No description
- Svelte 51.7%
- Rust 41.3%
- TypeScript 5.8%
- CSS 0.8%
- HTML 0.3%
Micke Nordin
13030f7387
Session cookies and OIDC access / refresh / device-secret tokens were being written as plaintext JSON to the tauri-plugin-store config file. Any other process with read access to the user's data directory could lift them and impersonate the account. Route all four secrets through the OS keyring (Secret Service on Linux, Keychain on macOS, Credential Manager on Windows) via the keyring crate. Only non-secret metadata (server_url, username, auth_mode, expires_at, avatar_url) stays in the plain store. Existing installs get a one-shot migration during check_session: any legacy plaintext values found in the store are copied into the keyring and deleted from disk. Keyring write failures are logged but don't fail login — the user stays signed in for the current run and re-auths next launch rather than silently falling back to plaintext persistence. |
||
|---|---|---|
| src | ||
| src-tauri | ||
| .gitignore | ||
| CLAUDE.md | ||
| index.html | ||
| LICENSE | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| svelte.config.js | ||
| tsconfig.json | ||
| vite.config.ts | ||