Compare commits
30 Commits
Author | SHA1 | Date | |
---|---|---|---|
295698e62f | |||
3b61aa924a | |||
02ba19d709 | |||
55801384eb | |||
27c2f467c4 | |||
cab5ec40cc | |||
5cf848f7fe | |||
a32e36be7e | |||
10231df860 | |||
ae93a57aab | |||
9fd355b68e | |||
00089d7efb | |||
0124f77f7b | |||
6711ce2c43 | |||
a3a11897c2 | |||
5e6542d08e | |||
f311fde74e | |||
acc5c71bfa | |||
504c0b4156 | |||
bf0a2ca72d | |||
bb980c5eef | |||
ce7d75f15a | |||
37b44ddb2e | |||
8c668e51a6 | |||
9928996fab | |||
d0a2532c27 | |||
0491cb5790 | |||
816bd7db00 | |||
b165965289 | |||
86896d68c2 |
4
.gitignore
vendored
4
.gitignore
vendored
@ -5,7 +5,3 @@ src-tauri/target/
|
|||||||
# .env is system-specific
|
# .env is system-specific
|
||||||
.env
|
.env
|
||||||
.vscode
|
.vscode
|
||||||
|
|
||||||
# just in case
|
|
||||||
credentials*
|
|
||||||
!credentials.rs
|
|
||||||
|
@ -2,11 +2,12 @@
|
|||||||
|
|
||||||
* ~~Switch to "process" provider for AWS credentials (much less hacky)~~
|
* ~~Switch to "process" provider for AWS credentials (much less hacky)~~
|
||||||
* ~~Frontend needs to react when request is cancelled from backend~~
|
* ~~Frontend needs to react when request is cancelled from backend~~
|
||||||
* Session timeout (plain duration, or activity-based?)
|
* ~~Session timeout~~
|
||||||
* Indicate on approval screen when additional requests are pending
|
|
||||||
* ~~Fix rehide behavior when new request comes in while old one is still being resolved~~
|
* ~~Fix rehide behavior when new request comes in while old one is still being resolved~~
|
||||||
* Additional hotkey configuration (approve/deny at the very least)
|
|
||||||
* ~~Switch tray menu item to Hide when window is visible~~
|
* ~~Switch tray menu item to Hide when window is visible~~
|
||||||
|
* Clear password input after unlock fails
|
||||||
|
* Indicate on approval screen when additional requests are pending
|
||||||
|
* Additional hotkey configuration (approve/deny at the very least)
|
||||||
* Logging
|
* Logging
|
||||||
* Icon
|
* Icon
|
||||||
* Auto-updates
|
* Auto-updates
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html lang="en" data-theme="dark">
|
<html lang="en" data-theme="creddy">
|
||||||
<head>
|
<head>
|
||||||
<meta charset="UTF-8" />
|
<meta charset="UTF-8" />
|
||||||
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
|
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
|
||||||
|
586
package-lock.json
generated
586
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
10
package.json
10
package.json
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "creddy",
|
"name": "creddy",
|
||||||
"version": "0.4.7",
|
"version": "0.5.4",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"dev": "vite",
|
"dev": "vite",
|
||||||
"build": "vite build",
|
"build": "vite build",
|
||||||
@ -9,7 +9,7 @@
|
|||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@sveltejs/vite-plugin-svelte": "^1.0.1",
|
"@sveltejs/vite-plugin-svelte": "^1.0.1",
|
||||||
"@tauri-apps/cli": "^1.0.5",
|
"@tauri-apps/cli": "^2.0.0-beta.20",
|
||||||
"autoprefixer": "^10.4.8",
|
"autoprefixer": "^10.4.8",
|
||||||
"postcss": "^8.4.16",
|
"postcss": "^8.4.16",
|
||||||
"svelte": "^3.49.0",
|
"svelte": "^3.49.0",
|
||||||
@ -17,7 +17,9 @@
|
|||||||
"vite": "^3.0.7"
|
"vite": "^3.0.7"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@tauri-apps/api": "^1.0.2",
|
"@tauri-apps/api": "^2.0.0-beta.13",
|
||||||
"daisyui": "^2.51.5"
|
"@tauri-apps/plugin-dialog": "^2.0.0-beta.5",
|
||||||
|
"@tauri-apps/plugin-os": "^2.0.0-beta.5",
|
||||||
|
"daisyui": "^4.12.8"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
4438
src-tauri/Cargo.lock
generated
4438
src-tauri/Cargo.lock
generated
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "creddy"
|
name = "creddy"
|
||||||
version = "0.4.7"
|
version = "0.5.4"
|
||||||
description = "A friendly AWS credentials manager"
|
description = "A friendly AWS credentials manager"
|
||||||
authors = ["Joseph Montanaro"]
|
authors = ["Joseph Montanaro"]
|
||||||
license = ""
|
license = ""
|
||||||
@ -9,45 +9,65 @@ default-run = "creddy"
|
|||||||
edition = "2021"
|
edition = "2021"
|
||||||
rust-version = "1.57"
|
rust-version = "1.57"
|
||||||
|
|
||||||
[[bin]]
|
|
||||||
name = "creddy_cli"
|
|
||||||
path = "src/bin/creddy_cli.rs"
|
|
||||||
|
|
||||||
[[bin]]
|
[[bin]]
|
||||||
name = "creddy"
|
name = "creddy"
|
||||||
path = "src/main.rs"
|
path = "src/main.rs"
|
||||||
|
|
||||||
|
# we use a workspace so that we can split out the CLI and make it possible to build independently
|
||||||
|
[workspace]
|
||||||
|
members = ["creddy_cli"]
|
||||||
|
|
||||||
|
[workspace.dependencies]
|
||||||
|
dirs = "5.0"
|
||||||
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
|
serde_json = "1.0"
|
||||||
|
tokio = { version = ">=1.19", features = ["full"] }
|
||||||
|
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
tauri-build = { version = "1.0.4", features = [] }
|
tauri-build = { version = "2.0.0-beta", features = [] }
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
serde_json = "1.0"
|
creddy_cli = { path = "./creddy_cli" }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
tauri = { version = "2.0.0-beta", features = ["tray-icon"] }
|
||||||
tauri = { version = "1.2", features = [ "app-all", "dialog", "dialog-open", "global-shortcut", "os-all", "system-tray"] }
|
|
||||||
tauri-plugin-single-instance = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "dev" }
|
|
||||||
sodiumoxide = "0.2.7"
|
sodiumoxide = "0.2.7"
|
||||||
tokio = { version = ">=1.19", features = ["full"] }
|
|
||||||
sqlx = { version = "0.6.2", features = ["sqlite", "runtime-tokio-rustls"] }
|
|
||||||
sysinfo = "0.26.8"
|
sysinfo = "0.26.8"
|
||||||
aws-types = "0.52.0"
|
aws-config = "1.5.3"
|
||||||
aws-sdk-sts = "0.22.0"
|
aws-types = "1.3.2"
|
||||||
aws-smithy-types = "0.52.0"
|
aws-sdk-sts = "1.33.0"
|
||||||
aws-config = "0.52.0"
|
aws-smithy-types = "1.2.0"
|
||||||
|
dirs = { workspace = true }
|
||||||
thiserror = "1.0.38"
|
thiserror = "1.0.38"
|
||||||
once_cell = "1.16.0"
|
once_cell = "1.16.0"
|
||||||
strum = "0.24"
|
strum = "0.24"
|
||||||
strum_macros = "0.24"
|
strum_macros = "0.24"
|
||||||
auto-launch = "0.4.0"
|
auto-launch = "0.4.0"
|
||||||
dirs = "5.0"
|
|
||||||
clap = { version = "3.2.23", features = ["derive"] }
|
|
||||||
is-terminal = "0.4.7"
|
is-terminal = "0.4.7"
|
||||||
argon2 = { version = "0.5.0", features = ["std"] }
|
argon2 = { version = "0.5.0", features = ["std"] }
|
||||||
chacha20poly1305 = { version = "0.10.1", features = ["std"] }
|
chacha20poly1305 = { version = "0.10.1", features = ["std"] }
|
||||||
which = "4.4.0"
|
which = "4.4.0"
|
||||||
windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pipes"] }
|
windows = { version = "0.51.1", features = ["Win32_Foundation", "Win32_System_Pipes"] }
|
||||||
time = "0.3.31"
|
time = "0.3.31"
|
||||||
|
tauri-plugin-single-instance = "2.0.0-beta.9"
|
||||||
|
tauri-plugin-global-shortcut = "2.0.0-beta.6"
|
||||||
|
tauri-plugin-os = "2.0.0-beta.6"
|
||||||
|
tauri-plugin-dialog = "2.0.0-beta.9"
|
||||||
|
rfd = "0.13.0"
|
||||||
|
ssh-agent-lib = "0.4.0"
|
||||||
|
ssh-key = { version = "0.6.6", features = ["rsa", "ed25519", "encryption"] }
|
||||||
|
signature = "2.2.0"
|
||||||
|
tokio-stream = "0.1.15"
|
||||||
|
serde = { workspace = true }
|
||||||
|
serde_json = { workspace = true }
|
||||||
|
sqlx = { version = "0.7.4", features = ["sqlite", "runtime-tokio", "uuid"] }
|
||||||
|
tokio = { workspace = true }
|
||||||
|
tokio-util = { version = "0.7.11", features = ["codec"] }
|
||||||
|
futures = "0.3.30"
|
||||||
|
openssl = "0.10.64"
|
||||||
|
rsa = "0.9.6"
|
||||||
|
sha2 = "0.10.8"
|
||||||
|
ssh-encoding = "0.2.0"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
# by default Tauri runs in production mode
|
# by default Tauri runs in production mode
|
||||||
|
19
src-tauri/capabilities/migrated.json
Normal file
19
src-tauri/capabilities/migrated.json
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
"identifier": "migrated",
|
||||||
|
"description": "permissions that were migrated from v1",
|
||||||
|
"local": true,
|
||||||
|
"windows": [
|
||||||
|
"main"
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
"path:default",
|
||||||
|
"event:default",
|
||||||
|
"window:default",
|
||||||
|
"app:default",
|
||||||
|
"resources:default",
|
||||||
|
"menu:default",
|
||||||
|
"tray:default",
|
||||||
|
"os:allow-os-type",
|
||||||
|
"dialog:allow-open"
|
||||||
|
]
|
||||||
|
}
|
12
src-tauri/creddy_cli/Cargo.toml
Normal file
12
src-tauri/creddy_cli/Cargo.toml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[package]
|
||||||
|
name = "creddy_cli"
|
||||||
|
version = "0.5.4"
|
||||||
|
edition = "2021"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
anyhow = "1.0.86"
|
||||||
|
clap = { version = "4", features = ["derive"] }
|
||||||
|
dirs = { workspace = true }
|
||||||
|
serde = { workspace = true }
|
||||||
|
serde_json = { workspace = true }
|
||||||
|
tokio = { workspace = true }
|
208
src-tauri/creddy_cli/src/cli.rs
Normal file
208
src-tauri/creddy_cli/src/cli.rs
Normal file
@ -0,0 +1,208 @@
|
|||||||
|
use std::path::PathBuf;
|
||||||
|
use std::process::Command as ChildCommand;
|
||||||
|
#[cfg(unix)]
|
||||||
|
use std::os::unix::process::CommandExt;
|
||||||
|
#[cfg(windows)]
|
||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
|
use anyhow::{bail, Context};
|
||||||
|
use clap::{
|
||||||
|
Args,
|
||||||
|
Parser,
|
||||||
|
Subcommand
|
||||||
|
};
|
||||||
|
use clap::builder::styling::{Styles, AnsiColor};
|
||||||
|
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
||||||
|
|
||||||
|
use crate::proto::{
|
||||||
|
CliCredential,
|
||||||
|
CliRequest,
|
||||||
|
CliResponse,
|
||||||
|
ServerError,
|
||||||
|
ShortcutAction,
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Parser)]
|
||||||
|
#[command(
|
||||||
|
about,
|
||||||
|
version,
|
||||||
|
name = "creddy",
|
||||||
|
bin_name = "creddy",
|
||||||
|
styles = Styles::styled()
|
||||||
|
.header(AnsiColor::Yellow.on_default())
|
||||||
|
.usage(AnsiColor::Yellow.on_default())
|
||||||
|
.literal(AnsiColor::Green.on_default())
|
||||||
|
.placeholder(AnsiColor::Green.on_default())
|
||||||
|
)]
|
||||||
|
/// A friendly credential manager
|
||||||
|
pub struct Cli {
|
||||||
|
#[command(flatten)]
|
||||||
|
pub global_args: GlobalArgs,
|
||||||
|
|
||||||
|
#[command(subcommand)]
|
||||||
|
pub action: Option<Action>,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Cli {
|
||||||
|
// proxy the Parser method so that main crate doesn't have to depend on Clap
|
||||||
|
pub fn parse() -> Self {
|
||||||
|
<Self as Parser>::parse()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, Args)]
|
||||||
|
pub struct GlobalArgs {
|
||||||
|
/// Connect to the main Creddy application at this path
|
||||||
|
#[arg(long, short = 'a')]
|
||||||
|
server_addr: Option<PathBuf>,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Subcommand)]
|
||||||
|
pub enum Action {
|
||||||
|
/// Launch Creddy
|
||||||
|
Run,
|
||||||
|
/// Request credentials from Creddy and output to stdout
|
||||||
|
Get(GetArgs),
|
||||||
|
/// Inject credentials into the environment of another command
|
||||||
|
Exec(ExecArgs),
|
||||||
|
/// Invoke an action normally triggered by hotkey (e.g. launch terminal)
|
||||||
|
Shortcut(InvokeArgs),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Args)]
|
||||||
|
pub struct GetArgs {
|
||||||
|
/// If unspecified, use default credentials
|
||||||
|
#[arg(short, long)]
|
||||||
|
name: Option<String>,
|
||||||
|
/// Use base credentials instead of session credentials (only applicable to AWS)
|
||||||
|
#[arg(long, short, default_value_t = false)]
|
||||||
|
base: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Args)]
|
||||||
|
pub struct ExecArgs {
|
||||||
|
#[command(flatten)]
|
||||||
|
get_args: GetArgs,
|
||||||
|
#[arg(trailing_var_arg = true)]
|
||||||
|
/// Command to be wrapped
|
||||||
|
command: Vec<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Args)]
|
||||||
|
pub struct InvokeArgs {
|
||||||
|
#[arg(value_name = "ACTION", value_enum)]
|
||||||
|
shortcut_action: ShortcutAction,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub fn get(args: GetArgs, global: GlobalArgs) -> anyhow::Result<()> {
|
||||||
|
let req = CliRequest::GetCredential {
|
||||||
|
name: args.name,
|
||||||
|
base: args.base,
|
||||||
|
};
|
||||||
|
|
||||||
|
let output = match make_request(global.server_addr, &req)?? {
|
||||||
|
CliResponse::Credential(CliCredential::AwsBase(c)) => {
|
||||||
|
serde_json::to_string_pretty(&c).unwrap()
|
||||||
|
},
|
||||||
|
CliResponse::Credential(CliCredential::AwsSession(c)) => {
|
||||||
|
serde_json::to_string_pretty(&c).unwrap()
|
||||||
|
},
|
||||||
|
r => bail!("Unexpected response from server: {r}"),
|
||||||
|
};
|
||||||
|
println!("{output}");
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub fn exec(args: ExecArgs, global: GlobalArgs) -> anyhow::Result<()> {
|
||||||
|
// Clap guarantees that cmd_line will be a sequence of at least 1 item
|
||||||
|
// test this!
|
||||||
|
let mut cmd_line = args.command.iter();
|
||||||
|
let cmd_name = cmd_line.next().unwrap();
|
||||||
|
let mut cmd = ChildCommand::new(cmd_name);
|
||||||
|
cmd.args(cmd_line);
|
||||||
|
|
||||||
|
let req = CliRequest::GetCredential {
|
||||||
|
name: args.get_args.name,
|
||||||
|
base: args.get_args.base,
|
||||||
|
};
|
||||||
|
|
||||||
|
match make_request(global.server_addr, &req)?? {
|
||||||
|
CliResponse::Credential(CliCredential::AwsBase(creds)) => {
|
||||||
|
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
|
||||||
|
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
|
||||||
|
},
|
||||||
|
CliResponse::Credential(CliCredential::AwsSession(creds)) => {
|
||||||
|
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
|
||||||
|
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
|
||||||
|
cmd.env("AWS_SESSION_TOKEN", creds.session_token);
|
||||||
|
},
|
||||||
|
r => bail!("Unexpected response from server: {r}"),
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(unix)]
|
||||||
|
{
|
||||||
|
let e = cmd.exec();
|
||||||
|
// cmd.exec() never returns if successful, so we never hit this line unless there's an error
|
||||||
|
Err(e).with_context(|| {
|
||||||
|
// eventually figure out how to display the actual command
|
||||||
|
format!("Failed to execute command: {}", args.command.join(" "))
|
||||||
|
})?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(windows)]
|
||||||
|
{
|
||||||
|
let mut child = match cmd.spawn() {
|
||||||
|
Ok(c) => c,
|
||||||
|
Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
|
||||||
|
let name: OsString = cmd_name.into();
|
||||||
|
return Err(ExecError::NotFound(name).into());
|
||||||
|
}
|
||||||
|
Err(e) => return Err(ExecError::ExecutionFailed(e).into()),
|
||||||
|
};
|
||||||
|
|
||||||
|
let status = child.wait()
|
||||||
|
.map_err(|e| ExecError::ExecutionFailed(e))?;
|
||||||
|
std::process::exit(status.code().unwrap_or(1));
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub fn invoke_shortcut(args: InvokeArgs, global: GlobalArgs) -> anyhow::Result<()> {
|
||||||
|
let req = CliRequest::InvokeShortcut(args.shortcut_action);
|
||||||
|
match make_request(global.server_addr, &req)?? {
|
||||||
|
CliResponse::Empty => Ok(()),
|
||||||
|
r => bail!("Unexpected response from server: {r}"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// Explanation for double-result: the server will return a (serialized) Result
|
||||||
|
// to indicate when the operation succeeded or failed, which we deserialize.
|
||||||
|
// However, the operation may fail to even communicate with the server, in
|
||||||
|
// which case we return the outer Result
|
||||||
|
#[tokio::main]
|
||||||
|
async fn make_request(
|
||||||
|
addr: Option<PathBuf>,
|
||||||
|
req: &CliRequest
|
||||||
|
) -> anyhow::Result<Result<CliResponse, ServerError>> {
|
||||||
|
let mut data = serde_json::to_string(req).unwrap();
|
||||||
|
// server expects newline marking end of request
|
||||||
|
data.push('\n');
|
||||||
|
|
||||||
|
let mut stream = crate::connect(addr).await?;
|
||||||
|
stream.write_all(&data.as_bytes()).await?;
|
||||||
|
|
||||||
|
let mut buf = Vec::with_capacity(1024);
|
||||||
|
stream.read_to_end(&mut buf).await?;
|
||||||
|
let res: Result<CliResponse, ServerError> = serde_json::from_slice(&buf)?;
|
||||||
|
Ok(res)
|
||||||
|
}
|
40
src-tauri/creddy_cli/src/lib.rs
Normal file
40
src-tauri/creddy_cli/src/lib.rs
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
mod cli;
|
||||||
|
pub use cli::{
|
||||||
|
Cli,
|
||||||
|
Action,
|
||||||
|
exec,
|
||||||
|
get,
|
||||||
|
invoke_shortcut,
|
||||||
|
};
|
||||||
|
|
||||||
|
pub(crate) use platform::connect;
|
||||||
|
pub use platform::server_addr;
|
||||||
|
|
||||||
|
pub mod proto;
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(unix)]
|
||||||
|
mod platform {
|
||||||
|
use std::path::PathBuf;
|
||||||
|
use tokio::net::UnixStream;
|
||||||
|
|
||||||
|
pub async fn connect(addr: Option<PathBuf>) -> Result<UnixStream, std::io::Error> {
|
||||||
|
let path = addr.unwrap_or_else(|| server_addr("creddy-server"));
|
||||||
|
UnixStream::connect(&path).await
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn server_addr(sock_name: &str) -> PathBuf {
|
||||||
|
let mut path = dirs::runtime_dir()
|
||||||
|
.unwrap_or_else(|| PathBuf::from("/tmp"));
|
||||||
|
path.push(format!("{sock_name}.sock"));
|
||||||
|
path
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(windows)]
|
||||||
|
mod platform {
|
||||||
|
pub fn server_addr(sock_name: &str) -> String {
|
||||||
|
format!(r"\\.\pipe\{sock_name}")
|
||||||
|
}
|
||||||
|
}
|
35
src-tauri/creddy_cli/src/main.rs
Normal file
35
src-tauri/creddy_cli/src/main.rs
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
use std::env;
|
||||||
|
use std::process::{self, Command};
|
||||||
|
|
||||||
|
use creddy_cli::{Action, Cli};
|
||||||
|
|
||||||
|
|
||||||
|
fn main() {
|
||||||
|
let cli = Cli::parse();
|
||||||
|
let res = match cli.action {
|
||||||
|
None | Some(Action::Run)=> launch_gui(),
|
||||||
|
Some(Action::Get(args)) => creddy_cli::get(args, cli.global_args),
|
||||||
|
Some(Action::Exec(args)) => creddy_cli::exec(args, cli.global_args),
|
||||||
|
Some(Action::Shortcut(args)) => creddy_cli::invoke_shortcut(args, cli.global_args),
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Err(e) = res {
|
||||||
|
eprintln!("Error: {e:?}");
|
||||||
|
process::exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn launch_gui() -> anyhow::Result<()> {
|
||||||
|
let mut path = env::current_exe()?;
|
||||||
|
path.pop(); // bin dir
|
||||||
|
|
||||||
|
// binaries are colocated in dev, but not in production
|
||||||
|
#[cfg(not(debug_assertions))]
|
||||||
|
path.pop(); // install dir
|
||||||
|
|
||||||
|
path.push("creddy.exe"); // exe in main install dir (aka gui exe)
|
||||||
|
|
||||||
|
Command::new(path).spawn()?;
|
||||||
|
Ok(())
|
||||||
|
}
|
91
src-tauri/creddy_cli/src/proto.rs
Normal file
91
src-tauri/creddy_cli/src/proto.rs
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
use std::fmt::{
|
||||||
|
Display,
|
||||||
|
Formatter,
|
||||||
|
Error as FmtError
|
||||||
|
};
|
||||||
|
|
||||||
|
use clap::ValueEnum;
|
||||||
|
use serde::{Serialize, Deserialize};
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub enum CliRequest {
|
||||||
|
GetCredential {
|
||||||
|
name: Option<String>,
|
||||||
|
base: bool,
|
||||||
|
},
|
||||||
|
InvokeShortcut(ShortcutAction),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Copy, Clone, Serialize, Deserialize, ValueEnum)]
|
||||||
|
pub enum ShortcutAction {
|
||||||
|
ShowWindow,
|
||||||
|
LaunchTerminal,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub enum CliResponse {
|
||||||
|
Credential(CliCredential),
|
||||||
|
Empty,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Display for CliResponse {
|
||||||
|
fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> {
|
||||||
|
match self {
|
||||||
|
CliResponse::Credential(CliCredential::AwsBase(_)) => write!(f, "Credential (AwsBase)"),
|
||||||
|
CliResponse::Credential(CliCredential::AwsSession(_)) => write!(f, "Credential (AwsSession)"),
|
||||||
|
CliResponse::Empty => write!(f, "Empty"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub enum CliCredential {
|
||||||
|
AwsBase(AwsBaseCredential),
|
||||||
|
AwsSession(AwsSessionCredential),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
|
||||||
|
#[serde(rename_all = "PascalCase")]
|
||||||
|
pub struct AwsBaseCredential {
|
||||||
|
#[serde(default = "default_aws_version")]
|
||||||
|
pub version: usize,
|
||||||
|
pub access_key_id: String,
|
||||||
|
pub secret_access_key: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
|
||||||
|
#[serde(rename_all = "PascalCase")]
|
||||||
|
pub struct AwsSessionCredential {
|
||||||
|
#[serde(default = "default_aws_version")]
|
||||||
|
pub version: usize,
|
||||||
|
pub access_key_id: String,
|
||||||
|
pub secret_access_key: String,
|
||||||
|
pub session_token: String,
|
||||||
|
// we don't need to know the expiration for the CLI, so just use a string here
|
||||||
|
pub expiration: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn default_aws_version() -> usize { 1 }
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub struct ServerError {
|
||||||
|
code: String,
|
||||||
|
msg: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Display for ServerError {
|
||||||
|
fn fmt(&self, f: &mut Formatter) -> Result<(), FmtError> {
|
||||||
|
write!(f, "Error response ({}) from server: {}", self.code, self.msg)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl std::error::Error for ServerError {}
|
1
src-tauri/gen/schemas/acl-manifests.json
Normal file
1
src-tauri/gen/schemas/acl-manifests.json
Normal file
File diff suppressed because one or more lines are too long
1
src-tauri/gen/schemas/capabilities.json
Normal file
1
src-tauri/gen/schemas/capabilities.json
Normal file
@ -0,0 +1 @@
|
|||||||
|
{"migrated":{"identifier":"migrated","description":"permissions that were migrated from v1","local":true,"windows":["main"],"permissions":["path:default","event:default","window:default","app:default","resources:default","menu:default","tray:default","os:allow-os-type","dialog:allow-open"]}}
|
2437
src-tauri/gen/schemas/desktop-schema.json
Normal file
2437
src-tauri/gen/schemas/desktop-schema.json
Normal file
File diff suppressed because it is too large
Load Diff
2437
src-tauri/gen/schemas/linux-schema.json
Normal file
2437
src-tauri/gen/schemas/linux-schema.json
Normal file
File diff suppressed because it is too large
Load Diff
11
src-tauri/migrations/20240612192956_kv.sql
Normal file
11
src-tauri/migrations/20240612192956_kv.sql
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-- key-value store, will be used for various one-off values, serialized to bytes
|
||||||
|
CREATE TABLE kv (
|
||||||
|
name TEXT PRIMARY KEY,
|
||||||
|
value BLOB
|
||||||
|
);
|
||||||
|
|
||||||
|
-- config is currently stored in its own table, as text
|
||||||
|
INSERT INTO kv (name, value)
|
||||||
|
SELECT 'config', CAST(data AS BLOB) FROM config;
|
||||||
|
|
||||||
|
DROP TABLE config;
|
80
src-tauri/migrations/20240617142724_credential_split.sql
Normal file
80
src-tauri/migrations/20240617142724_credential_split.sql
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
-- app structure is changing - instead of passphrase/salt being per credential,
|
||||||
|
-- we now have a single app-wide key, which is generated by hashing the passphrase
|
||||||
|
-- with the known salt. To verify the key thus produced, we store a value previously
|
||||||
|
-- encrypted with that key, and attempt decryption once the key has been re-generated.
|
||||||
|
|
||||||
|
-- For migration purposes, we want convert the passphrase for the most recent set of
|
||||||
|
-- AWS credentials and turn it into the app-wide passphrase. The only value that we
|
||||||
|
-- have which is encrypted with that passphrase is the secret key for those credentials,
|
||||||
|
-- so we will just use that as the `verify_blob`. Feels a little weird, but oh well.
|
||||||
|
WITH latest_creds AS (
|
||||||
|
SELECT *
|
||||||
|
FROM credentials
|
||||||
|
ORDER BY created_at DESC
|
||||||
|
LIMIT 1
|
||||||
|
)
|
||||||
|
|
||||||
|
INSERT INTO kv (name, value)
|
||||||
|
SELECT 'salt', salt FROM latest_creds
|
||||||
|
UNION ALL
|
||||||
|
SELECT 'verify_nonce', nonce FROM latest_creds
|
||||||
|
UNION ALL
|
||||||
|
SELECT 'verify_blob', secret_key_enc FROM latest_creds;
|
||||||
|
|
||||||
|
|
||||||
|
-- Credentials are now going to be stored in a main table
|
||||||
|
-- plus ancillary tables for type-specific data
|
||||||
|
|
||||||
|
-- stash existing AWS creds in temporary table so that we can remake it
|
||||||
|
CREATE TABLE aws_tmp (id, access_key_id, secret_key_enc, nonce, created_at);
|
||||||
|
|
||||||
|
INSERT INTO aws_tmp
|
||||||
|
SELECT randomblob(16), access_key_id, secret_key_enc, nonce, created_at
|
||||||
|
FROM credentials
|
||||||
|
ORDER BY created_at DESC
|
||||||
|
-- we only ever used one at a time in the past
|
||||||
|
LIMIT 1;
|
||||||
|
|
||||||
|
-- new master credentials table
|
||||||
|
DROP TABLE credentials;
|
||||||
|
CREATE TABLE credentials (
|
||||||
|
-- id is a UUID so we can generate it on the frontend
|
||||||
|
id BLOB UNIQUE NOT NULL,
|
||||||
|
name TEXT UNIQUE NOT NULL,
|
||||||
|
credential_type TEXT NOT NULL,
|
||||||
|
is_default BOOLEAN NOT NULL,
|
||||||
|
created_at INTEGER NOT NULL
|
||||||
|
);
|
||||||
|
|
||||||
|
-- populate with basic data from existing AWS credential
|
||||||
|
INSERT INTO credentials (id, name, credential_type, is_default, created_at)
|
||||||
|
SELECT id, 'default', 'aws', 1, created_at FROM aws_tmp;
|
||||||
|
|
||||||
|
-- new AWS-specific table
|
||||||
|
CREATE TABLE aws_credentials (
|
||||||
|
id BLOB UNIQUE NOT NULL,
|
||||||
|
access_key_id TEXT NOT NULL,
|
||||||
|
secret_key_enc BLOB NOT NULL,
|
||||||
|
nonce BLOB NOT NULL,
|
||||||
|
FOREIGN KEY(id) REFERENCES credentials(id) ON DELETE CASCADE
|
||||||
|
);
|
||||||
|
|
||||||
|
-- populate with AWS-specific data from existing credential
|
||||||
|
INSERT INTO aws_credentials (id, access_key_id, secret_key_enc, nonce)
|
||||||
|
SELECT id, access_key_id, secret_key_enc, nonce
|
||||||
|
FROM aws_tmp;
|
||||||
|
|
||||||
|
-- done with this now
|
||||||
|
DROP TABLE aws_tmp;
|
||||||
|
|
||||||
|
|
||||||
|
-- SSH keys are the new hotness
|
||||||
|
CREATE TABLE ssh_credentials (
|
||||||
|
id BLOB UNIQUE NOT NULL,
|
||||||
|
algorithm TEXT NOT NULL,
|
||||||
|
comment TEXT NOT NULL,
|
||||||
|
public_key BLOB NOT NULL,
|
||||||
|
private_key_enc BLOB NOT NULL,
|
||||||
|
nonce BLOB NOT NULL,
|
||||||
|
FOREIGN KEY(id) REFERENCES credentials(id) ON DELETE CASCADE
|
||||||
|
);
|
@ -10,15 +10,18 @@ use sqlx::{
|
|||||||
use tauri::{
|
use tauri::{
|
||||||
App,
|
App,
|
||||||
AppHandle,
|
AppHandle,
|
||||||
Manager,
|
|
||||||
async_runtime as rt,
|
async_runtime as rt,
|
||||||
|
Manager,
|
||||||
|
RunEvent,
|
||||||
|
WindowEvent,
|
||||||
};
|
};
|
||||||
|
use tauri::menu::MenuItem;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
config::{self, AppConfig},
|
config::{self, AppConfig},
|
||||||
credentials::Session,
|
credentials::AppSession,
|
||||||
ipc,
|
ipc,
|
||||||
server::Server,
|
srv::{creddy_server, agent},
|
||||||
errors::*,
|
errors::*,
|
||||||
shortcuts,
|
shortcuts,
|
||||||
state::AppState,
|
state::AppState,
|
||||||
@ -33,32 +36,39 @@ pub fn run() -> tauri::Result<()> {
|
|||||||
tauri::Builder::default()
|
tauri::Builder::default()
|
||||||
.plugin(tauri_plugin_single_instance::init(|app, _argv, _cwd| {
|
.plugin(tauri_plugin_single_instance::init(|app, _argv, _cwd| {
|
||||||
show_main_window(app)
|
show_main_window(app)
|
||||||
.error_popup("Failed to show main window");
|
.error_popup("Failed to show main window")
|
||||||
}))
|
}))
|
||||||
.system_tray(tray::create())
|
.plugin(tauri_plugin_global_shortcut::Builder::default().build())
|
||||||
.on_system_tray_event(tray::handle_event)
|
.plugin(tauri_plugin_os::init())
|
||||||
|
.plugin(tauri_plugin_dialog::init())
|
||||||
.invoke_handler(tauri::generate_handler![
|
.invoke_handler(tauri::generate_handler![
|
||||||
ipc::unlock,
|
ipc::unlock,
|
||||||
|
ipc::lock,
|
||||||
|
ipc::reset_session,
|
||||||
|
ipc::set_passphrase,
|
||||||
ipc::respond,
|
ipc::respond,
|
||||||
ipc::get_session_status,
|
ipc::get_session_status,
|
||||||
ipc::signal_activity,
|
ipc::signal_activity,
|
||||||
ipc::save_credentials,
|
ipc::save_credential,
|
||||||
|
ipc::delete_credential,
|
||||||
|
ipc::list_credentials,
|
||||||
|
ipc::sshkey_from_file,
|
||||||
|
ipc::sshkey_from_private_key,
|
||||||
ipc::get_config,
|
ipc::get_config,
|
||||||
ipc::save_config,
|
ipc::save_config,
|
||||||
ipc::launch_terminal,
|
ipc::launch_terminal,
|
||||||
ipc::get_setup_errors,
|
ipc::get_setup_errors,
|
||||||
|
ipc::exit,
|
||||||
])
|
])
|
||||||
.setup(|app| rt::block_on(setup(app)))
|
.setup(|app| rt::block_on(setup(app)))
|
||||||
.build(tauri::generate_context!())?
|
.build(tauri::generate_context!())?
|
||||||
.run(|app, run_event| match run_event {
|
.run(|app, run_event| {
|
||||||
tauri::RunEvent::WindowEvent { event, .. } => match event {
|
if let RunEvent::WindowEvent { event, .. } = run_event {
|
||||||
tauri::WindowEvent::CloseRequested { api, .. } => {
|
if let WindowEvent::CloseRequested { api, .. } = event {
|
||||||
let _ = hide_main_window(app);
|
let _ = hide_main_window(app);
|
||||||
api.prevent_close();
|
api.prevent_close();
|
||||||
}
|
}
|
||||||
_ => ()
|
|
||||||
}
|
}
|
||||||
_ => ()
|
|
||||||
});
|
});
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
@ -77,8 +87,8 @@ pub async fn connect_db() -> Result<SqlitePool, SetupError> {
|
|||||||
|
|
||||||
|
|
||||||
async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
||||||
APP.set(app.handle()).unwrap();
|
APP.set(app.handle().clone()).unwrap();
|
||||||
|
tray::setup(app)?;
|
||||||
// get_or_create_db_path doesn't create the actual db file, just the directory
|
// get_or_create_db_path doesn't create the actual db file, just the directory
|
||||||
let is_first_launch = !config::get_or_create_db_path()?.exists();
|
let is_first_launch = !config::get_or_create_db_path()?.exists();
|
||||||
let pool = connect_db().await?;
|
let pool = connect_db().await?;
|
||||||
@ -86,7 +96,7 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
|||||||
|
|
||||||
let mut conf = match AppConfig::load(&pool).await {
|
let mut conf = match AppConfig::load(&pool).await {
|
||||||
Ok(c) => c,
|
Ok(c) => c,
|
||||||
Err(SetupError::ConfigParseError(_)) => {
|
Err(LoadKvError::Invalid(_)) => {
|
||||||
setup_errors.push(
|
setup_errors.push(
|
||||||
"Could not load configuration from database. Reverting to defaults.".into()
|
"Could not load configuration from database. Reverting to defaults.".into()
|
||||||
);
|
);
|
||||||
@ -95,8 +105,9 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
|||||||
err => err?,
|
err => err?,
|
||||||
};
|
};
|
||||||
|
|
||||||
let session = Session::load(&pool).await?;
|
let app_session = AppSession::load(&pool).await?;
|
||||||
Server::start(app.handle())?;
|
creddy_server::serve(app.handle().clone())?;
|
||||||
|
agent::serve(app.handle().clone())?;
|
||||||
|
|
||||||
config::set_auto_launch(conf.start_on_login)?;
|
config::set_auto_launch(conf.start_on_login)?;
|
||||||
if let Err(_e) = config::set_auto_launch(conf.start_on_login) {
|
if let Err(_e) = config::set_auto_launch(conf.start_on_login) {
|
||||||
@ -114,16 +125,15 @@ async fn setup(app: &mut App) -> Result<(), Box<dyn Error>> {
|
|||||||
.map(|names| names.split(':').any(|n| n == "GNOME"))
|
.map(|names| names.split(':').any(|n| n == "GNOME"))
|
||||||
.unwrap_or(false);
|
.unwrap_or(false);
|
||||||
|
|
||||||
// if session is empty, this is probably the first launch, so don't autohide
|
|
||||||
if !conf.start_minimized || is_first_launch {
|
if !conf.start_minimized || is_first_launch {
|
||||||
show_main_window(&app.handle())?;
|
show_main_window(&app.handle())?;
|
||||||
}
|
}
|
||||||
|
|
||||||
let state = AppState::new(conf, session, pool, setup_errors, desktop_is_gnome);
|
let state = AppState::new(conf, app_session, pool, setup_errors, desktop_is_gnome);
|
||||||
app.manage(state);
|
app.manage(state);
|
||||||
|
|
||||||
// make sure we do this after managing app state, so that it doesn't panic
|
// make sure we do this after managing app state, so that it doesn't panic
|
||||||
start_auto_locker(app.app_handle());
|
start_auto_locker(app.app_handle().clone());
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
@ -146,27 +156,25 @@ fn start_auto_locker(app: AppHandle) {
|
|||||||
|
|
||||||
|
|
||||||
pub fn show_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
pub fn show_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
||||||
let w = app.get_window("main").ok_or(WindowError::NoMainWindow)?;
|
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
|
||||||
w.show()?;
|
w.show()?;
|
||||||
app.tray_handle()
|
let show_hide = app.state::<MenuItem<tauri::Wry>>();
|
||||||
.get_item("show_hide")
|
show_hide.set_text("Hide")?;
|
||||||
.set_title("Hide")?;
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub fn hide_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
pub fn hide_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
||||||
let w = app.get_window("main").ok_or(WindowError::NoMainWindow)?;
|
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
|
||||||
w.hide()?;
|
w.hide()?;
|
||||||
app.tray_handle()
|
let show_hide = app.state::<MenuItem<tauri::Wry>>();
|
||||||
.get_item("show_hide")
|
show_hide.set_text("Show")?;
|
||||||
.set_title("Show")?;
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub fn toggle_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
pub fn toggle_main_window(app: &AppHandle) -> Result<(), WindowError> {
|
||||||
let w = app.get_window("main").ok_or(WindowError::NoMainWindow)?;
|
let w = app.get_webview_window("main").ok_or(WindowError::NoMainWindow)?;
|
||||||
if w.is_visible()? {
|
if w.is_visible()? {
|
||||||
hide_main_window(app)
|
hide_main_window(app)
|
||||||
}
|
}
|
||||||
|
@ -1,47 +0,0 @@
|
|||||||
// Windows isn't really amenable to having a single executable work as both a CLI and GUI app,
|
|
||||||
// so we just have a second binary for CLI usage
|
|
||||||
use creddy::{
|
|
||||||
cli,
|
|
||||||
errors::CliError,
|
|
||||||
};
|
|
||||||
use std::{
|
|
||||||
env,
|
|
||||||
process::{self, Command},
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
fn main() {
|
|
||||||
let args = cli::parser().get_matches();
|
|
||||||
if let Some(true) = args.get_one::<bool>("help") {
|
|
||||||
cli::parser().print_help().unwrap(); // if we can't print help we can't print an error
|
|
||||||
process::exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
let res = match args.subcommand() {
|
|
||||||
None | Some(("run", _)) => launch_gui(),
|
|
||||||
Some(("get", m)) => cli::get(m),
|
|
||||||
Some(("exec", m)) => cli::exec(m),
|
|
||||||
Some(("shortcut", m)) => cli::invoke_shortcut(m),
|
|
||||||
_ => unreachable!("Unknown subcommand"),
|
|
||||||
};
|
|
||||||
|
|
||||||
if let Err(e) = res {
|
|
||||||
eprintln!("Error: {e}");
|
|
||||||
process::exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
fn launch_gui() -> Result<(), CliError> {
|
|
||||||
let mut path = env::current_exe()?;
|
|
||||||
path.pop(); // bin dir
|
|
||||||
|
|
||||||
// binaries are colocated in dev, but not in production
|
|
||||||
#[cfg(not(debug_assertions))]
|
|
||||||
path.pop(); // install dir
|
|
||||||
|
|
||||||
path.push("creddy.exe"); // exe in main install dir (aka gui exe)
|
|
||||||
|
|
||||||
Command::new(path).spawn()?;
|
|
||||||
Ok(())
|
|
||||||
}
|
|
@ -1,203 +0,0 @@
|
|||||||
use std::ffi::OsString;
|
|
||||||
use std::process::Command as ChildCommand;
|
|
||||||
#[cfg(windows)]
|
|
||||||
use std::time::Duration;
|
|
||||||
|
|
||||||
use clap::{
|
|
||||||
Command,
|
|
||||||
Arg,
|
|
||||||
ArgMatches,
|
|
||||||
ArgAction,
|
|
||||||
builder::PossibleValuesParser,
|
|
||||||
};
|
|
||||||
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
|
||||||
|
|
||||||
use crate::credentials::Credentials;
|
|
||||||
use crate::errors::*;
|
|
||||||
use crate::server::{Request, Response};
|
|
||||||
use crate::shortcuts::ShortcutAction;
|
|
||||||
|
|
||||||
#[cfg(unix)]
|
|
||||||
use {
|
|
||||||
std::os::unix::process::CommandExt,
|
|
||||||
tokio::net::UnixStream,
|
|
||||||
};
|
|
||||||
|
|
||||||
#[cfg(windows)]
|
|
||||||
use {
|
|
||||||
tokio::net::windows::named_pipe::{NamedPipeClient, ClientOptions},
|
|
||||||
windows::Win32::Foundation::ERROR_PIPE_BUSY,
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
pub fn parser() -> Command<'static> {
|
|
||||||
Command::new("creddy")
|
|
||||||
.version(env!("CARGO_PKG_VERSION"))
|
|
||||||
.about("A friendly AWS credentials manager")
|
|
||||||
.subcommand(
|
|
||||||
Command::new("run")
|
|
||||||
.about("Launch Creddy")
|
|
||||||
)
|
|
||||||
.subcommand(
|
|
||||||
Command::new("get")
|
|
||||||
.about("Request AWS credentials from Creddy and output to stdout")
|
|
||||||
.arg(
|
|
||||||
Arg::new("base")
|
|
||||||
.short('b')
|
|
||||||
.long("base")
|
|
||||||
.action(ArgAction::SetTrue)
|
|
||||||
.help("Use base credentials instead of session credentials")
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.subcommand(
|
|
||||||
Command::new("exec")
|
|
||||||
.about("Inject AWS credentials into the environment of another command")
|
|
||||||
.trailing_var_arg(true)
|
|
||||||
.arg(
|
|
||||||
Arg::new("base")
|
|
||||||
.short('b')
|
|
||||||
.long("base")
|
|
||||||
.action(ArgAction::SetTrue)
|
|
||||||
.help("Use base credentials instead of session credentials")
|
|
||||||
)
|
|
||||||
.arg(
|
|
||||||
Arg::new("command")
|
|
||||||
.multiple_values(true)
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.subcommand(
|
|
||||||
Command::new("shortcut")
|
|
||||||
.about("Invoke an action normally trigged by hotkey (e.g. launch terminal)")
|
|
||||||
.arg(
|
|
||||||
Arg::new("action")
|
|
||||||
.value_parser(
|
|
||||||
PossibleValuesParser::new(["show_window", "launch_terminal"])
|
|
||||||
)
|
|
||||||
)
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
pub fn get(args: &ArgMatches) -> Result<(), CliError> {
|
|
||||||
let base = args.get_one("base").unwrap_or(&false);
|
|
||||||
let output = match get_credentials(*base)? {
|
|
||||||
Credentials::Base(creds) => serde_json::to_string(&creds).unwrap(),
|
|
||||||
Credentials::Session(creds) => serde_json::to_string(&creds).unwrap(),
|
|
||||||
};
|
|
||||||
println!("{output}");
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
pub fn exec(args: &ArgMatches) -> Result<(), CliError> {
|
|
||||||
let base = *args.get_one("base").unwrap_or(&false);
|
|
||||||
let mut cmd_line = args.get_many("command")
|
|
||||||
.ok_or(ExecError::NoCommand)?;
|
|
||||||
|
|
||||||
let cmd_name: &String = cmd_line.next().unwrap(); // Clap guarantees that there will be at least one
|
|
||||||
let mut cmd = ChildCommand::new(cmd_name);
|
|
||||||
cmd.args(cmd_line);
|
|
||||||
|
|
||||||
match get_credentials(base)? {
|
|
||||||
Credentials::Base(creds) => {
|
|
||||||
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
|
|
||||||
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
|
|
||||||
},
|
|
||||||
Credentials::Session(creds) => {
|
|
||||||
cmd.env("AWS_ACCESS_KEY_ID", creds.access_key_id);
|
|
||||||
cmd.env("AWS_SECRET_ACCESS_KEY", creds.secret_access_key);
|
|
||||||
cmd.env("AWS_SESSION_TOKEN", creds.session_token);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(unix)]
|
|
||||||
{
|
|
||||||
// cmd.exec() never returns if successful
|
|
||||||
let e = cmd.exec();
|
|
||||||
match e.kind() {
|
|
||||||
std::io::ErrorKind::NotFound => {
|
|
||||||
let name: OsString = cmd_name.into();
|
|
||||||
Err(ExecError::NotFound(name).into())
|
|
||||||
}
|
|
||||||
_ => Err(ExecError::ExecutionFailed(e).into()),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(windows)]
|
|
||||||
{
|
|
||||||
let mut child = match cmd.spawn() {
|
|
||||||
Ok(c) => c,
|
|
||||||
Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
|
|
||||||
let name: OsString = cmd_name.into();
|
|
||||||
return Err(ExecError::NotFound(name).into());
|
|
||||||
}
|
|
||||||
Err(e) => return Err(ExecError::ExecutionFailed(e).into()),
|
|
||||||
};
|
|
||||||
|
|
||||||
let status = child.wait()
|
|
||||||
.map_err(|e| ExecError::ExecutionFailed(e))?;
|
|
||||||
std::process::exit(status.code().unwrap_or(1));
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
pub fn invoke_shortcut(args: &ArgMatches) -> Result<(), CliError> {
|
|
||||||
let action = match args.get_one::<String>("action").map(|s| s.as_str()) {
|
|
||||||
Some("show_window") => ShortcutAction::ShowWindow,
|
|
||||||
Some("launch_terminal") => ShortcutAction::LaunchTerminal,
|
|
||||||
Some(&_) | None => unreachable!("Unknown shortcut action"), // guaranteed by clap
|
|
||||||
};
|
|
||||||
|
|
||||||
let req = Request::InvokeShortcut(action);
|
|
||||||
match make_request(&req) {
|
|
||||||
Ok(Response::Empty) => Ok(()),
|
|
||||||
Ok(r) => Err(RequestError::Unexpected(r).into()),
|
|
||||||
Err(e) => Err(e.into()),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
fn get_credentials(base: bool) -> Result<Credentials, RequestError> {
|
|
||||||
let req = Request::GetAwsCredentials { base };
|
|
||||||
match make_request(&req) {
|
|
||||||
Ok(Response::Aws(creds)) => Ok(creds),
|
|
||||||
Ok(r) => Err(RequestError::Unexpected(r)),
|
|
||||||
Err(e) => Err(e),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[tokio::main]
|
|
||||||
async fn make_request(req: &Request) -> Result<Response, RequestError> {
|
|
||||||
let mut data = serde_json::to_string(req).unwrap();
|
|
||||||
// server expects newline marking end of request
|
|
||||||
data.push('\n');
|
|
||||||
|
|
||||||
let mut stream = connect().await?;
|
|
||||||
stream.write_all(&data.as_bytes()).await?;
|
|
||||||
|
|
||||||
let mut buf = Vec::with_capacity(1024);
|
|
||||||
stream.read_to_end(&mut buf).await?;
|
|
||||||
let res: Result<Response, ServerError> = serde_json::from_slice(&buf)?;
|
|
||||||
Ok(res?)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[cfg(windows)]
|
|
||||||
async fn connect() -> Result<NamedPipeClient, std::io::Error> {
|
|
||||||
// apparently attempting to connect can fail if there's already a client connected
|
|
||||||
loop {
|
|
||||||
match ClientOptions::new().open(r"\\.\pipe\creddy-requests") {
|
|
||||||
Ok(stream) => return Ok(stream),
|
|
||||||
Err(e) if e.raw_os_error() == Some(ERROR_PIPE_BUSY.0 as i32) => (),
|
|
||||||
Err(e) => return Err(e),
|
|
||||||
}
|
|
||||||
tokio::time::sleep(Duration::from_millis(10)).await;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[cfg(unix)]
|
|
||||||
async fn connect() -> Result<UnixStream, std::io::Error> {
|
|
||||||
UnixStream::connect("/tmp/creddy.sock").await
|
|
||||||
}
|
|
@ -1,6 +1,12 @@
|
|||||||
use std::path::{Path, PathBuf};
|
use std::path::{Path, PathBuf};
|
||||||
|
|
||||||
use sysinfo::{System, SystemExt, Pid, PidExt, ProcessExt};
|
use sysinfo::{
|
||||||
|
System,
|
||||||
|
SystemExt,
|
||||||
|
Pid,
|
||||||
|
PidExt,
|
||||||
|
ProcessExt
|
||||||
|
};
|
||||||
use serde::{Serialize, Deserialize};
|
use serde::{Serialize, Deserialize};
|
||||||
|
|
||||||
use crate::errors::*;
|
use crate::errors::*;
|
||||||
@ -13,23 +19,25 @@ pub struct Client {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub fn get_process_parent_info(pid: u32) -> Result<Client, ClientInfoError> {
|
pub fn get_client(pid: u32, parent: bool) -> Result<Client, ClientInfoError> {
|
||||||
let sys_pid = Pid::from_u32(pid);
|
let sys_pid = Pid::from_u32(pid);
|
||||||
let mut sys = System::new();
|
let mut sys = System::new();
|
||||||
sys.refresh_process(sys_pid);
|
sys.refresh_process(sys_pid);
|
||||||
let proc = sys.process(sys_pid)
|
let mut proc = sys.process(sys_pid)
|
||||||
.ok_or(ClientInfoError::ProcessNotFound)?;
|
.ok_or(ClientInfoError::ProcessNotFound)?;
|
||||||
|
|
||||||
|
if parent {
|
||||||
let parent_pid_sys = proc.parent()
|
let parent_pid_sys = proc.parent()
|
||||||
.ok_or(ClientInfoError::ParentPidNotFound)?;
|
.ok_or(ClientInfoError::ParentPidNotFound)?;
|
||||||
sys.refresh_process(parent_pid_sys);
|
sys.refresh_process(parent_pid_sys);
|
||||||
let parent = sys.process(parent_pid_sys)
|
proc = sys.process(parent_pid_sys)
|
||||||
.ok_or(ClientInfoError::ParentProcessNotFound)?;
|
.ok_or(ClientInfoError::ParentProcessNotFound)?;
|
||||||
|
}
|
||||||
|
|
||||||
let exe = match parent.exe() {
|
let exe = match proc.exe() {
|
||||||
p if p == Path::new("") => None,
|
p if p == Path::new("") => None,
|
||||||
p => Some(PathBuf::from(p)),
|
p => Some(PathBuf::from(p)),
|
||||||
};
|
};
|
||||||
|
|
||||||
Ok(Client { pid: parent_pid_sys.as_u32(), exe })
|
Ok(Client { pid: proc.pid().as_u32(), exe })
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,7 @@ use serde::{Serialize, Deserialize};
|
|||||||
use sqlx::SqlitePool;
|
use sqlx::SqlitePool;
|
||||||
|
|
||||||
use crate::errors::*;
|
use crate::errors::*;
|
||||||
|
use crate::kv;
|
||||||
|
|
||||||
|
|
||||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||||
@ -77,31 +78,16 @@ impl Default for AppConfig {
|
|||||||
|
|
||||||
|
|
||||||
impl AppConfig {
|
impl AppConfig {
|
||||||
pub async fn load(pool: &SqlitePool) -> Result<AppConfig, SetupError> {
|
pub async fn load(pool: &SqlitePool) -> Result<AppConfig, LoadKvError> {
|
||||||
let res = sqlx::query!("SELECT * from config where name = 'main'")
|
let config = kv::load(pool, "config")
|
||||||
.fetch_optional(pool)
|
.await?
|
||||||
.await?;
|
.unwrap_or_else(|| AppConfig::default());
|
||||||
|
|
||||||
let row = match res {
|
Ok(config)
|
||||||
Some(row) => row,
|
|
||||||
None => return Ok(AppConfig::default()),
|
|
||||||
};
|
|
||||||
|
|
||||||
Ok(serde_json::from_str(&row.data)?)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn save(&self, pool: &SqlitePool) -> Result<(), sqlx::error::Error> {
|
pub async fn save(&self, pool: &SqlitePool) -> Result<(), sqlx::error::Error> {
|
||||||
let data = serde_json::to_string(self).unwrap();
|
kv::save(pool, "config", self).await
|
||||||
sqlx::query(
|
|
||||||
"INSERT INTO config (name, data) VALUES ('main', ?)
|
|
||||||
ON CONFLICT (name) DO UPDATE SET data = ?"
|
|
||||||
)
|
|
||||||
.bind(&data)
|
|
||||||
.bind(&data)
|
|
||||||
.execute(pool)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,346 +0,0 @@
|
|||||||
use std::fmt::{self, Formatter};
|
|
||||||
use std::time::{SystemTime, UNIX_EPOCH};
|
|
||||||
|
|
||||||
use aws_smithy_types::date_time::{DateTime, Format};
|
|
||||||
use argon2::{
|
|
||||||
Argon2,
|
|
||||||
Algorithm,
|
|
||||||
Version,
|
|
||||||
ParamsBuilder,
|
|
||||||
password_hash::rand_core::{RngCore, OsRng},
|
|
||||||
};
|
|
||||||
use chacha20poly1305::{
|
|
||||||
XChaCha20Poly1305,
|
|
||||||
XNonce,
|
|
||||||
aead::{
|
|
||||||
Aead,
|
|
||||||
AeadCore,
|
|
||||||
KeyInit,
|
|
||||||
Error as AeadError,
|
|
||||||
generic_array::GenericArray,
|
|
||||||
},
|
|
||||||
};
|
|
||||||
use serde::{
|
|
||||||
Serialize,
|
|
||||||
Deserialize,
|
|
||||||
Serializer,
|
|
||||||
Deserializer,
|
|
||||||
};
|
|
||||||
use serde::de::{self, Visitor};
|
|
||||||
use sqlx::SqlitePool;
|
|
||||||
|
|
||||||
|
|
||||||
use crate::errors::*;
|
|
||||||
|
|
||||||
|
|
||||||
#[derive(Clone, Debug)]
|
|
||||||
pub enum Session {
|
|
||||||
Unlocked{
|
|
||||||
base: BaseCredentials,
|
|
||||||
session: SessionCredentials,
|
|
||||||
},
|
|
||||||
Locked(LockedCredentials),
|
|
||||||
Empty,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Session {
|
|
||||||
pub async fn load(pool: &SqlitePool) -> Result<Self, SetupError> {
|
|
||||||
let res = sqlx::query!("SELECT * FROM credentials ORDER BY created_at desc")
|
|
||||||
.fetch_optional(pool)
|
|
||||||
.await?;
|
|
||||||
let row = match res {
|
|
||||||
Some(r) => r,
|
|
||||||
None => {return Ok(Session::Empty);}
|
|
||||||
};
|
|
||||||
|
|
||||||
let salt: [u8; 32] = row.salt
|
|
||||||
.try_into()
|
|
||||||
.map_err(|_e| SetupError::InvalidRecord)?;
|
|
||||||
let nonce = XNonce::from_exact_iter(row.nonce.into_iter())
|
|
||||||
.ok_or(SetupError::InvalidRecord)?;
|
|
||||||
|
|
||||||
let creds = LockedCredentials {
|
|
||||||
access_key_id: row.access_key_id,
|
|
||||||
secret_key_enc: row.secret_key_enc,
|
|
||||||
salt,
|
|
||||||
nonce,
|
|
||||||
};
|
|
||||||
Ok(Session::Locked(creds))
|
|
||||||
}
|
|
||||||
|
|
||||||
pub async fn renew_if_expired(&mut self) -> Result<bool, GetSessionError> {
|
|
||||||
match self {
|
|
||||||
Session::Unlocked{ref base, ref mut session} => {
|
|
||||||
if !session.is_expired() {
|
|
||||||
return Ok(false);
|
|
||||||
}
|
|
||||||
*session = SessionCredentials::from_base(base).await?;
|
|
||||||
Ok(true)
|
|
||||||
},
|
|
||||||
Session::Locked(_) => Err(GetSessionError::CredentialsLocked),
|
|
||||||
Session::Empty => Err(GetSessionError::CredentialsEmpty),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn try_get(
|
|
||||||
&self
|
|
||||||
) -> Result<(&BaseCredentials, &SessionCredentials), GetCredentialsError> {
|
|
||||||
match self {
|
|
||||||
Self::Empty => Err(GetCredentialsError::Empty),
|
|
||||||
Self::Locked(_) => Err(GetCredentialsError::Locked),
|
|
||||||
Self::Unlocked{ ref base, ref session } => Ok((base, session))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[derive(Clone, Debug)]
|
|
||||||
pub struct LockedCredentials {
|
|
||||||
pub access_key_id: String,
|
|
||||||
pub secret_key_enc: Vec<u8>,
|
|
||||||
pub salt: [u8; 32],
|
|
||||||
pub nonce: XNonce,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl LockedCredentials {
|
|
||||||
pub async fn save(&self, pool: &SqlitePool) -> Result<(), sqlx::Error> {
|
|
||||||
sqlx::query(
|
|
||||||
"INSERT INTO credentials (access_key_id, secret_key_enc, salt, nonce, created_at)
|
|
||||||
VALUES (?, ?, ?, ?, strftime('%s'))"
|
|
||||||
)
|
|
||||||
.bind(&self.access_key_id)
|
|
||||||
.bind(&self.secret_key_enc)
|
|
||||||
.bind(&self.salt[..])
|
|
||||||
.bind(&self.nonce[..])
|
|
||||||
.execute(pool)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn decrypt(&self, passphrase: &str) -> Result<BaseCredentials, UnlockError> {
|
|
||||||
let crypto = Crypto::new(passphrase, &self.salt)
|
|
||||||
.map_err(|e| CryptoError::Argon2(e))?;
|
|
||||||
let decrypted = crypto.decrypt(&self.nonce, &self.secret_key_enc)
|
|
||||||
.map_err(|e| CryptoError::Aead(e))?;
|
|
||||||
let secret_access_key = String::from_utf8(decrypted)
|
|
||||||
.map_err(|_| UnlockError::InvalidUtf8)?;
|
|
||||||
|
|
||||||
let creds = BaseCredentials::new(
|
|
||||||
self.access_key_id.clone(),
|
|
||||||
secret_access_key,
|
|
||||||
);
|
|
||||||
Ok(creds)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
|
||||||
#[serde(rename_all = "PascalCase")]
|
|
||||||
pub struct BaseCredentials {
|
|
||||||
pub version: usize,
|
|
||||||
pub access_key_id: String,
|
|
||||||
pub secret_access_key: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl BaseCredentials {
|
|
||||||
pub fn new(access_key_id: String, secret_access_key: String) -> Self {
|
|
||||||
Self {version: 1, access_key_id, secret_access_key}
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn encrypt(&self, passphrase: &str) -> Result<LockedCredentials, CryptoError> {
|
|
||||||
let salt = Crypto::salt();
|
|
||||||
let crypto = Crypto::new(passphrase, &salt)?;
|
|
||||||
let (nonce, secret_key_enc) = crypto.encrypt(self.secret_access_key.as_bytes())?;
|
|
||||||
|
|
||||||
let locked = LockedCredentials {
|
|
||||||
access_key_id: self.access_key_id.clone(),
|
|
||||||
secret_key_enc,
|
|
||||||
salt,
|
|
||||||
nonce,
|
|
||||||
};
|
|
||||||
Ok(locked)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
|
||||||
#[serde(rename_all = "PascalCase")]
|
|
||||||
pub struct SessionCredentials {
|
|
||||||
pub version: usize,
|
|
||||||
pub access_key_id: String,
|
|
||||||
pub secret_access_key: String,
|
|
||||||
pub session_token: String,
|
|
||||||
#[serde(serialize_with = "serialize_expiration")]
|
|
||||||
#[serde(deserialize_with = "deserialize_expiration")]
|
|
||||||
pub expiration: DateTime,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl SessionCredentials {
|
|
||||||
pub async fn from_base(base: &BaseCredentials) -> Result<Self, GetSessionError> {
|
|
||||||
let req_creds = aws_sdk_sts::Credentials::new(
|
|
||||||
&base.access_key_id,
|
|
||||||
&base.secret_access_key,
|
|
||||||
None, // token
|
|
||||||
None, //expiration
|
|
||||||
"Creddy", // "provider name" apparently
|
|
||||||
);
|
|
||||||
let config = aws_config::from_env()
|
|
||||||
.credentials_provider(req_creds)
|
|
||||||
.load()
|
|
||||||
.await;
|
|
||||||
|
|
||||||
let client = aws_sdk_sts::Client::new(&config);
|
|
||||||
let resp = client.get_session_token()
|
|
||||||
.duration_seconds(43_200)
|
|
||||||
.send()
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
let aws_session = resp.credentials().ok_or(GetSessionError::EmptyResponse)?;
|
|
||||||
|
|
||||||
let access_key_id = aws_session.access_key_id()
|
|
||||||
.ok_or(GetSessionError::EmptyResponse)?
|
|
||||||
.to_string();
|
|
||||||
let secret_access_key = aws_session.secret_access_key()
|
|
||||||
.ok_or(GetSessionError::EmptyResponse)?
|
|
||||||
.to_string();
|
|
||||||
let session_token = aws_session.session_token()
|
|
||||||
.ok_or(GetSessionError::EmptyResponse)?
|
|
||||||
.to_string();
|
|
||||||
let expiration = aws_session.expiration()
|
|
||||||
.ok_or(GetSessionError::EmptyResponse)?
|
|
||||||
.clone();
|
|
||||||
|
|
||||||
let session_creds = SessionCredentials {
|
|
||||||
version: 1,
|
|
||||||
access_key_id,
|
|
||||||
secret_access_key,
|
|
||||||
session_token,
|
|
||||||
expiration,
|
|
||||||
};
|
|
||||||
|
|
||||||
#[cfg(debug_assertions)]
|
|
||||||
println!("Got new session:\n{}", serde_json::to_string(&session_creds).unwrap());
|
|
||||||
|
|
||||||
Ok(session_creds)
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn is_expired(&self) -> bool {
|
|
||||||
let current_ts = SystemTime::now()
|
|
||||||
.duration_since(UNIX_EPOCH)
|
|
||||||
.unwrap() // doesn't panic because UNIX_EPOCH won't be later than now()
|
|
||||||
.as_secs();
|
|
||||||
|
|
||||||
let expire_ts = self.expiration.secs();
|
|
||||||
let remaining = expire_ts - (current_ts as i64);
|
|
||||||
remaining < 60
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize)]
|
|
||||||
pub enum Credentials {
|
|
||||||
Base(BaseCredentials),
|
|
||||||
Session(SessionCredentials),
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
fn serialize_expiration<S>(exp: &DateTime, serializer: S) -> Result<S::Ok, S::Error>
|
|
||||||
where S: Serializer
|
|
||||||
{
|
|
||||||
// this only fails if the d/t is out of range, which it can't be for this format
|
|
||||||
let time_str = exp.fmt(Format::DateTime).unwrap();
|
|
||||||
serializer.serialize_str(&time_str)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
struct DateTimeVisitor;
|
|
||||||
|
|
||||||
impl<'de> Visitor<'de> for DateTimeVisitor {
|
|
||||||
type Value = DateTime;
|
|
||||||
|
|
||||||
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
|
|
||||||
write!(formatter, "an RFC 3339 UTC string, e.g. \"2014-01-05T10:17:34Z\"")
|
|
||||||
}
|
|
||||||
|
|
||||||
fn visit_str<E: de::Error>(self, v: &str) -> Result<DateTime, E> {
|
|
||||||
DateTime::from_str(v, Format::DateTime)
|
|
||||||
.map_err(|_| E::custom(format!("Invalid date/time: {v}")))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
fn deserialize_expiration<'de, D>(deserializer: D) -> Result<DateTime, D::Error>
|
|
||||||
where D: Deserializer<'de>
|
|
||||||
{
|
|
||||||
deserializer.deserialize_str(DateTimeVisitor)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
struct Crypto {
|
|
||||||
cipher: XChaCha20Poly1305,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Crypto {
|
|
||||||
/// Argon2 params rationale:
|
|
||||||
///
|
|
||||||
/// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB.
|
|
||||||
/// This should roughly double the memory usage of the application
|
|
||||||
/// while deriving the key.
|
|
||||||
///
|
|
||||||
/// p_cost is irrelevant since (at present) there isn't any parallelism
|
|
||||||
/// implemented, so we leave it at 1.
|
|
||||||
///
|
|
||||||
/// With the above m_cost, t_cost = 8 results in about 800ms to derive
|
|
||||||
/// a key on my (somewhat older) CPU. This is probably overkill, but
|
|
||||||
/// given that it should only have to happen ~once a day for most
|
|
||||||
/// usage, it should be acceptable.
|
|
||||||
#[cfg(not(debug_assertions))]
|
|
||||||
const MEM_COST: u32 = 128 * 1024;
|
|
||||||
#[cfg(not(debug_assertions))]
|
|
||||||
const TIME_COST: u32 = 8;
|
|
||||||
|
|
||||||
/// But since this takes a million years without optimizations,
|
|
||||||
/// we turn it way down in debug builds.
|
|
||||||
#[cfg(debug_assertions)]
|
|
||||||
const MEM_COST: u32 = 48 * 1024;
|
|
||||||
#[cfg(debug_assertions)]
|
|
||||||
const TIME_COST: u32 = 1;
|
|
||||||
|
|
||||||
|
|
||||||
fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> {
|
|
||||||
let params = ParamsBuilder::new()
|
|
||||||
.m_cost(Self::MEM_COST)
|
|
||||||
.p_cost(1)
|
|
||||||
.t_cost(Self::TIME_COST)
|
|
||||||
.build()
|
|
||||||
.unwrap(); // only errors if the given params are invalid
|
|
||||||
|
|
||||||
let hasher = Argon2::new(
|
|
||||||
Algorithm::Argon2id,
|
|
||||||
Version::V0x13,
|
|
||||||
params,
|
|
||||||
);
|
|
||||||
|
|
||||||
let mut key = [0; 32];
|
|
||||||
hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?;
|
|
||||||
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
|
|
||||||
Ok(Crypto { cipher })
|
|
||||||
}
|
|
||||||
|
|
||||||
fn salt() -> [u8; 32] {
|
|
||||||
let mut salt = [0; 32];
|
|
||||||
OsRng.fill_bytes(&mut salt);
|
|
||||||
salt
|
|
||||||
}
|
|
||||||
|
|
||||||
fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), AeadError> {
|
|
||||||
let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng);
|
|
||||||
let ciphertext = self.cipher.encrypt(&nonce, data)?;
|
|
||||||
Ok((nonce, ciphertext))
|
|
||||||
}
|
|
||||||
|
|
||||||
fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, AeadError> {
|
|
||||||
self.cipher.decrypt(nonce, data)
|
|
||||||
}
|
|
||||||
}
|
|
345
src-tauri/src/credentials/aws.rs
Normal file
345
src-tauri/src/credentials/aws.rs
Normal file
@ -0,0 +1,345 @@
|
|||||||
|
use std::fmt::{self, Formatter};
|
||||||
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
|
|
||||||
|
use aws_config::BehaviorVersion;
|
||||||
|
use aws_smithy_types::date_time::{DateTime, Format};
|
||||||
|
use chacha20poly1305::XNonce;
|
||||||
|
use serde::{
|
||||||
|
Serialize,
|
||||||
|
Deserialize,
|
||||||
|
Serializer,
|
||||||
|
Deserializer,
|
||||||
|
};
|
||||||
|
use serde::de::{self, Visitor};
|
||||||
|
use sqlx::{
|
||||||
|
FromRow,
|
||||||
|
Sqlite,
|
||||||
|
Transaction,
|
||||||
|
types::Uuid,
|
||||||
|
};
|
||||||
|
|
||||||
|
use super::{Credential, Crypto, PersistentCredential};
|
||||||
|
|
||||||
|
use crate::errors::*;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, FromRow)]
|
||||||
|
pub struct AwsRow {
|
||||||
|
id: Uuid,
|
||||||
|
access_key_id: String,
|
||||||
|
secret_key_enc: Vec<u8>,
|
||||||
|
nonce: Vec<u8>,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
|
||||||
|
#[serde(rename_all = "PascalCase")]
|
||||||
|
pub struct AwsBaseCredential {
|
||||||
|
#[serde(default = "default_credentials_version")]
|
||||||
|
pub version: usize,
|
||||||
|
pub access_key_id: String,
|
||||||
|
pub secret_access_key: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
impl AwsBaseCredential {
|
||||||
|
pub fn new(access_key_id: String, secret_access_key: String) -> Self {
|
||||||
|
Self {version: 1, access_key_id, secret_access_key}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PersistentCredential for AwsBaseCredential {
|
||||||
|
type Row = AwsRow;
|
||||||
|
|
||||||
|
fn type_name() -> &'static str { "aws" }
|
||||||
|
|
||||||
|
fn into_credential(self) -> Credential { Credential::AwsBase(self) }
|
||||||
|
|
||||||
|
fn row_id(row: &AwsRow) -> Uuid { row.id }
|
||||||
|
|
||||||
|
fn from_row(row: AwsRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let nonce = XNonce::clone_from_slice(&row.nonce);
|
||||||
|
let secret_key_bytes = crypto.decrypt(&nonce, &row.secret_key_enc)?;
|
||||||
|
let secret_key = String::from_utf8(secret_key_bytes)
|
||||||
|
.map_err(|_| LoadCredentialsError::InvalidData)?;
|
||||||
|
|
||||||
|
Ok(Self::new(row.access_key_id, secret_key))
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> {
|
||||||
|
let (nonce, ciphertext) = crypto.encrypt(self.secret_access_key.as_bytes())?;
|
||||||
|
let nonce_bytes = &nonce.as_slice();
|
||||||
|
|
||||||
|
sqlx::query!(
|
||||||
|
"INSERT OR REPLACE INTO aws_credentials (
|
||||||
|
id,
|
||||||
|
access_key_id,
|
||||||
|
secret_key_enc,
|
||||||
|
nonce
|
||||||
|
)
|
||||||
|
VALUES (?, ?, ?, ?);",
|
||||||
|
id, self.access_key_id, ciphertext, nonce_bytes,
|
||||||
|
).execute(&mut **txn).await?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
|
||||||
|
#[serde(rename_all = "PascalCase")]
|
||||||
|
pub struct AwsSessionCredential {
|
||||||
|
#[serde(default = "default_credentials_version")]
|
||||||
|
pub version: usize,
|
||||||
|
pub access_key_id: String,
|
||||||
|
pub secret_access_key: String,
|
||||||
|
pub session_token: String,
|
||||||
|
#[serde(serialize_with = "serialize_expiration")]
|
||||||
|
#[serde(deserialize_with = "deserialize_expiration")]
|
||||||
|
pub expiration: DateTime,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AwsSessionCredential {
|
||||||
|
pub async fn from_base(base: &AwsBaseCredential) -> Result<Self, GetSessionError> {
|
||||||
|
let req_creds = aws_sdk_sts::config::Credentials::new(
|
||||||
|
&base.access_key_id,
|
||||||
|
&base.secret_access_key,
|
||||||
|
None, // token
|
||||||
|
None, //expiration
|
||||||
|
"Creddy", // "provider name" apparently
|
||||||
|
);
|
||||||
|
let config = aws_config::defaults(BehaviorVersion::latest())
|
||||||
|
.credentials_provider(req_creds)
|
||||||
|
.load()
|
||||||
|
.await;
|
||||||
|
|
||||||
|
let client = aws_sdk_sts::Client::new(&config);
|
||||||
|
let resp = client.get_session_token()
|
||||||
|
.duration_seconds(43_200)
|
||||||
|
.send()
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
let aws_session = resp.credentials.ok_or(GetSessionError::EmptyResponse)?;
|
||||||
|
|
||||||
|
let session_creds = AwsSessionCredential {
|
||||||
|
version: 1,
|
||||||
|
access_key_id: aws_session.access_key_id,
|
||||||
|
secret_access_key: aws_session.secret_access_key,
|
||||||
|
session_token: aws_session.session_token,
|
||||||
|
expiration: aws_session.expiration,
|
||||||
|
};
|
||||||
|
|
||||||
|
#[cfg(debug_assertions)]
|
||||||
|
println!("Got new session:\n{}", serde_json::to_string(&session_creds).unwrap());
|
||||||
|
|
||||||
|
Ok(session_creds)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn is_expired(&self) -> bool {
|
||||||
|
let current_ts = SystemTime::now()
|
||||||
|
.duration_since(UNIX_EPOCH)
|
||||||
|
.unwrap() // doesn't panic because UNIX_EPOCH won't be later than now()
|
||||||
|
.as_secs();
|
||||||
|
|
||||||
|
let expire_ts = self.expiration.secs();
|
||||||
|
let remaining = expire_ts - (current_ts as i64);
|
||||||
|
remaining < 60
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn default_credentials_version() -> usize { 1 }
|
||||||
|
|
||||||
|
|
||||||
|
struct DateTimeVisitor;
|
||||||
|
|
||||||
|
impl<'de> Visitor<'de> for DateTimeVisitor {
|
||||||
|
type Value = DateTime;
|
||||||
|
|
||||||
|
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
|
||||||
|
write!(formatter, "an RFC 3339 UTC string, e.g. \"2014-01-05T10:17:34Z\"")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn visit_str<E: de::Error>(self, v: &str) -> Result<DateTime, E> {
|
||||||
|
DateTime::from_str(v, Format::DateTime)
|
||||||
|
.map_err(|_| E::custom(format!("Invalid date/time: {v}")))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn deserialize_expiration<'de, D>(deserializer: D) -> Result<DateTime, D::Error>
|
||||||
|
where D: Deserializer<'de>
|
||||||
|
{
|
||||||
|
deserializer.deserialize_str(DateTimeVisitor)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn serialize_expiration<S>(exp: &DateTime, serializer: S) -> Result<S::Ok, S::Error>
|
||||||
|
where S: Serializer
|
||||||
|
{
|
||||||
|
// this only fails if the d/t is out of range, which it can't be for this format
|
||||||
|
let time_str = exp.fmt(Format::DateTime).unwrap();
|
||||||
|
serializer.serialize_str(&time_str)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use super::*;
|
||||||
|
use aws_sdk_sts::primitives::DateTimeFormat;
|
||||||
|
use creddy_cli::proto::{
|
||||||
|
AwsBaseCredential as CliBase,
|
||||||
|
AwsSessionCredential as CliSession,
|
||||||
|
};
|
||||||
|
use sqlx::SqlitePool;
|
||||||
|
use sqlx::types::uuid::uuid;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
fn creds() -> AwsBaseCredential {
|
||||||
|
AwsBaseCredential::new(
|
||||||
|
"AKIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn creds_2() -> AwsBaseCredential {
|
||||||
|
AwsBaseCredential::new(
|
||||||
|
"AKIAIOSFODNN7EXAMPL2".into(),
|
||||||
|
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_load(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
let id = uuid!("00000000-0000-0000-0000-000000000000");
|
||||||
|
let loaded = AwsBaseCredential::load(&id, &crypt, &pool).await.unwrap();
|
||||||
|
assert_eq!(creds(), loaded);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_load_by_name(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
let loaded = AwsBaseCredential::load_by_name("test2", &crypt, &pool).await.unwrap();
|
||||||
|
assert_eq!(creds_2(), loaded);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_load_default(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
let loaded = AwsBaseCredential::load_default(&crypt, &pool).await.unwrap();
|
||||||
|
assert_eq!(creds(), loaded)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_list(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
let list: Vec<_> = AwsBaseCredential::list(&crypt, &pool)
|
||||||
|
.await
|
||||||
|
.expect("Failed to load credentials")
|
||||||
|
.into_iter()
|
||||||
|
.map(|(_, cred)| cred)
|
||||||
|
.collect();
|
||||||
|
|
||||||
|
assert_eq!(&creds().into_credential(), &list[0]);
|
||||||
|
assert_eq!(&creds_2().into_credential(), &list[1]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// In order to avoid the CLI depending on the main app (and thus defeating the purpose
|
||||||
|
// of having a separate CLI at all) it re-defines the credentials that need to be sent
|
||||||
|
// back and forth. To prevent the separate definitions from drifting aprt, we test
|
||||||
|
// serializing/deserializing in both directions.
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_cli_to_app_base() {
|
||||||
|
let cli_base = CliBase {
|
||||||
|
version: 1,
|
||||||
|
access_key_id: "AKIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
};
|
||||||
|
|
||||||
|
let json = serde_json::to_string(&cli_base).unwrap();
|
||||||
|
let computed: AwsBaseCredential = serde_json::from_str(&json)
|
||||||
|
.expect("Failed to deserialize base credentials from CLI -> main app");
|
||||||
|
|
||||||
|
assert_eq!(creds(), computed);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_app_to_cli_base() {
|
||||||
|
let base = creds();
|
||||||
|
let json = serde_json::to_string(&base).unwrap();
|
||||||
|
|
||||||
|
let computed: CliBase = serde_json::from_str(&json)
|
||||||
|
.expect("Failed to deserialize base credentials from main app -> CLI");
|
||||||
|
|
||||||
|
let expected = CliBase {
|
||||||
|
version: 1,
|
||||||
|
access_key_id: "AKIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
};
|
||||||
|
|
||||||
|
assert_eq!(expected, computed);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_cli_to_app_session() {
|
||||||
|
let cli_session = CliSession {
|
||||||
|
version: 1,
|
||||||
|
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
|
||||||
|
expiration: "2024-07-21T00:00:00Z".into(),
|
||||||
|
};
|
||||||
|
|
||||||
|
let json = serde_json::to_string(&cli_session).unwrap();
|
||||||
|
let computed: AwsSessionCredential = serde_json::from_str(&json)
|
||||||
|
.expect("Failed to deserialize session credentials from CLI -> main app");
|
||||||
|
|
||||||
|
let expected = AwsSessionCredential {
|
||||||
|
version: 1,
|
||||||
|
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
|
||||||
|
expiration: DateTime::from_str(
|
||||||
|
"2024-07-21T00:00:00Z",
|
||||||
|
DateTimeFormat::DateTimeWithOffset
|
||||||
|
).unwrap(),
|
||||||
|
};
|
||||||
|
|
||||||
|
assert_eq!(expected, computed);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_app_to_cli_session() {
|
||||||
|
let session = AwsSessionCredential {
|
||||||
|
version: 1,
|
||||||
|
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
|
||||||
|
expiration: DateTime::from_str(
|
||||||
|
"2024-07-21T00:00:00Z",
|
||||||
|
DateTimeFormat::DateTimeWithOffset
|
||||||
|
).unwrap(),
|
||||||
|
};
|
||||||
|
|
||||||
|
let json = serde_json::to_string(&session).unwrap();
|
||||||
|
let computed: CliSession = serde_json::from_str(&json)
|
||||||
|
.expect("Failed to deserialize session credentials from main app -> CLI");
|
||||||
|
|
||||||
|
let expected = CliSession {
|
||||||
|
version: 1,
|
||||||
|
access_key_id: "ASIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
session_token: "JQ70sxbqnOGKu7+krevstYCLCaX2+alUAT60ARTBBnQ=ETC.".into(),
|
||||||
|
expiration: "2024-07-21T00:00:00Z".into(),
|
||||||
|
};
|
||||||
|
|
||||||
|
assert_eq!(expected, computed);
|
||||||
|
}
|
||||||
|
}
|
116
src-tauri/src/credentials/crypto.rs
Normal file
116
src-tauri/src/credentials/crypto.rs
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
use std::fmt::{Debug, Formatter};
|
||||||
|
use argon2::{
|
||||||
|
Argon2,
|
||||||
|
Algorithm,
|
||||||
|
Version,
|
||||||
|
ParamsBuilder,
|
||||||
|
password_hash::rand_core::{RngCore, OsRng},
|
||||||
|
};
|
||||||
|
use chacha20poly1305::{
|
||||||
|
XChaCha20Poly1305,
|
||||||
|
XNonce,
|
||||||
|
aead::{
|
||||||
|
Aead,
|
||||||
|
AeadCore,
|
||||||
|
KeyInit,
|
||||||
|
generic_array::GenericArray,
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
use crate::errors::*;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Clone)]
|
||||||
|
pub struct Crypto {
|
||||||
|
cipher: XChaCha20Poly1305,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Crypto {
|
||||||
|
/// Argon2 params rationale:
|
||||||
|
///
|
||||||
|
/// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB.
|
||||||
|
/// This should roughly double the memory usage of the application
|
||||||
|
/// while deriving the key.
|
||||||
|
///
|
||||||
|
/// p_cost is irrelevant since (at present) there isn't any parallelism
|
||||||
|
/// implemented, so we leave it at 1.
|
||||||
|
///
|
||||||
|
/// With the above m_cost, t_cost = 8 results in about 800ms to derive
|
||||||
|
/// a key on my (somewhat older) CPU. This is probably overkill, but
|
||||||
|
/// given that it should only have to happen ~once a day for most
|
||||||
|
/// usage, it should be acceptable.
|
||||||
|
#[cfg(not(debug_assertions))]
|
||||||
|
const MEM_COST: u32 = 128 * 1024;
|
||||||
|
#[cfg(not(debug_assertions))]
|
||||||
|
const TIME_COST: u32 = 8;
|
||||||
|
|
||||||
|
/// But since this takes a million years without optimizations,
|
||||||
|
/// we turn it way down in debug builds.
|
||||||
|
#[cfg(debug_assertions)]
|
||||||
|
const MEM_COST: u32 = 48 * 1024;
|
||||||
|
#[cfg(debug_assertions)]
|
||||||
|
const TIME_COST: u32 = 1;
|
||||||
|
|
||||||
|
|
||||||
|
pub fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> {
|
||||||
|
let params = ParamsBuilder::new()
|
||||||
|
.m_cost(Self::MEM_COST)
|
||||||
|
.p_cost(1)
|
||||||
|
.t_cost(Self::TIME_COST)
|
||||||
|
.build()
|
||||||
|
.unwrap(); // only errors if the given params are invalid
|
||||||
|
|
||||||
|
let hasher = Argon2::new(
|
||||||
|
Algorithm::Argon2id,
|
||||||
|
Version::V0x13,
|
||||||
|
params,
|
||||||
|
);
|
||||||
|
|
||||||
|
let mut key = [0; 32];
|
||||||
|
hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?;
|
||||||
|
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
|
||||||
|
Ok(Crypto { cipher })
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
pub fn random() -> Crypto {
|
||||||
|
// salt and key are the same length, so we can just use this
|
||||||
|
let key = Crypto::salt();
|
||||||
|
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
|
||||||
|
Crypto { cipher }
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
pub fn fixed() -> Crypto {
|
||||||
|
let key = [
|
||||||
|
1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
|
||||||
|
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
|
||||||
|
];
|
||||||
|
|
||||||
|
let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
|
||||||
|
Crypto { cipher }
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn salt() -> [u8; 32] {
|
||||||
|
let mut salt = [0; 32];
|
||||||
|
OsRng.fill_bytes(&mut salt);
|
||||||
|
salt
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), CryptoError> {
|
||||||
|
let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng);
|
||||||
|
let ciphertext = self.cipher.encrypt(&nonce, data)?;
|
||||||
|
Ok((nonce, ciphertext))
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, CryptoError> {
|
||||||
|
let plaintext = self.cipher.decrypt(nonce, data)?;
|
||||||
|
Ok(plaintext)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Debug for Crypto {
|
||||||
|
fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> {
|
||||||
|
write!(f, "Crypto {{ [...] }}")
|
||||||
|
}
|
||||||
|
}
|
19
src-tauri/src/credentials/fixtures/aws_credentials.sql
Normal file
19
src-tauri/src/credentials/fixtures/aws_credentials.sql
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
INSERT INTO credentials (id, name, credential_type, is_default, created_at)
|
||||||
|
VALUES
|
||||||
|
(X'00000000000000000000000000000000', 'test', 'aws', 1, strftime('%s')),
|
||||||
|
(X'ffffffffffffffffffffffffffffffff', 'test2', 'aws', 0, strftime('%s'));
|
||||||
|
|
||||||
|
INSERT INTO aws_credentials (id, access_key_id, secret_key_enc, nonce)
|
||||||
|
VALUES
|
||||||
|
(
|
||||||
|
X'00000000000000000000000000000000',
|
||||||
|
'AKIAIOSFODNN7EXAMPLE',
|
||||||
|
X'B09ACDADD07E295A3FD9146D8D3672FA5C2518BFB15CF039E68820C42EFD3BC3BE3156ACF438C2C957EC113EF8617DBC71790EAFE39B3DE8',
|
||||||
|
X'DB777F2C6315DC0E12ADF322256E69D09D7FB586AAE614A6'
|
||||||
|
),
|
||||||
|
(
|
||||||
|
X'ffffffffffffffffffffffffffffffff',
|
||||||
|
'AKIAIOSFODNN7EXAMPL2',
|
||||||
|
X'ED6125FF40EF6F61929DF5FFD7141CD2B5A302A51C20152156477F8CC77980C614AB1B212AC06983F3CED35C4F3C54D4EE38964859930FBF',
|
||||||
|
X'962396B78DAA98DFDCC0AC0C9B7D688EC121F5759EBA790A'
|
||||||
|
);
|
42
src-tauri/src/credentials/fixtures/ssh_credentials.sql
Normal file
42
src-tauri/src/credentials/fixtures/ssh_credentials.sql
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
INSERT INTO credentials (id, name, credential_type, is_default, created_at)
|
||||||
|
VALUES
|
||||||
|
(X'11111111111111111111111111111111', 'ssh-plain', 'ssh', 1, 1721557273),
|
||||||
|
(X'22222222222222222222222222222222', 'ssh-enc', 'ssh', 0, 1721557274),
|
||||||
|
(X'33333333333333333333333333333333', 'ed25519-plain', 'ssh', 0, 1721557275),
|
||||||
|
(X'44444444444444444444444444444444', 'ed25519-enc', 'ssh', 0, 1721557276);
|
||||||
|
|
||||||
|
|
||||||
|
INSERT INTO ssh_credentials (id, algorithm, comment, public_key, private_key_enc, nonce)
|
||||||
|
VALUES
|
||||||
|
(
|
||||||
|
X'11111111111111111111111111111111',
|
||||||
|
'ssh-rsa',
|
||||||
|
'hello world',
|
||||||
|
X'000000077373682D727361000000030100010000018100C4ABCE6D69400912EBAD527733401E30EBF3DC9433B79C8E343D7AFBE19A9F309934822577D9807346B48D4FB0604D022DA826E5624635E4CE19851AA5D30DFD2007DE99B04AE4C2F00823DFFC3C8DDE62F074831C1F8903067C83DCCD7D9CEE8643C93C5291F6B5047F53646A37C84098934FFDE5882B5DD7696CDDC4421C39E2894768CFD6650CE585E35A3F739B015650AA469ABDEFC6987E55DAFEC7D40B4388654ED3205D18528D881927C42CBE210CCF6F49A90619AD6E6ACBF1768D7EC52FF9CB85BE607B9414961566292016875164C1C1D1FBD4C3569D4424A7F19D043ABCDEE50573DFC4FC7F2C2718AA76528FA226C0DD5530DC705C30901E1BDE88FE5CC35CAE5AB8826D1E7F970DBED0A0F7E9833CFC7323A1F1323528D5CC3C00AEB98165D677CAF64BD69729132264D971B5C491D0AEAF53AAD22D03756B2E43754502E84488117EEBB962CCDF5DF59682C1E9BA472D5AB9B83DB2862E7EA380E8FD20DE9368CABCBBC5C95C233A52DE5DFE5E91CB59019D00B529C70C4305',
|
||||||
|
X'DB9B6A3B97FBAE6AC12BDAF9DA57DBEE4DDF6A92DD682958AF147FF5EF64C18255D2A1714D543F2D16BEFD7ED4C419C7A0E9C18754C4CAA251BCFA5AA46508B006CDB08A7C0DB63D8A7FE27F99CCC2F351203B36D2BC3D02302318ECC741574CEF70D956C5CCA41E538F2CA29B20E04778A596B0C3E5CD991A423443B01E3F811E004E2547C5D3DDAEBCFBFB68CDB03D0C16538224BBAA0A80767D64D8F3D2840975DD12B4F648F81B4D4B541CB500BAA99F9808F450A02688D583A924B8AE2B0BE777BC35CE808FD53B5DB8C0838D24A6CE31C3973880CF3174E63E3404F2E77783140A62DDBA06F9CD89ADE448A54FBCBD6C0EC8C0641724CDDEF2A8126EC0D0F5BDF89EB8112366D7EB6D3CE3565DF9E4036EAF3109E50BED5D7BD3558FFF69AD823F6522C5701CE26BCAFCC03D27D87547728A3C700719FF564EAEC961FA209252B113B404D75AD67CA4E40C5DAA36E9B0FB4ECDD6E5F853C81682123E8DF311A3C495F61A2CEE6A2B04C7FD3D0906583B9C724BC0D00D71106B7167983D6A0FBD3EA7361EE063A0B05E5A6B5CD82D0F795820BFC90E4F422E7CE2BDEBEAEE9493F5408F38732EB41741F15632185131CD6160433DD286869DF38679F6797A268EDE8ED0F442C4394FF52EFDE82EBEC5871A087288F7A12964615DA5AA02149FB661B0F76551CD53771B0DD180837A9D52A2BDF4757C4CF56DCD90B968F32B9F9EE5EE09EF5B791DB0366A4E6CCBBF0AF7D9CB5B7760BABAF4DE16BCC971DC95DCBD068A92DB8E8C709C0FBE9E2AB5B770EDFBCC6FB5045B706FB31DDEB6C52647618CD3B222CEF2DFD8D08ABAE6333A2E3C8768B8DB970BFF1777B75AE6DCE54DA7063F76846EFBDB92E55192A031DBA889D9DEDB0BF0FAA2FA6B4A0B0151B6F03D142D6B140EBB874CAF0A44D67AAD121127946DA90A14176EBB7B6C03DD2034987A100855E23F440CF6A404DEE46617B52581C7A248B7393FF56D8652855B23D19C35E1B535E5EC5EE87F3FF455458A740A55CDCB806053D4BCF44CDC2D76A1998418A60E11728BBC69F12C7E52A539E3834362C47A3E1863D265B3A7C2A41FA1953BB0FC64508679BB5F068DAF84C394A1497D564A3D6023B90D9A1C50E30FDC3E1C9B925EB0C19F960E7377B0678D662362129677E4B9AA515D2E4408A17A260D862F3C5D4291841855B91FE6EEA11C8E8EC19449CD9C31E6505BA364A45E7E3B89C5FA1C55708AF521F97440CED0ED0FAF06B7930E6A6F3A2B547E33EF73163D4C2E75B1AFA24BEB3129FFA978BC4EC43D0919ED262C0BE29AB78A87A57EAA55D51BE479A9E4015F9C3F2381745808AECF3783DEF5AB82E37C6EF68B97485CD36F7018B59C37E0EB93EAA32385E5E8CB95A5A3818B70F4CBE6102FC197946AAAAAABAD8B93750031CAC73C3F1B6B2F825B29435F2426B6AFABE35B1F8468E5A1CF73CC78E2FBB639AEFC171B7AD5D1728A536AB384B3F4AE924D5CEFA3F5EE5412094AE97303B8E728C7ACBCD9F9FB7C4FE7893145A55D96B7EDC1DD6257368C03AAC98B4F23D9AF15EF730BFD3FF09C2A11747035C8FD58EF97003503F568090C02A63117F3304989CFBAF20A281A729C8A8A4470524B3FDD2B4183E78BDE58BBB0B58B16D1E81702E58E225F7EED1A8E7F3920870FC9EE44D1433EEB39248A38108000EC1E151A26399A3F36CC41F6D272B3441198E8B56616E9A6C5A16303E562A62B4E6C27D16E9FADAF7E5A4AC7EFBD912883474302D5C9BB7D35C671DDECE68482A9472DAFA56B9AFF4E811A5BE7462FA6A988FED04178786DDB490A2010B8C178BD5601C23BBF5E3B1D13E86BB9980892B9999A6511FE2ECDAC681123745F676C155BB4627EFFAA65B1110B590A7FEE6D3359AED898D73C1B51AC8D534E94731934CCA9514F89E74C2BE5A799D8072C52399A7A647AF8F37F2D536C1B29D64214C490FE00565D912772256BF5E68F888E02FB704017F4D9FDD22E1C007A5FB4FCB51BC7A101DCAA56529231A59ACE14368268B7820C7C2BFBB0F5F78625E442C6EA83C88A9DEE318B2323AF0F3687ACF7B2B791D0B42B0576F0FF73E046DE1A56A5C2CBF6731E8D9485A02E9AD67D7752EBDBF3EBE703A760264363650CB9639B75985A9D00D210FFEBC93894E8E4BEAE7053FB6619BA9A8F0ECC4F822CF27606A6E58A8D5DAF55B519E7729B65A83FB859A3A028477BFBB7C8C01ABBE38EEDAAE11AA10ECC75868A281281792FA8D4EBDCC47DEB03868779A84D992D56612A8F46CAFADF65C5B32CFEA2974ECE34E4EDE9AF0AB4365C55D1A95FE551453BCFA5DF28CAF5AFA025CD5BD1CF86FB19AEB581135BFE2CBAA78643F209DE6A4D58206B0B236ADDD5A9122E8A21630907D0C5F23E86C151B8BFD8EA874DFF37DA7DE49D520DDAB7D074B37A726883211A788684A74D4E13A80CBC7655D8BBFF901CC44EF0A0368A3A69200695E277857AD620F2872D83224405A4DDD1E34AF68B72145AA442278C02DB7453AA8C184893AEBBCD4E15252CB8AF5972C49E047318362322CFAE99C38C5989A76C57E9D997BAACF6E13C19F66FCD618878D218DE7846C3D042E7E631B9AC126935AD6A3E15A659A3C4B9B5E521545A5A9B8A3CDFD21EADC2A5A74DBFA0769D63EC4F758D',
|
||||||
|
X'1A44F10CBD2579B378EF1ECE61005DBD0ED6189512B41293'
|
||||||
|
),
|
||||||
|
(
|
||||||
|
X'22222222222222222222222222222222',
|
||||||
|
'ssh-rsa',
|
||||||
|
'hello world',
|
||||||
|
X'000000077373682D727361000000030100010000018100B021E0FE494231E75D4CFC9CED6DF524122F0E86717710BB066236D1ABF001CB4C7CB58964E998E5385836912300129A1334E549A7EF5E0EC4115D97E099038ACFBBA0AD2FE5D574F7F3FF122A97B59F75D8B62DCD921FF1A5BBFDCB55D77779A41ABD46528AEF8B2C0DA96370FCEC79387EED6AC1C0CED041AE979CBB880BEC6C17917711143F1C4D035548D273773D01E3F643463811B7339D9F4B3FC8D1FECF761C8878C135E2E600D9D230F11A3AD8E0415D1A923A398D108E9043F630A9B7BB1310927CA8A46455096E1A272BA56B6F06FEE5764E3C8AC85EA5DE408AED8EC549BE749FB231C1A2CC95DA0035DB009A9DFB2C622833A54CFCCB9FFB173159065F3335C6DDAFBB52A82CD5C327198C496C2A4404F1A544D82175F915954492A4488954B37C78C1F81B467A05F96CCC26146CDF517AF71674046947B11CE80B0E277B2ABA23915AF11E9A9F9D05717E1F0ED70341F470085569F88D8F5CBB8179605A0BF88537A57893329D15F1F8CA3582BE3612410F06568533F801602F',
|
||||||
|
X'AD54C319103CFBA088A4B70AEC743CDED7B0A3EE3DDE370BBD14AA4FA4EACBDD1BBE2FCEF499BB4EC4DDEA9D472F27BBF93453C612BF1689B714C9718212E78C0E1B2133AEB0E7C954413F6EBFC4155CC975A252962AB7C1BBEAE8DA8C6F990B9DE96313F0158AA8DD7896000AE2A4406080B81C37605B3986E463D5DEC01AC0BC4981A74BAF6413DF99119F65A337692885E9C5FBA9B483AA83783823981A0E66105083EB6CDB07AB93714AAF6AAF9A6239D256D8C9C56992AC846CF104E2B1B9DF96D0E67DF2EC9258E914EDFAA5AC36ABE3E9D5D641C92C6188D90D9B083DC3AFA9409B7809718279B52399145FE3173DA8E8A7E5C21715E0B140B22BFF8A0116E102B55C9BCB19B5B4FCCA88FBC5A2844E7E2AEC84ACA303BE8AC9448F93BB35366DFC2E38CEE31C66748847DA11CBB8A31F2CA4DD905362A8C513B6B8E3040EFCEC5BCFEB2E52902F33BF6DFEF911E56A00E51274C1548546DCA62261F94F580DCBAF7357F0C8F5058D2D1D5C91E0AAAB396A305E79350FC0F9879CAFD33316DB77586C36A8246F4D5A14EEC495CFCFA108B70A00008CE64ABC2EBC656DFE760612194B526BC1AE8C08325E3FE76999E6341D6C2BA35BA87CB9FB30A269891A0013E989246E80D5CF7590A66D8494CA79D5E2FD6A8FF7ECA1169379C2D45F4108BA5A796309D4CBDBEE6F45A0F6536B45666E1CF977B26612BC8108FCF32FF0D9296C9C414812C221032B2E5107CFCE1E4FCC2E07C5D31F1A1492732D0ECEB3920E50DFBCAA89561CE52436D23DA40D8678CE901BDC57C3F80233BBAF7AE5CA432547EB51DFBABF5B8BC94C0F6EAE47C94649CECE192D6436D609EE040A3AC059529E7CAAFA45D1B2E331E0E73BAFB1C6E05F71EBF28E222D2B15E724D5EBB3B9C3A709F0F9BCD41C87DF158BDCD3C1FCA86A8D4B57B98F4386AA6956BC3DC6BC2AF6A479560C1598B866935795C29F22CB93072E9D8D4D110AAC2B0F22CD8662354BF5D509750068613C052E88629EFF9488BD1C0B3E6FFD010A5B739F943234AA456F998B4DC7FA7B877961DE1CC744760712337B70971EED7AA4B97121F26298DCFDC2282D721CAB90098585ACFD31EC776EEE2C0211AB711BE94F31ED0D2BA4A9D8EFFC155FC68AB02EA1DC380A1525EF2BD14B55CC71210B54E5F55A8C3C876A6667EFA271095B1280B9ED6FAE9E73601A698FE2732756780BF453F927FD171F497F9C1FA6ADE7DC8187FEDA309E807E2E7895E1763DE1758E50035CE24D54A814745F05446FFD91F8E27770577384BBDC6E11E435658404533D32C461A0DB1CC6AE0847ABB744FB61C524CF9162E3660941CA3DA96F56EA5C036BF5E633C6CA0F033335AB5B623D08A024E87235FF8324B284FB981A9998DD0028A0DE54B4D6BE04C51E8D71DD09B3563C84E5C43826418365FB7912DFABDC5BB25BDE2C558DAC14AEED79F705F34E2D04F17829515C725675571EE1E4BDD21D8EBAA9C6075DE48EF8F2ED7814E20836A2721E46B5C71EE365CFE996A07ADABD84FE5B1E25EF5D9CC66B945084A4207004372AA792BA1BE97B67397635EA7DCC2F99C6AD5C394A8F4C0B7CBC87C38DE52F120993E6DC6BEA27D5B90D90E1C8F7626C860386121E53BE3D4F7B4005A69EB0334E118E70B7207CEDFCEE1EC2A30C789174AAA6531EAAD2E0BED7400CA44911E896E4C82DCA85ADBA92CA01B2CE75924AE81FE286C4CBD8073B7546313A75E52CA1882D8935D2F6058FECEBA4626B4445FCED2E9986632F9F5597C7BBD44F375027727D51B0033B87D23395EEC26EE06378B247B0C1469286F868828C942FCE2BF1BFFDC07CAEC1E214D37ADE737A7DFF082972C6E8411591BEE4B54BED231A7F856C022B26887ADD115A252807D3C58DCD8FB5D7D71DC3766C288438DB3D9D98FC8A22FEC92A7E6E3855ACD36BBEA79C5F98C7ABD9CCECB37C18C3315E5CC7B3BFF699FD201419F8EA402E422EFE62A25D4A76B2CCA0F6D43313BA7DF6537619FD2AE8ACF55B17F709961228076DBBB3592B6B7A1C3C271D54C06403902B0384492AE486E931DD63F68E739769E174D97EA46E7D780D03529EA21B418E0A68E44ED15AB9471B5F139E29EA25C7AE881E216A2863D6E908790002B0B1CC23B1DB3266CEACA2771BD661941AEDEE196316E8D8D7CE361C23E7C1BFFBFD0467329E948CD936B54C7313DC053F96BAFD139500ACB0CCDCA7C0AFBFEC02CFD31FECF4193C1E13F8E59378959BE3360C3B57BD325E5D87CA3D9CE08EFD00980200004D01EE4C6D4450C545A82BE0E1A527AE3432AD6500AF6C8B4400095D9CA7DAA0AA956DC8CD6A4336B876988128119997DB4847AFEFDF2CB8E3F88D5B66CC1E5A32229F79324063584C95C775C5D8D3B05956F0BC8432B9FB28D006247F1DF22C431515BDB4234C91B10CA20B5C05924CAAF82094C8C49123776F1C7170218FEC6C1D2D94F242277765EB9A6C48BE8751D92FFC4C3314155C7685940CA07BB70722D0B65585BC50253A9A6F793CD7A3269657B234C72EC8F2DD4F3B61A7260B3028FFB2B866A311E027C3D8D56592AB4795AA22452CBE37AEE68D7952EE473BB67CE6839E0F5DAA7C9B09F26CBF99CF5BF1181A41B683B9EA939A1823C3733B1EE8066614D3A692C99E5F9EA22231',
|
||||||
|
X'B9DF74AE34E4E7E17EA2EABECE5FD85B14ADB53EDB5BF27C'
|
||||||
|
),
|
||||||
|
(
|
||||||
|
X'33333333333333333333333333333333',
|
||||||
|
'ssh-ed25519',
|
||||||
|
'hello world',
|
||||||
|
X'0000000B7373682D6564323535313900000020BBB05846908A7F4819CA69BE50E94658FD6F51D24FFECED678566D43E1DD6BF2',
|
||||||
|
X'7E3719254AB02100F159D971C17322CF51ECB60AC9E2CDA511EDFD88E75D9828A5A308F1F6A7D6919ED080FD0E6D3FAB64583A946334EE8870006AB7EDC57E6D7BCD145485D1F2A06D946B4DB69591467F289A5CD3BBF922FAAF5B54275F56CF81CC450DE4C8C0F24078C395BA02E8C646731FA6A50480392B13784FD2A85D094DDB8E73C56120936C02C3F94E910C23787FC307369239E264600BBE799EA851CE16FD653BE71D024AA73A582AACC390DD1F341C095788ECE6F4CC37D045A2BFFEC9F14AEBE73E43C6E78E00A9645C6A46D03F2847355DBCD33DA09C76148089A0FC1B3793AB5DA577B879D25EF7B8A8661387F19F392522CFD2886F6FEB65584841',
|
||||||
|
x'58E67EEE49A11FFDD9D32F63ED99053008091B415F87F1BA'
|
||||||
|
),
|
||||||
|
(
|
||||||
|
X'44444444444444444444444444444444',
|
||||||
|
'ssh-ed25519',
|
||||||
|
'hello world',
|
||||||
|
X'0000000B7373682D65643235353139000000200491C64AD1D7E9C20D989937677C32EBE5FB35BCBA77422550A8FAA54C023923',
|
||||||
|
X'6BA994C263935729D807579173B377323F6353A88F660143EA92DE1E1A92F00682B8A1FAD838F0D211BD69855E8E34AE84D5A7B3C23F23A822B2AFF6E861BC81D89AFDDEB0DED063C84644B3EFEF2612DA1DA9C3C12EDAEFCBEA3542EA0ED1903FC1922E5F56E19FAD8CC75A2A30D64C83BF27ADE00E66BCCFE1CA67E95A00819F7BF91DDD22C4A1FB419E91B5D61544175D8D69EB5B416E6547DFD55CD386B62293B778322FB840D1F4DBBDCE2364A6FE4A7B090425031E7DB347314CEBD9BA09F85CC45CF3B4D02FE78B7F365D5C7E95331AA7A6F91A619E8A8663B77A31BAF639652D72B4FD11C8D430C8A1C5542C69DF4ACA74BAB7608B7E9ADD15BAF4674AFB',
|
||||||
|
X'46F31DCF22250039168D80F26D50C129C9AFDA166682C89A'
|
||||||
|
);
|
8
src-tauri/src/credentials/fixtures/ssh_ed25519_enc
Normal file
8
src-tauri/src/credentials/fixtures/ssh_ed25519_enc
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAWtYanP1
|
||||||
|
TBKT8lBL4IzKpYAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIASRxkrR1+nCDZiZ
|
||||||
|
N2d8Muvl+zW8undCJVCo+qVMAjkjAAAAkI021XFPzB9VnO8uGAQ8f3bwP/ki5fDVuWD7Fc
|
||||||
|
crN+yfT8Ugjhc7IL2dIt/xj9iJIa9fJDw0pg1Y8issqp9C8HVhasyWpf2iwJIalUHTOekn
|
||||||
|
WdoxA+/OQBstRBKSv43sI801+9OC8dXCMNM2QzpiGNs0QxdLJpcJQhHEvqq/yDIODF0p7M
|
||||||
|
h3e9eYGVPOR0CjlQ==
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
1
src-tauri/src/credentials/fixtures/ssh_ed25519_enc.pub
Normal file
1
src-tauri/src/credentials/fixtures/ssh_ed25519_enc.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASRxkrR1+nCDZiZN2d8Muvl+zW8undCJVCo+qVMAjkj hello world
|
7
src-tauri/src/credentials/fixtures/ssh_ed25519_plain
Normal file
7
src-tauri/src/credentials/fixtures/ssh_ed25519_plain
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||||
|
QyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8gAAAJAwEcgHMBHI
|
||||||
|
BwAAAAtzc2gtZWQyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8g
|
||||||
|
AAAEB9VXgjePmpl6Q3Y1t2a4DZhsdRf+183vWAJWAonDOneLuwWEaQin9IGcppvlDpRlj9
|
||||||
|
b1HST/7O1nhWbUPh3WvyAAAAC2hlbGxvIHdvcmxkAQI=
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
@ -0,0 +1 @@
|
|||||||
|
{"algorithm":"ssh-ed25519","comment":"hello world","public_key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILuwWEaQin9IGcppvlDpRlj9b1HST/7O1nhWbUPh3Wvy hello world","private_key":"-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8gAAAJAwEcgHMBHI\nBwAAAAtzc2gtZWQyNTUxOQAAACC7sFhGkIp/SBnKab5Q6UZY/W9R0k/+ztZ4Vm1D4d1r8g\nAAAEB9VXgjePmpl6Q3Y1t2a4DZhsdRf+183vWAJWAonDOneLuwWEaQin9IGcppvlDpRlj9\nb1HST/7O1nhWbUPh3WvyAAAAC2hlbGxvIHdvcmxkAQI=\n-----END OPENSSH PRIVATE KEY-----\n"}
|
1
src-tauri/src/credentials/fixtures/ssh_ed25519_plain.pub
Normal file
1
src-tauri/src/credentials/fixtures/ssh_ed25519_plain.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILuwWEaQin9IGcppvlDpRlj9b1HST/7O1nhWbUPh3Wvy hello world
|
39
src-tauri/src/credentials/fixtures/ssh_rsa_enc
Normal file
39
src-tauri/src/credentials/fixtures/ssh_rsa_enc
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAanK91R1
|
||||||
|
FN66oOcvNyslkhAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCwIeD+SUIx
|
||||||
|
511M/JztbfUkEi8OhnF3ELsGYjbRq/ABy0x8tYlk6ZjlOFg2kSMAEpoTNOVJp+9eDsQRXZ
|
||||||
|
fgmQOKz7ugrS/l1XT38/8SKpe1n3XYti3Nkh/xpbv9y1XXd3mkGr1GUorviywNqWNw/Ox5
|
||||||
|
OH7tasHAztBBrpecu4gL7GwXkXcRFD8cTQNVSNJzdz0B4/ZDRjgRtzOdn0s/yNH+z3YciH
|
||||||
|
jBNeLmANnSMPEaOtjgQV0akjo5jRCOkEP2MKm3uxMQknyopGRVCW4aJyula28G/uV2TjyK
|
||||||
|
yF6l3kCK7Y7FSb50n7IxwaLMldoANdsAmp37LGIoM6VM/Muf+xcxWQZfMzXG3a+7Uqgs1c
|
||||||
|
MnGYxJbCpEBPGlRNghdfkVlUSSpEiJVLN8eMH4G0Z6BflszCYUbN9RevcWdARpR7Ec6AsO
|
||||||
|
J3squiORWvEemp+dBXF+Hw7XA0H0cAhVafiNj1y7gXlgWgv4hTeleJMynRXx+Mo1gr42Ek
|
||||||
|
EPBlaFM/gBYC8AAAWQf6woBjAp1r47e3HsH4DyTDNF+u98eyCXLb86Lf8G9IFzOACMx4Bh
|
||||||
|
auNdB2dZ/Re2FZ6bdzb+h9snQf0PY4y4zJ7bmJ5VbRcYAM/XnVcKP+Q2254te15DLAsKXA
|
||||||
|
rzGVdEB8vshTloEHZTBVGiWRSFvn/rzPTNRhw5X/OMX21EAFR2yFXFHSxKwuPTWRCTTan3
|
||||||
|
PA7BqJX8k6XtzwafPo9as0ui3jds/aL9VBlxlQB3x5uWfo7Kw73qReDzaIS94VVsm667tI
|
||||||
|
KIN/0/e3mDpfXmWLH2Xc7BLZcs5eSHztwakYDPc5VzFTdAfb4juVdVmiLUs0ttj+aXnJo9
|
||||||
|
6p/kX5ISSs5gzAaL2yGmPjNeeEXgV38ysYnNUB0fIoceuda54oM8kYAeZnQGpgV0Rh6ku+
|
||||||
|
KNWajrJF22cH6QQ61VO4ymoDrw+oxyTog/M5n7IhCROGAJOQV4CRYKELHwMIt6niiihDfI
|
||||||
|
+YbIs7Qs0ap4mHeVKbLS3WsSK7mZI70yCeLzT+ilNaqW28RLHxAEM86lRfuH1vmABKdy8D
|
||||||
|
3e1K0WivbY5zmGvFGP1DIl3NXr6M7ZaFg5bgohssOXzMucAOR9mZpzMg20jF4SOt7IC9SU
|
||||||
|
pWg+OIIP7pVfS2FjATMrh25xgeqD2BcDSoJWEH4xrlviyBS1wVA9W35npHiJSQptppn8cj
|
||||||
|
EhwuS916OMhWOsXHPssqHFA+DrLByCZKcORD/mFPpsnI4/3TvA4PL6pqv2Kup0YBDqkyko
|
||||||
|
wIyZQMjr4DjR6xYR3W0Mjzn2UG0Grn96QGrjnj1l/LAXAw00NeYktI4m5YX4wIIdhP/RT8
|
||||||
|
RL9d4SE0YicneoDPtcLaaa4TTIvcbHJsP8aUP723reUzyxvw9Bdo9wC2bzE1xlOhm/WCmF
|
||||||
|
0SNvEl6H/kivTjQkI2HQuGVq037eIAB5rToT6cVD3TiNmN6UuOX7Ec+8kw4JPGgLA/l+AB
|
||||||
|
w3gCsyK7MyZoeWNw2+b1utkjMcqG0bjju0yTdjSho6KazGtoBQ4P+Jx9KIwiJT13Nr1WMz
|
||||||
|
KBW98YojZCfCxPeNx6RPsp6PzM673R9DVRNXSs3yYhEZDXJEHCS7jDptR8r8uScogIIUEx
|
||||||
|
YShJU0/WSVHgHZ4Ef2S7MDX1RLU4WGoUtbwxnTEQ26iNLjskYzV9/O88PajJSc2Wcz5vES
|
||||||
|
I4BFROg2px+ViLlWqiegXIZc5NnN2HSJQ7ucTObSL0+oT5SzQiRfHy2TLa4w+c5hgO1VNx
|
||||||
|
Xmq0doKjMW9DmU2ygwzFgnaQp9S8NlIIA/4mKkAODbCgWFqXz99gMgfL+dnUhwo4WHN3lU
|
||||||
|
D/uVxRxwTKWWNp39z/p5hBYLKpqJbDCp+ysM9VpyllAkjk9aDihUq5dQVzpA1iTFH2DdbM
|
||||||
|
TrclBWaXr9QQiH+F73mZvJPhP2//gT9qped6XumkSpuNXFrXoZ/P49xKgQ/51rg8Ri5ZJ7
|
||||||
|
cIiofoppfat5ex20oBqAnumrM0JrhUrVxzhSd5tPPH5JGeZYml3sK1rM4pV7K7bnugXg9f
|
||||||
|
C6HVxe/l2klAOvg0U9yJAvR35mS0+F0dpwvjRrFS/+JxG6RzzAAunDJHjADNne5FhKFNLB
|
||||||
|
WRzsXHTCT+wGp497Nq8uS/0sgZAMHsy2KMK6n5h8V6kHL9t5VgsD18g0neu9ytwYrjvAuM
|
||||||
|
AoDdwpuUkCJVNOiMHumxPvivGRNhSHwW7fTDHX+yI6/j1i/Wl1unjCxNgNCbgCMRCg1+dN
|
||||||
|
wRw/wqs4mQyGf70AUA5JIVx/W7gAxlt3YWCFHfTRiK5A/BHa0qs+RPMzVlIJhAx0TGAOze
|
||||||
|
BBJIg2kH26rWLV2aosOx8FFH/rZVj6gyYLw0JlsoTCva383SkifvlfiLY3DxfU+bwvJ9p0
|
||||||
|
bnzyMMiKRuZb16OucNli84FIAuI=
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
1
src-tauri/src/credentials/fixtures/ssh_rsa_enc.pub
Normal file
1
src-tauri/src/credentials/fixtures/ssh_rsa_enc.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwIeD+SUIx511M/JztbfUkEi8OhnF3ELsGYjbRq/ABy0x8tYlk6ZjlOFg2kSMAEpoTNOVJp+9eDsQRXZfgmQOKz7ugrS/l1XT38/8SKpe1n3XYti3Nkh/xpbv9y1XXd3mkGr1GUorviywNqWNw/Ox5OH7tasHAztBBrpecu4gL7GwXkXcRFD8cTQNVSNJzdz0B4/ZDRjgRtzOdn0s/yNH+z3YciHjBNeLmANnSMPEaOtjgQV0akjo5jRCOkEP2MKm3uxMQknyopGRVCW4aJyula28G/uV2TjyKyF6l3kCK7Y7FSb50n7IxwaLMldoANdsAmp37LGIoM6VM/Muf+xcxWQZfMzXG3a+7Uqgs1cMnGYxJbCpEBPGlRNghdfkVlUSSpEiJVLN8eMH4G0Z6BflszCYUbN9RevcWdARpR7Ec6AsOJ3squiORWvEemp+dBXF+Hw7XA0H0cAhVafiNj1y7gXlgWgv4hTeleJMynRXx+Mo1gr42EkEPBlaFM/gBYC8= hello world
|
38
src-tauri/src/credentials/fixtures/ssh_rsa_plain
Normal file
38
src-tauri/src/credentials/fixtures/ssh_rsa_plain
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||||
|
NhAAAAAwEAAQAAAYEAxKvObWlACRLrrVJ3M0AeMOvz3JQzt5yOND16++GanzCZNIIld9mA
|
||||||
|
c0a0jU+wYE0CLagm5WJGNeTOGYUapdMN/SAH3pmwSuTC8Agj3/w8jd5i8HSDHB+JAwZ8g9
|
||||||
|
zNfZzuhkPJPFKR9rUEf1NkajfIQJiTT/3liCtd12ls3cRCHDniiUdoz9ZlDOWF41o/c5sB
|
||||||
|
VlCqRpq978aYflXa/sfUC0OIZU7TIF0YUo2IGSfELL4hDM9vSakGGa1uasvxdo1+xS/5y4
|
||||||
|
W+YHuUFJYVZikgFodRZMHB0fvUw1adRCSn8Z0EOrze5QVz38T8fywnGKp2Uo+iJsDdVTDc
|
||||||
|
cFwwkB4b3oj+XMNcrlq4gm0ef5cNvtCg9+mDPPxzI6HxMjUo1cw8AK65gWXWd8r2S9aXKR
|
||||||
|
MiZNlxtcSR0K6vU6rSLQN1ay5DdUUC6ESIEX7ruWLM3131loLB6bpHLVq5uD2yhi5+o4Do
|
||||||
|
/SDek2jKvLvFyVwjOlLeXf5ekctZAZ0AtSnHDEMFAAAFgMFqGjPBahozAAAAB3NzaC1yc2
|
||||||
|
EAAAGBAMSrzm1pQAkS661SdzNAHjDr89yUM7ecjjQ9evvhmp8wmTSCJXfZgHNGtI1PsGBN
|
||||||
|
Ai2oJuViRjXkzhmFGqXTDf0gB96ZsErkwvAII9/8PI3eYvB0gxwfiQMGfIPczX2c7oZDyT
|
||||||
|
xSkfa1BH9TZGo3yECYk0/95YgrXddpbN3EQhw54olHaM/WZQzlheNaP3ObAVZQqkaave/G
|
||||||
|
mH5V2v7H1AtDiGVO0yBdGFKNiBknxCy+IQzPb0mpBhmtbmrL8XaNfsUv+cuFvmB7lBSWFW
|
||||||
|
YpIBaHUWTBwdH71MNWnUQkp/GdBDq83uUFc9/E/H8sJxiqdlKPoibA3VUw3HBcMJAeG96I
|
||||||
|
/lzDXK5auIJtHn+XDb7QoPfpgzz8cyOh8TI1KNXMPACuuYFl1nfK9kvWlykTImTZcbXEkd
|
||||||
|
Cur1Oq0i0DdWsuQ3VFAuhEiBF+67lizN9d9ZaCwem6Ry1aubg9soYufqOA6P0g3pNoyry7
|
||||||
|
xclcIzpS3l3+XpHLWQGdALUpxwxDBQAAAAMBAAEAAAGABsfTnKMR0Z5E4Ntkf7BYuiAQbs
|
||||||
|
zvQYfUwUlTWabMEWv4BD7ucsTdcFwCMpMKRi+xgQh4mtT6DbafQnL72ba+lzkI/Gw5D0P2
|
||||||
|
0pa9QeYs4klGCPtDX+9YZnHNTjCJJykHcjqZEAravHI+PvONlTnqHgwEnC/pP3obSKd6WO
|
||||||
|
UA0H9QZ6I+I1hFcJ3jMVT1thMkhyjNzhRcsw0aSdTE8Z7LGT5RUAjZL5b2FTaK+C8OTOqb
|
||||||
|
MhlewV/h9XWsxmLUpt0277I8ShvjJbJg6TEPJh6D7FRTU+tY4rjGK12DP9lVq6M7Md4ULV
|
||||||
|
JW3aW350xVV2p9031HLDUfWs7dqZ5ufoD3EopOVZGvfGAE3C4aHvJB5D6K7wG7ptWsPgte
|
||||||
|
EcCz84DpsoJ7KICTs8QoXt5bl68qnW3YvzCcqZc7DjLdKNh/wzjdMdzx8AMS4yBF2ceOSE
|
||||||
|
I7Og9UZZtmGzZ0g4Dhg3jMUyWBA++sUayJUqg0izzA/htt+tVd9ABMkJOufcCpnuPRAAAA
|
||||||
|
wCdCy66KXCLx5HCMIsd2/TdbGAZnuirYCn9ee3T5xhJyZjmwIfmZEXUuENKq8e+vYldwey
|
||||||
|
EjdnevM+OCTc8xo77yowgYRBzguDa2R9UH3bg9cWZIpQGzXmnL35Dux4nZPUKs69WMht92
|
||||||
|
bpRh9roPs2M5tSAcSpmfohFYhMwRxqVooSeSg+kGE4dCXnVqK1tURExnqKy8CkoDW4fhbH
|
||||||
|
HNmPsBnbdTNtfAlg8MO1v1Hk+/+6mpNhiJ7bKF4au9lm+QHgAAAMEA11frEHqordrzlTRg
|
||||||
|
kmqGq9qaORev2g/7n719DlXb2HjGfy5gK9iUCxsgGN6GiFF0mUD7hMY6UMIVfsC/Rm07aE
|
||||||
|
700u7OJAm8AcnFkEANlZ3ucWltnumVtxyMBlKq7PxkcIG5X+nJ6N8oVw3zZTsjaYCMe1s1
|
||||||
|
806oE5D3GZk10pnfVIrY9DFZBtT3+mBpF2uQZk0ZSwh8Hh9xGFGxsm6blkgpcip7v+26PR
|
||||||
|
hqA88WlXAPMnvFpXthr0mny+cy7Q59AAAAwQDpzWi1Prhi3JtVolyac/ygvzje4lhuz5ei
|
||||||
|
3pC7b1cepdFoQCS33tixwfzqKCp6RfHrtrKzZMqREaX5sor1Hha7S+Vo+KLtZWkFUONTHR
|
||||||
|
987wmXIu8ziRWKBeuk6g9OSXI5w8hyLwn4XLEeVri4fAUIUwpi4B0Eazp4P/9AUf1188xz
|
||||||
|
a4ACWXDYkUFoLQo9J07HWDhKbEKFZVlIznyfmLVXc8JEzwrPThW+viGK1AFi9FxeLB4QmK
|
||||||
|
PkAC2GY5AmhSkAAAALaGVsbG8gd29ybGQ=
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
1
src-tauri/src/credentials/fixtures/ssh_rsa_plain.pub
Normal file
1
src-tauri/src/credentials/fixtures/ssh_rsa_plain.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEq85taUAJEuutUnczQB4w6/PclDO3nI40PXr74ZqfMJk0giV32YBzRrSNT7BgTQItqCblYkY15M4ZhRql0w39IAfembBK5MLwCCPf/DyN3mLwdIMcH4kDBnyD3M19nO6GQ8k8UpH2tQR/U2RqN8hAmJNP/eWIK13XaWzdxEIcOeKJR2jP1mUM5YXjWj9zmwFWUKpGmr3vxph+Vdr+x9QLQ4hlTtMgXRhSjYgZJ8QsviEMz29JqQYZrW5qy/F2jX7FL/nLhb5ge5QUlhVmKSAWh1FkwcHR+9TDVp1EJKfxnQQ6vN7lBXPfxPx/LCcYqnZSj6ImwN1VMNxwXDCQHhveiP5cw1yuWriCbR5/lw2+0KD36YM8/HMjofEyNSjVzDwArrmBZdZ3yvZL1pcpEyJk2XG1xJHQrq9TqtItA3VrLkN1RQLoRIgRfuu5YszfXfWWgsHpukctWrm4PbKGLn6jgOj9IN6TaMq8u8XJXCM6Ut5d/l6Ry1kBnQC1KccMQwU= hello world
|
120
src-tauri/src/credentials/mod.rs
Normal file
120
src-tauri/src/credentials/mod.rs
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
use serde::{Serialize, Deserialize};
|
||||||
|
use sqlx::{
|
||||||
|
FromRow,
|
||||||
|
Sqlite,
|
||||||
|
SqlitePool,
|
||||||
|
sqlite::SqliteRow,
|
||||||
|
Transaction,
|
||||||
|
types::Uuid,
|
||||||
|
};
|
||||||
|
use tokio_stream::StreamExt;
|
||||||
|
|
||||||
|
use crate::errors::*;
|
||||||
|
|
||||||
|
mod aws;
|
||||||
|
pub use aws::{AwsBaseCredential, AwsSessionCredential};
|
||||||
|
|
||||||
|
mod crypto;
|
||||||
|
pub use crypto::Crypto;
|
||||||
|
|
||||||
|
mod record;
|
||||||
|
pub use record::CredentialRecord;
|
||||||
|
|
||||||
|
mod session;
|
||||||
|
pub use session::AppSession;
|
||||||
|
|
||||||
|
mod ssh;
|
||||||
|
pub use ssh::SshKey;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
|
||||||
|
#[serde(tag = "type")]
|
||||||
|
pub enum Credential {
|
||||||
|
AwsBase(AwsBaseCredential),
|
||||||
|
AwsSession(AwsSessionCredential),
|
||||||
|
Ssh(SshKey),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub trait PersistentCredential: for<'a> Deserialize<'a> + Sized {
|
||||||
|
type Row: Send + Unpin + for<'r> FromRow<'r, SqliteRow>;
|
||||||
|
|
||||||
|
fn type_name() -> &'static str;
|
||||||
|
|
||||||
|
fn into_credential(self) -> Credential;
|
||||||
|
|
||||||
|
fn row_id(row: &Self::Row) -> Uuid;
|
||||||
|
|
||||||
|
fn from_row(row: Self::Row, crypto: &Crypto) -> Result<Self, LoadCredentialsError>;
|
||||||
|
|
||||||
|
// save_details needs to be implemented per-type because we don't know the number of parameters in advance
|
||||||
|
async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError>;
|
||||||
|
|
||||||
|
fn table_name() -> String {
|
||||||
|
format!("{}_credentials", Self::type_name())
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let q = format!("SELECT * FROM {} WHERE id = ?", Self::table_name());
|
||||||
|
let row: Self::Row = sqlx::query_as(&q)
|
||||||
|
.bind(id)
|
||||||
|
.fetch_optional(pool)
|
||||||
|
.await?
|
||||||
|
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||||
|
|
||||||
|
Self::from_row(row, crypto)
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let q = format!(
|
||||||
|
"SELECT * FROM {} WHERE id = (SELECT id FROM credentials WHERE name = ?)",
|
||||||
|
Self::table_name(),
|
||||||
|
);
|
||||||
|
let row: Self::Row = sqlx::query_as(&q)
|
||||||
|
.bind(name)
|
||||||
|
.fetch_optional(pool)
|
||||||
|
.await?
|
||||||
|
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||||
|
|
||||||
|
Self::from_row(row, crypto)
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn load_default(crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let q = format!(
|
||||||
|
"SELECT details.*
|
||||||
|
FROM {} details
|
||||||
|
JOIN credentials c
|
||||||
|
ON c.id = details.id
|
||||||
|
AND c.is_default = 1",
|
||||||
|
Self::table_name(),
|
||||||
|
);
|
||||||
|
let row: Self::Row = sqlx::query_as(&q)
|
||||||
|
.fetch_optional(pool)
|
||||||
|
.await?
|
||||||
|
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||||
|
|
||||||
|
Self::from_row(row, crypto)
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<(Uuid, Credential)>, LoadCredentialsError> {
|
||||||
|
let q = format!(
|
||||||
|
"SELECT details.*
|
||||||
|
FROM
|
||||||
|
{} details
|
||||||
|
JOIN credentials c
|
||||||
|
ON c.id = details.id
|
||||||
|
ORDER BY c.created_at",
|
||||||
|
Self::table_name(),
|
||||||
|
);
|
||||||
|
let mut rows = sqlx::query_as::<_, Self::Row>(&q).fetch(pool);
|
||||||
|
|
||||||
|
let mut creds = Vec::new();
|
||||||
|
while let Some(row) = rows.try_next().await? {
|
||||||
|
let id = Self::row_id(&row);
|
||||||
|
let cred = Self::from_row(row, crypto)?.into_credential();
|
||||||
|
creds.push((id, cred));
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(creds)
|
||||||
|
}
|
||||||
|
}
|
430
src-tauri/src/credentials/record.rs
Normal file
430
src-tauri/src/credentials/record.rs
Normal file
@ -0,0 +1,430 @@
|
|||||||
|
use std::collections::HashMap;
|
||||||
|
use std::fmt::{self, Debug, Formatter};
|
||||||
|
use serde::{
|
||||||
|
Serialize,
|
||||||
|
Deserialize,
|
||||||
|
Serializer,
|
||||||
|
Deserializer,
|
||||||
|
};
|
||||||
|
use serde::de::{self, Visitor};
|
||||||
|
use sqlx::{
|
||||||
|
Error as SqlxError,
|
||||||
|
FromRow,
|
||||||
|
SqlitePool,
|
||||||
|
types::Uuid,
|
||||||
|
};
|
||||||
|
use tokio_stream::StreamExt;
|
||||||
|
|
||||||
|
use crate::errors::*;
|
||||||
|
use super::{
|
||||||
|
AwsBaseCredential,
|
||||||
|
Credential,
|
||||||
|
Crypto,
|
||||||
|
PersistentCredential,
|
||||||
|
SshKey,
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, FromRow)]
|
||||||
|
#[allow(dead_code)]
|
||||||
|
struct CredentialRow {
|
||||||
|
id: Uuid,
|
||||||
|
name: String,
|
||||||
|
credential_type: String,
|
||||||
|
is_default: bool,
|
||||||
|
created_at: i64,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
|
||||||
|
pub struct CredentialRecord {
|
||||||
|
#[serde(serialize_with = "serialize_uuid")]
|
||||||
|
#[serde(deserialize_with = "deserialize_uuid")]
|
||||||
|
pub id: Uuid, // UUID so it can be generated on the frontend
|
||||||
|
pub name: String, // user-facing identifier so it can be changed
|
||||||
|
pub is_default: bool,
|
||||||
|
pub credential: Credential,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl CredentialRecord {
|
||||||
|
pub async fn save(&self, crypto: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
|
||||||
|
let type_name = match &self.credential {
|
||||||
|
Credential::AwsBase(_) => AwsBaseCredential::type_name(),
|
||||||
|
Credential::Ssh(_) => SshKey::type_name(),
|
||||||
|
_ => return Err(SaveCredentialsError::NotPersistent),
|
||||||
|
};
|
||||||
|
|
||||||
|
// if the credential being saved is default, make sure it's the only default of its type
|
||||||
|
let mut txn = pool.begin().await?;
|
||||||
|
if self.is_default {
|
||||||
|
sqlx::query!(
|
||||||
|
"UPDATE credentials SET is_default = 0 WHERE credential_type = ?",
|
||||||
|
type_name
|
||||||
|
).execute(&mut *txn).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
// save to parent credentials table
|
||||||
|
let res = sqlx::query!(
|
||||||
|
"INSERT INTO credentials (id, name, credential_type, is_default, created_at)
|
||||||
|
VALUES (?, ?, ?, ?, strftime('%s'))
|
||||||
|
ON CONFLICT(id) DO UPDATE SET
|
||||||
|
name = excluded.name,
|
||||||
|
credential_type = excluded.credential_type,
|
||||||
|
is_default = excluded.is_default",
|
||||||
|
self.id, self.name, type_name, self.is_default
|
||||||
|
).execute(&mut *txn).await;
|
||||||
|
|
||||||
|
// if id is unique, but name is not, we will get an error
|
||||||
|
// (if id is not unique, this becomes an upsert due to ON CONFLICT clause)
|
||||||
|
match res {
|
||||||
|
Err(SqlxError::Database(e)) if e.is_unique_violation() => Err(SaveCredentialsError::Duplicate),
|
||||||
|
Err(e) => Err(SaveCredentialsError::DbError(e)),
|
||||||
|
Ok(_) => Ok(())
|
||||||
|
}?;
|
||||||
|
|
||||||
|
// save credential details to child table
|
||||||
|
match &self.credential {
|
||||||
|
Credential::AwsBase(b) => b.save_details(&self.id, crypto, &mut txn).await,
|
||||||
|
Credential::Ssh(s) => s.save_details(&self.id, crypto, &mut txn).await,
|
||||||
|
_ => Err(SaveCredentialsError::NotPersistent),
|
||||||
|
}?;
|
||||||
|
|
||||||
|
// make it real
|
||||||
|
txn.commit().await?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn from_parts(row: CredentialRow, credential: Credential) -> Self {
|
||||||
|
CredentialRecord {
|
||||||
|
id: row.id,
|
||||||
|
name: row.name,
|
||||||
|
is_default: row.is_default,
|
||||||
|
credential,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn load_credential(row: CredentialRow, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let credential = match row.credential_type.as_str() {
|
||||||
|
"aws" => Credential::AwsBase(AwsBaseCredential::load(&row.id, crypto, pool).await?),
|
||||||
|
_ => return Err(LoadCredentialsError::InvalidData),
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(Self::from_parts(row, credential))
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
pub async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE id = ?")
|
||||||
|
.bind(id)
|
||||||
|
.fetch_optional(pool)
|
||||||
|
.await?
|
||||||
|
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||||
|
|
||||||
|
Self::load_credential(row, crypto, pool).await
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE name = ?")
|
||||||
|
.bind(name)
|
||||||
|
.fetch_optional(pool)
|
||||||
|
.await?
|
||||||
|
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||||
|
|
||||||
|
Self::load_credential(row, crypto, pool).await
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn load_default(credential_type: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let row: CredentialRow = sqlx::query_as(
|
||||||
|
"SELECT * FROM credentials
|
||||||
|
WHERE credential_type = ? AND is_default = 1"
|
||||||
|
).bind(credential_type)
|
||||||
|
.fetch_optional(pool)
|
||||||
|
.await?
|
||||||
|
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||||
|
|
||||||
|
Self::load_credential(row, crypto, pool).await
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<Self>, LoadCredentialsError> {
|
||||||
|
let mut parent_rows = sqlx::query_as::<_, CredentialRow>(
|
||||||
|
"SELECT * FROM credentials"
|
||||||
|
).fetch(pool);
|
||||||
|
|
||||||
|
let mut parent_map = HashMap::new();
|
||||||
|
while let Some(row) = parent_rows.try_next().await? {
|
||||||
|
parent_map.insert(row.id, row);
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut records = Vec::with_capacity(parent_map.len());
|
||||||
|
|
||||||
|
for (id, credential) in AwsBaseCredential::list(crypto, pool).await? {
|
||||||
|
let parent = parent_map.remove(&id)
|
||||||
|
.ok_or(LoadCredentialsError::InvalidData)?;
|
||||||
|
records.push(Self::from_parts(parent, credential));
|
||||||
|
}
|
||||||
|
for (id, credential) in SshKey::list(crypto, pool).await? {
|
||||||
|
let parent = parent_map.remove(&id)
|
||||||
|
.ok_or(LoadCredentialsError::InvalidData)?;
|
||||||
|
records.push(Self::from_parts(parent, credential));
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(records)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn rekey(old: &Crypto, new: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
|
||||||
|
for record in Self::list(old, pool).await? {
|
||||||
|
record.save(new, pool).await?;
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn serialize_uuid<S: Serializer>(u: &Uuid, s: S) -> Result<S::Ok, S::Error> {
|
||||||
|
let mut buf = Uuid::encode_buffer();
|
||||||
|
s.serialize_str(u.as_hyphenated().encode_lower(&mut buf))
|
||||||
|
}
|
||||||
|
|
||||||
|
struct UuidVisitor;
|
||||||
|
|
||||||
|
impl<'de> Visitor<'de> for UuidVisitor {
|
||||||
|
type Value = Uuid;
|
||||||
|
|
||||||
|
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
|
||||||
|
write!(formatter, "a hyphenated UUID")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn visit_str<E: de::Error>(self, v: &str) -> Result<Uuid, E> {
|
||||||
|
Uuid::try_parse(v)
|
||||||
|
.map_err(|_| E::custom(format!("Could not interpret string as UUID: {v}")))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn deserialize_uuid<'de, D: Deserializer<'de>>(ds: D) -> Result<Uuid, D::Error> {
|
||||||
|
ds.deserialize_str(UuidVisitor)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use super::*;
|
||||||
|
use sqlx::types::uuid::uuid;
|
||||||
|
|
||||||
|
|
||||||
|
fn aws_record() -> CredentialRecord {
|
||||||
|
let id = uuid!("00000000-0000-0000-0000-000000000000");
|
||||||
|
let aws = AwsBaseCredential::new(
|
||||||
|
"AKIAIOSFODNN7EXAMPLE".into(),
|
||||||
|
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
|
||||||
|
);
|
||||||
|
|
||||||
|
CredentialRecord {
|
||||||
|
id,
|
||||||
|
name: "test".into(),
|
||||||
|
is_default: true,
|
||||||
|
credential: Credential::AwsBase(aws),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn aws_record_2() -> CredentialRecord {
|
||||||
|
let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff");
|
||||||
|
let aws = AwsBaseCredential::new(
|
||||||
|
"AKIAIOSFODNN7EXAMPL2".into(),
|
||||||
|
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(),
|
||||||
|
);
|
||||||
|
|
||||||
|
CredentialRecord {
|
||||||
|
id,
|
||||||
|
name: "test2".into(),
|
||||||
|
is_default: false,
|
||||||
|
credential: Credential::AwsBase(aws),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn random_uuid() -> Uuid {
|
||||||
|
let bytes = Crypto::salt();
|
||||||
|
Uuid::from_slice(&bytes[..16]).unwrap()
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_load_aws(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
let id = uuid!("00000000-0000-0000-0000-000000000000");
|
||||||
|
let loaded = CredentialRecord::load(&id, &crypt, &pool).await
|
||||||
|
.expect("Failed to load record");
|
||||||
|
|
||||||
|
assert_eq!(aws_record(), loaded);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_load_aws_default(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
let loaded = CredentialRecord::load_default("aws", &crypt, &pool).await
|
||||||
|
.expect("Failed to load record");
|
||||||
|
|
||||||
|
assert_eq!(aws_record(), loaded);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test]
|
||||||
|
async fn test_save_aws(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::random();
|
||||||
|
let mut record = aws_record();
|
||||||
|
record.id = random_uuid();
|
||||||
|
|
||||||
|
aws_record().save(&crypt, &pool).await
|
||||||
|
.expect("Failed to save record");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test]
|
||||||
|
async fn test_save_load_aws(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::random();
|
||||||
|
let mut record = aws_record();
|
||||||
|
record.id = random_uuid();
|
||||||
|
|
||||||
|
record.save(&crypt, &pool).await
|
||||||
|
.expect("Failed to save record");
|
||||||
|
let loaded = CredentialRecord::load(&record.id, &crypt, &pool).await
|
||||||
|
.expect("Failed to load record");
|
||||||
|
|
||||||
|
assert_eq!(record, loaded);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test]
|
||||||
|
async fn test_overwrite_aws(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
|
||||||
|
let original = aws_record();
|
||||||
|
original.save(&crypt, &pool).await
|
||||||
|
.expect("Failed to save first record");
|
||||||
|
|
||||||
|
let mut updated = aws_record_2();
|
||||||
|
updated.id = original.id;
|
||||||
|
updated.save(&crypt, &pool).await
|
||||||
|
.expect("Failed to overwrite first record with second record");
|
||||||
|
|
||||||
|
// make sure update went through
|
||||||
|
let loaded = CredentialRecord::load(&updated.id, &crypt, &pool).await.unwrap();
|
||||||
|
assert_eq!(updated, loaded);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_duplicate_name(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::random();
|
||||||
|
|
||||||
|
let mut record = aws_record();
|
||||||
|
record.id = random_uuid();
|
||||||
|
let resp = record.save(&crypt, &pool).await;
|
||||||
|
|
||||||
|
if !matches!(resp, Err(SaveCredentialsError::Duplicate)) {
|
||||||
|
panic!("Attempt to create duplicate entry returned {resp:?}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_change_default(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff");
|
||||||
|
|
||||||
|
// confirm that record as it currently exists in the database is not default
|
||||||
|
let mut record = CredentialRecord::load(&id, &crypt, &pool).await
|
||||||
|
.expect("Failed to load record");
|
||||||
|
assert!(!record.is_default);
|
||||||
|
|
||||||
|
record.is_default = true;
|
||||||
|
record.save(&crypt, &pool).await
|
||||||
|
.expect("Failed to save record");
|
||||||
|
|
||||||
|
let loaded = CredentialRecord::load(&id, &crypt, &pool).await
|
||||||
|
.expect("Failed to re-load record");
|
||||||
|
assert!(loaded.is_default);
|
||||||
|
|
||||||
|
let other_id = uuid!("00000000-0000-0000-0000-000000000000");
|
||||||
|
let other_loaded = CredentialRecord::load(&other_id, &crypt, &pool).await
|
||||||
|
.expect("Failed to load other credential");
|
||||||
|
assert!(!other_loaded.is_default);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_list(pool: SqlitePool) {
|
||||||
|
let crypt = Crypto::fixed();
|
||||||
|
|
||||||
|
let records = CredentialRecord::list(&crypt, &pool).await
|
||||||
|
.expect("Failed to list credentials");
|
||||||
|
|
||||||
|
assert_eq!(aws_record(), records[0]);
|
||||||
|
assert_eq!(aws_record_2(), records[1]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("aws_credentials"))]
|
||||||
|
async fn test_rekey(pool: SqlitePool) {
|
||||||
|
let old = Crypto::fixed();
|
||||||
|
let new = Crypto::random();
|
||||||
|
|
||||||
|
CredentialRecord::rekey(&old, &new, &pool).await
|
||||||
|
.expect("Failed to rekey credentials");
|
||||||
|
|
||||||
|
let records = CredentialRecord::list(&new, &pool).await
|
||||||
|
.expect("Failed to re-list credentials");
|
||||||
|
|
||||||
|
assert_eq!(aws_record(), records[0]);
|
||||||
|
assert_eq!(aws_record_2(), records[1]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod uuid_tests {
|
||||||
|
use super::*;
|
||||||
|
use sqlx::types::uuid::uuid;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
|
||||||
|
struct UuidWrapper {
|
||||||
|
#[serde(serialize_with = "serialize_uuid")]
|
||||||
|
#[serde(deserialize_with = "deserialize_uuid")]
|
||||||
|
id: Uuid,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_serialize_uuid() {
|
||||||
|
let u = UuidWrapper {
|
||||||
|
id: uuid!("693f84d2-4c1b-41e5-8483-cbe178324e04")
|
||||||
|
};
|
||||||
|
let computed = serde_json::to_string(&u).unwrap();
|
||||||
|
assert_eq!(
|
||||||
|
"{\"id\":\"693f84d2-4c1b-41e5-8483-cbe178324e04\"}",
|
||||||
|
&computed,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_deserialize_uuid() {
|
||||||
|
let s = "{\"id\":\"045bd359-8630-4b76-9b7d-e4a86ed2222c\"}";
|
||||||
|
let computed = serde_json::from_str(s).unwrap();
|
||||||
|
let expected = UuidWrapper {
|
||||||
|
id: uuid!("045bd359-8630-4b76-9b7d-e4a86ed2222c"),
|
||||||
|
};
|
||||||
|
assert_eq!(expected, computed);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_serialize_deserialize_uuid() {
|
||||||
|
let buf = Crypto::salt();
|
||||||
|
let expected = UuidWrapper{
|
||||||
|
id: Uuid::from_slice(&buf[..16]).unwrap()
|
||||||
|
};
|
||||||
|
let serialized = serde_json::to_string(&expected).unwrap();
|
||||||
|
let computed = serde_json::from_str(&serialized).unwrap();
|
||||||
|
assert_eq!(expected, computed)
|
||||||
|
}
|
||||||
|
}
|
100
src-tauri/src/credentials/session.rs
Normal file
100
src-tauri/src/credentials/session.rs
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
use chacha20poly1305::XNonce;
|
||||||
|
use sqlx::SqlitePool;
|
||||||
|
|
||||||
|
use crate::errors::*;
|
||||||
|
use crate::kv;
|
||||||
|
use super::Crypto;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Clone, Debug)]
|
||||||
|
pub enum AppSession {
|
||||||
|
Unlocked {
|
||||||
|
salt: [u8; 32],
|
||||||
|
crypto: Crypto,
|
||||||
|
},
|
||||||
|
Locked {
|
||||||
|
salt: [u8; 32],
|
||||||
|
verify_nonce: XNonce,
|
||||||
|
verify_blob: Vec<u8>
|
||||||
|
},
|
||||||
|
Empty,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AppSession {
|
||||||
|
pub fn new(passphrase: &str) -> Result<Self, CryptoError> {
|
||||||
|
let salt = Crypto::salt();
|
||||||
|
let crypto = Crypto::new(passphrase, &salt)?;
|
||||||
|
Ok(Self::Unlocked {salt, crypto})
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn unlock(&mut self, passphrase: &str) -> Result<(), UnlockError> {
|
||||||
|
let (salt, nonce, blob) = match self {
|
||||||
|
Self::Empty => return Err(UnlockError::NoCredentials),
|
||||||
|
Self::Unlocked {..} => return Err(UnlockError::NotLocked),
|
||||||
|
Self::Locked {salt, verify_nonce, verify_blob} => (salt, verify_nonce, verify_blob),
|
||||||
|
};
|
||||||
|
|
||||||
|
let crypto = Crypto::new(passphrase, salt)
|
||||||
|
.map_err(|e| CryptoError::Argon2(e))?;
|
||||||
|
|
||||||
|
// if passphrase is incorrect, this will fail
|
||||||
|
let _verify = crypto.decrypt(&nonce, &blob)?;
|
||||||
|
|
||||||
|
*self = Self::Unlocked {crypto, salt: *salt};
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn load(pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
|
||||||
|
match kv::load_bytes_multi!(pool, "salt", "verify_nonce", "verify_blob").await? {
|
||||||
|
Some((salt, nonce, blob)) => {
|
||||||
|
|
||||||
|
Ok(Self::Locked {
|
||||||
|
salt: salt.try_into().map_err(|_| LoadCredentialsError::InvalidData)?,
|
||||||
|
// note: replace this with try_from at some point
|
||||||
|
verify_nonce: XNonce::clone_from_slice(&nonce),
|
||||||
|
verify_blob: blob,
|
||||||
|
})
|
||||||
|
},
|
||||||
|
None => Ok(Self::Empty),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn save(&self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
|
||||||
|
match self {
|
||||||
|
Self::Unlocked {salt, crypto} => {
|
||||||
|
let (nonce, blob) = crypto.encrypt(b"correct horse battery staple")?;
|
||||||
|
kv::save_bytes(pool, "salt", salt).await?;
|
||||||
|
kv::save_bytes(pool, "verify_nonce", &nonce.as_slice()).await?;
|
||||||
|
kv::save_bytes(pool, "verify_blob", &blob).await?;
|
||||||
|
},
|
||||||
|
Self::Locked {salt, verify_nonce, verify_blob} => {
|
||||||
|
kv::save_bytes(pool, "salt", salt).await?;
|
||||||
|
kv::save_bytes(pool, "verify_nonce", &verify_nonce.as_slice()).await?;
|
||||||
|
kv::save_bytes(pool, "verify_blob", verify_blob).await?;
|
||||||
|
},
|
||||||
|
// "saving" an empty session just means doing nothing
|
||||||
|
Self::Empty => (),
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn reset(&mut self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
|
||||||
|
match self {
|
||||||
|
Self::Unlocked {..} | Self::Locked {..} => {
|
||||||
|
kv::delete_multi(pool, &["salt", "verify_nonce", "verify_blob"]).await?;
|
||||||
|
*self = Self::Empty;
|
||||||
|
},
|
||||||
|
Self::Empty => (),
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn try_get_crypto(&self) -> Result<&Crypto, GetCredentialsError> {
|
||||||
|
match self {
|
||||||
|
Self::Empty => Err(GetCredentialsError::Empty),
|
||||||
|
Self::Locked {..} => Err(GetCredentialsError::Locked),
|
||||||
|
Self::Unlocked {crypto, ..} => Ok(crypto),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
481
src-tauri/src/credentials/ssh.rs
Normal file
481
src-tauri/src/credentials/ssh.rs
Normal file
@ -0,0 +1,481 @@
|
|||||||
|
use std::fmt::{self, Formatter};
|
||||||
|
|
||||||
|
use chacha20poly1305::XNonce;
|
||||||
|
use serde::{
|
||||||
|
Deserialize,
|
||||||
|
Deserializer,
|
||||||
|
Serialize,
|
||||||
|
Serializer,
|
||||||
|
};
|
||||||
|
use serde::ser::{
|
||||||
|
Error as SerError,
|
||||||
|
SerializeStruct,
|
||||||
|
};
|
||||||
|
use serde::de::{self, Visitor};
|
||||||
|
use sha2::{Sha256, Sha512};
|
||||||
|
use signature::{Signer, SignatureEncoding};
|
||||||
|
use sqlx::{
|
||||||
|
FromRow,
|
||||||
|
Sqlite,
|
||||||
|
SqlitePool,
|
||||||
|
Transaction,
|
||||||
|
types::Uuid,
|
||||||
|
};
|
||||||
|
use ssh_agent_lib::proto::message::{
|
||||||
|
Identity,
|
||||||
|
SignRequest,
|
||||||
|
};
|
||||||
|
use ssh_encoding::Encode;
|
||||||
|
use ssh_key::{
|
||||||
|
Algorithm,
|
||||||
|
LineEnding,
|
||||||
|
private::{PrivateKey, KeypairData},
|
||||||
|
public::PublicKey,
|
||||||
|
};
|
||||||
|
use tokio_stream::StreamExt;
|
||||||
|
|
||||||
|
use crate::errors::*;
|
||||||
|
use super::{
|
||||||
|
Credential,
|
||||||
|
Crypto,
|
||||||
|
PersistentCredential,
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, FromRow)]
|
||||||
|
pub struct SshRow {
|
||||||
|
id: Uuid,
|
||||||
|
algorithm: String,
|
||||||
|
comment: String,
|
||||||
|
public_key: Vec<u8>,
|
||||||
|
private_key_enc: Vec<u8>,
|
||||||
|
nonce: Vec<u8>,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, Eq, PartialEq, Deserialize)]
|
||||||
|
pub struct SshKey {
|
||||||
|
#[serde(deserialize_with = "deserialize_algorithm")]
|
||||||
|
pub algorithm: Algorithm,
|
||||||
|
pub comment: String,
|
||||||
|
#[serde(deserialize_with = "deserialize_pubkey")]
|
||||||
|
pub public_key: PublicKey,
|
||||||
|
#[serde(deserialize_with = "deserialize_privkey")]
|
||||||
|
pub private_key: PrivateKey,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl SshKey {
|
||||||
|
pub fn from_file(path: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> {
|
||||||
|
let mut privkey = PrivateKey::read_openssh_file(path.as_ref())?;
|
||||||
|
if privkey.is_encrypted() {
|
||||||
|
privkey = privkey.decrypt(passphrase)
|
||||||
|
.map_err(|_| LoadSshKeyError::InvalidPassphrase)?;
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(SshKey {
|
||||||
|
algorithm: privkey.algorithm(),
|
||||||
|
comment: privkey.comment().into(),
|
||||||
|
public_key: privkey.public_key().clone(),
|
||||||
|
private_key: privkey,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn from_private_key(private_key: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> {
|
||||||
|
let mut privkey = PrivateKey::from_openssh(private_key)?;
|
||||||
|
if privkey.is_encrypted() {
|
||||||
|
privkey = privkey.decrypt(passphrase)
|
||||||
|
.map_err(|_| LoadSshKeyError::InvalidPassphrase)?;
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(SshKey {
|
||||||
|
algorithm: privkey.algorithm(),
|
||||||
|
comment: privkey.comment().into(),
|
||||||
|
public_key: privkey.public_key().clone(),
|
||||||
|
private_key: privkey,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn name_from_pubkey(pubkey: &[u8], pool: &SqlitePool) -> Result<String, LoadCredentialsError> {
|
||||||
|
let row = sqlx::query!(
|
||||||
|
"SELECT c.name
|
||||||
|
FROM credentials c
|
||||||
|
JOIN ssh_credentials s
|
||||||
|
ON s.id = c.id
|
||||||
|
WHERE s.public_key = ?",
|
||||||
|
pubkey
|
||||||
|
).fetch_optional(pool)
|
||||||
|
.await?
|
||||||
|
.ok_or(LoadCredentialsError::NoCredentials)?;
|
||||||
|
|
||||||
|
Ok(row.name)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn list_identities(pool: &SqlitePool) -> Result<Vec<Identity>, LoadCredentialsError> {
|
||||||
|
let mut rows = sqlx::query!(
|
||||||
|
"SELECT public_key, comment FROM ssh_credentials"
|
||||||
|
).fetch(pool);
|
||||||
|
|
||||||
|
let mut identities = Vec::new();
|
||||||
|
while let Some(row) = rows.try_next().await? {
|
||||||
|
identities.push(Identity {
|
||||||
|
pubkey_blob: row.public_key,
|
||||||
|
comment: row.comment,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(identities)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn sign_request(&self, req: &SignRequest) -> Result<Vec<u8>, HandlerError> {
|
||||||
|
let mut sig = Vec::new();
|
||||||
|
match self.private_key.key_data() {
|
||||||
|
KeypairData::Rsa(keypair) => {
|
||||||
|
// 2 is the flag value for `SSH_AGENT_RSA_SHA2_256`
|
||||||
|
if req.flags & 2 > 0 {
|
||||||
|
let signer = rsa::pkcs1v15::SigningKey::<Sha256>::try_from(keypair)?;
|
||||||
|
let sig_data = signer.try_sign(&req.data)?.to_vec();
|
||||||
|
"rsa-sha-256".encode(&mut sig)?;
|
||||||
|
sig_data.encode(&mut sig)?;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
let signer = rsa::pkcs1v15::SigningKey::<Sha512>::try_from(keypair)?;
|
||||||
|
let sig_data = signer.try_sign(&req.data)?.to_vec();
|
||||||
|
"rsa-sha2-512".encode(&mut sig)?;
|
||||||
|
sig_data.encode(&mut sig)?;
|
||||||
|
}
|
||||||
|
},
|
||||||
|
_ => {
|
||||||
|
let sig_data = self.private_key.try_sign(&req.data)?;
|
||||||
|
self.algorithm.as_str().encode(&mut sig)?;
|
||||||
|
sig_data.as_bytes().encode(&mut sig)?;
|
||||||
|
},
|
||||||
|
}
|
||||||
|
Ok(sig)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
impl PersistentCredential for SshKey {
|
||||||
|
type Row = SshRow;
|
||||||
|
|
||||||
|
fn type_name() -> &'static str { "ssh" }
|
||||||
|
|
||||||
|
fn into_credential(self) -> Credential { Credential::Ssh(self) }
|
||||||
|
|
||||||
|
fn row_id(row: &SshRow) -> Uuid { row.id }
|
||||||
|
|
||||||
|
fn from_row(row: SshRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> {
|
||||||
|
let nonce = XNonce::clone_from_slice(&row.nonce);
|
||||||
|
let privkey_bytes = crypto.decrypt(&nonce, &row.private_key_enc)?;
|
||||||
|
|
||||||
|
|
||||||
|
let algorithm = Algorithm::new(&row.algorithm)
|
||||||
|
.map_err(|_| LoadCredentialsError::InvalidData)?;
|
||||||
|
let public_key = PublicKey::from_bytes(&row.public_key)
|
||||||
|
.map_err(|_| LoadCredentialsError::InvalidData)?;
|
||||||
|
let private_key = PrivateKey::from_bytes(&privkey_bytes)
|
||||||
|
.map_err(|_| LoadCredentialsError::InvalidData)?;
|
||||||
|
|
||||||
|
Ok(SshKey {
|
||||||
|
algorithm,
|
||||||
|
comment: row.comment,
|
||||||
|
public_key,
|
||||||
|
private_key,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> {
|
||||||
|
let alg = self.algorithm.as_str();
|
||||||
|
let pubkey_bytes = self.public_key.to_bytes()?;
|
||||||
|
let privkey_bytes = self.private_key.to_bytes()?;
|
||||||
|
let (nonce, ciphertext) = crypto.encrypt(privkey_bytes.as_ref())?;
|
||||||
|
let nonce_bytes = nonce.as_slice();
|
||||||
|
|
||||||
|
sqlx::query!(
|
||||||
|
"INSERT OR REPLACE INTO ssh_credentials (
|
||||||
|
id,
|
||||||
|
algorithm,
|
||||||
|
comment,
|
||||||
|
public_key,
|
||||||
|
private_key_enc,
|
||||||
|
nonce
|
||||||
|
)
|
||||||
|
VALUES (?, ?, ?, ?, ?, ?)",
|
||||||
|
id, alg, self.comment, pubkey_bytes, ciphertext, nonce_bytes,
|
||||||
|
).execute(&mut **txn).await?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
impl Serialize for SshKey {
|
||||||
|
fn serialize<S: Serializer>(&self, s: S) -> Result<S::Ok, S::Error> {
|
||||||
|
let mut key = s.serialize_struct("SshKey", 5)?;
|
||||||
|
key.serialize_field("algorithm", self.algorithm.as_str())?;
|
||||||
|
key.serialize_field("comment", &self.comment)?;
|
||||||
|
|
||||||
|
let pubkey_str = self.public_key.to_openssh()
|
||||||
|
.map_err(|e| S::Error::custom(format!("Failed to encode SSH public key: {e}")))?;
|
||||||
|
key.serialize_field("public_key", &pubkey_str)?;
|
||||||
|
|
||||||
|
let privkey_str = self.private_key.to_openssh(LineEnding::LF)
|
||||||
|
.map_err(|e| S::Error::custom(format!("Failed to encode SSH private key: {e}")))?;
|
||||||
|
key.serialize_field::<str>("private_key", privkey_str.as_ref())?;
|
||||||
|
|
||||||
|
key.end()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
struct PubkeyVisitor;
|
||||||
|
|
||||||
|
impl<'de> Visitor<'de> for PubkeyVisitor {
|
||||||
|
type Value = PublicKey;
|
||||||
|
|
||||||
|
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
|
||||||
|
write!(formatter, "an OpenSSH-encoded public key, e.g. `ssh-rsa ...`")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn visit_str<E: de::Error>(self, v: &str) -> Result<Self::Value, E> {
|
||||||
|
PublicKey::from_openssh(v)
|
||||||
|
.map_err(|e| E::custom(format!("{e}")))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn deserialize_pubkey<'de, D>(deserializer: D) -> Result<PublicKey, D::Error>
|
||||||
|
where D: Deserializer<'de>
|
||||||
|
{
|
||||||
|
deserializer.deserialize_str(PubkeyVisitor)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
struct PrivkeyVisitor;
|
||||||
|
|
||||||
|
impl<'de> Visitor<'de> for PrivkeyVisitor {
|
||||||
|
type Value = PrivateKey;
|
||||||
|
|
||||||
|
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
|
||||||
|
write!(formatter, "an OpenSSH-encoded private key")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn visit_str<E: de::Error>(self, v: &str) -> Result<Self::Value, E> {
|
||||||
|
PrivateKey::from_openssh(v)
|
||||||
|
.map_err(|e| E::custom(format!("{e}")))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn deserialize_privkey<'de, D>(deserializer: D) -> Result<PrivateKey, D::Error>
|
||||||
|
where D: Deserializer<'de>
|
||||||
|
{
|
||||||
|
deserializer.deserialize_str(PrivkeyVisitor)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
struct AlgorithmVisitor;
|
||||||
|
|
||||||
|
impl<'de> Visitor<'de> for AlgorithmVisitor {
|
||||||
|
type Value = Algorithm;
|
||||||
|
|
||||||
|
fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
|
||||||
|
write!(formatter, "an SSH key algorithm identifier, e.g. `ssh-rsa`")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn visit_str<E: de::Error>(self, v: &str) -> Result<Self::Value, E> {
|
||||||
|
Algorithm::new(v)
|
||||||
|
.map_err(|e| E::custom(format!("{e}")))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn deserialize_algorithm<'de, D>(deserializer: D) -> Result<Algorithm, D::Error>
|
||||||
|
where D: Deserializer<'de>
|
||||||
|
{
|
||||||
|
deserializer.deserialize_str(AlgorithmVisitor)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use std::fs::{self, File};
|
||||||
|
use sqlx::types::uuid::uuid;
|
||||||
|
use crate::credentials::CredentialRecord;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
|
fn path(name: &str) -> String {
|
||||||
|
format!("./src/credentials/fixtures/{name}")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn random_uuid() -> Uuid {
|
||||||
|
let bytes = Crypto::salt();
|
||||||
|
Uuid::from_slice(&bytes[..16]).unwrap()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn rsa_plain() -> SshKey {
|
||||||
|
SshKey::from_file(&path("ssh_rsa_plain"), "")
|
||||||
|
.expect("Failed to load SSH key")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn rsa_enc() -> SshKey {
|
||||||
|
SshKey::from_file(
|
||||||
|
&path("ssh_rsa_enc"),
|
||||||
|
"correct horse battery staple"
|
||||||
|
).expect("Failed to load SSH key")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn ed25519_plain() -> SshKey {
|
||||||
|
SshKey::from_file(&path("ssh_ed25519_plain"), "")
|
||||||
|
.expect("Failed to load SSH key")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn ed25519_enc() -> SshKey {
|
||||||
|
SshKey::from_file(
|
||||||
|
&path("ssh_ed25519_enc"),
|
||||||
|
"correct horse battery staple"
|
||||||
|
).expect("Failed to load SSH key")
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_from_file_rsa_plain() {
|
||||||
|
let k = rsa_plain();
|
||||||
|
assert_eq!(k.algorithm.as_str(), "ssh-rsa");
|
||||||
|
assert_eq!(&k.comment, "hello world");
|
||||||
|
|
||||||
|
assert_eq!(
|
||||||
|
k.public_key.fingerprint(Default::default()),
|
||||||
|
k.private_key.fingerprint(Default::default()),
|
||||||
|
);
|
||||||
|
assert_eq!(
|
||||||
|
k.private_key.fingerprint(Default::default()).as_bytes(),
|
||||||
|
[90,162,92,235,160,164,88,179,144,234,84,135,1,249,9,206,
|
||||||
|
201,172,233,129,82,11,145,191,186,144,209,43,81,119,197,18],
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_from_file_rsa_enc() {
|
||||||
|
let k = rsa_enc();
|
||||||
|
assert_eq!(k.algorithm.as_str(), "ssh-rsa");
|
||||||
|
assert_eq!(&k.comment, "hello world");
|
||||||
|
|
||||||
|
assert_eq!(
|
||||||
|
k.public_key.fingerprint(Default::default()),
|
||||||
|
k.private_key.fingerprint(Default::default()),
|
||||||
|
);
|
||||||
|
assert_eq!(
|
||||||
|
k.private_key.fingerprint(Default::default()).as_bytes(),
|
||||||
|
[254,147,219,185,96,234,125,190,195,128,37,243,214,193,8,162,
|
||||||
|
34,237,126,199,241,91,195,251,232,84,144,120,25,63,224,157],
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_from_file_ed25519_plain() {
|
||||||
|
let k = ed25519_plain();
|
||||||
|
assert_eq!(k.algorithm.as_str(),"ssh-ed25519");
|
||||||
|
assert_eq!(&k.comment, "hello world");
|
||||||
|
|
||||||
|
assert_eq!(
|
||||||
|
k.public_key.fingerprint(Default::default()),
|
||||||
|
k.private_key.fingerprint(Default::default()),
|
||||||
|
);
|
||||||
|
assert_eq!(
|
||||||
|
k.private_key.fingerprint(Default::default()).as_bytes(),
|
||||||
|
[29,30,193,72,239,167,35,89,1,206,126,186,123,112,78,187,
|
||||||
|
240,59,1,15,107,189,72,30,44,64,114,216,32,195,22,201],
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_from_file_ed25519_enc() {
|
||||||
|
let k = ed25519_enc();
|
||||||
|
assert_eq!(k.algorithm.as_str(), "ssh-ed25519");
|
||||||
|
assert_eq!(&k.comment, "hello world");
|
||||||
|
|
||||||
|
assert_eq!(
|
||||||
|
k.public_key.fingerprint(Default::default()),
|
||||||
|
k.private_key.fingerprint(Default::default()),
|
||||||
|
);
|
||||||
|
assert_eq!(
|
||||||
|
k.private_key.fingerprint(Default::default()).as_bytes(),
|
||||||
|
[87,233,161,170,18,47,245,116,30,177,120,211,248,54,65,255,
|
||||||
|
41,45,113,107,182,221,189,167,110,9,245,254,44,6,118,141],
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_serialize() {
|
||||||
|
let expected = fs::read_to_string(path("ssh_ed25519_plain.json")).unwrap();
|
||||||
|
|
||||||
|
let k = ed25519_plain();
|
||||||
|
let computed = serde_json::to_string(&k)
|
||||||
|
.expect("Failed to serialize SshKey");
|
||||||
|
|
||||||
|
assert_eq!(expected, computed);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_deserialize() {
|
||||||
|
let expected = ed25519_plain();
|
||||||
|
|
||||||
|
let json_file = File::open(path("ssh_ed25519_plain.json")).unwrap();
|
||||||
|
let computed = serde_json::from_reader(json_file)
|
||||||
|
.expect("Failed to deserialize json file");
|
||||||
|
|
||||||
|
assert_eq!(expected, computed);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test]
|
||||||
|
async fn test_save_db(pool: SqlitePool) {
|
||||||
|
let crypto = Crypto::random();
|
||||||
|
let record = CredentialRecord {
|
||||||
|
id: random_uuid(),
|
||||||
|
name: "save_test".into(),
|
||||||
|
is_default: false,
|
||||||
|
credential: Credential::Ssh(rsa_plain()),
|
||||||
|
};
|
||||||
|
record.save(&crypto, &pool).await
|
||||||
|
.expect("Failed to save SSH key CredentialRecord to database");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("ssh_credentials"))]
|
||||||
|
async fn test_load_db(pool: SqlitePool) {
|
||||||
|
let crypto = Crypto::fixed();
|
||||||
|
let id = uuid!("11111111-1111-1111-1111-111111111111");
|
||||||
|
SshKey::load(&id, &crypto, &pool).await
|
||||||
|
.expect("Failed to load SSH key from database");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test]
|
||||||
|
async fn test_save_load_db(pool: SqlitePool) {
|
||||||
|
let crypto = Crypto::random();
|
||||||
|
|
||||||
|
let id = random_uuid();
|
||||||
|
let record = CredentialRecord {
|
||||||
|
id,
|
||||||
|
name: "save_load_test".into(),
|
||||||
|
is_default: false,
|
||||||
|
credential: Credential::Ssh(ed25519_plain()),
|
||||||
|
};
|
||||||
|
|
||||||
|
record.save(&crypto, &pool).await.unwrap();
|
||||||
|
let loaded = SshKey::load(&id, &crypto, &pool).await.unwrap();
|
||||||
|
let known = ed25519_plain();
|
||||||
|
|
||||||
|
assert_eq!(known.algorithm, loaded.algorithm);
|
||||||
|
assert_eq!(known.comment, loaded.comment);
|
||||||
|
// comment gets stripped by saving as bytes, so we just compare raw key data
|
||||||
|
assert_eq!(known.public_key.key_data(), loaded.public_key.key_data());
|
||||||
|
assert_eq!(known.private_key, loaded.private_key);
|
||||||
|
}
|
||||||
|
}
|
@ -1,23 +1,25 @@
|
|||||||
use std::error::Error;
|
use std::error::Error;
|
||||||
use std::convert::AsRef;
|
use std::convert::AsRef;
|
||||||
use std::ffi::OsString;
|
use std::ffi::OsString;
|
||||||
use std::sync::mpsc;
|
|
||||||
use std::string::FromUtf8Error;
|
use std::string::FromUtf8Error;
|
||||||
use strum_macros::AsRefStr;
|
use strum_macros::AsRefStr;
|
||||||
|
|
||||||
use thiserror::Error as ThisError;
|
use thiserror::Error as ThisError;
|
||||||
use aws_sdk_sts::{
|
use aws_sdk_sts::{
|
||||||
types::SdkError as AwsSdkError,
|
error::SdkError as AwsSdkError,
|
||||||
error::GetSessionTokenError,
|
operation::get_session_token::GetSessionTokenError,
|
||||||
|
error::ProvideErrorMetadata,
|
||||||
|
};
|
||||||
|
use rfd::{
|
||||||
|
AsyncMessageDialog,
|
||||||
|
MessageLevel,
|
||||||
};
|
};
|
||||||
use sqlx::{
|
use sqlx::{
|
||||||
error::Error as SqlxError,
|
error::Error as SqlxError,
|
||||||
migrate::MigrateError,
|
migrate::MigrateError,
|
||||||
};
|
};
|
||||||
use tauri::api::dialog::{
|
use tauri::async_runtime as rt;
|
||||||
MessageDialogBuilder,
|
use tauri_plugin_global_shortcut::Error as ShortcutError;
|
||||||
MessageDialogKind,
|
|
||||||
};
|
|
||||||
use tokio::sync::oneshot::error::RecvError;
|
use tokio::sync::oneshot::error::RecvError;
|
||||||
use serde::{
|
use serde::{
|
||||||
Serialize,
|
Serialize,
|
||||||
@ -27,30 +29,23 @@ use serde::{
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
pub trait ShowError {
|
pub trait ShowError<T, E>
|
||||||
|
{
|
||||||
fn error_popup(self, title: &str);
|
fn error_popup(self, title: &str);
|
||||||
fn error_popup_nowait(self, title: &str);
|
|
||||||
fn error_print(self);
|
fn error_print(self);
|
||||||
fn error_print_prefix(self, prefix: &str);
|
fn error_print_prefix(self, prefix: &str);
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<E: std::fmt::Display> ShowError for Result<(), E> {
|
impl<T, E> ShowError<T, E> for Result<T, E>
|
||||||
|
where E: std::fmt::Display
|
||||||
|
{
|
||||||
fn error_popup(self, title: &str) {
|
fn error_popup(self, title: &str) {
|
||||||
if let Err(e) = self {
|
if let Err(e) = self {
|
||||||
let (tx, rx) = mpsc::channel();
|
let dialog = AsyncMessageDialog::new()
|
||||||
MessageDialogBuilder::new(title, format!("{e}"))
|
.set_level(MessageLevel::Error)
|
||||||
.kind(MessageDialogKind::Error)
|
.set_title(title)
|
||||||
.show(move |_| tx.send(true).unwrap());
|
.set_description(format!("{e}"));
|
||||||
|
rt::spawn(async move {dialog.show().await});
|
||||||
rx.recv().unwrap();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fn error_popup_nowait(self, title: &str) {
|
|
||||||
if let Err(e) = self {
|
|
||||||
MessageDialogBuilder::new(title, format!("{e}"))
|
|
||||||
.kind(MessageDialogKind::Error)
|
|
||||||
.show(|_| {})
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -133,10 +128,10 @@ pub enum SetupError {
|
|||||||
InvalidRecord, // e.g. wrong size blob for nonce or salt
|
InvalidRecord, // e.g. wrong size blob for nonce or salt
|
||||||
#[error("Error from database: {0}")]
|
#[error("Error from database: {0}")]
|
||||||
DbError(#[from] SqlxError),
|
DbError(#[from] SqlxError),
|
||||||
|
#[error("Error loading data: {0}")]
|
||||||
|
KvError(#[from] LoadKvError),
|
||||||
#[error("Error running migrations: {0}")]
|
#[error("Error running migrations: {0}")]
|
||||||
MigrationError(#[from] MigrateError),
|
MigrationError(#[from] MigrateError),
|
||||||
#[error("Error parsing configuration from database")]
|
|
||||||
ConfigParseError(#[from] serde_json::Error),
|
|
||||||
#[error("Failed to set up start-on-login: {0}")]
|
#[error("Failed to set up start-on-login: {0}")]
|
||||||
AutoLaunchError(#[from] auto_launch::Error),
|
AutoLaunchError(#[from] auto_launch::Error),
|
||||||
#[error("Failed to start listener: {0}")]
|
#[error("Failed to start listener: {0}")]
|
||||||
@ -144,7 +139,7 @@ pub enum SetupError {
|
|||||||
#[error("Failed to resolve data directory: {0}")]
|
#[error("Failed to resolve data directory: {0}")]
|
||||||
DataDir(#[from] DataDirError),
|
DataDir(#[from] DataDirError),
|
||||||
#[error("Failed to register hotkeys: {0}")]
|
#[error("Failed to register hotkeys: {0}")]
|
||||||
RegisterHotkeys(#[from] tauri::Error),
|
RegisterHotkeys(#[from] ShortcutError),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -196,6 +191,14 @@ pub enum HandlerError {
|
|||||||
NoMainWindow,
|
NoMainWindow,
|
||||||
#[error("Request was denied")]
|
#[error("Request was denied")]
|
||||||
Denied,
|
Denied,
|
||||||
|
#[error(transparent)]
|
||||||
|
SshAgent(#[from] ssh_agent_lib::error::AgentError),
|
||||||
|
#[error(transparent)]
|
||||||
|
SshKey(#[from] ssh_key::Error),
|
||||||
|
#[error(transparent)]
|
||||||
|
Signature(#[from] signature::Error),
|
||||||
|
#[error(transparent)]
|
||||||
|
Encoding(#[from] ssh_encoding::Error),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -214,6 +217,12 @@ pub enum GetCredentialsError {
|
|||||||
Locked,
|
Locked,
|
||||||
#[error("No credentials are known")]
|
#[error("No credentials are known")]
|
||||||
Empty,
|
Empty,
|
||||||
|
#[error(transparent)]
|
||||||
|
Crypto(#[from] CryptoError),
|
||||||
|
#[error(transparent)]
|
||||||
|
Load(#[from] LoadCredentialsError),
|
||||||
|
#[error(transparent)]
|
||||||
|
GetSession(#[from] GetSessionError),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -251,12 +260,60 @@ pub enum UnlockError {
|
|||||||
pub enum LockError {
|
pub enum LockError {
|
||||||
#[error("App is not unlocked")]
|
#[error("App is not unlocked")]
|
||||||
NotUnlocked,
|
NotUnlocked,
|
||||||
#[error("Database error: {0}")]
|
#[error(transparent)]
|
||||||
DbError(#[from] SqlxError),
|
LoadCredentials(#[from] LoadCredentialsError),
|
||||||
#[error(transparent)]
|
#[error(transparent)]
|
||||||
Setup(#[from] SetupError),
|
Setup(#[from] SetupError),
|
||||||
#[error(transparent)]
|
#[error(transparent)]
|
||||||
TauriError(#[from] tauri::Error),
|
TauriError(#[from] tauri::Error),
|
||||||
|
#[error(transparent)]
|
||||||
|
Crypto(#[from] CryptoError),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, ThisError, AsRefStr)]
|
||||||
|
pub enum SaveCredentialsError {
|
||||||
|
#[error("Database error: {0}")]
|
||||||
|
DbError(#[from] SqlxError),
|
||||||
|
#[error("Encryption error: {0}")]
|
||||||
|
Crypto(#[from] CryptoError),
|
||||||
|
#[error(transparent)]
|
||||||
|
Session(#[from] GetCredentialsError),
|
||||||
|
#[error("App is locked")]
|
||||||
|
Locked,
|
||||||
|
#[error("Credential is temporary and cannot be saved")]
|
||||||
|
NotPersistent,
|
||||||
|
#[error("A credential with that name already exists")]
|
||||||
|
Duplicate,
|
||||||
|
#[error("Failed to save credentials: {0}")]
|
||||||
|
Encode(#[from] ssh_key::Error),
|
||||||
|
// rekeying is fundamentally a save operation,
|
||||||
|
// but involves loading in order to re-save
|
||||||
|
#[error(transparent)]
|
||||||
|
LoadCredentials(#[from] LoadCredentialsError),
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, ThisError, AsRefStr)]
|
||||||
|
pub enum LoadCredentialsError {
|
||||||
|
#[error("Database error: {0}")]
|
||||||
|
DbError(#[from] SqlxError),
|
||||||
|
#[error("Invalid passphrase")] // pretty sure this is the only way decryption fails
|
||||||
|
Encryption(#[from] CryptoError),
|
||||||
|
#[error("Credentials not found")]
|
||||||
|
NoCredentials,
|
||||||
|
#[error("Could not decode credential data")]
|
||||||
|
InvalidData,
|
||||||
|
#[error(transparent)]
|
||||||
|
LoadKv(#[from] LoadKvError),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, ThisError, AsRefStr)]
|
||||||
|
pub enum LoadKvError {
|
||||||
|
#[error("Database error: {0}")]
|
||||||
|
DbError(#[from] SqlxError),
|
||||||
|
#[error("Could not parse value from database: {0}")]
|
||||||
|
Invalid(#[from] serde_json::Error),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -266,6 +323,10 @@ pub enum CryptoError {
|
|||||||
Argon2(#[from] argon2::Error),
|
Argon2(#[from] argon2::Error),
|
||||||
#[error("Invalid passphrase")] // I think this is the only way decryption fails
|
#[error("Invalid passphrase")] // I think this is the only way decryption fails
|
||||||
Aead(#[from] chacha20poly1305::aead::Error),
|
Aead(#[from] chacha20poly1305::aead::Error),
|
||||||
|
#[error("App is currently locked")]
|
||||||
|
Locked,
|
||||||
|
#[error("No passphrase has been specified")]
|
||||||
|
Empty,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -281,6 +342,8 @@ pub enum ClientInfoError {
|
|||||||
#[cfg(windows)]
|
#[cfg(windows)]
|
||||||
#[error("Could not determine PID of connected client")]
|
#[error("Could not determine PID of connected client")]
|
||||||
WindowsError(#[from] windows::core::Error),
|
WindowsError(#[from] windows::core::Error),
|
||||||
|
#[error("Could not determine PID of connected client")]
|
||||||
|
PidNotFound,
|
||||||
#[error(transparent)]
|
#[error(transparent)]
|
||||||
Io(#[from] std::io::Error),
|
Io(#[from] std::io::Error),
|
||||||
}
|
}
|
||||||
@ -307,7 +370,7 @@ pub enum RequestError {
|
|||||||
#[error("Error response from server: {0}")]
|
#[error("Error response from server: {0}")]
|
||||||
Server(ServerError),
|
Server(ServerError),
|
||||||
#[error("Unexpected response from server")]
|
#[error("Unexpected response from server")]
|
||||||
Unexpected(crate::server::Response),
|
Unexpected(crate::srv::CliResponse),
|
||||||
#[error("The server did not respond with valid JSON")]
|
#[error("The server did not respond with valid JSON")]
|
||||||
InvalidJson(#[from] serde_json::Error),
|
InvalidJson(#[from] serde_json::Error),
|
||||||
#[error("Error reading/writing stream: {0}")]
|
#[error("Error reading/writing stream: {0}")]
|
||||||
@ -359,6 +422,17 @@ pub enum LaunchTerminalError {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, ThisError, AsRefStr)]
|
||||||
|
pub enum LoadSshKeyError {
|
||||||
|
#[error("Passphrase is invalid")]
|
||||||
|
InvalidPassphrase,
|
||||||
|
#[error("Could not parse SSH private key data")]
|
||||||
|
InvalidData(#[from] ssh_key::Error),
|
||||||
|
#[error(transparent)]
|
||||||
|
Io(#[from] std::io::Error),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// =========================
|
// =========================
|
||||||
// Serialize implementations
|
// Serialize implementations
|
||||||
// =========================
|
// =========================
|
||||||
@ -383,6 +457,9 @@ impl_serialize_basic!(GetCredentialsError);
|
|||||||
impl_serialize_basic!(ClientInfoError);
|
impl_serialize_basic!(ClientInfoError);
|
||||||
impl_serialize_basic!(WindowError);
|
impl_serialize_basic!(WindowError);
|
||||||
impl_serialize_basic!(LockError);
|
impl_serialize_basic!(LockError);
|
||||||
|
impl_serialize_basic!(SaveCredentialsError);
|
||||||
|
impl_serialize_basic!(LoadCredentialsError);
|
||||||
|
impl_serialize_basic!(LoadSshKeyError);
|
||||||
|
|
||||||
|
|
||||||
impl Serialize for HandlerError {
|
impl Serialize for HandlerError {
|
||||||
|
13
src-tauri/src/fixtures/kv.sql
Normal file
13
src-tauri/src/fixtures/kv.sql
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
INSERT INTO kv (name, value)
|
||||||
|
VALUES
|
||||||
|
-- b"hello world" (raw bytes)
|
||||||
|
('test_bytes', X'68656C6C6F20776F726C64'),
|
||||||
|
|
||||||
|
-- b"\"hello world\"" (JSON string)
|
||||||
|
('test_string', X'2268656C6C6F20776F726C6422'),
|
||||||
|
|
||||||
|
-- b"123" (JSON integer)
|
||||||
|
('test_int', X'313233'),
|
||||||
|
|
||||||
|
-- b"true" (JSON bool)
|
||||||
|
('test_bool', X'74727565')
|
@ -1,8 +1,13 @@
|
|||||||
use serde::{Serialize, Deserialize};
|
use serde::{Serialize, Deserialize};
|
||||||
use tauri::State;
|
use sqlx::types::Uuid;
|
||||||
|
use tauri::{AppHandle, State};
|
||||||
|
|
||||||
use crate::config::AppConfig;
|
use crate::config::AppConfig;
|
||||||
use crate::credentials::{Session,BaseCredentials};
|
use crate::credentials::{
|
||||||
|
AppSession,
|
||||||
|
CredentialRecord,
|
||||||
|
SshKey,
|
||||||
|
};
|
||||||
use crate::errors::*;
|
use crate::errors::*;
|
||||||
use crate::clientinfo::Client;
|
use crate::clientinfo::Client;
|
||||||
use crate::state::AppState;
|
use crate::state::AppState;
|
||||||
@ -13,10 +18,37 @@ use crate::terminal;
|
|||||||
pub struct AwsRequestNotification {
|
pub struct AwsRequestNotification {
|
||||||
pub id: u64,
|
pub id: u64,
|
||||||
pub client: Client,
|
pub client: Client,
|
||||||
|
pub name: Option<String>,
|
||||||
pub base: bool,
|
pub base: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||||
|
pub struct SshRequestNotification {
|
||||||
|
pub id: u64,
|
||||||
|
pub client: Client,
|
||||||
|
pub key_name: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||||
|
#[serde(tag = "type")]
|
||||||
|
pub enum RequestNotification {
|
||||||
|
Aws(AwsRequestNotification),
|
||||||
|
Ssh(SshRequestNotification),
|
||||||
|
}
|
||||||
|
|
||||||
|
impl RequestNotification {
|
||||||
|
pub fn new_aws(id: u64, client: Client, name: Option<String>, base: bool) -> Self {
|
||||||
|
Self::Aws(AwsRequestNotification {id, client, name, base})
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn new_ssh(id: u64, client: Client, key_name: String) -> Self {
|
||||||
|
Self::Ssh(SshRequestNotification {id, client, key_name})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize)]
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
pub struct RequestResponse {
|
pub struct RequestResponse {
|
||||||
pub id: u64,
|
pub id: u64,
|
||||||
@ -44,13 +76,31 @@ pub async fn unlock(passphrase: String, app_state: State<'_, AppState>) -> Resul
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub async fn lock(app_state: State<'_, AppState>) -> Result<(), LockError> {
|
||||||
|
app_state.lock().await
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub async fn reset_session(app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
|
||||||
|
app_state.reset_session().await
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub async fn set_passphrase(passphrase: &str, app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
|
||||||
|
app_state.set_passphrase(passphrase).await
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#[tauri::command]
|
#[tauri::command]
|
||||||
pub async fn get_session_status(app_state: State<'_, AppState>) -> Result<String, ()> {
|
pub async fn get_session_status(app_state: State<'_, AppState>) -> Result<String, ()> {
|
||||||
let session = app_state.session.read().await;
|
let session = app_state.app_session.read().await;
|
||||||
let status = match *session {
|
let status = match *session {
|
||||||
Session::Locked(_) => "locked".into(),
|
AppSession::Locked{..} => "locked".into(),
|
||||||
Session::Unlocked{..} => "unlocked".into(),
|
AppSession::Unlocked{..} => "unlocked".into(),
|
||||||
Session::Empty => "empty".into()
|
AppSession::Empty => "empty".into(),
|
||||||
};
|
};
|
||||||
Ok(status)
|
Ok(status)
|
||||||
}
|
}
|
||||||
@ -64,12 +114,37 @@ pub async fn signal_activity(app_state: State<'_, AppState>) -> Result<(), ()> {
|
|||||||
|
|
||||||
|
|
||||||
#[tauri::command]
|
#[tauri::command]
|
||||||
pub async fn save_credentials(
|
pub async fn save_credential(
|
||||||
credentials: BaseCredentials,
|
record: CredentialRecord,
|
||||||
passphrase: String,
|
|
||||||
app_state: State<'_, AppState>
|
app_state: State<'_, AppState>
|
||||||
) -> Result<(), UnlockError> {
|
) -> Result<(), SaveCredentialsError> {
|
||||||
app_state.new_creds(credentials, &passphrase).await
|
app_state.save_credential(record).await
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub async fn delete_credential(id: &str, app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
|
||||||
|
let id = Uuid::try_parse(id)
|
||||||
|
.map_err(|_| LoadCredentialsError::NoCredentials)?;
|
||||||
|
app_state.delete_credential(&id).await
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub async fn list_credentials(app_state: State<'_, AppState>) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
|
||||||
|
app_state.list_credentials().await
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub async fn sshkey_from_file(path: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> {
|
||||||
|
SshKey::from_file(path, passphrase)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub async fn sshkey_from_private_key(private_key: &str, passphrase: &str) -> Result<SshKey, LoadSshKeyError> {
|
||||||
|
SshKey::from_private_key(private_key, passphrase)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -91,7 +166,8 @@ pub async fn save_config(config: AppConfig, app_state: State<'_, AppState>) -> R
|
|||||||
|
|
||||||
#[tauri::command]
|
#[tauri::command]
|
||||||
pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> {
|
pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> {
|
||||||
terminal::launch(base).await
|
let res = terminal::launch(base).await;
|
||||||
|
res
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -99,3 +175,9 @@ pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> {
|
|||||||
pub async fn get_setup_errors(app_state: State<'_, AppState>) -> Result<Vec<String>, ()> {
|
pub async fn get_setup_errors(app_state: State<'_, AppState>) -> Result<Vec<String>, ()> {
|
||||||
Ok(app_state.setup_errors.clone())
|
Ok(app_state.setup_errors.clone())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[tauri::command]
|
||||||
|
pub fn exit(app_handle: AppHandle) {
|
||||||
|
app_handle.exit(0)
|
||||||
|
}
|
||||||
|
212
src-tauri/src/kv.rs
Normal file
212
src-tauri/src/kv.rs
Normal file
@ -0,0 +1,212 @@
|
|||||||
|
use serde::Serialize;
|
||||||
|
use serde::de::DeserializeOwned;
|
||||||
|
use sqlx::SqlitePool;
|
||||||
|
|
||||||
|
use crate::errors::*;
|
||||||
|
|
||||||
|
|
||||||
|
pub async fn save<T>(pool: &SqlitePool, name: &str, value: &T) -> Result<(), sqlx::Error>
|
||||||
|
where T: Serialize + ?Sized
|
||||||
|
{
|
||||||
|
let bytes = serde_json::to_vec(value).unwrap();
|
||||||
|
save_bytes(pool, name, &bytes).await
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub async fn save_bytes(pool: &SqlitePool, name: &str, bytes: &[u8]) -> Result<(), sqlx::Error> {
|
||||||
|
sqlx::query!(
|
||||||
|
"INSERT INTO kv (name, value) VALUES (?, ?)
|
||||||
|
ON CONFLICT(name) DO UPDATE SET value = excluded.value;",
|
||||||
|
name,
|
||||||
|
bytes,
|
||||||
|
).execute(pool).await?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub async fn load<T>(pool: &SqlitePool, name: &str) -> Result<Option<T>, LoadKvError>
|
||||||
|
where T: DeserializeOwned
|
||||||
|
{
|
||||||
|
let v = load_bytes(pool, name)
|
||||||
|
.await?
|
||||||
|
.map(|bytes| serde_json::from_slice(&bytes))
|
||||||
|
.transpose()?;
|
||||||
|
Ok(v)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub async fn load_bytes(pool: &SqlitePool, name: &str) -> Result<Option<Vec<u8>>, sqlx::Error> {
|
||||||
|
sqlx::query!("SELECT name, value FROM kv WHERE name = ?", name)
|
||||||
|
.map(|row| row.value)
|
||||||
|
.fetch_optional(pool)
|
||||||
|
.await
|
||||||
|
.map(|o| o.flatten())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// we don't have a need for this right now, but we will some day
|
||||||
|
#[cfg(test)]
|
||||||
|
pub async fn delete(pool: &SqlitePool, name: &str) -> Result<(), sqlx::Error> {
|
||||||
|
sqlx::query!("DELETE FROM kv WHERE name = ?", name)
|
||||||
|
.execute(pool)
|
||||||
|
.await?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub async fn delete_multi(pool: &SqlitePool, names: &[&str]) -> Result<(), sqlx::Error> {
|
||||||
|
let placeholder = names.iter()
|
||||||
|
.map(|_| "?")
|
||||||
|
.collect::<Vec<&str>>()
|
||||||
|
.join(",");
|
||||||
|
let query = format!("DELETE FROM kv WHERE name IN ({})", placeholder);
|
||||||
|
|
||||||
|
let mut q = sqlx::query(&query);
|
||||||
|
for name in names {
|
||||||
|
q = q.bind(name);
|
||||||
|
}
|
||||||
|
q.execute(pool).await?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
macro_rules! load_bytes_multi {
|
||||||
|
(
|
||||||
|
$pool:expr,
|
||||||
|
$($name:literal),*
|
||||||
|
) => {
|
||||||
|
// wrap everything up in an async block for easy short-circuiting...
|
||||||
|
async {
|
||||||
|
// ...returning a Result...
|
||||||
|
Ok::<_, sqlx::Error>(
|
||||||
|
//containing an Option...
|
||||||
|
Some(
|
||||||
|
// containing a tuple...
|
||||||
|
(
|
||||||
|
// ...with one item for each repetition of $name
|
||||||
|
$(
|
||||||
|
// load_bytes returns Result<Option<_>>, the Result is handled by
|
||||||
|
// the ? and we match on the Option
|
||||||
|
match crate::kv::load_bytes($pool, $name).await? {
|
||||||
|
Some(v) => v,
|
||||||
|
None => return Ok(None)
|
||||||
|
},
|
||||||
|
)*
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub(crate) use load_bytes_multi;
|
||||||
|
|
||||||
|
|
||||||
|
// macro_rules! load_multi {
|
||||||
|
// (
|
||||||
|
// $pool:expr,
|
||||||
|
// $($name:literal),*
|
||||||
|
// ) => {
|
||||||
|
// (|| {
|
||||||
|
// (
|
||||||
|
// $(
|
||||||
|
// match load(pool, $name)? {
|
||||||
|
// Some(v) => v,
|
||||||
|
// None => return Ok(None)
|
||||||
|
// },
|
||||||
|
// )*
|
||||||
|
// )
|
||||||
|
// })()
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use super::*;
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test]
|
||||||
|
async fn test_save_bytes(pool: SqlitePool) {
|
||||||
|
save_bytes(&pool, "test_bytes", b"hello world").await
|
||||||
|
.expect("Failed to save bytes");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test]
|
||||||
|
async fn test_save(pool: SqlitePool) {
|
||||||
|
save(&pool, "test_string", "hello world").await
|
||||||
|
.expect("Failed to save string");
|
||||||
|
save(&pool, "test_int", &123).await
|
||||||
|
.expect("Failed to save integer");
|
||||||
|
save(&pool, "test_bool", &true).await
|
||||||
|
.expect("Failed to save bool");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("kv"))]
|
||||||
|
async fn test_load_bytes(pool: SqlitePool) {
|
||||||
|
let bytes = load_bytes(&pool, "test_bytes").await
|
||||||
|
.expect("Failed to load bytes")
|
||||||
|
.expect("Test data not found in database");
|
||||||
|
|
||||||
|
assert_eq!(bytes, Vec::from(b"hello world"));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("kv"))]
|
||||||
|
async fn test_load(pool: SqlitePool) {
|
||||||
|
let string: String = load(&pool, "test_string").await
|
||||||
|
.expect("Failed to load string")
|
||||||
|
.expect("Test data not found in database");
|
||||||
|
assert_eq!(string, "hello world".to_string());
|
||||||
|
|
||||||
|
let integer: usize = load(&pool, "test_int").await
|
||||||
|
.expect("Failed to load integer")
|
||||||
|
.expect("Test data not found in database");
|
||||||
|
assert_eq!(integer, 123);
|
||||||
|
|
||||||
|
let boolean: bool = load(&pool, "test_bool").await
|
||||||
|
.expect("Failed to load boolean")
|
||||||
|
.expect("Test data not found in database");
|
||||||
|
assert_eq!(boolean, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("kv"))]
|
||||||
|
async fn test_load_multi(pool: SqlitePool) {
|
||||||
|
let (bytes, boolean) = load_bytes_multi!(&pool, "test_bytes", "test_bool")
|
||||||
|
.await
|
||||||
|
.expect("Failed to load items")
|
||||||
|
.expect("Test data not found in database");
|
||||||
|
|
||||||
|
assert_eq!(bytes, Vec::from(b"hello world"));
|
||||||
|
assert_eq!(boolean, Vec::from(b"true"));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("kv"))]
|
||||||
|
async fn test_delete(pool: SqlitePool) {
|
||||||
|
delete(&pool, "test_bytes").await
|
||||||
|
.expect("Failed to delete data");
|
||||||
|
|
||||||
|
let loaded = load_bytes(&pool, "test_bytes").await
|
||||||
|
.expect("Failed to load data");
|
||||||
|
assert_eq!(loaded, None);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("kv"))]
|
||||||
|
async fn test_delete_multi(pool: SqlitePool) {
|
||||||
|
delete_multi(&pool, &["test_bytes", "test_string"]).await
|
||||||
|
.expect("Failed to delete keys");
|
||||||
|
|
||||||
|
let bytes_opt = load_bytes(&pool, "test_bytes").await
|
||||||
|
.expect("Failed to load bytes");
|
||||||
|
assert_eq!(bytes_opt, None);
|
||||||
|
|
||||||
|
let string_opt = load_bytes(&pool, "test_string").await
|
||||||
|
.expect("Failed to load string");
|
||||||
|
assert_eq!(string_opt, None);
|
||||||
|
}
|
||||||
|
}
|
@ -1,12 +1,12 @@
|
|||||||
pub mod app;
|
pub mod app;
|
||||||
pub mod cli;
|
|
||||||
mod config;
|
mod config;
|
||||||
mod credentials;
|
mod credentials;
|
||||||
pub mod errors;
|
pub mod errors;
|
||||||
mod clientinfo;
|
mod clientinfo;
|
||||||
mod ipc;
|
mod ipc;
|
||||||
|
mod kv;
|
||||||
mod state;
|
mod state;
|
||||||
mod server;
|
mod srv;
|
||||||
mod shortcuts;
|
mod shortcuts;
|
||||||
mod terminal;
|
mod terminal;
|
||||||
mod tray;
|
mod tray;
|
||||||
|
@ -3,23 +3,24 @@
|
|||||||
windows_subsystem = "windows"
|
windows_subsystem = "windows"
|
||||||
)]
|
)]
|
||||||
|
|
||||||
|
|
||||||
use creddy::{
|
use creddy::{
|
||||||
app,
|
app,
|
||||||
cli,
|
|
||||||
errors::ShowError,
|
errors::ShowError,
|
||||||
};
|
};
|
||||||
|
use creddy_cli::{Action, Cli};
|
||||||
|
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
let res = match cli::parser().get_matches().subcommand() {
|
let cli = Cli::parse();
|
||||||
None | Some(("run", _)) => {
|
let res = match cli.action {
|
||||||
app::run().error_popup("Creddy failed to start");
|
None | Some(Action::Run) => {
|
||||||
|
app::run().error_popup("Creddy encountered an error");
|
||||||
Ok(())
|
Ok(())
|
||||||
},
|
},
|
||||||
Some(("get", m)) => cli::get(m),
|
Some(Action::Get(args)) => creddy_cli::get(args, cli.global_args),
|
||||||
Some(("exec", m)) => cli::exec(m),
|
Some(Action::Exec(args)) => creddy_cli::exec(args, cli.global_args),
|
||||||
Some(("shortcut", m)) => cli::invoke_shortcut(m),
|
Some(Action::Shortcut(args)) => creddy_cli::invoke_shortcut(args, cli.global_args),
|
||||||
_ => unreachable!(),
|
|
||||||
};
|
};
|
||||||
|
|
||||||
if let Err(e) = res {
|
if let Err(e) = res {
|
||||||
|
@ -1,59 +0,0 @@
|
|||||||
use std::io::ErrorKind;
|
|
||||||
use tokio::net::{UnixListener, UnixStream};
|
|
||||||
use tauri::{
|
|
||||||
AppHandle,
|
|
||||||
Manager,
|
|
||||||
async_runtime as rt,
|
|
||||||
};
|
|
||||||
|
|
||||||
use crate::errors::*;
|
|
||||||
|
|
||||||
|
|
||||||
pub type Stream = UnixStream;
|
|
||||||
|
|
||||||
|
|
||||||
pub struct Server {
|
|
||||||
listener: UnixListener,
|
|
||||||
app_handle: AppHandle,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Server {
|
|
||||||
pub fn start(app_handle: AppHandle) -> std::io::Result<()> {
|
|
||||||
match std::fs::remove_file("/tmp/creddy.sock") {
|
|
||||||
Ok(_) => (),
|
|
||||||
Err(e) if e.kind() == ErrorKind::NotFound => (),
|
|
||||||
Err(e) => return Err(e),
|
|
||||||
}
|
|
||||||
|
|
||||||
let listener = UnixListener::bind("/tmp/creddy.sock")?;
|
|
||||||
let srv = Server { listener, app_handle };
|
|
||||||
rt::spawn(srv.serve());
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn serve(self) {
|
|
||||||
loop {
|
|
||||||
self.try_serve()
|
|
||||||
.await
|
|
||||||
.error_print_prefix("Error accepting request: ");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn try_serve(&self) -> Result<(), HandlerError> {
|
|
||||||
let (stream, _addr) = self.listener.accept().await?;
|
|
||||||
let new_handle = self.app_handle.app_handle();
|
|
||||||
let client_pid = get_client_pid(&stream)?;
|
|
||||||
rt::spawn(async move {
|
|
||||||
super::handle(stream, new_handle, client_pid)
|
|
||||||
.await
|
|
||||||
.error_print_prefix("Error responding to request: ");
|
|
||||||
});
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
fn get_client_pid(stream: &UnixStream) -> std::io::Result<u32> {
|
|
||||||
let cred = stream.peer_cred()?;
|
|
||||||
Ok(cred.pid().unwrap() as u32)
|
|
||||||
}
|
|
@ -1,74 +0,0 @@
|
|||||||
use tokio::net::windows::named_pipe::{
|
|
||||||
NamedPipeServer,
|
|
||||||
ServerOptions,
|
|
||||||
};
|
|
||||||
|
|
||||||
use tauri::{AppHandle, Manager};
|
|
||||||
|
|
||||||
use windows::Win32:: {
|
|
||||||
Foundation::HANDLE,
|
|
||||||
System::Pipes::GetNamedPipeClientProcessId,
|
|
||||||
};
|
|
||||||
|
|
||||||
use std::os::windows::io::AsRawHandle;
|
|
||||||
|
|
||||||
use tauri::async_runtime as rt;
|
|
||||||
|
|
||||||
use crate::errors::*;
|
|
||||||
|
|
||||||
|
|
||||||
// used by parent module
|
|
||||||
pub type Stream = NamedPipeServer;
|
|
||||||
|
|
||||||
|
|
||||||
pub struct Server {
|
|
||||||
listener: NamedPipeServer,
|
|
||||||
app_handle: AppHandle,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Server {
|
|
||||||
pub fn start(app_handle: AppHandle) -> std::io::Result<()> {
|
|
||||||
let listener = ServerOptions::new()
|
|
||||||
.first_pipe_instance(true)
|
|
||||||
.create(r"\\.\pipe\creddy-requests")?;
|
|
||||||
|
|
||||||
let srv = Server {listener, app_handle};
|
|
||||||
rt::spawn(srv.serve());
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn serve(mut self) {
|
|
||||||
loop {
|
|
||||||
if let Err(e) = self.try_serve().await {
|
|
||||||
eprintln!("Error accepting connection: {e}");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn try_serve(&mut self) -> Result<(), HandlerError> {
|
|
||||||
// connect() just waits for a client to connect, it doesn't return anything
|
|
||||||
self.listener.connect().await?;
|
|
||||||
|
|
||||||
// create a new pipe instance to listen for the next client, and swap it in
|
|
||||||
let new_listener = ServerOptions::new().create(r"\\.\pipe\creddy-requests")?;
|
|
||||||
let stream = std::mem::replace(&mut self.listener, new_listener);
|
|
||||||
let new_handle = self.app_handle.app_handle();
|
|
||||||
let client_pid = get_client_pid(&stream)?;
|
|
||||||
rt::spawn(async move {
|
|
||||||
super::handle(stream, new_handle, client_pid)
|
|
||||||
.await
|
|
||||||
.error_print_prefix("Error responding to request: ");
|
|
||||||
});
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
fn get_client_pid(pipe: &NamedPipeServer) -> Result<u32, ClientInfoError> {
|
|
||||||
let raw_handle = pipe.as_raw_handle();
|
|
||||||
let mut pid = 0u32;
|
|
||||||
let handle = HANDLE(raw_handle as _);
|
|
||||||
unsafe { GetNamedPipeClientProcessId(handle, &mut pid as *mut u32)? };
|
|
||||||
Ok(pid)
|
|
||||||
}
|
|
@ -1,12 +1,13 @@
|
|||||||
use serde::{Serialize, Deserialize};
|
use serde::{Serialize, Deserialize};
|
||||||
|
|
||||||
use tauri::{
|
use tauri::async_runtime as rt;
|
||||||
GlobalShortcutManager,
|
|
||||||
Manager,
|
use tauri_plugin_global_shortcut::{
|
||||||
async_runtime as rt,
|
GlobalShortcutExt,
|
||||||
|
Error as ShortcutError,
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::app::APP;
|
use crate::app::{self, APP};
|
||||||
use crate::config::HotkeysConfig;
|
use crate::config::HotkeysConfig;
|
||||||
use crate::errors::*;
|
use crate::errors::*;
|
||||||
use crate::terminal;
|
use crate::terminal;
|
||||||
@ -21,38 +22,46 @@ pub enum ShortcutAction {
|
|||||||
|
|
||||||
pub fn exec_shortcut(action: ShortcutAction) {
|
pub fn exec_shortcut(action: ShortcutAction) {
|
||||||
match action {
|
match action {
|
||||||
|
ShortcutAction::LaunchTerminal => launch_terminal(),
|
||||||
ShortcutAction::ShowWindow => {
|
ShortcutAction::ShowWindow => {
|
||||||
let app = APP.get().unwrap();
|
let app = APP.get().unwrap();
|
||||||
app.get_window("main")
|
app::show_main_window(app)
|
||||||
.ok_or("Couldn't find application main window")
|
.error_popup("Failed to show Creddy");
|
||||||
.map(|w| w.show().error_popup("Failed to show window"))
|
|
||||||
.error_popup("Failed to show window");
|
|
||||||
},
|
|
||||||
ShortcutAction::LaunchTerminal => {
|
|
||||||
rt::spawn(async {
|
|
||||||
terminal::launch(false).await.error_popup("Failed to launch terminal");
|
|
||||||
});
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub fn register_hotkeys(hotkeys: &HotkeysConfig) -> tauri::Result<()> {
|
fn launch_terminal() {
|
||||||
|
rt::spawn(async {
|
||||||
|
terminal::launch(false)
|
||||||
|
.await
|
||||||
|
.error_popup("Failed to launch terminal")
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub fn register_hotkeys(hotkeys: &HotkeysConfig) -> Result<(), ShortcutError> {
|
||||||
let app = APP.get().unwrap();
|
let app = APP.get().unwrap();
|
||||||
let mut manager = app.global_shortcut_manager();
|
let shortcuts = app.global_shortcut();
|
||||||
manager.unregister_all()?;
|
shortcuts.unregister_all([
|
||||||
|
hotkeys.show_window.keys.as_str(),
|
||||||
|
hotkeys.launch_terminal.keys.as_str(),
|
||||||
|
])?;
|
||||||
|
|
||||||
if hotkeys.show_window.enabled {
|
if hotkeys.show_window.enabled {
|
||||||
manager.register(
|
shortcuts.on_shortcut(
|
||||||
&hotkeys.show_window.keys,
|
hotkeys.show_window.keys.as_str(),
|
||||||
|| exec_shortcut(ShortcutAction::ShowWindow)
|
|app, _shortcut, _event| {
|
||||||
|
app::show_main_window(app).error_popup("Failed to show Creddy")
|
||||||
|
}
|
||||||
)?;
|
)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
if hotkeys.launch_terminal.enabled {
|
if hotkeys.launch_terminal.enabled {
|
||||||
manager.register(
|
shortcuts.on_shortcut(
|
||||||
&hotkeys.launch_terminal.keys,
|
hotkeys.launch_terminal.keys.as_str(),
|
||||||
|| exec_shortcut(ShortcutAction::LaunchTerminal)
|
|_app, _shortcut, _event| launch_terminal()
|
||||||
)?;
|
)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
115
src-tauri/src/srv/agent.rs
Normal file
115
src-tauri/src/srv/agent.rs
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
use futures::SinkExt;
|
||||||
|
use ssh_agent_lib::agent::MessageCodec;
|
||||||
|
use ssh_agent_lib::proto::message::{
|
||||||
|
Message,
|
||||||
|
SignRequest,
|
||||||
|
};
|
||||||
|
use tauri::{AppHandle, Manager};
|
||||||
|
use tokio_stream::StreamExt;
|
||||||
|
use tokio::sync::oneshot;
|
||||||
|
use tokio_util::codec::Framed;
|
||||||
|
|
||||||
|
use crate::clientinfo;
|
||||||
|
use crate::errors::*;
|
||||||
|
use crate::ipc::{Approval, RequestNotification};
|
||||||
|
use crate::state::AppState;
|
||||||
|
|
||||||
|
use super::{CloseWaiter, Stream};
|
||||||
|
|
||||||
|
|
||||||
|
pub fn serve(app_handle: AppHandle) -> std::io::Result<()> {
|
||||||
|
super::serve("creddy-agent", app_handle, handle)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
async fn handle(
|
||||||
|
stream: Stream,
|
||||||
|
app_handle: AppHandle,
|
||||||
|
client_pid: u32
|
||||||
|
) -> Result<(), HandlerError> {
|
||||||
|
let mut adapter = Framed::new(stream, MessageCodec);
|
||||||
|
while let Some(message) = adapter.try_next().await? {
|
||||||
|
match message {
|
||||||
|
Message::RequestIdentities => {
|
||||||
|
let resp = list_identities(app_handle.clone()).await?;
|
||||||
|
adapter.send(resp).await?;
|
||||||
|
},
|
||||||
|
Message::SignRequest(req) => {
|
||||||
|
// Note: If the client writes more data to the stream *while* at the
|
||||||
|
// same time waiting for a resopnse to a previous request, this will
|
||||||
|
// corrupt the framing. Clients don't seem to behave that way though?
|
||||||
|
let waiter = CloseWaiter { stream: adapter.get_mut() };
|
||||||
|
let resp = sign_request(req, app_handle.clone(), client_pid, waiter).await?;
|
||||||
|
|
||||||
|
// have to do this before we send since we can't inspect the message after
|
||||||
|
let is_failure = matches!(resp, Message::Failure);
|
||||||
|
adapter.send(resp).await?;
|
||||||
|
|
||||||
|
if is_failure {
|
||||||
|
// this way we don't get spammed with requests for other keys
|
||||||
|
// after denying the first
|
||||||
|
break
|
||||||
|
}
|
||||||
|
},
|
||||||
|
_ => adapter.send(Message::Failure).await?,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
async fn list_identities(app_handle: AppHandle) -> Result<Message, HandlerError> {
|
||||||
|
let state = app_handle.state::<AppState>();
|
||||||
|
let identities = state.list_ssh_identities().await?;
|
||||||
|
Ok(Message::IdentitiesAnswer(identities))
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
async fn sign_request(
|
||||||
|
req: SignRequest,
|
||||||
|
app_handle: AppHandle,
|
||||||
|
client_pid: u32,
|
||||||
|
mut waiter: CloseWaiter<'_>,
|
||||||
|
) -> Result<Message, HandlerError> {
|
||||||
|
let state = app_handle.state::<AppState>();
|
||||||
|
let rehide_ms = {
|
||||||
|
let config = state.config.read().await;
|
||||||
|
config.rehide_ms
|
||||||
|
};
|
||||||
|
let client = clientinfo::get_client(client_pid, false)?;
|
||||||
|
let lease = state.acquire_visibility_lease(rehide_ms).await
|
||||||
|
.map_err(|_e| HandlerError::NoMainWindow)?;
|
||||||
|
|
||||||
|
let (chan_send, chan_recv) = oneshot::channel();
|
||||||
|
let request_id = state.register_request(chan_send).await;
|
||||||
|
|
||||||
|
let proceed = async {
|
||||||
|
let key_name = state.ssh_name_from_pubkey(&req.pubkey_blob).await?;
|
||||||
|
let notification = RequestNotification::new_ssh(request_id, client, key_name.clone());
|
||||||
|
app_handle.emit("credential-request", ¬ification)?;
|
||||||
|
|
||||||
|
let response = tokio::select! {
|
||||||
|
r = chan_recv => r?,
|
||||||
|
_ = waiter.wait_for_close() => {
|
||||||
|
app_handle.emit("request-cancelled", request_id)?;
|
||||||
|
return Err(HandlerError::Abandoned);
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Approval::Denied = response.approval {
|
||||||
|
return Ok(Message::Failure);
|
||||||
|
}
|
||||||
|
|
||||||
|
let key = state.sshkey_by_name(&key_name).await?;
|
||||||
|
let sig = key.sign_request(&req)?;
|
||||||
|
Ok(Message::SignResponse(sig))
|
||||||
|
};
|
||||||
|
|
||||||
|
let res = proceed.await;
|
||||||
|
if let Err(_) = &res {
|
||||||
|
state.unregister_request(request_id).await;
|
||||||
|
}
|
||||||
|
|
||||||
|
lease.release();
|
||||||
|
res
|
||||||
|
}
|
@ -1,68 +1,31 @@
|
|||||||
|
use tauri::{AppHandle, Manager};
|
||||||
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
||||||
use tokio::sync::oneshot;
|
use tokio::sync::oneshot;
|
||||||
|
|
||||||
use serde::{Serialize, Deserialize};
|
|
||||||
|
|
||||||
use tauri::{AppHandle, Manager};
|
|
||||||
|
|
||||||
use crate::errors::*;
|
|
||||||
use crate::clientinfo::{self, Client};
|
use crate::clientinfo::{self, Client};
|
||||||
use crate::credentials::Credentials;
|
use crate::errors::*;
|
||||||
use crate::ipc::{Approval, AwsRequestNotification};
|
use crate::ipc::{Approval, RequestNotification};
|
||||||
use crate::state::AppState;
|
|
||||||
use crate::shortcuts::{self, ShortcutAction};
|
use crate::shortcuts::{self, ShortcutAction};
|
||||||
|
use crate::state::AppState;
|
||||||
#[cfg(windows)]
|
use super::{
|
||||||
mod server_win;
|
CloseWaiter,
|
||||||
#[cfg(windows)]
|
CliCredential,
|
||||||
pub use server_win::Server;
|
CliRequest,
|
||||||
#[cfg(windows)]
|
CliResponse,
|
||||||
use server_win::Stream;
|
Stream,
|
||||||
|
};
|
||||||
#[cfg(unix)]
|
|
||||||
mod server_unix;
|
|
||||||
#[cfg(unix)]
|
|
||||||
pub use server_unix::Server;
|
|
||||||
#[cfg(unix)]
|
|
||||||
use server_unix::Stream;
|
|
||||||
|
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize)]
|
pub fn serve(app_handle: AppHandle) -> std::io::Result<()> {
|
||||||
pub enum Request {
|
super::serve("creddy-server", app_handle, handle)
|
||||||
GetAwsCredentials{
|
|
||||||
base: bool,
|
|
||||||
},
|
|
||||||
InvokeShortcut(ShortcutAction),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[derive(Debug, Serialize, Deserialize)]
|
async fn handle(
|
||||||
pub enum Response {
|
mut stream: Stream,
|
||||||
Aws(Credentials),
|
app_handle: AppHandle,
|
||||||
Empty,
|
client_pid: u32
|
||||||
}
|
) -> Result<(), HandlerError> {
|
||||||
|
|
||||||
|
|
||||||
struct CloseWaiter<'s> {
|
|
||||||
stream: &'s mut Stream,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl<'s> CloseWaiter<'s> {
|
|
||||||
async fn wait_for_close(&mut self) -> std::io::Result<()> {
|
|
||||||
let mut buf = [0u8; 8];
|
|
||||||
loop {
|
|
||||||
match self.stream.read(&mut buf).await {
|
|
||||||
Ok(0) => break Ok(()),
|
|
||||||
Ok(_) => (),
|
|
||||||
Err(e) => break Err(e),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
async fn handle(mut stream: Stream, app_handle: AppHandle, client_pid: u32) -> Result<(), HandlerError>
|
|
||||||
{
|
|
||||||
// read from stream until delimiter is reached
|
// read from stream until delimiter is reached
|
||||||
let mut buf: Vec<u8> = Vec::with_capacity(1024); // requests are small, 1KiB is more than enough
|
let mut buf: Vec<u8> = Vec::with_capacity(1024); // requests are small, 1KiB is more than enough
|
||||||
let mut n = 0;
|
let mut n = 0;
|
||||||
@ -71,20 +34,22 @@ async fn handle(mut stream: Stream, app_handle: AppHandle, client_pid: u32) -> R
|
|||||||
if let Some(&b'\n') = buf.last() {
|
if let Some(&b'\n') = buf.last() {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else if n >= 1024 {
|
// sanity check, no request should ever be within a mile of 1MB
|
||||||
|
else if n >= (1024 * 1024) {
|
||||||
return Err(HandlerError::RequestTooLarge);
|
return Err(HandlerError::RequestTooLarge);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let client = clientinfo::get_process_parent_info(client_pid)?;
|
let client = clientinfo::get_client(client_pid, true)?;
|
||||||
let waiter = CloseWaiter { stream: &mut stream };
|
let waiter = CloseWaiter { stream: &mut stream };
|
||||||
|
|
||||||
let req: Request = serde_json::from_slice(&buf)?;
|
|
||||||
|
let req: CliRequest = serde_json::from_slice(&buf)?;
|
||||||
let res = match req {
|
let res = match req {
|
||||||
Request::GetAwsCredentials{ base } => get_aws_credentials(
|
CliRequest::GetCredential{ name, base } => get_aws_credentials(
|
||||||
base, client, app_handle, waiter
|
name, base, client, app_handle, waiter
|
||||||
).await,
|
).await,
|
||||||
Request::InvokeShortcut(action) => invoke_shortcut(action).await,
|
CliRequest::InvokeShortcut(action) => invoke_shortcut(action).await,
|
||||||
};
|
};
|
||||||
|
|
||||||
// doesn't make sense to send the error to the client if the client has already left
|
// doesn't make sense to send the error to the client if the client has already left
|
||||||
@ -98,18 +63,19 @@ async fn handle(mut stream: Stream, app_handle: AppHandle, client_pid: u32) -> R
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
async fn invoke_shortcut(action: ShortcutAction) -> Result<Response, HandlerError> {
|
async fn invoke_shortcut(action: ShortcutAction) -> Result<CliResponse, HandlerError> {
|
||||||
shortcuts::exec_shortcut(action);
|
shortcuts::exec_shortcut(action);
|
||||||
Ok(Response::Empty)
|
Ok(CliResponse::Empty)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
async fn get_aws_credentials(
|
async fn get_aws_credentials(
|
||||||
|
name: Option<String>,
|
||||||
base: bool,
|
base: bool,
|
||||||
client: Client,
|
client: Client,
|
||||||
app_handle: AppHandle,
|
app_handle: AppHandle,
|
||||||
mut waiter: CloseWaiter<'_>,
|
mut waiter: CloseWaiter<'_>,
|
||||||
) -> Result<Response, HandlerError> {
|
) -> Result<CliResponse, HandlerError> {
|
||||||
let state = app_handle.state::<AppState>();
|
let state = app_handle.state::<AppState>();
|
||||||
let rehide_ms = {
|
let rehide_ms = {
|
||||||
let config = state.config.read().await;
|
let config = state.config.read().await;
|
||||||
@ -125,13 +91,15 @@ async fn get_aws_credentials(
|
|||||||
// but ? returns immediately, and we want to unregister the request before returning
|
// but ? returns immediately, and we want to unregister the request before returning
|
||||||
// so we bundle it all up in an async block and return a Result so we can handle errors
|
// so we bundle it all up in an async block and return a Result so we can handle errors
|
||||||
let proceed = async {
|
let proceed = async {
|
||||||
let notification = AwsRequestNotification {id: request_id, client, base};
|
let notification = RequestNotification::new_aws(
|
||||||
app_handle.emit_all("credentials-request", ¬ification)?;
|
request_id, client, name.clone(), base
|
||||||
|
);
|
||||||
|
app_handle.emit("credential-request", ¬ification)?;
|
||||||
|
|
||||||
let response = tokio::select! {
|
let response = tokio::select! {
|
||||||
r = chan_recv => r?,
|
r = chan_recv => r?,
|
||||||
_ = waiter.wait_for_close() => {
|
_ = waiter.wait_for_close() => {
|
||||||
app_handle.emit_all("request-cancelled", request_id)?;
|
app_handle.emit("request-cancelled", request_id)?;
|
||||||
return Err(HandlerError::Abandoned);
|
return Err(HandlerError::Abandoned);
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
@ -139,12 +107,12 @@ async fn get_aws_credentials(
|
|||||||
match response.approval {
|
match response.approval {
|
||||||
Approval::Approved => {
|
Approval::Approved => {
|
||||||
if response.base {
|
if response.base {
|
||||||
let creds = state.base_creds_cloned().await?;
|
let creds = state.get_aws_base(name).await?;
|
||||||
Ok(Response::Aws(Credentials::Base(creds)))
|
Ok(CliResponse::Credential(CliCredential::AwsBase(creds)))
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
let creds = state.session_creds_cloned().await?;
|
let creds = state.get_aws_session(name).await?.clone();
|
||||||
Ok(Response::Aws(Credentials::Session(creds)))
|
Ok(CliResponse::Credential(CliCredential::AwsSession(creds)))
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
Approval::Denied => Err(HandlerError::Denied),
|
Approval::Denied => Err(HandlerError::Denied),
|
||||||
@ -156,7 +124,7 @@ async fn get_aws_credentials(
|
|||||||
Err(e) => {
|
Err(e) => {
|
||||||
state.unregister_request(request_id).await;
|
state.unregister_request(request_id).await;
|
||||||
Err(e)
|
Err(e)
|
||||||
}
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
lease.release();
|
lease.release();
|
164
src-tauri/src/srv/mod.rs
Normal file
164
src-tauri/src/srv/mod.rs
Normal file
@ -0,0 +1,164 @@
|
|||||||
|
use std::future::Future;
|
||||||
|
|
||||||
|
use tauri::{
|
||||||
|
AppHandle,
|
||||||
|
async_runtime as rt,
|
||||||
|
};
|
||||||
|
use tokio::io::AsyncReadExt;
|
||||||
|
use serde::{Serialize, Deserialize};
|
||||||
|
|
||||||
|
use crate::credentials::{AwsBaseCredential, AwsSessionCredential};
|
||||||
|
use crate::errors::*;
|
||||||
|
use crate::shortcuts::ShortcutAction;
|
||||||
|
|
||||||
|
pub mod creddy_server;
|
||||||
|
pub mod agent;
|
||||||
|
use platform::Stream;
|
||||||
|
|
||||||
|
|
||||||
|
// These types match what's defined in creddy_cli, but they are separate types
|
||||||
|
// so that we avoid polluting the standalone CLI with a bunch of dependencies
|
||||||
|
// that would make it impossible to build a completely static-linked version
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub enum CliRequest {
|
||||||
|
GetCredential {
|
||||||
|
name: Option<String>,
|
||||||
|
base: bool,
|
||||||
|
},
|
||||||
|
InvokeShortcut(ShortcutAction),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub enum CliResponse {
|
||||||
|
Credential(CliCredential),
|
||||||
|
Empty,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
pub enum CliCredential {
|
||||||
|
AwsBase(AwsBaseCredential),
|
||||||
|
AwsSession(AwsSessionCredential),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
struct CloseWaiter<'s> {
|
||||||
|
stream: &'s mut Stream,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'s> CloseWaiter<'s> {
|
||||||
|
async fn wait_for_close(&mut self) -> std::io::Result<()> {
|
||||||
|
let mut buf = [0u8; 8];
|
||||||
|
loop {
|
||||||
|
match self.stream.read(&mut buf).await {
|
||||||
|
Ok(0) => break Ok(()),
|
||||||
|
Ok(_) => (),
|
||||||
|
Err(e) => break Err(e),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn serve<H, F>(sock_name: &str, app_handle: AppHandle, handler: H) -> std::io::Result<()>
|
||||||
|
where H: Copy + Send + Fn(Stream, AppHandle, u32) -> F + 'static,
|
||||||
|
F: Send + Future<Output = Result<(), HandlerError>>,
|
||||||
|
{
|
||||||
|
let (mut listener, addr) = platform::bind(sock_name)?;
|
||||||
|
rt::spawn(async move {
|
||||||
|
loop {
|
||||||
|
let (stream, client_pid) = match platform::accept(&mut listener, &addr).await {
|
||||||
|
Ok((s, c)) => (s, c),
|
||||||
|
Err(e) => {
|
||||||
|
eprintln!("Error accepting request: {e}");
|
||||||
|
continue;
|
||||||
|
},
|
||||||
|
};
|
||||||
|
let new_handle = app_handle.clone();
|
||||||
|
rt::spawn(async move {
|
||||||
|
handler(stream, new_handle, client_pid)
|
||||||
|
.await
|
||||||
|
.error_print_prefix("Error responding to request: ");
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(unix)]
|
||||||
|
mod platform {
|
||||||
|
use std::io::ErrorKind;
|
||||||
|
use std::path::PathBuf;
|
||||||
|
use tokio::net::{UnixListener, UnixStream};
|
||||||
|
use super::*;
|
||||||
|
|
||||||
|
|
||||||
|
pub type Stream = UnixStream;
|
||||||
|
|
||||||
|
pub fn bind(sock_name: &str) -> std::io::Result<(UnixListener, PathBuf)> {
|
||||||
|
let path = creddy_cli::server_addr(sock_name);
|
||||||
|
match std::fs::remove_file(&path) {
|
||||||
|
Ok(_) => (),
|
||||||
|
Err(e) if e.kind() == ErrorKind::NotFound => (),
|
||||||
|
Err(e) => return Err(e),
|
||||||
|
}
|
||||||
|
|
||||||
|
let listener = UnixListener::bind(&path)?;
|
||||||
|
Ok((listener, path))
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn accept(listener: &mut UnixListener, _addr: &PathBuf) -> Result<(UnixStream, u32), HandlerError> {
|
||||||
|
let (stream, _addr) = listener.accept().await?;
|
||||||
|
let pid = stream.peer_cred()?
|
||||||
|
.pid()
|
||||||
|
.ok_or(ClientInfoError::PidNotFound)?
|
||||||
|
as u32;
|
||||||
|
|
||||||
|
Ok((stream, pid))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(windows)]
|
||||||
|
mod platform {
|
||||||
|
use std::os::windows::io::AsRawHandle;
|
||||||
|
use tokio::net::windows::named_pipe::{
|
||||||
|
NamedPipeServer,
|
||||||
|
ServerOptions,
|
||||||
|
};
|
||||||
|
use windows::Win32::{
|
||||||
|
Foundation::HANDLE,
|
||||||
|
System::Pipes::GetNamedPipeClientProcessId,
|
||||||
|
};
|
||||||
|
use super::*;
|
||||||
|
|
||||||
|
|
||||||
|
pub type Stream = NamedPipeServer;
|
||||||
|
|
||||||
|
pub fn bind(sock_name: &str) -> std::io::Result<(String, NamedPipeServer)> {
|
||||||
|
let addr = creddy_cli::server_addr(sock_name);
|
||||||
|
let listener = ServerOptions::new()
|
||||||
|
.first_pipe_instance(true)
|
||||||
|
.create(&addr)?;
|
||||||
|
Ok((listener, addr))
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn accept(listener: &mut NamedPipeServer, addr: &String) -> Result<(NamedPipeServer, u32), HandlerError> {
|
||||||
|
// connect() just waits for a client to connect, it doesn't return anything
|
||||||
|
listener.connect().await?;
|
||||||
|
|
||||||
|
// unlike Unix sockets, a Windows NamedPipeServer *becomes* the open stream
|
||||||
|
// once a client connects. If we want to keep listening, we have to construct
|
||||||
|
// a new server and swap it in.
|
||||||
|
let new_listener = ServerOptions::new().create(addr)?;
|
||||||
|
let stream = std::mem::replace(listener, new_listener);
|
||||||
|
|
||||||
|
let raw_handle = stream.as_raw_handle();
|
||||||
|
let mut pid = 0u32;
|
||||||
|
let handle = HANDLE(raw_handle as _);
|
||||||
|
unsafe { GetNamedPipeClientProcessId(handle, &mut pid as *mut u32)? };
|
||||||
|
Ok((stream, pid))
|
||||||
|
}
|
||||||
|
}
|
@ -1,12 +1,15 @@
|
|||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
use std::collections::hash_map::Entry;
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
use time::OffsetDateTime;
|
use time::OffsetDateTime;
|
||||||
|
|
||||||
use tokio::{
|
use tokio::{
|
||||||
sync::RwLock,
|
sync::{RwLock, RwLockReadGuard},
|
||||||
sync::oneshot::{self, Sender},
|
sync::oneshot::{self, Sender},
|
||||||
};
|
};
|
||||||
|
use ssh_agent_lib::proto::message::Identity;
|
||||||
use sqlx::SqlitePool;
|
use sqlx::SqlitePool;
|
||||||
|
use sqlx::types::Uuid;
|
||||||
use tauri::{
|
use tauri::{
|
||||||
Manager,
|
Manager,
|
||||||
async_runtime as rt,
|
async_runtime as rt,
|
||||||
@ -14,12 +17,18 @@ use tauri::{
|
|||||||
|
|
||||||
use crate::app;
|
use crate::app;
|
||||||
use crate::credentials::{
|
use crate::credentials::{
|
||||||
Session,
|
AppSession,
|
||||||
BaseCredentials,
|
AwsSessionCredential,
|
||||||
SessionCredentials,
|
SshKey,
|
||||||
};
|
};
|
||||||
use crate::{config, config::AppConfig};
|
use crate::{config, config::AppConfig};
|
||||||
use crate::ipc::{self, Approval, RequestResponse};
|
use crate::credentials::{
|
||||||
|
AwsBaseCredential,
|
||||||
|
Credential,
|
||||||
|
CredentialRecord,
|
||||||
|
PersistentCredential
|
||||||
|
};
|
||||||
|
use crate::ipc::{self, RequestResponse};
|
||||||
use crate::errors::*;
|
use crate::errors::*;
|
||||||
use crate::shortcuts;
|
use crate::shortcuts;
|
||||||
|
|
||||||
@ -37,7 +46,7 @@ impl Visibility {
|
|||||||
|
|
||||||
fn acquire(&mut self, delay_ms: u64) -> Result<VisibilityLease, WindowError> {
|
fn acquire(&mut self, delay_ms: u64) -> Result<VisibilityLease, WindowError> {
|
||||||
let app = crate::app::APP.get().unwrap();
|
let app = crate::app::APP.get().unwrap();
|
||||||
let window = app.get_window("main")
|
let window = app.get_webview_window("main")
|
||||||
.ok_or(WindowError::NoMainWindow)?;
|
.ok_or(WindowError::NoMainWindow)?;
|
||||||
|
|
||||||
self.leases += 1;
|
self.leases += 1;
|
||||||
@ -63,18 +72,17 @@ impl Visibility {
|
|||||||
let lease = VisibilityLease { notify: tx };
|
let lease = VisibilityLease { notify: tx };
|
||||||
|
|
||||||
let delay = Duration::from_millis(delay_ms);
|
let delay = Duration::from_millis(delay_ms);
|
||||||
let handle = app.app_handle();
|
|
||||||
rt::spawn(async move {
|
rt::spawn(async move {
|
||||||
// We don't care if it's an error; lease being dropped should be handled identically
|
// We don't care if it's an error; lease being dropped should be handled identically
|
||||||
let _ = rx.await;
|
let _ = rx.await;
|
||||||
tokio::time::sleep(delay).await;
|
tokio::time::sleep(delay).await;
|
||||||
// we can't use `self` here because we would have to move it into the async block
|
// we can't use `self` here because we would have to move it into the async block
|
||||||
let state = handle.state::<AppState>();
|
let state = app.state::<AppState>();
|
||||||
let mut visibility = state.visibility.write().await;
|
let mut visibility = state.visibility.write().await;
|
||||||
visibility.leases -= 1;
|
visibility.leases -= 1;
|
||||||
if visibility.leases == 0 {
|
if visibility.leases == 0 {
|
||||||
if let Some(false) = visibility.original {
|
if let Some(false) = visibility.original {
|
||||||
app::hide_main_window(&handle).error_print();
|
app::hide_main_window(app).error_print();
|
||||||
}
|
}
|
||||||
visibility.original = None;
|
visibility.original = None;
|
||||||
}
|
}
|
||||||
@ -102,7 +110,9 @@ impl VisibilityLease {
|
|||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct AppState {
|
pub struct AppState {
|
||||||
pub config: RwLock<AppConfig>,
|
pub config: RwLock<AppConfig>,
|
||||||
pub session: RwLock<Session>,
|
pub app_session: RwLock<AppSession>,
|
||||||
|
// session cache is keyed on id rather than name because names can change
|
||||||
|
pub aws_sessions: RwLock<HashMap<Uuid, AwsSessionCredential>>,
|
||||||
pub last_activity: RwLock<OffsetDateTime>,
|
pub last_activity: RwLock<OffsetDateTime>,
|
||||||
pub request_count: RwLock<u64>,
|
pub request_count: RwLock<u64>,
|
||||||
pub waiting_requests: RwLock<HashMap<u64, Sender<RequestResponse>>>,
|
pub waiting_requests: RwLock<HashMap<u64, Sender<RequestResponse>>>,
|
||||||
@ -117,14 +127,15 @@ pub struct AppState {
|
|||||||
impl AppState {
|
impl AppState {
|
||||||
pub fn new(
|
pub fn new(
|
||||||
config: AppConfig,
|
config: AppConfig,
|
||||||
session: Session,
|
app_session: AppSession,
|
||||||
pool: SqlitePool,
|
pool: SqlitePool,
|
||||||
setup_errors: Vec<String>,
|
setup_errors: Vec<String>,
|
||||||
desktop_is_gnome: bool,
|
desktop_is_gnome: bool,
|
||||||
) -> AppState {
|
) -> AppState {
|
||||||
AppState {
|
AppState {
|
||||||
config: RwLock::new(config),
|
config: RwLock::new(config),
|
||||||
session: RwLock::new(session),
|
app_session: RwLock::new(app_session),
|
||||||
|
aws_sessions: RwLock::new(HashMap::new()),
|
||||||
last_activity: RwLock::new(OffsetDateTime::now_utc()),
|
last_activity: RwLock::new(OffsetDateTime::now_utc()),
|
||||||
request_count: RwLock::new(0),
|
request_count: RwLock::new(0),
|
||||||
waiting_requests: RwLock::new(HashMap::new()),
|
waiting_requests: RwLock::new(HashMap::new()),
|
||||||
@ -136,12 +147,47 @@ impl AppState {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn new_creds(&self, base_creds: BaseCredentials, passphrase: &str) -> Result<(), UnlockError> {
|
pub async fn save_credential(&self, record: CredentialRecord) -> Result<(), SaveCredentialsError> {
|
||||||
let locked = base_creds.encrypt(passphrase)?;
|
let session = self.app_session.read().await;
|
||||||
// do this first so that if it fails we don't save bad credentials
|
let crypto = session.try_get_crypto()?;
|
||||||
self.new_session(base_creds).await?;
|
record.save(crypto, &self.pool).await
|
||||||
locked.save(&self.pool).await?;
|
}
|
||||||
|
|
||||||
|
pub async fn delete_credential(&self, id: &Uuid) -> Result<(), SaveCredentialsError> {
|
||||||
|
sqlx::query!("DELETE FROM credentials WHERE id = ?", id)
|
||||||
|
.execute(&self.pool)
|
||||||
|
.await?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn list_credentials(&self) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
|
||||||
|
let session = self.app_session.read().await;
|
||||||
|
let crypto = session.try_get_crypto()?;
|
||||||
|
let list = CredentialRecord::list(crypto, &self.pool).await?;
|
||||||
|
Ok(list)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn list_ssh_identities(&self) -> Result<Vec<Identity>, GetCredentialsError> {
|
||||||
|
Ok(SshKey::list_identities(&self.pool).await?)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn set_passphrase(&self, passphrase: &str) -> Result<(), SaveCredentialsError> {
|
||||||
|
let mut cur_session = self.app_session.write().await;
|
||||||
|
if let AppSession::Locked {..} = *cur_session {
|
||||||
|
return Err(SaveCredentialsError::Locked);
|
||||||
|
}
|
||||||
|
|
||||||
|
let new_session = AppSession::new(passphrase)?;
|
||||||
|
if let AppSession::Unlocked {salt: _, ref crypto} = *cur_session {
|
||||||
|
CredentialRecord::rekey(
|
||||||
|
crypto,
|
||||||
|
new_session.try_get_crypto().expect("AppSession::new() should always return Unlocked"),
|
||||||
|
&self.pool,
|
||||||
|
).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
new_session.save(&self.pool).await?;
|
||||||
|
*cur_session = new_session;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -188,11 +234,6 @@ impl AppState {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub async fn send_response(&self, response: ipc::RequestResponse) -> Result<(), SendResponseError> {
|
pub async fn send_response(&self, response: ipc::RequestResponse) -> Result<(), SendResponseError> {
|
||||||
if let Approval::Approved = response.approval {
|
|
||||||
let mut session = self.session.write().await;
|
|
||||||
session.renew_if_expired().await?;
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut waiting_requests = self.waiting_requests.write().await;
|
let mut waiting_requests = self.waiting_requests.write().await;
|
||||||
waiting_requests
|
waiting_requests
|
||||||
.remove(&response.id)
|
.remove(&response.id)
|
||||||
@ -202,33 +243,85 @@ impl AppState {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub async fn unlock(&self, passphrase: &str) -> Result<(), UnlockError> {
|
pub async fn unlock(&self, passphrase: &str) -> Result<(), UnlockError> {
|
||||||
let base_creds = match *self.session.read().await {
|
let mut session = self.app_session.write().await;
|
||||||
Session::Empty => {return Err(UnlockError::NoCredentials);},
|
session.unlock(passphrase)
|
||||||
Session::Unlocked{..} => {return Err(UnlockError::NotLocked);},
|
|
||||||
Session::Locked(ref locked) => locked.decrypt(passphrase)?,
|
|
||||||
};
|
|
||||||
// Read lock is dropped here, so this doesn't deadlock
|
|
||||||
self.new_session(base_creds).await?;
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn lock(&self) -> Result<(), LockError> {
|
pub async fn lock(&self) -> Result<(), LockError> {
|
||||||
let mut session = self.session.write().await;
|
let mut session = self.app_session.write().await;
|
||||||
match *session {
|
match *session {
|
||||||
Session::Empty => Err(LockError::NotUnlocked),
|
AppSession::Empty => Err(LockError::NotUnlocked),
|
||||||
Session::Locked(_) => Err(LockError::NotUnlocked),
|
AppSession::Locked{..} => Err(LockError::NotUnlocked),
|
||||||
Session::Unlocked{..} => {
|
AppSession::Unlocked{..} => {
|
||||||
*session = Session::load(&self.pool).await?;
|
*session = AppSession::load(&self.pool).await?;
|
||||||
|
|
||||||
let app_handle = app::APP.get().unwrap();
|
let app_handle = app::APP.get().unwrap();
|
||||||
app_handle.emit_all("locked", None::<usize>)?;
|
app_handle.emit("locked", None::<usize>)?;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub async fn reset_session(&self) -> Result<(), SaveCredentialsError> {
|
||||||
|
let mut session = self.app_session.write().await;
|
||||||
|
session.reset(&self.pool).await?;
|
||||||
|
sqlx::query!("DELETE FROM credentials").execute(&self.pool).await?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn get_aws_base(&self, name: Option<String>) -> Result<AwsBaseCredential, GetCredentialsError> {
|
||||||
|
let app_session = self.app_session.read().await;
|
||||||
|
let crypto = app_session.try_get_crypto()?;
|
||||||
|
let creds = match name {
|
||||||
|
Some(n) => AwsBaseCredential::load_by_name(&n, crypto, &self.pool).await?,
|
||||||
|
None => AwsBaseCredential::load_default(crypto, &self.pool).await?,
|
||||||
|
};
|
||||||
|
Ok(creds)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn get_aws_session(&self, name: Option<String>) -> Result<RwLockReadGuard<'_, AwsSessionCredential>, GetCredentialsError> {
|
||||||
|
let app_session = self.app_session.read().await;
|
||||||
|
let crypto = app_session.try_get_crypto()?;
|
||||||
|
let record = match name {
|
||||||
|
Some(n) => CredentialRecord::load_by_name(&n, crypto, &self.pool).await?,
|
||||||
|
None => CredentialRecord::load_default("aws", crypto, &self.pool).await?,
|
||||||
|
};
|
||||||
|
let base = match &record.credential {
|
||||||
|
Credential::AwsBase(b) => Ok(b),
|
||||||
|
_ => Err(LoadCredentialsError::NoCredentials)
|
||||||
|
}?;
|
||||||
|
|
||||||
|
{
|
||||||
|
let mut aws_sessions = self.aws_sessions.write().await;
|
||||||
|
match aws_sessions.entry(record.id) {
|
||||||
|
Entry::Vacant(e) => {
|
||||||
|
e.insert(AwsSessionCredential::from_base(&base).await?);
|
||||||
|
},
|
||||||
|
Entry::Occupied(mut e) if e.get().is_expired() => {
|
||||||
|
*(e.get_mut()) = AwsSessionCredential::from_base(&base).await?;
|
||||||
|
},
|
||||||
|
_ => ()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// we know the unwrap is safe, because we just made sure of it
|
||||||
|
let s = RwLockReadGuard::map(self.aws_sessions.read().await, |map| map.get(&record.id).unwrap());
|
||||||
|
Ok(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn ssh_name_from_pubkey(&self, pubkey: &[u8]) -> Result<String, GetCredentialsError> {
|
||||||
|
let k = SshKey::name_from_pubkey(pubkey, &self.pool).await?;
|
||||||
|
Ok(k)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn sshkey_by_name(&self, name: &str) -> Result<SshKey, GetCredentialsError> {
|
||||||
|
let app_session = self.app_session.read().await;
|
||||||
|
let crypto = app_session.try_get_crypto()?;
|
||||||
|
let k = SshKey::load_by_name(name, crypto, &self.pool).await?;
|
||||||
|
Ok(k)
|
||||||
|
}
|
||||||
|
|
||||||
pub async fn signal_activity(&self) {
|
pub async fn signal_activity(&self) {
|
||||||
let mut last_activity = self.last_activity.write().await;
|
let mut last_activity = self.last_activity.write().await;
|
||||||
*last_activity = OffsetDateTime::now_utc();
|
*last_activity = OffsetDateTime::now_utc();
|
||||||
@ -236,7 +329,7 @@ impl AppState {
|
|||||||
|
|
||||||
pub async fn should_auto_lock(&self) -> bool {
|
pub async fn should_auto_lock(&self) -> bool {
|
||||||
let config = self.config.read().await;
|
let config = self.config.read().await;
|
||||||
if !config.auto_lock || !self.is_unlocked().await {
|
if !config.auto_lock || self.is_locked().await {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -245,28 +338,9 @@ impl AppState {
|
|||||||
elapsed >= config.lock_after
|
elapsed >= config.lock_after
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn is_unlocked(&self) -> bool {
|
pub async fn is_locked(&self) -> bool {
|
||||||
let session = self.session.read().await;
|
let session = self.app_session.read().await;
|
||||||
matches!(*session, Session::Unlocked{..})
|
matches!(*session, AppSession::Locked {..})
|
||||||
}
|
|
||||||
|
|
||||||
pub async fn base_creds_cloned(&self) -> Result<BaseCredentials, GetCredentialsError> {
|
|
||||||
let app_session = self.session.read().await;
|
|
||||||
let (base, _session) = app_session.try_get()?;
|
|
||||||
Ok(base.clone())
|
|
||||||
}
|
|
||||||
|
|
||||||
pub async fn session_creds_cloned(&self) -> Result<SessionCredentials, GetCredentialsError> {
|
|
||||||
let app_session = self.session.read().await;
|
|
||||||
let (_base, session) = app_session.try_get()?;
|
|
||||||
Ok(session.clone())
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn new_session(&self, base: BaseCredentials) -> Result<(), GetSessionError> {
|
|
||||||
let session = SessionCredentials::from_base(&base).await?;
|
|
||||||
let mut app_session = self.session.write().await;
|
|
||||||
*app_session = Session::Unlocked {base, session};
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn register_terminal_request(&self) -> Result<(), ()> {
|
pub async fn register_terminal_request(&self) -> Result<(), ()> {
|
||||||
@ -286,3 +360,36 @@ impl AppState {
|
|||||||
*req = false;
|
*req = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use super::*;
|
||||||
|
use crate::credentials::Crypto;
|
||||||
|
use sqlx::types::Uuid;
|
||||||
|
|
||||||
|
|
||||||
|
fn test_state(pool: SqlitePool) -> AppState {
|
||||||
|
let salt = [0u8; 32];
|
||||||
|
let crypto = Crypto::fixed();
|
||||||
|
AppState::new(
|
||||||
|
AppConfig::default(),
|
||||||
|
AppSession::Unlocked { salt, crypto },
|
||||||
|
pool,
|
||||||
|
vec![],
|
||||||
|
false,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[sqlx::test(fixtures("./credentials/fixtures/aws_credentials.sql"))]
|
||||||
|
fn test_delete_credential(pool: SqlitePool) {
|
||||||
|
let state = test_state(pool);
|
||||||
|
let id = Uuid::try_parse("00000000-0000-0000-0000-000000000000").unwrap();
|
||||||
|
state.delete_credential(&id).await.unwrap();
|
||||||
|
|
||||||
|
// ensure delete-cascade went through correctly
|
||||||
|
let res = AwsBaseCredential::load(&id, &Crypto::fixed(), &state.pool).await;
|
||||||
|
assert!(matches!(res, Err(LoadCredentialsError::NoCredentials)));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
use std::process::Command;
|
use std::process::Command;
|
||||||
|
use std::time::Duration;
|
||||||
|
|
||||||
use tauri::Manager;
|
use tauri::{AppHandle, Manager};
|
||||||
|
use tokio::time::sleep;
|
||||||
|
|
||||||
use crate::app::APP;
|
use crate::app::APP;
|
||||||
use crate::errors::*;
|
use crate::errors::*;
|
||||||
@ -16,6 +18,18 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> {
|
|||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let res = do_launch(app, use_base).await;
|
||||||
|
|
||||||
|
state.unregister_terminal_request().await;
|
||||||
|
res
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// this handles most of the work, the outer function is just to ensure we properly
|
||||||
|
// unregister the request if there's an error
|
||||||
|
async fn do_launch(app: &AppHandle, use_base: bool) -> Result<(), LaunchTerminalError> {
|
||||||
|
let state = app.state::<AppState>();
|
||||||
|
|
||||||
let mut cmd = {
|
let mut cmd = {
|
||||||
let config = state.config.read().await;
|
let config = state.config.read().await;
|
||||||
let mut cmd = Command::new(&config.terminal.exec);
|
let mut cmd = Command::new(&config.terminal.exec);
|
||||||
@ -23,56 +37,50 @@ pub async fn launch(use_base: bool) -> Result<(), LaunchTerminalError> {
|
|||||||
cmd
|
cmd
|
||||||
};
|
};
|
||||||
|
|
||||||
// if session is unlocked or empty, wait for credentials from frontend
|
// if session is locked, wait for credentials from frontend
|
||||||
if !state.is_unlocked().await {
|
if state.is_locked().await {
|
||||||
app.emit_all("launch-terminal-request", ())?;
|
|
||||||
let lease = state.acquire_visibility_lease(0).await
|
let lease = state.acquire_visibility_lease(0).await
|
||||||
.map_err(|_e| LaunchTerminalError::NoMainWindow)?; // automate conversion eventually?
|
.map_err(|_e| LaunchTerminalError::NoMainWindow)?; // automate conversion eventually?
|
||||||
|
|
||||||
let (tx, rx) = tokio::sync::oneshot::channel();
|
let (tx, rx) = tokio::sync::oneshot::channel();
|
||||||
app.once_global("credentials-event", move |e| {
|
app.once("unlocked", move |_| {
|
||||||
let success = match e.payload() {
|
let _ = tx.send(());
|
||||||
Some("\"unlocked\"") | Some("\"entered\"") => true,
|
|
||||||
_ => false,
|
|
||||||
};
|
|
||||||
let _ = tx.send(success);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
if !rx.await.unwrap_or(false) {
|
let timeout = Duration::from_secs(60);
|
||||||
state.unregister_terminal_request().await;
|
tokio::select! {
|
||||||
return Ok(()); // request was canceled by user
|
// if the frontend is unlocked within 60 seconds, release visibility lock and proceed
|
||||||
|
_ = rx => lease.release(),
|
||||||
|
// otherwise, dump this request, but return Ok so we don't get an error popup
|
||||||
|
_ = sleep(timeout) => {
|
||||||
|
eprintln!("WARNING: Request to launch terminal timed out after 60 seconds.");
|
||||||
|
return Ok(());
|
||||||
|
},
|
||||||
}
|
}
|
||||||
lease.release();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// more lock-management
|
|
||||||
{
|
|
||||||
let app_session = state.session.read().await;
|
|
||||||
// session should really be unlocked at this point, but if the frontend misbehaves
|
// session should really be unlocked at this point, but if the frontend misbehaves
|
||||||
// (i.e. lies about unlocking) we could end up here with a locked session
|
// (i.e. lies about unlocking) we could end up here with a locked session
|
||||||
// this will result in an error popup to the user (see main hotkey handler)
|
// this will result in an error popup to the user (see main hotkey handler)
|
||||||
let (base_creds, session_creds) = app_session.try_get()?;
|
|
||||||
if use_base {
|
if use_base {
|
||||||
|
let base_creds = state.get_aws_base(None).await?;
|
||||||
cmd.env("AWS_ACCESS_KEY_ID", &base_creds.access_key_id);
|
cmd.env("AWS_ACCESS_KEY_ID", &base_creds.access_key_id);
|
||||||
cmd.env("AWS_SECRET_ACCESS_KEY", &base_creds.secret_access_key);
|
cmd.env("AWS_SECRET_ACCESS_KEY", &base_creds.secret_access_key);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
let session_creds = state.get_aws_session(None).await?;
|
||||||
cmd.env("AWS_ACCESS_KEY_ID", &session_creds.access_key_id);
|
cmd.env("AWS_ACCESS_KEY_ID", &session_creds.access_key_id);
|
||||||
cmd.env("AWS_SECRET_ACCESS_KEY", &session_creds.secret_access_key);
|
cmd.env("AWS_SECRET_ACCESS_KEY", &session_creds.secret_access_key);
|
||||||
cmd.env("AWS_SESSION_TOKEN", &session_creds.session_token);
|
cmd.env("AWS_SESSION_TOKEN", &session_creds.session_token);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
let res = match cmd.spawn() {
|
match cmd.spawn() {
|
||||||
Ok(_) => Ok(()),
|
Ok(_) => Ok(()),
|
||||||
Err(e) if std::io::ErrorKind::NotFound == e.kind() => {
|
Err(e) if std::io::ErrorKind::NotFound == e.kind() => {
|
||||||
Err(ExecError::NotFound(cmd.get_program().to_owned()))
|
Err(ExecError::NotFound(cmd.get_program().to_owned()))
|
||||||
},
|
},
|
||||||
Err(e) => Err(ExecError::ExecutionFailed(e)),
|
Err(e) => Err(ExecError::ExecutionFailed(e)),
|
||||||
};
|
}?;
|
||||||
|
|
||||||
state.unregister_terminal_request().await;
|
|
||||||
|
|
||||||
res?; // ? auto-conversion is more liberal than .into()
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
@ -1,45 +1,49 @@
|
|||||||
use tauri::{
|
use tauri::{
|
||||||
|
App,
|
||||||
AppHandle,
|
AppHandle,
|
||||||
CustomMenuItem,
|
|
||||||
Manager,
|
Manager,
|
||||||
SystemTray,
|
|
||||||
SystemTrayEvent,
|
|
||||||
SystemTrayMenu,
|
|
||||||
async_runtime as rt,
|
async_runtime as rt,
|
||||||
};
|
};
|
||||||
|
use tauri::menu::{
|
||||||
|
MenuBuilder,
|
||||||
|
MenuEvent,
|
||||||
|
MenuItemBuilder,
|
||||||
|
};
|
||||||
|
|
||||||
use crate::app;
|
use crate::app;
|
||||||
use crate::state::AppState;
|
use crate::state::AppState;
|
||||||
|
|
||||||
|
|
||||||
pub fn create() -> SystemTray {
|
pub fn setup(app: &App) -> tauri::Result<()> {
|
||||||
let show = CustomMenuItem::new("show_hide".to_string(), "Show");
|
let show_hide = MenuItemBuilder::with_id("show_hide", "Show").build(app)?;
|
||||||
let quit = CustomMenuItem::new("exit".to_string(), "Exit");
|
let exit = MenuItemBuilder::with_id("exit", "Exit").build(app)?;
|
||||||
|
|
||||||
let menu = SystemTrayMenu::new()
|
let menu = MenuBuilder::new(app)
|
||||||
.add_item(show)
|
.items(&[&show_hide, &exit])
|
||||||
.add_item(quit);
|
.build()?;
|
||||||
|
|
||||||
SystemTray::new().with_menu(menu)
|
let tray = app.tray_by_id("main").unwrap();
|
||||||
|
tray.set_menu(Some(menu))?;
|
||||||
|
tray.on_menu_event(handle_event);
|
||||||
|
|
||||||
|
// stash this so we can find it later to change the text
|
||||||
|
app.manage(show_hide);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub fn handle_event(app_handle: &AppHandle, event: SystemTrayEvent) {
|
fn handle_event(app_handle: &AppHandle, event: MenuEvent) {
|
||||||
match event {
|
match event.id.0.as_str() {
|
||||||
SystemTrayEvent::MenuItemClick{ id, .. } => {
|
|
||||||
match id.as_str() {
|
|
||||||
"exit" => app_handle.exit(0),
|
"exit" => app_handle.exit(0),
|
||||||
"show_hide" => {
|
"show_hide" => {
|
||||||
let _ = app::toggle_main_window(app_handle);
|
let _ = app::toggle_main_window(app_handle);
|
||||||
let new_handle = app_handle.app_handle();
|
let new_handle = app_handle.clone();
|
||||||
rt::spawn(async move {
|
rt::spawn(async move {
|
||||||
let state = new_handle.state::<AppState>();
|
let state = new_handle.state::<AppState>();
|
||||||
state.signal_activity().await;
|
state.signal_activity().await;
|
||||||
});
|
});
|
||||||
}
|
},
|
||||||
_ => (),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
_ => (),
|
_ => (),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,30 +3,14 @@
|
|||||||
"build": {
|
"build": {
|
||||||
"beforeBuildCommand": "npm run build",
|
"beforeBuildCommand": "npm run build",
|
||||||
"beforeDevCommand": "npm run dev",
|
"beforeDevCommand": "npm run dev",
|
||||||
"devPath": "http://localhost:5173",
|
"frontendDist": "../dist",
|
||||||
"distDir": "../dist"
|
"devUrl": "http://localhost:5173"
|
||||||
},
|
|
||||||
"package": {
|
|
||||||
"productName": "creddy",
|
|
||||||
"version": "0.4.7"
|
|
||||||
},
|
|
||||||
"tauri": {
|
|
||||||
"allowlist": {
|
|
||||||
"app": {
|
|
||||||
"all": true,
|
|
||||||
"show": false,
|
|
||||||
"hide": false
|
|
||||||
},
|
|
||||||
"os": {"all": true},
|
|
||||||
"dialog": {"open": true}
|
|
||||||
},
|
},
|
||||||
"bundle": {
|
"bundle": {
|
||||||
"active": true,
|
"active": true,
|
||||||
"category": "DeveloperTool",
|
"category": "DeveloperTool",
|
||||||
"copyright": "",
|
"copyright": "",
|
||||||
"deb": {
|
"targets": "all",
|
||||||
"depends": []
|
|
||||||
},
|
|
||||||
"externalBin": [],
|
"externalBin": [],
|
||||||
"icon": [
|
"icon": [
|
||||||
"icons/32x32.png",
|
"icons/32x32.png",
|
||||||
@ -35,7 +19,20 @@
|
|||||||
"icons/icon.icns",
|
"icons/icon.icns",
|
||||||
"icons/icon.ico"
|
"icons/icon.ico"
|
||||||
],
|
],
|
||||||
"identifier": "creddy",
|
"windows": {
|
||||||
|
"certificateThumbprint": null,
|
||||||
|
"digestAlgorithm": "sha256",
|
||||||
|
"timestampUrl": "",
|
||||||
|
"wix": {
|
||||||
|
"fragmentPaths": [
|
||||||
|
"conf/cli.wxs"
|
||||||
|
],
|
||||||
|
"componentRefs": [
|
||||||
|
"CliBinary",
|
||||||
|
"AddToPath"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
"longDescription": "",
|
"longDescription": "",
|
||||||
"macOS": {
|
"macOS": {
|
||||||
"entitlements": null,
|
"entitlements": null,
|
||||||
@ -46,26 +43,17 @@
|
|||||||
},
|
},
|
||||||
"resources": [],
|
"resources": [],
|
||||||
"shortDescription": "",
|
"shortDescription": "",
|
||||||
"targets": "all",
|
"linux": {
|
||||||
"windows": {
|
"deb": {
|
||||||
"certificateThumbprint": null,
|
"depends": []
|
||||||
"digestAlgorithm": "sha256",
|
|
||||||
"timestampUrl": "",
|
|
||||||
"wix": {
|
|
||||||
"fragmentPaths": ["conf/cli.wxs"],
|
|
||||||
"componentRefs": ["CliBinary", "AddToPath"]
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"security": {
|
"productName": "creddy",
|
||||||
"csp": {
|
"version": "0.5.4",
|
||||||
"default-src": ["'self'"],
|
"identifier": "creddy",
|
||||||
"style-src": ["'self'", "'unsafe-inline'"]
|
"plugins": {},
|
||||||
}
|
"app": {
|
||||||
},
|
|
||||||
"updater": {
|
|
||||||
"active": false
|
|
||||||
},
|
|
||||||
"windows": [
|
"windows": [
|
||||||
{
|
{
|
||||||
"fullscreen": false,
|
"fullscreen": false,
|
||||||
@ -77,9 +65,24 @@
|
|||||||
"visible": false
|
"visible": false
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"systemTray": {
|
"trayIcon": {
|
||||||
|
"id": "main",
|
||||||
"iconPath": "icons/icon.png",
|
"iconPath": "icons/icon.png",
|
||||||
"iconAsTemplate": true
|
"iconAsTemplate": true
|
||||||
|
},
|
||||||
|
"security": {
|
||||||
|
"csp": {
|
||||||
|
"style-src": [
|
||||||
|
"'self'",
|
||||||
|
"'unsafe-inline'"
|
||||||
|
],
|
||||||
|
"default-src": [
|
||||||
|
"'self'"
|
||||||
|
],
|
||||||
|
"connect-src": [
|
||||||
|
"ipc: http://ipc.localhost"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,21 +1,28 @@
|
|||||||
<script>
|
<script>
|
||||||
import { onMount } from 'svelte';
|
import { onMount } from 'svelte';
|
||||||
import { listen } from '@tauri-apps/api/event';
|
import { listen } from '@tauri-apps/api/event';
|
||||||
import { invoke } from '@tauri-apps/api/tauri';
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
import { getVersion } from '@tauri-apps/api/app';
|
import { getVersion } from '@tauri-apps/api/app';
|
||||||
|
|
||||||
import { appState, acceptRequest, cleanupRequest } from './lib/state.js';
|
import { appState, acceptRequest, cleanupRequest } from './lib/state.js';
|
||||||
import { views, currentView, navigate } from './lib/routing.js';
|
import { views, currentView, navigate } from './lib/routing.js';
|
||||||
|
|
||||||
|
import Approve from './views/Approve.svelte';
|
||||||
|
import CreatePassphrase from './views/CreatePassphrase.svelte';
|
||||||
|
import Unlock from './views/Unlock.svelte';
|
||||||
|
|
||||||
$views = import.meta.glob('./views/*.svelte', {eager: true});
|
// set up app state
|
||||||
navigate('Home');
|
|
||||||
|
|
||||||
invoke('get_config').then(config => $appState.config = config);
|
invoke('get_config').then(config => $appState.config = config);
|
||||||
invoke('get_session_status').then(status => $appState.credentialStatus = status);
|
invoke('get_session_status').then(status => $appState.sessionStatus = status);
|
||||||
getVersion().then(version => $appState.appVersion = version);
|
getVersion().then(version => $appState.appVersion = version);
|
||||||
|
invoke('get_setup_errors')
|
||||||
|
.then(errs => {
|
||||||
|
$appState.setupErrors = errs.map(e => ({msg: e, show: true}));
|
||||||
|
});
|
||||||
|
|
||||||
listen('credentials-request', (tauriEvent) => {
|
|
||||||
|
// set up event handlers
|
||||||
|
listen('credential-request', (tauriEvent) => {
|
||||||
$appState.pendingRequests.put(tauriEvent.payload);
|
$appState.pendingRequests.put(tauriEvent.payload);
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -29,29 +36,17 @@ listen('request-cancelled', (tauriEvent) => {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
listen('launch-terminal-request', async (tauriEvent) => {
|
|
||||||
if ($appState.currentRequest === null) {
|
|
||||||
let status = await invoke('get_session_status');
|
|
||||||
if (status === 'locked') {
|
|
||||||
navigate('Unlock');
|
|
||||||
}
|
|
||||||
else if (status === 'empty') {
|
|
||||||
navigate('EnterCredentials');
|
|
||||||
}
|
|
||||||
// else, session is unlocked, so do nothing
|
|
||||||
// (although we shouldn't even get the event in that case)
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
listen('locked', () => {
|
listen('locked', () => {
|
||||||
$appState.credentialStatus = 'locked';
|
$appState.sessionStatus = 'locked';
|
||||||
});
|
});
|
||||||
|
|
||||||
invoke('get_setup_errors')
|
|
||||||
.then(errs => {
|
|
||||||
$appState.setupErrors = errs.map(e => ({msg: e, show: true}));
|
|
||||||
});
|
|
||||||
|
|
||||||
|
// set up navigation
|
||||||
|
$views = import.meta.glob('./views/*.svelte', {eager: true});
|
||||||
|
navigate('Home');
|
||||||
|
|
||||||
|
|
||||||
|
// ready to rock and roll
|
||||||
acceptRequest();
|
acceptRequest();
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
@ -61,4 +56,17 @@ acceptRequest();
|
|||||||
on:keydown={() => invoke('signal_activity')}
|
on:keydown={() => invoke('signal_activity')}
|
||||||
/>
|
/>
|
||||||
|
|
||||||
<svelte:component this="{$currentView}" />
|
|
||||||
|
{#if $appState.sessionStatus === 'empty'}
|
||||||
|
<!-- Empty state (no passphrase) takes precedence over everything -->
|
||||||
|
<CreatePassphrase />
|
||||||
|
{:else if $appState.currentRequest !== null}
|
||||||
|
<!-- if a request is pending, show approval flow (will include unlock if necessary) -->
|
||||||
|
<Approve />
|
||||||
|
{:else if $appState.sessionStatus === 'locked'}
|
||||||
|
<!-- if session is locked and no request is pending, show unlock screen -->
|
||||||
|
<Unlock />
|
||||||
|
{:else}
|
||||||
|
<!-- normal operation -->
|
||||||
|
<svelte:component this="{$currentView}" />
|
||||||
|
{/if}
|
||||||
|
@ -6,3 +6,12 @@ export function getRootCause(error) {
|
|||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
export function fullMessage(error) {
|
||||||
|
let msg = error?.msg ? error.msg : error;
|
||||||
|
if (error.source) {
|
||||||
|
msg = `${msg}: ${fullMessage(error.source)}`;
|
||||||
|
}
|
||||||
|
return msg
|
||||||
|
}
|
||||||
|
@ -7,7 +7,7 @@ import { navigate, currentView, previousView } from './routing.js';
|
|||||||
export let appState = writable({
|
export let appState = writable({
|
||||||
currentRequest: null,
|
currentRequest: null,
|
||||||
pendingRequests: queue(),
|
pendingRequests: queue(),
|
||||||
credentialStatus: 'locked',
|
sessionStatus: 'locked',
|
||||||
setupErrors: [],
|
setupErrors: [],
|
||||||
appVersion: '',
|
appVersion: '',
|
||||||
});
|
});
|
||||||
@ -25,11 +25,11 @@ export async function acceptRequest() {
|
|||||||
|
|
||||||
|
|
||||||
export function cleanupRequest() {
|
export function cleanupRequest() {
|
||||||
|
currentView.set(get(previousView));
|
||||||
|
previousView.set(null);
|
||||||
appState.update($appState => {
|
appState.update($appState => {
|
||||||
$appState.currentRequest = null;
|
$appState.currentRequest = null;
|
||||||
return $appState;
|
return $appState;
|
||||||
});
|
});
|
||||||
currentView.set(get(previousView));
|
|
||||||
previousView.set(null);
|
|
||||||
acceptRequest();
|
acceptRequest();
|
||||||
}
|
}
|
||||||
|
@ -2,16 +2,42 @@
|
|||||||
import { onMount } from 'svelte';
|
import { onMount } from 'svelte';
|
||||||
import { slide } from 'svelte/transition';
|
import { slide } from 'svelte/transition';
|
||||||
|
|
||||||
|
import { fullMessage } from '../lib/errors.js';
|
||||||
|
|
||||||
|
|
||||||
let extraClasses = "";
|
let extraClasses = "";
|
||||||
export {extraClasses as class};
|
export {extraClasses as class};
|
||||||
export let slideDuration = 150;
|
export let slideDuration = 150;
|
||||||
let animationClass = "";
|
let animationClass = "";
|
||||||
|
|
||||||
export function shake() {
|
let error = null;
|
||||||
|
|
||||||
|
function shake() {
|
||||||
animationClass = 'shake';
|
animationClass = 'shake';
|
||||||
window.setTimeout(() => animationClass = "", 400);
|
window.setTimeout(() => animationClass = "", 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function run(fallible) {
|
||||||
|
try {
|
||||||
|
const ret = await Promise.resolve(fallible());
|
||||||
|
error = null;
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
catch (e) {
|
||||||
|
if (error) shake();
|
||||||
|
error = e;
|
||||||
|
// re-throw so it can be caught by the caller if necessary
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// this is a method rather than a prop so that we can re-shake every time
|
||||||
|
// the error occurs, even if the error message doesn't change
|
||||||
|
export function setError(e) {
|
||||||
|
if (error) shake();
|
||||||
|
error = e;
|
||||||
|
}
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
||||||
@ -51,17 +77,17 @@
|
|||||||
</style>
|
</style>
|
||||||
|
|
||||||
|
|
||||||
<div in:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}">
|
{#if error}
|
||||||
<div>
|
<div transition:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}">
|
||||||
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" /></svg>
|
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" /></svg>
|
||||||
<span>
|
<span>
|
||||||
<slot></slot>
|
<slot {error}>{fullMessage(error)}</slot>
|
||||||
</span>
|
</span>
|
||||||
</div>
|
|
||||||
|
|
||||||
{#if $$slots.buttons}
|
{#if $$slots.buttons}
|
||||||
<div>
|
<div>
|
||||||
<slot name="buttons"></slot>
|
<slot name="buttons"></slot>
|
||||||
</div>
|
</div>
|
||||||
{/if}
|
{/if}
|
||||||
</div>
|
</div>
|
||||||
|
{/if}
|
||||||
|
53
src/ui/FileInput.svelte
Normal file
53
src/ui/FileInput.svelte
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
<script>
|
||||||
|
// import { listen } from '@tauri-apps/api/event';
|
||||||
|
import { open } from '@tauri-apps/plugin-dialog';
|
||||||
|
import { sep } from '@tauri-apps/api/path';
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
|
||||||
|
import Icon from './Icon.svelte';
|
||||||
|
|
||||||
|
|
||||||
|
export let value = {};
|
||||||
|
export let params = {};
|
||||||
|
let displayValue = value?.name || '';
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
async function chooseFile() {
|
||||||
|
let file = await open(params);
|
||||||
|
if (file) {
|
||||||
|
value = file;
|
||||||
|
displayValue = file.name;
|
||||||
|
dispatch('update', value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function handleInput(evt) {
|
||||||
|
const segments = evt.target.value.split(sep());
|
||||||
|
const name = segments[segments.length - 1];
|
||||||
|
value = {name, path: evt.target.value};
|
||||||
|
}
|
||||||
|
|
||||||
|
// some day, figure out drag-and-drop
|
||||||
|
// let drag = null;
|
||||||
|
// listen('tauri://drag', e => drag = e);
|
||||||
|
// listen('tauri://drop', e => console.log(e));
|
||||||
|
// listen('tauri://drag-cancelled', e => console.log(e));
|
||||||
|
// listen('tauri://drop-over', e => console.log(e));
|
||||||
|
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="relative flex join has-[:focus]:outline outline-2 outline-offset-2 outline-base-content/20">
|
||||||
|
<button type="button" class="btn btn-neutral join-item" on:click={chooseFile}>
|
||||||
|
Choose file
|
||||||
|
</button>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
class="join-item grow input input-bordered border-l-0 bg-transparent focus:outline-none"
|
||||||
|
value={displayValue}
|
||||||
|
on:input={handleInput}
|
||||||
|
on:change={() => dispatch('update', value)}
|
||||||
|
on:focus on:blur
|
||||||
|
>
|
||||||
|
</div>
|
@ -5,7 +5,7 @@
|
|||||||
let classes = "";
|
let classes = "";
|
||||||
export {classes as class};
|
export {classes as class};
|
||||||
|
|
||||||
let svg = ICONS[`./icons/${name}.svelte`].default;
|
$: svg = ICONS[`./icons/${name}.svelte`].default;
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<svelte:component this={svg} class={classes} />
|
<svelte:component this={svg} class={classes} />
|
@ -31,6 +31,7 @@
|
|||||||
&& shift === event.shiftKey
|
&& shift === event.shiftKey
|
||||||
) {
|
) {
|
||||||
click();
|
click();
|
||||||
|
event.preventDefault();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
52
src/ui/PassphraseInput.svelte
Normal file
52
src/ui/PassphraseInput.svelte
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
<script>
|
||||||
|
import Icon from './Icon.svelte';
|
||||||
|
|
||||||
|
export let value = '';
|
||||||
|
export let placeholder = '';
|
||||||
|
export let autofocus = false;
|
||||||
|
let classes = '';
|
||||||
|
export {classes as class};
|
||||||
|
|
||||||
|
let show = false;
|
||||||
|
let input;
|
||||||
|
|
||||||
|
export function focus() {
|
||||||
|
input.focus();
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<style>
|
||||||
|
button {
|
||||||
|
border: 1px solid oklch(var(--bc) / 0.2);
|
||||||
|
border-left: none;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="join w-full has-[:focus]:outline outline-2 outline-offset-2 outline-base-content/20">
|
||||||
|
<input
|
||||||
|
bind:this={input}
|
||||||
|
type={show ? 'text' : 'password'}
|
||||||
|
{value} {placeholder} {autofocus}
|
||||||
|
on:input={e => value = e.target.value}
|
||||||
|
on:input on:change on:focus on:blur
|
||||||
|
class="input input-bordered flex-grow join-item placeholder:text-gray-500 focus:outline-none {classes}"
|
||||||
|
/>
|
||||||
|
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
class="btn btn-ghost join-item swap swap-rotate"
|
||||||
|
class:swap-active={show}
|
||||||
|
on:click={() => show = !show}
|
||||||
|
>
|
||||||
|
<Icon
|
||||||
|
name="eye"
|
||||||
|
class="w-5 h-5 swap-off"
|
||||||
|
/>
|
||||||
|
<Icon
|
||||||
|
name="eye-slash"
|
||||||
|
class="w-5 h-5 swap-on"
|
||||||
|
/>
|
||||||
|
</button>
|
||||||
|
</div>
|
8
src/ui/icons/arrow-right-start-on-rectangle.svelte
Normal file
8
src/ui/icons/arrow-right-start-on-rectangle.svelte
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<script>
|
||||||
|
let classes = '';
|
||||||
|
export {classes as class}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0 0 13.5 3h-6a2.25 2.25 0 0 0-2.25 2.25v13.5A2.25 2.25 0 0 0 7.5 21h6a2.25 2.25 0 0 0 2.25-2.25V15m3 0 3-3m0 0-3-3m3 3H9" />
|
||||||
|
</svg>
|
8
src/ui/icons/command-line.svelte
Normal file
8
src/ui/icons/command-line.svelte
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<script>
|
||||||
|
let classes = '';
|
||||||
|
export {classes as class}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="m6.75 7.5 3 2.25-3 2.25m4.5 0h3m-9 8.25h13.5A2.25 2.25 0 0 0 21 18V6a2.25 2.25 0 0 0-2.25-2.25H5.25A2.25 2.25 0 0 0 3 6v12a2.25 2.25 0 0 0 2.25 2.25Z" />
|
||||||
|
</svg>
|
9
src/ui/icons/eye-slash.svelte
Normal file
9
src/ui/icons/eye-slash.svelte
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
<script>
|
||||||
|
let classes = "";
|
||||||
|
export {classes as class};
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="M3.98 8.223A10.477 10.477 0 0 0 1.934 12C3.226 16.338 7.244 19.5 12 19.5c.993 0 1.953-.138 2.863-.395M6.228 6.228A10.451 10.451 0 0 1 12 4.5c4.756 0 8.773 3.162 10.065 7.498a10.522 10.522 0 0 1-4.293 5.774M6.228 6.228 3 3m3.228 3.228 3.65 3.65m7.894 7.894L21 21m-3.228-3.228-3.65-3.65m0 0a3 3 0 1 0-4.243-4.243m4.242 4.242L9.88 9.88" />
|
||||||
|
</svg>
|
||||||
|
|
9
src/ui/icons/eye.svelte
Normal file
9
src/ui/icons/eye.svelte
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
<script>
|
||||||
|
let classes = "";
|
||||||
|
export {classes as class};
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="M2.036 12.322a1.012 1.012 0 0 1 0-.639C3.423 7.51 7.36 4.5 12 4.5c4.638 0 8.573 3.007 9.963 7.178.07.207.07.431 0 .639C20.577 16.49 16.64 19.5 12 19.5c-4.638 0-8.573-3.007-9.963-7.178Z" />
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" />
|
||||||
|
</svg>
|
8
src/ui/icons/key.svelte
Normal file
8
src/ui/icons/key.svelte
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<script>
|
||||||
|
let classes = '';
|
||||||
|
export {classes as class}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="M15.75 5.25a3 3 0 0 1 3 3m3 0a6 6 0 0 1-7.029 5.912c-.563-.097-1.159.026-1.563.43L10.5 17.25H8.25v2.25H6v2.25H2.25v-2.818c0-.597.237-1.17.659-1.591l6.499-6.499c.404-.404.527-1 .43-1.563A6 6 0 1 1 21.75 8.25Z" />
|
||||||
|
</svg>
|
8
src/ui/icons/pencil.svelte
Normal file
8
src/ui/icons/pencil.svelte
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<script>
|
||||||
|
let classes = '';
|
||||||
|
export {classes as class};
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="m16.862 4.487 1.687-1.688a1.875 1.875 0 1 1 2.652 2.652L6.832 19.82a4.5 4.5 0 0 1-1.897 1.13l-2.685.8.8-2.685a4.5 4.5 0 0 1 1.13-1.897L16.863 4.487Zm0 0L19.5 7.125" />
|
||||||
|
</svg>
|
9
src/ui/icons/plus-circle-mini.svelte
Normal file
9
src/ui/icons/plus-circle-mini.svelte
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
<script>
|
||||||
|
let classes = "";
|
||||||
|
export {classes as class};
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class={classes}>
|
||||||
|
<path fill-rule="evenodd" d="M10 18a8 8 0 1 0 0-16 8 8 0 0 0 0 16Zm.75-11.25a.75.75 0 0 0-1.5 0v2.5h-2.5a.75.75 0 0 0 0 1.5h2.5v2.5a.75.75 0 0 0 1.5 0v-2.5h2.5a.75.75 0 0 0 0-1.5h-2.5v-2.5Z" clip-rule="evenodd" />
|
||||||
|
</svg>
|
||||||
|
|
8
src/ui/icons/shield-check.svelte
Normal file
8
src/ui/icons/shield-check.svelte
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<script>
|
||||||
|
let classes = '';
|
||||||
|
export {classes as class}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="M9 12.75 11.25 15 15 9.75m-3-7.036A11.959 11.959 0 0 1 3.598 6 11.99 11.99 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623 5.176-1.332 9-6.03 9-11.622 0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285Z" />
|
||||||
|
</svg>
|
8
src/ui/icons/trash.svelte
Normal file
8
src/ui/icons/trash.svelte
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<script>
|
||||||
|
let classes = '';
|
||||||
|
export {classes as class};
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
|
||||||
|
<path stroke-linecap="round" stroke-linejoin="round" d="m14.74 9-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 0 1-2.244 2.077H8.084a2.25 2.25 0 0 1-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 0 0-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 0 1 3.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 0 0-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 0 0-7.5 0" />
|
||||||
|
</svg>
|
@ -1,12 +1,19 @@
|
|||||||
<script>
|
<script>
|
||||||
import { createEventDispatcher } from 'svelte';
|
import { createEventDispatcher } from 'svelte';
|
||||||
import { open } from '@tauri-apps/api/dialog';
|
import { open } from '@tauri-apps/plugin-dialog';
|
||||||
import Setting from './Setting.svelte';
|
import Setting from './Setting.svelte';
|
||||||
|
|
||||||
export let title;
|
export let title;
|
||||||
export let value;
|
export let value;
|
||||||
|
|
||||||
const dispatch = createEventDispatcher();
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
async function pickFile() {
|
||||||
|
let file = await open();
|
||||||
|
if (file) {
|
||||||
|
value = file.path
|
||||||
|
}
|
||||||
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
||||||
@ -19,8 +26,9 @@
|
|||||||
on:change={() => dispatch('update', {value})}
|
on:change={() => dispatch('update', {value})}
|
||||||
>
|
>
|
||||||
<button
|
<button
|
||||||
|
type="button"
|
||||||
class="btn btn-sm btn-primary"
|
class="btn btn-sm btn-primary"
|
||||||
on:click={async () => value = await open()}
|
on:click={pickFile}
|
||||||
>Browse</button>
|
>Browse</button>
|
||||||
</div>
|
</div>
|
||||||
<slot name="description" slot="description"></slot>
|
<slot name="description" slot="description"></slot>
|
||||||
|
@ -1,13 +1,12 @@
|
|||||||
<script>
|
<script>
|
||||||
import { slide } from 'svelte/transition';
|
import { slide } from 'svelte/transition';
|
||||||
import ErrorAlert from '../ErrorAlert.svelte';
|
|
||||||
|
|
||||||
export let title;
|
export let title;
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
||||||
<div>
|
<div>
|
||||||
<div class="flex flex-wrap justify-between gap-y-4">
|
<div class="flex flex-wrap justify-between gap-4">
|
||||||
<h3 class="text-lg font-bold shrink-0">{title}</h3>
|
<h3 class="text-lg font-bold shrink-0">{title}</h3>
|
||||||
{#if $$slots.input}
|
{#if $$slots.input}
|
||||||
<slot name="input"></slot>
|
<slot name="input"></slot>
|
||||||
|
@ -1,145 +1,64 @@
|
|||||||
<script>
|
<script>
|
||||||
import { onMount } from 'svelte';
|
|
||||||
import { invoke } from '@tauri-apps/api/tauri';
|
|
||||||
|
|
||||||
import { navigate } from '../lib/routing.js';
|
|
||||||
import { appState, cleanupRequest } from '../lib/state.js';
|
import { appState, cleanupRequest } from '../lib/state.js';
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
|
||||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
||||||
import Link from '../ui/Link.svelte';
|
import CollectResponse from './approve/CollectResponse.svelte';
|
||||||
import KeyCombo from '../ui/KeyCombo.svelte';
|
import ShowResponse from './approve/ShowResponse.svelte';
|
||||||
|
import Unlock from './Unlock.svelte';
|
||||||
|
|
||||||
|
|
||||||
// Send response to backend, display error if applicable
|
// Extra 50ms so the window can finish disappearing before the redraw
|
||||||
let error, alert;
|
const rehideDelay = Math.min(5000, $appState.config.rehide_ms + 100);
|
||||||
async function respond() {
|
|
||||||
const response = {
|
let alert;
|
||||||
id: $appState.currentRequest.id,
|
let success = false;
|
||||||
...$appState.currentRequest.response,
|
async function sendResponse() {
|
||||||
};
|
|
||||||
try {
|
try {
|
||||||
await invoke('respond', {response});
|
await invoke('respond', {response: $appState.currentRequest.response});
|
||||||
navigate('ShowResponse');
|
success = true;
|
||||||
|
window.setTimeout(cleanupRequest, rehideDelay);
|
||||||
}
|
}
|
||||||
catch (e) {
|
catch (e) {
|
||||||
if (error) {
|
// reset to null so that we go back to asking for approval
|
||||||
alert.shake();
|
$appState.currentRequest.response = null;
|
||||||
}
|
// setTimeout forces this to not happen until the alert has been rendered
|
||||||
error = e;
|
window.setTimeout(() => alert.setError(e), 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Approval has one of several outcomes depending on current credential state
|
async function handleResponseCollected() {
|
||||||
async function approve(base) {
|
if (
|
||||||
$appState.currentRequest.response = {approval: 'Approved', base};
|
$appState.sessionStatus === 'unlocked'
|
||||||
let status = await invoke('get_session_status');
|
|| $appState.currentRequest.response.approval === 'Denied'
|
||||||
if (status === 'unlocked') {
|
) {
|
||||||
await respond();
|
await sendResponse();
|
||||||
}
|
|
||||||
else if (status === 'locked') {
|
|
||||||
navigate('Unlock');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
navigate('EnterCredentials');
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Denial has only one
|
|
||||||
async function deny() {
|
|
||||||
$appState.currentRequest.response = {approval: 'Denied', base: false};
|
|
||||||
await respond();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Extract executable name from full path
|
|
||||||
const client = $appState.currentRequest.client;
|
|
||||||
const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
|
|
||||||
const appName = m[1] || m[2];
|
|
||||||
|
|
||||||
// Executable paths can be long, so ensure they only break on \ or /
|
|
||||||
function breakPath(path) {
|
|
||||||
return path.replace(/(\\|\/)/g, '$1<wbr>');
|
|
||||||
}
|
|
||||||
|
|
||||||
// if the request has already been approved/denied, send response immediately
|
|
||||||
onMount(async () => {
|
|
||||||
if ($appState.currentRequest.response) {
|
|
||||||
await respond();
|
|
||||||
}
|
|
||||||
});
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
||||||
<!-- Don't render at all if we're just going to immediately proceed to the next screen -->
|
{#if success}
|
||||||
{#if error || !$appState.currentRequest?.response}
|
<!-- if we have successfully sent a response, show it -->
|
||||||
|
<ShowResponse />
|
||||||
|
{:else if !$appState.currentRequest?.response}
|
||||||
|
<!-- if a response hasn't been collected, ask for it -->
|
||||||
<div class="flex flex-col space-y-4 p-4 m-auto max-w-xl h-screen items-center justify-center">
|
<div class="flex flex-col space-y-4 p-4 m-auto max-w-xl h-screen items-center justify-center">
|
||||||
{#if error}
|
|
||||||
<ErrorAlert bind:this={alert}>
|
<ErrorAlert bind:this={alert}>
|
||||||
{error.msg}
|
|
||||||
<svelte:fragment slot="buttons">
|
<svelte:fragment slot="buttons">
|
||||||
<button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
|
<button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
|
||||||
<button class="btn btn-sm btn-alert-error" on:click={respond}>Retry</button>
|
<button class="btn btn-sm btn-alert-error" on:click={sendResponse}>Retry</button>
|
||||||
</svelte:fragment>
|
</svelte:fragment>
|
||||||
</ErrorAlert>
|
</ErrorAlert>
|
||||||
{/if}
|
|
||||||
|
|
||||||
{#if $appState.currentRequest?.base}
|
<CollectResponse on:response={handleResponseCollected} />
|
||||||
<div class="alert alert-warning shadow-lg">
|
|
||||||
<div>
|
|
||||||
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
|
|
||||||
<span>
|
|
||||||
WARNING: This application is requesting your base AWS credentials.
|
|
||||||
These credentials are less secure than session credentials, since they don't expire automatically.
|
|
||||||
</span>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
{/if}
|
|
||||||
|
|
||||||
<div class="space-y-1 mb-4">
|
|
||||||
<h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>
|
|
||||||
|
|
||||||
<div class="grid grid-cols-[auto_1fr] gap-x-3">
|
|
||||||
<div class="text-right">Path:</div>
|
|
||||||
<code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
|
|
||||||
<div class="text-right">PID:</div>
|
|
||||||
<code>{client.pid}</code>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
|
|
||||||
<!-- Don't display the option to approve with session credentials if base was specifically requested -->
|
|
||||||
{#if !$appState.currentRequest?.base}
|
|
||||||
<h3 class="font-semibold">
|
|
||||||
Approve with session credentials
|
|
||||||
</h3>
|
|
||||||
<Link target={() => approve(false)} hotkey="Enter" shift={true}>
|
|
||||||
<button class="w-full btn btn-success">
|
|
||||||
<KeyCombo keys={['Shift', 'Enter']} />
|
|
||||||
</button>
|
|
||||||
</Link>
|
|
||||||
{/if}
|
|
||||||
|
|
||||||
<h3 class="font-semibold">
|
|
||||||
<span class="mr-2">
|
|
||||||
{#if $appState.currentRequest?.base}
|
|
||||||
Approve
|
|
||||||
{:else}
|
|
||||||
Approve with base credentials
|
|
||||||
{/if}
|
|
||||||
</span>
|
|
||||||
</h3>
|
|
||||||
<Link target={() => approve(true)} hotkey="Enter" shift={true} ctrl={true}>
|
|
||||||
<button class="w-full btn btn-warning">
|
|
||||||
<KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
|
|
||||||
</button>
|
|
||||||
</Link>
|
|
||||||
|
|
||||||
<h3 class="font-semibold">
|
|
||||||
<span class="mr-2">Deny</span>
|
|
||||||
</h3>
|
|
||||||
<Link target={deny} hotkey="Escape">
|
|
||||||
<button class="w-full btn btn-error">
|
|
||||||
<KeyCombo keys={['Esc']} />
|
|
||||||
</button>
|
|
||||||
</Link>
|
|
||||||
</div>
|
|
||||||
</div>
|
</div>
|
||||||
|
{:else if $appState.sessionStatus === 'locked'}
|
||||||
|
<!-- if session is locked and we do have a response, we must be waiting for unlock -->
|
||||||
|
<Unlock on:unlocked={sendResponse} />
|
||||||
|
{:else}
|
||||||
|
<!-- failsafe sanity check -->
|
||||||
|
<ErrorAlert>
|
||||||
|
Something is wrong. This message should never show up during normal operation.
|
||||||
|
</ErrorAlert>
|
||||||
{/if}
|
{/if}
|
||||||
|
14
src/views/ChangePassphrase.svelte
Normal file
14
src/views/ChangePassphrase.svelte
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<script>
|
||||||
|
import { navigate } from '../lib/routing.js';
|
||||||
|
|
||||||
|
import EnterPassphrase from './passphrase/EnterPassphrase.svelte';
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="flex flex-col h-screen max-w-sm m-auto gap-y-8 justify-center">
|
||||||
|
<h1 class="text-2xl font-bold text-center">
|
||||||
|
Change passphrase
|
||||||
|
</h1>
|
||||||
|
|
||||||
|
<EnterPassphrase cancellable={true} on:save={() => navigate('Home')}/>
|
||||||
|
</div>
|
21
src/views/CreatePassphrase.svelte
Normal file
21
src/views/CreatePassphrase.svelte
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<script>
|
||||||
|
import EnterPassphrase from './passphrase/EnterPassphrase.svelte';
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="flex flex-col h-screen max-w-lg m-auto justify-center">
|
||||||
|
<div class="space-y-8">
|
||||||
|
<h1 class="text-2xl font-bold text-center">Welcome to Creddy!</h1>
|
||||||
|
|
||||||
|
<div class="space-y-4">
|
||||||
|
<p> Create a passphrase to get started.</p>
|
||||||
|
|
||||||
|
<p>Please note that if you forget your passphrase, there is no way to recover
|
||||||
|
your stored credentials. You will have to start over with a new passphrase.</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="max-w-sm mx-auto">
|
||||||
|
<EnterPassphrase />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
@ -1,92 +0,0 @@
|
|||||||
<script>
|
|
||||||
import { onMount } from 'svelte';
|
|
||||||
import { invoke } from '@tauri-apps/api/tauri';
|
|
||||||
import { emit } from '@tauri-apps/api/event';
|
|
||||||
import { getRootCause } from '../lib/errors.js';
|
|
||||||
|
|
||||||
import { appState } from '../lib/state.js';
|
|
||||||
import { navigate } from '../lib/routing.js';
|
|
||||||
import Link from '../ui/Link.svelte';
|
|
||||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
|
||||||
import Spinner from '../ui/Spinner.svelte';
|
|
||||||
|
|
||||||
|
|
||||||
let errorMsg = null;
|
|
||||||
let alert;
|
|
||||||
let AccessKeyId, SecretAccessKey, passphrase, confirmPassphrase
|
|
||||||
|
|
||||||
function confirm() {
|
|
||||||
if (passphrase !== confirmPassphrase) {
|
|
||||||
errorMsg = 'Passphrases do not match.'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let saving = false;
|
|
||||||
async function save() {
|
|
||||||
if (passphrase !== confirmPassphrase) {
|
|
||||||
alert.shake();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
let credentials = {AccessKeyId, SecretAccessKey};
|
|
||||||
try {
|
|
||||||
saving = true;
|
|
||||||
await invoke('save_credentials', {credentials, passphrase});
|
|
||||||
emit('credentials-event', 'entered');
|
|
||||||
if ($appState.currentRequest) {
|
|
||||||
navigate('Approve');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
navigate('Home');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
window.error = e;
|
|
||||||
const root = getRootCause(e);
|
|
||||||
if (e.code === 'GetSession' && root.code) {
|
|
||||||
errorMsg = `Error response from AWS (${root.code}): ${root.msg}`;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
errorMsg = e.msg;
|
|
||||||
}
|
|
||||||
|
|
||||||
// if the alert already existed, shake it
|
|
||||||
if (alert) {
|
|
||||||
alert.shake();
|
|
||||||
}
|
|
||||||
|
|
||||||
saving = false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function cancel() {
|
|
||||||
emit('credentials-event', 'enter-canceled');
|
|
||||||
navigate('Home');
|
|
||||||
}
|
|
||||||
</script>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<form action="#" on:submit|preventDefault="{save}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center">
|
|
||||||
<h2 class="text-2xl font-bold text-center">Enter your credentials</h2>
|
|
||||||
|
|
||||||
{#if errorMsg}
|
|
||||||
<ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert>
|
|
||||||
{/if}
|
|
||||||
|
|
||||||
<input type="text" placeholder="AWS Access Key ID" bind:value="{AccessKeyId}" class="input input-bordered" />
|
|
||||||
<input type="password" placeholder="AWS Secret Access Key" bind:value="{SecretAccessKey}" class="input input-bordered" />
|
|
||||||
<input type="password" placeholder="Passphrase" bind:value="{passphrase}" class="input input-bordered" />
|
|
||||||
<input type="password" placeholder="Re-enter passphrase" bind:value={confirmPassphrase} class="input input-bordered" on:change={confirm} />
|
|
||||||
|
|
||||||
<button type="submit" class="btn btn-primary">
|
|
||||||
{#if saving }
|
|
||||||
<Spinner class="w-5 h-5" thickness="12"/>
|
|
||||||
{:else}
|
|
||||||
Submit
|
|
||||||
{/if}
|
|
||||||
</button>
|
|
||||||
<Link target={cancel} hotkey="Escape">
|
|
||||||
<button class="btn btn-sm btn-outline w-full">Cancel</button>
|
|
||||||
</Link>
|
|
||||||
</form>
|
|
@ -1,6 +1,6 @@
|
|||||||
<script>
|
<script>
|
||||||
import { onMount } from 'svelte';
|
import { onMount } from 'svelte';
|
||||||
import { invoke } from '@tauri-apps/api/tauri';
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
|
||||||
import { appState } from '../lib/state.js';
|
import { appState } from '../lib/state.js';
|
||||||
import { navigate } from '../lib/routing.js';
|
import { navigate } from '../lib/routing.js';
|
||||||
@ -8,12 +8,24 @@
|
|||||||
import Icon from '../ui/Icon.svelte';
|
import Icon from '../ui/Icon.svelte';
|
||||||
import Link from '../ui/Link.svelte';
|
import Link from '../ui/Link.svelte';
|
||||||
|
|
||||||
import vaultDoorSvg from '../assets/vault_door.svg?raw';
|
let launchTerminalError;
|
||||||
|
async function launchTerminal() {
|
||||||
|
try {
|
||||||
|
await invoke('launch_terminal', {base: false});
|
||||||
|
}
|
||||||
|
catch (e) {
|
||||||
|
console.log(e);
|
||||||
|
launchTerminalError = e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let launchBase = false;
|
async function lock() {
|
||||||
function launchTerminal() {
|
try {
|
||||||
invoke('launch_terminal', {base: launchBase});
|
await invoke('lock');
|
||||||
launchBase = false;
|
}
|
||||||
|
catch (e) {
|
||||||
|
console.log(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
@ -23,31 +35,42 @@
|
|||||||
</Nav>
|
</Nav>
|
||||||
|
|
||||||
<div class="flex flex-col h-screen items-center justify-center p-4 space-y-4">
|
<div class="flex flex-col h-screen items-center justify-center p-4 space-y-4">
|
||||||
<div class="flex flex-col items-center space-y-4">
|
<div class="grid grid-cols-2 gap-6">
|
||||||
{@html vaultDoorSvg}
|
<button
|
||||||
{#if $appState.credentialStatus === 'locked'}
|
on:click={() => navigate('ManageCredentials')}
|
||||||
|
class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-primary hover:bg-base-200 transition-transform active:scale-[.98] transition-transform"
|
||||||
<h2 class="text-2xl font-bold">Creddy is locked</h2>
|
>
|
||||||
<Link target="Unlock" hotkey="Enter" class="w-64">
|
<Icon name="key" class="size-12 stroke-1 stroke-primary" />
|
||||||
<button class="btn btn-primary w-full">Unlock</button>
|
<h3 class="text-lg font-bold">Credentials</h3>
|
||||||
</Link>
|
<p class="text-sm">Add, remove, and change default credentials.</p>
|
||||||
|
|
||||||
{:else if $appState.credentialStatus === 'unlocked'}
|
|
||||||
<h2 class="text-2xl font-bold">Waiting for requests</h2>
|
|
||||||
<button class="btn btn-primary w-full" on:click={launchTerminal}>
|
|
||||||
Launch Terminal
|
|
||||||
</button>
|
</button>
|
||||||
<label class="label cursor-pointer flex items-center space-x-2">
|
|
||||||
<span class="label-text">Launch with long-lived credentials</span>
|
|
||||||
<input type="checkbox" class="checkbox checkbox-sm" bind:checked={launchBase}>
|
|
||||||
</label>
|
|
||||||
|
|
||||||
{:else if $appState.credentialStatus === 'empty'}
|
<button
|
||||||
<h2 class="text-2xl font-bold">No credentials found</h2>
|
on:click={launchTerminal}
|
||||||
<Link target="EnterCredentials" hotkey="Enter" class="w-64">
|
class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-secondary hover:bg-base-200 transition-colors active:scale-[.98] transition-transform"
|
||||||
<button class="btn btn-primary w-full">Enter Credentials</button>
|
>
|
||||||
</Link>
|
<Icon name="command-line" class="size-12 stroke-1 stroke-secondary" />
|
||||||
{/if}
|
<h3 class="text-lg font-bold">Terminal</h3>
|
||||||
|
<p class="text-sm">Launch a terminal pre-configured with AWS credentials.</p>
|
||||||
|
</button>
|
||||||
|
|
||||||
|
<button
|
||||||
|
on:click={lock}
|
||||||
|
class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-warning hover:bg-base-200 transition-colors active:scale-[.98] transition-transform"
|
||||||
|
>
|
||||||
|
<Icon name="shield-check" class="size-12 stroke-1 stroke-warning" />
|
||||||
|
<h3 class="text-lg font-bold">Lock</h3>
|
||||||
|
<p class="text-sm">Lock Creddy.</p>
|
||||||
|
</button>
|
||||||
|
|
||||||
|
<button
|
||||||
|
on:click={() => invoke('exit')}
|
||||||
|
class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-accent hover:bg-base-200 transition-colors active:scale-[.98] transition-transform"
|
||||||
|
>
|
||||||
|
<Icon name="arrow-right-start-on-rectangle" class="size-12 stroke-1 stroke-accent" />
|
||||||
|
<h3 class="text-lg font-bold">Exit</h3>
|
||||||
|
<p class="text-sm">Close Creddy.</p>
|
||||||
|
</button>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -56,10 +79,25 @@
|
|||||||
{#each $appState.setupErrors as error}
|
{#each $appState.setupErrors as error}
|
||||||
{#if error.show}
|
{#if error.show}
|
||||||
<div class="alert alert-error shadow-lg">
|
<div class="alert alert-error shadow-lg">
|
||||||
{error.msg}
|
<span>{error.msg}</span>
|
||||||
|
<div>
|
||||||
<button class="btn btn-sm btn-alert-error" on:click={() => error.show = false}>Ok</button>
|
<button class="btn btn-sm btn-alert-error" on:click={() => error.show = false}>Ok</button>
|
||||||
</div>
|
</div>
|
||||||
|
</div>
|
||||||
{/if}
|
{/if}
|
||||||
{/each}
|
{/each}
|
||||||
</div>
|
</div>
|
||||||
{/if}
|
{/if}
|
||||||
|
|
||||||
|
{#if launchTerminalError}
|
||||||
|
<div class="toast">
|
||||||
|
<div class="alert alert-error shadow-lg">
|
||||||
|
<span>{launchTerminalError.msg || launchTerminalError}</span>
|
||||||
|
<div>
|
||||||
|
<button class="btn btn-alert-error" on:click={() => launchTerminalError = null}>
|
||||||
|
Ok
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{/if}
|
122
src/views/ManageCredentials.svelte
Normal file
122
src/views/ManageCredentials.svelte
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
<script>
|
||||||
|
import { onMount } from 'svelte';
|
||||||
|
import { slide, fade } from 'svelte/transition';
|
||||||
|
import { writable } from 'svelte/store';
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
|
||||||
|
import AwsCredential from './credentials/AwsCredential.svelte';
|
||||||
|
import ConfirmDelete from './credentials/ConfirmDelete.svelte';
|
||||||
|
import SshKey from './credentials/SshKey.svelte';
|
||||||
|
// import NewSshKey from './credentials/NewSshKey.svelte';
|
||||||
|
// import EditSshKey from './credentials/EditSshKey.svelte';
|
||||||
|
import Icon from '../ui/Icon.svelte';
|
||||||
|
import Nav from '../ui/Nav.svelte';
|
||||||
|
|
||||||
|
|
||||||
|
let records = null
|
||||||
|
$: awsRecords = (records || []).filter(r => r.credential.type === 'AwsBase');
|
||||||
|
$: sshRecords = (records || []).filter(r => r.credential.type === 'Ssh');
|
||||||
|
|
||||||
|
let defaults = writable({});
|
||||||
|
async function loadCreds() {
|
||||||
|
records = await invoke('list_credentials');
|
||||||
|
let pairs = records.filter(r => r.is_default).map(r => [r.credential.type, r.id]);
|
||||||
|
$defaults = Object.fromEntries(pairs);
|
||||||
|
}
|
||||||
|
onMount(loadCreds);
|
||||||
|
|
||||||
|
function newAws() {
|
||||||
|
records.push({
|
||||||
|
id: crypto.randomUUID(),
|
||||||
|
name: null,
|
||||||
|
is_default: false,
|
||||||
|
credential: {type: 'AwsBase', AccessKeyId: '', SecretAccessKey: ''},
|
||||||
|
isNew: true,
|
||||||
|
});
|
||||||
|
records = records;
|
||||||
|
}
|
||||||
|
|
||||||
|
function newSsh() {
|
||||||
|
records.push({
|
||||||
|
id: crypto.randomUUID(),
|
||||||
|
name: null,
|
||||||
|
is_default: false,
|
||||||
|
credential: {type: 'Ssh', algorithm: '', comment: '', private_key: '', public_key: '',},
|
||||||
|
isNew: true,
|
||||||
|
});
|
||||||
|
records = records;
|
||||||
|
}
|
||||||
|
|
||||||
|
let confirmDelete;
|
||||||
|
function handleDelete(evt) {
|
||||||
|
const record = evt.detail;
|
||||||
|
if (record.isNew) {
|
||||||
|
records = records.filter(r => r.id !== record.id);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
confirmDelete.confirm(record);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<Nav>
|
||||||
|
<h1 slot="title" class="text-2xl font-bold">Credentials</h1>
|
||||||
|
</Nav>
|
||||||
|
|
||||||
|
<div class="max-w-xl mx-auto mb-12 flex flex-col gap-y-12 justify-center">
|
||||||
|
<div class="flex flex-col gap-y-4">
|
||||||
|
<div class="divider">
|
||||||
|
<h2 class="text-xl font-bold">AWS Access Keys</h2>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{#if awsRecords.length > 0}
|
||||||
|
{#each awsRecords as record (record.id)}
|
||||||
|
<AwsCredential
|
||||||
|
{record} {defaults}
|
||||||
|
on:update={loadCreds}
|
||||||
|
on:delete={handleDelete}
|
||||||
|
/>
|
||||||
|
{/each}
|
||||||
|
<button class="btn btn-primary btn-wide mx-auto" on:click={newAws}>
|
||||||
|
<Icon name="plus-circle-mini" class="size-5" />
|
||||||
|
Add
|
||||||
|
</button>
|
||||||
|
{:else if records !== null}
|
||||||
|
<div class="flex flex-col gap-6 items-center rounded-box border-2 border-dashed border-neutral-content/30 p-6">
|
||||||
|
<div>You have no saved AWS credentials.</div>
|
||||||
|
<button class="btn btn-primary btn-wide mx-auto" on:click={newAws}>
|
||||||
|
<Icon name="plus-circle-mini" class="size-5" />
|
||||||
|
Add
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
{/if}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="flex flex-col gap-y-4">
|
||||||
|
<div class="divider">
|
||||||
|
<h2 class="text-xl font-bold">SSH Keys</h2>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{#if sshRecords.length > 0}
|
||||||
|
{#each sshRecords as record (record.id)}
|
||||||
|
<SshKey {record} on:save={loadCreds} on:delete={handleDelete} />
|
||||||
|
{/each}
|
||||||
|
<button class="btn btn-primary btn-wide mx-auto" on:click={newSsh}>
|
||||||
|
<Icon name="plus-circle-mini" class="size-5" />
|
||||||
|
Add
|
||||||
|
</button>
|
||||||
|
{:else if records !== null}
|
||||||
|
<div class="flex flex-col gap-6 items-center rounded-box border-2 border-dashed border-neutral-content/30 p-6">
|
||||||
|
<div>You have no saved SSH keys.</div>
|
||||||
|
<button class="btn btn-primary btn-wide mx-auto" on:click={newSsh}>
|
||||||
|
<Icon name="plus-circle-mini" class="size-5" />
|
||||||
|
Add
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
{/if}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<ConfirmDelete bind:this={confirmDelete} on:confirm={loadCreds} />
|
@ -1,11 +1,10 @@
|
|||||||
<script>
|
<script>
|
||||||
import { invoke } from '@tauri-apps/api/tauri';
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
import { type } from '@tauri-apps/api/os';
|
import { type } from '@tauri-apps/plugin-os';
|
||||||
|
|
||||||
import { appState } from '../lib/state.js';
|
import { appState } from '../lib/state.js';
|
||||||
import Nav from '../ui/Nav.svelte';
|
import Nav from '../ui/Nav.svelte';
|
||||||
import Link from '../ui/Link.svelte';
|
import Link from '../ui/Link.svelte';
|
||||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
|
||||||
import SettingsGroup from '../ui/settings/SettingsGroup.svelte';
|
import SettingsGroup from '../ui/settings/SettingsGroup.svelte';
|
||||||
import Keybind from '../ui/settings/Keybind.svelte';
|
import Keybind from '../ui/settings/Keybind.svelte';
|
||||||
import { Setting, ToggleSetting, NumericSetting, FileSetting, TextSetting, TimeSetting } from '../ui/settings';
|
import { Setting, ToggleSetting, NumericSetting, FileSetting, TextSetting, TimeSetting } from '../ui/settings';
|
||||||
@ -21,6 +20,7 @@
|
|||||||
let error = null;
|
let error = null;
|
||||||
async function save() {
|
async function save() {
|
||||||
try {
|
try {
|
||||||
|
throw('wtf');
|
||||||
await invoke('save_config', {config});
|
await invoke('save_config', {config});
|
||||||
$appState.config = await invoke('get_config');
|
$appState.config = await invoke('get_config');
|
||||||
}
|
}
|
||||||
@ -29,6 +29,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
window.getOsType = type;
|
||||||
let osType = null;
|
let osType = null;
|
||||||
type().then(t => osType = t);
|
type().then(t => osType = t);
|
||||||
</script>
|
</script>
|
||||||
@ -38,7 +39,8 @@
|
|||||||
<h1 slot="title" class="text-2xl font-bold">Settings</h1>
|
<h1 slot="title" class="text-2xl font-bold">Settings</h1>
|
||||||
</Nav>
|
</Nav>
|
||||||
|
|
||||||
<div class="max-w-lg mx-auto my-1.5 p-4 space-y-16">
|
<form on:submit|preventDefault={save}>
|
||||||
|
<div class="max-w-lg mx-auto my-1.5 p-4 space-y-16">
|
||||||
<SettingsGroup name="General">
|
<SettingsGroup name="General">
|
||||||
<ToggleSetting title="Start on login" bind:value={config.start_on_login}>
|
<ToggleSetting title="Start on login" bind:value={config.start_on_login}>
|
||||||
<svelte:fragment slot="description">
|
<svelte:fragment slot="description">
|
||||||
@ -74,19 +76,18 @@
|
|||||||
</TimeSetting>
|
</TimeSetting>
|
||||||
{/if}
|
{/if}
|
||||||
|
|
||||||
<Setting title="Update credentials">
|
<Setting title="Update passphrase">
|
||||||
<Link slot="input" target="EnterCredentials">
|
<Link slot="input" target="ChangePassphrase">
|
||||||
<button class="btn btn-sm btn-primary">Update</button>
|
<button type="button" class="btn btn-sm btn-primary">Update</button>
|
||||||
</Link>
|
</Link>
|
||||||
<svelte:fragment slot="description">
|
<svelte:fragment slot="description">
|
||||||
Update or re-enter your encrypted credentials.
|
Change your master passphrase.
|
||||||
</svelte:fragment>
|
</svelte:fragment>
|
||||||
</Setting>
|
</Setting>
|
||||||
|
|
||||||
<FileSetting
|
<FileSetting
|
||||||
title="Terminal emulator"
|
title="Terminal emulator"
|
||||||
bind:value={config.terminal.exec}
|
bind:value={config.terminal.exec}
|
||||||
|
|
||||||
>
|
>
|
||||||
<svelte:fragment slot="description">
|
<svelte:fragment slot="description">
|
||||||
Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>.
|
Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>.
|
||||||
@ -108,7 +109,8 @@
|
|||||||
<p class="text-sm text-right">
|
<p class="text-sm text-right">
|
||||||
Creddy {$appState.appVersion}
|
Creddy {$appState.appVersion}
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
|
</form>
|
||||||
|
|
||||||
{#if error}
|
{#if error}
|
||||||
<div transition:fly={{y: 100, easing: backInOut, duration: 400}} class="toast">
|
<div transition:fly={{y: 100, easing: backInOut, duration: 400}} class="toast">
|
||||||
|
@ -1,85 +1,68 @@
|
|||||||
<script>
|
<script>
|
||||||
import { invoke } from '@tauri-apps/api/tauri';
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
import { emit } from '@tauri-apps/api/event';
|
import { emit } from '@tauri-apps/api/event';
|
||||||
import { onMount } from 'svelte';
|
import { onMount, createEventDispatcher } from 'svelte';
|
||||||
|
|
||||||
import { appState } from '../lib/state.js';
|
import { appState } from '../lib/state.js';
|
||||||
import { navigate } from '../lib/routing.js';
|
import { navigate } from '../lib/routing.js';
|
||||||
import { getRootCause } from '../lib/errors.js';
|
import { getRootCause } from '../lib/errors.js';
|
||||||
|
|
||||||
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
import ErrorAlert from '../ui/ErrorAlert.svelte';
|
||||||
import Link from '../ui/Link.svelte';
|
import Link from '../ui/Link.svelte';
|
||||||
|
import PassphraseInput from '../ui/PassphraseInput.svelte';
|
||||||
|
import ResetPassphrase from './passphrase/ResetPassphrase.svelte';
|
||||||
import Spinner from '../ui/Spinner.svelte';
|
import Spinner from '../ui/Spinner.svelte';
|
||||||
|
import vaultDoorSvg from '../assets/vault_door.svg?raw';
|
||||||
|
|
||||||
|
|
||||||
let errorMsg = null;
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
let alert;
|
let alert;
|
||||||
let passphrase = '';
|
let passphrase = '';
|
||||||
let loadTime = 0;
|
|
||||||
let saving = false;
|
let saving = false;
|
||||||
async function unlock() {
|
async function unlock() {
|
||||||
// The hotkey for navigating here from homepage is Enter, which also
|
|
||||||
// happens to trigger the form submit event
|
|
||||||
if (Date.now() - loadTime < 10) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
saving = true;
|
saving = true;
|
||||||
let r = await invoke('unlock', {passphrase});
|
try {
|
||||||
$appState.credentialStatus = 'unlocked';
|
await alert.run(async () => invoke('unlock', {passphrase}));
|
||||||
emit('credentials-event', 'unlocked');
|
$appState.sessionStatus = 'unlocked';
|
||||||
if ($appState.currentRequest) {
|
emit('unlocked');
|
||||||
navigate('Approve');
|
dispatch('unlocked');
|
||||||
}
|
}
|
||||||
else {
|
finally {
|
||||||
navigate('Home');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
const root = getRootCause(e);
|
|
||||||
if (e.code === 'GetSession' && root.code) {
|
|
||||||
errorMsg = `Error response from AWS (${root.code}): ${root.msg}`;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
errorMsg = e.msg;
|
|
||||||
}
|
|
||||||
|
|
||||||
// if the alert already existed, shake it
|
|
||||||
if (alert) {
|
|
||||||
alert.shake();
|
|
||||||
}
|
|
||||||
|
|
||||||
saving = false;
|
saving = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function cancel() {
|
let input;
|
||||||
emit('credentials-event', 'unlock-canceled');
|
onMount(() => input.focus());
|
||||||
if ($appState.currentRequest !== null) {
|
|
||||||
// dirty hack to prevent spurious error when returning to approve screen
|
|
||||||
delete $appState.currentRequest.response;
|
|
||||||
navigate('Approve');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
navigate('Home');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
onMount(() => {
|
|
||||||
loadTime = Date.now();
|
|
||||||
})
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
||||||
<form action="#" on:submit|preventDefault="{unlock}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center">
|
<svelte:window on:focus={input.focus} />
|
||||||
<h2 class="font-bold text-2xl text-center">Enter your passphrase</h2>
|
|
||||||
|
|
||||||
{#if errorMsg}
|
<div class="fixed top-0 w-full p-2 text-center">
|
||||||
<ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert>
|
<h1 class="text-3xl font-bold">Creddy is locked</h1>
|
||||||
{/if}
|
</div>
|
||||||
|
|
||||||
|
<form action="#" on:submit|preventDefault="{unlock}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center">
|
||||||
|
<div class="mx-auto">
|
||||||
|
{@html vaultDoorSvg}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<label class="space-y-4">
|
||||||
|
<h2 class="font-bold text-xl text-center">Please enter your passphrase</h2>
|
||||||
|
|
||||||
|
<ErrorAlert bind:this="{alert}" />
|
||||||
|
|
||||||
<!-- svelte-ignore a11y-autofocus -->
|
<!-- svelte-ignore a11y-autofocus -->
|
||||||
<input autofocus name="password" type="password" placeholder="correct horse battery staple" bind:value="{passphrase}" class="input input-bordered" />
|
<PassphraseInput
|
||||||
|
bind:this={input}
|
||||||
|
bind:value={passphrase}
|
||||||
|
placeholder="correct horse battery staple"
|
||||||
|
/>
|
||||||
|
</label>
|
||||||
|
|
||||||
<button type="submit" class="btn btn-primary">
|
<button type="submit" class="btn btn-primary">
|
||||||
{#if saving}
|
{#if saving}
|
||||||
@ -89,7 +72,5 @@
|
|||||||
{/if}
|
{/if}
|
||||||
</button>
|
</button>
|
||||||
|
|
||||||
<Link target={cancel} hotkey="Escape">
|
<ResetPassphrase />
|
||||||
<button class="btn btn-sm btn-outline w-full">Cancel</button>
|
|
||||||
</Link>
|
|
||||||
</form>
|
</form>
|
||||||
|
107
src/views/approve/CollectResponse.svelte
Normal file
107
src/views/approve/CollectResponse.svelte
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
<script>
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
import { appState, cleanupRequest } from '../../lib/state.js';
|
||||||
|
|
||||||
|
import Link from '../../ui/Link.svelte';
|
||||||
|
import KeyCombo from '../../ui/KeyCombo.svelte';
|
||||||
|
|
||||||
|
|
||||||
|
// Executable paths can be long, so ensure they only break on \ or /
|
||||||
|
function breakPath(path) {
|
||||||
|
return path.replace(/(\\|\/)/g, '$1<wbr>');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Extract executable name from full path
|
||||||
|
const client = $appState.currentRequest.client;
|
||||||
|
const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
|
||||||
|
const appName = m[1] || m[2];
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
function setResponse(approval, base) {
|
||||||
|
$appState.currentRequest.response = {
|
||||||
|
id: $appState.currentRequest.id,
|
||||||
|
approval,
|
||||||
|
base,
|
||||||
|
};
|
||||||
|
dispatch('response');
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
{#if $appState.currentRequest?.base}
|
||||||
|
<div class="alert alert-warning shadow-lg">
|
||||||
|
<div>
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
|
||||||
|
<span>
|
||||||
|
WARNING: This application is requesting your base AWS credentials.
|
||||||
|
These credentials are less secure than session credentials, since they don't expire automatically.
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
<div class="space-y-1 mb-4">
|
||||||
|
<h2 class="text-xl font-bold">
|
||||||
|
{#if $appState.currentRequest.type === 'Aws'}
|
||||||
|
{#if $appState.currentRequest.name}
|
||||||
|
{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS access key "{$appState.currentRequest.name}".
|
||||||
|
{:else}
|
||||||
|
{appName ? `"${appName}"` : 'An appplication'} would like to access your default AWS access key
|
||||||
|
{/if}
|
||||||
|
{:else if $appState.currentRequest.type === 'Ssh'}
|
||||||
|
{appName ? `"${appName}"` : 'An application'} would like to use your SSH key "{$appState.currentRequest.key_name}".
|
||||||
|
{/if}
|
||||||
|
</h2>
|
||||||
|
|
||||||
|
<div class="grid grid-cols-[auto_1fr] gap-x-3">
|
||||||
|
<div class="text-right">Path:</div>
|
||||||
|
<code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
|
||||||
|
<div class="text-right">PID:</div>
|
||||||
|
<code>{client.pid}</code>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
|
||||||
|
<!-- Don't display the option to approve with session credentials if base was specifically requested -->
|
||||||
|
{#if !$appState.currentRequest?.base}
|
||||||
|
<h3 class="font-semibold">
|
||||||
|
{#if $appState.currentRequest.type === 'Aws'}
|
||||||
|
Approve with session credentials
|
||||||
|
{:else}
|
||||||
|
Approve
|
||||||
|
{/if}
|
||||||
|
</h3>
|
||||||
|
<Link target={() => setResponse('Approved', false)} hotkey="Enter" shift={true}>
|
||||||
|
<button class="w-full btn btn-success">
|
||||||
|
<KeyCombo keys={['Shift', 'Enter']} />
|
||||||
|
</button>
|
||||||
|
</Link>
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
{#if $appState.currentRequest.type === 'Aws'}
|
||||||
|
<h3 class="font-semibold">
|
||||||
|
<span class="mr-2">
|
||||||
|
{#if $appState.currentRequest?.base}
|
||||||
|
Approve
|
||||||
|
{:else}
|
||||||
|
Approve with base credentials
|
||||||
|
{/if}
|
||||||
|
</span>
|
||||||
|
</h3>
|
||||||
|
<Link target={() => setResponse('Approved', true)} hotkey="Enter" shift={true} ctrl={true}>
|
||||||
|
<button class="w-full btn btn-warning">
|
||||||
|
<KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
|
||||||
|
</button>
|
||||||
|
</Link>
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
<h3 class="font-semibold">
|
||||||
|
<span class="mr-2">Deny</span>
|
||||||
|
</h3>
|
||||||
|
<Link target={() => setResponse('Denied', false)} hotkey="Escape">
|
||||||
|
<button class="w-full btn btn-error">
|
||||||
|
<KeyCombo keys={['Esc']} />
|
||||||
|
</button>
|
||||||
|
</Link>
|
||||||
|
</div>
|
@ -1,8 +1,7 @@
|
|||||||
<script>
|
<script>
|
||||||
import { onMount } from 'svelte';
|
|
||||||
import { draw, fade } from 'svelte/transition';
|
import { draw, fade } from 'svelte/transition';
|
||||||
|
|
||||||
import { appState, cleanupRequest } from '../lib/state.js';
|
import { appState } from '../../lib/state.js';
|
||||||
|
|
||||||
let success = false;
|
let success = false;
|
||||||
let error = null;
|
let error = null;
|
||||||
@ -10,14 +9,6 @@
|
|||||||
let drawDuration = $appState.config.rehide_ms >= 750 ? 500 : 0;
|
let drawDuration = $appState.config.rehide_ms >= 750 ? 500 : 0;
|
||||||
let fadeDuration = drawDuration * 0.6;
|
let fadeDuration = drawDuration * 0.6;
|
||||||
let fadeDelay = drawDuration * 0.4;
|
let fadeDelay = drawDuration * 0.4;
|
||||||
|
|
||||||
onMount(() => {
|
|
||||||
window.setTimeout(
|
|
||||||
cleanupRequest,
|
|
||||||
// Extra 50ms so the window can finish disappearing before the redraw
|
|
||||||
Math.min(5000, $appState.config.rehide_ms + 50),
|
|
||||||
)
|
|
||||||
})
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
119
src/views/credentials/AwsCredential.svelte
Normal file
119
src/views/credentials/AwsCredential.svelte
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
<script>
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
import { fade, slide } from 'svelte/transition';
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
|
||||||
|
import ErrorAlert from '../../ui/ErrorAlert.svelte';
|
||||||
|
import Icon from '../../ui/Icon.svelte';
|
||||||
|
|
||||||
|
export let record;
|
||||||
|
export let defaults;
|
||||||
|
|
||||||
|
import PassphraseInput from '../../ui/PassphraseInput.svelte';
|
||||||
|
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
let showDetails = record.isNew ? true : false;
|
||||||
|
|
||||||
|
let local = JSON.parse(JSON.stringify(record));
|
||||||
|
$: isModified = JSON.stringify(local) !== JSON.stringify(record);
|
||||||
|
|
||||||
|
// explicitly subscribe to updates to `default`, so that we can update
|
||||||
|
// our local copy even if the component hasn't been recreated
|
||||||
|
// (sadly we can't use a reactive binding because reasons I guess)
|
||||||
|
defaults.subscribe(d => local.is_default = local.id === d[local.credential.type])
|
||||||
|
|
||||||
|
let alert;
|
||||||
|
async function saveCredential() {
|
||||||
|
await invoke('save_credential', {record: local});
|
||||||
|
dispatch('update');
|
||||||
|
showDetails = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="rounded-box space-y-4 bg-base-200 {record.is_default ? 'border border-accent' : ''}">
|
||||||
|
<div class="flex items-center px-6 py-4 gap-x-4">
|
||||||
|
<h3 class="text-lg font-bold">
|
||||||
|
{#if !record?.isNew && showDetails}
|
||||||
|
<input type="text" class="input input-bordered bg-transparent" bind:value={local.name}>
|
||||||
|
{:else}
|
||||||
|
{record.name || ''}
|
||||||
|
{/if}
|
||||||
|
</h3>
|
||||||
|
|
||||||
|
{#if record.is_default}
|
||||||
|
<span class="badge badge-accent">Default</span>
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
<div class="join ml-auto">
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
class="btn btn-outline join-item"
|
||||||
|
on:click={() => showDetails = !showDetails}
|
||||||
|
>
|
||||||
|
<Icon name="pencil" class="size-6" />
|
||||||
|
</button>
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
class="btn btn-outline btn-error join-item"
|
||||||
|
on:click={() => dispatch('delete', record)}
|
||||||
|
>
|
||||||
|
<Icon name="trash" class="size-6" />
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
{#if showDetails}
|
||||||
|
<form
|
||||||
|
transition:slide|local={{duration: 200}}
|
||||||
|
class=" px-6 pb-4 space-y-4"
|
||||||
|
on:submit|preventDefault={() => alert.run(saveCredential)}
|
||||||
|
>
|
||||||
|
<ErrorAlert bind:this={alert} />
|
||||||
|
|
||||||
|
<div class="grid grid-cols-[auto_1fr] items-center gap-4">
|
||||||
|
{#if record.isNew}
|
||||||
|
<span class="justify-self-end">Name</span>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
class="input input-bordered bg-transparent"
|
||||||
|
bind:value={local.name}
|
||||||
|
>
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
<span class="justify-self-end">Key ID</span>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
class="input input-bordered font-mono bg-transparent"
|
||||||
|
bind:value={local.credential.AccessKeyId}
|
||||||
|
>
|
||||||
|
|
||||||
|
<span>Secret key</span>
|
||||||
|
<div class="font-mono">
|
||||||
|
<PassphraseInput class="bg-transparent" bind:value={local.credential.SecretAccessKey} />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="flex justify-between">
|
||||||
|
<label class="label cursor-pointer justify-self-start space-x-4">
|
||||||
|
<span class="label-text">Default AWS access key</span>
|
||||||
|
<input type="checkbox" class="toggle toggle-accent" bind:checked={local.is_default}>
|
||||||
|
</label>
|
||||||
|
{#if isModified}
|
||||||
|
<button
|
||||||
|
transition:fade={{duration: 100}}
|
||||||
|
type="submit"
|
||||||
|
class="btn btn-primary"
|
||||||
|
>
|
||||||
|
Save
|
||||||
|
</button>
|
||||||
|
{/if}
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
{/if}
|
||||||
|
</div>
|
62
src/views/credentials/ConfirmDelete.svelte
Normal file
62
src/views/credentials/ConfirmDelete.svelte
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
<script>
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
|
||||||
|
import ErrorAlert from '../../ui/ErrorAlert.svelte';
|
||||||
|
|
||||||
|
let record;
|
||||||
|
let modal;
|
||||||
|
let alert;
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
export function confirm(r) {
|
||||||
|
record = r;
|
||||||
|
modal.showModal();
|
||||||
|
}
|
||||||
|
|
||||||
|
async function deleteCredential() {
|
||||||
|
await invoke('delete_credential', {id: record.id})
|
||||||
|
// closing the modal is dependent on the previous step succeeding
|
||||||
|
modal.close();
|
||||||
|
dispatch('confirm');
|
||||||
|
}
|
||||||
|
|
||||||
|
function credentialDescription(record) {
|
||||||
|
if (record.credential.type === 'AwsBase') {
|
||||||
|
return 'AWS credential';
|
||||||
|
}
|
||||||
|
if (record.credential.type === 'Ssh') {
|
||||||
|
return 'SSH key';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<dialog bind:this={modal} class="modal">
|
||||||
|
<div class="modal-box space-y-6">
|
||||||
|
<ErrorAlert bind:this={alert} />
|
||||||
|
<h3 class="text-lg font-bold">
|
||||||
|
{#if record}
|
||||||
|
Delete {credentialDescription(record)} "{record.name}"?
|
||||||
|
{/if}
|
||||||
|
</h3>
|
||||||
|
<div class="modal-action">
|
||||||
|
<form method="dialog" class="flex gap-x-4">
|
||||||
|
<button
|
||||||
|
class="btn btn-outline"
|
||||||
|
on:click={() => alert.setError(null)}
|
||||||
|
>
|
||||||
|
Cancel
|
||||||
|
</button>
|
||||||
|
|
||||||
|
<button
|
||||||
|
autofocus
|
||||||
|
class="btn btn-error"
|
||||||
|
on:click|preventDefault={() => alert.run(deleteCredential)}
|
||||||
|
>
|
||||||
|
Delete
|
||||||
|
</button>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</dialog>
|
84
src/views/credentials/EditSshKey.svelte
Normal file
84
src/views/credentials/EditSshKey.svelte
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
<script>
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
import { fade } from 'svelte/transition';
|
||||||
|
|
||||||
|
import ErrorAlert from '../../ui/ErrorAlert.svelte';
|
||||||
|
|
||||||
|
|
||||||
|
export let local;
|
||||||
|
export let isModified;
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
let alert;
|
||||||
|
|
||||||
|
async function saveCredential() {
|
||||||
|
await invoke('save_credential', {record: local});
|
||||||
|
dispatch('save', local);
|
||||||
|
}
|
||||||
|
|
||||||
|
async function copyText(evt) {
|
||||||
|
const tooltip = event.currentTarget;
|
||||||
|
await navigator.clipboard.writeText(tooltip.dataset.copyText);
|
||||||
|
const prevText = tooltip.dataset.tip;
|
||||||
|
tooltip.dataset.tip = 'Copied!';
|
||||||
|
window.setTimeout(() => tooltip.dataset.tip = prevText, 2000);
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<style>
|
||||||
|
.grid {
|
||||||
|
grid-template-columns: auto minmax(0, 1fr);
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
<form class="space-y-4" on:submit|preventDefault={() => alert.run(saveCredential)}>
|
||||||
|
<ErrorAlert bind:this={alert} />
|
||||||
|
|
||||||
|
<div class="grid items-baseline gap-4">
|
||||||
|
<span class="justify-self-end">Comment</span>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
class="input input-bordered bg-transparent"
|
||||||
|
bind:value={local.credential.comment}
|
||||||
|
>
|
||||||
|
|
||||||
|
<span class="justify-self-end">Public key</span>
|
||||||
|
<div
|
||||||
|
class="tooltip tooltip-right"
|
||||||
|
data-tip="Click to copy"
|
||||||
|
data-copy-text={local.credential.public_key}
|
||||||
|
on:click={copyText}
|
||||||
|
>
|
||||||
|
<div class="cursor-pointer text-left textarea textarea-bordered bg-transparent font-mono break-all">
|
||||||
|
{local.credential.public_key}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<span class="justify-self-end">Private key</span>
|
||||||
|
<div
|
||||||
|
class="tooltip tooltip-right"
|
||||||
|
data-tip="Click to copy"
|
||||||
|
data-copy-text={local.credential.private_key}
|
||||||
|
on:click={copyText}
|
||||||
|
>
|
||||||
|
<div class="cursor-pointer text-left textarea textarea-bordered bg-transparent font-mono whitespace-pre overflow-x-auto">
|
||||||
|
{local.credential.private_key}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="flex justify-end">
|
||||||
|
{#if isModified}
|
||||||
|
<button
|
||||||
|
transition:fade={{duration: 100}}
|
||||||
|
type="submit"
|
||||||
|
class="btn btn-primary"
|
||||||
|
>
|
||||||
|
Save
|
||||||
|
</button>
|
||||||
|
{/if}
|
||||||
|
</div>
|
||||||
|
</form>
|
119
src/views/credentials/NewSshKey.svelte
Normal file
119
src/views/credentials/NewSshKey.svelte
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
<script>
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
import { homeDir } from '@tauri-apps/api/path';
|
||||||
|
import { fade } from 'svelte/transition';
|
||||||
|
|
||||||
|
import ErrorAlert from '../../ui/ErrorAlert.svelte';
|
||||||
|
import FileInput from '../../ui/FileInput.svelte';
|
||||||
|
import PassphraseInput from '../../ui/PassphraseInput.svelte';
|
||||||
|
import Spinner from '../../ui/Spinner.svelte';
|
||||||
|
|
||||||
|
export let record;
|
||||||
|
|
||||||
|
let name;
|
||||||
|
let file;
|
||||||
|
let privateKey = '';
|
||||||
|
let passphrase = '';
|
||||||
|
let showDetails = true;
|
||||||
|
let mode = 'file';
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
let defaultPath = null;
|
||||||
|
homeDir().then(d => defaultPath = `${d}/.ssh`);
|
||||||
|
|
||||||
|
|
||||||
|
let alert;
|
||||||
|
let saving = false;
|
||||||
|
async function saveCredential() {
|
||||||
|
saving = true;
|
||||||
|
try {
|
||||||
|
let key = await getKey();
|
||||||
|
const payload = {
|
||||||
|
id: record.id,
|
||||||
|
name,
|
||||||
|
is_default: false, // ssh keys don't care about defaults
|
||||||
|
credential: {type: 'Ssh', ...key},
|
||||||
|
};
|
||||||
|
await invoke('save_credential', {record: payload});
|
||||||
|
dispatch('save', payload);
|
||||||
|
}
|
||||||
|
finally {
|
||||||
|
saving = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async function getKey() {
|
||||||
|
if (mode === 'file') {
|
||||||
|
return await invoke('sshkey_from_file', {path: file.path, passphrase});
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return await invoke('sshkey_from_private_key', {privateKey, passphrase});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<div role="tablist" class="join max-w-sm mx-auto flex justify-center">
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
role="tab"
|
||||||
|
class="join-item flex-1 btn border border-primary hover:border-primary"
|
||||||
|
class:btn-primary={mode === 'file'}
|
||||||
|
on:click={() => mode = 'file'}
|
||||||
|
>
|
||||||
|
From file
|
||||||
|
</button>
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
role="tab"
|
||||||
|
class="join-item flex-1 btn border border-primary hover:border-primary"
|
||||||
|
class:btn-primary={mode === 'direct'}
|
||||||
|
on:click={() => mode = 'direct'}
|
||||||
|
>
|
||||||
|
From private key
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<form class="space-y-4" on:submit|preventDefault={alert.run(saveCredential)}>
|
||||||
|
<ErrorAlert bind:this={alert} />
|
||||||
|
|
||||||
|
<div class="grid grid-cols-[auto_1fr] items-center gap-4">
|
||||||
|
<span class="justify-self-end">Name</span>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
class="input input-bordered bg-transparent"
|
||||||
|
bind:value={name}
|
||||||
|
>
|
||||||
|
|
||||||
|
{#if mode === 'file'}
|
||||||
|
<span class="justify-self-end">File</span>
|
||||||
|
<FileInput params={{defaultPath}} bind:value={file} on:update={() => name = file.name} />
|
||||||
|
{:else}
|
||||||
|
<span class="justify-self-end">Private key</span>
|
||||||
|
<textarea bind:value={privateKey} rows="5" class="textarea textarea-bordered bg-transparent font-mono whitespace-pre overflow-x-auto"></textarea>
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
<span class="justify-self-end">Passphrase</span>
|
||||||
|
<PassphraseInput class="bg-transparent" bind:value={passphrase} />
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="flex justify-end">
|
||||||
|
{#if file?.path || privateKey !== ''}
|
||||||
|
<button
|
||||||
|
transition:fade={{duration: 100}}
|
||||||
|
type="submit"
|
||||||
|
class="btn btn-primary"
|
||||||
|
>
|
||||||
|
{#if saving}
|
||||||
|
<Spinner class="size-5 min-w-16" thickness="12" />
|
||||||
|
{:else}
|
||||||
|
<span class="min-w-16">Save</span>
|
||||||
|
{/if}
|
||||||
|
</button>
|
||||||
|
{/if}
|
||||||
|
</div>
|
||||||
|
</form>
|
71
src/views/credentials/SshKey.svelte
Normal file
71
src/views/credentials/SshKey.svelte
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
<script>
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
import { slide } from 'svelte/transition';
|
||||||
|
|
||||||
|
import NewSshKey from './NewSshKey.svelte';
|
||||||
|
import EditSshKey from './EditSshKey.svelte';
|
||||||
|
import Icon from '../../ui/Icon.svelte';
|
||||||
|
|
||||||
|
export let record;
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
function copy(obj) {
|
||||||
|
return JSON.parse(JSON.stringify(obj));
|
||||||
|
}
|
||||||
|
|
||||||
|
let local = copy(record);
|
||||||
|
$: isModified = JSON.stringify(local) !== JSON.stringify(record);
|
||||||
|
let showDetails = record?.isNew;
|
||||||
|
|
||||||
|
function handleSave(evt) {
|
||||||
|
local = copy(evt.detail);
|
||||||
|
showDetails = false;
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="rounded-box space-y-4 bg-base-200">
|
||||||
|
<div class="flex items-center px-6 py-4 gap-x-4">
|
||||||
|
{#if !record.isNew}
|
||||||
|
{#if showDetails}
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
class="input input-bordered bg-transparent text-lg font-bold"
|
||||||
|
bind:value={local.name}
|
||||||
|
>
|
||||||
|
{:else}
|
||||||
|
<h3 class="text-lg font-bold">
|
||||||
|
{record.name}
|
||||||
|
</h3>
|
||||||
|
{/if}
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
<div class="join ml-auto">
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
class="btn btn-outline join-item"
|
||||||
|
on:click={() => showDetails = !showDetails}
|
||||||
|
>
|
||||||
|
<Icon name="pencil" class="size-6" />
|
||||||
|
</button>
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
class="btn btn-outline btn-error join-item"
|
||||||
|
on:click={() => dispatch('delete', record)}
|
||||||
|
>
|
||||||
|
<Icon name="trash" class="size-6" />
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{#if record && showDetails}
|
||||||
|
<div transition:slide|local={{duration: 200}} class="px-6 pb-4 space-y-4">
|
||||||
|
{#if record.isNew}
|
||||||
|
<NewSshKey {record} on:save on:save={handleSave} />
|
||||||
|
{:else}
|
||||||
|
<EditSshKey bind:local={local} {isModified} on:save={handleSave} on:save />
|
||||||
|
{/if}
|
||||||
|
</div>
|
||||||
|
{/if}
|
||||||
|
</div>
|
109
src/views/passphrase/EnterPassphrase.svelte
Normal file
109
src/views/passphrase/EnterPassphrase.svelte
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
<script>
|
||||||
|
import { createEventDispatcher } from 'svelte';
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
import { appState } from '../../lib/state.js';
|
||||||
|
|
||||||
|
import ErrorAlert from '../../ui/ErrorAlert.svelte';
|
||||||
|
import Link from '../../ui/Link.svelte';
|
||||||
|
import PassphraseInput from '../../ui/PassphraseInput.svelte';
|
||||||
|
import ResetPassphrase from './ResetPassphrase.svelte';
|
||||||
|
import Spinner from '../../ui/Spinner.svelte';
|
||||||
|
|
||||||
|
export let cancellable = false;
|
||||||
|
|
||||||
|
|
||||||
|
const dispatch = createEventDispatcher();
|
||||||
|
|
||||||
|
let alert;
|
||||||
|
let saving = false;
|
||||||
|
let passphrase = '';
|
||||||
|
let confirmPassphrase = '';
|
||||||
|
|
||||||
|
// onChange only fires when an input loses focus, so always set the error if not set
|
||||||
|
function onChange() {
|
||||||
|
console.log(`onChange: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`)
|
||||||
|
if (passphrase !== confirmPassphrase) {
|
||||||
|
alert.setError('Passphrases do not match.');
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
alert.setError(null);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// onInput fires on every keystroke, so only dismiss the error, don't create it
|
||||||
|
function onInput() {
|
||||||
|
console.log(`onInput: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`)
|
||||||
|
if (passphrase === confirmPassphrase) {
|
||||||
|
alert.setError(null);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
async function save() {
|
||||||
|
if (passphrase !== confirmPassphrase) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (passphrase === '') {
|
||||||
|
alert.setError('Passphrase is empty.')
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
saving = true;
|
||||||
|
try {
|
||||||
|
await alert.run(async () => {
|
||||||
|
await invoke('set_passphrase', {passphrase})
|
||||||
|
throw('something bad happened');
|
||||||
|
$appState.sessionStatus = 'unlocked';
|
||||||
|
dispatch('save');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
finally {
|
||||||
|
saving = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<form class="form-control gap-y-4" on:submit|preventDefault={save}>
|
||||||
|
<ErrorAlert bind:this={alert} />
|
||||||
|
|
||||||
|
<label class="form-control w-full">
|
||||||
|
<div class="label">
|
||||||
|
<span class="label-text">Passphrase</span>
|
||||||
|
</div>
|
||||||
|
<PassphraseInput
|
||||||
|
bind:value={passphrase}
|
||||||
|
on:input={onInput}
|
||||||
|
placeholder="correct horse battery staple"
|
||||||
|
/>
|
||||||
|
</label>
|
||||||
|
|
||||||
|
<label class="form-control w-full">
|
||||||
|
<div class="label">
|
||||||
|
<span class="label-text">Re-enter passphrase</span>
|
||||||
|
</div>
|
||||||
|
<PassphraseInput
|
||||||
|
bind:value={confirmPassphrase}
|
||||||
|
on:input={onInput} on:change={onChange}
|
||||||
|
placeholder="correct horse battery staple"
|
||||||
|
/>
|
||||||
|
</label>
|
||||||
|
|
||||||
|
<button type="submit" class="btn btn-primary">
|
||||||
|
{#if saving}
|
||||||
|
<Spinner class="w-5 h-5" thickness="12"/>
|
||||||
|
{:else}
|
||||||
|
Submit
|
||||||
|
{/if}
|
||||||
|
</button>
|
||||||
|
|
||||||
|
{#if cancellable}
|
||||||
|
<Link target="Settings" hotkey="Escape">
|
||||||
|
<button type="button" class="btn btn-outline btn-sm w-full">Cancel</button>
|
||||||
|
</Link>
|
||||||
|
{/if}
|
||||||
|
|
||||||
|
{#if $appState.sessionStatus === 'locked'}
|
||||||
|
<ResetPassphrase />
|
||||||
|
{/if}
|
||||||
|
</form>
|
41
src/views/passphrase/ResetPassphrase.svelte
Normal file
41
src/views/passphrase/ResetPassphrase.svelte
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
<script>
|
||||||
|
import { invoke } from '@tauri-apps/api/core';
|
||||||
|
import { appState } from '../../lib/state.js';
|
||||||
|
|
||||||
|
import ErrorAlert from '../../ui/ErrorAlert.svelte';
|
||||||
|
|
||||||
|
|
||||||
|
let modal;
|
||||||
|
let alert;
|
||||||
|
|
||||||
|
async function reset() {
|
||||||
|
await invoke('reset_session');
|
||||||
|
$appState.sessionStatus = 'empty';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
<button type="button" class="self-end text-sm text-secondary/75 hover:underline focus:ring-accent" on:click={modal.showModal()}>
|
||||||
|
Reset passphrase
|
||||||
|
</button>
|
||||||
|
|
||||||
|
<dialog class="modal" bind:this={modal}>
|
||||||
|
<div class="modal-box space-y-6">
|
||||||
|
<ErrorAlert bind:this={alert} />
|
||||||
|
<h3 class="text-lg font-bold">Delete all credentials?</h3>
|
||||||
|
<div class="space-y-2">
|
||||||
|
<p>Credentials are encrypted with your current passphrase and will be lost if the passphrase is reset.</p>
|
||||||
|
<p>Are you sure you want to reset your passphrase and delete all saved credentials?</p>
|
||||||
|
</div>
|
||||||
|
<div class="modal-action">
|
||||||
|
<form method="dialog" class="flex gap-x-4">
|
||||||
|
<button autofocus class="btn btn-outline">Cancel</button>
|
||||||
|
<button class="btn btn-error" on:click|preventDefault={() => alert.run(reset)}>
|
||||||
|
Reset
|
||||||
|
</button>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</dialog>
|
@ -10,4 +10,40 @@ module.exports = {
|
|||||||
plugins: [
|
plugins: [
|
||||||
require('daisyui'),
|
require('daisyui'),
|
||||||
],
|
],
|
||||||
|
daisyui: {
|
||||||
|
themes: [
|
||||||
|
{
|
||||||
|
creddy: {
|
||||||
|
"primary": "#0ea5e9",
|
||||||
|
"secondary": "#fb923c",
|
||||||
|
"accent": "#8b5cf6",
|
||||||
|
"neutral": "#374151",
|
||||||
|
"base-100": "#252e3a",
|
||||||
|
"info": "#66cccc",
|
||||||
|
"success": "#52bf73",
|
||||||
|
"warning": "#d1a900",
|
||||||
|
"error": "#f87171",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"summer-night": {
|
||||||
|
"primary": "#0ea5e9",
|
||||||
|
"secondary": "#0ea5e9",
|
||||||
|
"accent": "#fb923c",
|
||||||
|
"neutral": "#393939",
|
||||||
|
"base-100": "#2d2d2d",
|
||||||
|
"info": "#66cccc",
|
||||||
|
"success": "#22c55e",
|
||||||
|
"warning": "#d1a900",
|
||||||
|
"error": "#f2777a"
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"dark",
|
||||||
|
"night",
|
||||||
|
"dracula",
|
||||||
|
"sunset",
|
||||||
|
"dim",
|
||||||
|
"light"
|
||||||
|
]
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user