goldwarden-vaultwarden-bitw.../agent/actions/actions.go

package actions

import (
	"context"

	"github.com/quexten/goldwarden/agent/bitwarden"
	"github.com/quexten/goldwarden/agent/bitwarden/crypto"
	"github.com/quexten/goldwarden/agent/config"
	"github.com/quexten/goldwarden/agent/sockets"
	"github.com/quexten/goldwarden/agent/systemauth"
	"github.com/quexten/goldwarden/agent/vault"
	"github.com/quexten/goldwarden/ipc/messages"
)

var AgentActionsRegistry = newActionsRegistry()

type Action func(messages.IPCMessage, *config.Config, *vault.Vault, *sockets.CallingContext) (messages.IPCMessage, error)
type ActionsRegistry struct {
	actions map[messages.IPCMessageType]Action
}

func newActionsRegistry() *ActionsRegistry {
	return &ActionsRegistry{
		actions: make(map[messages.IPCMessageType]Action),
	}
}

func (registry *ActionsRegistry) Register(messageType messages.IPCMessageType, action Action) {
	registry.actions[messageType] = action
}

func (registry *ActionsRegistry) Get(messageType messages.IPCMessageType) (Action, bool) {
	action, ok := registry.actions[messageType]
	return action, ok
}

func ensureIsLoggedIn(action Action) Action {
	return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
		if hash, err := cfg.GetMasterPasswordHash(); err != nil || len(hash) == 0 {
			return messages.IPCMessageFromPayload(messages.ActionResponse{
				Success: false,
				Message: "Not logged in",
			})
		}

		return action(request, cfg, vault, ctx)
	}
}

func sync(ctx context.Context, vault *vault.Vault, cfg *config.Config) bool {
	token, err := cfg.GetToken()
	if err == nil {
		if token.AccessToken != "" {
			bitwarden.RefreshToken(ctx, cfg)
			userSymmetricKey, err := cfg.GetUserSymmetricKey()
			if err != nil {
				return false
			}

			var protectedUserSymetricKey crypto.SymmetricEncryptionKey
			if vault.Keyring.IsMemguard {
				protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmetricKey)
			} else {
				protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmetricKey)
			}
			if err != nil {
				return false
			}

			err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, cfg, &protectedUserSymetricKey, true)
			if err != nil {
				return false
			}
		}
	}
	return true
}

func ensureIsNotLocked(action Action) Action {
	return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
		if cfg.IsLocked() {
			err := cfg.TryUnlock(vault)
			ctx1 := context.Background()
			success := sync(ctx1, vault, cfg)
			if err != nil || !success {
				return messages.IPCMessageFromPayload(messages.ActionResponse{
					Success: false,
					Message: err.Error(),
				})
			}

			systemauth.CreatePinSession(*ctx)
		}

		return action(request, cfg, vault, ctx)
	}
}

func ensureBiometricsAuthorized(approvalType systemauth.SessionType, action Action) Action {
	return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
		if permission, err := systemauth.GetPermission(approvalType, *ctx, cfg); err != nil || !permission {
			return messages.IPCMessageFromPayload(messages.ActionResponse{
				Success: false,
				Message: "Polkit authorization failed required",
			})
		}

		return action(request, cfg, vault, ctx)
	}
}

func ensureEverything(approvalType systemauth.SessionType, action Action) Action {
	return ensureIsNotLocked(ensureIsLoggedIn(ensureBiometricsAuthorized(approvalType, action)))
}
Initial commit 2023-07-17 03:23:26 +02:00			`package actions`

			`import (`
Fix sync on unlock not working 2023-07-18 22:08:09 +02:00			`"context"`

			`"github.com/quexten/goldwarden/agent/bitwarden"`
			`"github.com/quexten/goldwarden/agent/bitwarden/crypto"`
Initial commit 2023-07-17 03:23:26 +02:00			`"github.com/quexten/goldwarden/agent/config"`
			`"github.com/quexten/goldwarden/agent/sockets"`
Introduce session cache 2023-09-12 18:56:35 +02:00			`"github.com/quexten/goldwarden/agent/systemauth"`
Initial commit 2023-07-17 03:23:26 +02:00			`"github.com/quexten/goldwarden/agent/vault"`
Refactor ipc 2023-09-20 03:05:44 +02:00			`"github.com/quexten/goldwarden/ipc/messages"`
Initial commit 2023-07-17 03:23:26 +02:00			`)`

			`var AgentActionsRegistry = newActionsRegistry()`

Refactor ipc 2023-09-20 03:05:44 +02:00			`type Action func(messages.IPCMessage, config.Config, vault.Vault, *sockets.CallingContext) (messages.IPCMessage, error)`
Initial commit 2023-07-17 03:23:26 +02:00			`type ActionsRegistry struct {`
Refactor ipc 2023-09-20 03:05:44 +02:00			`actions map[messages.IPCMessageType]Action`
Initial commit 2023-07-17 03:23:26 +02:00			`}`

			`func newActionsRegistry() *ActionsRegistry {`
			`return &ActionsRegistry{`
Refactor ipc 2023-09-20 03:05:44 +02:00			`actions: make(map[messages.IPCMessageType]Action),`
Initial commit 2023-07-17 03:23:26 +02:00			`}`
			`}`

Refactor ipc 2023-09-20 03:05:44 +02:00			`func (registry *ActionsRegistry) Register(messageType messages.IPCMessageType, action Action) {`
Initial commit 2023-07-17 03:23:26 +02:00			`registry.actions[messageType] = action`
			`}`

Refactor ipc 2023-09-20 03:05:44 +02:00			`func (registry *ActionsRegistry) Get(messageType messages.IPCMessageType) (Action, bool) {`
Initial commit 2023-07-17 03:23:26 +02:00			`action, ok := registry.actions[messageType]`
			`return action, ok`
			`}`

			`func ensureIsLoggedIn(action Action) Action {`
Refactor ipc 2023-09-20 03:05:44 +02:00			`return func(request messages.IPCMessage, cfg config.Config, vault vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {`
Initial commit 2023-07-17 03:23:26 +02:00			`if hash, err := cfg.GetMasterPasswordHash(); err != nil \|\| len(hash) == 0 {`
Refactor ipc 2023-09-20 03:05:44 +02:00			`return messages.IPCMessageFromPayload(messages.ActionResponse{`
Initial commit 2023-07-17 03:23:26 +02:00			`Success: false,`
			`Message: "Not logged in",`
			`})`
			`}`

			`return action(request, cfg, vault, ctx)`
			`}`
			`}`

Fix sync on unlock not working 2023-07-18 22:08:09 +02:00			`func sync(ctx context.Context, vault vault.Vault, cfg config.Config) bool {`
			`token, err := cfg.GetToken()`
			`if err == nil {`
			`if token.AccessToken != "" {`
			`bitwarden.RefreshToken(ctx, cfg)`
			`userSymmetricKey, err := cfg.GetUserSymmetricKey()`
			`if err != nil {`
			`return false`
			`}`
Add no memguard mode 2023-12-22 08:02:23 +01:00
			`var protectedUserSymetricKey crypto.SymmetricEncryptionKey`
			`if vault.Keyring.IsMemguard {`
			`protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmetricKey)`
			`} else {`
			`protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmetricKey)`
			`}`
			`if err != nil {`
			`return false`
			`}`
Fix sync on unlock not working 2023-07-18 22:08:09 +02:00
			`err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, cfg, &protectedUserSymetricKey, true)`
			`if err != nil {`
			`return false`
			`}`
			`}`
			`}`
			`return true`
			`}`

Initial commit 2023-07-17 03:23:26 +02:00			`func ensureIsNotLocked(action Action) Action {`
Refactor ipc 2023-09-20 03:05:44 +02:00			`return func(request messages.IPCMessage, cfg config.Config, vault vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {`
Initial commit 2023-07-17 03:23:26 +02:00			`if cfg.IsLocked() {`
			`err := cfg.TryUnlock(vault)`
Fix sync on unlock not working 2023-07-18 22:08:09 +02:00			`ctx1 := context.Background()`
			`success := sync(ctx1, vault, cfg)`
			`if err != nil \|\| !success {`
Refactor ipc 2023-09-20 03:05:44 +02:00			`return messages.IPCMessageFromPayload(messages.ActionResponse{`
Initial commit 2023-07-17 03:23:26 +02:00			`Success: false,`
			`Message: err.Error(),`
			`})`
			`}`
Introduce session cache 2023-09-12 18:56:35 +02:00
Rework systemauth 2023-09-19 21:49:56 +02:00			`systemauth.CreatePinSession(*ctx)`
Initial commit 2023-07-17 03:23:26 +02:00			`}`

			`return action(request, cfg, vault, ctx)`
			`}`
			`}`

Rework systemauth 2023-09-19 21:49:56 +02:00			`func ensureBiometricsAuthorized(approvalType systemauth.SessionType, action Action) Action {`
Refactor ipc 2023-09-20 03:05:44 +02:00			`return func(request messages.IPCMessage, cfg config.Config, vault vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {`
Rework systemauth 2023-09-19 21:49:56 +02:00			`if permission, err := systemauth.GetPermission(approvalType, *ctx, cfg); err != nil \|\| !permission {`
Refactor ipc 2023-09-20 03:05:44 +02:00			`return messages.IPCMessageFromPayload(messages.ActionResponse{`
Initial commit 2023-07-17 03:23:26 +02:00			`Success: false,`
			`Message: "Polkit authorization failed required",`
			`})`
			`}`

			`return action(request, cfg, vault, ctx)`
			`}`
			`}`

Rework systemauth 2023-09-19 21:49:56 +02:00			`func ensureEverything(approvalType systemauth.SessionType, action Action) Action {`
Initial commit 2023-07-17 03:23:26 +02:00			`return ensureIsNotLocked(ensureIsLoggedIn(ensureBiometricsAuthorized(approvalType, action)))`
			`}`