|         } | ||||
|  | ||||
|         if (passphrase === '') { | ||||
|             alert.setError('Passphrase is empty.') | ||||
|             return; | ||||
|         } | ||||
|  | ||||
|         saving = true; | ||||
|         try { | ||||
|             await alert.run(async () => { | ||||
|                 await invoke('set_passphrase', {passphrase}) | ||||
|                 throw('something bad happened'); | ||||
|                 $appState.sessionStatus = 'unlocked'; | ||||
|                 dispatch('save'); | ||||
|             }); | ||||
|         } | ||||
|         finally { | ||||
|             saving = false; | ||||
|         } | ||||
|     } | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <form class="form-control gap-y-4" on:submit|preventDefault={save}> | ||||
|     <ErrorAlert bind:this={alert} /> | ||||
|  | ||||
|     <label class="form-control w-full"> | ||||
|         <div class="label"> | ||||
|             <span class="label-text">Passphrase</span> | ||||
|         </div> | ||||
|         <PassphraseInput | ||||
|             bind:value={passphrase} | ||||
|             on:input={onInput} | ||||
|             placeholder="correct horse battery staple" | ||||
|         /> | ||||
|     </label> | ||||
|  | ||||
|     <label class="form-control w-full"> | ||||
|         <div class="label"> | ||||
|             <span class="label-text">Re-enter passphrase</span> | ||||
|         </div> | ||||
|         <PassphraseInput | ||||
|             bind:value={confirmPassphrase} | ||||
|             on:input={onInput} on:change={onChange} | ||||
|             placeholder="correct horse battery staple" | ||||
|         /> | ||||
|     </label> | ||||
|  | ||||
|     <button type="submit" class="btn btn-primary"> | ||||
|         {#if saving} | ||||
|             <Spinner class="w-5 h-5" thickness="12"/> | ||||
|         {:else} | ||||
|             Submit | ||||
|         {/if} | ||||
|     </button> | ||||
|  | ||||
|     {#if cancellable} | ||||
|         <Link target="Settings" hotkey="Escape"> | ||||
|             <button type="button" class="btn btn-outline btn-sm w-full">Cancel</button> | ||||
|         </Link> | ||||
|     {/if} | ||||
|  | ||||
|     {#if $appState.sessionStatus === 'locked'} | ||||
|         <ResetPassphrase /> | ||||
|     {/if} | ||||
| </form> | ||||
							
								
								
									
										41
									
								
								src/views/passphrase/ResetPassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								src/views/passphrase/ResetPassphrase.svelte
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,41 @@ | ||||
| <script> | ||||
|     import { invoke } from '@tauri-apps/api/core'; | ||||
|     import { appState } from '../../lib/state.js'; | ||||
|  | ||||
|     import ErrorAlert from '../../ui/ErrorAlert.svelte'; | ||||
|  | ||||
|  | ||||
|     let modal; | ||||
|     let alert; | ||||
|  | ||||
|     async function reset() { | ||||
|         await invoke('reset_session'); | ||||
|         $appState.sessionStatus = 'empty'; | ||||
|     } | ||||
|  | ||||
|  | ||||
| </script> | ||||
|  | ||||
|  | ||||
| <button type="button" class="self-end text-sm text-secondary/75 hover:underline focus:ring-accent" on:click={modal.showModal()}> | ||||
|     Reset passphrase | ||||
| </button> | ||||
|  | ||||
| <dialog class="modal" bind:this={modal}> | ||||
|     <div class="modal-box space-y-6"> | ||||
|         <ErrorAlert bind:this={alert} /> | ||||
|         <h3 class="text-lg font-bold">Delete all credentials?</h3> | ||||
|         <div class="space-y-2"> | ||||
|             <p>Credentials are encrypted with your current passphrase and will be lost if the passphrase is reset.</p> | ||||
|             <p>Are you sure you want to reset your passphrase and delete all saved credentials?</p> | ||||
|         </div> | ||||
|         <div class="modal-action"> | ||||
|             <form method="dialog" class="flex gap-x-4"> | ||||
|                 <button autofocus class="btn btn-outline">Cancel</button> | ||||
|                 <button class="btn btn-error" on:click|preventDefault={() => alert.run(reset)}> | ||||
|                     Reset | ||||
|                 </button> | ||||
|             </form> | ||||
|         </div> | ||||
|     </div> | ||||
| </dialog> | ||||
| @@ -10,4 +10,40 @@ module.exports = { | ||||
|   plugins: [ | ||||
|     require('daisyui'), | ||||
|   ], | ||||
|   daisyui: { | ||||
|     themes: [ | ||||
|       { | ||||
|         creddy: { | ||||
|           "primary": "#0ea5e9", | ||||
|           "secondary": "#fb923c", | ||||
|           "accent": "#8b5cf6", | ||||
|           "neutral": "#374151", | ||||
|           "base-100": "#252e3a", | ||||
|           "info": "#66cccc", | ||||
|           "success": "#52bf73", | ||||
|           "warning": "#d1a900", | ||||
|           "error": "#f87171", | ||||
|         }, | ||||
|       }, | ||||
|       { | ||||
|         "summer-night": { | ||||
|           "primary": "#0ea5e9", | ||||
|           "secondary": "#0ea5e9", | ||||
|           "accent": "#fb923c", | ||||
|           "neutral": "#393939", | ||||
|           "base-100": "#2d2d2d", | ||||
|           "info": "#66cccc", | ||||
|           "success": "#22c55e", | ||||
|           "warning": "#d1a900", | ||||
|           "error": "#f2777a" | ||||
|         }, | ||||
|       }, | ||||
|       "dark", | ||||
|       "night", | ||||
|       "dracula", | ||||
|       "sunset", | ||||
|       "dim", | ||||
|       "light" | ||||
|     ] | ||||
|   }, | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user