SteelDynamite/onyx-tasks
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
158 commits 10 branches 0 tags 1.4 MiB
Commit graph

7 commits

Author SHA1 Message Date
Tristan Michael 4c57851e15 Rename workspace and remote folders with confirmation 
Add WebDAV MOVE support and update workspace rename flow to handle both
local and WebDAV-backed workspaces. The Tauri rename_workspace command
is made async and now performs filesystem rename for local workspaces
and issues a WebDAV MOVE (via a new WebDavClient::move_resource) for
remote workspaces, updating stored paths and credentials accordingly. A
confirmation dialog is added to SettingsScreen to prompt users before
renaming, and minor UI/default tweaks are included (SetupScreen default
name). This ensures renames update both local folders and remote WebDAV
folders reliably and with user confirmation.
 2026-04-05 15:10:44 -07:00
Tristan Michael fa87dbe12b security: additional credential hardening 
- Use :: separator in scoped keyring keys to prevent ambiguity with
  usernames containing dots (e.g. com.onyx.webdav.host::user)
- Auto-migrate legacy credentials to scoped format on load, removing
  old unscoped entries after successful migration
- Add 10MB response size limit on PROPFIND to prevent memory exhaustion
  from malicious servers (checks Content-Length header + actual body)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 10:43:09 -07:00
Tristan Michael 58f37b08d6 fix: harden WebDAV sync — async credentials, consolidated command, Onyx subfolder 2026-04-03 10:11:46 -07:00
Tristan Michael 0c4073c998 security: harden credential management in onyx-core 
- Enforce HTTPS for WebDAV URLs (reject http:// to prevent plaintext credentials)
- Replace String with Zeroizing<String> for credential fields and load_credentials return
- Remove manual Drop impl (Zeroizing handles zeroize-on-drop automatically)
- Scope keyring password entries by domain+username to prevent collisions
- Add migration fallback for legacy unscoped keyring entries
- Sanitize error messages to not leak keyring service patterns or env var names
- Add log warnings when falling back to env var credentials
- Add log dependency to onyx-core

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 10:11:40 -07:00
Tristan Michael e0c7292a7e fix: harden sync safety — conflict backup, timestamp parsing, credential zeroization 
Back up local files before overwriting during ConflictRemoteWins so data
is never silently lost. Fix false-positive change detection by parsing
timestamps before comparing (different formats like RFC3339 vs HTTP date
were never equal as strings). Add zeroize crate to zero WebDAV credentials
in memory on drop, preventing exposure in core dumps.
 2026-04-02 09:37:43 -07:00
Tristan Michael 326ebd83d8 Gate desktop-only deps for Tauri Android compilation 
Make keyring optional behind keyring-storage feature in onyx-core.
Make notify/notify-debouncer-mini optional behind desktop feature in Tauri.
Gate all file watcher code behind #[cfg(not(target_os = "android"))].
Provide env-var-only credential fallbacks when keyring is disabled.
 2026-04-01 17:35:57 -07:00
Tristan Michael 9e204ef818 rename onyx-core crate (formerly bevy-tasks-core) 2026-03-31 09:46:56 -07:00
Renamed from crates/bevy-tasks-core/src/webdav.rs (Browse further)