feaed4058d
Introduce a new token_store module that persists OAuth tokens in the OS keychain (Credential Manager on Windows, Secret Service on Linux through sync-secret-service + crypto-rust, both pure-Rust backends). - Keychain service name matches the Tauri bundle identifier (com.simpl.resultat) so credentials are scoped to the real app identity. - Transparent migration on first load: a legacy tokens.json is copied into the keychain, then zeroed and unlinked before removal to reduce refresh-token recoverability from unallocated disk blocks. - Store-mode flag (keychain|file) persisted next to the auth dir. After a successful keychain write the store refuses to silently downgrade to the file fallback, so a subsequent failure forces re-authentication instead of leaking plaintext. - New get_token_store_mode command exposes the current mode to the frontend so a settings banner can warn users running on the file fallback. - auth_commands.rs refactored: all tokens.json read/write/delete paths go through token_store; check_subscription_status now uses token_store::load().is_some() to trigger migration even when the 24h throttle would early-return. Refs #66 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| capabilities | ||
| icons | ||
| src | ||
| .gitignore | ||
| build.rs | ||
| Cargo.lock | ||
| Cargo.toml | ||
| tauri.conf.json | ||