Windows data support

.github/workflows/checks.yml

@@ -13,7 +13,7 @@ jobs:
       - run: cargo fmt --all -- --check
 
   prettier:
-    name: Prettier
+    name: prettier
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -40,7 +40,7 @@ jobs:
 
   # Check links in the documentation.
   deadlinks:
-    name: Deadlinks
+    name: cargo-deadlinks
     runs-on: ubuntu-latest
     steps:
       - uses: awalsh128/cache-apt-pkgs-action@latest
@@ -56,39 +56,28 @@ jobs:
 
   # Check links in markdown files.
   mlc:
-    name: MLC
+    name: mlc
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: becheran/mlc@v0.14.3
+      - uses: becheran/mlc@v1
 
   # Spellcheck.
   spellcheck:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: streetsidesoftware/cspell-action@v1.0.1
+      - uses: streetsidesoftware/cspell-action@v7
         with:
           files: "**/*.{rs,md}"
 
-  # Markdown formatting.
-  markdown:
-    name: Markdown lints
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: nosborn/github-action-markdown-cli@v3.5.0
-        with:
-          files: .
-          ignore_path: .markdownlintignore
-
   # cargo-deny.
   deny:
     name: cargo-deny
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
 
   # cargo-semver.
   semver:

Cargo.toml

@@ -27,7 +27,7 @@ objc2-core-foundation = "0.3"
 block2 = "0.5"
 
 [target.'cfg(target_os = "windows")'.dependencies]
-windows = { version = "0.58", features = ["Foundation", "Security_Credentials_UI", "Win32_Foundation", "Win32_UI_WindowsAndMessaging"] }
+windows = { version = "0.58", features = ["Foundation", "Storage_Streams", "Security_Credentials_UI", "Security_Cryptography_Core", "Win32_Foundation", "Win32_UI_WindowsAndMessaging"] }
 
 [build-dependencies]
 tauri-plugin = { version = "2.4.0", features = ["build"] }

README.md

@@ -11,7 +11,7 @@
 - 🔐 Biometric authentication (Touch ID, Face ID, Windows Hello, fingerprint)
 - 📱 Full support for iOS and Android
 - 🖥️ Desktop support for macOS (Touch ID) and Windows (Windows Hello)
-- 🔑 Secure data storage with biometric protection (Android/iOS/macOS only)
+- 🔑 Secure data storage with biometric protection (Android/iOS/macOS/Windows)
 - 🎛️ Fallback to device passcode/password
 - 🛡️ Native security best practices
 - ⚡ Proper error handling with detailed error codes
@@ -32,11 +32,11 @@
 Install the JavaScript/TypeScript API:
 
 ```bash
 npm install @choochmeque/tauri-plugin-biometry-api
 # or
 yarn add @choochmeque/tauri-plugin-biometry-api
 # or
 pnpm add @choochmeque/tauri-plugin-biometry-api
 ```
 
 ## Setup
@@ -84,7 +84,7 @@
 ### Check Biometry Status
 
 ```typescript
 import { checkStatus } from '@choochmeque/tauri-plugin-biometry-api';
 
 const status = await checkStatus();
 console.log('Biometry available:', status.isAvailable);
@@ -99,7 +99,7 @@
 ### Authenticate
 
 ```typescript
 import { authenticate } from '@choochmeque/tauri-plugin-biometry-api';
 
 try {
   await authenticate('Please authenticate to continue', {
@@ -116,28 +116,28 @@
 }
 ```
 
-### Store Secure Data (macOS/iOS only)
+### Store Secure Data
 
 ```typescript
 import { setData, getData, hasData, removeData } from '@choochmeque/tauri-plugin-biometry-api';
 
 // Store data with biometric protection
 await setData({
   domain: 'com.myapp',
   name: 'api_key',
   data: 'secret-api-key-123'
 });
 
 // Check if data exists
 const exists = await hasData({
   domain: 'com.myapp',
   name: 'api_key'
 });
 
 // Retrieve data (will prompt for biometric authentication)
 if (exists) {
   const response = await getData({
     domain: 'com.myapp',
     name: 'api_key',
     reason: 'Access your API key'
   });
@@ -146,13 +146,11 @@
 
 // Remove data
 await removeData({
   domain: 'com.myapp',
   name: 'api_key'
 });
 ```
 
-**Note:** Data storage methods are not supported on Windows and will return a `notSupported` error.
-
 ## API Reference
 
 ### Types
@@ -234,7 +232,9 @@
 ### Windows
 
 - Supports Windows Hello (fingerprint, face, PIN)
-- Authentication only (data storage methods return "not supported" error)
+- Full secure data storage using Windows Hello credentials
+- Data is encrypted using AES-256 with Windows Hello protected keys
+- **Note:** `setData` will prompt for Windows Hello authentication when storing data
 - Automatically focuses Windows Hello dialog
 - Returns `BiometryType.Auto` as it uses Windows Hello's automatic selection
 
@@ -261,10 +261,10 @@
 
 ## Security Considerations
 
-- All secure data is stored in the system keychain (macOS/iOS) or Android Keystore
+- All secure data is stored in the system keychain (macOS/iOS), Android Keystore, or Windows Credential Manager
 - Data is encrypted and can only be accessed after successful biometric authentication
 - The plugin follows platform-specific security best practices
-- Windows currently supports authentication only, not secure data storage
+- Windows uses AES-256 encryption with keys derived from Windows Hello credentials
 - **macOS Code Signing:** Your app must be properly code-signed to use keychain storage on macOS. Development builds may work with ad-hoc signing, but production apps require valid Developer ID or App Store signing
 - Consider implementing additional application-level encryption for highly sensitive data
 

cspell.json

@@ -0,0 +1,52 @@
+{
+  "version": "0.2",
+  "$schema": "https://raw.githubusercontent.com/streetsidesoftware/cspell/main/cspell.schema.json",
+  "enableGlobDot": true,
+  "words": [
+    "camelcase",
+    "codecov",
+    "cosmiconfig",
+    "coverallsapp",
+    "EDITMSG",
+    "lcov",
+    "octokit",
+    "openapi",
+    "pollyjs",
+    "repos",
+    "shrinkwrap",
+    "streetsidesoftware",
+    "tauri",
+    "rustc",
+    "xctoolchain",
+    "rpath",
+    "Xswiftc",
+    "objc",
+    "PCWSTR",
+    "HSTRING",
+    "HRESULT",
+    "Pkcs"
+  ],
+  "useGitignore": true,
+  "ignorePaths": [
+    ".git/*",
+    ".git/!{COMMIT_EDITMSG,EDITMSG}",
+    ".git/*/**",
+    ".yarn",
+    ".pnp.js",
+    ".vscode",
+    ".gitignore",
+    "action/lib/**",
+    "coverage",
+    "cspell.json",
+    "__snapshots__",
+    "__recordings__",
+    "**/coverage/**",
+    "**/fixtures/**/*.json",
+    "**/fixtures/sampleCode/*errors/",
+    "node_modules",
+    "main_root.js",
+    "package-lock.json",
+    "pnpm-lock.yaml",
+    "yarn.lock"
+  ]
+}

deny.toml

@@ -0,0 +1,40 @@
+[graph]
+targets = [
+    "x86_64-unknown-linux-gnu",
+    "aarch64-unknown-linux-gnu",
+    "x86_64-unknown-linux-musl",
+    "aarch64-apple-darwin",
+    "x86_64-apple-darwin",
+    "x86_64-pc-windows-msvc",
+]
+all-features = true
+
+[advisories]
+unmaintained = "workspace"
+ignore = [
+    "atk-sys",
+    "fxhash",
+    "gdk",
+    "gdk-sys",
+    "gdkwayland-sys",
+    "gdkx11",
+    "proc-macro-error",
+    "RUSTSEC-2024-0429",
+]
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "deny"
+
+[licenses]
+confidence-threshold = 0.93
+allow = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "MIT",
+    "MPL-2.0",
+    "BSD-3-Clause",
+    "ISC",
+    "Unicode-3.0",
+    "Zlib",
+]