wuxu/codeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

重构git凭证托管,改为操作系统托管

Browse Source
This commit is contained in:
xintaofei
2026-03-21 18:00:05 +08:00
parent 44f812c8d2
commit 450b081e88
13 changed files with 180 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src-tauri/Cargo.lock generated
View File

@@ -802,6 +802,7 @@ dependencies = [
"fix-path-env",
"flate2",
"futures",
"keyring",
"kill_tree",
"notify",
"portable-pty",
@@ -1151,6 +1152,27 @@ dependencies = [
"syn 2.0.114",
]
[[package]]
name = "dbus"
version = "0.9.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "21b3aa68d7e7abee336255bd7248ea965cc393f3e70411135a6f6a4b651345d4"
dependencies = [
"libc",
"libdbus-sys",
"windows-sys 0.59.0",
]
[[package]]
name = "dbus-secret-service"
version = "4.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "708b509edf7889e53d7efb0ffadd994cc6c2345ccb62f55cfd6b0682165e4fa6"
dependencies = [
"dbus",
"zeroize",
]
[[package]]
name = "deflate64"
version = "0.1.10"
@@ -2716,6 +2738,21 @@ dependencies = [
"unicode-segmentation",
]
[[package]]
name = "keyring"
version = "3.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eebcc3aff044e5944a8fbaf69eb277d11986064cba30c468730e8b9909fb551c"
dependencies = [
"byteorder",
"dbus-secret-service",
"log",
"security-framework 2.11.1",
"security-framework 3.5.1",
"windows-sys 0.60.2",
"zeroize",
]
[[package]]
name = "kill_tree"
version = "0.2.4"
@@ -2806,6 +2843,15 @@ version = "0.2.180"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc"
[[package]]
name = "libdbus-sys"
version = "0.2.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "328c4789d42200f1eeec05bd86c9c13c7f091d2ba9a6ea35acdf51f31bc0f043"
dependencies = [
"pkg-config",
]
[[package]]
name = "libloading"
version = "0.7.4"

1
src-tauri/Cargo.toml
View File

@@ -49,6 +49,7 @@ base64 = "0.22"
agent-client-protocol-schema = { version = "0.10", features = ["unstable_session_usage", "unstable_session_fork"] }
kill_tree = { version = "0.2", features = ["tokio"] }
which = "7"
keyring = { version = "3", features = ["apple-native", "windows-native", "sync-secret-service"] }
[target.'cfg(not(any(target_os = "android", target_os = "ios")))'.dependencies]
tauri-plugin-window-state = "2"

32
src-tauri/src/commands/version_control.rs
View File

@@ -203,6 +203,38 @@ pub async fn update_github_accounts(
Ok(settings)
}
// ---------------------------------------------------------------------------
// Keyring token management
// ---------------------------------------------------------------------------
#[tauri::command]
pub async fn save_account_token(
account_id: String,
token: String,
) -> Result<(), AppCommandError> {
crate::keyring_store::set_token(&account_id, &token)
.map_err(|e| AppCommandError::io_error("Failed to save token to keyring").with_detail(e))
}
#[tauri::command]
pub async fn get_account_token(
account_id: String,
) -> Result<Option<String>, AppCommandError> {
Ok(crate::keyring_store::get_token(&account_id))
}
#[tauri::command]
pub async fn delete_account_token(
account_id: String,
) -> Result<(), AppCommandError> {
crate::keyring_store::delete_token(&account_id)
.map_err(|e| AppCommandError::io_error("Failed to delete token from keyring").with_detail(e))
}
// ---------------------------------------------------------------------------
// GitHub token validation
// ---------------------------------------------------------------------------
#[derive(Debug, Deserialize)]
struct GitHubUserResponse {
login: String,

30
src-tauri/src/git_credential.rs
View File

@@ -123,8 +123,10 @@ pub fn run_credential_helper() {
let remote_url = format!("https://{}", host);
if let Some(account) = find_matching_account(&settings.accounts, &remote_url) {
println!("username={}", account.username);
println!("password={}", account.token);
if let Some(token) = crate::keyring_store::get_token(&account.id) {
println!("username={}", account.username);
println!("password={}", token);
}
}
});
}
@@ -387,11 +389,19 @@ pub async fn try_inject_for_repo(
}
};
let token = match crate::keyring_store::get_token(&account.id) {
Some(t) => t,
None => {
eprintln!("[GIT_CRED] no token in keyring for account {}", account.id);
return false;
}
};
eprintln!(
"[GIT_CRED] injecting credentials for {} (user: {})",
remote_url, account.username
);
inject_credentials(cmd, &account.username, &account.token, &askpass);
inject_credentials(cmd, &account.username, &token, &askpass);
true
}
@@ -417,6 +427,14 @@ pub async fn try_inject_for_url(
None => return false,
};
let token = match crate::keyring_store::get_token(&account.id) {
Some(t) => t,
None => {
eprintln!("[GIT_CRED] no token in keyring for account {}", account.id);
return false;
}
};
let askpass = match ensure_askpass_script(app_data_dir) {
Ok(p) => p,
Err(e) => {
@@ -425,7 +443,7 @@ pub async fn try_inject_for_url(
}
};
inject_credentials(cmd, &account.username, &account.token, &askpass);
inject_credentials(cmd, &account.username, &token, &askpass);
true
}
@@ -464,7 +482,6 @@ mod tests {
id: "1".into(),
server_url: "https://github.com".into(),
username: "user1".into(),
token: "tok1".into(),
scopes: vec![],
avatar_url: None,
is_default: false,
@@ -474,7 +491,6 @@ mod tests {
id: "2".into(),
server_url: "https://gitlab.example.com".into(),
username: "user2".into(),
token: "tok2".into(),
scopes: vec![],
avatar_url: None,
is_default: true,
@@ -500,7 +516,6 @@ mod tests {
id: "1".into(),
server_url: "https://github.com".into(),
username: "personal".into(),
token: "tok1".into(),
scopes: vec![],
avatar_url: None,
is_default: false,
@@ -510,7 +525,6 @@ mod tests {
id: "2".into(),
server_url: "https://github.com".into(),
username: "work".into(),
token: "tok2".into(),
scopes: vec![],
avatar_url: None,
is_default: true,

30
src-tauri/src/keyring_store.rs Normal file
View File

@@ -0,0 +1,30 @@
use keyring::Entry;
const SERVICE_NAME: &str = "codeg";
fn token_key(account_id: &str) -> String {
format!("github-token:{}", account_id)
}
pub fn set_token(account_id: &str, token: &str) -> Result<(), String> {
let entry = Entry::new(SERVICE_NAME, &token_key(account_id))
.map_err(|e| format!("keyring init error: {e}"))?;
entry
.set_password(token)
.map_err(|e| format!("keyring set error: {e}"))
}
pub fn get_token(account_id: &str) -> Option<String> {
let entry = Entry::new(SERVICE_NAME, &token_key(account_id)).ok()?;
entry.get_password().ok()
}
pub fn delete_token(account_id: &str) -> Result<(), String> {
let entry = Entry::new(SERVICE_NAME, &token_key(account_id))
.map_err(|e| format!("keyring init error: {e}"))?;
match entry.delete_credential() {
Ok(()) => Ok(()),
Err(keyring::Error::NoEntry) => Ok(()),
Err(e) => Err(format!("keyring delete error: {e}")),
}
}

4
src-tauri/src/lib.rs
View File

@@ -3,6 +3,7 @@ mod app_error;
mod commands;
mod db;
pub mod git_credential;
pub mod keyring_store;
mod models;
mod network;
mod parsers;
@@ -272,6 +273,9 @@ pub fn run() {
version_control::get_github_accounts,
version_control::validate_github_token,
version_control::update_github_accounts,
version_control::save_account_token,
version_control::get_account_token,
version_control::delete_account_token,
acp_commands::acp_preflight,
acp_commands::acp_connect,
acp_commands::acp_prompt,

1
src-tauri/src/models/system.rs
View File

@@ -64,7 +64,6 @@ pub struct GitHubAccount {
pub id: String,
pub server_url: String,
pub username: String,
pub token: String,
pub scopes: Vec<String>,
pub avatar_url: Option<String>,
pub is_default: bool,