Secret storage #23

Merged
Human489 merged 32 commits from secret-storage into master 2026-03-14 01:18:40 +01:00
Human489 commented 2026-03-06 18:37:39 +01:00 (Migrated from github.com)

I added the following crates:

  • iota_stronghold: The main crate I used for this PR, to store the access token, refresh token, and sqlite database password for each user
  • keyring: To store the stronghold password
  • getrandom: To generate random passwords for the stronghold and for the user's sqlite database password
  • hex: Used with the getrandom crate
  • blake3: To hash the Matrix userid to use for the stronghold snapshot path
  • tauri-plugin-store: Used to store the usernames of users, including who was last logged in and anyone else who is logged in at the moment

When a user logs in, they need their access token, refresh token, and their sqlite database password stored somewhere securely. For this I used the iota_stronghold crate, to store a separate snapshot for each user containing this information. The password for the snapshots are currently all the same (this can be changed easily in the future for if you want the user to memorise a password etc) and is stored in the keyring.

This data can be fetched later for automatically logging in the user or switching accounts etc.

I added the following crates: - iota_stronghold: The main crate I used for this PR, to store the access token, refresh token, and sqlite database password for each user - keyring: To store the stronghold password - getrandom: To generate random passwords for the stronghold and for the user's sqlite database password - hex: Used with the getrandom crate - blake3: To hash the Matrix userid to use for the stronghold snapshot path - tauri-plugin-store: Used to store the usernames of users, including who was last logged in and anyone else who is logged in at the moment When a user logs in, they need their access token, refresh token, and their sqlite database password stored somewhere securely. For this I used the `iota_stronghold` crate, to store a separate snapshot for each user containing this information. The password for the snapshots are currently all the same (this can be changed easily in the future for if you want the user to memorise a password etc) and is stored in the keyring. This data can be fetched later for automatically logging in the user or switching accounts etc.
flaxeneel2 (Migrated from github.com) reviewed 2026-03-07 21:56:51 +01:00
@ -29,6 +29,29 @@ anyhow = "1.0.101"
serde_json = "1"
flaxeneel2 (Migrated from github.com) commented 2026-03-07 21:56:51 +01:00
rand = "0.10.0"

we do not need to use a low level api like getrandom, just use rand instead

```suggestion rand = "0.10.0" ``` we do not need to use a low level api like getrandom, just use [rand](https://crates.io/crates/rand) instead
flaxeneel2 (Migrated from github.com) reviewed 2026-03-07 21:57:29 +01:00
@ -7,3 +7,3 @@
use ruma::events::{AnyGlobalAccountDataEvent, GlobalAccountDataEventType, StateEventType};
use crate::ClientState;
use crate::{ClientState};
use tauri::State;
flaxeneel2 (Migrated from github.com) commented 2026-03-07 21:57:29 +01:00
use crate::ClientState;

this change is not really needed

```suggestion use crate::ClientState; ``` this change is not really needed
flaxeneel2 commented 2026-03-08 05:41:21 +01:00 (Migrated from github.com)

ive pushed some changes of my own, ill document better later on. still need a few iterations to make perfect. it should have android support now though, i conditionally register android keyring store now

ive pushed some changes of my own, ill document better later on. still need a few iterations to make perfect. it should have android support now though, i conditionally register android keyring store now
rayyan-parkar (Migrated from github.com) reviewed 2026-03-09 00:21:42 +01:00
flaxeneel2 commented 2026-03-12 16:29:35 +01:00 (Migrated from github.com)

should be all done, please review @rayyan-parkar

should be all done, please review @rayyan-parkar
rayyan-parkar (Migrated from github.com) reviewed 2026-03-13 23:58:01 +01:00
@ -0,0 +28,4 @@
/// Generate a random 32-character alphanumeric string.
pub fn random_secret() -> String {
Alphanumeric.sample_string(&mut rand::rng(), 32)
}
rayyan-parkar (Migrated from github.com) commented 2026-03-13 23:58:01 +01:00

This code is duplicated across secret.rs and keyring_client.rs

This code is duplicated across secret.rs and keyring_client.rs
flaxeneel2 (Migrated from github.com) reviewed 2026-03-14 00:29:49 +01:00
@ -0,0 +28,4 @@
/// Generate a random 32-character alphanumeric string.
pub fn random_secret() -> String {
Alphanumeric.sample_string(&mut rand::rng(), 32)
}
flaxeneel2 (Migrated from github.com) commented 2026-03-14 00:29:49 +01:00

resolved in f2b3b72

resolved in [f2b3b72](https://github.com/flaxeneel2/echelon/pull/23/commits/f2b3b7254d7bfb7dfc4fe46eb828ea73db7871fb)
rayyan-parkar commented 2026-03-14 01:17:55 +01:00 (Migrated from github.com)

I grant you the highest honour, merge it to master

I grant you the highest honour, merge it to master
flaxeneel2 commented 2026-03-14 01:18:34 +01:00 (Migrated from github.com)

Thank you, kind sir

Thank you, kind sir
Sign in to join this conversation.
No description provided.