Tristan Michael
0c4073c998
- Enforce HTTPS for WebDAV URLs (reject http:// to prevent plaintext credentials) - Replace String with Zeroizing<String> for credential fields and load_credentials return - Remove manual Drop impl (Zeroizing handles zeroize-on-drop automatically) - Scope keyring password entries by domain+username to prevent collisions - Add migration fallback for legacy unscoped keyring entries - Sanitize error messages to not leak keyring service patterns or env var names - Add log warnings when falling back to env var credentials - Add log dependency to onyx-core Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
32 lines
823 B
TOML
32 lines
823 B
TOML
[package]
|
|
name = "onyx-core"
|
|
version = "0.1.0"
|
|
edition = "2021"
|
|
description = "Core library for local-first task management with markdown storage and WebDAV sync"
|
|
license = "GPL-3.0-or-later"
|
|
repository = "https://github.com/SteelDynamite/onyx"
|
|
|
|
[features]
|
|
default = ["keyring-storage"]
|
|
keyring-storage = ["keyring"]
|
|
|
|
[dependencies]
|
|
serde = { workspace = true }
|
|
serde_json = "1.0"
|
|
serde_yaml = "0.9"
|
|
uuid = { workspace = true }
|
|
chrono = { workspace = true }
|
|
directories = "5.0"
|
|
reqwest = { workspace = true }
|
|
sha2 = { workspace = true }
|
|
quick-xml = { workspace = true }
|
|
tokio = { workspace = true }
|
|
keyring = { version = "3", features = ["apple-native", "windows-native", "sync-secret-service"], optional = true }
|
|
zeroize = "1"
|
|
log = "0.4"
|
|
|
|
[dev-dependencies]
|
|
tempfile = "3.0"
|
|
wiremock = "0.6"
|
|
tokio = { workspace = true }
|