feaed4058d
Introduce a new token_store module that persists OAuth tokens in the OS keychain (Credential Manager on Windows, Secret Service on Linux through sync-secret-service + crypto-rust, both pure-Rust backends). - Keychain service name matches the Tauri bundle identifier (com.simpl.resultat) so credentials are scoped to the real app identity. - Transparent migration on first load: a legacy tokens.json is copied into the keychain, then zeroed and unlinked before removal to reduce refresh-token recoverability from unallocated disk blocks. - Store-mode flag (keychain|file) persisted next to the auth dir. After a successful keychain write the store refuses to silently downgrade to the file fallback, so a subsequent failure forces re-authentication instead of leaking plaintext. - New get_token_store_mode command exposes the current mode to the frontend so a settings banner can warn users running on the file fallback. - auth_commands.rs refactored: all tokens.json read/write/delete paths go through token_store; check_subscription_status now uses token_store::load().is_some() to trigger migration even when the 24h throttle would early-return. Refs #66 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
60 lines
2.2 KiB
TOML
60 lines
2.2 KiB
TOML
[package]
|
|
name = "simpl-result"
|
|
version = "0.7.3"
|
|
description = "Personal finance management app"
|
|
license = "GPL-3.0-only"
|
|
authors = ["you"]
|
|
edition = "2021"
|
|
|
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
|
|
|
[lib]
|
|
# The `_lib` suffix may seem redundant but it is necessary
|
|
# to make the lib name unique and wouldn't conflict with the bin name.
|
|
# This seems to be only an issue on Windows, see https://github.com/rust-lang/cargo/issues/8519
|
|
name = "simpl_result_lib"
|
|
crate-type = ["staticlib", "cdylib", "rlib"]
|
|
|
|
[build-dependencies]
|
|
tauri-build = { version = "2", features = [] }
|
|
|
|
[dependencies]
|
|
tauri = { version = "2", features = [] }
|
|
tauri-plugin-opener = "2"
|
|
tauri-plugin-sql = { version = "2", features = ["sqlite"] }
|
|
tauri-plugin-dialog = "2"
|
|
tauri-plugin-updater = "2"
|
|
tauri-plugin-process = "2"
|
|
tauri-plugin-deep-link = "2"
|
|
tauri-plugin-single-instance = { version = "2", features = ["deep-link"] }
|
|
libsqlite3-sys = { version = "0.30", features = ["bundled"] }
|
|
rusqlite = { version = "0.32", features = ["bundled"] }
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
sha2 = "0.10"
|
|
encoding_rs = "0.8"
|
|
walkdir = "2"
|
|
aes-gcm = "0.10"
|
|
argon2 = "0.5"
|
|
rand = "0.8"
|
|
jsonwebtoken = "9"
|
|
machine-uid = "0.5"
|
|
reqwest = { version = "0.12", features = ["json"] }
|
|
tokio = { version = "1", features = ["macros"] }
|
|
hostname = "0.4"
|
|
urlencoding = "2"
|
|
base64 = "0.22"
|
|
# OAuth token storage in OS keychain (Credential Manager on Windows,
|
|
# Secret Service on Linux). We use sync-secret-service to get sync
|
|
# methods that are safe to call from async Tauri commands without
|
|
# tokio runtime entanglement. Requires libdbus-1-dev at build time
|
|
# on Linux (libdbus-1-3 is present on every desktop Linux at runtime).
|
|
keyring = { version = "3.6", default-features = false, features = ["sync-secret-service", "crypto-rust", "windows-native"] }
|
|
zeroize = "1"
|
|
|
|
[dev-dependencies]
|
|
# Used in license_commands.rs tests to sign test JWTs. We avoid the `pem`
|
|
# feature because the `LineEnding` re-export path varies between versions
|
|
# of pkcs8/spki; building the PKCS#8 DER manually is stable and trivial
|
|
# for Ed25519.
|
|
ed25519-dalek = { version = "2", features = ["pkcs8", "rand_core"] }
|