initial rough impl

2026-05-13 12:44:45 +02:00 · 2025-07-24 00:27:59 +02:00
parent a7af1a81b7
commit a132d8f3d5
30 changed files with 497 additions and 154 deletions
@@ -1,6 +1,6 @@
 [package]
 name = "tauri-plugin-secure-storage"
-version = "1.0.0"
+version = "2.0.0"
 edition = { workspace = true }
 authors = { workspace = true }
 license = { workspace = true }
@@ -33,3 +33,8 @@ serde_json = { workspace = true }
 tauri = { workspace = true }
 log = { workspace = true }
 thiserror = { workspace = true }
+# TODO: Non-android only:
+keyring = { git = "https://github.com/open-source-cooperative/keyring-rs", rev = "9635a2f53a19eb7f188cdc4e38982dcb19caee00" }
+
+[features]
+vendored = ["keyring/vendored"]
@@ -1 +1 @@
-if("__TAURI__"in window){var __TAURI_PLUGIN_SECURE_STORAGE__=function(_){"use strict";return _.x=function(){},_}({});Object.defineProperty(window.__TAURI__,"secureStorage",{value:__TAURI_PLUGIN_SECURE_STORAGE__})}
+if("__TAURI__"in window){var __TAURI_PLUGIN_SECURE_STORAGE__=function(e){"use strict";async function n(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}return"function"==typeof SuppressedError&&SuppressedError,e.getBinary=async function(e){return n("plugin:secure-storage|set_string",{key:e})},e.getString=async function(e){return n("plugin:secure-storage|get_string",{key:e})},e.setBinary=async function(e,r){return n("plugin:secure-storage|set_binary",{key:e,value:r})},e.setString=async function(e,r){return n("plugin:secure-storage|set_string",{key:e,value:r})},e}({});Object.defineProperty(window.__TAURI__,"secureStorage",{value:__TAURI_PLUGIN_SECURE_STORAGE__})}
@@ -2,13 +2,13 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-const COMMANDS: &[&str] = &["execute"];
+const COMMANDS: &[&str] = &["set_string", "get_string", "set_binary", "get_binary"];

 fn main() {
    let result = tauri_plugin::Builder::new(COMMANDS)
        .global_api_script_path("./api-iife.js")
        .android_path("android")
-        .ios_path("ios")
+        //.ios_path("ios")
        .try_build();

    // when building documentation for Android the plugin build result is always Err() and is irrelevant to the crate documentation build
@@ -2,4 +2,25 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-export function x() {}
+import { invoke } from '@tauri-apps/api/core'
+
+// TODO: functions to delete entries?
+
+export async function setString(key: string, value: string) {
+  return invoke('plugin:secure-storage|set_string', { key, value })
+}
+
+export async function getString(key: string): Promise<string> {
+  return invoke('plugin:secure-storage|get_string', { key })
+}
+
+export async function setBinary(
+  key: string,
+  value: number[] | Uint8Array | ArrayBuffer
+) {
+  return invoke('plugin:secure-storage|set_binary', { key, value })
+}
+
+export async function getBinary(key: string): Promise<number[]> {
+  return invoke('plugin:secure-storage|set_string', { key })
+}
@@ -1,10 +0,0 @@
-.DS_Store
-/.build
-/Packages
-/*.xcodeproj
-xcuserdata/
-DerivedData/
-.swiftpm/config/registries.json
-.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
-.netrc
-Package.resolved
@@ -1,34 +0,0 @@
-// swift-tools-version:5.3
-// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-License-Identifier: MIT
-
-import PackageDescription
-
-let package = Package(
-  name: "tauri-plugin-{{ secure-storage }}",
-  platforms: [
-    .macOS(.v10_13),
-    .iOS(.v13),
-  ],
-  products: [
-    // Products define the executables and libraries a package produces, and make them visible to other packages.
-    .library(
-      name: "tauri-plugin-{{ secure-storage }}",
-      type: .static,
-      targets: ["tauri-plugin-{{ secure-storage }}"])
-  ],
-  dependencies: [
-    .package(name: "Tauri", path: "../.tauri/tauri-api")
-  ],
-  targets: [
-    // Targets are the basic building blocks of a package. A target can define a module or a test suite.
-    // Targets can depend on other targets in this package, and on products in packages this package depends on.
-    .target(
-      name: "tauri-plugin-{{ secure-storage }}",
-      dependencies: [
-        .byName(name: "Tauri")
-      ],
-      path: "Sources")
-  ]
-)
@@ -1,3 +0,0 @@
-# Tauri Plugin Secure Storage
-
-A description of this package.
@@ -1,24 +0,0 @@
-// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-License-Identifier: MIT
-
-import SwiftRs
-import Tauri
-import UIKit
-import WebKit
-
-class PingArgs: Decodable {
-  var value: String?
-}
-
-class ExamplePlugin: Plugin {
-  @objc public func ping(_ invoke: Invoke) throws {
-    let args = try invoke.parseArgs(PingArgs.self)
-    invoke.resolve(["value": args.value ?? ""])
-  }
-}
-
-@_cdecl("init_plugin_secure_storage")
-func initPlugin() -> Plugin {
-  return ExamplePlugin()
-}
@@ -1,12 +0,0 @@
-// Copyright 2019-2023 Tauri Programme within The Commons Conservancy
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-License-Identifier: MIT
-
-import XCTest
-@testable import ExamplePlugin
-
-final class ExamplePluginTests: XCTestCase {
-    func testExample() throws {
-        let plugin = ExamplePlugin()
-    }
-}
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-get-binary"
+description = "Enables the get_binary command without any pre-configured scope."
+commands.allow = ["get_binary"]
+
+[[permission]]
+identifier = "deny-get-binary"
+description = "Denies the get_binary command without any pre-configured scope."
+commands.deny = ["get_binary"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-get-string"
+description = "Enables the get_string command without any pre-configured scope."
+commands.allow = ["get_string"]
+
+[[permission]]
+identifier = "deny-get-string"
+description = "Denies the get_string command without any pre-configured scope."
+commands.deny = ["get_string"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-set-binary"
+description = "Enables the set_binary command without any pre-configured scope."
+commands.allow = ["set_binary"]
+
+[[permission]]
+identifier = "deny-set-binary"
+description = "Denies the set_binary command without any pre-configured scope."
+commands.deny = ["set_binary"]
@@ -0,0 +1,13 @@
+# Automatically generated - DO NOT EDIT!
+
+"$schema" = "../../schemas/schema.json"
+
+[[permission]]
+identifier = "allow-set-string"
+description = "Enables the set_string command without any pre-configured scope."
+commands.allow = ["set_string"]
+
+[[permission]]
+identifier = "deny-set-string"
+description = "Denies the set_string command without any pre-configured scope."
+commands.deny = ["set_string"]
@@ -30,6 +30,110 @@ Enables the execute command without any pre-configured scope.

 Denies the execute command without any pre-configured scope.

+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:allow-get-binary`
+
+</td>
+<td>
+
+Enables the get_binary command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:deny-get-binary`
+
+</td>
+<td>
+
+Denies the get_binary command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:allow-get-string`
+
+</td>
+<td>
+
+Enables the get_string command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:deny-get-string`
+
+</td>
+<td>
+
+Denies the get_string command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:allow-set-binary`
+
+</td>
+<td>
+
+Enables the set_binary command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:deny-set-binary`
+
+</td>
+<td>
+
+Denies the set_binary command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:allow-set-string`
+
+</td>
+<td>
+
+Enables the set_string command without any pre-configured scope.
+
+</td>
+</tr>
+
+<tr>
+<td>
+
+`secure-storage:deny-set-string`
+
+</td>
+<td>
+
+Denies the set_string command without any pre-configured scope.
+
 </td>
 </tr>
 </table>
@@ -305,6 +305,54 @@
          "type": "string",
          "const": "deny-execute",
          "markdownDescription": "Denies the execute command without any pre-configured scope."
+        },
+        {
+          "description": "Enables the get_binary command without any pre-configured scope.",
+          "type": "string",
+          "const": "allow-get-binary",
+          "markdownDescription": "Enables the get_binary command without any pre-configured scope."
+        },
+        {
+          "description": "Denies the get_binary command without any pre-configured scope.",
+          "type": "string",
+          "const": "deny-get-binary",
+          "markdownDescription": "Denies the get_binary command without any pre-configured scope."
+        },
+        {
+          "description": "Enables the get_string command without any pre-configured scope.",
+          "type": "string",
+          "const": "allow-get-string",
+          "markdownDescription": "Enables the get_string command without any pre-configured scope."
+        },
+        {
+          "description": "Denies the get_string command without any pre-configured scope.",
+          "type": "string",
+          "const": "deny-get-string",
+          "markdownDescription": "Denies the get_string command without any pre-configured scope."
+        },
+        {
+          "description": "Enables the set_binary command without any pre-configured scope.",
+          "type": "string",
+          "const": "allow-set-binary",
+          "markdownDescription": "Enables the set_binary command without any pre-configured scope."
+        },
+        {
+          "description": "Denies the set_binary command without any pre-configured scope.",
+          "type": "string",
+          "const": "deny-set-binary",
+          "markdownDescription": "Denies the set_binary command without any pre-configured scope."
+        },
+        {
+          "description": "Enables the set_string command without any pre-configured scope.",
+          "type": "string",
+          "const": "allow-set-string",
+          "markdownDescription": "Enables the set_string command without any pre-configured scope."
+        },
+        {
+          "description": "Denies the set_string command without any pre-configured scope.",
+          "type": "string",
+          "const": "deny-set-string",
+          "markdownDescription": "Denies the set_string command without any pre-configured scope."
        }
      ]
    }
@@ -2,14 +2,26 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-use tauri::{AppHandle, command, Runtime, Window};
+use tauri::{command, AppHandle, Runtime};

-use crate::Result;
+use crate::{Result, SecureStorageExt};

 #[command]
-pub(crate) async fn execute<R: Runtime>(
-  _app: AppHandle<R>,
-  _window: Window<R>,
-) -> Result<String> {
-  Ok("success".to_string())
+pub(crate) fn set_string<R: Runtime>(app: AppHandle<R>, key: &str, value: &str) -> Result<()> {
+    app.secure_storage().set_string(key, value)
+}
+
+#[command]
+pub(crate) fn get_string<R: Runtime>(app: AppHandle<R>, key: &str) -> Result<String> {
+    app.secure_storage().get_string(key)
+}
+
+#[command]
+pub(crate) fn set_binary<R: Runtime>(app: AppHandle<R>, key: &str, value: &[u8]) -> Result<()> {
+    app.secure_storage().set_binary(key, value)
+}
+
+#[command]
+pub(crate) fn get_binary<R: Runtime>(app: AppHandle<R>, key: &str) -> Result<Vec<u8>> {
+    app.secure_storage().get_binary(key)
 }
@@ -2,10 +2,11 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

+use keyring::Entry;
 use serde::de::DeserializeOwned;
 use tauri::{plugin::PluginApi, AppHandle, Runtime};

-use crate::models::*;
+use crate::Result;

 pub fn init<R: Runtime, C: DeserializeOwned>(
    app: &AppHandle<R>,
@@ -18,9 +19,19 @@ pub fn init<R: Runtime, C: DeserializeOwned>(
 pub struct SecureStorage<R: Runtime>(AppHandle<R>);

 impl<R: Runtime> SecureStorage<R> {
-    pub fn ping(&self, payload: PingRequest) -> crate::Result<PingResponse> {
-        Ok(PingResponse {
-            value: payload.value,
-        })
+    pub fn set_string(&self, key: &str, value: &str) -> Result<()> {
+        Ok(Entry::new(&self.0.config().identifier, key)?.set_password(value)?)
+    }
+
+    pub fn get_string(&self, key: &str) -> Result<String> {
+        Ok(Entry::new(&self.0.config().identifier, key)?.get_password()?)
+    }
+
+    pub fn set_binary(&self, key: &str, value: &[u8]) -> Result<()> {
+        Ok(Entry::new(&self.0.config().identifier, key)?.set_secret(value)?)
+    }
+
+    pub fn get_binary(&self, key: &str) -> Result<Vec<u8>> {
+        Ok(Entry::new(&self.0.config().identifier, key)?.get_secret()?)
    }
 }
@@ -8,9 +8,10 @@ pub type Result<T> = std::result::Result<T, Error>;

 #[derive(Debug, thiserror::Error)]
 pub enum Error {
+    #[cfg(not(target_os = "android"))]
    #[error(transparent)]
-    Io(#[from] std::io::Error),
-    #[cfg(mobile)]
+    Keyring(#[from] keyring::Error),
+    #[cfg(target_os = "android")]
    #[error(transparent)]
    PluginInvoke(#[from] tauri::plugin::mobile::PluginInvokeError),
 }
@@ -9,9 +9,9 @@ use tauri::{

 pub use models::*;

-#[cfg(desktop)]
+#[cfg(not(target_os = "android"))]
 mod desktop;
-#[cfg(mobile)]
+#[cfg(target_os = "android")]
 mod mobile;

 mod commands;
@@ -20,11 +20,13 @@ mod models;

 pub use error::{Error, Result};

-#[cfg(desktop)]
+#[cfg(not(target_os = "android"))]
 pub use desktop::SecureStorage;
-#[cfg(mobile)]
+#[cfg(target_os = "android")]
 pub use mobile::SecureStorage;

+// TODO: Consider using a worker thread to handle caveats mentioned by keyring-rs
+
 /// Extensions to [`tauri::App`], [`tauri::AppHandle`], [`tauri::WebviewWindow`], [`tauri::Webview`] and [`tauri::Window`] to access the secure-storage APIs.
 pub trait SecureStorageExt<R: Runtime> {
    fn secure_storage(&self) -> &SecureStorage<R>;
@@ -39,11 +41,16 @@ impl<R: Runtime, T: Manager<R>> crate::SecureStorageExt<R> for T {
 /// Initializes the plugin.
 pub fn init<R: Runtime>() -> TauriPlugin<R> {
    Builder::new("secure-storage")
-        .invoke_handler(tauri::generate_handler![commands::execute])
+        .invoke_handler(tauri::generate_handler![
+            commands::set_string,
+            commands::get_string,
+            commands::set_binary,
+            commands::get_binary
+        ])
        .setup(|app, api| {
-            #[cfg(mobile)]
+            #[cfg(target_os = "android")]
            let secure_storage = mobile::init(app, api)?;
-            #[cfg(desktop)]
+            #[cfg(not(target_os = "android"))]
            let secure_storage = desktop::init(app, api)?;
            app.manage(secure_storage);
            Ok(())
@@ -13,8 +13,8 @@ use crate::models::*;
 #[cfg(target_os = "android")]
 const PLUGIN_IDENTIFIER: &str = "app.tauri.secure_storage";

-#[cfg(target_os = "ios")]
-tauri::ios_plugin_binding!(init_plugin_secure_storage);
+//#[cfg(target_os = "ios")]
+//tauri::ios_plugin_binding!(init_plugin_secure_storage);

 // initializes the Kotlin or Swift plugin classes
 pub fn init<R: Runtime, C: DeserializeOwned>(
@@ -23,8 +23,8 @@ pub fn init<R: Runtime, C: DeserializeOwned>(
 ) -> crate::Result<SecureStorage<R>> {
    #[cfg(target_os = "android")]
    let handle = api.register_android_plugin(PLUGIN_IDENTIFIER, "ExamplePlugin")?;
-    #[cfg(target_os = "ios")]
-    let handle = api.register_ios_plugin(init_plugin_secure_storage)?;
+    //#[cfg(target_os = "ios")]
+    //let handle = api.register_ios_plugin(init_plugin_secure_storage)?;
    Ok(SecureStorage(handle))
 }