diff --git a/.changes/config.json b/.changes/config.json index 93ed46e3fc..9a5085be74 100644 --- a/.changes/config.json +++ b/.changes/config.json @@ -78,6 +78,7 @@ "notification", "os", "process", + "secure-storage", "shell", "store", "updater", @@ -104,6 +105,7 @@ "notification-js", "os-js", "process-js", + "secure-storage-js", "shell-js", "store-js", "updater-js" @@ -282,6 +284,14 @@ "path": "./plugins/process", "manager": "javascript" }, + "secure-storage": { + "path": "./plugins/secure-storage", + "manager": "rust" + }, + "secure-storage-js": { + "path": "./plugins/secure-storage", + "manager": "javascript" + }, "shell": { "path": "./plugins/shell", "manager": "rust" diff --git a/.changes/deprecate-stronghold.md b/.changes/deprecate-stronghold.md new file mode 100644 index 0000000000..d8d80e0326 --- /dev/null +++ b/.changes/deprecate-stronghold.md @@ -0,0 +1,6 @@ +--- +stronghold: patch +stronghold-js: patch +--- + +The `stronghold` plugin is now deprecated and will be removed in v3. The `secure-storage` plugin should be a replacement for most use-cases. diff --git a/.github/workflows/check-generated-files.yml b/.github/workflows/check-generated-files.yml index 6a513b2374..89c1c1bdeb 100644 --- a/.github/workflows/check-generated-files.yml +++ b/.github/workflows/check-generated-files.yml @@ -101,6 +101,11 @@ jobs: - pnpm-lock.yaml - plugins/process/guest-js/** - plugins/process/src/api-iife.js + secure-storage: + - .github/workflows/check-generated-files.yml + - pnpm-lock.yaml + - plugins/secure-storage/guest-js/** + - plugins/secure-storage/src/api-iife.js shell: - .github/workflows/check-generated-files.yml - pnpm-lock.yaml diff --git a/.github/workflows/lint-rust.yml b/.github/workflows/lint-rust.yml index db922ef1a4..510702446a 100644 --- a/.github/workflows/lint-rust.yml +++ b/.github/workflows/lint-rust.yml @@ -98,6 +98,9 @@ jobs: tauri-plugin-process: - .github/workflows/lint-rust.yml - plugins/process/** + tauri-plugin-secure-storage: + - .github/workflows/lint-rust.yml + - plugins/secure-storage/** tauri-plugin-shell: - .github/workflows/lint-rust.yml - plugins/shell/** diff --git a/.github/workflows/test-rust.yml b/.github/workflows/test-rust.yml index 496efe6e9b..2a5597b277 100644 --- a/.github/workflows/test-rust.yml +++ b/.github/workflows/test-rust.yml @@ -137,6 +137,11 @@ jobs: - Cargo.toml - Cargo.lock - plugins/process/** + tauri-plugin-secure-storage: + - .github/workflows/test-rust.yml + - Cargo.toml + - Cargo.lock + - plugins/secure-storage/** tauri-plugin-shell: - .github/workflows/test-rust.yml - Cargo.toml @@ -219,7 +224,7 @@ jobs: target: aarch64-linux-android, os: ubuntu-latest, runner: 'cross', - command: 'build' + command: 'build --verbose' } runs-on: ${{ matrix.platform.os }} @@ -233,7 +238,7 @@ jobs: sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.0-dev libwebkit2gtk-4.1-dev - - uses: dtolnay/rust-toolchain@1.77.2 + - uses: dtolnay/rust-toolchain@1.85 with: targets: ${{ matrix.platform.target }} @@ -246,7 +251,7 @@ jobs: run: cargo +stable install cross --git https://github.com/cross-rs/cross - name: test ${{ matrix.package }} - if: matrix.package != 'tauri-plugin-http' + if: matrix.package != 'tauri-plugin-http' && matrix.package != 'tauri-plugin-secure-storage' run: ${{ matrix.platform.runner }} ${{ matrix.platform.command }} --package ${{ matrix.package }} --target ${{ matrix.platform.target }} --all-targets --all-features - name: test ${{ matrix.package }} diff --git a/.taurignore b/.taurignore index 28a49db3e0..3c06c4ba4c 100644 --- a/.taurignore +++ b/.taurignore @@ -1,2 +1,3 @@ plugins/*/permissions/autogenerated/ plugins/*/android/.tauri/tauri-api/build/ +plugins/*/android/build/intermediates/ diff --git a/Cargo.lock b/Cargo.lock index 591a7349ab..afef03afa6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -117,6 +117,19 @@ version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" +[[package]] +name = "android-native-keyring-store" +version = "0.4.0" +source = "git+https://github.com/FabianLars/android-native-keyring-store#6d59ad7d6a84b1496175754aa00c000a59356da0" +dependencies = [ + "base64 0.22.1", + "jni", + "keyring-core", + "ndk-context", + "thiserror 2.0.12", + "tracing", +] + [[package]] name = "android-tzdata" version = "0.1.1" @@ -230,6 +243,7 @@ dependencies = [ "tauri-plugin-opener", "tauri-plugin-os", "tauri-plugin-process", + "tauri-plugin-secure-storage", "tauri-plugin-shell", "tauri-plugin-store", "tauri-plugin-updater", @@ -275,6 +289,17 @@ dependencies = [ "tauri-plugin-store", ] +[[package]] +name = "apple-native-keyring-store" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10f9955235ce557bd0ea2c64d7ff09a887885f515e98572d2640a29520d9c98c" +dependencies = [ + "keyring-core", + "log", + "security-framework 3.5.1", +] + [[package]] name = "arbitrary" version = "1.4.1" @@ -881,6 +906,15 @@ dependencies = [ "toml 0.8.20", ] +[[package]] +name = "cbc" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" +dependencies = [ + "cipher", +] + [[package]] name = "cc" version = "1.2.19" @@ -965,7 +999,7 @@ dependencies = [ "iana-time-zone", "num-traits", "serde", - "windows-link", + "windows-link 0.1.1", ] [[package]] @@ -1529,7 +1563,7 @@ dependencies = [ "libc", "option-ext", "redox_users 0.5.0", - "windows-sys 0.60.2", + "windows-sys 0.61.2", ] [[package]] @@ -3241,6 +3275,15 @@ dependencies = [ "unicode-segmentation", ] +[[package]] +name = "keyring-core" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64ad182c4841eb5795af9d20e6e020b65a895517f6a41e6358ed8af74ba35d98" +dependencies = [ + "log", +] + [[package]] name = "kqueue" version = "1.1.1" @@ -3772,6 +3815,30 @@ dependencies = [ "serde", ] +[[package]] +name = "num" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23" +dependencies = [ + "num-bigint", + "num-complex", + "num-integer", + "num-iter", + "num-rational", + "num-traits", +] + +[[package]] +name = "num-bigint" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" +dependencies = [ + "num-integer", + "num-traits", +] + [[package]] name = "num-bigint-dig" version = "0.8.4" @@ -3789,6 +3856,15 @@ dependencies = [ "zeroize", ] +[[package]] +name = "num-complex" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495" +dependencies = [ + "num-traits", +] + [[package]] name = "num-conv" version = "0.1.0" @@ -3815,6 +3891,17 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-rational" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824" +dependencies = [ + "num-bigint", + "num-integer", + "num-traits", +] + [[package]] name = "num-traits" version = "0.2.19" @@ -5290,7 +5377,7 @@ dependencies = [ "openssl-probe", "rustls-pki-types", "schannel", - "security-framework 3.2.0", + "security-framework 3.5.1", ] [[package]] @@ -5437,6 +5524,25 @@ dependencies = [ "zeroize", ] +[[package]] +name = "secret-service" +version = "5.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a62d7f86047af0077255a29494136b9aaaf697c76ff70b8e49cded4e2623c14" +dependencies = [ + "aes", + "cbc", + "futures-util", + "generic-array", + "getrandom 0.2.15", + "hkdf", + "num", + "once_cell", + "serde", + "sha2", + "zbus", +] + [[package]] name = "security-framework" version = "2.11.1" @@ -5452,9 +5558,9 @@ dependencies = [ [[package]] name = "security-framework" -version = "3.2.0" +version = "3.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316" +checksum = "b3297343eaf830f66ede390ea39da1d462b6b0c1b000f420d0a83f898bbbe6ef" dependencies = [ "bitflags 2.9.0", "core-foundation 0.10.0", @@ -5465,9 +5571,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.14.0" +version = "2.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" +checksum = "cc1f0cbffaac4852523ce30d8bd3c5cdc873501d96ff467ca09b6767bb8cd5c0" dependencies = [ "core-foundation-sys", "libc", @@ -6816,6 +6922,23 @@ dependencies = [ "tauri-plugin", ] +[[package]] +name = "tauri-plugin-secure-storage" +version = "2.0.0" +dependencies = [ + "android-native-keyring-store", + "apple-native-keyring-store", + "keyring-core", + "log", + "serde", + "serde_json", + "tauri", + "tauri-plugin", + "thiserror 2.0.12", + "windows-native-keyring-store", + "zbus-secret-service-keyring-store", +] + [[package]] name = "tauri-plugin-shell" version = "2.3.1" @@ -6964,7 +7087,7 @@ dependencies = [ "tauri-plugin", "thiserror 2.0.12", "tokio", - "tokio-tungstenite", + "tokio-tungstenite 0.28.0", ] [[package]] @@ -7335,6 +7458,18 @@ name = "tokio-tungstenite" version = "0.27.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "489a59b6730eda1b0171fcfda8b121f4bee2b35cba8645ca35c5f7ba3eb736c1" +dependencies = [ + "futures-util", + "log", + "tokio", + "tungstenite 0.27.0", +] + +[[package]] +name = "tokio-tungstenite" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d25a406cddcc431a75d3d9afc6a7c0f7428d4891dd973e4d54c56b46127bf857" dependencies = [ "futures-util", "log", @@ -7345,7 +7480,7 @@ dependencies = [ "tokio", "tokio-native-tls", "tokio-rustls", - "tungstenite", + "tungstenite 0.28.0", "webpki-roots", ] @@ -7568,6 +7703,23 @@ name = "tungstenite" version = "0.27.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eadc29d668c91fcc564941132e17b28a7ceb2f3ebf0b9dae3e03fd7a6748eb0d" +dependencies = [ + "bytes", + "data-encoding", + "http", + "httparse", + "log", + "rand 0.9.0", + "sha1", + "thiserror 2.0.12", + "utf-8", +] + +[[package]] +name = "tungstenite" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8628dcc84e5a09eb3d8423d6cb682965dea9133204e8fb3efee74c2a0c259442" dependencies = [ "bytes", "data-encoding", @@ -8128,7 +8280,7 @@ dependencies = [ "tauri-build", "tauri-plugin-websocket", "tokio", - "tokio-tungstenite", + "tokio-tungstenite 0.27.0", ] [[package]] @@ -8261,7 +8413,7 @@ dependencies = [ "windows-collections", "windows-core", "windows-future", - "windows-link", + "windows-link 0.1.1", "windows-numerics", ] @@ -8282,7 +8434,7 @@ checksum = "4763c1de310c86d75a878046489e2e5ba02c649d185f21c67d4cf8a56d098980" dependencies = [ "windows-implement", "windows-interface", - "windows-link", + "windows-link 0.1.1", "windows-result", "windows-strings 0.4.0", ] @@ -8294,7 +8446,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a1d6bbefcb7b60acd19828e1bc965da6fcf18a7e39490c5f8be71e54a19ba32" dependencies = [ "windows-core", - "windows-link", + "windows-link 0.1.1", ] [[package]] @@ -8325,6 +8477,24 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38" +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-native-keyring-store" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d37273ed015cfe7bce6fd684478cdd40435fc84a9ce781404d1fbc61c2d674d" +dependencies = [ + "byteorder", + "keyring-core", + "windows-sys 0.61.2", + "zeroize", +] + [[package]] name = "windows-numerics" version = "0.2.0" @@ -8332,7 +8502,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1" dependencies = [ "windows-core", - "windows-link", + "windows-link 0.1.1", ] [[package]] @@ -8352,7 +8522,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ad1da3e436dc7653dfdf3da67332e22bff09bb0e28b0239e1624499c7830842e" dependencies = [ - "windows-link", + "windows-link 0.1.1", "windows-result", "windows-strings 0.4.0", ] @@ -8363,7 +8533,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c64fd11a4fd95df68efcfee5f44a294fe71b8bc6a91993e2791938abcc712252" dependencies = [ - "windows-link", + "windows-link 0.1.1", ] [[package]] @@ -8372,7 +8542,7 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "87fa48cc5d406560701792be122a10132491cff9d0aeb23583cc2dcafc847319" dependencies = [ - "windows-link", + "windows-link 0.1.1", ] [[package]] @@ -8381,7 +8551,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a2ba9642430ee452d5a7aa78d72907ebe8cfda358e8cb7918a2050581322f97" dependencies = [ - "windows-link", + "windows-link 0.1.1", ] [[package]] @@ -8429,6 +8599,15 @@ dependencies = [ "windows-targets 0.53.2", ] +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link 0.2.1", +] + [[package]] name = "windows-targets" version = "0.42.2" @@ -8497,7 +8676,7 @@ version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e04a5c6627e310a23ad2358483286c7df260c964eb2d003d8efd6d0f4e79265c" dependencies = [ - "windows-link", + "windows-link 0.1.1", ] [[package]] @@ -8932,9 +9111,9 @@ dependencies = [ [[package]] name = "zbus" -version = "5.9.0" +version = "5.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bb4f9a464286d42851d18a605f7193b8febaf5b0919d71c6399b7b26e5b0aad" +checksum = "2d07e46d035fb8e375b2ce63ba4e4ff90a7f73cf2ffb0138b29e1158d2eaadf7" dependencies = [ "async-broadcast", "async-executor", @@ -8957,18 +9136,28 @@ dependencies = [ "tokio", "tracing", "uds_windows", - "windows-sys 0.59.0", + "windows-sys 0.60.2", "winnow 0.7.12", "zbus_macros", "zbus_names", "zvariant", ] +[[package]] +name = "zbus-secret-service-keyring-store" +version = "0.1.0" +source = "git+https://github.com/FabianLars/zbus-secret-service-keyring-store#e465bd217f68350a969229c5fcbc758ebb6819c4" +dependencies = [ + "keyring-core", + "secret-service", + "zbus", +] + [[package]] name = "zbus_macros" -version = "5.9.0" +version = "5.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef9859f68ee0c4ee2e8cde84737c78e3f4c54f946f2a38645d0d4c7a95327659" +checksum = "57e797a9c847ed3ccc5b6254e8bcce056494b375b511b3d6edcec0aeb4defaca" dependencies = [ "proc-macro-crate 3.3.0", "proc-macro2", diff --git a/examples/api/package.json b/examples/api/package.json index 43a093ef1d..91763334ff 100644 --- a/examples/api/package.json +++ b/examples/api/package.json @@ -26,6 +26,7 @@ "@tauri-apps/plugin-opener": "^2.5.0", "@tauri-apps/plugin-os": "^2.3.1", "@tauri-apps/plugin-process": "^2.3.0", + "@tauri-apps/plugin-secure-storage": "file:../../plugins/secure-storage", "@tauri-apps/plugin-shell": "^2.3.1", "@tauri-apps/plugin-store": "^2.4.0", "@tauri-apps/plugin-updater": "^2.9.0", diff --git a/examples/api/src-tauri/Cargo.toml b/examples/api/src-tauri/Cargo.toml index 70e52d42dc..1134fc4109 100644 --- a/examples/api/src-tauri/Cargo.toml +++ b/examples/api/src-tauri/Cargo.toml @@ -36,6 +36,7 @@ tauri-plugin-notification = { path = "../../../plugins/notification", version = tauri-plugin-os = { path = "../../../plugins/os", version = "2.3.1" } tauri-plugin-process = { path = "../../../plugins/process", version = "2.3.0" } tauri-plugin-opener = { path = "../../../plugins/opener", version = "2.5.0" } +tauri-plugin-secure-storage = { path = "../../../plugins/secure-storage" } tauri-plugin-shell = { path = "../../../plugins/shell", version = "2.3.1" } tauri-plugin-store = { path = "../../../plugins/store", version = "2.4.0" } tauri-plugin-upload = { path = "../../../plugins/upload", version = "2.3.0" } diff --git a/examples/api/src-tauri/capabilities/base.json b/examples/api/src-tauri/capabilities/base.json index 09d028daca..80d18a90b7 100644 --- a/examples/api/src-tauri/capabilities/base.json +++ b/examples/api/src-tauri/capabilities/base.json @@ -102,6 +102,10 @@ "identifier": "opener:allow-open-path", "allow": [{ "path": "$APPDATA" }, { "path": "$APPDATA/**" }] }, - "upload:default" + "upload:default", + "secure-storage:allow-get-string", + "secure-storage:allow-set-string", + "secure-storage:allow-get-binary", + "secure-storage:allow-set-binary" ] } diff --git a/examples/api/src-tauri/src/cmd.rs b/examples/api/src-tauri/src/cmd.rs index 734552c637..27d4e7f090 100644 --- a/examples/api/src-tauri/src/cmd.rs +++ b/examples/api/src-tauri/src/cmd.rs @@ -14,11 +14,11 @@ pub struct RequestBody { #[command] pub fn log_operation(event: String, payload: Option) { - log::info!("{} {:?}", event, payload); + log::info!("{event} {payload:?}"); } #[command] pub fn perform_request(endpoint: String, body: RequestBody) -> String { - println!("{} {:?}", endpoint, body); + println!("{endpoint} {body:?}"); "message response".into() } diff --git a/examples/api/src-tauri/src/lib.rs b/examples/api/src-tauri/src/lib.rs index 3c58f2c81d..5b75f9f239 100644 --- a/examples/api/src-tauri/src/lib.rs +++ b/examples/api/src-tauri/src/lib.rs @@ -38,6 +38,7 @@ pub fn run() { .plugin(tauri_plugin_process::init()) .plugin(tauri_plugin_opener::init()) .plugin(tauri_plugin_shell::init()) + .plugin(tauri_plugin_secure_storage::init()) .plugin(tauri_plugin_store::Builder::default().build()) .plugin(tauri_plugin_upload::init()) .setup(move |app| { diff --git a/examples/api/src/App.svelte b/examples/api/src/App.svelte index 8e114c4b9d..b053eadb4b 100644 --- a/examples/api/src/App.svelte +++ b/examples/api/src/App.svelte @@ -23,6 +23,7 @@ import Biometric from './views/Biometric.svelte' import Geolocation from './views/Geolocation.svelte' import Haptics from './views/Haptics.svelte' + import SecureStorage from './views/SecureStorage.svelte' import { onMount, tick } from 'svelte' import { ask } from '@tauri-apps/plugin-dialog' @@ -103,6 +104,11 @@ component: Store, icon: 'i-codicon-file-code' }, + { + label: 'SecureStorage', + component: SecureStorage, + icon: 'i-codicon-file-code' + }, !isMobile && { label: 'Updater', component: Updater, @@ -213,9 +219,9 @@ ...r, { html: - `
[${new Date().toLocaleTimeString()}]: ` +
-          (typeof value === 'string' ? value : JSON.stringify(value, null, 1)) +
-          '
' + `
[${new Date().toLocaleTimeString()}]: `
+          + (typeof value === 'string' ? value : JSON.stringify(value, null, 1))
+          + '
' } ]) await tick() @@ -229,9 +235,9 @@ ...r, { html: - `
[${new Date().toLocaleTimeString()}]: ` +
-          html +
-          '
' + `
[${new Date().toLocaleTimeString()}]: `
+          + html
+          + '
' } ]) await tick() diff --git a/examples/api/src/views/SecureStorage.svelte b/examples/api/src/views/SecureStorage.svelte new file mode 100644 index 0000000000..8f2e396c90 --- /dev/null +++ b/examples/api/src/views/SecureStorage.svelte @@ -0,0 +1,54 @@ + + +
+
+
+ Key: + +
+ +
+ Value: + +
+ +
+ + + +
+
+ +
+ Output: {output} +
+
diff --git a/plugins/autostart/permissions/schemas/schema.json b/plugins/autostart/permissions/schemas/schema.json index af681221fe..722636eaec 100644 --- a/plugins/autostart/permissions/schemas/schema.json +++ b/plugins/autostart/permissions/schemas/schema.json @@ -331,10 +331,10 @@ "markdownDescription": "Denies the is_enabled command without any pre-configured scope." }, { - "description": "This permission set configures if your\napplication can enable or disable auto\nstarting the application on boot.\n\n#### Granted Permissions\n\nIt allows all to check, enable and\ndisable the automatic start on boot.\n\n\n#### This default permission set includes:\n\n- `allow-enable`\n- `allow-disable`\n- `allow-is-enabled`", + "description": "This permission set configures if your\r\napplication can enable or disable auto\r\nstarting the application on boot.\r\n\r\n#### Granted Permissions\r\n\r\nIt allows all to check, enable and\r\ndisable the automatic start on boot.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-enable`\n- `allow-disable`\n- `allow-is-enabled`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures if your\napplication can enable or disable auto\nstarting the application on boot.\n\n#### Granted Permissions\n\nIt allows all to check, enable and\ndisable the automatic start on boot.\n\n\n#### This default permission set includes:\n\n- `allow-enable`\n- `allow-disable`\n- `allow-is-enabled`" + "markdownDescription": "This permission set configures if your\r\napplication can enable or disable auto\r\nstarting the application on boot.\r\n\r\n#### Granted Permissions\r\n\r\nIt allows all to check, enable and\r\ndisable the automatic start on boot.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-enable`\n- `allow-disable`\n- `allow-is-enabled`" } ] } diff --git a/plugins/biometric/permissions/schemas/schema.json b/plugins/biometric/permissions/schemas/schema.json index 416759b534..7713d22cd2 100644 --- a/plugins/biometric/permissions/schemas/schema.json +++ b/plugins/biometric/permissions/schemas/schema.json @@ -319,10 +319,10 @@ "markdownDescription": "Denies the status command without any pre-configured scope." }, { - "description": "This permission set configures which\nbiometric features are by default exposed.\n\n#### Granted Permissions\n\nIt allows acccess to all biometric commands.\n\n\n#### This default permission set includes:\n\n- `allow-authenticate`\n- `allow-status`", + "description": "This permission set configures which\r\nbiometric features are by default exposed.\r\n\r\n#### Granted Permissions\r\n\r\nIt allows acccess to all biometric commands.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-authenticate`\n- `allow-status`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures which\nbiometric features are by default exposed.\n\n#### Granted Permissions\n\nIt allows acccess to all biometric commands.\n\n\n#### This default permission set includes:\n\n- `allow-authenticate`\n- `allow-status`" + "markdownDescription": "This permission set configures which\r\nbiometric features are by default exposed.\r\n\r\n#### Granted Permissions\r\n\r\nIt allows acccess to all biometric commands.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-authenticate`\n- `allow-status`" } ] } diff --git a/plugins/clipboard-manager/permissions/autogenerated/reference.md b/plugins/clipboard-manager/permissions/autogenerated/reference.md index 98a7fa961f..8900663d87 100644 --- a/plugins/clipboard-manager/permissions/autogenerated/reference.md +++ b/plugins/clipboard-manager/permissions/autogenerated/reference.md @@ -1,7 +1,7 @@ ## Default Permission No features are enabled by default, as we believe -the clipboard can be inherently dangerous and it is +the clipboard can be inherently dangerous and it is application specific if read and/or write access is needed. Clipboard interaction needs to be explicitly enabled. diff --git a/plugins/clipboard-manager/permissions/default.toml b/plugins/clipboard-manager/permissions/default.toml index d6f651953c..e09097f956 100644 --- a/plugins/clipboard-manager/permissions/default.toml +++ b/plugins/clipboard-manager/permissions/default.toml @@ -2,7 +2,7 @@ [default] description = """ No features are enabled by default, as we believe -the clipboard can be inherently dangerous and it is +the clipboard can be inherently dangerous and it is application specific if read and/or write access is needed. Clipboard interaction needs to be explicitly enabled. diff --git a/plugins/clipboard-manager/permissions/schemas/schema.json b/plugins/clipboard-manager/permissions/schemas/schema.json index 891c6f0d8d..1cc89026ab 100644 --- a/plugins/clipboard-manager/permissions/schemas/schema.json +++ b/plugins/clipboard-manager/permissions/schemas/schema.json @@ -367,10 +367,10 @@ "markdownDescription": "Denies the write_text command without any pre-configured scope." }, { - "description": "No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n", + "description": "No features are enabled by default, as we believe\r\nthe clipboard can be inherently dangerous and it is\r\napplication specific if read and/or write access is needed.\r\n\r\nClipboard interaction needs to be explicitly enabled.\r\n", "type": "string", "const": "default", - "markdownDescription": "No features are enabled by default, as we believe\nthe clipboard can be inherently dangerous and it is \napplication specific if read and/or write access is needed.\n\nClipboard interaction needs to be explicitly enabled.\n" + "markdownDescription": "No features are enabled by default, as we believe\r\nthe clipboard can be inherently dangerous and it is\r\napplication specific if read and/or write access is needed.\r\n\r\nClipboard interaction needs to be explicitly enabled.\r\n" } ] } diff --git a/plugins/fs/permissions/autogenerated/base-directories/appcache.toml b/plugins/fs/permissions/autogenerated/base-directories/appcache.toml index 50e19efc99..1fbb4ece65 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/appcache.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/appcache.toml @@ -36,47 +36,29 @@ path = "$APPCACHE" [[set]] identifier = "allow-appcache-read-recursive" description = "This allows full recursive read access to the complete `$APPCACHE` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-appcache-recursive" -] +permissions = ["read-all", "scope-appcache-recursive"] [[set]] identifier = "allow-appcache-write-recursive" description = "This allows full recursive write access to the complete `$APPCACHE` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-appcache-recursive" -] +permissions = ["write-all", "scope-appcache-recursive"] [[set]] identifier = "allow-appcache-read" description = "This allows non-recursive read access to the `$APPCACHE` folder." -permissions = [ - "read-all", - "scope-appcache" -] +permissions = ["read-all", "scope-appcache"] [[set]] identifier = "allow-appcache-write" description = "This allows non-recursive write access to the `$APPCACHE` folder." -permissions = [ - "write-all", - "scope-appcache" -] +permissions = ["write-all", "scope-appcache"] [[set]] identifier = "allow-appcache-meta-recursive" description = "This allows full recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-appcache-recursive" -] +permissions = ["read-meta", "scope-appcache-recursive"] [[set]] identifier = "allow-appcache-meta" description = "This allows non-recursive read access to metadata of the `$APPCACHE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-appcache-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-appcache-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/appconfig.toml b/plugins/fs/permissions/autogenerated/base-directories/appconfig.toml index ab136956d4..0c3b821e47 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/appconfig.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/appconfig.toml @@ -36,47 +36,29 @@ path = "$APPCONFIG" [[set]] identifier = "allow-appconfig-read-recursive" description = "This allows full recursive read access to the complete `$APPCONFIG` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-appconfig-recursive" -] +permissions = ["read-all", "scope-appconfig-recursive"] [[set]] identifier = "allow-appconfig-write-recursive" description = "This allows full recursive write access to the complete `$APPCONFIG` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-appconfig-recursive" -] +permissions = ["write-all", "scope-appconfig-recursive"] [[set]] identifier = "allow-appconfig-read" description = "This allows non-recursive read access to the `$APPCONFIG` folder." -permissions = [ - "read-all", - "scope-appconfig" -] +permissions = ["read-all", "scope-appconfig"] [[set]] identifier = "allow-appconfig-write" description = "This allows non-recursive write access to the `$APPCONFIG` folder." -permissions = [ - "write-all", - "scope-appconfig" -] +permissions = ["write-all", "scope-appconfig"] [[set]] identifier = "allow-appconfig-meta-recursive" description = "This allows full recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-appconfig-recursive" -] +permissions = ["read-meta", "scope-appconfig-recursive"] [[set]] identifier = "allow-appconfig-meta" description = "This allows non-recursive read access to metadata of the `$APPCONFIG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-appconfig-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-appconfig-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/appdata.toml b/plugins/fs/permissions/autogenerated/base-directories/appdata.toml index 1b0931e20d..3960f62413 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/appdata.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/appdata.toml @@ -36,47 +36,29 @@ path = "$APPDATA" [[set]] identifier = "allow-appdata-read-recursive" description = "This allows full recursive read access to the complete `$APPDATA` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-appdata-recursive" -] +permissions = ["read-all", "scope-appdata-recursive"] [[set]] identifier = "allow-appdata-write-recursive" description = "This allows full recursive write access to the complete `$APPDATA` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-appdata-recursive" -] +permissions = ["write-all", "scope-appdata-recursive"] [[set]] identifier = "allow-appdata-read" description = "This allows non-recursive read access to the `$APPDATA` folder." -permissions = [ - "read-all", - "scope-appdata" -] +permissions = ["read-all", "scope-appdata"] [[set]] identifier = "allow-appdata-write" description = "This allows non-recursive write access to the `$APPDATA` folder." -permissions = [ - "write-all", - "scope-appdata" -] +permissions = ["write-all", "scope-appdata"] [[set]] identifier = "allow-appdata-meta-recursive" description = "This allows full recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-appdata-recursive" -] +permissions = ["read-meta", "scope-appdata-recursive"] [[set]] identifier = "allow-appdata-meta" description = "This allows non-recursive read access to metadata of the `$APPDATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-appdata-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-appdata-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/applocaldata.toml b/plugins/fs/permissions/autogenerated/base-directories/applocaldata.toml index a6e38a31f3..8bec20d742 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/applocaldata.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/applocaldata.toml @@ -36,47 +36,29 @@ path = "$APPLOCALDATA" [[set]] identifier = "allow-applocaldata-read-recursive" description = "This allows full recursive read access to the complete `$APPLOCALDATA` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-applocaldata-recursive" -] +permissions = ["read-all", "scope-applocaldata-recursive"] [[set]] identifier = "allow-applocaldata-write-recursive" description = "This allows full recursive write access to the complete `$APPLOCALDATA` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-applocaldata-recursive" -] +permissions = ["write-all", "scope-applocaldata-recursive"] [[set]] identifier = "allow-applocaldata-read" description = "This allows non-recursive read access to the `$APPLOCALDATA` folder." -permissions = [ - "read-all", - "scope-applocaldata" -] +permissions = ["read-all", "scope-applocaldata"] [[set]] identifier = "allow-applocaldata-write" description = "This allows non-recursive write access to the `$APPLOCALDATA` folder." -permissions = [ - "write-all", - "scope-applocaldata" -] +permissions = ["write-all", "scope-applocaldata"] [[set]] identifier = "allow-applocaldata-meta-recursive" description = "This allows full recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-applocaldata-recursive" -] +permissions = ["read-meta", "scope-applocaldata-recursive"] [[set]] identifier = "allow-applocaldata-meta" description = "This allows non-recursive read access to metadata of the `$APPLOCALDATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-applocaldata-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-applocaldata-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/applog.toml b/plugins/fs/permissions/autogenerated/base-directories/applog.toml index a979ce76a5..d67c648e0e 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/applog.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/applog.toml @@ -36,47 +36,29 @@ path = "$APPLOG" [[set]] identifier = "allow-applog-read-recursive" description = "This allows full recursive read access to the complete `$APPLOG` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-applog-recursive" -] +permissions = ["read-all", "scope-applog-recursive"] [[set]] identifier = "allow-applog-write-recursive" description = "This allows full recursive write access to the complete `$APPLOG` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-applog-recursive" -] +permissions = ["write-all", "scope-applog-recursive"] [[set]] identifier = "allow-applog-read" description = "This allows non-recursive read access to the `$APPLOG` folder." -permissions = [ - "read-all", - "scope-applog" -] +permissions = ["read-all", "scope-applog"] [[set]] identifier = "allow-applog-write" description = "This allows non-recursive write access to the `$APPLOG` folder." -permissions = [ - "write-all", - "scope-applog" -] +permissions = ["write-all", "scope-applog"] [[set]] identifier = "allow-applog-meta-recursive" description = "This allows full recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-applog-recursive" -] +permissions = ["read-meta", "scope-applog-recursive"] [[set]] identifier = "allow-applog-meta" description = "This allows non-recursive read access to metadata of the `$APPLOG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-applog-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-applog-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/audio.toml b/plugins/fs/permissions/autogenerated/base-directories/audio.toml index d66d68a23d..570e2cc21f 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/audio.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/audio.toml @@ -36,47 +36,29 @@ path = "$AUDIO" [[set]] identifier = "allow-audio-read-recursive" description = "This allows full recursive read access to the complete `$AUDIO` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-audio-recursive" -] +permissions = ["read-all", "scope-audio-recursive"] [[set]] identifier = "allow-audio-write-recursive" description = "This allows full recursive write access to the complete `$AUDIO` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-audio-recursive" -] +permissions = ["write-all", "scope-audio-recursive"] [[set]] identifier = "allow-audio-read" description = "This allows non-recursive read access to the `$AUDIO` folder." -permissions = [ - "read-all", - "scope-audio" -] +permissions = ["read-all", "scope-audio"] [[set]] identifier = "allow-audio-write" description = "This allows non-recursive write access to the `$AUDIO` folder." -permissions = [ - "write-all", - "scope-audio" -] +permissions = ["write-all", "scope-audio"] [[set]] identifier = "allow-audio-meta-recursive" description = "This allows full recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-audio-recursive" -] +permissions = ["read-meta", "scope-audio-recursive"] [[set]] identifier = "allow-audio-meta" description = "This allows non-recursive read access to metadata of the `$AUDIO` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-audio-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-audio-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/cache.toml b/plugins/fs/permissions/autogenerated/base-directories/cache.toml index 814319eb8e..509247363f 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/cache.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/cache.toml @@ -36,47 +36,29 @@ path = "$CACHE" [[set]] identifier = "allow-cache-read-recursive" description = "This allows full recursive read access to the complete `$CACHE` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-cache-recursive" -] +permissions = ["read-all", "scope-cache-recursive"] [[set]] identifier = "allow-cache-write-recursive" description = "This allows full recursive write access to the complete `$CACHE` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-cache-recursive" -] +permissions = ["write-all", "scope-cache-recursive"] [[set]] identifier = "allow-cache-read" description = "This allows non-recursive read access to the `$CACHE` folder." -permissions = [ - "read-all", - "scope-cache" -] +permissions = ["read-all", "scope-cache"] [[set]] identifier = "allow-cache-write" description = "This allows non-recursive write access to the `$CACHE` folder." -permissions = [ - "write-all", - "scope-cache" -] +permissions = ["write-all", "scope-cache"] [[set]] identifier = "allow-cache-meta-recursive" description = "This allows full recursive read access to metadata of the `$CACHE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-cache-recursive" -] +permissions = ["read-meta", "scope-cache-recursive"] [[set]] identifier = "allow-cache-meta" description = "This allows non-recursive read access to metadata of the `$CACHE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-cache-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-cache-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/config.toml b/plugins/fs/permissions/autogenerated/base-directories/config.toml index 592210456a..fdde6c3bfb 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/config.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/config.toml @@ -36,47 +36,29 @@ path = "$CONFIG" [[set]] identifier = "allow-config-read-recursive" description = "This allows full recursive read access to the complete `$CONFIG` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-config-recursive" -] +permissions = ["read-all", "scope-config-recursive"] [[set]] identifier = "allow-config-write-recursive" description = "This allows full recursive write access to the complete `$CONFIG` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-config-recursive" -] +permissions = ["write-all", "scope-config-recursive"] [[set]] identifier = "allow-config-read" description = "This allows non-recursive read access to the `$CONFIG` folder." -permissions = [ - "read-all", - "scope-config" -] +permissions = ["read-all", "scope-config"] [[set]] identifier = "allow-config-write" description = "This allows non-recursive write access to the `$CONFIG` folder." -permissions = [ - "write-all", - "scope-config" -] +permissions = ["write-all", "scope-config"] [[set]] identifier = "allow-config-meta-recursive" description = "This allows full recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-config-recursive" -] +permissions = ["read-meta", "scope-config-recursive"] [[set]] identifier = "allow-config-meta" description = "This allows non-recursive read access to metadata of the `$CONFIG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-config-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-config-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/data.toml b/plugins/fs/permissions/autogenerated/base-directories/data.toml index a8428ca13a..c384bd181a 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/data.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/data.toml @@ -36,47 +36,29 @@ path = "$DATA" [[set]] identifier = "allow-data-read-recursive" description = "This allows full recursive read access to the complete `$DATA` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-data-recursive" -] +permissions = ["read-all", "scope-data-recursive"] [[set]] identifier = "allow-data-write-recursive" description = "This allows full recursive write access to the complete `$DATA` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-data-recursive" -] +permissions = ["write-all", "scope-data-recursive"] [[set]] identifier = "allow-data-read" description = "This allows non-recursive read access to the `$DATA` folder." -permissions = [ - "read-all", - "scope-data" -] +permissions = ["read-all", "scope-data"] [[set]] identifier = "allow-data-write" description = "This allows non-recursive write access to the `$DATA` folder." -permissions = [ - "write-all", - "scope-data" -] +permissions = ["write-all", "scope-data"] [[set]] identifier = "allow-data-meta-recursive" description = "This allows full recursive read access to metadata of the `$DATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-data-recursive" -] +permissions = ["read-meta", "scope-data-recursive"] [[set]] identifier = "allow-data-meta" description = "This allows non-recursive read access to metadata of the `$DATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-data-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-data-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/desktop.toml b/plugins/fs/permissions/autogenerated/base-directories/desktop.toml index da369fa039..b0b4feb12b 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/desktop.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/desktop.toml @@ -36,47 +36,29 @@ path = "$DESKTOP" [[set]] identifier = "allow-desktop-read-recursive" description = "This allows full recursive read access to the complete `$DESKTOP` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-desktop-recursive" -] +permissions = ["read-all", "scope-desktop-recursive"] [[set]] identifier = "allow-desktop-write-recursive" description = "This allows full recursive write access to the complete `$DESKTOP` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-desktop-recursive" -] +permissions = ["write-all", "scope-desktop-recursive"] [[set]] identifier = "allow-desktop-read" description = "This allows non-recursive read access to the `$DESKTOP` folder." -permissions = [ - "read-all", - "scope-desktop" -] +permissions = ["read-all", "scope-desktop"] [[set]] identifier = "allow-desktop-write" description = "This allows non-recursive write access to the `$DESKTOP` folder." -permissions = [ - "write-all", - "scope-desktop" -] +permissions = ["write-all", "scope-desktop"] [[set]] identifier = "allow-desktop-meta-recursive" description = "This allows full recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-desktop-recursive" -] +permissions = ["read-meta", "scope-desktop-recursive"] [[set]] identifier = "allow-desktop-meta" description = "This allows non-recursive read access to metadata of the `$DESKTOP` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-desktop-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-desktop-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/document.toml b/plugins/fs/permissions/autogenerated/base-directories/document.toml index 9feb4d0d0a..ad2ac22242 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/document.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/document.toml @@ -36,47 +36,29 @@ path = "$DOCUMENT" [[set]] identifier = "allow-document-read-recursive" description = "This allows full recursive read access to the complete `$DOCUMENT` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-document-recursive" -] +permissions = ["read-all", "scope-document-recursive"] [[set]] identifier = "allow-document-write-recursive" description = "This allows full recursive write access to the complete `$DOCUMENT` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-document-recursive" -] +permissions = ["write-all", "scope-document-recursive"] [[set]] identifier = "allow-document-read" description = "This allows non-recursive read access to the `$DOCUMENT` folder." -permissions = [ - "read-all", - "scope-document" -] +permissions = ["read-all", "scope-document"] [[set]] identifier = "allow-document-write" description = "This allows non-recursive write access to the `$DOCUMENT` folder." -permissions = [ - "write-all", - "scope-document" -] +permissions = ["write-all", "scope-document"] [[set]] identifier = "allow-document-meta-recursive" description = "This allows full recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-document-recursive" -] +permissions = ["read-meta", "scope-document-recursive"] [[set]] identifier = "allow-document-meta" description = "This allows non-recursive read access to metadata of the `$DOCUMENT` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-document-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-document-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/download.toml b/plugins/fs/permissions/autogenerated/base-directories/download.toml index 8659e3ac4d..30953f61af 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/download.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/download.toml @@ -36,47 +36,29 @@ path = "$DOWNLOAD" [[set]] identifier = "allow-download-read-recursive" description = "This allows full recursive read access to the complete `$DOWNLOAD` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-download-recursive" -] +permissions = ["read-all", "scope-download-recursive"] [[set]] identifier = "allow-download-write-recursive" description = "This allows full recursive write access to the complete `$DOWNLOAD` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-download-recursive" -] +permissions = ["write-all", "scope-download-recursive"] [[set]] identifier = "allow-download-read" description = "This allows non-recursive read access to the `$DOWNLOAD` folder." -permissions = [ - "read-all", - "scope-download" -] +permissions = ["read-all", "scope-download"] [[set]] identifier = "allow-download-write" description = "This allows non-recursive write access to the `$DOWNLOAD` folder." -permissions = [ - "write-all", - "scope-download" -] +permissions = ["write-all", "scope-download"] [[set]] identifier = "allow-download-meta-recursive" description = "This allows full recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-download-recursive" -] +permissions = ["read-meta", "scope-download-recursive"] [[set]] identifier = "allow-download-meta" description = "This allows non-recursive read access to metadata of the `$DOWNLOAD` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-download-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-download-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/exe.toml b/plugins/fs/permissions/autogenerated/base-directories/exe.toml index 94950e8442..e305ae3e4c 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/exe.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/exe.toml @@ -36,47 +36,29 @@ path = "$EXE" [[set]] identifier = "allow-exe-read-recursive" description = "This allows full recursive read access to the complete `$EXE` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-exe-recursive" -] +permissions = ["read-all", "scope-exe-recursive"] [[set]] identifier = "allow-exe-write-recursive" description = "This allows full recursive write access to the complete `$EXE` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-exe-recursive" -] +permissions = ["write-all", "scope-exe-recursive"] [[set]] identifier = "allow-exe-read" description = "This allows non-recursive read access to the `$EXE` folder." -permissions = [ - "read-all", - "scope-exe" -] +permissions = ["read-all", "scope-exe"] [[set]] identifier = "allow-exe-write" description = "This allows non-recursive write access to the `$EXE` folder." -permissions = [ - "write-all", - "scope-exe" -] +permissions = ["write-all", "scope-exe"] [[set]] identifier = "allow-exe-meta-recursive" description = "This allows full recursive read access to metadata of the `$EXE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-exe-recursive" -] +permissions = ["read-meta", "scope-exe-recursive"] [[set]] identifier = "allow-exe-meta" description = "This allows non-recursive read access to metadata of the `$EXE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-exe-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-exe-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/font.toml b/plugins/fs/permissions/autogenerated/base-directories/font.toml index 21840046ad..2736c4c47c 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/font.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/font.toml @@ -36,47 +36,29 @@ path = "$FONT" [[set]] identifier = "allow-font-read-recursive" description = "This allows full recursive read access to the complete `$FONT` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-font-recursive" -] +permissions = ["read-all", "scope-font-recursive"] [[set]] identifier = "allow-font-write-recursive" description = "This allows full recursive write access to the complete `$FONT` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-font-recursive" -] +permissions = ["write-all", "scope-font-recursive"] [[set]] identifier = "allow-font-read" description = "This allows non-recursive read access to the `$FONT` folder." -permissions = [ - "read-all", - "scope-font" -] +permissions = ["read-all", "scope-font"] [[set]] identifier = "allow-font-write" description = "This allows non-recursive write access to the `$FONT` folder." -permissions = [ - "write-all", - "scope-font" -] +permissions = ["write-all", "scope-font"] [[set]] identifier = "allow-font-meta-recursive" description = "This allows full recursive read access to metadata of the `$FONT` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-font-recursive" -] +permissions = ["read-meta", "scope-font-recursive"] [[set]] identifier = "allow-font-meta" description = "This allows non-recursive read access to metadata of the `$FONT` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-font-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-font-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/home.toml b/plugins/fs/permissions/autogenerated/base-directories/home.toml index cbf48e2fba..d80ae823ad 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/home.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/home.toml @@ -36,47 +36,29 @@ path = "$HOME" [[set]] identifier = "allow-home-read-recursive" description = "This allows full recursive read access to the complete `$HOME` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-home-recursive" -] +permissions = ["read-all", "scope-home-recursive"] [[set]] identifier = "allow-home-write-recursive" description = "This allows full recursive write access to the complete `$HOME` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-home-recursive" -] +permissions = ["write-all", "scope-home-recursive"] [[set]] identifier = "allow-home-read" description = "This allows non-recursive read access to the `$HOME` folder." -permissions = [ - "read-all", - "scope-home" -] +permissions = ["read-all", "scope-home"] [[set]] identifier = "allow-home-write" description = "This allows non-recursive write access to the `$HOME` folder." -permissions = [ - "write-all", - "scope-home" -] +permissions = ["write-all", "scope-home"] [[set]] identifier = "allow-home-meta-recursive" description = "This allows full recursive read access to metadata of the `$HOME` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-home-recursive" -] +permissions = ["read-meta", "scope-home-recursive"] [[set]] identifier = "allow-home-meta" description = "This allows non-recursive read access to metadata of the `$HOME` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-home-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-home-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/localdata.toml b/plugins/fs/permissions/autogenerated/base-directories/localdata.toml index 90a8f48bc5..4fffb63ee3 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/localdata.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/localdata.toml @@ -36,47 +36,29 @@ path = "$LOCALDATA" [[set]] identifier = "allow-localdata-read-recursive" description = "This allows full recursive read access to the complete `$LOCALDATA` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-localdata-recursive" -] +permissions = ["read-all", "scope-localdata-recursive"] [[set]] identifier = "allow-localdata-write-recursive" description = "This allows full recursive write access to the complete `$LOCALDATA` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-localdata-recursive" -] +permissions = ["write-all", "scope-localdata-recursive"] [[set]] identifier = "allow-localdata-read" description = "This allows non-recursive read access to the `$LOCALDATA` folder." -permissions = [ - "read-all", - "scope-localdata" -] +permissions = ["read-all", "scope-localdata"] [[set]] identifier = "allow-localdata-write" description = "This allows non-recursive write access to the `$LOCALDATA` folder." -permissions = [ - "write-all", - "scope-localdata" -] +permissions = ["write-all", "scope-localdata"] [[set]] identifier = "allow-localdata-meta-recursive" description = "This allows full recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-localdata-recursive" -] +permissions = ["read-meta", "scope-localdata-recursive"] [[set]] identifier = "allow-localdata-meta" description = "This allows non-recursive read access to metadata of the `$LOCALDATA` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-localdata-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-localdata-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/log.toml b/plugins/fs/permissions/autogenerated/base-directories/log.toml index d505a3ce25..a93d64ec31 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/log.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/log.toml @@ -36,47 +36,29 @@ path = "$LOG" [[set]] identifier = "allow-log-read-recursive" description = "This allows full recursive read access to the complete `$LOG` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-log-recursive" -] +permissions = ["read-all", "scope-log-recursive"] [[set]] identifier = "allow-log-write-recursive" description = "This allows full recursive write access to the complete `$LOG` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-log-recursive" -] +permissions = ["write-all", "scope-log-recursive"] [[set]] identifier = "allow-log-read" description = "This allows non-recursive read access to the `$LOG` folder." -permissions = [ - "read-all", - "scope-log" -] +permissions = ["read-all", "scope-log"] [[set]] identifier = "allow-log-write" description = "This allows non-recursive write access to the `$LOG` folder." -permissions = [ - "write-all", - "scope-log" -] +permissions = ["write-all", "scope-log"] [[set]] identifier = "allow-log-meta-recursive" description = "This allows full recursive read access to metadata of the `$LOG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-log-recursive" -] +permissions = ["read-meta", "scope-log-recursive"] [[set]] identifier = "allow-log-meta" description = "This allows non-recursive read access to metadata of the `$LOG` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-log-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-log-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/picture.toml b/plugins/fs/permissions/autogenerated/base-directories/picture.toml index 6a760909df..9ddc8ebaab 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/picture.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/picture.toml @@ -36,47 +36,29 @@ path = "$PICTURE" [[set]] identifier = "allow-picture-read-recursive" description = "This allows full recursive read access to the complete `$PICTURE` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-picture-recursive" -] +permissions = ["read-all", "scope-picture-recursive"] [[set]] identifier = "allow-picture-write-recursive" description = "This allows full recursive write access to the complete `$PICTURE` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-picture-recursive" -] +permissions = ["write-all", "scope-picture-recursive"] [[set]] identifier = "allow-picture-read" description = "This allows non-recursive read access to the `$PICTURE` folder." -permissions = [ - "read-all", - "scope-picture" -] +permissions = ["read-all", "scope-picture"] [[set]] identifier = "allow-picture-write" description = "This allows non-recursive write access to the `$PICTURE` folder." -permissions = [ - "write-all", - "scope-picture" -] +permissions = ["write-all", "scope-picture"] [[set]] identifier = "allow-picture-meta-recursive" description = "This allows full recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-picture-recursive" -] +permissions = ["read-meta", "scope-picture-recursive"] [[set]] identifier = "allow-picture-meta" description = "This allows non-recursive read access to metadata of the `$PICTURE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-picture-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-picture-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/public.toml b/plugins/fs/permissions/autogenerated/base-directories/public.toml index 2e39abb453..6714755c1e 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/public.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/public.toml @@ -36,47 +36,29 @@ path = "$PUBLIC" [[set]] identifier = "allow-public-read-recursive" description = "This allows full recursive read access to the complete `$PUBLIC` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-public-recursive" -] +permissions = ["read-all", "scope-public-recursive"] [[set]] identifier = "allow-public-write-recursive" description = "This allows full recursive write access to the complete `$PUBLIC` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-public-recursive" -] +permissions = ["write-all", "scope-public-recursive"] [[set]] identifier = "allow-public-read" description = "This allows non-recursive read access to the `$PUBLIC` folder." -permissions = [ - "read-all", - "scope-public" -] +permissions = ["read-all", "scope-public"] [[set]] identifier = "allow-public-write" description = "This allows non-recursive write access to the `$PUBLIC` folder." -permissions = [ - "write-all", - "scope-public" -] +permissions = ["write-all", "scope-public"] [[set]] identifier = "allow-public-meta-recursive" description = "This allows full recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-public-recursive" -] +permissions = ["read-meta", "scope-public-recursive"] [[set]] identifier = "allow-public-meta" description = "This allows non-recursive read access to metadata of the `$PUBLIC` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-public-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-public-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/resource.toml b/plugins/fs/permissions/autogenerated/base-directories/resource.toml index 53dfeb0793..1def9a0835 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/resource.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/resource.toml @@ -36,47 +36,29 @@ path = "$RESOURCE" [[set]] identifier = "allow-resource-read-recursive" description = "This allows full recursive read access to the complete `$RESOURCE` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-resource-recursive" -] +permissions = ["read-all", "scope-resource-recursive"] [[set]] identifier = "allow-resource-write-recursive" description = "This allows full recursive write access to the complete `$RESOURCE` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-resource-recursive" -] +permissions = ["write-all", "scope-resource-recursive"] [[set]] identifier = "allow-resource-read" description = "This allows non-recursive read access to the `$RESOURCE` folder." -permissions = [ - "read-all", - "scope-resource" -] +permissions = ["read-all", "scope-resource"] [[set]] identifier = "allow-resource-write" description = "This allows non-recursive write access to the `$RESOURCE` folder." -permissions = [ - "write-all", - "scope-resource" -] +permissions = ["write-all", "scope-resource"] [[set]] identifier = "allow-resource-meta-recursive" description = "This allows full recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-resource-recursive" -] +permissions = ["read-meta", "scope-resource-recursive"] [[set]] identifier = "allow-resource-meta" description = "This allows non-recursive read access to metadata of the `$RESOURCE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-resource-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-resource-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/runtime.toml b/plugins/fs/permissions/autogenerated/base-directories/runtime.toml index 8dcc2a038a..0e6636210e 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/runtime.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/runtime.toml @@ -36,47 +36,29 @@ path = "$RUNTIME" [[set]] identifier = "allow-runtime-read-recursive" description = "This allows full recursive read access to the complete `$RUNTIME` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-runtime-recursive" -] +permissions = ["read-all", "scope-runtime-recursive"] [[set]] identifier = "allow-runtime-write-recursive" description = "This allows full recursive write access to the complete `$RUNTIME` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-runtime-recursive" -] +permissions = ["write-all", "scope-runtime-recursive"] [[set]] identifier = "allow-runtime-read" description = "This allows non-recursive read access to the `$RUNTIME` folder." -permissions = [ - "read-all", - "scope-runtime" -] +permissions = ["read-all", "scope-runtime"] [[set]] identifier = "allow-runtime-write" description = "This allows non-recursive write access to the `$RUNTIME` folder." -permissions = [ - "write-all", - "scope-runtime" -] +permissions = ["write-all", "scope-runtime"] [[set]] identifier = "allow-runtime-meta-recursive" description = "This allows full recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-runtime-recursive" -] +permissions = ["read-meta", "scope-runtime-recursive"] [[set]] identifier = "allow-runtime-meta" description = "This allows non-recursive read access to metadata of the `$RUNTIME` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-runtime-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-runtime-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/temp.toml b/plugins/fs/permissions/autogenerated/base-directories/temp.toml index c08e1da21d..5af17ca4d3 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/temp.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/temp.toml @@ -36,47 +36,29 @@ path = "$TEMP" [[set]] identifier = "allow-temp-read-recursive" description = "This allows full recursive read access to the complete `$TEMP` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-temp-recursive" -] +permissions = ["read-all", "scope-temp-recursive"] [[set]] identifier = "allow-temp-write-recursive" description = "This allows full recursive write access to the complete `$TEMP` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-temp-recursive" -] +permissions = ["write-all", "scope-temp-recursive"] [[set]] identifier = "allow-temp-read" description = "This allows non-recursive read access to the `$TEMP` folder." -permissions = [ - "read-all", - "scope-temp" -] +permissions = ["read-all", "scope-temp"] [[set]] identifier = "allow-temp-write" description = "This allows non-recursive write access to the `$TEMP` folder." -permissions = [ - "write-all", - "scope-temp" -] +permissions = ["write-all", "scope-temp"] [[set]] identifier = "allow-temp-meta-recursive" description = "This allows full recursive read access to metadata of the `$TEMP` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-temp-recursive" -] +permissions = ["read-meta", "scope-temp-recursive"] [[set]] identifier = "allow-temp-meta" description = "This allows non-recursive read access to metadata of the `$TEMP` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-temp-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-temp-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/template.toml b/plugins/fs/permissions/autogenerated/base-directories/template.toml index ce39f77366..385ba96efb 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/template.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/template.toml @@ -36,47 +36,29 @@ path = "$TEMPLATE" [[set]] identifier = "allow-template-read-recursive" description = "This allows full recursive read access to the complete `$TEMPLATE` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-template-recursive" -] +permissions = ["read-all", "scope-template-recursive"] [[set]] identifier = "allow-template-write-recursive" description = "This allows full recursive write access to the complete `$TEMPLATE` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-template-recursive" -] +permissions = ["write-all", "scope-template-recursive"] [[set]] identifier = "allow-template-read" description = "This allows non-recursive read access to the `$TEMPLATE` folder." -permissions = [ - "read-all", - "scope-template" -] +permissions = ["read-all", "scope-template"] [[set]] identifier = "allow-template-write" description = "This allows non-recursive write access to the `$TEMPLATE` folder." -permissions = [ - "write-all", - "scope-template" -] +permissions = ["write-all", "scope-template"] [[set]] identifier = "allow-template-meta-recursive" description = "This allows full recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-template-recursive" -] +permissions = ["read-meta", "scope-template-recursive"] [[set]] identifier = "allow-template-meta" description = "This allows non-recursive read access to metadata of the `$TEMPLATE` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-template-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-template-index"] diff --git a/plugins/fs/permissions/autogenerated/base-directories/video.toml b/plugins/fs/permissions/autogenerated/base-directories/video.toml index df41abdc63..ea40b4192d 100644 --- a/plugins/fs/permissions/autogenerated/base-directories/video.toml +++ b/plugins/fs/permissions/autogenerated/base-directories/video.toml @@ -36,47 +36,29 @@ path = "$VIDEO" [[set]] identifier = "allow-video-read-recursive" description = "This allows full recursive read access to the complete `$VIDEO` folder, files and subdirectories." -permissions = [ - "read-all", - "scope-video-recursive" -] +permissions = ["read-all", "scope-video-recursive"] [[set]] identifier = "allow-video-write-recursive" description = "This allows full recursive write access to the complete `$VIDEO` folder, files and subdirectories." -permissions = [ - "write-all", - "scope-video-recursive" -] +permissions = ["write-all", "scope-video-recursive"] [[set]] identifier = "allow-video-read" description = "This allows non-recursive read access to the `$VIDEO` folder." -permissions = [ - "read-all", - "scope-video" -] +permissions = ["read-all", "scope-video"] [[set]] identifier = "allow-video-write" description = "This allows non-recursive write access to the `$VIDEO` folder." -permissions = [ - "write-all", - "scope-video" -] +permissions = ["write-all", "scope-video"] [[set]] identifier = "allow-video-meta-recursive" description = "This allows full recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-video-recursive" -] +permissions = ["read-meta", "scope-video-recursive"] [[set]] identifier = "allow-video-meta" description = "This allows non-recursive read access to metadata of the `$VIDEO` folder, including file listing and statistics." -permissions = [ - "read-meta", - "scope-video-index" -] \ No newline at end of file +permissions = ["read-meta", "scope-video-index"] diff --git a/plugins/fs/permissions/autogenerated/commands/read_text_file_lines.toml b/plugins/fs/permissions/autogenerated/commands/read_text_file_lines.toml index 84b4ebb229..8ebce80877 100644 --- a/plugins/fs/permissions/autogenerated/commands/read_text_file_lines.toml +++ b/plugins/fs/permissions/autogenerated/commands/read_text_file_lines.toml @@ -7,10 +7,7 @@ identifier = "allow-read-text-file-lines" description = "Enables the read_text_file_lines command without any pre-configured scope." [permission.commands] -allow = [ - "read_text_file_lines", - "read_text_file_lines_next", -] +allow = ["read_text_file_lines", "read_text_file_lines_next"] deny = [] [[permission]] diff --git a/plugins/fs/permissions/autogenerated/commands/write_file.toml b/plugins/fs/permissions/autogenerated/commands/write_file.toml index ea7d51368f..174dfcf8f8 100644 --- a/plugins/fs/permissions/autogenerated/commands/write_file.toml +++ b/plugins/fs/permissions/autogenerated/commands/write_file.toml @@ -7,11 +7,7 @@ identifier = "allow-write-file" description = "Enables the write_file command without any pre-configured scope." [permission.commands] -allow = [ - "write_file", - "open", - "write", -] +allow = ["write_file", "open", "write"] deny = [] [[permission]] diff --git a/plugins/fs/permissions/autogenerated/reference.md b/plugins/fs/permissions/autogenerated/reference.md index 7f021a7f35..5ebedc7cba 100644 --- a/plugins/fs/permissions/autogenerated/reference.md +++ b/plugins/fs/permissions/autogenerated/reference.md @@ -1,6 +1,6 @@ ## Default Permission -This set of permissions describes the what kind of +This set of permissions describes what kind of file system access the `fs` plugin has enabled or denied by default. #### Granted Permissions diff --git a/plugins/fs/permissions/default.toml b/plugins/fs/permissions/default.toml index 78836df71e..002fd9c12f 100644 --- a/plugins/fs/permissions/default.toml +++ b/plugins/fs/permissions/default.toml @@ -2,7 +2,7 @@ [default] description = """ -This set of permissions describes the what kind of +This set of permissions describes what kind of file system access the `fs` plugin has enabled or denied by default. #### Granted Permissions diff --git a/plugins/fs/permissions/schemas/schema.json b/plugins/fs/permissions/schemas/schema.json index e1c051f704..a1f8c0b413 100644 --- a/plugins/fs/permissions/schemas/schema.json +++ b/plugins/fs/permissions/schemas/schema.json @@ -1945,16 +1945,16 @@ "markdownDescription": "Denies the write_text_file command without any pre-configured scope." }, { - "description": "This permissions allows to create the application specific directories.\n", + "description": "This permissions allows to create the application specific directories.\r\n", "type": "string", "const": "create-app-specific-dirs", - "markdownDescription": "This permissions allows to create the application specific directories.\n" + "markdownDescription": "This permissions allows to create the application specific directories.\r\n" }, { - "description": "This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n#### This default permission set includes:\n\n- `create-app-specific-dirs`\n- `read-app-specific-dirs-recursive`\n- `deny-default`", + "description": "This set of permissions describes what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n#### This default permission set includes:\n\n- `create-app-specific-dirs`\n- `read-app-specific-dirs-recursive`\n- `deny-default`", "type": "string", "const": "default", - "markdownDescription": "This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n#### This default permission set includes:\n\n- `create-app-specific-dirs`\n- `read-app-specific-dirs-recursive`\n- `deny-default`" + "markdownDescription": "This set of permissions describes what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n#### This default permission set includes:\n\n- `create-app-specific-dirs`\n- `read-app-specific-dirs-recursive`\n- `deny-default`" }, { "description": "This denies access to dangerous Tauri relevant files and folders by default.\n#### This permission set includes:\n\n- `deny-webview-data-linux`\n- `deny-webview-data-windows`", @@ -1963,16 +1963,16 @@ "markdownDescription": "This denies access to dangerous Tauri relevant files and folders by default.\n#### This permission set includes:\n\n- `deny-webview-data-linux`\n- `deny-webview-data-windows`" }, { - "description": "This denies read access to the\n`$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here.\nAllowing access can lead to sensitive information disclosure and should be well considered.", + "description": "This denies read access to the\r\n`$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here.\r\nAllowing access can lead to sensitive information disclosure and should be well considered.", "type": "string", "const": "deny-webview-data-linux", - "markdownDescription": "This denies read access to the\n`$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here.\nAllowing access can lead to sensitive information disclosure and should be well considered." + "markdownDescription": "This denies read access to the\r\n`$APPLOCALDATA` folder on linux as the webview data and configuration values are stored here.\r\nAllowing access can lead to sensitive information disclosure and should be well considered." }, { - "description": "This denies read access to the\n`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here.\nAllowing access can lead to sensitive information disclosure and should be well considered.", + "description": "This denies read access to the\r\n`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here.\r\nAllowing access can lead to sensitive information disclosure and should be well considered.", "type": "string", "const": "deny-webview-data-windows", - "markdownDescription": "This denies read access to the\n`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here.\nAllowing access can lead to sensitive information disclosure and should be well considered." + "markdownDescription": "This denies read access to the\r\n`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here.\r\nAllowing access can lead to sensitive information disclosure and should be well considered." }, { "description": "This enables all read related commands without any pre-configured accessible paths.", @@ -1981,10 +1981,10 @@ "markdownDescription": "This enables all read related commands without any pre-configured accessible paths." }, { - "description": "This permission allows recursive read functionality on the application\nspecific base directories. \n", + "description": "This permission allows recursive read functionality on the application\r\nspecific base directories. \r\n", "type": "string", "const": "read-app-specific-dirs-recursive", - "markdownDescription": "This permission allows recursive read functionality on the application\nspecific base directories. \n" + "markdownDescription": "This permission allows recursive read functionality on the application\r\nspecific base directories. \r\n" }, { "description": "This enables directory read and file metadata related commands without any pre-configured accessible paths.", @@ -2005,10 +2005,10 @@ "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths." }, { - "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n \"identifier\": \"read-documents\",\n \"windows\": [\"main\"],\n \"permissions\": [\n \"fs:allow-read\",\n {\n \"identifier\": \"fs:scope\",\n \"allow\": [\n \"$APPDATA/documents/**/*\"\n ],\n \"deny\": [\n \"$APPDATA/documents/secret.txt\"\n ]\n }\n ]\n}\n```\n", + "description": "An empty permission you can use to modify the global scope.\r\n\r\n## Example\r\n\r\n```json\r\n{\r\n \"identifier\": \"read-documents\",\r\n \"windows\": [\"main\"],\r\n \"permissions\": [\r\n \"fs:allow-read\",\r\n {\r\n \"identifier\": \"fs:scope\",\r\n \"allow\": [\r\n \"$APPDATA/documents/**/*\"\r\n ],\r\n \"deny\": [\r\n \"$APPDATA/documents/secret.txt\"\r\n ]\r\n }\r\n ]\r\n}\r\n```\r\n", "type": "string", "const": "scope", - "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n \"identifier\": \"read-documents\",\n \"windows\": [\"main\"],\n \"permissions\": [\n \"fs:allow-read\",\n {\n \"identifier\": \"fs:scope\",\n \"allow\": [\n \"$APPDATA/documents/**/*\"\n ],\n \"deny\": [\n \"$APPDATA/documents/secret.txt\"\n ]\n }\n ]\n}\n```\n" + "markdownDescription": "An empty permission you can use to modify the global scope.\r\n\r\n## Example\r\n\r\n```json\r\n{\r\n \"identifier\": \"read-documents\",\r\n \"windows\": [\"main\"],\r\n \"permissions\": [\r\n \"fs:allow-read\",\r\n {\r\n \"identifier\": \"fs:scope\",\r\n \"allow\": [\r\n \"$APPDATA/documents/**/*\"\r\n ],\r\n \"deny\": [\r\n \"$APPDATA/documents/secret.txt\"\r\n ]\r\n }\r\n ]\r\n}\r\n```\r\n" }, { "description": "This enables all write related commands without any pre-configured accessible paths.", diff --git a/plugins/http/permissions/schemas/schema.json b/plugins/http/permissions/schemas/schema.json index ea774399d5..31640bee16 100644 --- a/plugins/http/permissions/schemas/schema.json +++ b/plugins/http/permissions/schemas/schema.json @@ -343,10 +343,10 @@ "markdownDescription": "Denies the fetch_send command without any pre-configured scope." }, { - "description": "This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n\n#### This default permission set includes:\n\n- `allow-fetch`\n- `allow-fetch-cancel`\n- `allow-fetch-read-body`\n- `allow-fetch-send`", + "description": "This permission set configures what kind of\r\nfetch operations are available from the http plugin.\r\n\r\nThis enables all fetch operations but does not\r\nallow explicitly any origins to be fetched. This needs to\r\nbe manually configured before usage.\r\n\r\n#### Granted Permissions\r\n\r\nAll fetch operations are enabled.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-fetch`\n- `allow-fetch-cancel`\n- `allow-fetch-read-body`\n- `allow-fetch-send`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures what kind of\nfetch operations are available from the http plugin.\n\nThis enables all fetch operations but does not\nallow explicitly any origins to be fetched. This needs to\nbe manually configured before usage.\n\n#### Granted Permissions\n\nAll fetch operations are enabled.\n\n\n#### This default permission set includes:\n\n- `allow-fetch`\n- `allow-fetch-cancel`\n- `allow-fetch-read-body`\n- `allow-fetch-send`" + "markdownDescription": "This permission set configures what kind of\r\nfetch operations are available from the http plugin.\r\n\r\nThis enables all fetch operations but does not\r\nallow explicitly any origins to be fetched. This needs to\r\nbe manually configured before usage.\r\n\r\n#### Granted Permissions\r\n\r\nAll fetch operations are enabled.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-fetch`\n- `allow-fetch-cancel`\n- `allow-fetch-read-body`\n- `allow-fetch-send`" } ] } diff --git a/plugins/nfc/permissions/schemas/schema.json b/plugins/nfc/permissions/schemas/schema.json index 8a018e26c8..f60458738a 100644 --- a/plugins/nfc/permissions/schemas/schema.json +++ b/plugins/nfc/permissions/schemas/schema.json @@ -331,10 +331,10 @@ "markdownDescription": "Denies the write command without any pre-configured scope." }, { - "description": "This permission set configures what kind of\noperations are available from the nfc plugin.\n\n#### Granted Permissions\n\nChecking if the NFC functionality is available\nand scanning nearby tags is allowed.\nWriting to tags needs to be manually enabled.\n\n\n#### This default permission set includes:\n\n- `allow-is-available`\n- `allow-scan`", + "description": "This permission set configures what kind of\r\noperations are available from the nfc plugin.\r\n\r\n#### Granted Permissions\r\n\r\nChecking if the NFC functionality is available\r\nand scanning nearby tags is allowed.\r\nWriting to tags needs to be manually enabled.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-is-available`\n- `allow-scan`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures what kind of\noperations are available from the nfc plugin.\n\n#### Granted Permissions\n\nChecking if the NFC functionality is available\nand scanning nearby tags is allowed.\nWriting to tags needs to be manually enabled.\n\n\n#### This default permission set includes:\n\n- `allow-is-available`\n- `allow-scan`" + "markdownDescription": "This permission set configures what kind of\r\noperations are available from the nfc plugin.\r\n\r\n#### Granted Permissions\r\n\r\nChecking if the NFC functionality is available\r\nand scanning nearby tags is allowed.\r\nWriting to tags needs to be manually enabled.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-is-available`\n- `allow-scan`" } ] } diff --git a/plugins/os/permissions/schemas/schema.json b/plugins/os/permissions/schemas/schema.json index 36680b44d9..dd539d8634 100644 --- a/plugins/os/permissions/schemas/schema.json +++ b/plugins/os/permissions/schemas/schema.json @@ -391,10 +391,10 @@ "markdownDescription": "Denies the version command without any pre-configured scope." }, { - "description": "This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`", + "description": "This permission set configures which\r\noperating system information are available\r\nto gather from the frontend.\r\n\r\n#### Granted Permissions\r\n\r\nAll information except the host name are available.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures which\noperating system information are available\nto gather from the frontend.\n\n#### Granted Permissions\n\nAll information except the host name are available.\n\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`" + "markdownDescription": "This permission set configures which\r\noperating system information are available\r\nto gather from the frontend.\r\n\r\n#### Granted Permissions\r\n\r\nAll information except the host name are available.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`" } ] } diff --git a/plugins/process/permissions/schemas/schema.json b/plugins/process/permissions/schemas/schema.json index 9d68fc637e..740d46f476 100644 --- a/plugins/process/permissions/schemas/schema.json +++ b/plugins/process/permissions/schemas/schema.json @@ -319,10 +319,10 @@ "markdownDescription": "Denies the restart command without any pre-configured scope." }, { - "description": "This permission set configures which\nprocess features are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n\n#### This default permission set includes:\n\n- `allow-exit`\n- `allow-restart`", + "description": "This permission set configures which\r\nprocess features are by default exposed.\r\n\r\n#### Granted Permissions\r\n\r\nThis enables to quit via `allow-exit` and restart via `allow-restart`\r\nthe application.\r\n\n#### This default permission set includes:\n\n- `allow-exit`\n- `allow-restart`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures which\nprocess features are by default exposed.\n\n#### Granted Permissions\n\nThis enables to quit via `allow-exit` and restart via `allow-restart`\nthe application.\n\n#### This default permission set includes:\n\n- `allow-exit`\n- `allow-restart`" + "markdownDescription": "This permission set configures which\r\nprocess features are by default exposed.\r\n\r\n#### Granted Permissions\r\n\r\nThis enables to quit via `allow-exit` and restart via `allow-restart`\r\nthe application.\r\n\n#### This default permission set includes:\n\n- `allow-exit`\n- `allow-restart`" } ] } diff --git a/plugins/secure-storage/Cargo.toml b/plugins/secure-storage/Cargo.toml new file mode 100644 index 0000000000..1b713e01e8 --- /dev/null +++ b/plugins/secure-storage/Cargo.toml @@ -0,0 +1,57 @@ +[package] +name = "tauri-plugin-secure-storage" +version = "2.0.0" +edition = { workspace = true } +rust-version = "1.85" +authors = { workspace = true } +license = { workspace = true } +repository = { workspace = true } +links = "tauri-plugin-secure-storage" +description = "Store data in the platforms' keychains." + +[package.metadata.docs.rs] +rustc-args = ["--cfg", "docsrs"] +rustdoc-args = ["--cfg", "docsrs"] + +# Platforms supported by the plugin +# Support levels are "full", "partial", "none", "unknown" +# Details of the support level are left to plugin maintainer +[package.metadata.platforms] +windows = { level = "full", notes = "Windows' credentials storage only protects from other accounts on that system. The main user and their apps can access your app's data." } +linux = { level = "partial", notes = "For this PoC on Linux the storage is in-memory only and will be reset on reboot." } +macos = { level = "full", notes = "May prompt for passwords twice." } +android = { level = "full", notes = "The implementation is very new and therefore not battle-tested nor audited." } +ios = { level = "full", notes = "" } + +[build-dependencies] +tauri-plugin = { workspace = true, features = ["build"] } + +[features] +# TODO: docs +# TODO: Check if protected works on intel as well, otherwise we may have to split this up. using protected for ios and keychain for macos and somehow making protected opt-in for apple silicon macs. +apple-keychain = ["apple-native-keyring-store/keychain"] +apple-protected = ["apple-native-keyring-store/protected"] + +[dependencies] +serde = { workspace = true } +serde_json = { workspace = true } +tauri = { workspace = true } +log = { workspace = true } +thiserror = { workspace = true } +keyring-core = "0.7" + +[target.'cfg(windows)'.dependencies] +windows-native-keyring-store = "0.2" + +[target.'cfg(target_os = "linux")'.dependencies] +# TODO: upstream is on keyring-core@0.6 while windows & apple backends only have 0.5 and 0.7 releases. +zbus-secret-service-keyring-store = { git = "https://github.com/FabianLars/zbus-secret-service-keyring-store", features = [ + "rt-tokio-crypto-rust", +] } + +[target.'cfg(any(target_os = "ios", target_os = "macos"))'.dependencies] +apple-native-keyring-store = "0.2" + +[target.'cfg(target_os = "android")'.dependencies] +# TODO: upstream is on keyring-core@0.6 while windows & apple backends only have 0.5 and 0.7 releases. +android-native-keyring-store = { git = "https://github.com/FabianLars/android-native-keyring-store" } diff --git a/plugins/secure-storage/LICENSE.spdx b/plugins/secure-storage/LICENSE.spdx new file mode 100644 index 0000000000..cdd0df5ad7 --- /dev/null +++ b/plugins/secure-storage/LICENSE.spdx @@ -0,0 +1,20 @@ +SPDXVersion: SPDX-2.1 +DataLicense: CC0-1.0 +PackageName: tauri +DataFormat: SPDXRef-1 +PackageSupplier: Organization: The Tauri Programme in the Commons Conservancy +PackageHomePage: https://tauri.app +PackageLicenseDeclared: Apache-2.0 +PackageLicenseDeclared: MIT +PackageCopyrightText: 2019-2022, The Tauri Programme in the Commons Conservancy +PackageSummary: Tauri is a rust project that enables developers to make secure +and small desktop applications using a web frontend. + +PackageComment: The package includes the following libraries; see +Relationship information. + +Created: 2019-05-20T09:00:00Z +PackageDownloadLocation: git://github.com/tauri-apps/tauri +PackageDownloadLocation: git+https://github.com/tauri-apps/tauri.git +PackageDownloadLocation: git+ssh://github.com/tauri-apps/tauri.git +Creator: Person: Daniel Thompson-Yvetot \ No newline at end of file diff --git a/plugins/secure-storage/LICENSE_APACHE-2.0 b/plugins/secure-storage/LICENSE_APACHE-2.0 new file mode 100644 index 0000000000..4947287f7b --- /dev/null +++ b/plugins/secure-storage/LICENSE_APACHE-2.0 @@ -0,0 +1,177 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS \ No newline at end of file diff --git a/plugins/secure-storage/LICENSE_MIT b/plugins/secure-storage/LICENSE_MIT new file mode 100644 index 0000000000..4d75472566 --- /dev/null +++ b/plugins/secure-storage/LICENSE_MIT @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 - Present Tauri Apps Contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/plugins/secure-storage/README.md b/plugins/secure-storage/README.md new file mode 100644 index 0000000000..45a33a7ad7 --- /dev/null +++ b/plugins/secure-storage/README.md @@ -0,0 +1,107 @@ +![secure-storage](https://github.com/tauri-apps/plugins-workspace/raw/v2/plugins/secure-storage/banner.png) + +Store data in the platforms' keychains. + + + +| Platform | Supported | +| -------- | --------- | +| Linux | ✓ | +| Windows | ✓ | +| macOS | ✓ | +| Android | ✓ | +| iOS | ✓ | + +## Install + +_This plugin requires a Rust version of at least **1.85**_ + +There are three general methods of installation that we can recommend. + +1. Use crates.io and npm (easiest, and requires you to trust that our publishing pipeline worked) +2. Pull sources directly from Github using git tags / revision hashes (most secure) +3. Git submodule install this repo in your tauri project and then use file protocol to ingest the source (most secure, but inconvenient to use) + +Install the Core plugin by adding the following to your `Cargo.toml` file: + +`src-tauri/Cargo.toml` + +```toml +[dependencies] +tauri-plugin-secure-storage = "2.0.0" +# alternatively with Git: +tauri-plugin-secure-storage = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "v2" } +``` + +You can install the JavaScript Guest bindings using your preferred JavaScript package manager: + +```sh +pnpm add @tauri-apps/plugin-secure-storage +# or +npm add @tauri-apps/plugin-secure-storage +# or +yarn add @tauri-apps/plugin-secure-storage +``` + +## Usage + +First you need to register the core plugin with Tauri: + +`src-tauri/src/lib.rs` + +```rust +fn main() { + tauri::Builder::default() + .plugin(tauri_plugin_secure_storage::init()) + .run(tauri::generate_context!()) + .expect("error while running tauri application"); +} +``` + +Afterwards all the plugin's APIs are available through the JavaScript guest bindings: + +```typescript +import { setString, getString } from '@tauri-apps/plugin-secure-storage' + +await setString('some-key', 'some-secret-value') + +const storedData = getString('some-key') + +console.log(storedData) // Should return `some-secret-value` +``` + +Similarily, the plugin also has Rust APIs: + +```rs +use tauri_plugin_secure_storage::SecureStorageExt; + +app.secure_storage().set_string("some-key", "some-secret-value"); + +let stored_data = app.secure_storage().get_string("some-key"); +``` + +## Contributing + +PRs accepted. Please make sure to read the Contributing Guide before making a pull request. + +## Partners + + + + + + + +
+ + CrabNebula + +
+ +For the complete list of sponsors please visit our [website](https://tauri.app#sponsors) and [Open Collective](https://opencollective.com/tauri). + +## License + +Code: (c) 2015 - Present - The Tauri Programme within The Commons Conservancy. + +MIT or MIT/Apache 2.0 where applicable. diff --git a/plugins/secure-storage/SECURITY.md b/plugins/secure-storage/SECURITY.md new file mode 100644 index 0000000000..4f09bbacd4 --- /dev/null +++ b/plugins/secure-storage/SECURITY.md @@ -0,0 +1,23 @@ +# Security Policy + +**Do not report security vulnerabilities through public GitHub issues.** + +**Please use the [Private Vulnerability Disclosure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) feature of GitHub.** + +Include as much of the following information: + +- Type of issue (e.g. improper input parsing, privilege escalation, etc.) +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- The distribution affected or used to help us with reproduction of the issue +- Step-by-step instructions to reproduce the issue +- Ideally a reproduction repository +- Impact of the issue, including how an attacker might exploit the issue + +We prefer to receive reports in English. + +## Contact + +Please disclose a vulnerability or security relevant issue here: [https://github.com/tauri-apps/plugins-workspace/security/advisories/new](https://github.com/tauri-apps/plugins-workspace/security/advisories/new). + +Alternatively, you can also contact us by email via [security@tauri.app](mailto:security@tauri.app). diff --git a/plugins/secure-storage/api-iife.js b/plugins/secure-storage/api-iife.js new file mode 100644 index 0000000000..bf29710aff --- /dev/null +++ b/plugins/secure-storage/api-iife.js @@ -0,0 +1 @@ +if("__TAURI__"in window){var __TAURI_PLUGIN_SECURE_STORAGE__=function(e){"use strict";async function n(e,n={},r){return window.__TAURI_INTERNALS__.invoke(e,n,r)}return"function"==typeof SuppressedError&&SuppressedError,e.getBinary=async function(e){return await n("plugin:secure-storage|set_string",{key:e})},e.getString=async function(e){return await n("plugin:secure-storage|get_string",{key:e})},e.setBinary=async function(e,r){return await n("plugin:secure-storage|set_binary",{key:e,value:r})},e.setString=async function(e,r){return await n("plugin:secure-storage|set_string",{key:e,value:r})},e}({});Object.defineProperty(window.__TAURI__,"secureStorage",{value:__TAURI_PLUGIN_SECURE_STORAGE__})} diff --git a/plugins/secure-storage/build.rs b/plugins/secure-storage/build.rs new file mode 100644 index 0000000000..057fff8f23 --- /dev/null +++ b/plugins/secure-storage/build.rs @@ -0,0 +1,18 @@ +// Copyright 2019-2023 Tauri Programme within The Commons Conservancy +// SPDX-License-Identifier: Apache-2.0 +// SPDX-License-Identifier: MIT + +const COMMANDS: &[&str] = &["set_string", "get_string", "set_binary", "get_binary"]; + +fn main() { + let result = tauri_plugin::Builder::new(COMMANDS) + .global_api_script_path("./api-iife.js") + //.android_path("android") + //.ios_path("ios") + .try_build(); + + // when building documentation for Android the plugin build result is always Err() and is irrelevant to the crate documentation build + if !(cfg!(docsrs) && std::env::var("TARGET").unwrap().contains("android")) { + result.unwrap(); + } +} diff --git a/plugins/secure-storage/guest-js/index.ts b/plugins/secure-storage/guest-js/index.ts new file mode 100644 index 0000000000..38ed2d48a1 --- /dev/null +++ b/plugins/secure-storage/guest-js/index.ts @@ -0,0 +1,39 @@ +// Copyright 2019-2023 Tauri Programme within The Commons Conservancy +// SPDX-License-Identifier: Apache-2.0 +// SPDX-License-Identifier: MIT + +import { invoke } from '@tauri-apps/api/core' + +// TODO: functions to delete entries? +// TODO: docs + +/* + * Corresponds to [`set_password`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.set_password) in keyring-rs. + */ +export async function setString(key: string, value: string) { + return await invoke('plugin:secure-storage|set_string', { key, value }) +} + +/* + * Corresponds to [`get_password`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.get_password) in keyring-rs. + */ +export async function getString(key: string): Promise { + return await invoke('plugin:secure-storage|get_string', { key }) +} + +/* + * Corresponds to [`set_secret`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.set_secret) in keyring-rs. + */ +export async function setBytes( + key: string, + value: number[] | Uint8Array | ArrayBuffer +) { + return await invoke('plugin:secure-storage|set_binary', { key, value }) +} + +/* + * Corresponds to [`get_secret`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.set_password) in keyring-rs. + */ +export async function getBytes(key: string): Promise { + return await invoke('plugin:secure-storage|set_string', { key }) +} diff --git a/plugins/secure-storage/package.json b/plugins/secure-storage/package.json new file mode 100644 index 0000000000..c0f5812e00 --- /dev/null +++ b/plugins/secure-storage/package.json @@ -0,0 +1,29 @@ +{ + "name": "@tauri-apps/plugin-secure-storage", + "version": "2.0.0", + "license": "MIT OR Apache-2.0", + "authors": [ + "Tauri Programme within The Commons Conservancy" + ], + "repository": "https://github.com/tauri-apps/plugins-workspace", + "type": "module", + "types": "./dist-js/index.d.ts", + "main": "./dist-js/index.cjs", + "module": "./dist-js/index.js", + "exports": { + "types": "./dist-js/index.d.ts", + "import": "./dist-js/index.js", + "require": "./dist-js/index.cjs" + }, + "scripts": { + "build": "rollup -c" + }, + "files": [ + "dist-js", + "README.md", + "LICENSE" + ], + "dependencies": { + "@tauri-apps/api": "^2.8.0" + } +} diff --git a/plugins/secure-storage/permissions/autogenerated/commands/get_binary.toml b/plugins/secure-storage/permissions/autogenerated/commands/get_binary.toml new file mode 100644 index 0000000000..990c48da60 --- /dev/null +++ b/plugins/secure-storage/permissions/autogenerated/commands/get_binary.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-get-binary" +description = "Enables the get_binary command without any pre-configured scope." +commands.allow = ["get_binary"] + +[[permission]] +identifier = "deny-get-binary" +description = "Denies the get_binary command without any pre-configured scope." +commands.deny = ["get_binary"] diff --git a/plugins/secure-storage/permissions/autogenerated/commands/get_string.toml b/plugins/secure-storage/permissions/autogenerated/commands/get_string.toml new file mode 100644 index 0000000000..185237dd36 --- /dev/null +++ b/plugins/secure-storage/permissions/autogenerated/commands/get_string.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-get-string" +description = "Enables the get_string command without any pre-configured scope." +commands.allow = ["get_string"] + +[[permission]] +identifier = "deny-get-string" +description = "Denies the get_string command without any pre-configured scope." +commands.deny = ["get_string"] diff --git a/plugins/secure-storage/permissions/autogenerated/commands/set_binary.toml b/plugins/secure-storage/permissions/autogenerated/commands/set_binary.toml new file mode 100644 index 0000000000..fdb4dbec98 --- /dev/null +++ b/plugins/secure-storage/permissions/autogenerated/commands/set_binary.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-set-binary" +description = "Enables the set_binary command without any pre-configured scope." +commands.allow = ["set_binary"] + +[[permission]] +identifier = "deny-set-binary" +description = "Denies the set_binary command without any pre-configured scope." +commands.deny = ["set_binary"] diff --git a/plugins/secure-storage/permissions/autogenerated/commands/set_string.toml b/plugins/secure-storage/permissions/autogenerated/commands/set_string.toml new file mode 100644 index 0000000000..513f6919bf --- /dev/null +++ b/plugins/secure-storage/permissions/autogenerated/commands/set_string.toml @@ -0,0 +1,13 @@ +# Automatically generated - DO NOT EDIT! + +"$schema" = "../../schemas/schema.json" + +[[permission]] +identifier = "allow-set-string" +description = "Enables the set_string command without any pre-configured scope." +commands.allow = ["set_string"] + +[[permission]] +identifier = "deny-set-string" +description = "Denies the set_string command without any pre-configured scope." +commands.deny = ["set_string"] diff --git a/plugins/secure-storage/permissions/autogenerated/reference.md b/plugins/secure-storage/permissions/autogenerated/reference.md new file mode 100644 index 0000000000..9a2b7910a7 --- /dev/null +++ b/plugins/secure-storage/permissions/autogenerated/reference.md @@ -0,0 +1,132 @@ +## Default Permission + +This permission set configures which +Secure Storage APIs are available by defaultt. + +#### Granted Permissions + +In the PoC phase all commands are allowed by default. + +#### This default permission set includes the following: + +- `allow-arch` +- `allow-exe-extension` +- `allow-family` +- `allow-locale` +- `allow-os-type` +- `allow-platform` +- `allow-version` + +## Permission Table + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
IdentifierDescription
+ +`secure-storage:allow-get-binary` + + + +Enables the get_binary command without any pre-configured scope. + +
+ +`secure-storage:deny-get-binary` + + + +Denies the get_binary command without any pre-configured scope. + +
+ +`secure-storage:allow-get-string` + + + +Enables the get_string command without any pre-configured scope. + +
+ +`secure-storage:deny-get-string` + + + +Denies the get_string command without any pre-configured scope. + +
+ +`secure-storage:allow-set-binary` + + + +Enables the set_binary command without any pre-configured scope. + +
+ +`secure-storage:deny-set-binary` + + + +Denies the set_binary command without any pre-configured scope. + +
+ +`secure-storage:allow-set-string` + + + +Enables the set_string command without any pre-configured scope. + +
+ +`secure-storage:deny-set-string` + + + +Denies the set_string command without any pre-configured scope. + +
diff --git a/plugins/secure-storage/permissions/default.toml b/plugins/secure-storage/permissions/default.toml new file mode 100644 index 0000000000..423fe170b2 --- /dev/null +++ b/plugins/secure-storage/permissions/default.toml @@ -0,0 +1,23 @@ +"$schema" = "schemas/schema.json" + +# TODO: Discuss defaults. Also consider potentional encrypt/decrypt-like functions. +[default] +description = """ +This permission set configures which +Secure Storage APIs are available by defaultt. + +#### Granted Permissions + +In the PoC phase all commands are allowed by default. + +""" + +permissions = [ + "allow-arch", + "allow-exe-extension", + "allow-family", + "allow-locale", + "allow-os-type", + "allow-platform", + "allow-version", +] diff --git a/plugins/secure-storage/permissions/schemas/schema.json b/plugins/secure-storage/permissions/schemas/schema.json new file mode 100644 index 0000000000..d70711f7bf --- /dev/null +++ b/plugins/secure-storage/permissions/schemas/schema.json @@ -0,0 +1,354 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "PermissionFile", + "description": "Permission file that can define a default permission, a set of permissions or a list of inlined permissions.", + "type": "object", + "properties": { + "default": { + "description": "The default permission set for the plugin", + "anyOf": [ + { + "$ref": "#/definitions/DefaultPermission" + }, + { + "type": "null" + } + ] + }, + "set": { + "description": "A list of permissions sets defined", + "type": "array", + "items": { + "$ref": "#/definitions/PermissionSet" + } + }, + "permission": { + "description": "A list of inlined permissions", + "default": [], + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + } + }, + "definitions": { + "DefaultPermission": { + "description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.", + "type": "object", + "required": [ + "permissions" + ], + "properties": { + "version": { + "description": "The version of the permission.", + "type": [ + "integer", + "null" + ], + "format": "uint64", + "minimum": 1.0 + }, + "description": { + "description": "Human-readable description of what the permission does. Tauri convention is to use `

` headings in markdown content for Tauri documentation generation purposes.", + "type": [ + "string", + "null" + ] + }, + "permissions": { + "description": "All permissions this set contains.", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "PermissionSet": { + "description": "A set of direct permissions grouped together under a new name.", + "type": "object", + "required": [ + "description", + "identifier", + "permissions" + ], + "properties": { + "identifier": { + "description": "A unique identifier for the permission.", + "type": "string" + }, + "description": { + "description": "Human-readable description of what the permission does.", + "type": "string" + }, + "permissions": { + "description": "All permissions this set contains.", + "type": "array", + "items": { + "$ref": "#/definitions/PermissionKind" + } + } + } + }, + "Permission": { + "description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.", + "type": "object", + "required": [ + "identifier" + ], + "properties": { + "version": { + "description": "The version of the permission.", + "type": [ + "integer", + "null" + ], + "format": "uint64", + "minimum": 1.0 + }, + "identifier": { + "description": "A unique identifier for the permission.", + "type": "string" + }, + "description": { + "description": "Human-readable description of what the permission does. Tauri internal convention is to use `

` headings in markdown content for Tauri documentation generation purposes.", + "type": [ + "string", + "null" + ] + }, + "commands": { + "description": "Allowed or denied commands when using this permission.", + "default": { + "allow": [], + "deny": [] + }, + "allOf": [ + { + "$ref": "#/definitions/Commands" + } + ] + }, + "scope": { + "description": "Allowed or denied scoped when using this permission.", + "allOf": [ + { + "$ref": "#/definitions/Scopes" + } + ] + }, + "platforms": { + "description": "Target platforms this permission applies. By default all platforms are affected by this permission.", + "type": [ + "array", + "null" + ], + "items": { + "$ref": "#/definitions/Target" + } + } + } + }, + "Commands": { + "description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.", + "type": "object", + "properties": { + "allow": { + "description": "Allowed command.", + "default": [], + "type": "array", + "items": { + "type": "string" + } + }, + "deny": { + "description": "Denied command, which takes priority.", + "default": [], + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "Scopes": { + "description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```", + "type": "object", + "properties": { + "allow": { + "description": "Data that defines what is allowed by the scope.", + "type": [ + "array", + "null" + ], + "items": { + "$ref": "#/definitions/Value" + } + }, + "deny": { + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.", + "type": [ + "array", + "null" + ], + "items": { + "$ref": "#/definitions/Value" + } + } + } + }, + "Value": { + "description": "All supported ACL values.", + "anyOf": [ + { + "description": "Represents a null JSON value.", + "type": "null" + }, + { + "description": "Represents a [`bool`].", + "type": "boolean" + }, + { + "description": "Represents a valid ACL [`Number`].", + "allOf": [ + { + "$ref": "#/definitions/Number" + } + ] + }, + { + "description": "Represents a [`String`].", + "type": "string" + }, + { + "description": "Represents a list of other [`Value`]s.", + "type": "array", + "items": { + "$ref": "#/definitions/Value" + } + }, + { + "description": "Represents a map of [`String`] keys to [`Value`]s.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Value" + } + } + ] + }, + "Number": { + "description": "A valid ACL number.", + "anyOf": [ + { + "description": "Represents an [`i64`].", + "type": "integer", + "format": "int64" + }, + { + "description": "Represents a [`f64`].", + "type": "number", + "format": "double" + } + ] + }, + "Target": { + "description": "Platform target.", + "oneOf": [ + { + "description": "MacOS.", + "type": "string", + "enum": [ + "macOS" + ] + }, + { + "description": "Windows.", + "type": "string", + "enum": [ + "windows" + ] + }, + { + "description": "Linux.", + "type": "string", + "enum": [ + "linux" + ] + }, + { + "description": "Android.", + "type": "string", + "enum": [ + "android" + ] + }, + { + "description": "iOS.", + "type": "string", + "enum": [ + "iOS" + ] + } + ] + }, + "PermissionKind": { + "type": "string", + "oneOf": [ + { + "description": "Enables the get_binary command without any pre-configured scope.", + "type": "string", + "const": "allow-get-binary", + "markdownDescription": "Enables the get_binary command without any pre-configured scope." + }, + { + "description": "Denies the get_binary command without any pre-configured scope.", + "type": "string", + "const": "deny-get-binary", + "markdownDescription": "Denies the get_binary command without any pre-configured scope." + }, + { + "description": "Enables the get_string command without any pre-configured scope.", + "type": "string", + "const": "allow-get-string", + "markdownDescription": "Enables the get_string command without any pre-configured scope." + }, + { + "description": "Denies the get_string command without any pre-configured scope.", + "type": "string", + "const": "deny-get-string", + "markdownDescription": "Denies the get_string command without any pre-configured scope." + }, + { + "description": "Enables the set_binary command without any pre-configured scope.", + "type": "string", + "const": "allow-set-binary", + "markdownDescription": "Enables the set_binary command without any pre-configured scope." + }, + { + "description": "Denies the set_binary command without any pre-configured scope.", + "type": "string", + "const": "deny-set-binary", + "markdownDescription": "Denies the set_binary command without any pre-configured scope." + }, + { + "description": "Enables the set_string command without any pre-configured scope.", + "type": "string", + "const": "allow-set-string", + "markdownDescription": "Enables the set_string command without any pre-configured scope." + }, + { + "description": "Denies the set_string command without any pre-configured scope.", + "type": "string", + "const": "deny-set-string", + "markdownDescription": "Denies the set_string command without any pre-configured scope." + }, + { + "description": "This permission set configures which\r\nSecure Storage APIs are available by defaultt.\r\n\r\n#### Granted Permissions\r\n\r\nIn the PoC phase all commands are allowed by default.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`", + "type": "string", + "const": "default", + "markdownDescription": "This permission set configures which\r\nSecure Storage APIs are available by defaultt.\r\n\r\n#### Granted Permissions\r\n\r\nIn the PoC phase all commands are allowed by default.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-arch`\n- `allow-exe-extension`\n- `allow-family`\n- `allow-locale`\n- `allow-os-type`\n- `allow-platform`\n- `allow-version`" + } + ] + } + } +} \ No newline at end of file diff --git a/plugins/secure-storage/rollup.config.js b/plugins/secure-storage/rollup.config.js new file mode 100644 index 0000000000..1f349ec8a2 --- /dev/null +++ b/plugins/secure-storage/rollup.config.js @@ -0,0 +1,7 @@ +// Copyright 2019-2023 Tauri Programme within The Commons Conservancy +// SPDX-License-Identifier: Apache-2.0 +// SPDX-License-Identifier: MIT + +import { createConfig } from '../../shared/rollup.config.js' + +export default createConfig() diff --git a/plugins/secure-storage/src/commands.rs b/plugins/secure-storage/src/commands.rs new file mode 100644 index 0000000000..ed68c2ed4a --- /dev/null +++ b/plugins/secure-storage/src/commands.rs @@ -0,0 +1,27 @@ +// Copyright 2019-2023 Tauri Programme within The Commons Conservancy +// SPDX-License-Identifier: Apache-2.0 +// SPDX-License-Identifier: MIT + +use tauri::{command, AppHandle, Runtime}; + +use crate::{Result, SecureStorageExt}; + +#[command] +pub(crate) fn set_string(app: AppHandle, key: &str, value: &str) -> Result<()> { + app.secure_storage().set_string(key, value) +} + +#[command] +pub(crate) fn get_string(app: AppHandle, key: &str) -> Result { + app.secure_storage().get_string(key) +} + +#[command] +pub(crate) fn set_bytes(app: AppHandle, key: &str, value: &[u8]) -> Result<()> { + app.secure_storage().set_bytes(key, value) +} + +#[command] +pub(crate) fn get_bytes(app: AppHandle, key: &str) -> Result> { + app.secure_storage().get_bytes(key) +} diff --git a/plugins/secure-storage/src/error.rs b/plugins/secure-storage/src/error.rs new file mode 100644 index 0000000000..36ac901ab1 --- /dev/null +++ b/plugins/secure-storage/src/error.rs @@ -0,0 +1,23 @@ +// Copyright 2019-2023 Tauri Programme within The Commons Conservancy +// SPDX-License-Identifier: Apache-2.0 +// SPDX-License-Identifier: MIT + +use serde::{ser::Serializer, Serialize}; + +pub type Result = std::result::Result; + +#[non_exhaustive] +#[derive(Debug, thiserror::Error)] +pub enum Error { + #[error(transparent)] + Keyring(#[from] keyring_core::Error), +} + +impl Serialize for Error { + fn serialize(&self, serializer: S) -> std::result::Result + where + S: Serializer, + { + serializer.serialize_str(self.to_string().as_ref()) + } +} diff --git a/plugins/secure-storage/src/lib.rs b/plugins/secure-storage/src/lib.rs new file mode 100644 index 0000000000..50724a0852 --- /dev/null +++ b/plugins/secure-storage/src/lib.rs @@ -0,0 +1,86 @@ +// Copyright 2019-2023 Tauri Programme within The Commons Conservancy +// SPDX-License-Identifier: Apache-2.0 +// SPDX-License-Identifier: MIT + +use keyring_core::{set_default_store, Entry}; +use tauri::{ + plugin::{Builder, TauriPlugin}, + AppHandle, Manager, Runtime, +}; + +mod commands; +mod error; + +pub use error::{Error, Result}; + +// TODO: Consider using a worker thread to handle caveats mentioned by keyring-rs + +/// Extensions to [`tauri::App`], [`tauri::AppHandle`], [`tauri::WebviewWindow`], [`tauri::Webview`] and [`tauri::Window`] to access the secure-storage APIs. +pub trait SecureStorageExt { + fn secure_storage(&self) -> &SecureStorage; +} + +impl> crate::SecureStorageExt for T { + fn secure_storage(&self) -> &SecureStorage { + self.state::>().inner() + } +} + +/// Initializes the plugin. +pub fn init() -> TauriPlugin { + Builder::new("secure-storage") + .invoke_handler(tauri::generate_handler![ + commands::set_string, + commands::get_string, + commands::set_bytes, + commands::get_bytes + ]) + .setup(|app, _api| { + #[cfg(target_os = "android")] + set_default_store(android_native_keyring_store::AndroidStore::from_ndk_context()?); + + // TODO: (maybe) config to change used keychain. + #[cfg(all(target_os = "android", feature = "apple-keychain"))] + set_default_store(apple_native_keyring_store::keychain::Store::new()?); + + // TODO: config. most notably icloud sync and biometrics + #[cfg(all(target_os = "android", feature = "apple-protected"))] + set_default_store(apple_native_keyring_store::protected::Store::new()?); + + #[cfg(windows)] + set_default_store(windows_native_keyring_store::Store::new()?); + + #[cfg(target_os = "linux")] + set_default_store(zbus_secret_service_keyring_store::Store::new()?); + + app.manage(SecureStorage(app.clone())); + Ok(()) + }) + .build() +} + +/// Access to the secure-storage APIs. +pub struct SecureStorage(AppHandle); + +// TODO: docs +impl SecureStorage { + /// Corresponds to [`set_password`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.set_password) in keyring-rs. + pub fn set_string(&self, key: &str, value: &str) -> Result<()> { + Ok(Entry::new(&self.0.config().identifier, key)?.set_password(value)?) + } + + /// Corresponds to [`get_password`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.get_password) in keyring-rs. + pub fn get_string(&self, key: &str) -> Result { + Ok(Entry::new(&self.0.config().identifier, key)?.get_password()?) + } + + /// Corresponds to [`set_secret`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.set_secret) in keyring-rs. + pub fn set_bytes(&self, key: &str, value: &[u8]) -> Result<()> { + Ok(Entry::new(&self.0.config().identifier, key)?.set_secret(value)?) + } + + /// Corresponds to [`get_secret`](https://docs.rs/keyring-core/latest/keyring_core/struct.Entry.html#method.set_password) in keyring-rs. + pub fn get_bytes(&self, key: &str) -> Result> { + Ok(Entry::new(&self.0.config().identifier, key)?.get_secret()?) + } +} diff --git a/plugins/secure-storage/tsconfig.json b/plugins/secure-storage/tsconfig.json new file mode 100644 index 0000000000..5098169aa9 --- /dev/null +++ b/plugins/secure-storage/tsconfig.json @@ -0,0 +1,4 @@ +{ + "extends": "../../tsconfig.base.json", + "include": ["guest-js/*.ts"] +} diff --git a/plugins/shell/permissions/schemas/schema.json b/plugins/shell/permissions/schemas/schema.json index 9a198981a6..65183f9c3f 100644 --- a/plugins/shell/permissions/schemas/schema.json +++ b/plugins/shell/permissions/schemas/schema.json @@ -355,10 +355,10 @@ "markdownDescription": "Denies the stdin_write command without any pre-configured scope." }, { - "description": "This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality with a reasonable\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n\n#### This default permission set includes:\n\n- `allow-open`", + "description": "This permission set configures which\r\nshell functionality is exposed by default.\r\n\r\n#### Granted Permissions\r\n\r\nIt allows to use the `open` functionality with a reasonable\r\nscope pre-configured. It will allow opening `http(s)://`,\r\n`tel:` and `mailto:` links.\r\n\n#### This default permission set includes:\n\n- `allow-open`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality with a reasonable\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n\n#### This default permission set includes:\n\n- `allow-open`" + "markdownDescription": "This permission set configures which\r\nshell functionality is exposed by default.\r\n\r\n#### Granted Permissions\r\n\r\nIt allows to use the `open` functionality with a reasonable\r\nscope pre-configured. It will allow opening `http(s)://`,\r\n`tel:` and `mailto:` links.\r\n\n#### This default permission set includes:\n\n- `allow-open`" } ] } diff --git a/plugins/sql/permissions/schemas/schema.json b/plugins/sql/permissions/schemas/schema.json index 488a953c59..5166bef233 100644 --- a/plugins/sql/permissions/schemas/schema.json +++ b/plugins/sql/permissions/schemas/schema.json @@ -343,10 +343,10 @@ "markdownDescription": "Denies the select command without any pre-configured scope." }, { - "description": "### Default Permissions\n\nThis permission set configures what kind of\ndatabase operations are available from the sql plugin.\n\n### Granted Permissions\n\nAll reading related operations are enabled.\nAlso allows to load or close a connection.\n\n\n#### This default permission set includes:\n\n- `allow-close`\n- `allow-load`\n- `allow-select`", + "description": "### Default Permissions\r\n\r\nThis permission set configures what kind of\r\ndatabase operations are available from the sql plugin.\r\n\r\n### Granted Permissions\r\n\r\nAll reading related operations are enabled.\r\nAlso allows to load or close a connection.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-close`\n- `allow-load`\n- `allow-select`", "type": "string", "const": "default", - "markdownDescription": "### Default Permissions\n\nThis permission set configures what kind of\ndatabase operations are available from the sql plugin.\n\n### Granted Permissions\n\nAll reading related operations are enabled.\nAlso allows to load or close a connection.\n\n\n#### This default permission set includes:\n\n- `allow-close`\n- `allow-load`\n- `allow-select`" + "markdownDescription": "### Default Permissions\r\n\r\nThis permission set configures what kind of\r\ndatabase operations are available from the sql plugin.\r\n\r\n### Granted Permissions\r\n\r\nAll reading related operations are enabled.\r\nAlso allows to load or close a connection.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-close`\n- `allow-load`\n- `allow-select`" } ] } diff --git a/plugins/stronghold/Cargo.toml b/plugins/stronghold/Cargo.toml index 7a8229f371..edcbbc8690 100644 --- a/plugins/stronghold/Cargo.toml +++ b/plugins/stronghold/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "tauri-plugin-stronghold" version = "2.3.0" -description = "Store secrets and keys using the IOTA Stronghold secret management engine." +description = "Deprecated - Store secrets and keys using the IOTA Stronghold secret management engine." authors = { workspace = true } license = { workspace = true } edition = { workspace = true } @@ -9,6 +9,9 @@ rust-version = { workspace = true } repository = { workspace = true } links = "tauri-plugin-stronghold" +[badges] +maintenance = { status = "deprecated" } + [package.metadata.docs.rs] rustc-args = ["--cfg", "docsrs"] rustdoc-args = ["--cfg", "docsrs"] diff --git a/plugins/stronghold/README.md b/plugins/stronghold/README.md index 18d3ed7c1f..38acd287f5 100644 --- a/plugins/stronghold/README.md +++ b/plugins/stronghold/README.md @@ -1,5 +1,11 @@ ![plugin-stronghold](https://github.com/tauri-apps/plugins-workspace/raw/v2/plugins/stronghold/banner.png) +## Deprecation Notice + +This plugin is deprecated and will be removed in line with Tauri's v3 release. The [Secure Storage] plugin is an alternative for most users. + +## Stronghold plugin + Store secrets and keys using the [IOTA Stronghold](https://github.com/iotaledger/stronghold.rs) secret management engine. | Platform | Supported | diff --git a/plugins/stronghold/src/lib.rs b/plugins/stronghold/src/lib.rs index 23acc3a249..7bbfa5a33c 100644 --- a/plugins/stronghold/src/lib.rs +++ b/plugins/stronghold/src/lib.rs @@ -3,6 +3,8 @@ // SPDX-License-Identifier: MIT //! Store secrets and keys using the [IOTA Stronghold](https://github.com/iotaledger/stronghold.rs) encrypted database and secure runtime. +//! +//! Note that this plugin is deprecated and should not be used! #![doc( html_logo_url = "https://github.com/tauri-apps/tauri/raw/dev/app-icon.png", diff --git a/plugins/upload/permissions/schemas/schema.json b/plugins/upload/permissions/schemas/schema.json index 8b524649ff..7938f21e3b 100644 --- a/plugins/upload/permissions/schemas/schema.json +++ b/plugins/upload/permissions/schemas/schema.json @@ -319,10 +319,10 @@ "markdownDescription": "Denies the upload command without any pre-configured scope." }, { - "description": "This permission set configures what kind of\noperations are available from the upload plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-upload`\n- `allow-download`", + "description": "This permission set configures what kind of\r\noperations are available from the upload plugin.\r\n\r\n#### Granted Permissions\r\n\r\nAll operations are enabled by default.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-upload`\n- `allow-download`", "type": "string", "const": "default", - "markdownDescription": "This permission set configures what kind of\noperations are available from the upload plugin.\n\n#### Granted Permissions\n\nAll operations are enabled by default.\n\n\n#### This default permission set includes:\n\n- `allow-upload`\n- `allow-download`" + "markdownDescription": "This permission set configures what kind of\r\noperations are available from the upload plugin.\r\n\r\n#### Granted Permissions\r\n\r\nAll operations are enabled by default.\r\n\r\n\n#### This default permission set includes:\n\n- `allow-upload`\n- `allow-download`" } ] } diff --git a/plugins/websocket/Cargo.toml b/plugins/websocket/Cargo.toml index 40db186eed..f77e4ccc2f 100644 --- a/plugins/websocket/Cargo.toml +++ b/plugins/websocket/Cargo.toml @@ -34,7 +34,7 @@ http = "1" rand = "0.9" futures-util = "0.3" tokio = { version = "1", features = ["net", "sync"] } -tokio-tungstenite = { version = "0.27" } +tokio-tungstenite = { version = "0.28" } [features] default = ["rustls-tls"] diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 621647f31a..f29f5273c0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -101,6 +101,9 @@ importers: '@tauri-apps/plugin-process': specifier: ^2.3.0 version: link:../../plugins/process + '@tauri-apps/plugin-secure-storage': + specifier: file:../../plugins/secure-storage + version: link:../../plugins/secure-storage '@tauri-apps/plugin-shell': specifier: ^2.3.1 version: link:../../plugins/shell @@ -279,6 +282,12 @@ importers: specifier: ^2.8.0 version: 2.8.0 + plugins/secure-storage: + dependencies: + '@tauri-apps/api': + specifier: ^2.8.0 + version: 2.8.0 + plugins/shell: dependencies: '@tauri-apps/api': diff --git a/shared/template/Cargo.toml b/shared/template/Cargo.toml index a672132db5..17b64cc35d 100644 --- a/shared/template/Cargo.toml +++ b/shared/template/Cargo.toml @@ -2,6 +2,7 @@ name = "tauri-plugin-PLUGIN_NAME" version = "1.0.0" edition = { workspace = true } +rust-version = { workspace = true } authors = { workspace = true } license = { workspace = true } repository = { workspace = true } diff --git a/shared/template/package.json b/shared/template/package.json index 89d7430cce..ac833b278b 100644 --- a/shared/template/package.json +++ b/shared/template/package.json @@ -24,6 +24,6 @@ "LICENSE" ], "dependencies": { - "@tauri-apps/api": "^2.6.0" + "@tauri-apps/api": "^2.8.0" } }