fix: use write_restricted for account.json (0600 perms)
account.json contains PII and subscription_status — apply the same restricted file permissions as tokens.json. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
le king fu
parent
9e26ad58d1
commit
ca3005bc0e
1 changed files with 2 additions and 4 deletions
|
|
@ -207,8 +207,7 @@ pub async fn handle_auth_callback(app: tauri::AppHandle, code: String) -> Result
|
||||||
// Store account info
|
// Store account info
|
||||||
let account_json =
|
let account_json =
|
||||||
serde_json::to_string_pretty(&account).map_err(|e| format!("Serialize error: {}", e))?;
|
serde_json::to_string_pretty(&account).map_err(|e| format!("Serialize error: {}", e))?;
|
||||||
fs::write(dir.join(ACCOUNT_FILE), account_json)
|
write_restricted(&dir.join(ACCOUNT_FILE), &account_json)?;
|
||||||
.map_err(|e| format!("Cannot write account info: {}", e))?;
|
|
||||||
|
|
||||||
Ok(account)
|
Ok(account)
|
||||||
}
|
}
|
||||||
|
|
@ -280,8 +279,7 @@ pub async fn refresh_auth_token(app: tauri::AppHandle) -> Result<AccountInfo, St
|
||||||
let account = fetch_userinfo(&endpoint, &new_access).await?;
|
let account = fetch_userinfo(&endpoint, &new_access).await?;
|
||||||
let account_json =
|
let account_json =
|
||||||
serde_json::to_string_pretty(&account).map_err(|e| format!("Serialize error: {}", e))?;
|
serde_json::to_string_pretty(&account).map_err(|e| format!("Serialize error: {}", e))?;
|
||||||
fs::write(dir.join(ACCOUNT_FILE), account_json)
|
write_restricted(&dir.join(ACCOUNT_FILE), &account_json)?;
|
||||||
.map_err(|e| format!("Cannot write account info: {}", e))?;
|
|
||||||
|
|
||||||
Ok(account)
|
Ok(account)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue