starred/yaak
1
0
Fork 0
mirror of https://github.com/mountain-loop/yaak.git synced 2026-04-19 07:29:40 +02:00
Code Issues 8 Packages Projects Releases 10 Wiki Activity

[WIP] Encryption for secure values (#183)

Browse Source
This commit is contained in:
Gregory Schier
2025-04-15 07:18:26 -07:00
committed by GitHub
parent e114a85c39
commit 2e55a1bd6d
208 changed files with 4063 additions and 28698 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src-tauri/yaak-sync/Cargo.toml
View File

@@ -6,19 +6,19 @@ edition = "2024"
publish = false
[dependencies]
yaak-models = { workspace = true }
chrono = { version = "0.4.38", features = ["serde"] }
serde = { version = "1.0.215", features = ["derive"] }
hex = "0.4.3"
log = "0.4.22"
notify = "8.0.0"
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
serde_yaml = "0.9.34"
sha1 = "0.10.6"
tauri = { workspace = true }
thiserror = { workspace = true }
tokio = { workspace = true, features = ["fs", "sync", "macros"] }
ts-rs = { workspace = true, features = ["chrono-impl", "serde-json-impl"] }
serde_yaml = "0.9.34"
log = "0.4.22"
serde_json = "1.0.132"
hex = "0.4.3"
sha1 = "0.10.6"
tokio = { version = "1.42.0", features = ["fs", "sync", "macros"] }
notify = "7.0.0"
yaak-models = { workspace = true }
[build-dependencies]
tauri-plugin = { workspace = true, features = ["build"] }

2
src-tauri/yaak-sync/bindings/gen_models.ts
View File

@@ -22,4 +22,4 @@ export type SyncState = { model: "sync_state", id: string, workspaceId: string,
export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };
export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, name: string, description: string, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, name: string, description: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };

13
src-tauri/yaak-sync/permissions/autogenerated/commands/apply.toml
View File

@@ -1,13 +0,0 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-apply"
description = "Enables the apply command without any pre-configured scope."
commands.allow = ["apply"]
[[permission]]
identifier = "deny-apply"
description = "Denies the apply command without any pre-configured scope."
commands.deny = ["apply"]

13
src-tauri/yaak-sync/permissions/autogenerated/commands/calculate.toml
View File

@@ -1,13 +0,0 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-calculate"
description = "Enables the calculate command without any pre-configured scope."
commands.allow = ["calculate"]
[[permission]]
identifier = "deny-calculate"
description = "Denies the calculate command without any pre-configured scope."
commands.deny = ["calculate"]

13
src-tauri/yaak-sync/permissions/autogenerated/commands/calculate_fs.toml
View File

@@ -1,13 +0,0 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-calculate-fs"
description = "Enables the calculate_fs command without any pre-configured scope."
commands.allow = ["calculate_fs"]
[[permission]]
identifier = "deny-calculate-fs"
description = "Denies the calculate_fs command without any pre-configured scope."
commands.deny = ["calculate_fs"]

13
src-tauri/yaak-sync/permissions/autogenerated/commands/watch.toml
View File

@@ -1,13 +0,0 @@
# Automatically generated - DO NOT EDIT!
"$schema" = "../../schemas/schema.json"
[[permission]]
identifier = "allow-watch"
description = "Enables the watch command without any pre-configured scope."
commands.allow = ["watch"]
[[permission]]
identifier = "deny-watch"
description = "Denies the watch command without any pre-configured scope."
commands.deny = ["watch"]

122
src-tauri/yaak-sync/permissions/autogenerated/reference.md
View File

@@ -1,122 +0,0 @@
## Default Permission
Default permissions for the plugin
- `allow-calculate`
- `allow-calculate-fs`
- `allow-apply`
- `allow-watch`
## Permission Table
<table>
<tr>
<th>Identifier</th>
<th>Description</th>
</tr>
<tr>
<td>
`yaak-sync:allow-apply`
</td>
<td>
Enables the apply command without any pre-configured scope.
</td>
</tr>
<tr>
<td>
`yaak-sync:deny-apply`
</td>
<td>
Denies the apply command without any pre-configured scope.
</td>
</tr>
<tr>
<td>
`yaak-sync:allow-calculate`
</td>
<td>
Enables the calculate command without any pre-configured scope.
</td>
</tr>
<tr>
<td>
`yaak-sync:deny-calculate`
</td>
<td>
Denies the calculate command without any pre-configured scope.
</td>
</tr>
<tr>
<td>
`yaak-sync:allow-calculate-fs`
</td>
<td>
Enables the calculate_fs command without any pre-configured scope.
</td>
</tr>
<tr>
<td>
`yaak-sync:deny-calculate-fs`
</td>
<td>
Denies the calculate_fs command without any pre-configured scope.
</td>
</tr>
<tr>
<td>
`yaak-sync:allow-watch`
</td>
<td>
Enables the watch command without any pre-configured scope.
</td>
</tr>
<tr>
<td>
`yaak-sync:deny-watch`
</td>
<td>
Denies the watch command without any pre-configured scope.
</td>
</tr>
</table>

345
src-tauri/yaak-sync/permissions/schemas/schema.json
View File

@@ -1,345 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "PermissionFile",
"description": "Permission file that can define a default permission, a set of permissions or a list of inlined permissions.",
"type": "object",
"properties": {
"default": {
"description": "The default permission set for the plugin",
"anyOf": [
{
"$ref": "#/definitions/DefaultPermission"
},
{
"type": "null"
}
]
},
"set": {
"description": "A list of permissions sets defined",
"type": "array",
"items": {
"$ref": "#/definitions/PermissionSet"
}
},
"permission": {
"description": "A list of inlined permissions",
"default": [],
"type": "array",
"items": {
"$ref": "#/definitions/Permission"
}
}
},
"definitions": {
"DefaultPermission": {
"description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
"type": "object",
"required": [
"permissions"
],
"properties": {
"version": {
"description": "The version of the permission.",
"type": [
"integer",
"null"
],
"format": "uint64",
"minimum": 1.0
},
"description": {
"description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
"type": [
"string",
"null"
]
},
"permissions": {
"description": "All permissions this set contains.",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"PermissionSet": {
"description": "A set of direct permissions grouped together under a new name.",
"type": "object",
"required": [
"description",
"identifier",
"permissions"
],
"properties": {
"identifier": {
"description": "A unique identifier for the permission.",
"type": "string"
},
"description": {
"description": "Human-readable description of what the permission does.",
"type": "string"
},
"permissions": {
"description": "All permissions this set contains.",
"type": "array",
"items": {
"$ref": "#/definitions/PermissionKind"
}
}
}
},
"Permission": {
"description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
"type": "object",
"required": [
"identifier"
],
"properties": {
"version": {
"description": "The version of the permission.",
"type": [
"integer",
"null"
],
"format": "uint64",
"minimum": 1.0
},
"identifier": {
"description": "A unique identifier for the permission.",
"type": "string"
},
"description": {
"description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
"type": [
"string",
"null"
]
},
"commands": {
"description": "Allowed or denied commands when using this permission.",
"default": {
"allow": [],
"deny": []
},
"allOf": [
{
"$ref": "#/definitions/Commands"
}
]
},
"scope": {
"description": "Allowed or denied scoped when using this permission.",
"allOf": [
{
"$ref": "#/definitions/Scopes"
}
]
},
"platforms": {
"description": "Target platforms this permission applies. By default all platforms are affected by this permission.",
"type": [
"array",
"null"
],
"items": {
"$ref": "#/definitions/Target"
}
}
}
},
"Commands": {
"description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
"type": "object",
"properties": {
"allow": {
"description": "Allowed command.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
},
"deny": {
"description": "Denied command, which takes priority.",
"default": [],
"type": "array",
"items": {
"type": "string"
}
}
}
},
"Scopes": {
"description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
"type": "object",
"properties": {
"allow": {
"description": "Data that defines what is allowed by the scope.",
"type": [
"array",
"null"
],
"items": {
"$ref": "#/definitions/Value"
}
},
"deny": {
"description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.",
"type": [
"array",
"null"
],
"items": {
"$ref": "#/definitions/Value"
}
}
}
},
"Value": {
"description": "All supported ACL values.",
"anyOf": [
{
"description": "Represents a null JSON value.",
"type": "null"
},
{
"description": "Represents a [`bool`].",
"type": "boolean"
},
{
"description": "Represents a valid ACL [`Number`].",
"allOf": [
{
"$ref": "#/definitions/Number"
}
]
},
{
"description": "Represents a [`String`].",
"type": "string"
},
{
"description": "Represents a list of other [`Value`]s.",
"type": "array",
"items": {
"$ref": "#/definitions/Value"
}
},
{
"description": "Represents a map of [`String`] keys to [`Value`]s.",
"type": "object",
"additionalProperties": {
"$ref": "#/definitions/Value"
}
}
]
},
"Number": {
"description": "A valid ACL number.",
"anyOf": [
{
"description": "Represents an [`i64`].",
"type": "integer",
"format": "int64"
},
{
"description": "Represents a [`f64`].",
"type": "number",
"format": "double"
}
]
},
"Target": {
"description": "Platform target.",
"oneOf": [
{
"description": "MacOS.",
"type": "string",
"enum": [
"macOS"
]
},
{
"description": "Windows.",
"type": "string",
"enum": [
"windows"
]
},
{
"description": "Linux.",
"type": "string",
"enum": [
"linux"
]
},
{
"description": "Android.",
"type": "string",
"enum": [
"android"
]
},
{
"description": "iOS.",
"type": "string",
"enum": [
"iOS"
]
}
]
},
"PermissionKind": {
"type": "string",
"oneOf": [
{
"description": "Enables the apply command without any pre-configured scope.",
"type": "string",
"const": "allow-apply"
},
{
"description": "Denies the apply command without any pre-configured scope.",
"type": "string",
"const": "deny-apply"
},
{
"description": "Enables the calculate command without any pre-configured scope.",
"type": "string",
"const": "allow-calculate"
},
{
"description": "Denies the calculate command without any pre-configured scope.",
"type": "string",
"const": "deny-calculate"
},
{
"description": "Enables the calculate_fs command without any pre-configured scope.",
"type": "string",
"const": "allow-calculate-fs"
},
{
"description": "Denies the calculate_fs command without any pre-configured scope.",
"type": "string",
"const": "deny-calculate-fs"
},
{
"description": "Enables the watch command without any pre-configured scope.",
"type": "string",
"const": "allow-watch"
},
{
"description": "Denies the watch command without any pre-configured scope.",
"type": "string",
"const": "deny-watch"
},
{
"description": "Default permissions for the plugin",
"type": "string",
"const": "default"
}
]
}
}
}

62
src-tauri/yaak-sync/src/sync.rs
View File

@@ -430,7 +430,7 @@ pub(crate) async fn apply_sync_ops<R: Runtime>(
}
}
SyncOp::DbDelete { model, state } => {
delete_model(app_handle, &model).await?;
delete_model(app_handle, &model)?;
SyncStateOp::Delete {
state: state.to_owned(),
}
@@ -438,8 +438,8 @@ pub(crate) async fn apply_sync_ops<R: Runtime>(
});
}
let upserted_models = app_handle.with_tx(|tx| {
tx.batch_upsert(
app_handle.with_tx(|tx| {
let upserted_models = tx.batch_upsert(
workspaces_to_upsert,
environments_to_upsert,
folders_to_upsert,
@@ -447,41 +447,37 @@ pub(crate) async fn apply_sync_ops<R: Runtime>(
grpc_requests_to_upsert,
websocket_requests_to_upsert,
&UpdateSource::Sync,
)
})?;
// Ensure we creat WorkspaceMeta models for each new workspace, with the appropriate sync dir
let sync_dir_string = sync_dir.to_string_lossy().to_string();
let db = app_handle.db();
for workspace in upserted_models.workspaces {
let r = match db.get_workspace_meta(&workspace.id) {
Some(m) => {
if m.setting_sync_dir == Some(sync_dir_string.clone()) {
// We don't need to update if unchanged
continue;
)?;
// Ensure we create WorkspaceMeta models for each new workspace, with the appropriate sync dir
let sync_dir_string = sync_dir.to_string_lossy().to_string();
for workspace in upserted_models.workspaces {
match tx.get_workspace_meta(&workspace.id) {
Some(m) => {
if m.setting_sync_dir == Some(sync_dir_string.clone()) {
// We don't need to update if unchanged
continue;
}
tx.upsert_workspace_meta(
&WorkspaceMeta {
setting_sync_dir: Some(sync_dir.to_string_lossy().to_string()),
..m
},
&UpdateSource::Sync,
)
}
db.upsert_workspace_meta(
None => tx.upsert_workspace_meta(
&WorkspaceMeta {
workspace_id: workspace_id.to_string(),
setting_sync_dir: Some(sync_dir.to_string_lossy().to_string()),
..m
..Default::default()
},
&UpdateSource::Sync,
)
}
None => db.upsert_workspace_meta(
&WorkspaceMeta {
workspace_id: workspace_id.to_string(),
setting_sync_dir: Some(sync_dir.to_string_lossy().to_string()),
..Default::default()
},
&UpdateSource::Sync,
),
};
if let Err(e) = r {
warn!("Failed to upsert workspace meta for synced workspace {e:?}");
),
}?;
}
}
Ok(())
})?;
Ok(sync_state_ops)
}
@@ -554,7 +550,7 @@ fn derive_model_filename(m: &SyncModel) -> PathBuf {
Path::new(&rel).to_path_buf()
}
async fn delete_model<R: Runtime>(app_handle: &AppHandle<R>, model: &SyncModel) -> Result<()> {
fn delete_model<R: Runtime>(app_handle: &AppHandle<R>, model: &SyncModel) -> Result<()> {
let db = app_handle.db();
match model {
SyncModel::Workspace(m) => {