start work on invoking shortcuts from CLI

doc/todo.md

@@ -2,7 +2,7 @@
 
 * Switch to "process" provider for AWS credentials (much less hacky)
 * Session timeout (plain duration, or activity-based?)
-* Fix rehide behavior when new request comes in while old one is still being resolved
+* ~Fix rehide behavior when new request comes in while old one is still being resolved~
 * Additional hotkey configuration (approve/deny at the very least)
 * Logging
 * Icon
@@ -16,3 +16,4 @@
     * Generalize Request across both credentials and terminal launch?
 * Make hotkey configuration a little more tolerant of slight mistiming
 * Distinguish between request that was denied and request that was canceled (e.g. due to error)
+* Use atomic types for primitive state values instead of RwLock'd types

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "creddy",
-  "version": "0.2.2",
+  "version": "0.3.3",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "creddy",
-      "version": "0.2.2",
+      "version": "0.3.3",
       "dependencies": {
         "@tauri-apps/api": "^1.0.2",
         "daisyui": "^2.51.5"
@@ -78,9 +78,9 @@
       }
     },
     "node_modules/@jridgewell/resolve-uri": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
-      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz",
+      "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==",
       "engines": {
         "node": ">=6.0.0"
       }
@@ -99,19 +99,14 @@
       "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg=="
     },
     "node_modules/@jridgewell/trace-mapping": {
-      "version": "0.3.18",
-      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.18.tgz",
-      "integrity": "sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA==",
+      "version": "0.3.19",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz",
+      "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==",
       "dependencies": {
-        "@jridgewell/resolve-uri": "3.1.0",
-        "@jridgewell/sourcemap-codec": "1.4.14"
+        "@jridgewell/resolve-uri": "^3.1.0",
+        "@jridgewell/sourcemap-codec": "^1.4.14"
       }
     },
-    "node_modules/@jridgewell/trace-mapping/node_modules/@jridgewell/sourcemap-codec": {
-      "version": "1.4.14",
-      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
-      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
-    },
     "node_modules/@nodelib/fs.scandir": {
       "version": "2.1.5",
       "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -390,9 +385,9 @@
       "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg=="
     },
     "node_modules/autoprefixer": {
-      "version": "10.4.14",
-      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.14.tgz",
-      "integrity": "sha512-FQzyfOsTlwVzjHxKEqRIAdJx9niO6VCBCoEwax/VLSoQF29ggECcPuBqUMZ+u8jCZOPSy8b8/8KnuFbp0SaFZQ==",
+      "version": "10.4.15",
+      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.15.tgz",
+      "integrity": "sha512-KCuPB8ZCIqFdA4HwKXsvz7j6gvSDNhDP7WnUjBleRkKjPdvCmHFuQ77ocavI8FT6NdvlBnE2UFr2H4Mycn8Vew==",
       "funding": [
         {
           "type": "opencollective",
@@ -401,11 +396,15 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/autoprefixer"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ],
       "dependencies": {
-        "browserslist": "^4.21.5",
-        "caniuse-lite": "^1.0.30001464",
+        "browserslist": "^4.21.10",
+        "caniuse-lite": "^1.0.30001520",
         "fraction.js": "^4.2.0",
         "normalize-range": "^0.1.2",
         "picocolors": "^1.0.0",
@@ -455,9 +454,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.21.9",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.9.tgz",
-      "integrity": "sha512-M0MFoZzbUrRU4KNfCrDLnvyE7gub+peetoTid3TBIqtunaDJyXlwhakT+/VkvSXcfIzFfK/nkCs4nmyTmxdNSg==",
+      "version": "4.21.10",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.10.tgz",
+      "integrity": "sha512-bipEBdZfVH5/pwrvqc+Ub0kUPVfGUhlKxbvfD+z1BDnPEO/X98ruXGA1WP5ASpAFKan7Qr6j736IacbZQuAlKQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -473,9 +472,9 @@
         }
       ],
       "dependencies": {
-        "caniuse-lite": "^1.0.30001503",
-        "electron-to-chromium": "^1.4.431",
-        "node-releases": "^2.0.12",
+        "caniuse-lite": "^1.0.30001517",
+        "electron-to-chromium": "^1.4.477",
+        "node-releases": "^2.0.13",
         "update-browserslist-db": "^1.0.11"
       },
       "bin": {
@@ -494,9 +493,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001515",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001515.tgz",
-      "integrity": "sha512-eEFDwUOZbE24sb+Ecsx3+OvNETqjWIdabMy52oOkIgcUtAsQifjUG9q4U9dgTHJM2mfk4uEPxc0+xuFdJ629QA==",
+      "version": "1.0.30001534",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001534.tgz",
+      "integrity": "sha512-vlPVrhsCS7XaSh2VvWluIQEzVhefrUQcEsQWSS5A5V+dM07uv1qHeQzAOTGIMy9i3e9bH15+muvI/UHojVgS/Q==",
       "funding": [
         {
           "type": "opencollective",
@@ -675,9 +674,9 @@
       "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA=="
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.4.455",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.455.tgz",
-      "integrity": "sha512-8tgdX0Odl24LtmLwxotpJCVjIndN559AvaOtd67u+2mo+IDsgsTF580NB+uuDCqsHw8yFg53l5+imFV9Fw3cbA=="
+      "version": "1.4.520",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.520.tgz",
+      "integrity": "sha512-Frfus2VpYADsrh1lB3v/ft/WVFlVzOIm+Q0p7U7VqHI6qr7NWHYKe+Wif3W50n7JAFoBsWVsoU0+qDks6WQ60g=="
     },
     "node_modules/esbuild": {
       "version": "0.15.18",
@@ -1045,9 +1044,9 @@
       }
     },
     "node_modules/fast-glob": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.0.tgz",
-      "integrity": "sha512-ChDuvbOypPuNjO8yIDf36x7BlZX1smcUMTTcyoIjycexOxd6DFsKsg21qVBzEmr3G7fUKIRy2/psii+CIUt7FA==",
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.1.tgz",
+      "integrity": "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg==",
       "dependencies": {
         "@nodelib/fs.stat": "^2.0.2",
         "@nodelib/fs.walk": "^1.2.3",
@@ -1095,15 +1094,15 @@
       }
     },
     "node_modules/fraction.js": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.2.0.tgz",
-      "integrity": "sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA==",
+      "version": "4.3.6",
+      "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.6.tgz",
+      "integrity": "sha512-n2aZ9tNfYDwaHhvFTkhFErqOMIb8uyzSQ+vGJBjZyanAKZVbGUQ1sngfk9FdkBw7G26O7AgNjLcecLffD1c7eg==",
       "engines": {
         "node": "*"
       },
       "funding": {
         "type": "patreon",
-        "url": "https://www.patreon.com/infusion"
+        "url": "https://github.com/sponsors/rawify"
       }
     },
     "node_modules/fs.realpath": {
@@ -1112,9 +1111,9 @@
       "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
     },
     "node_modules/fsevents": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
-      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
       "hasInstallScript": true,
       "optional": true,
       "os": [
@@ -1201,9 +1200,9 @@
       }
     },
     "node_modules/is-core-module": {
-      "version": "2.12.1",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.12.1.tgz",
-      "integrity": "sha512-Q4ZuBAe2FUsKtyQJoQHlvP8OvBERxO3jEmy1I7hcRXcJBGGHFh/aJBswbXuS9sgrDH2QUO8ilkwNPHvHMd8clg==",
+      "version": "2.13.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.0.tgz",
+      "integrity": "sha512-Z7dk6Qo8pOCp3l4tsX2C5ZVas4V+UxwQodwZhLopL91TX8UyyHEXafPcyoeeWuLrwzHcr3igO78wNLwHJHsMCQ==",
       "dependencies": {
         "has": "^1.0.3"
       },
@@ -1239,9 +1238,9 @@
       }
     },
     "node_modules/jiti": {
-      "version": "1.19.1",
-      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.19.1.tgz",
-      "integrity": "sha512-oVhqoRDaBXf7sjkll95LHVS6Myyyb1zaunVwk4Z0+WPSW4gjS0pl01zYKHScTuyEhQsFxV5L4DR5r+YqSyqyyg==",
+      "version": "1.20.0",
+      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.20.0.tgz",
+      "integrity": "sha512-3TV69ZbrvV6U5DfQimop50jE9Dl6J8O1ja1dvBbMba/sZ3YBEQqJ2VZRoQPVnhlzjNtU1vaXRZVrVjU4qtm8yA==",
       "bin": {
         "jiti": "bin/jiti.js"
       }
@@ -1435,9 +1434,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.4.25",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.25.tgz",
-      "integrity": "sha512-7taJ/8t2av0Z+sQEvNzCkpDynl0tX3uJMCODi6nT3PfASC7dYCWV9aQ+uiCf+KBD4SEFcu+GvJdGdwzQ6OSjCw==",
+      "version": "8.4.29",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.29.tgz",
+      "integrity": "sha512-cbI+jaqIeu/VGqXEarWkRCCffhjgXc0qjBtXpqJhTBohMUjUQnbBr0xqX3vEKudc4iviTewcJo5ajcec5+wdJw==",
       "funding": [
         {
           "type": "opencollective",
@@ -1597,11 +1596,11 @@
       }
     },
     "node_modules/resolve": {
-      "version": "1.22.2",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.2.tgz",
-      "integrity": "sha512-Sb+mjNHOULsBv818T40qSPeRiuWLyaGMa5ewydRLFimneixmVy2zdivRl+AF6jaYPC8ERxGDmFSiqui6SfPd+g==",
+      "version": "1.22.4",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.4.tgz",
+      "integrity": "sha512-PXNdCiPqDqeUou+w1C2eTQbNfxKSuMxqTCuvlmmMsk1NWHL5fRrhY6Pl0qEYYc6+QqGClco1Qj8XnjPego4wfg==",
       "dependencies": {
-        "is-core-module": "^2.11.0",
+        "is-core-module": "^2.13.0",
         "path-parse": "^1.0.7",
         "supports-preserve-symlinks-flag": "^1.0.0"
       },
@@ -1682,9 +1681,9 @@
       "dev": true
     },
     "node_modules/sucrase": {
-      "version": "3.32.0",
-      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.32.0.tgz",
-      "integrity": "sha512-ydQOU34rpSyj2TGyz4D2p8rbktIOZ8QY9s+DGLvFU1i5pWJE8vkpruCjGCMHsdXwnD7JDcS+noSwM/a7zyNFDQ==",
+      "version": "3.34.0",
+      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.34.0.tgz",
+      "integrity": "sha512-70/LQEZ07TEcxiU2dz51FKaE6hCTWC6vr7FOk3Gr0U60C3shtAN+H+BFr9XlYe5xqf3RA8nrc+VIwzCfnxuXJw==",
       "dependencies": {
         "@jridgewell/gen-mapping": "^0.3.2",
         "commander": "^4.0.0",
@@ -1723,21 +1722,21 @@
       }
     },
     "node_modules/svelte-hmr": {
-      "version": "0.15.2",
-      "resolved": "https://registry.npmjs.org/svelte-hmr/-/svelte-hmr-0.15.2.tgz",
-      "integrity": "sha512-q/bAruCvFLwvNbeE1x3n37TYFb3mTBJ6TrCq6p2CoFbSTNhDE9oAtEfpy+wmc9So8AG0Tja+X0/mJzX9tSfvIg==",
+      "version": "0.15.3",
+      "resolved": "https://registry.npmjs.org/svelte-hmr/-/svelte-hmr-0.15.3.tgz",
+      "integrity": "sha512-41snaPswvSf8TJUhlkoJBekRrABDXDMdpNpT2tfHIv4JuhgvHqLMhEPGtaQn0BmbNSTkuz2Ed20DF2eHw0SmBQ==",
       "dev": true,
       "engines": {
         "node": "^12.20 || ^14.13.1 || >= 16"
       },
       "peerDependencies": {
-        "svelte": "^3.19.0 || ^4.0.0-next.0"
+        "svelte": "^3.19.0 || ^4.0.0"
       }
     },
     "node_modules/tailwindcss": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.2.tgz",
-      "integrity": "sha512-9jPkMiIBXvPc2KywkraqsUfbfj+dHDb+JPWtSJa9MLFdrPyazI7q6WX2sUrm7R9eVR7qqv3Pas7EvQFzxKnI6w==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.3.tgz",
+      "integrity": "sha512-A0KgSkef7eE4Mf+nKJ83i75TMyq8HqY3qmFIJSWy8bNt0v1lG7jUcpGpoTFxAwYcWOphcTBLPPJg+bDfhDf52w==",
       "dependencies": {
         "@alloc/quick-lru": "^5.2.0",
         "arg": "^5.0.2",
@@ -1759,7 +1758,6 @@
         "postcss-load-config": "^4.0.1",
         "postcss-nested": "^6.0.1",
         "postcss-selector-parser": "^6.0.11",
-        "postcss-value-parser": "^4.2.0",
         "resolve": "^1.22.2",
         "sucrase": "^3.32.0"
       },
@@ -1909,9 +1907,9 @@
       "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "node_modules/yaml": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
-      "integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.2.tgz",
+      "integrity": "sha512-N/lyzTPaJasoDmfV7YTrYCI0G/3ivm/9wdG0aHuheKowWQwGTsK0Eoiw6utmzAnI6pkJa0DUVygvp3spqqEKXg==",
       "engines": {
         "node": ">= 14"
       }
@@ -1948,9 +1946,9 @@
       }
     },
     "@jridgewell/resolve-uri": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
-      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w=="
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz",
+      "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA=="
     },
     "@jridgewell/set-array": {
       "version": "1.1.2",
@@ -1963,19 +1961,12 @@
       "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg=="
     },
     "@jridgewell/trace-mapping": {
-      "version": "0.3.18",
-      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.18.tgz",
-      "integrity": "sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA==",
+      "version": "0.3.19",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz",
+      "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==",
       "requires": {
-        "@jridgewell/resolve-uri": "3.1.0",
-        "@jridgewell/sourcemap-codec": "1.4.14"
-      },
-      "dependencies": {
-        "@jridgewell/sourcemap-codec": {
-          "version": "1.4.14",
-          "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
-          "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
-        }
+        "@jridgewell/resolve-uri": "^3.1.0",
+        "@jridgewell/sourcemap-codec": "^1.4.14"
       }
     },
     "@nodelib/fs.scandir": {
@@ -2128,12 +2119,12 @@
       "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg=="
     },
     "autoprefixer": {
-      "version": "10.4.14",
-      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.14.tgz",
-      "integrity": "sha512-FQzyfOsTlwVzjHxKEqRIAdJx9niO6VCBCoEwax/VLSoQF29ggECcPuBqUMZ+u8jCZOPSy8b8/8KnuFbp0SaFZQ==",
+      "version": "10.4.15",
+      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.15.tgz",
+      "integrity": "sha512-KCuPB8ZCIqFdA4HwKXsvz7j6gvSDNhDP7WnUjBleRkKjPdvCmHFuQ77ocavI8FT6NdvlBnE2UFr2H4Mycn8Vew==",
       "requires": {
-        "browserslist": "^4.21.5",
-        "caniuse-lite": "^1.0.30001464",
+        "browserslist": "^4.21.10",
+        "caniuse-lite": "^1.0.30001520",
         "fraction.js": "^4.2.0",
         "normalize-range": "^0.1.2",
         "picocolors": "^1.0.0",
@@ -2168,13 +2159,13 @@
       }
     },
     "browserslist": {
-      "version": "4.21.9",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.9.tgz",
-      "integrity": "sha512-M0MFoZzbUrRU4KNfCrDLnvyE7gub+peetoTid3TBIqtunaDJyXlwhakT+/VkvSXcfIzFfK/nkCs4nmyTmxdNSg==",
+      "version": "4.21.10",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.10.tgz",
+      "integrity": "sha512-bipEBdZfVH5/pwrvqc+Ub0kUPVfGUhlKxbvfD+z1BDnPEO/X98ruXGA1WP5ASpAFKan7Qr6j736IacbZQuAlKQ==",
       "requires": {
-        "caniuse-lite": "^1.0.30001503",
-        "electron-to-chromium": "^1.4.431",
-        "node-releases": "^2.0.12",
+        "caniuse-lite": "^1.0.30001517",
+        "electron-to-chromium": "^1.4.477",
+        "node-releases": "^2.0.13",
         "update-browserslist-db": "^1.0.11"
       }
     },
@@ -2184,9 +2175,9 @@
       "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA=="
     },
     "caniuse-lite": {
-      "version": "1.0.30001515",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001515.tgz",
-      "integrity": "sha512-eEFDwUOZbE24sb+Ecsx3+OvNETqjWIdabMy52oOkIgcUtAsQifjUG9q4U9dgTHJM2mfk4uEPxc0+xuFdJ629QA=="
+      "version": "1.0.30001534",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001534.tgz",
+      "integrity": "sha512-vlPVrhsCS7XaSh2VvWluIQEzVhefrUQcEsQWSS5A5V+dM07uv1qHeQzAOTGIMy9i3e9bH15+muvI/UHojVgS/Q=="
     },
     "chokidar": {
       "version": "3.5.3",
@@ -2305,9 +2296,9 @@
       "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA=="
     },
     "electron-to-chromium": {
-      "version": "1.4.455",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.455.tgz",
-      "integrity": "sha512-8tgdX0Odl24LtmLwxotpJCVjIndN559AvaOtd67u+2mo+IDsgsTF580NB+uuDCqsHw8yFg53l5+imFV9Fw3cbA=="
+      "version": "1.4.520",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.520.tgz",
+      "integrity": "sha512-Frfus2VpYADsrh1lB3v/ft/WVFlVzOIm+Q0p7U7VqHI6qr7NWHYKe+Wif3W50n7JAFoBsWVsoU0+qDks6WQ60g=="
     },
     "esbuild": {
       "version": "0.15.18",
@@ -2485,9 +2476,9 @@
       "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw=="
     },
     "fast-glob": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.0.tgz",
-      "integrity": "sha512-ChDuvbOypPuNjO8yIDf36x7BlZX1smcUMTTcyoIjycexOxd6DFsKsg21qVBzEmr3G7fUKIRy2/psii+CIUt7FA==",
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.1.tgz",
+      "integrity": "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg==",
       "requires": {
         "@nodelib/fs.stat": "^2.0.2",
         "@nodelib/fs.walk": "^1.2.3",
@@ -2528,9 +2519,9 @@
       }
     },
     "fraction.js": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.2.0.tgz",
-      "integrity": "sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA=="
+      "version": "4.3.6",
+      "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.6.tgz",
+      "integrity": "sha512-n2aZ9tNfYDwaHhvFTkhFErqOMIb8uyzSQ+vGJBjZyanAKZVbGUQ1sngfk9FdkBw7G26O7AgNjLcecLffD1c7eg=="
     },
     "fs.realpath": {
       "version": "1.0.0",
@@ -2538,9 +2529,9 @@
       "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
     },
     "fsevents": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
-      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
       "optional": true
     },
     "function-bind": {
@@ -2605,9 +2596,9 @@
       }
     },
     "is-core-module": {
-      "version": "2.12.1",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.12.1.tgz",
-      "integrity": "sha512-Q4ZuBAe2FUsKtyQJoQHlvP8OvBERxO3jEmy1I7hcRXcJBGGHFh/aJBswbXuS9sgrDH2QUO8ilkwNPHvHMd8clg==",
+      "version": "2.13.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.0.tgz",
+      "integrity": "sha512-Z7dk6Qo8pOCp3l4tsX2C5ZVas4V+UxwQodwZhLopL91TX8UyyHEXafPcyoeeWuLrwzHcr3igO78wNLwHJHsMCQ==",
       "requires": {
         "has": "^1.0.3"
       }
@@ -2631,9 +2622,9 @@
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="
     },
     "jiti": {
-      "version": "1.19.1",
-      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.19.1.tgz",
-      "integrity": "sha512-oVhqoRDaBXf7sjkll95LHVS6Myyyb1zaunVwk4Z0+WPSW4gjS0pl01zYKHScTuyEhQsFxV5L4DR5r+YqSyqyyg=="
+      "version": "1.20.0",
+      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.20.0.tgz",
+      "integrity": "sha512-3TV69ZbrvV6U5DfQimop50jE9Dl6J8O1ja1dvBbMba/sZ3YBEQqJ2VZRoQPVnhlzjNtU1vaXRZVrVjU4qtm8yA=="
     },
     "kleur": {
       "version": "4.1.5",
@@ -2767,9 +2758,9 @@
       "integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg=="
     },
     "postcss": {
-      "version": "8.4.25",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.25.tgz",
-      "integrity": "sha512-7taJ/8t2av0Z+sQEvNzCkpDynl0tX3uJMCODi6nT3PfASC7dYCWV9aQ+uiCf+KBD4SEFcu+GvJdGdwzQ6OSjCw==",
+      "version": "8.4.29",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.29.tgz",
+      "integrity": "sha512-cbI+jaqIeu/VGqXEarWkRCCffhjgXc0qjBtXpqJhTBohMUjUQnbBr0xqX3vEKudc4iviTewcJo5ajcec5+wdJw==",
       "requires": {
         "nanoid": "^3.3.6",
         "picocolors": "^1.0.0",
@@ -2847,11 +2838,11 @@
       }
     },
     "resolve": {
-      "version": "1.22.2",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.2.tgz",
-      "integrity": "sha512-Sb+mjNHOULsBv818T40qSPeRiuWLyaGMa5ewydRLFimneixmVy2zdivRl+AF6jaYPC8ERxGDmFSiqui6SfPd+g==",
+      "version": "1.22.4",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.4.tgz",
+      "integrity": "sha512-PXNdCiPqDqeUou+w1C2eTQbNfxKSuMxqTCuvlmmMsk1NWHL5fRrhY6Pl0qEYYc6+QqGClco1Qj8XnjPego4wfg==",
       "requires": {
-        "is-core-module": "^2.11.0",
+        "is-core-module": "^2.13.0",
         "path-parse": "^1.0.7",
         "supports-preserve-symlinks-flag": "^1.0.0"
       }
@@ -2898,9 +2889,9 @@
       "dev": true
     },
     "sucrase": {
-      "version": "3.32.0",
-      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.32.0.tgz",
-      "integrity": "sha512-ydQOU34rpSyj2TGyz4D2p8rbktIOZ8QY9s+DGLvFU1i5pWJE8vkpruCjGCMHsdXwnD7JDcS+noSwM/a7zyNFDQ==",
+      "version": "3.34.0",
+      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.34.0.tgz",
+      "integrity": "sha512-70/LQEZ07TEcxiU2dz51FKaE6hCTWC6vr7FOk3Gr0U60C3shtAN+H+BFr9XlYe5xqf3RA8nrc+VIwzCfnxuXJw==",
       "requires": {
         "@jridgewell/gen-mapping": "^0.3.2",
         "commander": "^4.0.0",
@@ -2923,16 +2914,16 @@
       "dev": true
     },
     "svelte-hmr": {
-      "version": "0.15.2",
-      "resolved": "https://registry.npmjs.org/svelte-hmr/-/svelte-hmr-0.15.2.tgz",
-      "integrity": "sha512-q/bAruCvFLwvNbeE1x3n37TYFb3mTBJ6TrCq6p2CoFbSTNhDE9oAtEfpy+wmc9So8AG0Tja+X0/mJzX9tSfvIg==",
+      "version": "0.15.3",
+      "resolved": "https://registry.npmjs.org/svelte-hmr/-/svelte-hmr-0.15.3.tgz",
+      "integrity": "sha512-41snaPswvSf8TJUhlkoJBekRrABDXDMdpNpT2tfHIv4JuhgvHqLMhEPGtaQn0BmbNSTkuz2Ed20DF2eHw0SmBQ==",
       "dev": true,
       "requires": {}
     },
     "tailwindcss": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.2.tgz",
-      "integrity": "sha512-9jPkMiIBXvPc2KywkraqsUfbfj+dHDb+JPWtSJa9MLFdrPyazI7q6WX2sUrm7R9eVR7qqv3Pas7EvQFzxKnI6w==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.3.tgz",
+      "integrity": "sha512-A0KgSkef7eE4Mf+nKJ83i75TMyq8HqY3qmFIJSWy8bNt0v1lG7jUcpGpoTFxAwYcWOphcTBLPPJg+bDfhDf52w==",
       "requires": {
         "@alloc/quick-lru": "^5.2.0",
         "arg": "^5.0.2",
@@ -2954,7 +2945,6 @@
         "postcss-load-config": "^4.0.1",
         "postcss-nested": "^6.0.1",
         "postcss-selector-parser": "^6.0.11",
-        "postcss-value-parser": "^4.2.0",
         "resolve": "^1.22.2",
         "sucrase": "^3.32.0"
       }
@@ -3028,9 +3018,9 @@
       "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "yaml": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
-      "integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ=="
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.2.tgz",
+      "integrity": "sha512-N/lyzTPaJasoDmfV7YTrYCI0G/3ivm/9wdG0aHuheKowWQwGTsK0Eoiw6utmzAnI6pkJa0DUVygvp3spqqEKXg=="
     }
   }
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "creddy",
-  "version": "0.3.1",
+  "version": "0.3.3",
   "scripts": {
     "dev": "vite",
     "build": "vite build",

src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "creddy"
-version = "0.3.1"
+version = "0.3.3"
 description = "A friendly AWS credentials manager"
 authors = ["Joseph Montanaro"]
 license = ""
@@ -30,7 +30,6 @@ tauri-plugin-single-instance = { git = "https://github.com/tauri-apps/plugins-wo
 sodiumoxide = "0.2.7"
 tokio = { version = ">=1.19", features = ["full"] }
 sqlx = { version = "0.6.2", features = ["sqlite", "runtime-tokio-rustls"] }
-netstat2 = "0.9.1"
 sysinfo = "0.26.8"
 aws-types = "0.52.0"
 aws-sdk-sts = "0.22.0"
@@ -47,6 +46,7 @@ is-terminal = "0.4.7"
 argon2 = { version = "0.5.0", features = ["std"] }
 chacha20poly1305 = { version = "0.10.1", features = ["std"] }
 which = "4.4.0"
+windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pipes"] }
 
 [features]
 # by default Tauri runs in production mode

src-tauri/src/app.rs

@@ -43,6 +43,7 @@ pub fn run() -> tauri::Result<()> {
             ipc::get_config,
             ipc::save_config,
             ipc::launch_terminal,
+            ipc::get_setup_errors,
         ])
         .setup(|app| rt::block_on(setup(app)))
         .build(tauri::generate_context!())?
@@ -75,15 +76,33 @@ pub async fn connect_db() -> Result<SqlitePool, SetupError> {
 async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
     APP.set(app.handle()).unwrap();
 
-    let is_first_launch = config::get_or_create_db_path()?.exists();
-
+    // get_or_create_db_path doesn't create the actual db file, just the directory
+    let is_first_launch = !config::get_or_create_db_path()?.exists();
     let pool = connect_db().await?;
-    let conf = AppConfig::load(&pool).await?;
+    let mut setup_errors: Vec<String> = vec![];
+
+    let conf = match AppConfig::load(&pool).await {
+        Ok(c) => c,
+        Err(SetupError::ConfigParseError(_)) => {
+            setup_errors.push(
+                "Could not load configuration from database. Reverting to defaults.".into()
+            );
+            AppConfig::default()
+        },
+        err => err?,
+    };
+
     let session = Session::load(&pool).await?;
-    let srv = Server::new(conf.listen_addr, conf.listen_port, app.handle()).await?;
+    Server::start(app.handle())?;
 
     config::set_auto_launch(conf.start_on_login)?;
-    config::register_hotkeys(&conf.hotkeys)?;
+    if let Err(_e) = config::set_auto_launch(conf.start_on_login) {
+        setup_errors.push("Error: Failed to manage autolaunch.".into());
+    }
+    if let Err(e) = config::register_hotkeys(&conf.hotkeys) {
+        setup_errors.push(format!("{e}"));
+    }
+
     // if session is empty, this is probably the first launch, so don't autohide
     if !conf.start_minimized || is_first_launch {
         app.get_window("main")
@@ -91,7 +110,7 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
             .show()?;
     }
 
-    let state = AppState::new(conf, session, srv, pool);
+    let state = AppState::new(conf, session, pool, setup_errors);
     app.manage(state);
     Ok(())
 }

src-tauri/src/bin/creddy_cli.rs

@@ -19,13 +19,14 @@ fn main() {
 
     let res = match args.subcommand() {
         None | Some(("run", _)) => launch_gui(),
-        Some(("show", m)) => cli::show(m),
+        Some(("get", m)) => cli::get(m),
         Some(("exec", m)) => cli::exec(m),
         _ => unreachable!(),
     };
 
     if let Err(e) = res {
         eprintln!("Error: {e}");
+        process::exit(1);
     }
 }
 

src-tauri/src/cli.rs

@@ -1,7 +1,6 @@
 use std::ffi::OsString;
 use std::process::Command as ChildCommand;
-#[cfg(unix)]
-use std::os::unix::process::CommandExt;
+use std::time::Duration;
 
 use clap::{
     Command,
@@ -9,28 +8,37 @@ use clap::{
      ArgMatches,
      ArgAction
  };
-use tokio::{
-    net::TcpStream,
-    io::{AsyncReadExt, AsyncWriteExt},
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+
+use crate::credentials::Credentials;
+use crate::errors::*;
+use crate::server::{Request, Response};
+
+#[cfg(unix)]
+use {
+    std::os::unix::process::CommandExt,
+    std::path::Path,
+    tokio::net::UnixStream,
 };
 
-
-use crate::app;
-use crate::config::AppConfig;
-use crate::credentials::{BaseCredentials, SessionCredentials};
-use crate::errors::*;
+#[cfg(windows)]
+use {
+    tokio::net::windows::named_pipe::{NamedPipeClient, ClientOptions},
+    windows::Win32::Foundation::ERROR_PIPE_BUSY,
+};
 
 
 pub fn parser() -> Command<'static> {
     Command::new("creddy")
+        .version(env!("CARGO_PKG_VERSION"))
         .about("A friendly AWS credentials manager")
         .subcommand(
             Command::new("run")
                 .about("Launch Creddy")
         )
         .subcommand(
-            Command::new("show")
-                .about("Fetch and display AWS credentials")
+            Command::new("get")
+                .about("Request AWS credentials from Creddy and output to stdout")
                 .arg(
                     Arg::new("base")
                         .short('b')
@@ -58,10 +66,13 @@ pub fn parser() -> Command<'static> {
 }
 
 
-pub fn show(args: &ArgMatches) -> Result<(), CliError> {
+pub fn get(args: &ArgMatches) -> Result<(), CliError> {
     let base = args.get_one("base").unwrap_or(&false);
-    let creds = get_credentials(*base)?;
-    println!("{creds}");
+    let output = match get_credentials(*base)? {
+        Credentials::Base(creds) => serde_json::to_string(&creds).unwrap(),
+        Credentials::Session(creds) => serde_json::to_string(&creds).unwrap(),
+    };
+    println!("{output}");
     Ok(())
 }
 
@@ -75,18 +86,16 @@ pub fn exec(args: &ArgMatches) -> Result<(), CliError> {
     let mut cmd = ChildCommand::new(cmd_name);
     cmd.args(cmd_line);
     
-    if base {
-        let creds: BaseCredentials = serde_json::from_str(&get_credentials(base)?)
-            .map_err(|_| RequestError::InvalidJson)?;
-        cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
-        cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
-    }
-    else {
-        let creds: SessionCredentials = serde_json::from_str(&get_credentials(base)?)
-            .map_err(|_| RequestError::InvalidJson)?;
-        cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
-        cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
-        cmd.env("AWS_SESSION_TOKEN", creds.token);
+    match get_credentials(base)? {
+        Credentials::Base(creds) => {
+            cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
+            cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
+        },
+        Credentials::Session(creds) => {
+            cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
+            cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
+            cmd.env("AWS_SESSION_TOKEN", creds.session_token);
+        }
     }
 
     #[cfg(unix)]
@@ -121,40 +130,44 @@ pub fn exec(args: &ArgMatches) -> Result<(), CliError> {
 
 
 #[tokio::main]
-async fn get_credentials(base: bool) -> Result<String, RequestError> {
-    let pool = app::connect_db().await?;
-    let config = AppConfig::load(&pool).await?;
-    let path = if base {"/creddy/base-credentials"} else {"/"};
+async fn get_credentials(base: bool) -> Result<Credentials, RequestError> {
+    let req = Request::GetAwsCredentials { base };
+    let mut data = serde_json::to_string(&req).unwrap();
+    // server expects newline marking end of request
+    data.push('\n');
 
-    let mut stream = TcpStream::connect((config.listen_addr, config.listen_port)).await?;
-    let req = format!("GET {path} HTTP/1.0\r\n\r\n");
-    stream.write_all(req.as_bytes()).await?;
+    let mut stream = connect().await?;
+    stream.write_all(&data.as_bytes()).await?;
 
-    // some day we'll have a proper HTTP parser
-    let mut buf = vec![0; 8192];
+    let mut buf = Vec::with_capacity(1024);
     stream.read_to_end(&mut buf).await?;
-
-    let status = buf.split(|&c| &[c] == b" ")
-        .skip(1)
-        .next()
-        .ok_or(RequestError::MalformedHttpResponse)?;
-
-    if status != b"200" {
-        let s = String::from_utf8_lossy(status).to_string();
-        return Err(RequestError::Failed(s));
+    let res: Result<Response, ServerError> = serde_json::from_slice(&buf)?;
+    match res {
+        Ok(Response::Aws(creds)) => Ok(creds),
+        // Eventually we will want this
+        // Ok(r) => Err(RequestError::Unexpected(r)),
+        Err(e) => Err(RequestError::Server(e)),
     }
-
-    let break_idx = buf.windows(4)
-        .position(|w| w == b"\r\n\r\n")
-        .ok_or(RequestError::MalformedHttpResponse)?;
-    let body = &buf[(break_idx + 4)..];
-
-    let creds_str = std::str::from_utf8(body)
-        .map_err(|_| RequestError::MalformedHttpResponse)?
-        .to_string();
-
-    if creds_str == "Denied!" {
-        return Err(RequestError::Rejected);
-    }
-    Ok(creds_str)
+}
+
+
+#[cfg(windows)]
+async fn connect() -> Result<NamedPipeClient, std::io::Error> {
+    // apparently attempting to connect can fail if there's already a client connected
+    loop {
+        match ClientOptions::new().open(r"\\.\pipe\creddy-requests") {
+            Ok(stream) => return Ok(stream),
+            Err(e) if e.raw_os_error() == Some(ERROR_PIPE_BUSY.0 as i32) => (),
+            Err(e) => return Err(e),
+        }
+        tokio::time::sleep(Duration::from_millis(10)).await;
+    }
+}
+
+
+#[cfg(unix)]
+async fn connect() -> Result<UnixStream, std::io::Error> {
+    let path = Path::from("/tmp/creddy-requests");
+    std::fs::remove_file(path)?;
+    UnixStream::connect(path)
 }

src-tauri/src/clientinfo.rs

@@ -1,76 +1,122 @@
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
-use netstat2::{AddressFamilyFlags, ProtocolFlags, ProtocolSocketInfo};
-use tauri::Manager;
 use sysinfo::{System, SystemExt, Pid, PidExt, ProcessExt};
 use serde::{Serialize, Deserialize};
+use std::os::windows::io::AsRawHandle;
 
-use crate::{
-    app::APP,
-    errors::*,
-    config::AppConfig,
-    state::AppState,
+#[cfg(windows)]
+use {
+    tokio::net::windows::named_pipe::NamedPipeServer,
+    windows::Win32::{
+        Foundation::HANDLE,
+        System::Pipes::GetNamedPipeClientProcessId,
+    },
 };
 
+#[cfg(unix)]
+use tokio::net::UnixStream;
+
+use crate::errors::*;
+
 
 #[derive(Clone, Debug, Serialize, Deserialize, Eq, PartialEq, Hash)]
 pub struct Client {
     pub pid: u32,
-    pub exe: PathBuf,
+    pub exe: Option<PathBuf>,
 }
 
 
-async fn get_associated_pids(local_port: u16) -> Result<Vec<u32>, netstat2::error::Error> {
-    let state = APP.get().unwrap().state::<AppState>();
-    let AppConfig {
-        listen_addr: app_listen_addr,
-        listen_port: app_listen_port,
-        ..
-    } = *state.config.read().await;
-
-    let sockets_iter = netstat2::iterate_sockets_info(
-        AddressFamilyFlags::IPV4,
-        ProtocolFlags::TCP
-    )?;
-    for item in sockets_iter {
-        let sock_info = item?;
-        let proto_info = match sock_info.protocol_socket_info {
-            ProtocolSocketInfo::Tcp(tcp_info) => tcp_info,
-            ProtocolSocketInfo::Udp(_) => {continue;}
-        };
-
-        if proto_info.local_port == local_port
-            && proto_info.remote_port == app_listen_port
-            && proto_info.local_addr == app_listen_addr
-            && proto_info.remote_addr == app_listen_addr
-        {
-            return Ok(sock_info.associated_pids)
-        }
-    }
-    Ok(vec![])
+#[cfg(unix)]
+pub fn get_client_parent(stream: &UnixStream) -> Result<Client, ClientInfoError> {
+    let pid = stream.peer_cred()?;
+    get_process_parent_info(pid)?
 }
 
 
+#[cfg(windows)]
+pub fn get_client_parent(stream: &NamedPipeServer) -> Result<Client, ClientInfoError> {
+    let raw_handle = stream.as_raw_handle();
+    let mut pid = 0u32;
+    let handle = HANDLE(raw_handle as _);
+    unsafe { GetNamedPipeClientProcessId(handle, &mut pid as *mut u32)? };
+
+    get_process_parent_info(pid)
+}
+
+
+fn get_process_parent_info(pid: u32) -> Result<Client, ClientInfoError> {
+    let sys_pid = Pid::from_u32(pid);
+    let mut sys = System::new();   
+    sys.refresh_process(sys_pid);
+    let proc = sys.process(sys_pid)
+        .ok_or(ClientInfoError::ProcessNotFound)?;
+
+    let parent_pid_sys = proc.parent()
+        .ok_or(ClientInfoError::ParentPidNotFound)?;
+    sys.refresh_process(parent_pid_sys);
+    let parent = sys.process(parent_pid_sys)
+        .ok_or(ClientInfoError::ParentProcessNotFound)?;
+
+    let exe = match parent.exe() {
+        p if p == Path::new("") => None,
+        p => Some(PathBuf::from(p)),
+    };
+
+    Ok(Client { pid: parent_pid_sys.as_u32(), exe })
+}
+
+
+// async fn get_associated_pids(local_port: u16) -> Result<Vec<u32>, netstat2::error::Error> {
+//     let state = APP.get().unwrap().state::<AppState>();
+//     let AppConfig {
+//         listen_addr: app_listen_addr,
+//         listen_port: app_listen_port,
+//         ..
+//     } = *state.config.read().await;
+
+//     let sockets_iter = netstat2::iterate_sockets_info(
+//         AddressFamilyFlags::IPV4,
+//         ProtocolFlags::TCP
+//     )?;
+//     for item in sockets_iter {
+//         let sock_info = item?;
+//         let proto_info = match sock_info.protocol_socket_info {
+//             ProtocolSocketInfo::Tcp(tcp_info) => tcp_info,
+//             ProtocolSocketInfo::Udp(_) => {continue;}
+//         };
+
+//         if proto_info.local_port == local_port
+//             && proto_info.remote_port == app_listen_port
+//             && proto_info.local_addr == app_listen_addr
+//             && proto_info.remote_addr == app_listen_addr
+//         {
+//             return Ok(sock_info.associated_pids)
+//         }
+//     }
+//     Ok(vec![])
+// }
+
+
 // Theoretically, on some systems, multiple processes can share a socket
-pub async fn get_clients(local_port: u16) -> Result<Vec<Option<Client>>, ClientInfoError> {
-    let mut clients = Vec::new();    
-    let mut sys = System::new();
-    for p in get_associated_pids(local_port).await? {
-        let pid = Pid::from_u32(p);
-        sys.refresh_process(pid);
-        let proc = sys.process(pid)
-            .ok_or(ClientInfoError::ProcessNotFound)?;
+// pub async fn get_clients(local_port: u16) -> Result<Vec<Option<Client>>, ClientInfoError> {
+//     let mut clients = Vec::new();    
+//     let mut sys = System::new();
+//     for p in get_associated_pids(local_port).await? {
+//         let pid = Pid::from_u32(p);
+//         sys.refresh_process(pid);
+//         let proc = sys.process(pid)
+//             .ok_or(ClientInfoError::ProcessNotFound)?;
 
-        let client = Client {
-            pid: p,
-            exe: proc.exe().to_path_buf(),
-        };
-        clients.push(Some(client));
-    }
+//         let client = Client {
+//             pid: p,
+//             exe: proc.exe().to_path_buf(),
+//         };
+//         clients.push(Some(client));
+//     }
 
-    if clients.is_empty() {
-        clients.push(None); 
-    }
+//     if clients.is_empty() {
+//         clients.push(None); 
+//     }
 
-    Ok(clients)
-}
+//     Ok(clients)
+// }

src-tauri/src/config.rs

@@ -1,4 +1,3 @@
-use std::net::Ipv4Addr;
 use std::path::PathBuf;
 
 use auto_launch::AutoLaunchBuilder;
@@ -42,10 +41,6 @@ pub struct HotkeysConfig {
 
 #[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct AppConfig {
-    #[serde(default = "default_listen_addr")]
-    pub listen_addr: Ipv4Addr,
-    #[serde(default = "default_listen_port")]
-    pub listen_port: u16,
     #[serde(default = "default_rehide_ms")]
     pub rehide_ms: u64,
     #[serde(default = "default_start_minimized")]
@@ -62,8 +57,6 @@ pub struct AppConfig {
 impl Default for AppConfig {
     fn default() -> Self {
         AppConfig {
-            listen_addr: default_listen_addr(),
-            listen_port: default_listen_port(),
             rehide_ms: default_rehide_ms(),
             start_minimized: default_start_minimized(),
             start_on_login: default_start_on_login(),
@@ -144,16 +137,6 @@ pub fn get_or_create_db_path() -> Result<PathBuf, DataDirError> {
 }
 
 
-fn default_listen_port() -> u16 {
-    if cfg!(debug_assertions) {
-        12_345
-    }
-    else {
-        19_923
-    }
-}
-
-
 fn default_term_config() -> TermConfig {
     #[cfg(windows)]
     {
@@ -238,7 +221,6 @@ pub fn register_hotkeys(hotkeys: &HotkeysConfig) -> tauri::Result<()> {
 }
 
 
-fn default_listen_addr() -> Ipv4Addr { Ipv4Addr::LOCALHOST }
 fn default_rehide_ms() -> u64 { 1000 }
 // start minimized and on login only in production mode
 fn default_start_minimized() -> bool { !cfg!(debug_assertions) }

src-tauri/src/credentials.rs

@@ -162,9 +162,10 @@ impl BaseCredentials {
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(rename_all = "PascalCase")]
 pub struct SessionCredentials {
+    pub version: usize,
     pub access_key_id: String,
     pub secret_access_key: String,
-    pub token: String,
+    pub session_token: String,
     #[serde(serialize_with = "serialize_expiration")]
     #[serde(deserialize_with = "deserialize_expiration")]
     pub expiration: DateTime,
@@ -198,7 +199,7 @@ impl SessionCredentials {
         let secret_access_key = aws_session.secret_access_key()
             .ok_or(GetSessionError::EmptyResponse)?
             .to_string();
-        let token = aws_session.session_token()
+        let session_token = aws_session.session_token()
             .ok_or(GetSessionError::EmptyResponse)?
             .to_string();
         let expiration = aws_session.expiration()
@@ -206,9 +207,10 @@ impl SessionCredentials {
             .clone();
 
         let session_creds = SessionCredentials {
+            version: 1,
             access_key_id,
             secret_access_key,
-            token,
+            session_token,
             expiration,
         };
 
@@ -230,6 +232,14 @@ impl SessionCredentials {
     }
 }
 
+
+#[derive(Debug, Serialize, Deserialize)]
+pub enum Credentials {
+    Base(BaseCredentials),
+    Session(SessionCredentials),
+}
+
+
 fn serialize_expiration<S>(exp: &DateTime, serializer: S) -> Result<S::Ok, S::Error>
 where S: Serializer
 {

src-tauri/src/errors.rs

@@ -2,6 +2,7 @@ use std::error::Error;
 use std::convert::AsRef;
 use std::ffi::OsString;
 use std::sync::mpsc;
+use std::string::FromUtf8Error;
 use strum_macros::AsRefStr;
 
 use thiserror::Error as ThisError;
@@ -17,14 +18,20 @@ use tauri::api::dialog::{
     MessageDialogBuilder, 
     MessageDialogKind,
 };
-use serde::{Serialize, Serializer, ser::SerializeMap};
+use serde::{
+    Serialize,
+    Serializer,
+    ser::SerializeMap,
+    Deserialize,
+};
 
 
 pub trait ErrorPopup {
     fn error_popup(self, title: &str);
+    fn error_popup_nowait(self, title: &str);
 }
 
-impl<E: Error> ErrorPopup for Result<(), E> {
+impl<E: std::fmt::Display> ErrorPopup for Result<(), E> {
     fn error_popup(self, title: &str) {
         if let Err(e) = self {
             let (tx, rx) = mpsc::channel();
@@ -35,6 +42,14 @@ impl<E: Error> ErrorPopup for Result<(), E> {
             rx.recv().unwrap();
         }
     }
+
+    fn error_popup_nowait(self, title: &str) {
+        if let Err(e) = self {
+            MessageDialogBuilder::new(title, format!("{e}"))
+                .kind(MessageDialogKind::Error)
+                .show(|_| {})
+        }
+    }
 }
 
 
@@ -128,12 +143,14 @@ pub enum SendResponseError {
 pub enum HandlerError {
     #[error("Error writing to stream: {0}")]
     StreamIOError(#[from] std::io::Error),
-    // #[error("Received invalid UTF-8 in request")]
-    // InvalidUtf8,
+    #[error("Received invalid UTF-8 in request")]
+    InvalidUtf8(#[from] FromUtf8Error),
     #[error("HTTP request malformed")]
-    BadRequest(Vec<u8>),
+    BadRequest(#[from] serde_json::Error),
     #[error("HTTP request too large")]
     RequestTooLarge,
+    #[error("Internal server error")]
+    Internal,
     #[error("Error accessing credentials: {0}")]
     NoCredentials(#[from] GetCredentialsError),
     #[error("Error getting client details: {0}")]
@@ -142,6 +159,8 @@ pub enum HandlerError {
     Tauri(#[from] tauri::Error),
     #[error("No main application window found")]
     NoMainWindow,
+    #[error("Request was denied")]
+    Denied,
 }
 
 
@@ -198,26 +217,49 @@ pub enum CryptoError {
 pub enum ClientInfoError {
     #[error("Found PID for client socket, but no corresponding process")]
     ProcessNotFound,
-    #[error("Couldn't get client socket details: {0}")]
-    NetstatError(#[from] netstat2::error::Error),
+    #[error("Could not determine parent PID of connected client")]
+    ParentPidNotFound,
+    #[error("Found PID for parent process of client, but no corresponding process")]
+    ParentProcessNotFound,
+    #[error("Could not determine PID of connected client")]
+    WindowsError(#[from] windows::core::Error),
+    #[error(transparent)]
+    Io(#[from] std::io::Error),
+}
+
+
+// Technically also an error, but formatted as a struct for easy deserialization
+#[derive(Debug, Serialize, Deserialize)]
+pub struct ServerError {
+    code: String,
+    msg: String,
+}
+
+impl std::fmt::Display for ServerError {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
+        write!(f, "{} ({})", self.msg, self.code)?;
+        Ok(())
+    }
 }
 
 
 // Errors encountered while requesting credentials via CLI (creddy show, creddy exec)
 #[derive(Debug, ThisError, AsRefStr)]
 pub enum RequestError {
-    #[error("Credentials request failed: HTTP {0}")]
-    Failed(String),
-    #[error("Credentials request was rejected")]
-    Rejected,
-    #[error("Couldn't interpret the server's response")]
-    MalformedHttpResponse,
+    #[error("Error response from server: {0}")]
+    Server(ServerError),
+    #[error("Unexpected response from server")]
+    Unexpected(crate::server::Response),
     #[error("The server did not respond with valid JSON")]
-    InvalidJson,
+    InvalidJson(#[from] serde_json::Error),
     #[error("Error reading/writing stream: {0}")]
     StreamIOError(#[from] std::io::Error),
-    #[error("Error loading configuration data: {0}")]
-    Setup(#[from] SetupError),
+}
+
+impl From<ServerError> for RequestError {
+    fn from(s: ServerError) -> Self {
+        Self::Server(s)
+    }
 }
 
 
@@ -289,13 +331,6 @@ impl Serialize for HandlerError {
         let mut map = serializer.serialize_map(None)?;
         map.serialize_entry("code", self.as_ref())?;
         map.serialize_entry("msg", &format!("{self}"))?;
-
-        match self {
-            HandlerError::NoCredentials(src) => map.serialize_entry("source", &src)?,
-            HandlerError::ClientInfo(src) => map.serialize_entry("source", &src)?,
-            _ => serialize_upstream_err(self, &mut map)?,
-        }
-
         map.end()
     }
 }
@@ -344,6 +379,8 @@ impl Serialize for UnlockError {
 
         match self {
             UnlockError::GetSession(src) => map.serialize_entry("source", &src)?,
+            // The string representation of the AEAD error is not very helpful, so skip it
+            UnlockError::Crypto(_src) => map.serialize_entry("source", &None::<&str>)?,
             _ => serialize_upstream_err(self, &mut map)?,
         }
         map.end()

src-tauri/src/ipc.rs

@@ -10,9 +10,9 @@ use crate::terminal;
 
 
 #[derive(Clone, Debug, Serialize, Deserialize)]
-pub struct Request {
+pub struct AwsRequestNotification {
     pub id: u64,
-    pub clients: Vec<Option<Client>>,
+    pub client: Client,
     pub base: bool,
 }
 
@@ -85,3 +85,9 @@ pub async fn save_config(config: AppConfig, app_state: State<'_, AppState>) -> R
 pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> {
     terminal::launch(base).await
 }
+
+
+#[tauri::command]
+pub async fn get_setup_errors(app_state: State<'_, AppState>) -> Result<Vec<String>, ()> {
+    Ok(app_state.setup_errors.clone())
+}

src-tauri/src/main.rs

@@ -16,12 +16,13 @@ fn main() {
             app::run().error_popup("Creddy failed to start");
             Ok(())
         },
-        Some(("show", m)) => cli::show(m),
+        Some(("get", m)) => cli::get(m),
         Some(("exec", m)) => cli::exec(m),
         _ => unreachable!(),
     };
 
     if let Err(e) = res {
         eprintln!("Error: {e}");
+        std::process::exit(1);
     }
 }

src-tauri/src/server.rs

@@ -1,275 +1,184 @@
-use core::time::Duration;
-use std::io;
-use std::net::{
-    Ipv4Addr,
-    SocketAddr,
-    SocketAddrV4,
-};
-use tokio::net::{
-    TcpListener, 
-    TcpStream,
+use std::time::Duration;
+
+#[cfg(windows)]
+use tokio::net::windows::named_pipe::{
+    NamedPipeServer,
+    ServerOptions,
 };
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
-use tokio::sync::oneshot::{self, Sender, Receiver};
-use tokio::time::sleep;
+use tokio::sync::oneshot;
 
-use tauri::{AppHandle, Manager};
-use tauri::async_runtime as rt;
-use tauri::async_runtime::JoinHandle;
+use serde::{Serialize, Deserialize};
+
+use tauri::{
+    AppHandle,
+    Manager,
+    async_runtime as rt,
+};
 
-use crate::{clientinfo, clientinfo::Client};
 use crate::errors::*;
-use crate::ipc::{Request, Approval};
+use crate::clientinfo::{self, Client};
+use crate::credentials::Credentials;
+use crate::ipc::{Approval, AwsRequestNotification};
 use crate::state::AppState;
 
 
-#[derive(Debug)]
-pub struct RequestWaiter {
-    pub rehide_after: bool,
-    pub sender: Option<Sender<Approval>>,
-}
-
-impl RequestWaiter {
-    pub fn notify(&mut self, approval: Approval) -> Result<(), SendResponseError> {
-        let chan = self.sender
-            .take()
-            .ok_or(SendResponseError::Fulfilled)?;
-        
-        chan.send(approval)
-            .map_err(|_| SendResponseError::Abandoned)
-    }
+#[derive(Serialize, Deserialize)]
+pub enum Request {
+    GetAwsCredentials{ 
+        base: bool,
+    },
 }
 
 
-struct Handler {
-    request_id: u64,
-    stream: TcpStream,
-    rehide_after: bool,
-    receiver: Option<Receiver<Approval>>,
-    app: AppHandle,
-}
-
-impl Handler {
-    async fn new(stream: TcpStream, app: AppHandle) -> Result<Self, HandlerError> {
-        let state = app.state::<AppState>();
-
-        // determine whether we should re-hide the window after handling this request
-        let is_currently_visible = app.get_window("main")
-            .ok_or(HandlerError::NoMainWindow)?
-            .is_visible()?;
-        let rehide_after = state.current_rehide_status()
-            .await
-            .unwrap_or(!is_currently_visible);
-
-        let (chan_send, chan_recv) = oneshot::channel();
-        let waiter = RequestWaiter {rehide_after, sender: Some(chan_send)};
-        let request_id = state.register_request(waiter).await;
-        let  handler = Handler { 
-            request_id,
-            stream,
-            rehide_after,
-            receiver: Some(chan_recv),
-            app
-        };
-        Ok(handler)
-    }
-
-    async fn handle(mut self) {
-        if let Err(e) = self.try_handle().await {
-            eprintln!("{e}");
-        }
-        let state = self.app.state::<AppState>();
-        state.unregister_request(self.request_id).await;
-    }
-
-    async fn try_handle(&mut self) -> Result<(), HandlerError> {
-        let req_path = self.recv_request().await?;
-        let clients = self.get_clients().await?;
-        if self.includes_banned(&clients).await {
-            self.stream.write(b"HTTP/1.0 403 Access Denied\r\n\r\n").await?;
-            return Ok(())
-        }
-        let base = req_path == b"/creddy/base-credentials";
-        
-        let req = Request {id: self.request_id, clients, base};
-        self.app.emit_all("credentials-request", &req)?;
-        self.show_window()?;
-
-        match self.wait_for_response().await? {
-            Approval::Approved => {
-                let state = self.app.state::<AppState>();
-                let creds = if base {
-                    state.serialize_base_creds().await?
-                }
-                else {
-                    state.serialize_session_creds().await?
-                };
-                self.send_body(creds.as_bytes()).await?;
-            },
-            Approval::Denied => {
-                let state = self.app.state::<AppState>();
-                for client in req.clients {
-                    state.add_ban(client).await;
-                }
-                self.send_body(b"Denied!").await?;
-                self.stream.shutdown().await?;
-            }
-        }
-
-        // only hide the window if a) it was hidden to start with
-        // and b) there are no other pending requests
-        let state = self.app.state::<AppState>();
-        let delay = {
-            let config = state.config.read().await;
-            Duration::from_millis(config.rehide_ms)
-        };
-        sleep(delay).await;
-
-        if self.rehide_after && state.req_count().await == 1 {
-            self.app
-                .get_window("main")
-                .ok_or(HandlerError::NoMainWindow)?
-                .hide()?;
-        }
-
-        Ok(())
-    }
-
-    async fn recv_request(&mut self) -> Result<Vec<u8>, HandlerError> {
-        let mut buf = vec![0; 8192]; // it's what tokio's BufReader uses
-        let mut n = 0;
-        loop {
-            n += self.stream.read(&mut buf[n..]).await?;
-            if n >= 4 && &buf[(n - 4)..n] == b"\r\n\r\n" {break;}
-            if n == buf.len() {return Err(HandlerError::RequestTooLarge);}
-        }
-
-        let path = buf.split(|&c| &[c] == b" ")
-            .skip(1)
-            .next()
-            .ok_or(HandlerError::BadRequest(buf.clone()))?;
-
-        #[cfg(debug_assertions)] {
-            println!("Path: {}", std::str::from_utf8(&path).unwrap());
-            println!("{}", std::str::from_utf8(&buf).unwrap());
-        }
-
-        Ok(path.into())
-    }
-
-    async fn get_clients(&self) -> Result<Vec<Option<Client>>, HandlerError> {
-        let peer_addr = match self.stream.peer_addr()? {
-            SocketAddr::V4(addr) => addr,
-            _ => unreachable!(), // we only listen on IPv4
-        };
-        let clients = clientinfo::get_clients(peer_addr.port()).await?;
-        Ok(clients)
-    }
-
-    async fn includes_banned(&self, clients: &Vec<Option<Client>>) -> bool {
-        let state = self.app.state::<AppState>();
-        for client in clients {
-            if state.is_banned(client).await {
-                return true;
-            }
-        }
-        false
-    }
-
-    fn show_window(&self) -> Result<(), HandlerError> {
-        let window = self.app.get_window("main").ok_or(HandlerError::NoMainWindow)?;
-        if !window.is_visible()? {
-            window.unminimize()?;
-            window.show()?;
-        }
-        window.set_focus()?;
-        Ok(())
-    }
-
-    async fn wait_for_response(&mut self) -> Result<Approval, HandlerError> {
-        self.stream.write(b"HTTP/1.0 200 OK\r\n").await?;
-        self.stream.write(b"Content-Type: application/json\r\n").await?;
-        self.stream.write(b"X-Creddy-delaying-tactic: ").await?;
-
-        #[allow(unreachable_code)] // seems necessary for type inference
-        let stall = async {
-            let delay = std::time::Duration::from_secs(1);
-            loop {
-                tokio::time::sleep(delay).await;
-                self.stream.write(b"x").await?;
-            }
-            Ok(Approval::Denied)
-        };
-
-        // this is the only place we even read this field, so it's safe to unwrap
-        let receiver = self.receiver.take().unwrap();
-        tokio::select!{
-            r = receiver => Ok(r.unwrap()), // only panics if the sender is dropped without sending, which shouldn't be possible
-            e = stall => e,
-        }
-    }
-
-    async fn send_body(&mut self, body: &[u8]) -> Result<(), HandlerError> {
-        self.stream.write(b"\r\nContent-Length: ").await?;
-        self.stream.write(body.len().to_string().as_bytes()).await?;
-        self.stream.write(b"\r\n\r\n").await?;
-        self.stream.write(body).await?;
-        self.stream.shutdown().await?;
-        Ok(())
-    }
+#[derive(Debug, Serialize, Deserialize)]
+pub enum Response {
+    Aws(Credentials)
 }
 
 
-#[derive(Debug)]
 pub struct Server {
-    addr: Ipv4Addr,
-    port: u16,
+    listener: tokio::net::windows::named_pipe::NamedPipeServer,
     app_handle: AppHandle,
-    task: JoinHandle<()>,
 }
 
-
 impl Server {
-    pub async fn new(addr: Ipv4Addr, port: u16, app_handle: AppHandle) -> io::Result<Server> {
-        let task = Self::start_server(addr, port, app_handle.app_handle()).await?;
-        Ok(Server { addr, port, app_handle, task})
-    }
+    pub fn start(app_handle: AppHandle) -> std::io::Result<()> {
+        let listener = ServerOptions::new()
+            .first_pipe_instance(true)
+            .create(r"\\.\pipe\creddy-requests")?;
 
-    pub async fn rebind(&mut self, addr: Ipv4Addr, port: u16) -> io::Result<()> {
-        if addr == self.addr && port == self.port {
-            return Ok(())
-        }
-
-        let new_task = Self::start_server(addr, port, self.app_handle.app_handle()).await?;
-        self.task.abort();
-
-        self.addr = addr;
-        self.port = port;
-        self.task = new_task;
+        let srv = Server {listener, app_handle};
+        rt::spawn(srv.serve());
         Ok(())
     }
 
-    // construct the listener before spawning the task so that we can return early if it fails
-    async fn start_server(addr: Ipv4Addr, port: u16, app_handle: AppHandle) -> io::Result<JoinHandle<()>> {
-        let sock_addr = SocketAddrV4::new(addr, port);
-        let listener = TcpListener::bind(&sock_addr).await?;
-        let task = rt::spawn(
-            Self::serve(listener, app_handle.app_handle())
-        );
-        Ok(task)
-    }
-
-    async fn serve(listener: TcpListener, app_handle: AppHandle) {
+    async fn serve(mut self) {
         loop {
-            match listener.accept().await {
-                Ok((stream, _)) => {
-                    match Handler::new(stream, app_handle.app_handle()).await {
-                        Ok(handler) => { rt::spawn(handler.handle()); }
-                        Err(e) => { eprintln!("Error handling request: {e}"); }
-                    }
-                },
-                Err(e) => { eprintln!("Error accepting connection: {e}"); }
+            if let Err(e) = self.try_serve().await {
+                eprintln!("Error accepting connection: {e}");
             }
         }
     }
+
+    async fn try_serve(&mut self) -> std::io::Result<()> {
+        // connect() just waits for a client to connect, it doesn't return anything
+        self.listener.connect().await?;
+
+        // create a new pipe instance to listen for the next client, and swap it in
+        let new_listener = ServerOptions::new().create(r"\\.\pipe\creddy-requests")?;
+        let mut stream = std::mem::replace(&mut self.listener, new_listener);
+        let new_handle = self.app_handle.app_handle();
+        rt::spawn(async move {
+            let res = serde_json::to_string(
+                &handle(&mut stream, new_handle).await
+            ).unwrap();
+            if let Err(e) = stream.write_all(res.as_bytes()).await {
+                eprintln!("Error responding to request: {e}");
+            }
+        });
+
+        Ok(())
+    }
+}
+
+
+async fn handle(stream: &mut NamedPipeServer, app_handle: AppHandle) -> Result<Response, HandlerError> {
+    // read from stream until delimiter is reached
+    let mut buf: Vec<u8> = Vec::with_capacity(1024); // requests are small, 1KiB is more than enough
+    let mut n = 0;
+    loop {
+        n += stream.read_buf(&mut buf).await?;
+        if let Some(&b'\n') = buf.last() {
+            break;
+        }
+        else if n >= 1024 {
+            return Err(HandlerError::RequestTooLarge);
+        }
+    }
+
+    let client = clientinfo::get_client_parent(&stream)?;
+
+    let req: Request = serde_json::from_slice(&buf)?;
+    match req {
+        Request::GetAwsCredentials{ base } => get_aws_credentials(base, client, app_handle).await,
+        // etc
+    }
+}
+
+
+async fn get_aws_credentials(base: bool, client: Client, app_handle: AppHandle) -> Result<Response, HandlerError> {
+    let state = app_handle.state::<AppState>();
+
+    let main_window = app_handle.get_window("main").ok_or(HandlerError::NoMainWindow)?;
+    let is_currently_visible = main_window.is_visible()?;
+    let rehide_after = state.get_or_set_rehide(!is_currently_visible).await;
+
+    let (chan_send, chan_recv) = oneshot::channel();
+    let request_id = state.register_request(chan_send).await;
+
+    // if an error occurs in any of the following, we want to abort the operation
+    // but ? returns immediately, and we want to unregister the request before returning
+    // so we bundle it all up in an async block and return a Result so we can handle errors
+    let proceed = async {
+        let notification = AwsRequestNotification {id: request_id, client, base};
+        app_handle.emit_all("credentials-request", &notification)?;
+
+        if !main_window.is_visible()? {
+            main_window.unminimize()?;
+            main_window.show()?;
+        }
+        main_window.set_focus()?;
+
+        match chan_recv.await {
+            Ok(Approval::Approved) => {
+                if base {
+                    let creds = state.base_creds_cloned().await?;
+                    Ok(Response::Aws(Credentials::Base(creds)))
+                }
+                else {
+                    let creds = state.session_creds_cloned().await?;
+                    Ok(Response::Aws(Credentials::Session(creds)))
+                }
+            },
+            Ok(Approval::Denied) => Err(HandlerError::Denied),
+            Err(_e) => Err(HandlerError::Internal),
+        }
+    };
+
+    let result = match proceed.await {
+        Ok(r) => Ok(r),
+        Err(e) => {
+            state.unregister_request(request_id).await;
+            Err(e)
+        }
+    };
+
+    rt::spawn(
+        handle_rehide(rehide_after, app_handle.app_handle())
+    );
+    result
+}
+
+
+async fn handle_rehide(rehide_after: bool, app_handle: AppHandle) {
+    let state = app_handle.state::<AppState>();
+    let delay = {
+        let config = state.config.read().await;
+        Duration::from_millis(config.rehide_ms)
+    };
+    tokio::time::sleep(delay).await;
+
+    // if there are no other pending requests, set rehide status back to None
+    if state.req_count().await == 0 {
+        state.clear_rehide().await;
+        // and hide the window if necessary
+        if rehide_after {
+            app_handle.get_window("main").map(|w| {
+                if let Err(e) = w.hide() {
+                    eprintln!("{e}");
+                }
+            });
+        }
+    }
 }

src-tauri/src/shortcuts.rs

@@ -0,0 +1,51 @@
+use serde::{Serialize, Deserialize};
+
+use tauri::{
+    AppHandle,
+    Manager,
+};
+
+use crate::app::APP;
+use crate::config::HotkeysConfig;
+use crate::terminal;
+
+
+#[derive(Debug, Serialize, Deserialize)]
+pub enum ShortcutAction {
+    ShowWindow,
+    LaunchTerminal,
+}
+
+
+pub fn exec_shortcut(action: ShortcutAction) {
+    match action {
+        ShowWindow => {
+            let app = APP.get().unwrap();
+            app.get_window("main").map(|w| w.show());
+        },
+        LaunchTerminal => terminal::launch(false),
+    }
+}
+
+
+pub fn register_hotkeys(hotkeys: &HotkeysConfig) -> tauri::Result<()> {
+    let app = APP.get().unwrap();
+    let mut manager = app.global_shortcut_manager();
+    manager.unregister_all()?;
+
+    if hotkeys.show_window.enabled {
+        manager.register(
+            hotkeys.show_window.keys,
+            || exec_shortcut(ShortcutAction::ShowWindow)
+        )?;
+    }
+
+    if hotkeys.launch_terminal.enabled {
+        manager.register(
+            &hotkeys.launch_terminal.keys,
+            || exec_shortcut(ShortcutAction::LaunchTerminal)
+        )?;
+    }
+
+    Ok(())
+}

src-tauri/src/state.rs

@@ -1,15 +1,11 @@
-use std::collections::{HashMap, HashSet};
-use std::time::Duration;
+use std::collections::HashMap;
 
 use tokio::{
     sync::RwLock,
-    time::sleep,
+    sync::oneshot::Sender,
 };
 use sqlx::SqlitePool;
-use tauri::async_runtime as runtime;
-use tauri::Manager;
 
-use crate::app::APP;
 use crate::credentials::{
     Session,
     BaseCredentials,
@@ -17,9 +13,7 @@ use crate::credentials::{
 };
 use crate::{config, config::AppConfig};
 use crate::ipc::{self, Approval};
-use crate::clientinfo::Client;
 use crate::errors::*;
-use crate::server::{Server, RequestWaiter};
 
 
 #[derive(Debug)]
@@ -27,23 +21,29 @@ pub struct AppState {
     pub config: RwLock<AppConfig>,
     pub session: RwLock<Session>,
     pub request_count: RwLock<u64>,
-    pub waiting_requests: RwLock<HashMap<u64, RequestWaiter>>,
+    pub waiting_requests: RwLock<HashMap<u64, Sender<Approval>>>,
+    pub current_rehide_status: RwLock<Option<bool>>,
     pub pending_terminal_request: RwLock<bool>,
-    pub bans: RwLock<std::collections::HashSet<Option<Client>>>,
-    server: RwLock<Server>,
+    // setup_errors is never modified and so doesn't need to be wrapped in RwLock
+    pub setup_errors: Vec<String>,
     pool: sqlx::SqlitePool,
 }
 
 impl AppState {
-    pub fn new(config: AppConfig, session: Session, server: Server, pool: SqlitePool) -> AppState {
+    pub fn new(
+        config: AppConfig,
+        session: Session,
+        pool: SqlitePool,
+        setup_errors: Vec<String>,
+    ) -> AppState {
         AppState {
             config: RwLock::new(config),
             session: RwLock::new(session),
             request_count: RwLock::new(0),
             waiting_requests: RwLock::new(HashMap::new()),
+            current_rehide_status: RwLock::new(None),
             pending_terminal_request: RwLock::new(false),
-            bans: RwLock::new(HashSet::new()),
-            server: RwLock::new(server),
+            setup_errors,
             pool,
         }
     }
@@ -64,13 +64,7 @@ impl AppState {
         if new_config.start_on_login != live_config.start_on_login {
             config::set_auto_launch(new_config.start_on_login)?;
         }
-        // rebind socket if necessary
-        if new_config.listen_addr != live_config.listen_addr 
-            || new_config.listen_port != live_config.listen_port 
-        {
-            let mut sv = self.server.write().await;
-            sv.rebind(new_config.listen_addr, new_config.listen_port).await?;
-        }
+
         // re-register hotkeys if necessary
         if new_config.hotkeys.show_window != live_config.hotkeys.show_window
             || new_config.hotkeys.launch_terminal != live_config.hotkeys.launch_terminal
@@ -83,7 +77,7 @@ impl AppState {
         Ok(())
     }
 
-    pub async fn register_request(&self, waiter: RequestWaiter) -> u64 {
+    pub async fn register_request(&self, sender: Sender<Approval>) -> u64 {
         let count = {
             let mut c = self.request_count.write().await;
             *c += 1;
@@ -91,7 +85,7 @@ impl AppState {
         };
 
         let mut waiting_requests = self.waiting_requests.write().await;
-        waiting_requests.insert(*count, waiter); // `count` is the request id
+        waiting_requests.insert(*count, sender); // `count` is the request id
         *count
     }
 
@@ -105,11 +99,20 @@ impl AppState {
         waiting_requests.len()
     }
 
-    pub async fn current_rehide_status(&self) -> Option<bool> {
-        // since all requests that are pending at a given time should have the same
-        // value for rehide_after, it doesn't matter which one we use
-        let waiting_requests = self.waiting_requests.read().await;
-        waiting_requests.iter().next().map(|(_id, w)| w.rehide_after)
+    pub async fn get_or_set_rehide(&self, new_value: bool) -> bool {
+        let mut rehide = self.current_rehide_status.write().await;
+        match *rehide {
+            Some(original) => original,
+            None => {
+                *rehide = Some(new_value);
+                new_value
+            }
+        }
+    }
+
+    pub async fn clear_rehide(&self) {
+        let mut rehide = self.current_rehide_status.write().await;
+        *rehide = None;
     }
 
     pub async fn send_response(&self, response: ipc::RequestResponse) -> Result<(), SendResponseError> {
@@ -120,26 +123,10 @@ impl AppState {
 
         let mut waiting_requests = self.waiting_requests.write().await;
         waiting_requests
-            .get_mut(&response.id)
+            .remove(&response.id)
             .ok_or(SendResponseError::NotFound)?
-            .notify(response.approval)
-    }
-
-    pub async fn add_ban(&self, client: Option<Client>) {
-        let mut bans = self.bans.write().await;
-        bans.insert(client.clone());
-
-        runtime::spawn(async move {
-            sleep(Duration::from_secs(5)).await;
-            let app = APP.get().unwrap();
-            let state = app.state::<AppState>();
-            let mut bans = state.bans.write().await;
-            bans.remove(&client);
-        });
-    }
-
-    pub async fn is_banned(&self, client: &Option<Client>) -> bool {
-        self.bans.read().await.contains(&client)
+            .send(response.approval)
+            .map_err(|_| SendResponseError::Abandoned)
     }
 
     pub async fn unlock(&self, passphrase: &str) -> Result<(), UnlockError> {
@@ -159,16 +146,16 @@ impl AppState {
         matches!(*session, Session::Unlocked{..})
     }
 
-    pub async fn serialize_base_creds(&self) -> Result<String, GetCredentialsError> {
+    pub async fn base_creds_cloned(&self) -> Result<BaseCredentials, GetCredentialsError> {
         let app_session = self.session.read().await;
         let (base, _session) = app_session.try_get()?;
-        Ok(serde_json::to_string(base).unwrap())
+        Ok(base.clone())
     }
 
-    pub async fn serialize_session_creds(&self) -> Result<String, GetCredentialsError> {
+    pub async fn session_creds_cloned(&self) -> Result<SessionCredentials, GetCredentialsError> {
         let app_session = self.session.read().await;
         let (_bsae, session) = app_session.try_get()?;
-        Ok(serde_json::to_string(session).unwrap())
+        Ok(session.clone())
     }
 
     async fn new_session(&self, base: BaseCredentials) -> Result<(), GetSessionError> {

src-tauri/src/terminal.rs

@@ -63,7 +63,7 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> {
         else {
             cmd.env("AWS_ACCESS_KEY_ID", &session_creds.access_key_id);
             cmd.env("AWS_SECRET_ACCESS_KEY", &session_creds.secret_access_key);
-            cmd.env("AWS_SESSION_TOKEN", &session_creds.token);
+            cmd.env("AWS_SESSION_TOKEN", &session_creds.session_token);
         }
     }
 

src-tauri/tauri.conf.json

@@ -8,7 +8,7 @@
   },
   "package": {
     "productName": "creddy",
-    "version": "0.3.1"
+    "version": "0.3.3"
   },
   "tauri": {
     "allowlist": {

src/App.svelte

@@ -28,7 +28,12 @@ listen('launch-terminal-request', async (tauriEvent) => {
         // else, session is unlocked, so do nothing
         // (although we shouldn't even get the event in that case)
     }
-})
+});
+
+invoke('get_setup_errors')
+    .then(errs => {
+        $appState.setupErrors = errs.map(e => ({msg: e, show: true}));
+    });
 
 acceptRequest();
 </script>

src/lib/state.js

@@ -8,6 +8,7 @@ export let appState = writable({
     currentRequest: null,
     pendingRequests: queue(),
     credentialStatus: 'locked',
+    setupErrors: [],
 });
 
 

src/ui/settings/Keybind.svelte

@@ -7,42 +7,49 @@
 
     const id = Math.random().toString().slice(2);
     const dispatch = createEventDispatcher();
-    const modifierKeys = new Set(['Alt', 'AltGraph', 'Control', 'Fn', 'FnLock', 'Meta', 'Shift', 'Super', ]);
+    const MODIFIERS = new Set(['Alt', 'AltGraph', 'Control', 'Fn', 'FnLock', 'Meta', 'Shift', 'Super', ]);
+
+
     let listening = false;
+    let keysPressed = [];
+
+    function addModifiers(event) {
+        // add modifier key if it isn't already present
+        if (MODIFIERS.has(event.key) && keysPressed.indexOf(event.key) === -1) {
+            keysPressed.push(event.key);
+        }
+    }
+
+    function addMainKey(event) {
+        if (!MODIFIERS.has(event.key)) {
+            keysPressed.push(event.key);
+            
+            value.keys = keysPressed.join('+');
+            dispatch('update', {value});
+            event.preventDefault();
+            event.stopPropagation();
+
+            unlisten();
+        }
+    }
     
     function listen() {
         // don't re-listen if we already are
         if (listening) return;
 
         listening = true;
-        window.addEventListener('keyup', setKeybind, {once: true});
+        window.addEventListener('keydown', addModifiers);
+        window.addEventListener('keyup', addMainKey);
         // setTimeout avoids reacting to the click event that we are currently processing
-        setTimeout(() => window.addEventListener('click', cancel, {once: true}), 0);
+        setTimeout(() => window.addEventListener('click', unlisten), 0);
     }
 
-    function setKeybind(event) {
-        // separate events fire for modifier keys, even when they are combined with a regular key
-        if (modifierKeys.has(event.key)) return;
-
-        let keys = [];
-        if (event.ctrlKey) keys.push('Ctrl');
-        if (event.altKey) keys.push('Alt');
-        if (event.metaKey) keys.push('Meta');
-        if (event.shiftKey) keys.push('Shift');
-        // capitalize
-        keys.push(event.key);
-
-        value.keys = keys.join('+');
-        dispatch('update', {value});
+    function unlisten() {
         listening = false;
-        window.removeEventListener('click', cancel, {once: true});
-        event.preventDefault();
-        event.stopPropagation();
-    }
-
-    function cancel() {
-        listening = false;
-        window.removeEventListener('keyup', setKeybind, {once: true});
+        keysPressed = [];
+        window.removeEventListener('keydown', addModifiers);
+        window.removeEventListener('keyup', addMainKey);
+        window.removeEventListener('click', unlisten);
     }
 </script>
 

src/views/Approve.svelte

@@ -47,16 +47,13 @@
     }
 
     // Extract executable name from full path
-    let appName = null;
-    if ($appState.currentRequest.clients.length === 1) {
-        let path = $appState.currentRequest.clients[0].exe;
-        let m = path.match(/\/([^/]+?$)|\\([^\\]+?$)/);
-        appName = m[1] || m[2];
-    }
+    const client = $appState.currentRequest.client;
+    const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
+    const appName = m[1] || m[2];
 
     // Executable paths can be long, so ensure they only break on \ or /
-    function breakPath(client) {
-        return client.exe.replace(/(\\|\/)/g, '$1<wbr>');
+    function breakPath(path) {
+        return path.replace(/(\\|\/)/g, '$1<wbr>');
     }
 
     // if the request has already been approved/denied, send response immediately
@@ -97,12 +94,10 @@
             <h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>
 
             <div class="grid grid-cols-[auto_1fr] gap-x-3">
-                {#each $appState.currentRequest.clients as client}
-                    <div class="text-right">Path:</div>
-                    <code class="">{@html client ? breakPath(client) : 'Unknown'}</code>
-                    <div class="text-right">PID:</div>
-                    <code>{client ? client.pid : 'Unknown'}</code>
-                {/each}
+                <div class="text-right">Path:</div>
+                <code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
+                <div class="text-right">PID:</div>
+                <code>{client.pid}</code>
             </div>
         </div>
 

src/views/Home.svelte

@@ -51,4 +51,17 @@
             {/if}
         {/await}
     </div>
-</div>
+</div>
+
+{#if $appState.setupErrors.some(e => e.show)}
+    <div class="toast">
+        {#each $appState.setupErrors as error}
+            {#if error.show}
+                <div class="alert alert-error shadow-lg">
+                    {error.msg}
+                    <button class="btn btn-sm btn-alert-error" on:click={() => error.show = false}>Ok</button>
+                </div>
+            {/if}
+        {/each}
+    </div>
+{/if}

src/views/Settings.svelte

@@ -58,18 +58,6 @@
                 </svelte:fragment>
             </NumericSetting>
 
-            <NumericSetting
-                title="Listen port"
-                bind:value={$appState.config.listen_port}
-                min={osType === 'Windows_NT' ? 1 : 0}
-                on:update={save}
-            >
-                <svelte:fragment slot="description">
-                    Listen for credentials requests on this port. 
-                    (Should be used with <code>$AWS_CONTAINER_CREDENTIALS_FULL_URI</code>)
-                </svelte:fragment>
-            </NumericSetting>
-
             <Setting title="Update credentials">
                 <Link slot="input" target="EnterCredentials">
                     <button class="btn btn-sm btn-primary">Update</button>