Compare commits
17 Commits
v0.4.0
...
0491cb5790
| Author | SHA1 | Date | |
|---|---|---|---|
| 0491cb5790 | |||
| 816bd7db00 | |||
| b165965289 | |||
| 86896d68c2 | |||
| 64a2927b94 | |||
| 87617a0726 | |||
| 141334f7e2 | |||
| 69f6a39396 | |||
| 70e23c7e20 | |||
| 1df849442e | |||
| 7fdb336c79 | |||
| 46b8d810c5 | |||
| dd40eb379e | |||
| 13545ac725 | |||
| 040a01536a | |||
| 4e2a90b15b | |||
| e0d919ed4a |
@ -9,7 +9,7 @@ The following is a list of security features that I hope to add eventually, in a
|
||||
* To defend against the possibility that an attacker could replace, say, the `aws` executable with a malicious one that snarfs your credentials and then passes the command on to the real one, maybe track the path (and maybe even the hash) of the executable, and raise a warning if this is the first time we've seen that one? Using the hash would be safer, but would also introduce a lot of false positives, since every time the application gets updated it would trigger. On the other hand, users should presumably know when they've updated things, so maybe it would be ok. On the _other_ other hand, if somebody doesn't use `aws` very often then it might be weeks or months in between updating it and actually using the updated executable, in which case they probably won't remember that this is the first time they've used it since updating.
|
||||
Another possible approach is to _watch_ the files in question, and alert the user whenever any of them changes. Presumably the user will know whether this change is expected or not.
|
||||
* Downgrade privileges after launching. In particular, if possible, disallow any kind of outgoing network access (obviously we have to bind the listening socket, but maybe we can filter that down to _just_ the ability to bind that particular address/port) and filesystem access outside of state db. I think this is doable on Linux, although it may involve high levels of `seccomp` grossness. No idea whether it's possible on Windows. Probably possible on MacOS although it may require lengths to which I am currently unwilling to go (e.g. pay for a certificate from Apple or something.)
|
||||
* "Panic button" - if a potential attack is detected (e.g. the user denies a request but Creddy discovers the request has already succeeded somehow), offer a one-click option to lock out the current IAM user. (Sadly, you can't revoke session tokens, so this is the only way to limit a potential compromise). Not sure how feasible this is, session credentials may be limited with regard to what kind of IAM operations they can carry out.)
|
||||
* "Panic button" - if a potential attack is detected (e.g. the user denies a request but Creddy discovers the request has already succeeded somehow), offer a one-click option to lock out the current IAM user. Sadly, you can't revoke session tokens, so this is the only way to limit a potential compromise. Obviously this would require the current user having the ability to revoke their own IAM permissions.)
|
||||
* Some kind of Yubikey or other HST integration. (Optional, since not everyone will have a HST.) This comes in two flavors:
|
||||
1. (Probably doable) Store the encryption key for the passphrase on the HST, and ask the HST to decrypt the passphrase instead of asking the user to enter it. This has the advantage of being a) lower-friction, since the user doesn't have to type in the passphrase, and b) more secure, since the application code never sees the encryption key.
|
||||
2. (Less doable) Store the actual AWS secret key on the HST, and then ask the HST to just sign the whole `GetSessionToken` request. This requires that the HST support the exact signing algorithm required by AWS, which a) it probably doesn't, and b) is subject to change anyway. So this is probably not doable, but it's worth at least double-checking, since it would provide the maximum theoretical level of security. (That is, after initial setup, the application would never again see the long-lived AWS secret key.)
|
||||
@ -19,9 +19,9 @@ Another possible approach is to _watch_ the files in question, and alert the use
|
||||
|
||||
Who exactly are we defending against and why?
|
||||
|
||||
The basic idea behind Creddy is that it provides "gap coverage" between two wildly different security boundaries: 1) the older, user-based model, where all code executing as a given user is assumed to have the same level of trust, and 2) the newer, application-based model (most clearly seen on mobile devices) where that bondary instead exists around each _application_.
|
||||
The basic idea behind Creddy is that it provides "gap coverage" between two wildly different security models: 1) the older, user-based model, where all code executing as a given user is assumed to have the same level of trust, and 2) the newer, application-based model (most clearly seen on mobile devices) where that bondary instead exists around each _application_.
|
||||
|
||||
The unfortunate reality is that desktop environments are unlikely to adopt the latter model any time soon, if ever. This is primarily due to friction: Per-application security is a nightmare to manage. The only reason it works at all on mobile devices is because most mobile apps eschew the local device in favor of cloud-backed services where they can, e.g. for file storage. Arguably, the higher-friction trust model of mobile environments is in part _why_ mobile apps tend to be cloud-first.
|
||||
The unfortunate reality is that desktop environments are unlikely to adopt the latter model any time soon, if ever. This is primarily due to friction: Per-application security is a nightmare to manage. The only reason it works at all on mobile devices is because most mobile apps eschew the local device in favor of cloud-backed services where they can, e.g. for file storage. Arguably, the higher-friction trust model of mobile environments (along with the frequently-replaced nature of mobile devices) is in part _why_ mobile apps tend to be cloud-first.
|
||||
|
||||
Regardless, we live in a world where it's difficult to run untrusted code without giving it an inordinate level of access to the machine on which it runs. Creddy attempts to prevent that access from including your AWS credentials. The threat model is thus "untrusted code running under your user". This is especially likely to occur in the form of a supply-chain attack, where the compromised code is not your own but rather a dependency, or a dependency of a dependency, etc.
|
||||
|
||||
@ -31,13 +31,13 @@ There are lots of ways that I can imagine someone might try to circumvent Creddy
|
||||
|
||||
### Tricking Creddy into allowing a request that it shouldn't
|
||||
|
||||
If an attacker is able to compromise Creddy's frontend, e.g. via a JS library that Creddy relies on, they could forge "request accepted" responses and cause the backend to hand out credentials to an unauthorized client. Most likely, the user would immediately be alerted to the fact that Something Is Up because as soon as the request came in, Creddy would pop up requesting permission. When the user (presumably) denied the request, Creddy would discover that the request had already been approved - we could make this a high-alert situation because it would be unlikely to happen unless something fishy were going on. Additionally, the request and (hopefully) what executable made it would be logged.
|
||||
If an attacker is able to compromise Creddy's frontend, e.g. via a JS library that Creddy relies on, they could forge "request accepted" responses and cause the backend to hand out credentials to an unauthorized client. Most likely, the user would immediately be alerted to the fact that Something Is Up because Creddy would pop up requesting then permission, and then immediately disappear again because the request had been approved. Additionally, the request and (hopefully) what executable made it would be logged.
|
||||
|
||||
### Tricking the user into allowing a request they didn't intend to
|
||||
|
||||
If an attacker can edit the user's .bashrc or similar, they could theoretically insert a function or pre-command hook that wraps, say, the `aws` command, and dump the credentials before continuing on with the user's command. This would most likely alert the user because either a) the attacker is hijacking the original `aws` command and thus it doesn't do what the user told it to, or b) the user's original `aws` command proceeds as normal after the malicious one, and the user is alerted by the second request where there should only have been one.
|
||||
If an attacker can edit the user's .bashrc or similar, they could theoretically insert a function or pre-command hook that wraps, say, the `aws` command, and dump the credentials before continuing on with the user's command. The attacker could inject the credentials into the environment before running the original command, so as to avoid alerting the user by issuing a second credentials request.
|
||||
|
||||
A similar but more-difficult-to-detect attack would be replacing the `aws` executable, or any other executable that is always expected to ask for AWS credentials, with a malicious wrapper that snarfs the credentials before passing them through to the original command. Creddy could defend against this to a certain extent by storing the hash of the executable, as discussed above.
|
||||
Another attack along the same lines would be replacing the `aws` executable, or any other executable that is always expected to ask for AWS credentials, with a malicious wrapper that snarfs the credentials before passing them through to the original command. Creddy could defend against this to a certain extent by storing the hash of the executable, as discussed above.
|
||||
|
||||
### Pretending to be the user
|
||||
|
||||
@ -46,3 +46,5 @@ Most desktop environments don't prevent applications from simulating user-input
|
||||
### Twiddling with Creddy's persistent state
|
||||
|
||||
The solutions to or mitigations for a lot of these attacks rely on Creddy being able to assume that its local database hasn't been tampered with. Unfortunately, given that our threat model is "other code running as the same user", this isn't a safe assumption.
|
||||
|
||||
The solution to this problem is probably just to encrypt the entire database. This introduces a bit of complexity since certain settings, like `start_on_login` and `start_minimized`, will need to be accessible before the app is unlocked,but these settings can probably just be stashed alongside the database and kept in sync on every config save.
|
||||
|
||||
12
doc/todo.md
12
doc/todo.md
@ -1,13 +1,18 @@
|
||||
## Definitely
|
||||
|
||||
* Switch to "process" provider for AWS credentials (much less hacky)
|
||||
* Session timeout (plain duration, or activity-based?)
|
||||
* ~Fix rehide behavior when new request comes in while old one is still being resolved~
|
||||
* ~~Switch to "process" provider for AWS credentials (much less hacky)~~
|
||||
* ~~Frontend needs to react when request is cancelled from backend~~
|
||||
* ~~Session timeout~~
|
||||
* ~~Fix rehide behavior when new request comes in while old one is still being resolved~~
|
||||
* ~~Switch tray menu item to Hide when window is visible~~
|
||||
* Clear password input after unlock fails
|
||||
* Indicate on approval screen when additional requests are pending
|
||||
* Additional hotkey configuration (approve/deny at the very least)
|
||||
* Logging
|
||||
* Icon
|
||||
* Auto-updates
|
||||
* SSH key handling
|
||||
* Encrypted sync server
|
||||
|
||||
## Maybe
|
||||
|
||||
@ -17,3 +22,4 @@
|
||||
* Make hotkey configuration a little more tolerant of slight mistiming
|
||||
* Distinguish between request that was denied and request that was canceled (e.g. due to error)
|
||||
* Use atomic types for primitive state values instead of RwLock'd types
|
||||
* Rework approval flow to be a fullscreen overlay instead of mixing with normal navigation (as more views are added the pain of the current situation will only increase)
|
||||
|
||||
1992
package-lock.json
generated
1992
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "creddy",
|
||||
"version": "0.4.0",
|
||||
"version": "0.4.9",
|
||||
"scripts": {
|
||||
"dev": "vite",
|
||||
"build": "vite build",
|
||||
@ -9,7 +9,7 @@
|
||||
},
|
||||
"devDependencies": {
|
||||
"@sveltejs/vite-plugin-svelte": "^1.0.1",
|
||||
"@tauri-apps/cli": "^1.0.5",
|
||||
"@tauri-apps/cli": "^2.0.0-beta.20",
|
||||
"autoprefixer": "^10.4.8",
|
||||
"postcss": "^8.4.16",
|
||||
"svelte": "^3.49.0",
|
||||
@ -17,7 +17,9 @@
|
||||
"vite": "^3.0.7"
|
||||
},
|
||||
"dependencies": {
|
||||
"@tauri-apps/api": "^1.0.2",
|
||||
"@tauri-apps/api": "^2.0.0-beta.13",
|
||||
"@tauri-apps/plugin-dialog": "^2.0.0-beta.5",
|
||||
"@tauri-apps/plugin-os": "^2.0.0-beta.5",
|
||||
"daisyui": "^2.51.5"
|
||||
}
|
||||
}
|
||||
|
||||
2135
src-tauri/Cargo.lock
generated
2135
src-tauri/Cargo.lock
generated
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "creddy"
|
||||
version = "0.4.0"
|
||||
version = "0.4.9"
|
||||
description = "A friendly AWS credentials manager"
|
||||
authors = ["Joseph Montanaro"]
|
||||
license = ""
|
||||
@ -20,13 +20,12 @@ path = "src/main.rs"
|
||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[build-dependencies]
|
||||
tauri-build = { version = "1.0.4", features = [] }
|
||||
tauri-build = { version = "2.0.0-beta", features = [] }
|
||||
|
||||
[dependencies]
|
||||
serde_json = "1.0"
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
tauri = { version = "1.2", features = ["dialog", "dialog-open", "global-shortcut", "os-all", "system-tray"] }
|
||||
tauri-plugin-single-instance = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "dev" }
|
||||
tauri = { version = "2.0.0-beta", features = ["tray-icon"] }
|
||||
sodiumoxide = "0.2.7"
|
||||
tokio = { version = ">=1.19", features = ["full"] }
|
||||
sqlx = { version = "0.6.2", features = ["sqlite", "runtime-tokio-rustls"] }
|
||||
@ -47,6 +46,10 @@ argon2 = { version = "0.5.0", features = ["std"] }
|
||||
chacha20poly1305 = { version = "0.10.1", features = ["std"] }
|
||||
which = "4.4.0"
|
||||
windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pipes"] }
|
||||
time = "0.3.31"
|
||||
tauri-plugin-single-instance = "2.0.0-beta.9"
|
||||
tauri-plugin-global-shortcut = "2.0.0-beta.6"
|
||||
rfd = "0.14.1"
|
||||
|
||||
[features]
|
||||
# by default Tauri runs in production mode
|
||||
|
||||
17
src-tauri/capabilities/migrated.json
Normal file
17
src-tauri/capabilities/migrated.json
Normal file
@ -0,0 +1,17 @@
|
||||
{
|
||||
"identifier": "migrated",
|
||||
"description": "permissions that were migrated from v1",
|
||||
"local": true,
|
||||
"windows": [
|
||||
"main"
|
||||
],
|
||||
"permissions": [
|
||||
"path:default",
|
||||
"event:default",
|
||||
"window:default",
|
||||
"app:default",
|
||||
"resources:default",
|
||||
"menu:default",
|
||||
"tray:default"
|
||||
]
|
||||
}
|
||||
1
src-tauri/gen/schemas/acl-manifests.json
Normal file
1
src-tauri/gen/schemas/acl-manifests.json
Normal file
File diff suppressed because one or more lines are too long
1
src-tauri/gen/schemas/capabilities.json
Normal file
1
src-tauri/gen/schemas/capabilities.json
Normal file
@ -0,0 +1 @@
|
||||
{"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["path:default","event:default","window:default","app:default","resources:default","menu:default","tray:default"]}}
|
||||
2243
src-tauri/gen/schemas/desktop-schema.json
Normal file
2243
src-tauri/gen/schemas/desktop-schema.json
Normal file
File diff suppressed because it is too large
Load Diff
2243
src-tauri/gen/schemas/linux-schema.json
Normal file
2243
src-tauri/gen/schemas/linux-schema.json
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,11 @@
|
||||
use std::error::Error;
|
||||
use std::time::Duration;
|
||||
|
||||
use once_cell::sync::OnceCell;
|
||||
use rfd::{
|
||||
MessageDialog,
|
||||
MessageLevel,
|
||||
};
|
||||
use sqlx::{
|
||||
SqlitePool,
|
||||
sqlite::SqlitePoolOptions,
|
||||
@ -9,9 +14,12 @@ use sqlx::{
|
||||
use tauri::{
|
||||
App,
|
||||
AppHandle,
|
||||
Manager,
|
||||
async_runtime as rt,
|
||||
Manager,
|
||||
RunEvent,
|
||||
WindowEvent,
|
||||
};
|
||||
use tauri::menu::MenuItem;
|
||||
|
||||
use crate::{
|
||||
config::{self, AppConfig},
|
||||
@ -31,32 +39,40 @@ pub static APP: OnceCell<AppHandle> = OnceCell::new();
|
||||
pub fn run() -> tauri::Result<()> {
|
||||
tauri::Builder::default()
|
||||
.plugin(tauri_plugin_single_instance::init(|app, _argv, _cwd| {
|
||||
app.get_window("main")
|
||||
.map(|w| w.show().error_popup("Failed to show main window"));
|
||||
show_main_window(app)
|
||||
.error_popup("Failed to show main window")
|
||||
}))
|
||||
.system_tray(tray::create())
|
||||
.on_system_tray_event(tray::handle_event)
|
||||
.plugin(tauri_plugin_global_shortcut::Builder::default().build())
|
||||
.invoke_handler(tauri::generate_handler![
|
||||
ipc::unlock,
|
||||
ipc::respond,
|
||||
ipc::get_session_status,
|
||||
ipc::signal_activity,
|
||||
ipc::save_credentials,
|
||||
ipc::get_config,
|
||||
ipc::save_config,
|
||||
ipc::launch_terminal,
|
||||
ipc::get_setup_errors,
|
||||
])
|
||||
.setup(|app| rt::block_on(setup(app)))
|
||||
.setup(|app| {
|
||||
let res = rt::block_on(setup(app));
|
||||
if let Err(ref e) = res {
|
||||
MessageDialog::new()
|
||||
.set_level(MessageLevel::Error)
|
||||
.set_title("Creddy failed to start")
|
||||
.set_description(format!("{e}"))
|
||||
.show();
|
||||
}
|
||||
res
|
||||
})
|
||||
.build(tauri::generate_context!())?
|
||||
.run(|app, run_event| match run_event {
|
||||
tauri::RunEvent::WindowEvent { label, event, .. } => match event {
|
||||
tauri::WindowEvent::CloseRequested { api, .. } => {
|
||||
let _ = app.get_window(&label).map(|w| w.hide());
|
||||
.run(|app, run_event| {
|
||||
if let RunEvent::WindowEvent { event, .. } = run_event {
|
||||
if let WindowEvent::CloseRequested { api, .. } = event {
|
||||
let _ = hide_main_window(app);
|
||||
api.prevent_close();
|
||||
}
|
||||
_ => ()
|
||||
}
|
||||
_ => ()
|
||||
});
|
||||
|
||||
Ok(())
|
||||
@ -75,8 +91,8 @@ pub async fn connect_db() -> Result<SqlitePool, SetupError> {
|
||||
|
||||
|
||||
async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
||||
APP.set(app.handle()).unwrap();
|
||||
|
||||
APP.set(app.handle().clone()).unwrap();
|
||||
tray::setup(app)?;
|
||||
// get_or_create_db_path doesn't create the actual db file, just the directory
|
||||
let is_first_launch = !config::get_or_create_db_path()?.exists();
|
||||
let pool = connect_db().await?;
|
||||
@ -94,7 +110,7 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
||||
};
|
||||
|
||||
let session = Session::load(&pool).await?;
|
||||
Server::start(app.handle())?;
|
||||
Server::start(app.handle().clone())?;
|
||||
|
||||
config::set_auto_launch(conf.start_on_login)?;
|
||||
if let Err(_e) = config::set_auto_launch(conf.start_on_login) {
|
||||
@ -108,14 +124,65 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
||||
setup_errors.push("Failed to register hotkeys. Hotkey settings have been disabled.".into());
|
||||
}
|
||||
|
||||
let desktop_is_gnome = std::env::var("XDG_CURRENT_DESKTOP")
|
||||
.map(|names| names.split(':').any(|n| n == "GNOME"))
|
||||
.unwrap_or(false);
|
||||
|
||||
// if session is empty, this is probably the first launch, so don't autohide
|
||||
if !conf.start_minimized || is_first_launch {
|
||||
app.get_window("main")
|
||||
.ok_or(HandlerError::NoMainWindow)?
|
||||
.show()?;
|
||||
show_main_window(&app.handle())?;
|
||||
}
|
||||
|
||||
let state = AppState::new(conf, session, pool, setup_errors);
|
||||
let state = AppState::new(conf, session, pool, setup_errors, desktop_is_gnome);
|
||||
app.manage(state);
|
||||
|
||||
// make sure we do this after managing app state, so that it doesn't panic
|
||||
start_auto_locker(app.app_handle().clone());
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
fn start_auto_locker(app: AppHandle) {
|
||||
rt::spawn(async move {
|
||||
let state = app.state::<AppState>();
|
||||
loop {
|
||||
// this gives our session-timeout a minimum resolution of 10s, which seems fine?
|
||||
let delay = Duration::from_secs(10);
|
||||
tokio::time::sleep(delay).await;
|
||||
|
||||
if state.should_auto_lock().await {
|
||||
state.lock().await.error_popup("Failed to lock Creddy");
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
pub fn show_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
||||
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
|
||||
w.show()?;
|
||||
let show_hide = app.state::<MenuItem<tauri::Wry>>();
|
||||
show_hide.set_text("Hide")?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
pub fn hide_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
||||
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
|
||||
w.hide()?;
|
||||
let show_hide = app.state::<MenuItem<tauri::Wry>>();
|
||||
show_hide.set_text("Show")?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
pub fn toggle_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
||||
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
|
||||
if w.is_visible()? {
|
||||
hide_main_window(app)
|
||||
}
|
||||
else {
|
||||
show_main_window(app)
|
||||
}
|
||||
}
|
||||
|
||||
@ -14,7 +14,6 @@ pub struct Client {
|
||||
|
||||
|
||||
pub fn get_process_parent_info(pid: u32) -> Result<Client, ClientInfoError> {
|
||||
dbg!(pid);
|
||||
let sys_pid = Pid::from_u32(pid);
|
||||
let mut sys = System::new();
|
||||
sys.refresh_process(sys_pid);
|
||||
@ -34,59 +33,3 @@ pub fn get_process_parent_info(pid: u32) -> Result<Client, ClientInfoError> {
|
||||
|
||||
Ok(Client { pid: parent_pid_sys.as_u32(), exe })
|
||||
}
|
||||
|
||||
|
||||
// async fn get_associated_pids(local_port: u16) -> Result<Vec<u32>, netstat2::error::Error> {
|
||||
// let state = APP.get().unwrap().state::<AppState>();
|
||||
// let AppConfig {
|
||||
// listen_addr: app_listen_addr,
|
||||
// listen_port: app_listen_port,
|
||||
// ..
|
||||
// } = *state.config.read().await;
|
||||
|
||||
// let sockets_iter = netstat2::iterate_sockets_info(
|
||||
// AddressFamilyFlags::IPV4,
|
||||
// ProtocolFlags::TCP
|
||||
// )?;
|
||||
// for item in sockets_iter {
|
||||
// let sock_info = item?;
|
||||
// let proto_info = match sock_info.protocol_socket_info {
|
||||
// ProtocolSocketInfo::Tcp(tcp_info) => tcp_info,
|
||||
// ProtocolSocketInfo::Udp(_) => {continue;}
|
||||
// };
|
||||
|
||||
// if proto_info.local_port == local_port
|
||||
// && proto_info.remote_port == app_listen_port
|
||||
// && proto_info.local_addr == app_listen_addr
|
||||
// && proto_info.remote_addr == app_listen_addr
|
||||
// {
|
||||
// return Ok(sock_info.associated_pids)
|
||||
// }
|
||||
// }
|
||||
// Ok(vec![])
|
||||
// }
|
||||
|
||||
|
||||
// Theoretically, on some systems, multiple processes can share a socket
|
||||
// pub async fn get_clients(local_port: u16) -> Result<Vec<Option<Client>>, ClientInfoError> {
|
||||
// let mut clients = Vec::new();
|
||||
// let mut sys = System::new();
|
||||
// for p in get_associated_pids(local_port).await? {
|
||||
// let pid = Pid::from_u32(p);
|
||||
// sys.refresh_process(pid);
|
||||
// let proc = sys.process(pid)
|
||||
// .ok_or(ClientInfoError::ProcessNotFound)?;
|
||||
|
||||
// let client = Client {
|
||||
// pid: p,
|
||||
// exe: proc.exe().to_path_buf(),
|
||||
// };
|
||||
// clients.push(Some(client));
|
||||
// }
|
||||
|
||||
// if clients.is_empty() {
|
||||
// clients.push(None);
|
||||
// }
|
||||
|
||||
// Ok(clients)
|
||||
// }
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
use std::path::PathBuf;
|
||||
use std::time::Duration;
|
||||
|
||||
use auto_launch::AutoLaunchBuilder;
|
||||
use is_terminal::IsTerminal;
|
||||
@ -45,6 +46,10 @@ impl HotkeysConfig {
|
||||
pub struct AppConfig {
|
||||
#[serde(default = "default_rehide_ms")]
|
||||
pub rehide_ms: u64,
|
||||
#[serde(default = "default_auto_lock")]
|
||||
pub auto_lock: bool,
|
||||
#[serde(default = "default_lock_after")]
|
||||
pub lock_after: Duration,
|
||||
#[serde(default = "default_start_minimized")]
|
||||
pub start_minimized: bool,
|
||||
#[serde(default = "default_start_on_login")]
|
||||
@ -60,6 +65,8 @@ impl Default for AppConfig {
|
||||
fn default() -> Self {
|
||||
AppConfig {
|
||||
rehide_ms: default_rehide_ms(),
|
||||
auto_lock: default_auto_lock(),
|
||||
lock_after: default_lock_after(),
|
||||
start_minimized: default_start_minimized(),
|
||||
start_on_login: default_start_on_login(),
|
||||
terminal: default_term_config(),
|
||||
@ -187,6 +194,30 @@ fn default_hotkey_config() -> HotkeysConfig {
|
||||
|
||||
|
||||
fn default_rehide_ms() -> u64 { 1000 }
|
||||
fn default_auto_lock() -> bool { true }
|
||||
fn default_lock_after() -> Duration { Duration::from_secs(43200) }
|
||||
// start minimized and on login only in production mode
|
||||
fn default_start_minimized() -> bool { !cfg!(debug_assertions) }
|
||||
fn default_start_on_login() -> bool { !cfg!(debug_assertions) }
|
||||
|
||||
|
||||
// struct DurationVisitor;
|
||||
|
||||
// impl<'de> Visitor<'de> for DurationVisitor {
|
||||
// type Value = Duration;
|
||||
|
||||
// fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
|
||||
// write!(formatter, "an integer between 0 and 2^64 - 1")
|
||||
// }
|
||||
|
||||
// fn visit_u64<E: de::Error>(self, v: u64) -> Result<Duration, E> {
|
||||
// Ok(Duration::from_secs(v))
|
||||
// }
|
||||
// }
|
||||
|
||||
|
||||
// fn duration_from_secs<'de, D>(deserializer: D) -> Result<Duration, D::Error>
|
||||
// where D: Deserializer<'de>
|
||||
// {
|
||||
// deserializer.deserialize_u64(DurationVisitor)
|
||||
// }
|
||||
|
||||
@ -126,23 +126,31 @@ impl LockedCredentials {
|
||||
let secret_access_key = String::from_utf8(decrypted)
|
||||
.map_err(|_| UnlockError::InvalidUtf8)?;
|
||||
|
||||
let creds = BaseCredentials {
|
||||
access_key_id: self.access_key_id.clone(),
|
||||
let creds = BaseCredentials::new(
|
||||
self.access_key_id.clone(),
|
||||
secret_access_key,
|
||||
};
|
||||
);
|
||||
Ok(creds)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
fn default_credentials_version() -> usize { 1 }
|
||||
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
#[serde(rename_all = "PascalCase")]
|
||||
pub struct BaseCredentials {
|
||||
#[serde(default = "default_credentials_version")]
|
||||
pub version: usize,
|
||||
pub access_key_id: String,
|
||||
pub secret_access_key: String,
|
||||
}
|
||||
|
||||
impl BaseCredentials {
|
||||
pub fn new(access_key_id: String, secret_access_key: String) -> Self {
|
||||
Self {version: 1, access_key_id, secret_access_key}
|
||||
}
|
||||
|
||||
pub fn encrypt(&self, passphrase: &str) -> Result<LockedCredentials, CryptoError> {
|
||||
let salt = Crypto::salt();
|
||||
let crypto = Crypto::new(passphrase, &salt)?;
|
||||
@ -162,6 +170,7 @@ impl BaseCredentials {
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
#[serde(rename_all = "PascalCase")]
|
||||
pub struct SessionCredentials {
|
||||
#[serde(default = "default_credentials_version")]
|
||||
pub version: usize,
|
||||
pub access_key_id: String,
|
||||
pub secret_access_key: String,
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
use std::error::Error;
|
||||
use std::convert::AsRef;
|
||||
use std::ffi::OsString;
|
||||
use std::sync::mpsc;
|
||||
use std::string::FromUtf8Error;
|
||||
use strum_macros::AsRefStr;
|
||||
|
||||
@ -10,14 +9,17 @@ use aws_sdk_sts::{
|
||||
types::SdkError as AwsSdkError,
|
||||
error::GetSessionTokenError,
|
||||
};
|
||||
use rfd::{
|
||||
AsyncMessageDialog,
|
||||
MessageLevel,
|
||||
};
|
||||
use sqlx::{
|
||||
error::Error as SqlxError,
|
||||
migrate::MigrateError,
|
||||
};
|
||||
use tauri::api::dialog::{
|
||||
MessageDialogBuilder,
|
||||
MessageDialogKind,
|
||||
};
|
||||
use tauri::async_runtime as rt;
|
||||
use tauri_plugin_global_shortcut::Error as ShortcutError;
|
||||
use tokio::sync::oneshot::error::RecvError;
|
||||
use serde::{
|
||||
Serialize,
|
||||
Serializer,
|
||||
@ -26,30 +28,23 @@ use serde::{
|
||||
};
|
||||
|
||||
|
||||
pub trait ShowError {
|
||||
pub trait ShowError<T, E>
|
||||
{
|
||||
fn error_popup(self, title: &str);
|
||||
fn error_popup_nowait(self, title: &str);
|
||||
fn error_print(self);
|
||||
fn error_print_prefix(self, prefix: &str);
|
||||
}
|
||||
|
||||
impl<E: std::fmt::Display> ShowError for Result<(), E> {
|
||||
impl<T, E> ShowError<T, E> for Result<T, E>
|
||||
where E: std::fmt::Display
|
||||
{
|
||||
fn error_popup(self, title: &str) {
|
||||
if let Err(e) = self {
|
||||
let (tx, rx) = mpsc::channel();
|
||||
MessageDialogBuilder::new(title, format!("{e}"))
|
||||
.kind(MessageDialogKind::Error)
|
||||
.show(move |_| tx.send(true).unwrap());
|
||||
|
||||
rx.recv().unwrap();
|
||||
}
|
||||
}
|
||||
|
||||
fn error_popup_nowait(self, title: &str) {
|
||||
if let Err(e) = self {
|
||||
MessageDialogBuilder::new(title, format!("{e}"))
|
||||
.kind(MessageDialogKind::Error)
|
||||
.show(|_| {})
|
||||
let dialog = AsyncMessageDialog::new()
|
||||
.set_level(MessageLevel::Error)
|
||||
.set_title(title)
|
||||
.set_description(format!("{e}"));
|
||||
rt::spawn(async move {dialog.show().await});
|
||||
}
|
||||
}
|
||||
|
||||
@ -82,15 +77,33 @@ where
|
||||
}
|
||||
|
||||
|
||||
struct SerializeUpstream<E>(pub E);
|
||||
|
||||
impl<E: Error> Serialize for SerializeUpstream<E> {
|
||||
fn serialize<S: Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
|
||||
let msg = format!("{}", self.0);
|
||||
let mut map = serializer.serialize_map(None)?;
|
||||
map.serialize_entry("msg", &msg)?;
|
||||
map.serialize_entry("code", &None::<&str>)?;
|
||||
map.serialize_entry("source", &None::<&str>)?;
|
||||
map.end()
|
||||
}
|
||||
}
|
||||
|
||||
fn serialize_upstream_err<E, M>(err: &E, map: &mut M) -> Result<(), M::Error>
|
||||
where
|
||||
E: Error,
|
||||
M: serde::ser::SerializeMap,
|
||||
{
|
||||
let msg = err.source().map(|s| format!("{s}"));
|
||||
map.serialize_entry("msg", &msg)?;
|
||||
map.serialize_entry("code", &None::<&str>)?;
|
||||
map.serialize_entry("source", &None::<&str>)?;
|
||||
// let msg = err.source().map(|s| format!("{s}"));
|
||||
// map.serialize_entry("msg", &msg)?;
|
||||
// map.serialize_entry("code", &None::<&str>)?;
|
||||
// map.serialize_entry("source", &None::<&str>)?;
|
||||
|
||||
match err.source() {
|
||||
Some(src) => map.serialize_entry("source", &SerializeUpstream(src))?,
|
||||
None => map.serialize_entry("source", &None::<&str>)?,
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
@ -125,7 +138,7 @@ pub enum SetupError {
|
||||
#[error("Failed to resolve data directory: {0}")]
|
||||
DataDir(#[from] DataDirError),
|
||||
#[error("Failed to register hotkeys: {0}")]
|
||||
RegisterHotkeys(#[from] tauri::Error),
|
||||
RegisterHotkeys(#[from] ShortcutError),
|
||||
}
|
||||
|
||||
|
||||
@ -152,7 +165,7 @@ pub enum SendResponseError {
|
||||
}
|
||||
|
||||
|
||||
// errors encountered while handling an HTTP request
|
||||
// errors encountered while handling a client request
|
||||
#[derive(Debug, ThisError, AsRefStr)]
|
||||
pub enum HandlerError {
|
||||
#[error("Error writing to stream: {0}")]
|
||||
@ -163,8 +176,10 @@ pub enum HandlerError {
|
||||
BadRequest(#[from] serde_json::Error),
|
||||
#[error("HTTP request too large")]
|
||||
RequestTooLarge,
|
||||
#[error("Connection closed early by client")]
|
||||
Abandoned,
|
||||
#[error("Internal server error")]
|
||||
Internal,
|
||||
Internal(#[from] RecvError),
|
||||
#[error("Error accessing credentials: {0}")]
|
||||
NoCredentials(#[from] GetCredentialsError),
|
||||
#[error("Error getting client details: {0}")]
|
||||
@ -202,7 +217,7 @@ pub enum GetSessionError {
|
||||
EmptyResponse, // SDK returned successfully but credentials are None
|
||||
#[error("Error response from AWS SDK: {0}")]
|
||||
SdkError(#[from] AwsSdkError<GetSessionTokenError>),
|
||||
#[error("Could not construt session: credentials are locked")]
|
||||
#[error("Could not construct session: credentials are locked")]
|
||||
CredentialsLocked,
|
||||
#[error("Could not construct session: no credentials are known")]
|
||||
CredentialsEmpty,
|
||||
@ -226,6 +241,19 @@ pub enum UnlockError {
|
||||
}
|
||||
|
||||
|
||||
#[derive(Debug, ThisError, AsRefStr)]
|
||||
pub enum LockError {
|
||||
#[error("App is not unlocked")]
|
||||
NotUnlocked,
|
||||
#[error("Database error: {0}")]
|
||||
DbError(#[from] SqlxError),
|
||||
#[error(transparent)]
|
||||
Setup(#[from] SetupError),
|
||||
#[error(transparent)]
|
||||
TauriError(#[from] tauri::Error),
|
||||
}
|
||||
|
||||
|
||||
#[derive(Debug, ThisError, AsRefStr)]
|
||||
pub enum CryptoError {
|
||||
#[error(transparent)]
|
||||
@ -344,11 +372,11 @@ impl Serialize for SerializeWrapper<&GetSessionTokenError> {
|
||||
}
|
||||
|
||||
|
||||
|
||||
impl_serialize_basic!(SetupError);
|
||||
impl_serialize_basic!(GetCredentialsError);
|
||||
impl_serialize_basic!(ClientInfoError);
|
||||
impl_serialize_basic!(WindowError);
|
||||
impl_serialize_basic!(LockError);
|
||||
|
||||
|
||||
impl Serialize for HandlerError {
|
||||
|
||||
@ -21,6 +21,7 @@ pub struct AwsRequestNotification {
|
||||
pub struct RequestResponse {
|
||||
pub id: u64,
|
||||
pub approval: Approval,
|
||||
pub base: bool,
|
||||
}
|
||||
|
||||
|
||||
@ -55,6 +56,13 @@ pub async fn get_session_status(app_state: State<'_, AppState>) -> Result<String
|
||||
}
|
||||
|
||||
|
||||
#[tauri::command]
|
||||
pub async fn signal_activity(app_state: State<'_, AppState>) -> Result<(), ()> {
|
||||
app_state.signal_activity().await;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
#[tauri::command]
|
||||
pub async fn save_credentials(
|
||||
credentials: BaseCredentials,
|
||||
|
||||
@ -13,7 +13,7 @@ use creddy::{
|
||||
fn main() {
|
||||
let res = match cli::parser().get_matches().subcommand() {
|
||||
None | Some(("run", _)) => {
|
||||
app::run().error_popup("Creddy failed to start");
|
||||
app::run().error_popup("Creddy encountered an error");
|
||||
Ok(())
|
||||
},
|
||||
Some(("get", m)) => cli::get(m),
|
||||
|
||||
@ -43,6 +43,24 @@ pub enum Response {
|
||||
}
|
||||
|
||||
|
||||
struct CloseWaiter<'s> {
|
||||
stream: &'s mut Stream,
|
||||
}
|
||||
|
||||
impl<'s> CloseWaiter<'s> {
|
||||
async fn wait_for_close(&mut self) -> std::io::Result<()> {
|
||||
let mut buf = [0u8; 8];
|
||||
loop {
|
||||
match self.stream.read(&mut buf).await {
|
||||
Ok(0) => break Ok(()),
|
||||
Ok(_) => (),
|
||||
Err(e) => break Err(e),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
async fn handle(mut stream: Stream, app_handle: AppHandle, client_pid: u32) -> Result<(), HandlerError>
|
||||
{
|
||||
// read from stream until delimiter is reached
|
||||
@ -59,13 +77,21 @@ async fn handle(mut stream: Stream, app_handle: AppHandle, client_pid: u32) -> R
|
||||
}
|
||||
|
||||
let client = clientinfo::get_process_parent_info(client_pid)?;
|
||||
let waiter = CloseWaiter { stream: &mut stream };
|
||||
|
||||
let req: Request = serde_json::from_slice(&buf)?;
|
||||
let res = match req {
|
||||
Request::GetAwsCredentials{ base } => get_aws_credentials(base, client, app_handle).await,
|
||||
Request::GetAwsCredentials{ base } => get_aws_credentials(
|
||||
base, client, app_handle, waiter
|
||||
).await,
|
||||
Request::InvokeShortcut(action) => invoke_shortcut(action).await,
|
||||
};
|
||||
|
||||
// doesn't make sense to send the error to the client if the client has already left
|
||||
if let Err(HandlerError::Abandoned) = res {
|
||||
return Err(HandlerError::Abandoned);
|
||||
}
|
||||
|
||||
let res = serde_json::to_vec(&res).unwrap();
|
||||
stream.write_all(&res).await?;
|
||||
Ok(())
|
||||
@ -78,7 +104,12 @@ async fn invoke_shortcut(action: ShortcutAction) -> Result<Response, HandlerErro
|
||||
}
|
||||
|
||||
|
||||
async fn get_aws_credentials(base: bool, client: Client, app_handle: AppHandle) -> Result<Response, HandlerError> {
|
||||
async fn get_aws_credentials(
|
||||
base: bool,
|
||||
client: Client,
|
||||
app_handle: AppHandle,
|
||||
mut waiter: CloseWaiter<'_>,
|
||||
) -> Result<Response, HandlerError> {
|
||||
let state = app_handle.state::<AppState>();
|
||||
let rehide_ms = {
|
||||
let config = state.config.read().await;
|
||||
@ -95,11 +126,19 @@ async fn get_aws_credentials(base: bool, client: Client, app_handle: AppHandle)
|
||||
// so we bundle it all up in an async block and return a Result so we can handle errors
|
||||
let proceed = async {
|
||||
let notification = AwsRequestNotification {id: request_id, client, base};
|
||||
app_handle.emit_all("credentials-request", ¬ification)?;
|
||||
app_handle.emit("credentials-request", ¬ification)?;
|
||||
|
||||
match chan_recv.await {
|
||||
Ok(Approval::Approved) => {
|
||||
if base {
|
||||
let response = tokio::select! {
|
||||
r = chan_recv => r?,
|
||||
_ = waiter.wait_for_close() => {
|
||||
app_handle.emit("request-cancelled", request_id)?;
|
||||
return Err(HandlerError::Abandoned);
|
||||
},
|
||||
};
|
||||
|
||||
match response.approval {
|
||||
Approval::Approved => {
|
||||
if response.base {
|
||||
let creds = state.base_creds_cloned().await?;
|
||||
Ok(Response::Aws(Credentials::Base(creds)))
|
||||
}
|
||||
@ -108,8 +147,7 @@ async fn get_aws_credentials(base: bool, client: Client, app_handle: AppHandle)
|
||||
Ok(Response::Aws(Credentials::Session(creds)))
|
||||
}
|
||||
},
|
||||
Ok(Approval::Denied) => Err(HandlerError::Denied),
|
||||
Err(_e) => Err(HandlerError::Internal),
|
||||
Approval::Denied => Err(HandlerError::Denied),
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
@ -2,7 +2,6 @@ use std::io::ErrorKind;
|
||||
use tokio::net::{UnixListener, UnixStream};
|
||||
use tauri::{
|
||||
AppHandle,
|
||||
Manager,
|
||||
async_runtime as rt,
|
||||
};
|
||||
|
||||
@ -41,7 +40,7 @@ impl Server {
|
||||
|
||||
async fn try_serve(&self) -> Result<(), HandlerError> {
|
||||
let (stream, _addr) = self.listener.accept().await?;
|
||||
let new_handle = self.app_handle.app_handle();
|
||||
let new_handle = self.app_handle.clone();
|
||||
let client_pid = get_client_pid(&stream)?;
|
||||
rt::spawn(async move {
|
||||
super::handle(stream, new_handle, client_pid)
|
||||
|
||||
@ -1,11 +1,10 @@
|
||||
use tokio::{
|
||||
net::windows::named_pipe::{
|
||||
NamedPipeServer,
|
||||
ServerOptions,
|
||||
},
|
||||
sync::oneshot,
|
||||
use tokio::net::windows::named_pipe::{
|
||||
NamedPipeServer,
|
||||
ServerOptions,
|
||||
};
|
||||
|
||||
use tauri::{AppHandle, Manager};
|
||||
|
||||
use windows::Win32:: {
|
||||
Foundation::HANDLE,
|
||||
System::Pipes::GetNamedPipeClientProcessId,
|
||||
@ -52,11 +51,11 @@ impl Server {
|
||||
|
||||
// create a new pipe instance to listen for the next client, and swap it in
|
||||
let new_listener = ServerOptions::new().create(r"\\.\pipe\creddy-requests")?;
|
||||
let mut stream = std::mem::replace(&mut self.listener, new_listener);
|
||||
let new_handle = self.app_handle.app_handle();
|
||||
let stream = std::mem::replace(&mut self.listener, new_listener);
|
||||
let new_handle = self.app_handle.clone();
|
||||
let client_pid = get_client_pid(&stream)?;
|
||||
rt::spawn(async move {
|
||||
super::handle(stream, app_handle)
|
||||
super::handle(stream, new_handle, client_pid)
|
||||
.await
|
||||
.error_print_prefix("Error responding to request: ");
|
||||
});
|
||||
@ -71,5 +70,5 @@ fn get_client_pid(pipe: &NamedPipeServer) -> Result<u32, ClientInfoError> {
|
||||
let mut pid = 0u32;
|
||||
let handle = HANDLE(raw_handle as _);
|
||||
unsafe { GetNamedPipeClientProcessId(handle, &mut pid as *mut u32)? };
|
||||
pid
|
||||
Ok(pid)
|
||||
}
|
||||
|
||||
@ -1,12 +1,13 @@
|
||||
use serde::{Serialize, Deserialize};
|
||||
|
||||
use tauri::{
|
||||
GlobalShortcutManager,
|
||||
Manager,
|
||||
async_runtime as rt,
|
||||
use tauri::async_runtime as rt;
|
||||
|
||||
use tauri_plugin_global_shortcut::{
|
||||
GlobalShortcutExt,
|
||||
Error as ShortcutError,
|
||||
};
|
||||
|
||||
use crate::app::APP;
|
||||
use crate::app::{self, APP};
|
||||
use crate::config::HotkeysConfig;
|
||||
use crate::errors::*;
|
||||
use crate::terminal;
|
||||
@ -21,38 +22,46 @@ pub enum ShortcutAction {
|
||||
|
||||
pub fn exec_shortcut(action: ShortcutAction) {
|
||||
match action {
|
||||
ShortcutAction::LaunchTerminal => launch_terminal(),
|
||||
ShortcutAction::ShowWindow => {
|
||||
let app = APP.get().unwrap();
|
||||
app.get_window("main")
|
||||
.ok_or("Couldn't find application main window")
|
||||
.map(|w| w.show().error_popup("Failed to show window"))
|
||||
.error_popup("Failed to show window");
|
||||
},
|
||||
ShortcutAction::LaunchTerminal => {
|
||||
rt::spawn(async {
|
||||
terminal::launch(false).await.error_popup("Failed to launch terminal");
|
||||
});
|
||||
app::show_main_window(app)
|
||||
.error_popup("Failed to show Creddy");
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
pub fn register_hotkeys(hotkeys: &HotkeysConfig) -> tauri::Result<()> {
|
||||
fn launch_terminal() {
|
||||
rt::spawn(async {
|
||||
terminal::launch(false)
|
||||
.await
|
||||
.error_popup("Failed to launch terminal")
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
pub fn register_hotkeys(hotkeys: &HotkeysConfig) -> Result<(), ShortcutError> {
|
||||
let app = APP.get().unwrap();
|
||||
let mut manager = app.global_shortcut_manager();
|
||||
manager.unregister_all()?;
|
||||
let shortcuts = app.global_shortcut();
|
||||
shortcuts.unregister_all([
|
||||
hotkeys.show_window.keys.as_str(),
|
||||
hotkeys.launch_terminal.keys.as_str(),
|
||||
])?;
|
||||
|
||||
if hotkeys.show_window.enabled {
|
||||
manager.register(
|
||||
&hotkeys.show_window.keys,
|
||||
|| exec_shortcut(ShortcutAction::ShowWindow)
|
||||
shortcuts.on_shortcut(
|
||||
hotkeys.show_window.keys.as_str(),
|
||||
|app, _shortcut, _event| {
|
||||
app::show_main_window(app).error_popup("Failed to show Creddy")
|
||||
}
|
||||
)?;
|
||||
}
|
||||
|
||||
if hotkeys.launch_terminal.enabled {
|
||||
manager.register(
|
||||
&hotkeys.launch_terminal.keys,
|
||||
|| exec_shortcut(ShortcutAction::LaunchTerminal)
|
||||
shortcuts.on_shortcut(
|
||||
hotkeys.launch_terminal.keys.as_str(),
|
||||
|_app, _shortcut, _event| launch_terminal()
|
||||
)?;
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
use std::collections::HashMap;
|
||||
use std::time::Duration;
|
||||
use time::OffsetDateTime;
|
||||
|
||||
use tokio::{
|
||||
sync::RwLock,
|
||||
@ -11,13 +12,14 @@ use tauri::{
|
||||
async_runtime as rt,
|
||||
};
|
||||
|
||||
use crate::app;
|
||||
use crate::credentials::{
|
||||
Session,
|
||||
BaseCredentials,
|
||||
SessionCredentials,
|
||||
};
|
||||
use crate::{config, config::AppConfig};
|
||||
use crate::ipc::{self, Approval};
|
||||
use crate::ipc::{self, Approval, RequestResponse};
|
||||
use crate::errors::*;
|
||||
use crate::shortcuts;
|
||||
|
||||
@ -35,35 +37,43 @@ impl Visibility {
|
||||
|
||||
fn acquire(&mut self, delay_ms: u64) -> Result<VisibilityLease, WindowError> {
|
||||
let app = crate::app::APP.get().unwrap();
|
||||
let window = app.get_window("main")
|
||||
let window = app.get_webview_window("main")
|
||||
.ok_or(WindowError::NoMainWindow)?;
|
||||
|
||||
self.leases += 1;
|
||||
// `original` represents the visibility of the window before any leases were acquired
|
||||
// None means we don't know, Some(false) means it was previously hidden,
|
||||
// Some(true) means it was previously visible
|
||||
let is_visible = window.is_visible()?;
|
||||
if self.original.is_none() {
|
||||
let is_visible = window.is_visible()?;
|
||||
self.original = Some(is_visible);
|
||||
if !is_visible {
|
||||
window.show()?;
|
||||
}
|
||||
}
|
||||
|
||||
let state = app.state::<AppState>();
|
||||
if is_visible && state.desktop_is_gnome {
|
||||
// Gnome has a really annoying "focus-stealing prevention" behavior means we
|
||||
// can't just pop up when the window is already visible, so to work around it
|
||||
// we hide and then immediately unhide the window
|
||||
window.hide()?;
|
||||
}
|
||||
app::show_main_window(&app)?;
|
||||
window.set_focus()?;
|
||||
|
||||
let (tx, rx) = oneshot::channel();
|
||||
let lease = VisibilityLease { notify: tx };
|
||||
|
||||
let delay = Duration::from_millis(delay_ms);
|
||||
let handle = app.app_handle();
|
||||
rt::spawn(async move {
|
||||
// We don't care if it's an error; lease being dropped should be handled identically
|
||||
let _ = rx.await;
|
||||
tokio::time::sleep(delay).await;
|
||||
// we can't use `self` here because we would have to move it into the async block
|
||||
let state = handle.state::<AppState>();
|
||||
let state = app.state::<AppState>();
|
||||
let mut visibility = state.visibility.write().await;
|
||||
visibility.leases -= 1;
|
||||
if visibility.leases == 0 {
|
||||
if let Some(false) = visibility.original {
|
||||
window.hide().error_print();
|
||||
app::hide_main_window(app).error_print();
|
||||
}
|
||||
visibility.original = None;
|
||||
}
|
||||
@ -92,11 +102,13 @@ impl VisibilityLease {
|
||||
pub struct AppState {
|
||||
pub config: RwLock<AppConfig>,
|
||||
pub session: RwLock<Session>,
|
||||
pub last_activity: RwLock<OffsetDateTime>,
|
||||
pub request_count: RwLock<u64>,
|
||||
pub waiting_requests: RwLock<HashMap<u64, Sender<Approval>>>,
|
||||
pub waiting_requests: RwLock<HashMap<u64, Sender<RequestResponse>>>,
|
||||
pub pending_terminal_request: RwLock<bool>,
|
||||
// setup_errors is never modified and so doesn't need to be wrapped in RwLock
|
||||
// these are never modified and so don't need to be wrapped in RwLocks
|
||||
pub setup_errors: Vec<String>,
|
||||
pub desktop_is_gnome: bool,
|
||||
pool: sqlx::SqlitePool,
|
||||
visibility: RwLock<Visibility>,
|
||||
}
|
||||
@ -107,14 +119,17 @@ impl AppState {
|
||||
session: Session,
|
||||
pool: SqlitePool,
|
||||
setup_errors: Vec<String>,
|
||||
desktop_is_gnome: bool,
|
||||
) -> AppState {
|
||||
AppState {
|
||||
config: RwLock::new(config),
|
||||
session: RwLock::new(session),
|
||||
last_activity: RwLock::new(OffsetDateTime::now_utc()),
|
||||
request_count: RwLock::new(0),
|
||||
waiting_requests: RwLock::new(HashMap::new()),
|
||||
pending_terminal_request: RwLock::new(false),
|
||||
setup_errors,
|
||||
desktop_is_gnome,
|
||||
pool,
|
||||
visibility: RwLock::new(Visibility::new()),
|
||||
}
|
||||
@ -149,7 +164,7 @@ impl AppState {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub async fn register_request(&self, sender: Sender<Approval>) -> u64 {
|
||||
pub async fn register_request(&self, sender: Sender<RequestResponse>) -> u64 {
|
||||
let count = {
|
||||
let mut c = self.request_count.write().await;
|
||||
*c += 1;
|
||||
@ -181,7 +196,7 @@ impl AppState {
|
||||
waiting_requests
|
||||
.remove(&response.id)
|
||||
.ok_or(SendResponseError::NotFound)?
|
||||
.send(response.approval)
|
||||
.send(response)
|
||||
.map_err(|_| SendResponseError::Abandoned)
|
||||
}
|
||||
|
||||
@ -197,6 +212,38 @@ impl AppState {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub async fn lock(&self) -> Result<(), LockError> {
|
||||
let mut session = self.session.write().await;
|
||||
match *session {
|
||||
Session::Empty => Err(LockError::NotUnlocked),
|
||||
Session::Locked(_) => Err(LockError::NotUnlocked),
|
||||
Session::Unlocked{..} => {
|
||||
*session = Session::load(&self.pool).await?;
|
||||
|
||||
let app_handle = app::APP.get().unwrap();
|
||||
app_handle.emit("locked", None::<usize>)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn signal_activity(&self) {
|
||||
let mut last_activity = self.last_activity.write().await;
|
||||
*last_activity = OffsetDateTime::now_utc();
|
||||
}
|
||||
|
||||
pub async fn should_auto_lock(&self) -> bool {
|
||||
let config = self.config.read().await;
|
||||
if !config.auto_lock || !self.is_unlocked().await {
|
||||
return false;
|
||||
}
|
||||
|
||||
let last_activity = self.last_activity.read().await;
|
||||
let elapsed = OffsetDateTime::now_utc() - *last_activity;
|
||||
elapsed >= config.lock_after
|
||||
}
|
||||
|
||||
pub async fn is_unlocked(&self) -> bool {
|
||||
let session = self.session.read().await;
|
||||
matches!(*session, Session::Unlocked{..})
|
||||
@ -210,7 +257,7 @@ impl AppState {
|
||||
|
||||
pub async fn session_creds_cloned(&self) -> Result<SessionCredentials, GetCredentialsError> {
|
||||
let app_session = self.session.read().await;
|
||||
let (_bsae, session) = app_session.try_get()?;
|
||||
let (_base, session) = app_session.try_get()?;
|
||||
Ok(session.clone())
|
||||
}
|
||||
|
||||
|
||||
@ -23,16 +23,16 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> {
|
||||
cmd
|
||||
};
|
||||
|
||||
// if session is unlocked or empty, wait for credentials from frontend
|
||||
// if session is locked or empty, wait for credentials from frontend
|
||||
if !state.is_unlocked().await {
|
||||
app.emit_all("launch-terminal-request", ())?;
|
||||
app.emit("launch-terminal-request", ())?;
|
||||
let lease = state.acquire_visibility_lease(0).await
|
||||
.map_err(|_e| LaunchTerminalError::NoMainWindow)?; // automate conversion eventually?
|
||||
|
||||
let (tx, rx) = tokio::sync::oneshot::channel();
|
||||
app.once_global("credentials-event", move |e| {
|
||||
app.once("credentials-event", move |e| {
|
||||
let success = match e.payload() {
|
||||
Some("\"unlocked\"") | Some("\"entered\"") => true,
|
||||
"\"unlocked\"" | "\"entered\"" => true,
|
||||
_ => false,
|
||||
};
|
||||
let _ = tx.send(success);
|
||||
|
||||
@ -1,36 +1,49 @@
|
||||
use tauri::{
|
||||
App,
|
||||
AppHandle,
|
||||
Manager,
|
||||
SystemTray,
|
||||
SystemTrayEvent,
|
||||
SystemTrayMenu,
|
||||
CustomMenuItem,
|
||||
async_runtime as rt,
|
||||
};
|
||||
use tauri::menu::{
|
||||
MenuBuilder,
|
||||
MenuEvent,
|
||||
MenuItemBuilder,
|
||||
};
|
||||
|
||||
use crate::app;
|
||||
use crate::state::AppState;
|
||||
|
||||
pub fn create() -> SystemTray {
|
||||
let show = CustomMenuItem::new("show".to_string(), "Show");
|
||||
let quit = CustomMenuItem::new("exit".to_string(), "Exit");
|
||||
|
||||
let menu = SystemTrayMenu::new()
|
||||
.add_item(show)
|
||||
.add_item(quit);
|
||||
pub fn setup(app: &App) -> tauri::Result<()> {
|
||||
let show_hide = MenuItemBuilder::with_id("show_hide", "Show").build(app)?;
|
||||
let exit = MenuItemBuilder::with_id("exit", "Exit").build(app)?;
|
||||
|
||||
SystemTray::new().with_menu(menu)
|
||||
let menu = MenuBuilder::new(app)
|
||||
.items(&[&show_hide, &exit])
|
||||
.build()?;
|
||||
|
||||
let tray = app.tray_by_id("main").unwrap();
|
||||
tray.set_menu(Some(menu))?;
|
||||
tray.on_menu_event(handle_event);
|
||||
|
||||
// stash this so we can find it later to change the text
|
||||
app.manage(show_hide);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
pub fn handle_event(app: &AppHandle, event: SystemTrayEvent) {
|
||||
match event {
|
||||
SystemTrayEvent::MenuItemClick{ id, .. } => {
|
||||
match id.as_str() {
|
||||
"exit" => app.exit(0),
|
||||
"show" => {
|
||||
let _ = app.get_window("main").map(|w| w.show());
|
||||
}
|
||||
_ => (),
|
||||
}
|
||||
}
|
||||
fn handle_event(app_handle: &AppHandle, event: MenuEvent) {
|
||||
match event.id.0.as_str() {
|
||||
"exit" => app_handle.exit(0),
|
||||
"show_hide" => {
|
||||
let _ = app::toggle_main_window(app_handle);
|
||||
let new_handle = app_handle.clone();
|
||||
rt::spawn(async move {
|
||||
let state = new_handle.state::<AppState>();
|
||||
state.signal_activity().await;
|
||||
});
|
||||
},
|
||||
_ => (),
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,64 +3,57 @@
|
||||
"build": {
|
||||
"beforeBuildCommand": "npm run build",
|
||||
"beforeDevCommand": "npm run dev",
|
||||
"devPath": "http://localhost:5173",
|
||||
"distDir": "../dist"
|
||||
"frontendDist": "../dist",
|
||||
"devUrl": "http://localhost:5173"
|
||||
},
|
||||
"package": {
|
||||
"productName": "creddy",
|
||||
"version": "0.4.0"
|
||||
},
|
||||
"tauri": {
|
||||
"allowlist": {
|
||||
"os": {"all": true},
|
||||
"dialog": {"open": true}
|
||||
"bundle": {
|
||||
"active": true,
|
||||
"category": "DeveloperTool",
|
||||
"copyright": "",
|
||||
"targets": "all",
|
||||
"externalBin": [],
|
||||
"icon": [
|
||||
"icons/32x32.png",
|
||||
"icons/128x128.png",
|
||||
"icons/128x128@2x.png",
|
||||
"icons/icon.icns",
|
||||
"icons/icon.ico"
|
||||
],
|
||||
"windows": {
|
||||
"certificateThumbprint": null,
|
||||
"digestAlgorithm": "sha256",
|
||||
"timestampUrl": "",
|
||||
"wix": {
|
||||
"fragmentPaths": [
|
||||
"conf/cli.wxs"
|
||||
],
|
||||
"componentRefs": [
|
||||
"CliBinary",
|
||||
"AddToPath"
|
||||
]
|
||||
}
|
||||
},
|
||||
"bundle": {
|
||||
"active": true,
|
||||
"category": "DeveloperTool",
|
||||
"copyright": "",
|
||||
"longDescription": "",
|
||||
"macOS": {
|
||||
"entitlements": null,
|
||||
"exceptionDomain": "",
|
||||
"frameworks": [],
|
||||
"providerShortName": null,
|
||||
"signingIdentity": null
|
||||
},
|
||||
"resources": [],
|
||||
"shortDescription": "",
|
||||
"linux": {
|
||||
"deb": {
|
||||
"depends": []
|
||||
},
|
||||
"externalBin": [],
|
||||
"icon": [
|
||||
"icons/32x32.png",
|
||||
"icons/128x128.png",
|
||||
"icons/128x128@2x.png",
|
||||
"icons/icon.icns",
|
||||
"icons/icon.ico"
|
||||
],
|
||||
"identifier": "creddy",
|
||||
"longDescription": "",
|
||||
"macOS": {
|
||||
"entitlements": null,
|
||||
"exceptionDomain": "",
|
||||
"frameworks": [],
|
||||
"providerShortName": null,
|
||||
"signingIdentity": null
|
||||
},
|
||||
"resources": [],
|
||||
"shortDescription": "",
|
||||
"targets": "all",
|
||||
"windows": {
|
||||
"certificateThumbprint": null,
|
||||
"digestAlgorithm": "sha256",
|
||||
"timestampUrl": "",
|
||||
"wix": {
|
||||
"fragmentPaths": ["conf/cli.wxs"],
|
||||
"componentRefs": ["CliBinary", "AddToPath"]
|
||||
}
|
||||
}
|
||||
},
|
||||
"security": {
|
||||
"csp": {
|
||||
"default-src": ["'self'"],
|
||||
"style-src": ["'self'", "'unsafe-inline'"]
|
||||
}
|
||||
},
|
||||
"updater": {
|
||||
"active": false
|
||||
},
|
||||
}
|
||||
},
|
||||
"productName": "creddy",
|
||||
"version": "0.4.9",
|
||||
"identifier": "creddy",
|
||||
"plugins": {},
|
||||
"app": {
|
||||
"windows": [
|
||||
{
|
||||
"fullscreen": false,
|
||||
@ -72,9 +65,24 @@
|
||||
"visible": false
|
||||
}
|
||||
],
|
||||
"systemTray": {
|
||||
"trayIcon": {
|
||||
"id": "main",
|
||||
"iconPath": "icons/icon.png",
|
||||
"iconAsTemplate": true
|
||||
},
|
||||
"security": {
|
||||
"csp": {
|
||||
"style-src": [
|
||||
"'self'",
|
||||
"'unsafe-inline'"
|
||||
],
|
||||
"default-src": [
|
||||
"'self'"
|
||||
],
|
||||
"connect-src": [
|
||||
"ipc: http://ipc.localhost"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +1,10 @@
|
||||
<script>
|
||||
import { onMount } from 'svelte';
|
||||
import { listen } from '@tauri-apps/api/event';
|
||||
import { invoke } from '@tauri-apps/api/tauri';
|
||||
import { invoke } from '@tauri-apps/api/core';
|
||||
import { getVersion } from '@tauri-apps/api/app';
|
||||
|
||||
import { appState, acceptRequest } from './lib/state.js';
|
||||
import { appState, acceptRequest, cleanupRequest } from './lib/state.js';
|
||||
import { views, currentView, navigate } from './lib/routing.js';
|
||||
|
||||
|
||||
@ -11,11 +12,23 @@ $views = import.meta.glob('./views/*.svelte', {eager: true});
|
||||
navigate('Home');
|
||||
|
||||
invoke('get_config').then(config => $appState.config = config);
|
||||
invoke('get_session_status').then(status => $appState.credentialStatus = status);
|
||||
getVersion().then(version => $appState.appVersion = version);
|
||||
|
||||
listen('credentials-request', (tauriEvent) => {
|
||||
$appState.pendingRequests.put(tauriEvent.payload);
|
||||
});
|
||||
|
||||
listen('request-cancelled', (tauriEvent) => {
|
||||
const id = tauriEvent.payload;
|
||||
if (id === $appState.currentRequest?.id) {
|
||||
cleanupRequest();
|
||||
}
|
||||
else {
|
||||
const found = $appState.pendingRequests.find_remove(r => r.id === id);
|
||||
}
|
||||
});
|
||||
|
||||
listen('launch-terminal-request', async (tauriEvent) => {
|
||||
if ($appState.currentRequest === null) {
|
||||
let status = await invoke('get_session_status');
|
||||
@ -30,6 +43,10 @@ listen('launch-terminal-request', async (tauriEvent) => {
|
||||
}
|
||||
});
|
||||
|
||||
listen('locked', () => {
|
||||
$appState.credentialStatus = 'locked';
|
||||
});
|
||||
|
||||
invoke('get_setup_errors')
|
||||
.then(errs => {
|
||||
$appState.setupErrors = errs.map(e => ({msg: e, show: true}));
|
||||
@ -39,4 +56,9 @@ acceptRequest();
|
||||
</script>
|
||||
|
||||
|
||||
<svelte:window
|
||||
on:click={() => invoke('signal_activity')}
|
||||
on:keydown={() => invoke('signal_activity')}
|
||||
/>
|
||||
|
||||
<svelte:component this="{$currentView}" />
|
||||
|
||||
@ -30,5 +30,15 @@ export default function() {
|
||||
|
||||
return this.items.shift();
|
||||
},
|
||||
|
||||
find_remove(pred) {
|
||||
for (let i=0; i<this.items.length; i++) {
|
||||
if (pred(this.items[i])) {
|
||||
this.items.splice(i, 1);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
},
|
||||
}
|
||||
}
|
||||
@ -9,6 +9,7 @@ export let appState = writable({
|
||||
pendingRequests: queue(),
|
||||
credentialStatus: 'locked',
|
||||
setupErrors: [],
|
||||
appVersion: '',
|
||||
});
|
||||
|
||||
|
||||
@ -23,7 +24,7 @@ export async function acceptRequest() {
|
||||
}
|
||||
|
||||
|
||||
export function completeRequest() {
|
||||
export function cleanupRequest() {
|
||||
appState.update($appState => {
|
||||
$appState.currentRequest = null;
|
||||
return $appState;
|
||||
|
||||
@ -5,3 +5,8 @@
|
||||
.btn-alert-error {
|
||||
@apply bg-transparent hover:bg-[#cd5a5a] border border-error-content text-error-content
|
||||
}
|
||||
|
||||
/* I like alert icons to be top-aligned */
|
||||
.alert > :where(*) {
|
||||
align-items: flex-start;
|
||||
}
|
||||
|
||||
@ -1,13 +1,15 @@
|
||||
<script>
|
||||
export let keys;
|
||||
let classes = '';
|
||||
export {classes as class};
|
||||
</script>
|
||||
|
||||
|
||||
<div class="flex gap-x-[0.2em] items-center">
|
||||
<span class="inline-flex gap-x-[0.2em] items-center {classes}">
|
||||
{#each keys as key, i}
|
||||
{#if i > 0}
|
||||
<span class="mt-[-0.1em]">+</span>
|
||||
{/if}
|
||||
<kbd class="normal-case px-1 py-0.5 rounded border border-neutral">{key}</kbd>
|
||||
{/each}
|
||||
</div>
|
||||
</span>
|
||||
|
||||
@ -21,15 +21,15 @@
|
||||
throw(`Link target is not a string or a function: ${target}`)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
function handleHotkey(event) {
|
||||
if (!hotkey) return;
|
||||
if (ctrl && !event.ctrlKey) return;
|
||||
if (alt && !event.altKey) return;
|
||||
if (shift && !event.shiftKey) return;
|
||||
|
||||
if (event.key === hotkey) {
|
||||
if (
|
||||
hotkey === event.key
|
||||
&& ctrl === event.ctrlKey
|
||||
&& alt === event.altKey
|
||||
&& shift === event.shiftKey
|
||||
) {
|
||||
click();
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<script>
|
||||
import { createEventDispatcher } from 'svelte';
|
||||
import { open } from '@tauri-apps/api/dialog';
|
||||
import { open } from '@tauri-apps/plugin-dialog';
|
||||
import Setting from './Setting.svelte';
|
||||
|
||||
export let title;
|
||||
|
||||
92
src/ui/settings/TimeSetting.svelte
Normal file
92
src/ui/settings/TimeSetting.svelte
Normal file
@ -0,0 +1,92 @@
|
||||
<script>
|
||||
import Setting from './Setting.svelte';
|
||||
|
||||
import { createEventDispatcher } from 'svelte';
|
||||
const dispatch = createEventDispatcher();
|
||||
|
||||
|
||||
export let title;
|
||||
// seconds are required
|
||||
export let seconds;
|
||||
|
||||
export let min = 0;
|
||||
export let max = null;
|
||||
|
||||
// best unit is the unit that results in the smallest non-fractional number
|
||||
let unit = null;
|
||||
|
||||
const UNITS = {
|
||||
Seconds: 1,
|
||||
Minutes: 60,
|
||||
Hours: 3600,
|
||||
Days: 86400,
|
||||
};
|
||||
|
||||
if (unit === null) {
|
||||
let min = Infinity;
|
||||
let bestUnit = null;
|
||||
for (const [u, multiplier] of Object.entries(UNITS)) {
|
||||
const v = seconds / multiplier;
|
||||
if (v < min && v >= 1) {
|
||||
min = v;
|
||||
bestUnit = u;
|
||||
}
|
||||
}
|
||||
unit = bestUnit;
|
||||
}
|
||||
|
||||
|
||||
// local value is only one-way synced to value so that we can better handle changes
|
||||
$: localValue = (seconds / UNITS[unit]).toString();
|
||||
let error = null;
|
||||
|
||||
function updateValue() {
|
||||
localValue = localValue.replace(/[^0-9.]/g, '');
|
||||
// Don't update the value, but also don't error, if it's empty,
|
||||
// or if it could be the start of a float
|
||||
if (localValue === '' || localValue === '.') {
|
||||
error = null;
|
||||
return;
|
||||
}
|
||||
|
||||
const num = parseFloat(localValue);
|
||||
if (num < 0) {
|
||||
error = `${num} is not a valid duration`
|
||||
}
|
||||
else if (min !== null && num < min) {
|
||||
error = `Too low (minimum ${min * UNITS[unit]}`;
|
||||
}
|
||||
else if (max !== null & num > max) {
|
||||
error = `Too high (maximum ${max * UNITS[unit]}`;
|
||||
}
|
||||
else {
|
||||
error = null;
|
||||
seconds = Math.round(num * UNITS[unit]);
|
||||
dispatch('update', {seconds});
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
|
||||
<Setting {title}>
|
||||
<div slot="input">
|
||||
<select class="select select-bordered select-sm mr-2" bind:value={unit}>
|
||||
{#each Object.keys(UNITS) as u}
|
||||
<option selected={u === unit || null}>{u}</option>
|
||||
{/each}
|
||||
</select>
|
||||
|
||||
<div class="tooltip tooltip-error" class:tooltip-open={error !== null} data-tip={error}>
|
||||
<input
|
||||
type="text"
|
||||
class="input input-sm input-bordered text-right"
|
||||
size={Math.max(5, localValue.length)}
|
||||
class:input-error={error}
|
||||
bind:value={localValue}
|
||||
on:input={updateValue}
|
||||
>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<slot name="description" slot="description"></slot>
|
||||
</Setting>
|
||||
@ -3,3 +3,4 @@ export { default as ToggleSetting } from './ToggleSetting.svelte';
|
||||
export { default as NumericSetting } from './NumericSetting.svelte';
|
||||
export { default as FileSetting } from './FileSetting.svelte';
|
||||
export { default as TextSetting } from './TextSetting.svelte';
|
||||
export { default as TimeSetting } from './TimeSetting.svelte';
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
<script>
|
||||
import { onMount } from 'svelte';
|
||||
import { invoke } from '@tauri-apps/api/tauri';
|
||||
import { invoke } from '@tauri-apps/api/core';
|
||||
|
||||
import { navigate } from '../lib/routing.js';
|
||||
import { appState, completeRequest } from '../lib/state.js';
|
||||
import { appState, cleanupRequest } from '../lib/state.js';
|
||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
||||
import Link from '../ui/Link.svelte';
|
||||
import KeyCombo from '../ui/KeyCombo.svelte';
|
||||
@ -12,9 +12,12 @@
|
||||
// Send response to backend, display error if applicable
|
||||
let error, alert;
|
||||
async function respond() {
|
||||
let {id, approval} = $appState.currentRequest;
|
||||
const response = {
|
||||
id: $appState.currentRequest.id,
|
||||
...$appState.currentRequest.response,
|
||||
};
|
||||
try {
|
||||
await invoke('respond', {response: {id, approval}});
|
||||
await invoke('respond', {response});
|
||||
navigate('ShowResponse');
|
||||
}
|
||||
catch (e) {
|
||||
@ -26,8 +29,8 @@
|
||||
}
|
||||
|
||||
// Approval has one of several outcomes depending on current credential state
|
||||
async function approve() {
|
||||
$appState.currentRequest.approval = 'Approved';
|
||||
async function approve(base) {
|
||||
$appState.currentRequest.response = {approval: 'Approved', base};
|
||||
let status = await invoke('get_session_status');
|
||||
if (status === 'unlocked') {
|
||||
await respond();
|
||||
@ -42,7 +45,7 @@
|
||||
|
||||
// Denial has only one
|
||||
async function deny() {
|
||||
$appState.currentRequest.approval = 'Denied';
|
||||
$appState.currentRequest.response = {approval: 'Denied', base: false};
|
||||
await respond();
|
||||
}
|
||||
|
||||
@ -58,32 +61,32 @@
|
||||
|
||||
// if the request has already been approved/denied, send response immediately
|
||||
onMount(async () => {
|
||||
if ($appState.currentRequest.approval) {
|
||||
if ($appState.currentRequest.response) {
|
||||
await respond();
|
||||
}
|
||||
})
|
||||
});
|
||||
</script>
|
||||
|
||||
|
||||
<!-- Don't render at all if we're just going to immediately proceed to the next screen -->
|
||||
{#if error || !$appState.currentRequest.approval}
|
||||
{#if error || !$appState.currentRequest?.response}
|
||||
<div class="flex flex-col space-y-4 p-4 m-auto max-w-xl h-screen items-center justify-center">
|
||||
{#if error}
|
||||
<ErrorAlert bind:this={alert}>
|
||||
{error}
|
||||
{error.msg}
|
||||
<svelte:fragment slot="buttons">
|
||||
<button class="btn btn-sm btn-alert-error" on:click={completeRequest}>Cancel</button>
|
||||
<button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
|
||||
<button class="btn btn-sm btn-alert-error" on:click={respond}>Retry</button>
|
||||
</svelte:fragment>
|
||||
</ErrorAlert>
|
||||
{/if}
|
||||
|
||||
{#if $appState.currentRequest.base}
|
||||
{#if $appState.currentRequest?.base}
|
||||
<div class="alert alert-warning shadow-lg">
|
||||
<div>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
|
||||
<span>
|
||||
WARNING: This application is requesting your base (long-lived) AWS credentials.
|
||||
WARNING: This application is requesting your base AWS credentials.
|
||||
These credentials are less secure than session credentials, since they don't expire automatically.
|
||||
</span>
|
||||
</div>
|
||||
@ -101,20 +104,42 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="w-full flex justify-between">
|
||||
<Link target={deny} hotkey="Escape">
|
||||
<button class="btn btn-error justify-self-start">
|
||||
<span class="mr-2">Deny</span>
|
||||
<KeyCombo keys={['Esc']} />
|
||||
</button>
|
||||
</Link>
|
||||
<div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
|
||||
<!-- Don't display the option to approve with session credentials if base was specifically requested -->
|
||||
{#if !$appState.currentRequest?.base}
|
||||
<h3 class="font-semibold">
|
||||
Approve with session credentials
|
||||
</h3>
|
||||
<Link target={() => approve(false)} hotkey="Enter" shift={true}>
|
||||
<button class="w-full btn btn-success">
|
||||
<KeyCombo keys={['Shift', 'Enter']} />
|
||||
</button>
|
||||
</Link>
|
||||
{/if}
|
||||
|
||||
<Link target={approve} hotkey="Enter" shift="{true}">
|
||||
<button class="btn btn-success justify-self-end">
|
||||
<span class="mr-2">Approve</span>
|
||||
<KeyCombo keys={['Shift', 'Enter']} />
|
||||
</button>
|
||||
</Link>
|
||||
<h3 class="font-semibold">
|
||||
<span class="mr-2">
|
||||
{#if $appState.currentRequest?.base}
|
||||
Approve
|
||||
{:else}
|
||||
Approve with base credentials
|
||||
{/if}
|
||||
</span>
|
||||
</h3>
|
||||
<Link target={() => approve(true)} hotkey="Enter" shift={true} ctrl={true}>
|
||||
<button class="w-full btn btn-warning">
|
||||
<KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
|
||||
</button>
|
||||
</Link>
|
||||
|
||||
<h3 class="font-semibold">
|
||||
<span class="mr-2">Deny</span>
|
||||
</h3>
|
||||
<Link target={deny} hotkey="Escape">
|
||||
<button class="w-full btn btn-error">
|
||||
<KeyCombo keys={['Esc']} />
|
||||
</button>
|
||||
</Link>
|
||||
</div>
|
||||
</div>
|
||||
{/if}
|
||||
{/if}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<script>
|
||||
import { onMount } from 'svelte';
|
||||
import { invoke } from '@tauri-apps/api/tauri';
|
||||
import { invoke } from '@tauri-apps/api/core';
|
||||
import { emit } from '@tauri-apps/api/event';
|
||||
import { getRootCause } from '../lib/errors.js';
|
||||
|
||||
@ -33,6 +33,7 @@
|
||||
saving = true;
|
||||
await invoke('save_credentials', {credentials, passphrase});
|
||||
emit('credentials-event', 'entered');
|
||||
$appState.credentialStatus = 'unlocked';
|
||||
if ($appState.currentRequest) {
|
||||
navigate('Approve');
|
||||
}
|
||||
@ -41,13 +42,14 @@
|
||||
}
|
||||
}
|
||||
catch (e) {
|
||||
window.error = e;
|
||||
const root = getRootCause(e);
|
||||
if (e.code === 'GetSession' && root.code) {
|
||||
errorMsg = `Error response from AWS (${root.code}): ${root.msg}`;
|
||||
}
|
||||
else {
|
||||
errorMsg = e.msg;
|
||||
// some of the built-in Tauri errors are plain strings,
|
||||
// so fall back to e if e.msg doesn't exist
|
||||
errorMsg = e.msg || e;
|
||||
}
|
||||
|
||||
// if the alert already existed, shake it
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<script>
|
||||
import { onMount } from 'svelte';
|
||||
import { invoke } from '@tauri-apps/api/tauri';
|
||||
import { invoke } from '@tauri-apps/api/core';
|
||||
|
||||
import { appState } from '../lib/state.js';
|
||||
import { navigate } from '../lib/routing.js';
|
||||
@ -25,31 +25,29 @@
|
||||
<div class="flex flex-col h-screen items-center justify-center p-4 space-y-4">
|
||||
<div class="flex flex-col items-center space-y-4">
|
||||
{@html vaultDoorSvg}
|
||||
{#await invoke('get_session_status') then status}
|
||||
{#if status === 'locked'}
|
||||
{#if $appState.credentialStatus === 'locked'}
|
||||
|
||||
<h2 class="text-2xl font-bold">Creddy is locked</h2>
|
||||
<Link target="Unlock" hotkey="Enter" class="w-64">
|
||||
<button class="btn btn-primary w-full">Unlock</button>
|
||||
</Link>
|
||||
<h2 class="text-2xl font-bold">Creddy is locked</h2>
|
||||
<Link target="Unlock" hotkey="Enter" class="w-64">
|
||||
<button class="btn btn-primary w-full">Unlock</button>
|
||||
</Link>
|
||||
|
||||
{:else if status === 'unlocked'}
|
||||
<h2 class="text-2xl font-bold">Waiting for requests</h2>
|
||||
<button class="btn btn-primary w-full" on:click={launchTerminal}>
|
||||
Launch Terminal
|
||||
</button>
|
||||
<label class="label cursor-pointer flex items-center space-x-2">
|
||||
<input type="checkbox" class="checkbox checkbox-sm" bind:checked={launchBase}>
|
||||
<span class="label-text">Launch with base credentials</span>
|
||||
</label>
|
||||
{:else if $appState.credentialStatus === 'unlocked'}
|
||||
<h2 class="text-2xl font-bold">Waiting for requests</h2>
|
||||
<button class="btn btn-primary w-full" on:click={launchTerminal}>
|
||||
Launch Terminal
|
||||
</button>
|
||||
<label class="label cursor-pointer flex items-center space-x-2">
|
||||
<span class="label-text">Launch with long-lived credentials</span>
|
||||
<input type="checkbox" class="checkbox checkbox-sm" bind:checked={launchBase}>
|
||||
</label>
|
||||
|
||||
{:else if status === 'empty'}
|
||||
<h2 class="text-2xl font-bold">No credentials found</h2>
|
||||
<Link target="EnterCredentials" hotkey="Enter" class="w-64">
|
||||
<button class="btn btn-primary w-full">Enter Credentials</button>
|
||||
</Link>
|
||||
{/if}
|
||||
{/await}
|
||||
{:else if $appState.credentialStatus === 'empty'}
|
||||
<h2 class="text-2xl font-bold">No credentials found</h2>
|
||||
<Link target="EnterCredentials" hotkey="Enter" class="w-64">
|
||||
<button class="btn btn-primary w-full">Enter Credentials</button>
|
||||
</Link>
|
||||
{/if}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<script>
|
||||
import { invoke } from '@tauri-apps/api/tauri';
|
||||
import { type } from '@tauri-apps/api/os';
|
||||
import { invoke } from '@tauri-apps/api/core';
|
||||
import { type } from '@tauri-apps/plugin-os';
|
||||
|
||||
import { appState } from '../lib/state.js';
|
||||
import Nav from '../ui/Nav.svelte';
|
||||
@ -8,7 +8,7 @@
|
||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
||||
import SettingsGroup from '../ui/settings/SettingsGroup.svelte';
|
||||
import Keybind from '../ui/settings/Keybind.svelte';
|
||||
import { Setting, ToggleSetting, NumericSetting, FileSetting, TextSetting } from '../ui/settings';
|
||||
import { Setting, ToggleSetting, NumericSetting, FileSetting, TextSetting, TimeSetting } from '../ui/settings';
|
||||
|
||||
import { fly } from 'svelte/transition';
|
||||
import { backInOut } from 'svelte/easing';
|
||||
@ -38,7 +38,7 @@
|
||||
<h1 slot="title" class="text-2xl font-bold">Settings</h1>
|
||||
</Nav>
|
||||
|
||||
<div class="max-w-lg mx-auto mt-1.5 mb-24 p-4 space-y-16">
|
||||
<div class="max-w-lg mx-auto my-1.5 p-4 space-y-16">
|
||||
<SettingsGroup name="General">
|
||||
<ToggleSetting title="Start on login" bind:value={config.start_on_login}>
|
||||
<svelte:fragment slot="description">
|
||||
@ -60,6 +60,20 @@
|
||||
</svelte:fragment>
|
||||
</NumericSetting>
|
||||
|
||||
<ToggleSetting title="Lock when idle" bind:value={config.auto_lock}>
|
||||
<svelte:fragment slot="description">
|
||||
Automatically lock Creddy after a period of inactivity.
|
||||
</svelte:fragment>
|
||||
</ToggleSetting>
|
||||
|
||||
{#if config.auto_lock}
|
||||
<TimeSetting title="Idle timeout" bind:seconds={config.lock_after.secs}>
|
||||
<svelte:fragment slot="description">
|
||||
How long to wait before automatically locking.
|
||||
</svelte:fragment>
|
||||
</TimeSetting>
|
||||
{/if}
|
||||
|
||||
<Setting title="Update credentials">
|
||||
<Link slot="input" target="EnterCredentials">
|
||||
<button class="btn btn-sm btn-primary">Update</button>
|
||||
@ -91,6 +105,9 @@
|
||||
</div>
|
||||
</SettingsGroup>
|
||||
|
||||
<p class="text-sm text-right">
|
||||
Creddy {$appState.appVersion}
|
||||
</p>
|
||||
</div>
|
||||
|
||||
{#if error}
|
||||
@ -112,7 +129,7 @@
|
||||
|
||||
<div>
|
||||
<!-- <button class="btn btn-sm btn-ghost">Cancel</button> -->
|
||||
<buton class="btn btn-sm btn-primary" on:click={save}>Save</buton>
|
||||
<button class="btn btn-sm btn-primary" on:click={save}>Save</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
import { onMount } from 'svelte';
|
||||
import { draw, fade } from 'svelte/transition';
|
||||
|
||||
import { appState, completeRequest } from '../lib/state.js';
|
||||
import { appState, cleanupRequest } from '../lib/state.js';
|
||||
|
||||
let success = false;
|
||||
let error = null;
|
||||
@ -13,7 +13,7 @@
|
||||
|
||||
onMount(() => {
|
||||
window.setTimeout(
|
||||
completeRequest,
|
||||
cleanupRequest,
|
||||
// Extra 50ms so the window can finish disappearing before the redraw
|
||||
Math.min(5000, $appState.config.rehide_ms + 50),
|
||||
)
|
||||
@ -22,7 +22,7 @@
|
||||
|
||||
|
||||
<div class="flex flex-col h-screen items-center justify-center max-w-max m-auto">
|
||||
{#if $appState.currentRequest.approval === 'Approved'}
|
||||
{#if $appState.currentRequest.response.approval === 'Approved'}
|
||||
<svg xmlns="http://www.w3.org/2000/svg" class="w-36 h-36" fill="none" viewBox="0 0 24 24" stroke-width="1" stroke="currentColor">
|
||||
<path in:draw="{{duration: drawDuration}}" stroke-linecap="round" stroke-linejoin="round" d="M9 12.75L11.25 15 15 9.75M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
|
||||
</svg>
|
||||
@ -33,6 +33,6 @@
|
||||
{/if}
|
||||
|
||||
<div in:fade="{{duration: fadeDuration, delay: fadeDelay}}" class="text-2xl font-bold">
|
||||
{$appState.currentRequest.approval}!
|
||||
{$appState.currentRequest.response.approval}!
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
<script>
|
||||
import { invoke } from '@tauri-apps/api/tauri';
|
||||
import { invoke } from '@tauri-apps/api/core';
|
||||
import { emit } from '@tauri-apps/api/event';
|
||||
import { onMount } from 'svelte';
|
||||
|
||||
@ -55,7 +55,14 @@
|
||||
|
||||
function cancel() {
|
||||
emit('credentials-event', 'unlock-canceled');
|
||||
navigate('Home');
|
||||
if ($appState.currentRequest !== null) {
|
||||
// dirty hack to prevent spurious error when returning to approve screen
|
||||
delete $appState.currentRequest.response;
|
||||
navigate('Approve');
|
||||
}
|
||||
else {
|
||||
navigate('Home');
|
||||
}
|
||||
}
|
||||
|
||||
onMount(() => {
|
||||
|
||||
Reference in New Issue
Block a user