feat: git credential backend for credential storage (#371)
## Problem
Credentials were stored as plaintext JSON in
`stdpath('data')/cp-nvim.json`, with no integration with system
credential managers.
## Solution
Replace file-based credential storage with `git credential
fill/approve/reject`, delegating to whatever credential helper the user
has configured (`cache`, `store`, `libsecret`, macOS Keychain, etc.).
- New `lua/cp/git_credential.lua` module wrapping the git credential
protocol
- All credential consumers (`credentials.lua`, `submit.lua`,
`scraper.lua`) use `git_credential` directly — `cache.lua` no longer
handles credentials
- CSES API token packed into the password field (`password<TAB>token`)
so it works with helpers that ignore the `path` field
- `has_helper()` guard on `:CP login`, `:CP logout`, and `:CP submit`
with an error message if no helper is configured
- Healthcheck split into `[required]`/`[optional]` sections; git version
and credential helper status shown
- `git` checked at startup in `check_required_runtime()`
- Cache version system (`CACHE_VERSION`, v1→v2 migration) removed — the
cache file is now a plain JSON blob
- `:CP` command gets `bar = true`
This commit is contained in:
Barrett Ruth
GitHub
parent
27d7a4e6b5
commit
da4e2ebeba
12 changed files with 283 additions and 150 deletions
|
|
@ -3,6 +3,7 @@ import json
|
|||
import os
|
||||
import re
|
||||
import sys
|
||||
import tempfile
|
||||
from abc import ABC, abstractmethod
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
|
@ -20,6 +21,18 @@ from .models import (
|
|||
_COOKIE_FILE = Path.home() / ".cache" / "cp-nvim" / "cookies.json"
|
||||
|
||||
|
||||
def _atomic_write(path: Path, content: str) -> None:
|
||||
fd, tmp = tempfile.mkstemp(dir=path.parent, prefix=".tmp-")
|
||||
try:
|
||||
os.fchmod(fd, 0o600)
|
||||
with os.fdopen(fd, "w") as f:
|
||||
f.write(content)
|
||||
os.replace(tmp, path)
|
||||
except BaseException:
|
||||
os.unlink(tmp)
|
||||
raise
|
||||
|
||||
|
||||
def load_platform_cookies(platform: str) -> Any | None:
|
||||
try:
|
||||
data = json.loads(_COOKIE_FILE.read_text())
|
||||
|
|
@ -29,22 +42,20 @@ def load_platform_cookies(platform: str) -> Any | None:
|
|||
|
||||
|
||||
def save_platform_cookies(platform: str, data: Any) -> None:
|
||||
_COOKIE_FILE.parent.mkdir(parents=True, exist_ok=True)
|
||||
_COOKIE_FILE.parent.mkdir(parents=True, exist_ok=True, mode=0o700)
|
||||
try:
|
||||
existing = json.loads(_COOKIE_FILE.read_text())
|
||||
except Exception:
|
||||
existing = {}
|
||||
existing[platform] = data
|
||||
_COOKIE_FILE.write_text(json.dumps(existing))
|
||||
_COOKIE_FILE.chmod(0o600)
|
||||
_atomic_write(_COOKIE_FILE, json.dumps(existing))
|
||||
|
||||
|
||||
def clear_platform_cookies(platform: str) -> None:
|
||||
try:
|
||||
existing = json.loads(_COOKIE_FILE.read_text())
|
||||
existing.pop(platform, None)
|
||||
_COOKIE_FILE.write_text(json.dumps(existing))
|
||||
_COOKIE_FILE.chmod(0o600)
|
||||
_atomic_write(_COOKIE_FILE, json.dumps(existing))
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ from typing import Any
|
|||
|
||||
import httpx
|
||||
|
||||
from .base import BaseScraper, extract_precision
|
||||
from .base import BaseScraper, extract_precision, load_platform_cookies, save_platform_cookies
|
||||
from .timeouts import HTTP_TIMEOUT
|
||||
from .models import (
|
||||
ContestListResult,
|
||||
|
|
@ -248,35 +248,20 @@ class CSESScraper(BaseScraper):
|
|||
if not username or not password:
|
||||
return self._login_error("Missing username or password")
|
||||
|
||||
token = credentials.get("token")
|
||||
token = load_platform_cookies("cses")
|
||||
async with httpx.AsyncClient(follow_redirects=True) as client:
|
||||
if token:
|
||||
print(json.dumps({"status": "checking_login"}), flush=True)
|
||||
if await self._check_token(client, token):
|
||||
return LoginResult(
|
||||
success=True,
|
||||
error="",
|
||||
credentials={
|
||||
"username": username,
|
||||
"password": password,
|
||||
"token": token,
|
||||
},
|
||||
)
|
||||
return LoginResult(success=True, error="")
|
||||
|
||||
print(json.dumps({"status": "logging_in"}), flush=True)
|
||||
token = await self._web_login(client, username, password)
|
||||
if not token:
|
||||
return self._login_error("bad_credentials")
|
||||
|
||||
return LoginResult(
|
||||
success=True,
|
||||
error="",
|
||||
credentials={
|
||||
"username": username,
|
||||
"password": password,
|
||||
"token": token,
|
||||
},
|
||||
)
|
||||
save_platform_cookies("cses", token)
|
||||
return LoginResult(success=True, error="")
|
||||
|
||||
async def stream_tests_for_category_async(self, category_id: str) -> None:
|
||||
async with httpx.AsyncClient(
|
||||
|
|
@ -423,7 +408,7 @@ class CSESScraper(BaseScraper):
|
|||
return self._submit_error("Missing credentials. Use :CP login cses")
|
||||
|
||||
async with httpx.AsyncClient(follow_redirects=True) as client:
|
||||
token = credentials.get("token")
|
||||
token = load_platform_cookies("cses")
|
||||
|
||||
if token:
|
||||
print(json.dumps({"status": "checking_login"}), flush=True)
|
||||
|
|
@ -435,18 +420,7 @@ class CSESScraper(BaseScraper):
|
|||
token = await self._web_login(client, username, password)
|
||||
if not token:
|
||||
return self._submit_error("bad_credentials")
|
||||
print(
|
||||
json.dumps(
|
||||
{
|
||||
"credentials": {
|
||||
"username": username,
|
||||
"password": password,
|
||||
"token": token,
|
||||
}
|
||||
}
|
||||
),
|
||||
flush=True,
|
||||
)
|
||||
save_platform_cookies("cses", token)
|
||||
|
||||
print(json.dumps({"status": "submitting"}), flush=True)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue