jfmonty2/creddy
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 15 Wiki Activity

Compare commits

merge into: jfmonty2:persistent-session
Branches Tags
jfmonty2:master
jfmonty2:docker-helper
jfmonty2:persistent-session
jfmonty2:ssh-agent
jfmonty2:generalized-credentials
jfmonty2:pipe
jfmonty2:terminal
jfmonty2:wincon
jfmonty2:wip
jfmonty2:dev2
jfmonty2:dev
jfmonty2:v0.6.5
jfmonty2:v0.6.3
jfmonty2:v0.6.2
jfmonty2:v0.6.0
jfmonty2:v0.5.4
jfmonty2:v0.5.3
jfmonty2:v0.5.1
jfmonty2:v0.5.0
jfmonty2:v0.4.7
jfmonty2:v0.4.6
jfmonty2:v0.4.5
jfmonty2:v0.4.4
jfmonty2:v0.4.2
jfmonty2:v0.4.1
jfmonty2:v0.4.0
jfmonty2:v0.3.3
jfmonty2:v0.3.1
jfmonty2:v0.3.0
jfmonty2:v0.2.3
jfmonty2:v0.2.1
jfmonty2:show
jfmonty2:v0.2.0
...
pull from: jfmonty2:master
Branches Tags
jfmonty2:master
jfmonty2:docker-helper
jfmonty2:persistent-session
jfmonty2:ssh-agent
jfmonty2:generalized-credentials
jfmonty2:pipe
jfmonty2:terminal
jfmonty2:wincon
jfmonty2:wip
jfmonty2:dev2
jfmonty2:dev
jfmonty2:v0.6.5
jfmonty2:v0.6.3
jfmonty2:v0.6.2
jfmonty2:v0.6.0
jfmonty2:v0.5.4
jfmonty2:v0.5.3
jfmonty2:v0.5.1
jfmonty2:v0.5.0
jfmonty2:v0.4.7
jfmonty2:v0.4.6
jfmonty2:v0.4.5
jfmonty2:v0.4.4
jfmonty2:v0.4.2
jfmonty2:v0.4.1
jfmonty2:v0.4.0
jfmonty2:v0.3.3
jfmonty2:v0.3.1
jfmonty2:v0.3.0
jfmonty2:v0.2.3
jfmonty2:v0.2.1
jfmonty2:show
jfmonty2:v0.2.0

26 Commits
persistent ... master

Author SHA1 Message Date
Joseph Montanaro
862c68c846 update todo 2025-01-04 11:02:58 -05:00
Joseph Montanaro
ac62171467 upgrade to tauri 2.2.0 2025-01-04 10:50:04 -05:00
Joseph Montanaro
2080fb897b fix autolaunch name in dev/prod 2025-01-03 16:43:45 -05:00
Joseph Montanaro
bf62054c2b make windows work again 2025-01-03 07:52:10 -05:00
Joseph Montanaro
cd4c613758 improve start-minimized and start-on-login behavior 
Previously, when Creddy was configured to start minimized, it would always start minimized, regardless of how it was launched. Really, though, when you use this setting what you probably want is for it to start minimized only when it's being launched automatically, i.e. on login. This update changes its behavior so that it will only start minimized when auto-launching.

Additionally, if Creddy detects on startup that its start-on-login configuration doesn't match the system, it will modify its own settings to match the system (unless it's the very first launch, of course.) That way if you disable Creddy's start-on-login behavior from your system dialog, it will respect your change.
 2024-12-30 21:09:45 -05:00
Joseph Montanaro
efbf6c687c add test to ensure that client and server agree on socket address 2024-12-28 07:36:38 -05:00
Joseph Montanaro
ee495478ff start working on test for server address 2024-12-28 07:24:43 -05:00
Joseph Montanaro
4c18de8b7a fix docker credential helper when credentials are not found 2024-12-28 06:59:09 -05:00
Joseph Montanaro
0cfa9fc07a correct server socket differentiation 2024-12-27 15:49:42 -05:00
Joseph Montanaro
9e9bc2b0ae separate dev and production instances and add visual indicators of dev mode 2024-12-27 08:17:49 -05:00
Joseph Montanaro
07bf98e522 bump version to 0.6.0 2024-11-25 14:58:53 -05:00
Joseph Montanaro
e0e758554c finish basic Docker credential helper implementation 2024-11-25 14:47:30 -05:00
Joseph Montanaro
479a0a96eb add Docker credentials to management page 2024-11-25 12:02:44 -05:00
Joseph Montanaro
c6e22fc91b show client username, check whether credential exists before requesting confirmation from frontend 2024-11-25 11:22:27 -05:00
Joseph Montanaro
9bc9cb56c1 finish extremely basic implementation of docker credentials 2024-11-25 07:58:02 -05:00
Joseph Montanaro
8bcdc5420a add CliRequest variants to store/erase docker credentials 2024-11-25 07:58:02 -05:00
Joseph Montanaro
0a355c299b working implementation of docker get 2024-11-25 07:58:02 -05:00
Joseph Montanaro
192d9058c3 send SaveCredential request to frontend on docker store 2024-11-25 07:58:02 -05:00
Joseph Montanaro
b88b32d0f1 add Docker credentials to app and CLI 2024-11-25 07:58:02 -05:00
Joseph Montanaro
12c97c4a7d start working on docker helper 2024-11-25 07:58:02 -05:00
Joseph Montanaro
97528d65d6 link visibility of passphrase inputs on EnterPassphrase page 2024-11-24 09:37:33 -05:00
Joseph Montanaro
295698e62f focus unlock input when window is focused 2024-09-18 09:29:14 -04:00
Joseph Montanaro
3b61aa924a test CLI credentials against main app 2024-07-21 06:38:25 -04:00
Joseph Montanaro
02ba19d709 switch to clap derive instead of builder 2024-07-15 14:54:25 -04:00
Joseph Montanaro
55801384eb split into workspace so CLI can be a standalone crate 2024-07-15 10:34:51 -04:00
Joseph Montanaro
27c2f467c4 fix cli invocations in gui entrypoint 2024-07-14 20:51:49 -04:00
54 changed files with 5425 additions and 2762 deletions
Show Stats Expand all files Collapse all files

3
doc/todo.md
View File

@ -11,7 +11,8 @@
* Logging
* Icon
* Auto-updates
* SSH key handling
* ~~SSH key handling~~
* ~~Docker credential helper~~
* Encrypted sync server
## Maybe

92
package-lock.json generated
View File

@ -1,12 +1,12 @@
{
"name": "creddy",
"version": "0.4.9",
"version": "0.6.4",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "creddy",
"version": "0.4.9",
"version": "0.6.4",
"dependencies": {
"@tauri-apps/api": "^2.0.0-beta.13",
"@tauri-apps/plugin-dialog": "^2.0.0-beta.5",
@ -15,7 +15,7 @@
},
"devDependencies": {
"@sveltejs/vite-plugin-svelte": "^1.0.1",
"@tauri-apps/cli": "^2.0.0-beta.20",
"@tauri-apps/cli": "^2.2.1",
"autoprefixer": "^10.4.8",
"postcss": "^8.4.16",
"svelte": "^3.49.0",
@ -213,9 +213,9 @@
}
},
"node_modules/@tauri-apps/cli": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli/-/cli-2.0.0-beta.20.tgz",
"integrity": "sha512-707q9uIc2oNrYHd2dtMvxTrpZXVpart5EIktnRymNOpphkLlB6WUBjHD+ga45WqTU6cNGKbYvkKqTNfshNul9Q==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli/-/cli-2.2.1.tgz",
"integrity": "sha512-oLWX/2tW0v8cBaShI9/bt5RsquCLK7ZCwhPXXnf55oil8/GrNtLzW9/67iyydcnxiYYU5jYMpo3uXptknOSdpA==",
"dev": true,
"bin": {
"tauri": "tauri.js"
@ -228,22 +228,22 @@
"url": "https://opencollective.com/tauri"
},
"optionalDependencies": {
"@tauri-apps/cli-darwin-arm64": "2.0.0-beta.20",
"@tauri-apps/cli-darwin-x64": "2.0.0-beta.20",
"@tauri-apps/cli-linux-arm-gnueabihf": "2.0.0-beta.20",
"@tauri-apps/cli-linux-arm64-gnu": "2.0.0-beta.20",
"@tauri-apps/cli-linux-arm64-musl": "2.0.0-beta.20",
"@tauri-apps/cli-linux-x64-gnu": "2.0.0-beta.20",
"@tauri-apps/cli-linux-x64-musl": "2.0.0-beta.20",
"@tauri-apps/cli-win32-arm64-msvc": "2.0.0-beta.20",
"@tauri-apps/cli-win32-ia32-msvc": "2.0.0-beta.20",
"@tauri-apps/cli-win32-x64-msvc": "2.0.0-beta.20"
"@tauri-apps/cli-darwin-arm64": "2.2.1",
"@tauri-apps/cli-darwin-x64": "2.2.1",
"@tauri-apps/cli-linux-arm-gnueabihf": "2.2.1",
"@tauri-apps/cli-linux-arm64-gnu": "2.2.1",
"@tauri-apps/cli-linux-arm64-musl": "2.2.1",
"@tauri-apps/cli-linux-x64-gnu": "2.2.1",
"@tauri-apps/cli-linux-x64-musl": "2.2.1",
"@tauri-apps/cli-win32-arm64-msvc": "2.2.1",
"@tauri-apps/cli-win32-ia32-msvc": "2.2.1",
"@tauri-apps/cli-win32-x64-msvc": "2.2.1"
}
},
"node_modules/@tauri-apps/cli-darwin-arm64": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-arm64/-/cli-darwin-arm64-2.0.0-beta.20.tgz",
"integrity": "sha512-oCJOCib7GuYkwkBXx+ekamR8NZZU+2i3MLP+DHpDxK5gS2uhCE+CBkamJkNt6y1x6xdVnwyqZOm5RvN4SRtyIA==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-arm64/-/cli-darwin-arm64-2.2.1.tgz",
"integrity": "sha512-658OPWObcEA7x/Pe/fAXfyJtC5SdcpD2Q9ZSVKoLBovPzfU6Ug2mCaQmH1L5iA7Zb7a26ctzkaz3Sh3dMeGcJw==",
"cpu": [
"arm64"
],
@ -257,9 +257,9 @@
}
},
"node_modules/@tauri-apps/cli-darwin-x64": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-x64/-/cli-darwin-x64-2.0.0-beta.20.tgz",
"integrity": "sha512-lC5QSnRExedYN4Ds6ZlSvC2PxP8qfIYBJQ5ktf+PJI5gQALdNeVtd6YnTG1ODCEklfLq9WKkGwp7JdALTU5wDA==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-x64/-/cli-darwin-x64-2.2.1.tgz",
"integrity": "sha512-3g11km4caJa6StvETI5GIynniNC/e9AWpUy+lWQRfQBdelRrEGoEDw949SihxqKHAoP2E9cm7z5DUsiRiT/Yaw==",
"cpu": [
"x64"
],
@ -273,9 +273,9 @@
}
},
"node_modules/@tauri-apps/cli-linux-arm-gnueabihf": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm-gnueabihf/-/cli-linux-arm-gnueabihf-2.0.0-beta.20.tgz",
"integrity": "sha512-nZCeBMHHye5DLOJV5k2w658hnCS+LYaOZ8y/G9l3ei+g0L/HBjlSy6r4simsAT5TG8+l3oCZzLBngfTMdDS/YA==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm-gnueabihf/-/cli-linux-arm-gnueabihf-2.2.1.tgz",
"integrity": "sha512-Ldbw3Y56TAfpsGRuWJnkdl0TV0NHhtP3bGyjh2lJACofkHMCOtsLHOx4/HP2hFnn7DcSLWHUayyPlj2rAikKkA==",
"cpu": [
"arm"
],
@ -289,9 +289,9 @@
}
},
"node_modules/@tauri-apps/cli-linux-arm64-gnu": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-2.0.0-beta.20.tgz",
"integrity": "sha512-B79ISVLPVBgwnCchVqwTKU+vxnFYqxKomcR4rmsvxfs0NVtT5QuNzE1k4NUQnw3966yjwhYR3mnHsSJQSB4Eyw==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-2.2.1.tgz",
"integrity": "sha512-ay3NwilDR95RyvK/AIdivuULcbpGgrUISNLDOfTKEvKMMnRWkMV4gzY3hifQ8H7CDonGhqMl2PjP+WvDQpXUig==",
"cpu": [
"arm64"
],
@ -305,9 +305,9 @@
}
},
"node_modules/@tauri-apps/cli-linux-arm64-musl": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.0.0-beta.20.tgz",
"integrity": "sha512-ojIkv/1uZHhcrgfIN8xgn4BBeo/Xg+bnV0wer6lD78zyxkUMWeEZ+u3mae1ejCJNhhaZOxNaUQ67MvDOiGyr5Q==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.2.1.tgz",
"integrity": "sha512-d2zK4Qb9DZlNjNB8Fda0yxOlg6sk6GZGhO5dVnie5VYJMt4lDct2LZljg4boUb5t1pk6sfAPB9356G7R8l4qCQ==",
"cpu": [
"arm64"
],
@ -321,9 +321,9 @@
}
},
"node_modules/@tauri-apps/cli-linux-x64-gnu": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-gnu/-/cli-linux-x64-gnu-2.0.0-beta.20.tgz",
"integrity": "sha512-xBy1FNbHKlc7T6pOmFQQPECxJaI5A9QWX7Kb9N64cNVusoOGlvc3xHYkXMS4PTr7xXOT0yiE1Ww2OwDRJ3lYsg==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-gnu/-/cli-linux-x64-gnu-2.2.1.tgz",
"integrity": "sha512-P0Zm3nmRbBS/KIxSrzul2ieZEwtTdU4bjsB9pOIk+oPF15HXnrLLbVBeMofNjXOWsIxTJw2tIt/XPD8Jt9jSEg==",
"cpu": [
"x64"
],
@ -337,9 +337,9 @@
}
},
"node_modules/@tauri-apps/cli-linux-x64-musl": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-musl/-/cli-linux-x64-musl-2.0.0-beta.20.tgz",
"integrity": "sha512-+O6zq5jmtUxA1FUAAwF2ywPysy4NRo2Y6G+ESZDkY9XosRwdt5OUjqAsYktZA3AxDMZVei8r9buwTqUwi9ny/g==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-musl/-/cli-linux-x64-musl-2.2.1.tgz",
"integrity": "sha512-AwYuKTpPGdR0BJMDdJsjGm8vfVDBpXYRDJ+1B/FlIMTikAx4A/wSODxphjf6Ls9uOC5F3To0XlfqskBkTq0WKw==",
"cpu": [
"x64"
],
@ -353,9 +353,9 @@
}
},
"node_modules/@tauri-apps/cli-win32-arm64-msvc": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-2.0.0-beta.20.tgz",
"integrity": "sha512-RswgMbWyOQcv53CHvIuiuhAh4kKDqaGyZfWD4VlxqX/XhkoF5gsNgr0MxzrY7pmoL+89oVI+fiGVJz4nOQE5vA==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-2.2.1.tgz",
"integrity": "sha512-t1Pv+Og5O+Cp0uYHFzSWEl+hssr1bKJjgWg05ElTpwYMb4xKA5bh1BTGN5orGqKs0e2+D+EPsOqVfM8KuUWR4Q==",
"cpu": [
"arm64"
],
@ -369,9 +369,9 @@
}
},
"node_modules/@tauri-apps/cli-win32-ia32-msvc": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-2.0.0-beta.20.tgz",
"integrity": "sha512-5lgWmDVXhX3SBGbiv5SduM1yajiRnUEJClWhSdRrEEJeXdsxpCsBEhxYnUnDCEzPKxLLn5fdBv3VrVctJ03csQ==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-2.2.1.tgz",
"integrity": "sha512-erY+Spho6hBJgNzHKbA3JFxMztlHAikCiF/OYhk9fy6MbU5KpYHPrAC+Jhj2tcDy/xevWw/6KVNvLmk9PhLcXQ==",
"cpu": [
"ia32"
],
@ -385,9 +385,9 @@
}
},
"node_modules/@tauri-apps/cli-win32-x64-msvc": {
"version": "2.0.0-beta.20",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-x64-msvc/-/cli-win32-x64-msvc-2.0.0-beta.20.tgz",
"integrity": "sha512-SuSiiVQTQPSzWlsxQp/NMzWbzDS9TdVDOw7CCfgiG5wnT2GsxzrcIAVN6i7ILsVFLxrjr0bIgPldSJcdcH84Yw==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-x64-msvc/-/cli-win32-x64-msvc-2.2.1.tgz",
"integrity": "sha512-GIdUtdje1CvCn0/Sh3VwPWaFKmD1C0edJUMueGwkRFHmF6HfatXPVhW5FySP+EEO2+rVym1qJkODstJrunraWA==",
"cpu": [
"x64"
],

4
package.json
View File

@ -1,6 +1,6 @@
{
"name": "creddy",
"version": "0.5.3",
"version": "0.6.5",
"scripts": {
"dev": "vite",
"build": "vite build",
@ -9,7 +9,7 @@
},
"devDependencies": {
"@sveltejs/vite-plugin-svelte": "^1.0.1",
"@tauri-apps/cli": "^2.0.0-beta.20",
"@tauri-apps/cli": "^2.2.1",
"autoprefixer": "^10.4.8",
"postcss": "^8.4.16",
"svelte": "^3.49.0",

1703
src-tauri/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

47
src-tauri/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "creddy"
version = "0.5.3"
version = "0.6.5"
description = "A friendly AWS credentials manager"
authors = ["Joseph Montanaro"]
license = ""
@ -9,60 +9,68 @@ default-run = "creddy"
edition = "2021"
rust-version = "1.57"
[[bin]]
name = "creddy_cli"
path = "src/bin/creddy_cli.rs"
[[bin]]
name = "creddy"
path = "src/main.rs"
# we use a workspace so that we can split out the CLI and make it possible to build independently
[workspace]
members = ["creddy_cli"]
[workspace.dependencies]
dirs = "5.0"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
tokio = { version = ">=1.19", features = ["full"] }
windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pipes"] }
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[build-dependencies]
tauri-build = { version = "2.0.0-beta", features = [] }
tauri-build = { version = "2.0.4", features = [] }
[dependencies]
serde_json = "1.0"
serde = { version = "1.0", features = ["derive"] }
tauri = { version = "2.0.0-beta", features = ["tray-icon"] }
creddy_cli = { path = "./creddy_cli" }
tauri = { version = "2.2.0", features = ["tray-icon", "test"] }
sodiumoxide = "0.2.7"
tokio = { version = ">=1.19", features = ["full"] }
sysinfo = "0.26.8"
aws-config = "1.5.3"
aws-types = "1.3.2"
aws-sdk-sts = "1.33.0"
aws-smithy-types = "1.2.0"
dirs = { workspace = true }
thiserror = "1.0.38"
once_cell = "1.16.0"
strum = "0.24"
strum_macros = "0.24"
auto-launch = "0.4.0"
dirs = "5.0"
clap = { version = "3.2.23", features = ["derive"] }
is-terminal = "0.4.7"
argon2 = { version = "0.5.0", features = ["std"] }
chacha20poly1305 = { version = "0.10.1", features = ["std"] }
which = "4.4.0"
windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pipes"] }
time = "0.3.31"
tauri-plugin-single-instance = "2.0.0-beta.9"
tauri-plugin-global-shortcut = "2.0.0-beta.6"
tauri-plugin-os = "2.0.0-beta.6"
tauri-plugin-dialog = "2.0.0-beta.9"
tauri-plugin-global-shortcut = "2.2.0"
tauri-plugin-os = "2.2.0"
tauri-plugin-dialog = "2.2.0"
rfd = "0.13.0"
ssh-agent-lib = "0.4.0"
ssh-key = { version = "0.6.6", features = ["rsa", "ed25519", "encryption"] }
signature = "2.2.0"
tokio-stream = "0.1.15"
serde = { workspace = true }
serde_json = { workspace = true }
sqlx = { version = "0.7.4", features = ["sqlite", "runtime-tokio", "uuid"] }
tokio = { workspace = true }
tokio-util = { version = "0.7.11", features = ["codec"] }
futures = "0.3.30"
openssl = "0.10.64"
# openssl = { version = "0.10.64", features = ["vendored"] }
rsa = "0.9.6"
sha2 = "0.10.8"
ssh-encoding = "0.2.0"
[target.'cfg(windows)'.dependencies]
windows = { workspace = true }
[features]
# by default Tauri runs in production mode
# when `tauri dev` runs it is executed with `cargo run --no-default-features` if `devPath` is an URL
@ -71,8 +79,5 @@ default = ["custom-protocol"]
# DO NOT remove this
custom-protocol = ["tauri/custom-protocol"]
[dev-dependencies]
base64 = "0.22.1"
# [profile.dev.build-override]
# opt-level = 3

14
src-tauri/capabilities/migrated.json
View File

@ -6,13 +6,13 @@
"main"
],
"permissions": [
"path:default",
"event:default",
"window:default",
"app:default",
"resources:default",
"menu:default",
"tray:default",
"core:path:default",
"core:event:default",
"core:window:default",
"core:app:default",
"core:resources:default",
"core:menu:default",
"core:tray:default",
"os:allow-os-type",
"dialog:allow-open"
]

15
src-tauri/creddy_cli/Cargo.toml Normal file
View File

@ -0,0 +1,15 @@
[package]
name = "creddy_cli"
version = "0.6.5"
edition = "2021"
[dependencies]
anyhow = "1.0.86"
clap = { version = "4", features = ["derive"] }
dirs = { workspace = true }
serde = { workspace = true }
serde_json = { workspace = true }
tokio = { workspace = true }
[target.'cfg(windows)'.dependencies]
windows = { workspace = true }

62
src-tauri/creddy_cli/src/cli/docker.rs Normal file
View File

@ -0,0 +1,62 @@
use std::io::{self, Read};
use anyhow::bail;
use crate::proto::{CliResponse, DockerCredential};
use super::{
CliCredential,
CliRequest,
GlobalArgs
};
pub fn docker_store(global_args: GlobalArgs) -> anyhow::Result<()> {
let input: DockerCredential = serde_json::from_reader(io::stdin())?;
let req = CliRequest::StoreDockerCredential(input);
match super::make_request(global_args.server_addr, &req)?? {
CliResponse::Empty => Ok(()),
r => bail!("Unexpected response from server: {r}"),
}
}
pub fn docker_get(global_args: GlobalArgs) -> anyhow::Result<()> {
let mut server_url = String::new();
io::stdin().read_to_string(&mut server_url)?;
let req = CliRequest::GetDockerCredential {
server_url: server_url.trim().to_owned()
};
let server_resp = super::make_request(global_args.server_addr, &req)?;
match server_resp {
Ok(CliResponse::Credential(CliCredential::Docker(d))) => {
println!("{}", serde_json::to_string(&d)?);
},
Err(e) if e.code == "NoCredentials" => {
// To indicate credentials are not found, a credential helper *must* print
// this message to stdout, then exit 1. Any other message/status will cause
// some builds to fail. This is, of course, not documented anywhere.
println!("credentials not found in native keychain");
std::process::exit(1);
},
Err(e) => Err(e)?,
Ok(r) => bail!("Unexpected response from server: {r}"),
}
Ok(())
}
pub fn docker_erase(global_args: GlobalArgs) -> anyhow::Result<()> {
let mut server_url = String::new();
io::stdin().read_to_string(&mut server_url)?;
let req = CliRequest::EraseDockerCredential {
server_url: server_url.trim().to_owned()
};
match super::make_request(global_args.server_addr, &req)?? {
CliResponse::Empty => Ok(()),
r => bail!("Unexpected response from server: {r}"),
}
}

233
src-tauri/creddy_cli/src/cli/mod.rs Normal file
View File

@ -0,0 +1,233 @@
use std::path::PathBuf;
use std::process::Command as ChildCommand;
#[cfg(unix)]
use std::os::unix::process::CommandExt;
use anyhow::{bail, Context};
use clap::{
Args,
Parser,
Subcommand
};
use clap::builder::styling::{Styles, AnsiColor};
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use crate::proto::{
CliCredential,
CliRequest,
CliResponse,
ServerError,
ShortcutAction,
};
mod docker;
#[derive(Debug, Parser)]
#[command(
about,
version,
name = "creddy",
bin_name = "creddy",
styles = Styles::styled()
.header(AnsiColor::Yellow.on_default())
.usage(AnsiColor::Yellow.on_default())
.literal(AnsiColor::Green.on_default())
.placeholder(AnsiColor::Green.on_default())
)]
/// A friendly credential manager
pub struct Cli {
#[command(flatten)]
pub global_args: GlobalArgs,
#[command(subcommand)]
pub action: Option<Action>,
}
impl Cli {
// proxy the Parser method so that main crate doesn't have to depend on Clap
pub fn parse() -> Self {
<Self as Parser>::parse()
}
}
#[derive(Debug, Clone, Args)]
pub struct GlobalArgs {
/// Connect to the main Creddy application at this path
#[arg(long, short = 'a')]
server_addr: Option<PathBuf>,
}
#[derive(Debug, Subcommand)]
pub enum Action {
/// Launch Creddy
Run(RunArgs),
/// Request credentials from Creddy and output to stdout
Get(GetArgs),
/// Inject credentials into the environment of another command
Exec(ExecArgs),
/// Invoke an action normally triggered by hotkey (e.g. launch terminal)
Shortcut(InvokeArgs),
/// Interact with Docker credentials via the docker-credential-helper protocol
#[command(subcommand)]
Docker(DockerCmd),
}
#[derive(Debug, Args)]
pub struct RunArgs {
/// Minimize to system tray on launch
#[arg(long, default_value_t = false)]
pub minimized: bool,
}
#[derive(Debug, Args)]
pub struct GetArgs {
/// If unspecified, use default credentials
#[arg(short, long)]
name: Option<String>,
/// Use base credentials instead of session credentials (only applicable to AWS)
#[arg(long, short, default_value_t = false)]
base: bool,
}
#[derive(Debug, Args)]
pub struct ExecArgs {
#[command(flatten)]
get_args: GetArgs,
#[arg(trailing_var_arg = true)]
/// Command to be wrapped
command: Vec<String>,
}
#[derive(Debug, Args)]
pub struct InvokeArgs {
#[arg(value_name = "ACTION", value_enum)]
pub shortcut_action: ShortcutAction,
}
#[derive(Debug, Subcommand)]
pub enum DockerCmd {
/// Get a stored Docker credential
Get,
/// Store a new Docker credential
Store,
/// Remove a stored Docker credential
Erase,
}
pub fn get(args: GetArgs, global: GlobalArgs) -> anyhow::Result<()> {
let req = CliRequest::GetAwsCredential {
name: args.name,
base: args.base,
};
let output = match make_request(global.server_addr, &req)?? {
CliResponse::Credential(CliCredential::AwsBase(c)) => {
serde_json::to_string_pretty(&c).unwrap()
},
CliResponse::Credential(CliCredential::AwsSession(c)) => {
serde_json::to_string_pretty(&c).unwrap()
},
r => bail!("Unexpected response from server: {r}"),
};
println!("{output}");
Ok(())
}
pub fn exec(args: ExecArgs, global: GlobalArgs) -> anyhow::Result<()> {
// Clap guarantees that cmd_line will be a sequence of at least 1 item
// test this!
let mut cmd_line = args.command.iter();
let cmd_name = cmd_line.next().unwrap();
let mut cmd = ChildCommand::new(cmd_name);
cmd.args(cmd_line);
let req = CliRequest::GetAwsCredential {
name: args.get_args.name,
base: args.get_args.base,
};
match make_request(global.server_addr, &req)?? {
CliResponse::Credential(CliCredential::AwsBase(creds)) => {
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
},
CliResponse::Credential(CliCredential::AwsSession(creds)) => {
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
cmd.env("AWS_SESSION_TOKEN", creds.session_token);
},
r => bail!("Unexpected response from server: {r}"),
}
#[cfg(unix)]
{
let e = cmd.exec();
// cmd.exec() never returns if successful, so we never hit this line unless there's an error
Err(e).with_context(|| {
// eventually figure out how to display the actual command
format!("Failed to execute command: {}", args.command.join(" "))
})?;
Ok(())
}
#[cfg(windows)]
{
let mut child = cmd.spawn()
.with_context(|| format!("Failed to execute command: {}", args.command.join(" ")))?;
let status = child.wait()
.with_context(|| format!("Failed to execute command: {}", args.command.join(" ")))?;
std::process::exit(status.code().unwrap_or(1));
};
}
pub fn invoke_shortcut(args: InvokeArgs, global: GlobalArgs) -> anyhow::Result<()> {
let req = CliRequest::InvokeShortcut{action: args.shortcut_action};
match make_request(global.server_addr, &req)?? {
CliResponse::Empty => Ok(()),
r => bail!("Unexpected response from server: {r}"),
}
}
pub fn docker_credential_helper(cmd: DockerCmd, global_args: GlobalArgs) -> anyhow::Result<()> {
match cmd {
DockerCmd::Get => docker::docker_get(global_args),
DockerCmd::Store => docker::docker_store(global_args),
DockerCmd::Erase => docker::docker_erase(global_args),
}
}
// Explanation for double-result: the server will return a (serialized) Result
// to indicate when the operation succeeded or failed, which we deserialize.
// However, the operation may fail to even communicate with the server, in
// which case we return the outer Result
// (probably this should be modeled differently)
#[tokio::main]
async fn make_request(
addr: Option<PathBuf>,
req: &CliRequest
) -> anyhow::Result<Result<CliResponse, ServerError>> {
let mut data = serde_json::to_string(req).unwrap();
// server expects newline marking end of request
data.push('\n');
let mut stream = crate::connect(addr).await?;
stream.write_all(&data.as_bytes()).await?;
let mut buf = Vec::with_capacity(1024);
stream.read_to_end(&mut buf).await?;
let res: Result<CliResponse, ServerError> = serde_json::from_slice(&buf)?;
Ok(res)
}

77
src-tauri/creddy_cli/src/lib.rs Normal file
View File

@ -0,0 +1,77 @@
mod cli;
pub use cli::{
Action,
Cli,
docker_credential_helper,
exec,
get,
GlobalArgs,
RunArgs,
invoke_shortcut,
};
pub use platform::{connect, server_addr};
pub mod proto;
pub fn show_window(global_args: GlobalArgs) -> anyhow::Result<()> {
let invoke = cli::InvokeArgs { shortcut_action: proto::ShortcutAction::ShowWindow };
cli::invoke_shortcut(invoke, global_args)
}
#[cfg(unix)]
mod platform {
use std::path::PathBuf;
use tokio::net::UnixStream;
pub async fn connect(addr: Option<PathBuf>) -> Result<UnixStream, std::io::Error> {
let path = addr.unwrap_or_else(|| server_addr("creddy-server"));
UnixStream::connect(&path).await
}
pub fn server_addr(sock_name: &str) -> PathBuf {
let mut path = dirs::runtime_dir()
.unwrap_or_else(|| PathBuf::from("/tmp"));
if cfg!(debug_assertions) {
path.push(format!("{sock_name}.dev.sock"))
}
else {
path.push(format!("{sock_name}.sock"));
}
path
}
}
#[cfg(windows)]
mod platform {
use std::path::PathBuf;
use std::time::Duration;
use tokio::net::windows::named_pipe::{NamedPipeClient, ClientOptions};
use windows::Win32::Foundation::ERROR_PIPE_BUSY;
pub async fn connect(addr: Option<PathBuf>) -> std::io::Result<NamedPipeClient> {
let opts = ClientOptions::new();
let pipe_name = addr.unwrap_or_else(|| server_addr("creddy-server"));
loop {
match opts.open(&pipe_name) {
Ok(client) => return Ok(client),
Err(e) if e.raw_os_error() == Some(ERROR_PIPE_BUSY.0 as i32) => {
tokio::time::sleep(Duration::from_millis(50)).await;
},
Err(e) => return Err(e),
}
}
}
pub fn server_addr(sock_name: &str) -> PathBuf {
if cfg!(debug_assertions) {
format!(r"\\.\pipe\{sock_name}.dev").into()
}
else {
format!(r"\\.\pipe\{sock_name}").into()
}
}
}

44
src-tauri/creddy_cli/src/main.rs Normal file
View File

@ -0,0 +1,44 @@
use std::env;
use std::process::{self, Command};
use creddy_cli::{
Action,
Cli,
RunArgs,
};
fn main() {
let cli = Cli::parse();
let res = match cli.action {
None => launch_gui(RunArgs { minimized: false }),
Some(Action::Run(run_args)) => launch_gui(run_args),
Some(Action::Get(args)) => creddy_cli::get(args, cli.global_args),
Some(Action::Exec(args)) => creddy_cli::exec(args, cli.global_args),
Some(Action::Shortcut(args)) => creddy_cli::invoke_shortcut(args, cli.global_args),
Some(Action::Docker(cmd)) => creddy_cli::docker_credential_helper(cmd, cli.global_args),
};
if let Err(e) = res {
eprintln!("Error: {e:?}");
process::exit(1);
}
}
fn launch_gui(run_args: RunArgs) -> anyhow::Result<()> {
let mut path = env::current_exe()?;
path.pop(); // bin dir
// binaries are colocated in dev, but not in production
#[cfg(not(debug_assertions))]
path.pop(); // install dir
path.push("creddy.exe"); // exe in main install dir (aka gui exe)
let mut cmd = Command::new(path);
if run_args.minimized {
cmd.arg("--minimized");
}
cmd.spawn()?;
Ok(())
}

113
src-tauri/creddy_cli/src/proto.rs Normal file
View File

@ -0,0 +1,113 @@
use std::fmt::{
Display,
Formatter,
Error as FmtError
};
use clap::ValueEnum;
use serde::{Serialize, Deserialize};
#[derive(Debug, Serialize, Deserialize)]
#[serde(tag = "type")]
pub enum CliRequest {
GetAwsCredential {
name: Option<String>,
base: bool,
},
GetDockerCredential {
server_url: String,
},
StoreDockerCredential(DockerCredential),
EraseDockerCredential {
server_url: String,
},
InvokeShortcut{
action: ShortcutAction,
},
}
#[derive(Debug, Copy, Clone, Serialize, Deserialize, ValueEnum)]
pub enum ShortcutAction {
ShowWindow,
LaunchTerminal,
}
#[derive(Debug, Serialize, Deserialize)]
pub enum CliResponse {
Credential(CliCredential),
Empty,
}
impl Display for CliResponse {
fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> {
match self {
CliResponse::Credential(CliCredential::AwsBase(_)) => write!(f, "Credential (AwsBase)"),
CliResponse::Credential(CliCredential::AwsSession(_)) => write!(f, "Credential (AwsSession)"),
CliResponse::Credential(CliCredential::Docker(_)) => write!(f, "Credential (Docker)"),
CliResponse::Empty => write!(f, "Empty"),
}
}
}
#[derive(Debug, Serialize, Deserialize)]
pub enum CliCredential {
AwsBase(AwsBaseCredential),
AwsSession(AwsSessionCredential),
Docker(DockerCredential),
}
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct AwsBaseCredential {
#[serde(default = "default_aws_version")]
pub version: usize,
pub access_key_id: String,
pub secret_access_key: String,
}
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct AwsSessionCredential {
#[serde(default = "default_aws_version")]
pub version: usize,
pub access_key_id: String,
pub secret_access_key: String,
pub session_token: String,
// we don't need to know the expiration for the CLI, so just use a string here
pub expiration: String,
}
fn default_aws_version() -> usize { 1 }
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct DockerCredential {
#[serde(rename = "ServerURL")]
pub server_url: String,
pub username: String,
pub secret: String,
}
#[derive(Debug, Serialize, Deserialize)]
pub struct ServerError {
pub code: String,
pub msg: String,
}
impl Display for ServerError {
fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> {
write!(f, "Error response ({}) from server: {}", self.code, self.msg)?;
Ok(())
}
}
impl std::error::Error for ServerError {}

2
src-tauri/gen/schemas/acl-manifests.json
View File

File diff suppressed because one or more lines are too long

2
src-tauri/gen/schemas/capabilities.json
View File

@ -1 +1 @@
{"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["path:default","event:default","window:default","app:default","resources:default","menu:default","tray:default","os:allow-os-type","dialog:allow-open"]}}
{"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["core:path:default","core:event:default","core:window:default","core:app:default","core:resources:default","core:menu:default","core:tray:default","os:allow-os-type","dialog:allow-open"]}}

2118
src-tauri/gen/schemas/desktop-schema.json
View File

File diff suppressed because it is too large Load Diff

2001
src-tauri/gen/schemas/windows-schema.json Normal file
View File

File diff suppressed because it is too large Load Diff

12
src-tauri/migrations/20240919135710_docker_creds.sql Normal file
View File

@ -0,0 +1,12 @@
CREATE TABLE docker_credentials (
id BLOB UNIQUE NOT NULL,
-- The Docker credential helper protocol only sends the server_url, so
-- we should guarantee that we will only ever have one matching credential.
-- Also, it's easier to go from unique -> not-unique than vice versa if we
-- decide that's necessary in the future
server_url TEXT UNIQUE NOT NULL,
username TEXT NOT NULL,
secret_enc BLOB NOT NULL,
nonce BLOB NOT NULL,
FOREIGN KEY(id) REFERENCES credentials(id) ON DELETE CASCADE
);

42
src-tauri/src/app.rs
View File

@ -15,7 +15,7 @@ use tauri::{
RunEvent,
WindowEvent,
};
use tauri::menu::MenuItem;
use creddy_cli::{GlobalArgs, RunArgs};
use crate::{
config::{self, AppConfig},
@ -32,12 +32,13 @@ use crate::{
pub static APP: OnceCell<AppHandle> = OnceCell::new();
pub fn run() -> tauri::Result<()> {
pub fn run(run_args: RunArgs, global_args: GlobalArgs) -> tauri::Result<()> {
if let Ok(_) = creddy_cli::show_window(global_args) {
// app is already running, so terminate
return Ok(());
}
tauri::Builder::default()
.plugin(tauri_plugin_single_instance::init(|app, _argv, _cwd| {
show_main_window(app)
.error_popup("Failed to show main window")
}))
.plugin(tauri_plugin_global_shortcut::Builder::default().build())
.plugin(tauri_plugin_os::init())
.plugin(tauri_plugin_dialog::init())
@ -58,9 +59,10 @@ pub fn run() -> tauri::Result<()> {
ipc::save_config,
ipc::launch_terminal,
ipc::get_setup_errors,
ipc::get_devmode,
ipc::exit,
])
.setup(|app| rt::block_on(setup(app)))
.setup(|app| rt::block_on(setup(app, run_args)))
.build(tauri::generate_context!())?
.run(|app, run_event| {
if let RunEvent::WindowEvent { event, .. } = run_event {
@ -86,11 +88,11 @@ pub async fn connect_db() -> Result<SqlitePool, SetupError> {
}
async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
async fn setup(app: &mut App, run_args: RunArgs) -> Result<(), Box<dyn Error>> {
APP.set(app.handle().clone()).unwrap();
tray::setup(app)?;
// get_or_create_db_path doesn't create the actual db file, just the directory
let is_first_launch = !config::get_or_create_db_path()?.exists();
let is_first_launch = !config::get_or_create_db_path()?.try_exists()?;
let pool = connect_db().await?;
let mut setup_errors: Vec<String> = vec![];
@ -109,10 +111,16 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
creddy_server::serve(app.handle().clone())?;
agent::serve(app.handle().clone())?;
config::set_auto_launch(conf.start_on_login)?;
if let Err(_e) = config::set_auto_launch(conf.start_on_login) {
setup_errors.push("Error: Failed to manage autolaunch.".into());
// if this is the first launch, setup system with default auto-launch settings
if is_first_launch {
if let Err(e) = conf.set_auto_launch() {
setup_errors.push(format!("Failed to manage autolaunch: {e}"));
}
}
// otherwise, treat the system as the source of truth and ensure ours matches
else {
conf.match_auto_launch(&pool).await?;
};
// if hotkeys fail to register, disable them so that this error doesn't have to keep showing up
if let Err(_e) = shortcuts::register_hotkeys(&conf.hotkeys) {
@ -125,7 +133,7 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
.map(|names| names.split(':').any(|n| n == "GNOME"))
.unwrap_or(false);
if !conf.start_minimized || is_first_launch {
if !run_args.minimized {
show_main_window(&app.handle())?;
}
@ -158,8 +166,8 @@ fn start_auto_locker(app: AppHandle) {
pub fn show_main_window(app: &AppHandle) -> Result<(), WindowError> {
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
w.show()?;
let show_hide = app.state::<MenuItem<tauri::Wry>>();
show_hide.set_text("Hide")?;
let menu = app.state::<tray::MenuItems>();
menu.after_show()?;
Ok(())
}
@ -167,8 +175,8 @@ pub fn show_main_window(app: &AppHandle) -> Result<(), WindowError> {
pub fn hide_main_window(app: &AppHandle) -> Result<(), WindowError> {
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
w.hide()?;
let show_hide = app.state::<MenuItem<tauri::Wry>>();
show_hide.set_text("Show")?;
let menu = app.state::<tray::MenuItems>();
menu.after_hide()?;
Ok(())
}

42
src-tauri/src/bin/creddy_cli.rs
View File

@ -1,42 +0,0 @@
// Windows isn't really amenable to having a single executable work as both a CLI and GUI app,
// so we just have a second binary for CLI usage
use creddy::{
cli,
errors::CliError,
};
use std::{
env,
process::{self, Command},
};
fn main() {
let global_matches = cli::parser().get_matches();
let res = match global_matches.subcommand() {
None | Some(("run", _)) => launch_gui(),
Some(("get", m)) => cli::get(m, &global_matches),
Some(("exec", m)) => cli::exec(m, &global_matches),
Some(("shortcut", m)) => cli::invoke_shortcut(m, &global_matches),
_ => unreachable!("Unknown subcommand"),
};
if let Err(e) = res {
eprintln!("Error: {e}");
process::exit(1);
}
}
fn launch_gui() -> Result<(), CliError> {
let mut path = env::current_exe()?;
path.pop(); // bin dir
// binaries are colocated in dev, but not in production
#[cfg(not(debug_assertions))]
path.pop(); // install dir
path.push("creddy.exe"); // exe in main install dir (aka gui exe)
Command::new(path).spawn()?;
Ok(())
}

227
src-tauri/src/cli.rs
View File

@ -1,227 +0,0 @@
use std::ffi::OsString;
use std::path::PathBuf;
use std::process::Command as ChildCommand;
#[cfg(windows)]
use std::time::Duration;
use clap::{
Command,
Arg,
ArgMatches,
ArgAction,
builder::PossibleValuesParser,
value_parser,
};
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use crate::errors::*;
use crate::srv::{
self,
Request,
Response
};
use crate::shortcuts::ShortcutAction;
#[cfg(unix)]
use {
std::os::unix::process::CommandExt,
tokio::net::UnixStream,
};
#[cfg(windows)]
use {
tokio::net::windows::named_pipe::{NamedPipeClient, ClientOptions},
windows::Win32::Foundation::ERROR_PIPE_BUSY,
};
pub fn parser() -> Command<'static> {
Command::new("creddy")
.version(env!("CARGO_PKG_VERSION"))
.about("A friendly AWS credentials manager")
.arg(
Arg::new("server_addr")
.short('a')
.long("server-addr")
.takes_value(true)
.value_parser(value_parser!(PathBuf))
.help("Connect to the main Creddy process at this address")
)
.subcommand(
Command::new("run")
.about("Launch Creddy")
)
.subcommand(
Command::new("get")
.about("Request AWS credentials from Creddy and output to stdout")
.arg(
Arg::new("base")
.short('b')
.long("base")
.action(ArgAction::SetTrue)
.help("Use base credentials instead of session credentials")
)
.arg(
Arg::new("name")
.help("If unspecified, use default credentials")
)
)
.subcommand(
Command::new("exec")
.about("Inject AWS credentials into the environment of another command")
.trailing_var_arg(true)
.arg(
Arg::new("base")
.short('b')
.long("base")
.action(ArgAction::SetTrue)
.help("Use base credentials instead of session credentials")
)
.arg(
Arg::new("name")
.short('n')
.long("name")
.takes_value(true)
.help("If unspecified, use default credentials")
)
.arg(
Arg::new("command")
.multiple_values(true)
)
)
.subcommand(
Command::new("shortcut")
.about("Invoke an action normally trigged by hotkey (e.g. launch terminal)")
.arg(
Arg::new("action")
.value_parser(
PossibleValuesParser::new(["show_window", "launch_terminal"])
)
)
)
}
pub fn get(args: &ArgMatches, global_args: &ArgMatches) -> Result<(), CliError> {
let name = args.get_one("name").cloned();
let base = *args.get_one("base").unwrap_or(&false);
let addr = global_args.get_one("server_addr").cloned();
let output = match make_request(addr, &Request::GetAwsCredentials { name, base })? {
Response::AwsBase(creds) => serde_json::to_string(&creds).unwrap(),
Response::AwsSession(creds) => serde_json::to_string(&creds).unwrap(),
r => return Err(RequestError::Unexpected(r).into()),
};
println!("{output}");
Ok(())
}
pub fn exec(args: &ArgMatches, global_args: &ArgMatches) -> Result<(), CliError> {
let name = args.get_one("name").cloned();
let base = *args.get_one("base").unwrap_or(&false);
let addr = global_args.get_one("server_addr").cloned();
let mut cmd_line = args.get_many("command")
.ok_or(ExecError::NoCommand)?;
let cmd_name: &String = cmd_line.next().unwrap(); // Clap guarantees that there will be at least one
let mut cmd = ChildCommand::new(cmd_name);
cmd.args(cmd_line);
match make_request(addr, &Request::GetAwsCredentials { name, base })? {
Response::AwsBase(creds) => {
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
},
Response::AwsSession(creds) => {
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
cmd.env("AWS_SESSION_TOKEN", creds.session_token);
},
r => return Err(RequestError::Unexpected(r).into()),
}
#[cfg(unix)]
{
// cmd.exec() never returns if successful
let e = cmd.exec();
match e.kind() {
std::io::ErrorKind::NotFound => {
let name: OsString = cmd_name.into();
Err(ExecError::NotFound(name).into())
}
_ => Err(ExecError::ExecutionFailed(e).into()),
}
}
#[cfg(windows)]
{
let mut child = match cmd.spawn() {
Ok(c) => c,
Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
let name: OsString = cmd_name.into();
return Err(ExecError::NotFound(name).into());
}
Err(e) => return Err(ExecError::ExecutionFailed(e).into()),
};
let status = child.wait()
.map_err(|e| ExecError::ExecutionFailed(e))?;
std::process::exit(status.code().unwrap_or(1));
};
}
pub fn invoke_shortcut(args: &ArgMatches, global_args: &ArgMatches) -> Result<(), CliError> {
let addr = global_args.get_one("server_addr").cloned();
let action = match args.get_one::<String>("action").map(|s| s.as_str()) {
Some("show_window") => ShortcutAction::ShowWindow,
Some("launch_terminal") => ShortcutAction::LaunchTerminal,
Some(&_) | None => unreachable!("Unknown shortcut action"), // guaranteed by clap
};
let req = Request::InvokeShortcut(action);
match make_request(addr, &req) {
Ok(Response::Empty) => Ok(()),
Ok(r) => Err(RequestError::Unexpected(r).into()),
Err(e) => Err(e.into()),
}
}
#[tokio::main]
async fn make_request(addr: Option<PathBuf>, req: &Request) -> Result<Response, RequestError> {
let mut data = serde_json::to_string(req).unwrap();
// server expects newline marking end of request
data.push('\n');
let mut stream = connect(addr).await?;
stream.write_all(&data.as_bytes()).await?;
let mut buf = Vec::with_capacity(1024);
stream.read_to_end(&mut buf).await?;
let res: Result<Response, ServerError> = serde_json::from_slice(&buf)?;
Ok(res?)
}
#[cfg(windows)]
async fn connect(addr: Option<PathBuf>) -> Result<NamedPipeClient, std::io::Error> {
// apparently attempting to connect can fail if there's already a client connected
loop {
let addr = addr.unwrap_or_else(|| srv::addr("creddy-server"));
match ClientOptions::new().open(&addr) {
Ok(stream) => return Ok(stream),
Err(e) if e.raw_os_error() == Some(ERROR_PIPE_BUSY.0 as i32) => (),
Err(e) => return Err(e),
}
tokio::time::sleep(Duration::from_millis(10)).await;
}
}
#[cfg(unix)]
async fn connect(addr: Option<PathBuf>) -> Result<UnixStream, std::io::Error> {
let path = addr.unwrap_or_else(|| srv::addr("creddy-server"));
UnixStream::connect(&path).await
}

13
src-tauri/src/clientinfo.rs
View File

@ -5,7 +5,8 @@ use sysinfo::{
SystemExt,
Pid,
PidExt,
ProcessExt
ProcessExt,
UserExt,
};
use serde::{Serialize, Deserialize};
@ -16,6 +17,7 @@ use crate::errors::*;
pub struct Client {
pub pid: u32,
pub exe: Option<PathBuf>,
pub username: Option<String>,
}
@ -23,6 +25,8 @@ pub fn get_client(pid: u32, parent: bool) -> Result<Client, ClientInfoError> {
let sys_pid = Pid::from_u32(pid);
let mut sys = System::new();
sys.refresh_process(sys_pid);
sys.refresh_users_list();
let mut proc = sys.process(sys_pid)
.ok_or(ClientInfoError::ProcessNotFound)?;
@ -34,10 +38,15 @@ pub fn get_client(pid: u32, parent: bool) -> Result<Client, ClientInfoError> {
.ok_or(ClientInfoError::ParentProcessNotFound)?;
}
let username = proc.user_id()
.map(|uid| sys.get_user_by_id(uid))
.flatten()
.map(|u| u.name().to_owned());
let exe = match proc.exe() {
p if p == Path::new("") => None,
p => Some(PathBuf::from(p)),
};
Ok(Client { pid: proc.pid().as_u32(), exe })
Ok(Client { pid: proc.pid().as_u32(), exe, username })
}

58
src-tauri/src/config.rs
View File

@ -1,7 +1,7 @@
use std::path::PathBuf;
use std::time::Duration;
use auto_launch::AutoLaunchBuilder;
use auto_launch::{AutoLaunch, AutoLaunchBuilder};
use is_terminal::IsTerminal;
use serde::{Serialize, Deserialize};
use sqlx::SqlitePool;
@ -89,29 +89,49 @@ impl AppConfig {
pub async fn save(&self, pool: &SqlitePool) -> Result<(), sqlx::error::Error> {
kv::save(pool, "config", self).await
}
}
/// Configure system with auto-launch settings
pub fn set_auto_launch(&self) -> Result<(), SetupError> {
let mgr = self.auto_launch_manager()?;
pub fn set_auto_launch(is_configured: bool) -> Result<(), SetupError> {
let path_buf = std::env::current_exe()
.map_err(|e| auto_launch::Error::Io(e))?;
let path = path_buf
.to_string_lossy();
// if enabled, disabled regardless of desired end state because either:
// a) we are just going to leave it disabled, or
// b) we need to disable-and-reenable in case args are different
if mgr.is_enabled()? {
mgr.disable()?;
}
if self.start_on_login {
mgr.enable()?;
}
let auto = AutoLaunchBuilder::new()
.set_app_name("Creddy")
.set_app_path(&path)
.build()?;
let is_enabled = auto.is_enabled()?;
if is_configured && !is_enabled {
auto.enable()?;
}
else if !is_configured && is_enabled {
auto.disable()?;
Ok(())
}
Ok(())
/// Match own auto-launch settings to system
pub async fn match_auto_launch(&mut self, pool: &SqlitePool) -> Result<(), SetupError> {
let mgr = self.auto_launch_manager()?;
let is_enabled = mgr.is_enabled()?;
if is_enabled != self.start_on_login {
self.start_on_login = is_enabled;
self.save(pool).await?;
}
Ok(())
}
fn auto_launch_manager(&self) -> Result<AutoLaunch, SetupError> {
let path_buf = std::env::current_exe()
.map_err(|e| auto_launch::Error::Io(e))?;
let name = if cfg!(debug_assertions) { "Creddy (dev)" } else { "Creddy" };
let mut builder = AutoLaunchBuilder::new();
builder.set_app_name(name);
builder.set_app_path(&path_buf.to_string_lossy());
if self.start_minimized {
builder.set_args(&["run", "--minimized"]);
}
Ok(builder.build()?)
}
}

100
src-tauri/src/credentials/aws.rs
View File

@ -185,10 +185,16 @@ where S: Serializer
#[cfg(test)]
mod tests {
use super::*;
use aws_sdk_sts::primitives::DateTimeFormat;
use creddy_cli::proto::{
AwsBaseCredential as CliBase,
AwsSessionCredential as CliSession,
};
use sqlx::SqlitePool;
use sqlx::types::uuid::uuid;
fn creds() -> AwsBaseCredential {
AwsBaseCredential::new(
"AKIAIOSFODNN7EXAMPLE".into(),
@ -242,4 +248,98 @@ mod tests {
assert_eq!(&creds().into_credential(), &list[0]);
assert_eq!(&creds_2().into_credential(), &list[1]);
}
// In order to avoid the CLI depending on the main app (and thus defeating the purpose
// of having a separate CLI at all) it re-defines the credentials that need to be sent
// back and forth. To prevent the separate definitions from drifting aprt, we test
// serializing/deserializing in both directions.
#[test]
fn test_cli_to_app_base() {
let cli_base = CliBase {
version: 1,
access_key_id: "AKIAIOSFODNN7EXAMPLE".into(),
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
};
let json = serde_json::to_string(&cli_base).unwrap();
let computed: AwsBaseCredential = serde_json::from_str(&json)
.expect("Failed to deserialize base credentials from CLI -> main app");
assert_eq!(creds(), computed);
}
#[test]
fn test_app_to_cli_base() {
let base = creds();
let json = serde_json::to_string(&base).unwrap();
let computed: CliBase = serde_json::from_str(&json)
.expect("Failed to deserialize base credentials from main app -> CLI");
let expected = CliBase {
version: 1,
access_key_id: "AKIAIOSFODNN7EXAMPLE".into(),
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
};
assert_eq!(expected, computed);
}
#[test]
fn test_cli_to_app_session() {
let cli_session = CliSession {
version: 1,
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
expiration: "2024-07-21T00:00:00Z".into(),
};
let json = serde_json::to_string(&cli_session).unwrap();
let computed: AwsSessionCredential = serde_json::from_str(&json)
.expect("Failed to deserialize session credentials from CLI -> main app");
let expected = AwsSessionCredential {
version: 1,
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
expiration: DateTime::from_str(
"2024-07-21T00:00:00Z",
DateTimeFormat::DateTimeWithOffset
).unwrap(),
};
assert_eq!(expected, computed);
}
#[test]
fn test_app_to_cli_session() {
let session = AwsSessionCredential {
version: 1,
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
expiration: DateTime::from_str(
"2024-07-21T00:00:00Z",
DateTimeFormat::DateTimeWithOffset
).unwrap(),
};
let json = serde_json::to_string(&session).unwrap();
let computed: CliSession = serde_json::from_str(&json)
.expect("Failed to deserialize session credentials from main app -> CLI");
let expected = CliSession {
version: 1,
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
expiration: "2024-07-21T00:00:00Z".into(),
};
assert_eq!(expected, computed);
}
}

196
src-tauri/src/credentials/docker.rs Normal file
View File

@ -0,0 +1,196 @@
use chacha20poly1305::XNonce;
use serde::{Serialize, Deserialize};
use sqlx::{
FromRow,
Sqlite,
Transaction,
types::Uuid,
};
use super::{Credential, Crypto, PersistentCredential};
use crate::errors::*;
#[derive(Debug, Clone, FromRow)]
pub struct DockerRow {
id: Uuid,
server_url: String,
username: String,
secret_enc: Vec<u8>,
nonce: Vec<u8>,
}
#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub struct DockerCredential {
#[serde(rename = "ServerURL")]
pub server_url: String,
pub username: String,
pub secret: String,
}
impl PersistentCredential for DockerCredential {
type Row = DockerRow;
fn type_name() -> &'static str { "docker" }
fn into_credential(self) -> Credential { Credential::Docker(self) }
fn row_id(row: &DockerRow) -> Uuid { row.id }
fn from_row(row: DockerRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> {
let nonce = XNonce::clone_from_slice(&row.nonce);
let secret_bytes = crypto.decrypt(&nonce, &row.secret_enc)?;
let secret = String::from_utf8(secret_bytes)
.map_err(|_| LoadCredentialsError::InvalidData)?;
Ok(DockerCredential {
server_url: row.server_url,
username: row.username,
secret
})
}
async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> {
let (nonce, ciphertext) = crypto.encrypt(self.secret.as_bytes())?;
let nonce_bytes = &nonce.as_slice();
sqlx::query!(
"INSERT OR REPLACE INTO docker_credentials (
id,
server_url,
username,
secret_enc,
nonce
)
VALUES (?, ?, ?, ?, ?)",
id, self.server_url, self.username, ciphertext, nonce_bytes,
).execute(&mut **txn).await?;
Ok(())
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::credentials::CredentialRecord;
use creddy_cli::proto::DockerCredential as CliDockerCredential;
use sqlx::SqlitePool;
use sqlx::types::uuid::uuid;
fn test_credential() -> DockerCredential {
DockerCredential {
server_url: "https://registry.jfmonty2.com".into(),
username: "joe@jfmonty2.com".into(),
secret: "correct horse battery staple".into(),
}
}
fn test_credential_2() -> DockerCredential {
DockerCredential {
server_url: "https://index.docker.io/v1".into(),
username: "test@example.com".into(),
secret: "a very secure passphrase".into(),
}
}
fn test_record() -> CredentialRecord {
CredentialRecord {
id: uuid!("00000000-0000-0000-0000-000000000000"),
name: "docker_test".into(),
is_default: false,
credential: Credential::Docker(test_credential()),
}
}
fn test_record_2() -> CredentialRecord {
CredentialRecord {
id: uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff"),
name: "docker_test_2".into(),
is_default: false,
credential: Credential::Docker(test_credential_2()),
}
}
#[sqlx::test]
fn test_save(pool: SqlitePool) {
let crypt = Crypto::random();
test_record().save(&crypt, &pool).await
.expect("Failed to save record");
}
#[sqlx::test(fixtures("docker_credentials"))]
fn test_load(pool: SqlitePool) {
let crypt = Crypto::fixed();
let id = uuid!("00000000-0000-0000-0000-000000000000");
let loaded = DockerCredential::load(&id, &crypt, &pool).await
.expect("Failed to load record");
assert_eq!(test_credential(), loaded);
}
#[sqlx::test(fixtures("docker_credentials"))]
async fn test_overwrite(pool: SqlitePool) {
let crypt = Crypto::fixed();
let mut record = test_record_2();
// give it the same id as test_record so that it overwrites
let id = uuid!("00000000-0000-0000-0000-000000000000");
record.id = id;
record.save(&crypt, &pool).await
.expect("Failed to overwrite original record with second record");
let loaded = DockerCredential::load(&id, &crypt, &pool).await
.expect("Failed to load again after overwriting");
assert_eq!(test_credential_2(), loaded);
}
#[sqlx::test(fixtures("docker_credentials"))]
async fn test_list(pool: SqlitePool) {
let crypt = Crypto::fixed();
let records = CredentialRecord::list(&crypt, &pool).await
.expect("Failed to list credentials");
assert_eq!(test_record(), records[0]);
}
// make sure that CLI credentials and app credentials don't drift apart
#[test]
fn test_cli_to_app() {
let cli_creds = CliDockerCredential {
server_url: "https://registry.jfmonty2.com".into(),
username: "joe@jfmonty2.com".into(),
secret: "correct horse battery staple".into(),
};
let json = serde_json::to_string(&cli_creds).unwrap();
let computed: DockerCredential = serde_json::from_str(&json)
.expect("Failed to deserialize Docker credentials from CLI -> main app");
assert_eq!(test_credential(), computed);
}
#[test]
fn test_app_to_cli() {
let app_creds = test_credential();
let json = serde_json::to_string(&app_creds).unwrap();
let computed: CliDockerCredential = serde_json::from_str(&json)
.expect("Failed to deserialize Docker credentials from main app -> CLI");
let expected = CliDockerCredential {
server_url: "https://registry.jfmonty2.com".into(),
username: "joe@jfmonty2.com".into(),
secret: "correct horse battery staple".into(),
};
assert_eq!(expected, computed);
}
}

11
src-tauri/src/credentials/fixtures/docker_credentials.sql Normal file
View File

@ -0,0 +1,11 @@
INSERT INTO credentials (id, name, credential_type, is_default, created_at)
VALUES (X'00000000000000000000000000000000', 'docker_test', 'docker', 0, 1726756380);
INSERT INTO docker_credentials (id, server_url, username, secret_enc, nonce)
VALUES (
X'00000000000000000000000000000000',
'https://registry.jfmonty2.com',
'joe@jfmonty2.com',
X'C0B36EE54539D4113A8F73E99FB96B2BF4D87E91F7C3B48256C07E83E3E7EC738888B2FDE2B4DB0BE48BEFDE',
X'C5F7F627BBE09A1BB275BE8D2390596C76143881A7766E60'
);

8
src-tauri/src/credentials/fixtures/ssh_credentials.sql
View File

@ -1,3 +1,11 @@
INSERT INTO credentials (id, name, credential_type, is_default, created_at)
VALUES
(X'11111111111111111111111111111111', 'ssh-plain', 'ssh', 1, 1721557273),
(X'22222222222222222222222222222222', 'ssh-enc', 'ssh', 0, 1721557274),
(X'33333333333333333333333333333333', 'ed25519-plain', 'ssh', 0, 1721557275),
(X'44444444444444444444444444444444', 'ed25519-enc', 'ssh', 0, 1721557276);
INSERT INTO ssh_credentials (id, algorithm, comment, public_key, private_key_enc, nonce)
VALUES
(

28
src-tauri/src/credentials/mod.rs
View File

@ -17,6 +17,9 @@ pub use aws::{AwsBaseCredential, AwsSessionCredential};
mod crypto;
pub use crypto::Crypto;
mod docker;
pub use docker::DockerCredential;
mod record;
pub use record::CredentialRecord;
@ -32,6 +35,7 @@ pub use ssh::SshKey;
pub enum Credential {
AwsBase(AwsBaseCredential),
AwsSession(AwsSessionCredential),
Docker(DockerCredential),
Ssh(SshKey),
}
@ -79,6 +83,23 @@ pub trait PersistentCredential: for<'a> Deserialize<'a> + Sized {
Self::from_row(row, crypto)
}
async fn load_by<T>(column: &str, value: T, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError>
where T: Send + for<'q> sqlx::Encode<'q, Sqlite> + sqlx::Type<Sqlite>
{
let query = format!(
"SELECT * FROM {} where {} = ?",
Self::table_name(),
column,
);
let row: Self::Row = sqlx::query_as(&query)
.bind(value)
.fetch_optional(pool)
.await?
.ok_or(LoadCredentialsError::NoCredentials)?;
Self::from_row(row, crypto)
}
async fn load_default(crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
let q = format!(
"SELECT details.*
@ -118,3 +139,10 @@ pub trait PersistentCredential: for<'a> Deserialize<'a> + Sized {
Ok(creds)
}
}
pub fn random_uuid() -> Uuid {
// a bit weird to use salt() for this, but it's convenient
let random_bytes = Crypto::salt();
Uuid::from_slice(&random_bytes[..16]).unwrap()
}

8
src-tauri/src/credentials/record.rs
View File

@ -20,6 +20,7 @@ use super::{
AwsBaseCredential,
Credential,
Crypto,
DockerCredential,
PersistentCredential,
SshKey,
};
@ -51,6 +52,7 @@ impl CredentialRecord {
let type_name = match &self.credential {
Credential::AwsBase(_) => AwsBaseCredential::type_name(),
Credential::Ssh(_) => SshKey::type_name(),
Credential::Docker(_) => DockerCredential::type_name(),
_ => return Err(SaveCredentialsError::NotPersistent),
};
@ -86,6 +88,7 @@ impl CredentialRecord {
match &self.credential {
Credential::AwsBase(b) => b.save_details(&self.id, crypto, &mut txn).await,
Credential::Ssh(s) => s.save_details(&self.id, crypto, &mut txn).await,
Credential::Docker(d) => d.save_details(&self.id, crypto, &mut txn).await,
_ => Err(SaveCredentialsError::NotPersistent),
}?;
@ -167,6 +170,11 @@ impl CredentialRecord {
.ok_or(LoadCredentialsError::InvalidData)?;
records.push(Self::from_parts(parent, credential));
}
for (id, credential) in DockerCredential::list(crypto, pool).await? {
let parent = parent_map.remove(&id)
.ok_or(LoadCredentialsError::InvalidData)?;
records.push(Self::from_parts(parent, credential));
}
Ok(records)
}

30
src-tauri/src/credentials/ssh.rs
View File

@ -299,6 +299,8 @@ fn deserialize_algorithm<'de, D>(deserializer: D) -> Result<Algorithm, D::Error>
mod tests {
use std::fs::{self, File};
use sqlx::types::uuid::uuid;
use crate::credentials::CredentialRecord;
use super::*;
fn path(name: &str) -> String {
@ -434,11 +436,14 @@ mod tests {
#[sqlx::test]
async fn test_save_db(pool: SqlitePool) {
let crypto = Crypto::random();
let k = rsa_plain();
let mut txn = pool.begin().await.unwrap();
k.save_details(&random_uuid(), &crypto, &mut txn).await
.expect("Failed to save SSH key to database");
txn.commit().await.expect("Failed to finalize transaction");
let record = CredentialRecord {
id: random_uuid(),
name: "save_test".into(),
is_default: false,
credential: Credential::Ssh(rsa_plain()),
};
record.save(&crypto, &pool).await
.expect("Failed to save SSH key CredentialRecord to database");
}
@ -454,13 +459,18 @@ mod tests {
#[sqlx::test]
async fn test_save_load_db(pool: SqlitePool) {
let crypto = Crypto::random();
let id = uuid!("7bc994dd-113a-4841-bcf7-b47c2fffdd25");
let known = ed25519_plain();
let mut txn = pool.begin().await.unwrap();
known.save_details(&id, &crypto, &mut txn).await.unwrap();
txn.commit().await.unwrap();
let id = random_uuid();
let record = CredentialRecord {
id,
name: "save_load_test".into(),
is_default: false,
credential: Credential::Ssh(ed25519_plain()),
};
record.save(&crypto, &pool).await.unwrap();
let loaded = SshKey::load(&id, &crypto, &pool).await.unwrap();
let known = ed25519_plain();
assert_eq!(known.algorithm, loaded.algorithm);
assert_eq!(known.comment, loaded.comment);

10
src-tauri/src/errors.rs
View File

@ -173,7 +173,7 @@ pub enum HandlerError {
StreamIOError(#[from] std::io::Error),
#[error("Received invalid UTF-8 in request")]
InvalidUtf8(#[from] FromUtf8Error),
#[error("HTTP request malformed")]
#[error("Request malformed: {0}")]
BadRequest(#[from] serde_json::Error),
#[error("HTTP request too large")]
RequestTooLarge,
@ -183,6 +183,8 @@ pub enum HandlerError {
Internal(#[from] RecvError),
#[error("Error accessing credentials: {0}")]
NoCredentials(#[from] GetCredentialsError),
#[error("Error saving credentials: {0}")]
SaveCredentials(#[from] SaveCredentialsError),
#[error("Error getting client details: {0}")]
ClientInfo(#[from] ClientInfoError),
#[error("Error from Tauri: {0}")]
@ -199,6 +201,10 @@ pub enum HandlerError {
Signature(#[from] signature::Error),
#[error(transparent)]
Encoding(#[from] ssh_encoding::Error),
#[cfg(windows)]
#[error(transparent)]
Windows(#[from] windows::core::Error),
}
@ -370,7 +376,7 @@ pub enum RequestError {
#[error("Error response from server: {0}")]
Server(ServerError),
#[error("Unexpected response from server")]
Unexpected(crate::srv::Response),
Unexpected(crate::srv::CliResponse),
#[error("The server did not respond with valid JSON")]
InvalidJson(#[from] serde_json::Error),
#[error("Error reading/writing stream: {0}")]

55
src-tauri/src/ipc.rs
View File

@ -14,9 +14,16 @@ use crate::state::AppState;
use crate::terminal;
#[derive(Clone, Debug, Serialize, Deserialize)]
pub enum RequestAction {
Access,
Delete,
Save,
}
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct AwsRequestNotification {
pub id: u64,
pub client: Client,
pub name: Option<String>,
pub base: bool,
@ -25,27 +32,47 @@ pub struct AwsRequestNotification {
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct SshRequestNotification {
pub id: u64,
pub client: Client,
pub key_name: String,
}
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(tag = "type")]
pub enum RequestNotification {
Aws(AwsRequestNotification),
Ssh(SshRequestNotification),
pub struct DockerRequestNotification {
pub action: RequestAction,
pub client: Client,
pub server_url: String,
}
impl RequestNotification {
pub fn new_aws(id: u64, client: Client, name: Option<String>, base: bool) -> Self {
Self::Aws(AwsRequestNotification {id, client, name, base})
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(tag = "type")]
pub enum RequestNotificationDetail {
Aws(AwsRequestNotification),
Ssh(SshRequestNotification),
Docker(DockerRequestNotification),
}
impl RequestNotificationDetail {
pub fn new_aws(client: Client, name: Option<String>, base: bool) -> Self {
Self::Aws(AwsRequestNotification {client, name, base})
}
pub fn new_ssh(id: u64, client: Client, key_name: String) -> Self {
Self::Ssh(SshRequestNotification {id, client, key_name})
pub fn new_ssh(client: Client, key_name: String) -> Self {
Self::Ssh(SshRequestNotification {client, key_name})
}
pub fn new_docker(action: RequestAction, client: Client, server_url: String) -> Self {
Self::Docker(DockerRequestNotification {action, client, server_url})
}
}
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct RequestNotification {
pub id: u64,
#[serde(flatten)]
pub detail: RequestNotificationDetail,
}
@ -177,6 +204,12 @@ pub async fn get_setup_errors(app_state: State<'_, AppState>) -> Result<Vec<Stri
}
#[tauri::command]
pub fn get_devmode() -> bool {
cfg!(debug_assertions)
}
#[tauri::command]
pub fn exit(app_handle: AppHandle) {
app_handle.exit(0)

1
src-tauri/src/lib.rs
View File

@ -1,5 +1,4 @@
pub mod app;
pub mod cli;
mod config;
mod credentials;
pub mod errors;

27
src-tauri/src/main.rs
View File

@ -3,23 +3,34 @@
windows_subsystem = "windows"
)]
use creddy::{
app,
cli,
errors::ShowError,
};
use creddy_cli::{
Action,
Cli,
RunArgs,
};
fn main() {
let res = match cli::parser().get_matches().subcommand() {
None | Some(("run", _)) => {
app::run().error_popup("Creddy encountered an error");
let cli = Cli::parse();
let res = match cli.action {
None => {
let run_args = RunArgs { minimized: false };
app::run(run_args, cli.global_args).error_popup("Creddy encountered an error");
Ok(())
}
Some(Action::Run(run_args)) => {
app::run(run_args, cli.global_args).error_popup("Creddy encountered an error");
Ok(())
},
Some(("get", m)) => cli::get(m),
Some(("exec", m)) => cli::exec(m),
Some(("shortcut", m)) => cli::invoke_shortcut(m),
_ => unreachable!(),
Some(Action::Get(args)) => creddy_cli::get(args, cli.global_args),
Some(Action::Exec(args)) => creddy_cli::exec(args, cli.global_args),
Some(Action::Shortcut(args)) => creddy_cli::invoke_shortcut(args, cli.global_args),
Some(Action::Docker(cmd)) => creddy_cli::docker_credential_helper(cmd, cli.global_args),
};
if let Err(e) = res {

5
src-tauri/src/shortcuts.rs
View File

@ -44,10 +44,7 @@ fn launch_terminal() {
pub fn register_hotkeys(hotkeys: &HotkeysConfig) -> Result<(), ShortcutError> {
let app = APP.get().unwrap();
let shortcuts = app.global_shortcut();
shortcuts.unregister_all([
hotkeys.show_window.keys.as_str(),
hotkeys.launch_terminal.keys.as_str(),
])?;
shortcuts.unregister_all()?;
if hotkeys.show_window.enabled {
shortcuts.on_shortcut(

53
src-tauri/src/srv/agent.rs
View File

@ -6,12 +6,11 @@ use ssh_agent_lib::proto::message::{
};
use tauri::{AppHandle, Manager};
use tokio_stream::StreamExt;
use tokio::sync::oneshot;
use tokio_util::codec::Framed;
use crate::clientinfo;
use crate::errors::*;
use crate::ipc::{Approval, RequestNotification};
use crate::ipc::{Approval, RequestNotificationDetail};
use crate::state::AppState;
use super::{CloseWaiter, Stream};
@ -69,47 +68,21 @@ async fn sign_request(
req: SignRequest,
app_handle: AppHandle,
client_pid: u32,
mut waiter: CloseWaiter<'_>,
waiter: CloseWaiter<'_>,
) -> Result<Message, HandlerError> {
let state = app_handle.state::<AppState>();
let rehide_ms = {
let config = state.config.read().await;
config.rehide_ms
};
let client = clientinfo::get_client(client_pid, false)?;
let lease = state.acquire_visibility_lease(rehide_ms).await
.map_err(|_e| HandlerError::NoMainWindow)?;
let key_name = state.ssh_name_from_pubkey(&req.pubkey_blob).await?;
let detail = RequestNotificationDetail::new_ssh(client, key_name.clone());
let (chan_send, chan_recv) = oneshot::channel();
let request_id = state.register_request(chan_send).await;
let proceed = async {
let key_name = state.ssh_name_from_pubkey(&req.pubkey_blob).await?;
let notification = RequestNotification::new_ssh(request_id, client, key_name.clone());
app_handle.emit("credential-request", &notification)?;
let response = tokio::select! {
r = chan_recv => r?,
_ = waiter.wait_for_close() => {
app_handle.emit("request-cancelled", request_id)?;
return Err(HandlerError::Abandoned);
},
};
if let Approval::Denied = response.approval {
return Ok(Message::Failure);
}
let key = state.sshkey_by_name(&key_name).await?;
let sig = key.sign_request(&req)?;
Ok(Message::SignResponse(sig))
};
let res = proceed.await;
if let Err(_) = &res {
state.unregister_request(request_id).await;
let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
match response.approval {
Approval::Approved => {
let key = state.sshkey_by_name(&key_name).await?;
let sig = key.sign_request(&req)?;
Ok(Message::SignResponse(sig))
},
Approval::Denied => Err(HandlerError::Abandoned),
}
lease.release();
res
}

215
src-tauri/src/srv/creddy_server.rs
View File

@ -1,16 +1,26 @@
use tauri::{AppHandle, Manager};
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio::sync::oneshot;
use crate::clientinfo::{self, Client};
use crate::credentials::{
self,
Credential,
CredentialRecord,
DockerCredential,
};
use crate::errors::*;
use crate::ipc::{Approval, RequestNotification};
use crate::ipc::{
Approval,
RequestAction,
RequestNotificationDetail
};
use crate::shortcuts::{self, ShortcutAction};
use crate::state::AppState;
use super::{
CloseWaiter,
Request,
Response,
CliCredential,
CliRequest,
CliResponse,
Stream,
};
@ -43,13 +53,21 @@ async fn handle(
let waiter = CloseWaiter { stream: &mut stream };
let req: Request = serde_json::from_slice(&buf)?;
let req: CliRequest = serde_json::from_slice(&buf)?;
let res = match req {
Request::GetAwsCredentials { name, base } => get_aws_credentials(
CliRequest::GetAwsCredential{ name, base } => get_aws_credentials(
name, base, client, app_handle, waiter
).await,
Request::InvokeShortcut(action) => invoke_shortcut(action).await,
Request::GetSshSignature(_) => return Err(HandlerError::Denied),
CliRequest::GetDockerCredential{ server_url } => get_docker_credential (
server_url, client, app_handle, waiter
).await,
CliRequest::StoreDockerCredential(docker_credential) => store_docker_credential(
docker_credential, app_handle, client, waiter
).await,
CliRequest::EraseDockerCredential { server_url } => erase_docker_credential(
server_url, app_handle, client, waiter
).await,
CliRequest::InvokeShortcut{ action } => invoke_shortcut(action).await,
};
// doesn't make sense to send the error to the client if the client has already left
@ -63,9 +81,9 @@ async fn handle(
}
async fn invoke_shortcut(action: ShortcutAction) -> Result<Response, HandlerError> {
async fn invoke_shortcut(action: ShortcutAction) -> Result<CliResponse, HandlerError> {
shortcuts::exec_shortcut(action);
Ok(Response::Empty)
Ok(CliResponse::Empty)
}
@ -74,59 +92,132 @@ async fn get_aws_credentials(
base: bool,
client: Client,
app_handle: AppHandle,
mut waiter: CloseWaiter<'_>,
) -> Result<Response, HandlerError> {
let state = app_handle.state::<AppState>();
let rehide_ms = {
let config = state.config.read().await;
config.rehide_ms
};
let lease = state.acquire_visibility_lease(rehide_ms).await
.map_err(|_e| HandlerError::NoMainWindow)?; // automate this conversion eventually?
let (chan_send, chan_recv) = oneshot::channel();
let request_id = state.register_request(chan_send).await;
// if an error occurs in any of the following, we want to abort the operation
// but ? returns immediately, and we want to unregister the request before returning
// so we bundle it all up in an async block and return a Result so we can handle errors
let proceed = async {
let notification = RequestNotification::new_aws(
request_id, client, name.clone(), base
);
app_handle.emit("credential-request", &notification)?;
let response = tokio::select! {
r = chan_recv => r?,
_ = waiter.wait_for_close() => {
app_handle.emit("request-cancelled", request_id)?;
return Err(HandlerError::Abandoned);
},
};
match response.approval {
Approval::Approved => {
if response.base {
let creds = state.get_aws_base(name).await?;
Ok(Response::AwsBase(creds))
}
else {
let creds = state.get_aws_session(name).await?;
Ok(Response::AwsSession(creds.clone()))
}
},
Approval::Denied => Err(HandlerError::Denied),
}
};
let result = match proceed.await {
Ok(r) => Ok(r),
Err(e) => {
state.unregister_request(request_id).await;
Err(e)
waiter: CloseWaiter<'_>,
) -> Result<CliResponse, HandlerError> {
let detail = RequestNotificationDetail::new_aws(client, name.clone(), base);
let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
match response.approval {
Approval::Approved => {
let state = app_handle.state::<AppState>();
if response.base {
let creds = state.get_aws_base(name).await?;
Ok(CliResponse::Credential(CliCredential::AwsBase(creds)))
}
else {
let creds = state.get_aws_session(name).await?.clone();
Ok(CliResponse::Credential(CliCredential::AwsSession(creds)))
}
},
Approval::Denied => Err(HandlerError::Denied),
}
}
async fn get_docker_credential(
server_url: String,
client: Client,
app_handle: AppHandle,
waiter: CloseWaiter<'_>,
) -> Result<CliResponse, HandlerError> {
let state = app_handle.state::<AppState>();
let meta = state.docker_credential_meta(&server_url).await.unwrap_or(None);
if meta.is_none() {
return Err(
HandlerError::NoCredentials(
GetCredentialsError::Load(
LoadCredentialsError::NoCredentials
)
)
);
}
let detail = RequestNotificationDetail::new_docker(
RequestAction::Access,
client,
server_url.clone()
);
let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
match response.approval {
Approval::Approved => {
let creds = state.get_docker_credential(&server_url).await?;
Ok(CliResponse::Credential(CliCredential::Docker(creds)))
},
Approval::Denied => {
Err(HandlerError::Denied)
},
}
}
async fn store_docker_credential(
docker_credential: DockerCredential,
app_handle: AppHandle,
client: Client,
waiter: CloseWaiter<'_>,
) -> Result<CliResponse, HandlerError> {
let state = app_handle.state::<AppState>();
// We want to do this before asking for confirmation from the user, because Docker has an annoying
// habit of calling `get` and then immediately turning around and calling `store` with the same
// data. In that case we want to avoid asking for confirmation at all.
match state.get_docker_credential(&docker_credential.server_url).await {
// if there is already a credential with this server_url, and it is unchanged, we're done
Ok(c) if c == docker_credential => return Ok(CliResponse::Empty),
// otherwise we are making an update, so proceed
Ok(_) => (),
// if the app is locked, then this isn't the situation described above, so proceed
Err(GetCredentialsError::Locked) => (),
// if the app is unlocked, and there is no matching credential, proceed
Err(GetCredentialsError::Load(LoadCredentialsError::NoCredentials)) => (),
// any other error is a failure
Err(e) => return Err(e.into()),
};
lease.release();
result
let detail = RequestNotificationDetail::new_docker(
RequestAction::Save,
client,
docker_credential.server_url.clone(),
);
let response = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
if matches!(response.approval, Approval::Denied) {
return Err(HandlerError::Denied);
}
let (id, name) = state.docker_credential_meta(&docker_credential.server_url)
.await
.map_err(|e| GetCredentialsError::Load(e))?
.unwrap_or_else(|| (credentials::random_uuid(), docker_credential.server_url.clone()));
let record = CredentialRecord {
id,
name,
is_default: false,
credential: Credential::Docker(docker_credential)
};
state.save_credential(record).await?;
Ok(CliResponse::Empty)
}
async fn erase_docker_credential(
server_url: String,
app_handle: AppHandle,
client: Client,
waiter: CloseWaiter<'_>
) -> Result<CliResponse, HandlerError> {
let state = app_handle.state::<AppState>();
let detail = RequestNotificationDetail::new_docker(
RequestAction::Delete,
client,
server_url.clone(),
);
let resp = super::send_credentials_request(detail, app_handle.clone(), waiter).await?;
match resp.approval {
Approval::Approved => {
state.delete_credential_by_name(&server_url).await?;
Ok(CliResponse::Empty)
}
Approval::Denied => {
Err(HandlerError::Denied)
}
}
}

138
src-tauri/src/srv/mod.rs
View File

@ -3,37 +3,64 @@ use std::future::Future;
use tauri::{
AppHandle,
async_runtime as rt,
Emitter,
Manager,
Runtime,
};
use tokio::io::AsyncReadExt;
use tokio::sync::oneshot;
use serde::{Serialize, Deserialize};
use ssh_agent_lib::proto::message::SignRequest;
use crate::credentials::{AwsBaseCredential, AwsSessionCredential};
use crate::credentials::{
AwsBaseCredential,
AwsSessionCredential,
DockerCredential,
};
use crate::errors::*;
use crate::ipc::{RequestNotification, RequestNotificationDetail, RequestResponse};
use crate::shortcuts::ShortcutAction;
use crate::state::AppState;
pub mod creddy_server;
pub mod agent;
use platform::Stream;
pub use platform::addr;
// These types match what's defined in creddy_cli, but they are separate types
// so that we avoid polluting the standalone CLI with a bunch of dependencies
// that would make it impossible to build a completely static-linked version
#[derive(Debug, Serialize, Deserialize)]
pub enum Request {
GetAwsCredentials {
#[serde(tag = "type")]
pub enum CliRequest {
GetAwsCredential {
name: Option<String>,
base: bool,
},
GetSshSignature(SignRequest),
InvokeShortcut(ShortcutAction),
GetDockerCredential {
server_url: String,
},
StoreDockerCredential(DockerCredential),
EraseDockerCredential {
server_url: String,
},
InvokeShortcut{
action: ShortcutAction,
},
}
#[derive(Debug, Serialize, Deserialize)]
pub enum Response {
pub enum CliResponse {
Credential(CliCredential),
Empty,
}
#[derive(Debug, Serialize, Deserialize)]
pub enum CliCredential {
AwsBase(AwsBaseCredential),
AwsSession(AwsSessionCredential),
Empty,
Docker(DockerCredential),
}
@ -55,9 +82,11 @@ impl<'s> CloseWaiter<'s> {
}
fn serve<H, F>(sock_name: &str, app_handle: AppHandle, handler: H) -> std::io::Result<()>
where H: Copy + Send + Fn(Stream, AppHandle, u32) -> F + 'static,
// note: AppHandle is generic over `Runtime` for testing
fn serve<H, F, R>(sock_name: &str, app_handle: AppHandle<R>, handler: H) -> std::io::Result<()>
where H: Copy + Send + Fn(Stream, AppHandle<R>, u32) -> F + 'static,
F: Send + Future<Output = Result<(), HandlerError>>,
R: Runtime
{
let (mut listener, addr) = platform::bind(sock_name)?;
rt::spawn(async move {
@ -81,6 +110,48 @@ fn serve<H, F>(sock_name: &str, app_handle: AppHandle, handler: H) -> std::io::R
}
async fn send_credentials_request(
detail: RequestNotificationDetail,
app_handle: AppHandle,
mut waiter: CloseWaiter<'_>
) -> Result<RequestResponse, HandlerError> {
let state = app_handle.state::<AppState>();
let rehide_ms = {
let config = state.config.read().await;
config.rehide_ms
};
let lease = state.acquire_visibility_lease(rehide_ms).await
.map_err(|_e| HandlerError::NoMainWindow)?;
let (chan_send, chan_recv) = oneshot::channel();
let request_id = state.register_request(chan_send).await;
let notification = RequestNotification { id: request_id, detail };
// the following could fail in various ways, but we want to make sure
// the request gets unregistered on any failure, so we wrap this all
// up in an async block so that we only have to handle the error case once
let proceed = async {
app_handle.emit("credential-request", &notification)?;
tokio::select! {
r = chan_recv => Ok(r?),
_ = waiter.wait_for_close() => {
app_handle.emit("request-cancelled", request_id)?;
Err(HandlerError::Abandoned)
},
}
};
let res = proceed.await;
if let Err(_) = &res {
state.unregister_request(request_id).await;
}
lease.release();
res
}
#[cfg(unix)]
mod platform {
use std::io::ErrorKind;
@ -92,7 +163,7 @@ mod platform {
pub type Stream = UnixStream;
pub fn bind(sock_name: &str) -> std::io::Result<(UnixListener, PathBuf)> {
let path = addr(sock_name);
let path = creddy_cli::server_addr(sock_name);
match std::fs::remove_file(&path) {
Ok(_) => (),
Err(e) if e.kind() == ErrorKind::NotFound => (),
@ -112,20 +183,13 @@ mod platform {
Ok((stream, pid))
}
pub fn addr(sock_name: &str) -> PathBuf {
let mut path = dirs::runtime_dir()
.unwrap_or_else(|| PathBuf::from("/tmp"));
path.push(format!("{sock_name}.sock"));
path
}
}
#[cfg(windows)]
mod platform {
use std::os::windows::io::AsRawHandle;
use std::path::PathBuf;
use tokio::net::windows::named_pipe::{
NamedPipeServer,
ServerOptions,
@ -139,15 +203,15 @@ mod platform {
pub type Stream = NamedPipeServer;
pub fn bind(sock_name: &str) -> std::io::Result<(String, NamedPipeServer)> {
let addr = addr(sock_name);
pub fn bind(sock_name: &str) -> std::io::Result<(NamedPipeServer, PathBuf)> {
let addr = creddy_cli::server_addr(sock_name);
let listener = ServerOptions::new()
.first_pipe_instance(true)
.create(&addr)?;
Ok((listener, addr))
}
pub async fn accept(listener: &mut NamedPipeServer, addr: &String) -> Result<(NamedPipeServer, u32), HandlerError> {
pub async fn accept(listener: &mut NamedPipeServer, addr: &PathBuf) -> Result<(NamedPipeServer, u32), HandlerError> {
// connect() just waits for a client to connect, it doesn't return anything
listener.connect().await?;
@ -163,8 +227,32 @@ mod platform {
unsafe { GetNamedPipeClientProcessId(handle, &mut pid as *mut u32)? };
Ok((stream, pid))
}
}
pub fn addr(sock_name: &str) -> String {
format!(r"\\.\pipe\{sock_name}")
#[cfg(test)]
mod tests {
use super::*;
use tokio::io::AsyncWriteExt;
#[tokio::test]
async fn test_server_connect() {
let app = tauri::test::mock_app();
serve("creddy_server_test", app.app_handle().clone(), |mut stream, _handle, _pid| {
async move {
let buf = serde_json::to_vec(&CliResponse::Empty).unwrap();
stream.write_all(&buf).await.unwrap();
Ok(())
}
}).unwrap();
let addr = creddy_cli::server_addr("creddy_server_test");
let mut stream = creddy_cli::connect(Some(addr)).await.unwrap();
let mut buf = Vec::new();
stream.read_to_end(&mut buf).await.unwrap();
let resp: CliResponse = serde_json::from_slice(&buf).unwrap();
assert!(matches!(resp, CliResponse::Empty))
}
}

50
src-tauri/src/state.rs
View File

@ -11,6 +11,7 @@ use ssh_agent_lib::proto::message::Identity;
use sqlx::SqlitePool;
use sqlx::types::Uuid;
use tauri::{
Emitter,
Manager,
async_runtime as rt,
};
@ -19,9 +20,10 @@ use crate::app;
use crate::credentials::{
AppSession,
AwsSessionCredential,
DockerCredential,
SshKey,
};
use crate::{config, config::AppConfig};
use crate::config::AppConfig;
use crate::credentials::{
AwsBaseCredential,
Credential,
@ -31,6 +33,7 @@ use crate::credentials::{
use crate::ipc::{self, RequestResponse};
use crate::errors::*;
use crate::shortcuts;
use crate::tray;
#[derive(Debug)]
@ -160,6 +163,13 @@ impl AppState {
Ok(())
}
pub async fn delete_credential_by_name(&self, name: &str) -> Result<(), SaveCredentialsError> {
sqlx::query!("DELETE FROM credentials WHERE name = ?", name)
.execute(&self.pool)
.await?;
Ok(())
}
pub async fn list_credentials(&self) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
let session = self.app_session.read().await;
let crypto = session.try_get_crypto()?;
@ -195,8 +205,9 @@ impl AppState {
let mut live_config = self.config.write().await;
// update autostart if necessary
if new_config.start_on_login != live_config.start_on_login {
config::set_auto_launch(new_config.start_on_login)?;
if new_config.start_on_login != live_config.start_on_login
|| new_config.start_minimized != live_config.start_minimized {
new_config.set_auto_launch()?;
}
// re-register hotkeys if necessary
@ -244,7 +255,11 @@ impl AppState {
pub async fn unlock(&self, passphrase: &str) -> Result<(), UnlockError> {
let mut session = self.app_session.write().await;
session.unlock(passphrase)
session.unlock(passphrase)?;
let app_handle = app::APP.get().unwrap();
let menu = app_handle.state::<tray::MenuItems>();
let _ = menu.after_unlock(); // we don't care if this fails, it's non-essential
Ok(())
}
pub async fn lock(&self) -> Result<(), LockError> {
@ -258,6 +273,9 @@ impl AppState {
let app_handle = app::APP.get().unwrap();
app_handle.emit("locked", None::<usize>)?;
let menu = app_handle.state::<tray::MenuItems>();
let _ = menu.after_lock();
Ok(())
}
}
@ -322,6 +340,30 @@ impl AppState {
Ok(k)
}
pub async fn docker_credential_meta(
&self, server_url: &str
) -> Result<Option<(Uuid, String)>, LoadCredentialsError> {
let res = sqlx::query!(
r#"SELECT
c.id as "id: Uuid",
c.name
FROM
credentials c
JOIN docker_credentials d
ON d.id = c.id
WHERE d.server_url = ?"#,
server_url
).fetch_optional(&self.pool).await?;
Ok(res.map(|row| (row.id, row.name)))
}
pub async fn get_docker_credential(&self, server_url: &str) -> Result<DockerCredential, GetCredentialsError> {
let app_session = self.app_session.read().await;
let crypto = app_session.try_get_crypto()?;
let d = DockerCredential::load_by("server_url", server_url.to_owned(), crypto, &self.pool).await?;
Ok(d)
}
pub async fn signal_activity(&self) {
let mut last_activity = self.last_activity.write().await;
*last_activity = OffsetDateTime::now_utc();

6
src-tauri/src/terminal.rs
View File

@ -1,7 +1,11 @@
use std::process::Command;
use std::time::Duration;
use tauri::{AppHandle, Manager};
use tauri::{
AppHandle,
Listener,
Manager,
};
use tokio::time::sleep;
use crate::app::APP;

63
src-tauri/src/tray.rs
View File

@ -7,27 +7,78 @@ use tauri::{
use tauri::menu::{
MenuBuilder,
MenuEvent,
MenuItem,
MenuItemBuilder,
PredefinedMenuItem,
};
use tauri::tray::TrayIconBuilder;
use crate::app;
use crate::state::AppState;
pub struct MenuItems {
pub status: MenuItem<tauri::Wry>,
pub show_hide: MenuItem<tauri::Wry>,
}
impl MenuItems {
pub fn after_show(&self) -> tauri::Result<()> {
self.show_hide.set_text("Hide")
}
pub fn after_hide(&self) -> tauri::Result<()> {
self.show_hide.set_text("Show")
}
pub fn after_lock(&self) -> tauri::Result<()> {
if cfg!(debug_assertions) {
self.status.set_text("Creddy (dev): Locked")
}
else {
self.status.set_text("Creddy: Locked")
}
}
pub fn after_unlock(&self) -> tauri::Result<()> {
if cfg!(debug_assertions) {
self.status.set_text("Creddy (dev): Unlocked")
}
else {
self.status.set_text("Creddy: Unlocked")
}
}
}
pub fn setup(app: &App) -> tauri::Result<()> {
let status_text =
if cfg!(debug_assertions) {
"Creddy (dev): Locked"
}
else {
"Creddy: Locked"
};
let status = MenuItemBuilder::with_id("status", status_text)
.enabled(false)
.build(app)?;
let sep = PredefinedMenuItem::separator(app)?;
let show_hide = MenuItemBuilder::with_id("show_hide", "Show").build(app)?;
let exit = MenuItemBuilder::with_id("exit", "Exit").build(app)?;
let menu = MenuBuilder::new(app)
.items(&[&show_hide, &exit])
.items(&[&status, &sep, &show_hide, &exit])
.build()?;
let tray = app.tray_by_id("main").unwrap();
tray.set_menu(Some(menu))?;
tray.on_menu_event(handle_event);
TrayIconBuilder::new()
.icon(app.default_window_icon().unwrap().clone())
.menu(&menu)
.on_menu_event(handle_event)
.build(app)?;
// stash this so we can find it later to change the text
app.manage(show_hide);
// stash these so we can find them later to change the text
app.manage(MenuItems { status, show_hide });
Ok(())
}

7
src-tauri/tauri.conf.json
View File

@ -50,7 +50,7 @@
}
},
"productName": "creddy",
"version": "0.5.3",
"version": "0.6.5",
"identifier": "creddy",
"plugins": {},
"app": {
@ -65,11 +65,6 @@
"visible": false
}
],
"trayIcon": {
"id": "main",
"iconPath": "icons/icon.png",
"iconAsTemplate": true
},
"security": {
"csp": {
"style-src": [

7
src/App.svelte
View File

@ -14,6 +14,7 @@ import Unlock from './views/Unlock.svelte';
// set up app state
invoke('get_config').then(config => $appState.config = config);
invoke('get_session_status').then(status => $appState.sessionStatus = status);
invoke('get_devmode').then(dm => $appState.devmode = dm)
getVersion().then(version => $appState.appVersion = version);
invoke('get_setup_errors')
.then(errs => {
@ -70,3 +71,9 @@ acceptRequest();
<!-- normal operation -->
<svelte:component this="{$currentView}" />
{/if}
{#if $appState.devmode }
<div class="fixed left-0 bottom-0 right-0 py-1 bg-warning text-xs text-center text-warning-content">
This is a development build of Creddy.
</div>
{/if}

15
src/ui/FileInput.svelte
View File

@ -1,7 +1,7 @@
<script>
// import { listen } from '@tauri-apps/api/event';
import { open } from '@tauri-apps/plugin-dialog';
import { sep } from '@tauri-apps/api/path';
import { basename } from '@tauri-apps/api/path';
import { createEventDispatcher } from 'svelte';
import Icon from './Icon.svelte';
@ -14,17 +14,16 @@
const dispatch = createEventDispatcher();
async function chooseFile() {
let file = await open(params);
if (file) {
value = file;
displayValue = file.name;
let path = await open(params);
if (path) {
displayValue = await basename(path);
value = {name: displayValue, path};
dispatch('update', value);
}
}
function handleInput(evt) {
const segments = evt.target.value.split(sep());
const name = segments[segments.length - 1];
async function handleInput(evt) {
const name = await basename(evt.target.value);
value = {name, path: evt.target.value};
}

2
src/ui/PassphraseInput.svelte
View File

@ -4,10 +4,10 @@
export let value = '';
export let placeholder = '';
export let autofocus = false;
export let show = false;
let classes = '';
export {classes as class};
let show = false;
let input;
export function focus() {

1
src/views/Approve.svelte
View File

@ -7,6 +7,7 @@
import ShowResponse from './approve/ShowResponse.svelte';
import Unlock from './Unlock.svelte';
console.log($appState.currentRequest);
// Extra 50ms so the window can finish disappearing before the redraw
const rehideDelay = Math.min(5000, $appState.config.rehide_ms + 100);

2
src/views/Home.svelte
View File

@ -91,7 +91,7 @@
{#if launchTerminalError}
<div class="toast">
<div class="alert alert-error shadow-lg">
<div class="alert alert-error text-wrap shadow-lg">
<span>{launchTerminalError.msg || launchTerminalError}</span>
<div>
<button class="btn btn-alert-error" on:click={() => launchTerminalError = null}>

38
src/views/ManageCredentials.svelte
View File

@ -6,9 +6,8 @@
import AwsCredential from './credentials/AwsCredential.svelte';
import ConfirmDelete from './credentials/ConfirmDelete.svelte';
import DockerCredential from './credentials/DockerCredential.svelte';
import SshKey from './credentials/SshKey.svelte';
// import NewSshKey from './credentials/NewSshKey.svelte';
// import EditSshKey from './credentials/EditSshKey.svelte';
import Icon from '../ui/Icon.svelte';
import Nav from '../ui/Nav.svelte';
@ -16,6 +15,7 @@
let records = null
$: awsRecords = (records || []).filter(r => r.credential.type === 'AwsBase');
$: sshRecords = (records || []).filter(r => r.credential.type === 'Ssh');
$: dockerRecords = (records || []).filter(r => r.credential.type === 'Docker');
let defaults = writable({});
async function loadCreds() {
@ -47,6 +47,17 @@
records = records;
}
function newDocker() {
records.push({
id: crypto.randomUUID(),
name: null,
is_default: false,
credential: {type: 'Docker', ServerURL: '', Username: '', Secret: ''},
isNew: true,
});
records = records;
}
let confirmDelete;
function handleDelete(evt) {
const record = evt.detail;
@ -117,6 +128,29 @@
{/if}
</div>
<div class="flex flex-col gap-y-4">
<div class="divider">
<h2 class="text-xl font-bold">Docker credentials</h2>
</div>
{#if dockerRecords.length > 0}
{#each dockerRecords as record (record.id)}
<DockerCredential {record} on:save={loadCreds} on:delete={handleDelete} />
{/each}
<button class="btn btn-primary btn-wide mx-auto" on:click={newDocker}>
<Icon name="plus-circle-mini" class="size-5" />
Add
</button>
{:else if records !== null}
<div class="flex flex-col gap-6 items-center rounded-box border-2 border-dashed border-neutral-content/30 p-6">
<div>You have no saved Docker credentials.</div>
<button class="btn btn-primary btn-wide mx-auto" on:click={newDocker}>
<Icon name="plus-circle-mini" class="size-5" />
Add
</button>
</div>
{/if}
</div>
</div>
<ConfirmDelete bind:this={confirmDelete} on:confirm={loadCreds} />

17
src/views/Settings.svelte
View File

@ -20,7 +20,6 @@
let error = null;
async function save() {
try {
throw('wtf');
await invoke('save_config', {config});
$appState.config = await invoke('get_config');
}
@ -48,11 +47,13 @@
</svelte:fragment>
</ToggleSetting>
<ToggleSetting title="Start minimized" bind:value={config.start_minimized}>
<svelte:fragment slot="description">
Minimize to the system tray at startup.
</svelte:fragment>
</ToggleSetting>
{#if config.start_on_login}
<ToggleSetting title="Start minimized" bind:value={config.start_minimized}>
<svelte:fragment slot="description">
Minimize to the system tray when starting on login.
</svelte:fragment>
</ToggleSetting>
{/if}
<NumericSetting title="Re-hide delay" bind:value={config.rehide_ms} min={0} unit="Milliseconds">
<svelte:fragment slot="description">
@ -114,7 +115,7 @@
{#if error}
<div transition:fly={{y: 100, easing: backInOut, duration: 400}} class="toast">
<div class="alert alert-error no-animation">
<div class="alert alert-error no-animation text-wrap">
<div>
<span>{error}</span>
</div>
@ -126,7 +127,7 @@
</div>
{:else if configModified}
<div transition:fly={{y: 100, easing: backInOut, duration: 400}} class="toast">
<div class="alert shadow-lg no-animation">
<div class="alert shadow-lg no-animation text-wrap">
<span>You have unsaved changes.</span>
<div>

2
src/views/Unlock.svelte
View File

@ -40,6 +40,8 @@
</script>
<svelte:window on:focus={input.focus} />
<div class="fixed top-0 w-full p-2 text-center">
<h1 class="text-3xl font-bold">Creddy is locked</h1>
</div>

12
src/views/approve/CollectResponse.svelte
View File

@ -14,7 +14,7 @@
// Extract executable name from full path
const client = $appState.currentRequest.client;
const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
const appName = m[1] || m[2];
const appName = m ? m[1] || m[2] : '';
const dispatch = createEventDispatcher();
@ -26,6 +26,12 @@
};
dispatch('response');
}
const actionDescriptions = {
Access: 'access your',
Delete: 'delete your',
Save: 'create new',
};
</script>
@ -51,6 +57,8 @@
{/if}
{:else if $appState.currentRequest.type === 'Ssh'}
{appName ? `"${appName}"` : 'An application'} would like to use your SSH key "{$appState.currentRequest.key_name}".
{:else if $appState.currentRequest.type === 'Docker'}
{appName ? `"${appName}"` : 'An application'} would like to {actionDescriptions[$appState.currentRequest.action]} Docker credentials for <code>{$appState.currentRequest.server_url}</code>.
{/if}
</h2>
@ -59,6 +67,8 @@
<code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
<div class="text-right">PID:</div>
<code>{client.pid}</code>
<div class="text-right">User:</div>
<code>{client.username ?? 'Unknown'}</code>
</div>
</div>

5
src/views/credentials/AwsCredential.svelte
View File

@ -5,13 +5,12 @@
import ErrorAlert from '../../ui/ErrorAlert.svelte';
import Icon from '../../ui/Icon.svelte';
import PassphraseInput from '../../ui/PassphraseInput.svelte';
export let record;
export let defaults;
import PassphraseInput from '../../ui/PassphraseInput.svelte';
const dispatch = createEventDispatcher();
let showDetails = record.isNew ? true : false;

5
src/views/credentials/ConfirmDelete.svelte
View File

@ -26,9 +26,12 @@
if (record.credential.type === 'AwsBase') {
return 'AWS credential';
}
if (record.credential.type === 'Ssh') {
else if (record.credential.type === 'Ssh') {
return 'SSH key';
}
else {
return `${record.credential.type} credential`;
}
}
</script>

112
src/views/credentials/DockerCredential.svelte Normal file
View File

@ -0,0 +1,112 @@
<script>
import { createEventDispatcher } from 'svelte';
import { fade, slide } from 'svelte/transition';
import { invoke } from '@tauri-apps/api/core';
import ErrorAlert from '../../ui/ErrorAlert.svelte';
import Icon from '../../ui/Icon.svelte';
import PassphraseInput from '../../ui/PassphraseInput.svelte';
export let record;
let local = JSON.parse(JSON.stringify(record));
$: isModified = JSON.stringify(local) !== JSON.stringify(record);
let showDetails = record?.isNew;
let alert;
const dispatch = createEventDispatcher();
async function saveCredential() {
await invoke('save_credential', {record: local});
dispatch('save', local);
showDetails = false;
}
</script>
<div class="rounded-box space-y-4 bg-base-200">
<div class="flex items-center px-6 py-4 gap-x-4">
{#if !record.isNew}
{#if showDetails}
<input
type="text"
class="input input-bordered bg-transparent text-lg font-bold grow"
bind:value={local.name}
>
{:else}
<h3 class="text-lg font-bold break-all">
{record.name}
</h3>
{/if}
{/if}
<div class="join ml-auto">
<button
type="button"
class="btn btn-outline join-item"
on:click={() => showDetails = !showDetails}
>
<Icon name="pencil" class="size-6" />
</button>
<button
type="button"
class="btn btn-outline btn-error join-item"
on:click={() => dispatch('delete', record)}
>
<Icon name="trash" class="size-6" />
</button>
</div>
</div>
{#if showDetails}
<form
transition:slide|local={{duration: 200}}
class=" px-6 pb-4 space-y-4"
on:submit|preventDefault={() => alert.run(saveCredential)}
>
<ErrorAlert bind:this={alert} />
<div class="grid grid-cols-[auto_1fr] items-center gap-4">
{#if record.isNew}
<span class="justify-self-end">Name</span>
<input
type="text"
class="input input-bordered bg-transparent"
bind:value={local.name}
>
{/if}
<span class="justify-self-end">Server URL</span>
<input
type="text"
class="input input-bordered font-mono bg-transparent"
bind:value={local.credential.ServerURL}
>
<span class="justify-self-end">Username</span>
<input
type="text"
class="input input-bordered font-mono bg-transparent"
bind:value={local.credential.Username}
>
<span>Password</span>
<div class="font-mono">
<PassphraseInput class="bg-transparent" bind:value={local.credential.Secret} />
</div>
</div>
<div class="flex justify-end">
{#if isModified}
<button
transition:fade={{duration: 100}}
type="submit"
class="btn btn-primary"
>
Save
</button>
{/if}
</div>
</form>
{/if}
</div>

4
src/views/passphrase/EnterPassphrase.svelte
View File

@ -14,6 +14,7 @@
const dispatch = createEventDispatcher();
let showPassphrase = false;
let alert;
let saving = false;
let passphrase = '';
@ -52,7 +53,6 @@
try {
await alert.run(async () => {
await invoke('set_passphrase', {passphrase})
throw('something bad happened');
$appState.sessionStatus = 'unlocked';
dispatch('save');
});
@ -73,6 +73,7 @@
</div>
<PassphraseInput
bind:value={passphrase}
bind:show={showPassphrase}
on:input={onInput}
placeholder="correct horse battery staple"
/>
@ -84,6 +85,7 @@
</div>
<PassphraseInput
bind:value={confirmPassphrase}
bind:show={showPassphrase}
on:input={onInput} on:change={onChange}
placeholder="correct horse battery staple"
/>