[PM-8789] Move desktop_native into subcrate (#9682)

* Move desktop_native into subcrate

* Add publish = false to crates

apps/desktop/desktop_native/napi/Cargo.toml

@@ -0,0 +1,23 @@
+[package]
+edition = "2021"
+exclude = ["index.node"]
+license = "GPL-3.0"
+name = "desktop_napi"
+version = "0.0.0"
+publish = false
+
+[lib]
+crate-type = ["cdylib"]
+
+[features]
+default = []
+manual_test = []
+
+[dependencies]
+anyhow = "=1.0.86"
+desktop_core = { path = "../core" }
+napi = { version = "=2.16.6", features = ["async"] }
+napi-derive = "=2.16.5"
+
+[build-dependencies]
+napi-build = "=2.1.3"

apps/desktop/desktop_native/napi/build.js

@@ -0,0 +1,22 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+const child_process = require("child_process");
+const process = require("process");
+
+let targets = [];
+switch (process.platform) {
+    case "win32":
+        targets = ["i686-pc-windows-msvc", "x86_64-pc-windows-msvc", "aarch64-pc-windows-msvc"];
+    break;
+
+    case "darwin":
+        targets = ["x86_64-apple-darwin", "aarch64-apple-darwin"];
+    break;
+
+    default:
+        targets = ['x86_64-unknown-linux-musl'];
+    break;
+}
+
+targets.forEach(target => {
+    child_process.execSync(`npm run build -- --target ${target}`, {stdio: 'inherit'});
+});

apps/desktop/desktop_native/napi/build.rs

@@ -0,0 +1,5 @@
+extern crate napi_build;
+
+fn main() {
+    napi_build::setup();
+}

apps/desktop/desktop_native/napi/index.d.ts

@@ -0,0 +1,43 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/* auto-generated by NAPI-RS */
+
+export namespace passwords {
+  /** Fetch the stored password from the keychain. */
+  export function getPassword(service: string, account: string): Promise<string>
+  /** Fetch the stored password from the keychain that was stored with Keytar. */
+  export function getPasswordKeytar(service: string, account: string): Promise<string>
+  /** Save the password to the keychain. Adds an entry if none exists otherwise updates the existing entry. */
+  export function setPassword(service: string, account: string, password: string): Promise<void>
+  /** Delete the stored password from the keychain. */
+  export function deletePassword(service: string, account: string): Promise<void>
+}
+export namespace biometrics {
+  export function prompt(hwnd: Buffer, message: string): Promise<boolean>
+  export function available(): Promise<boolean>
+  export function setBiometricSecret(service: string, account: string, secret: string, keyMaterial: KeyMaterial | undefined | null, ivB64: string): Promise<string>
+  export function getBiometricSecret(service: string, account: string, keyMaterial?: KeyMaterial | undefined | null): Promise<string>
+  /**
+   * Derives key material from biometric data. Returns a string encoded with a
+   * base64 encoded key and the base64 encoded challenge used to create it
+   * separated by a `|` character.
+   *
+   * If the iv is provided, it will be used as the challenge. Otherwise a random challenge will be generated.
+   *
+   * `format!("<key_base64>|<iv_base64>")`
+   */
+  export function deriveKeyMaterial(iv?: string | undefined | null): Promise<OsDerivedKey>
+  export interface KeyMaterial {
+    osKeyPartB64: string
+    clientKeyPartB64?: string
+  }
+  export interface OsDerivedKey {
+    keyB64: string
+    ivB64: string
+  }
+}
+export namespace clipboards {
+  export function read(): Promise<string>
+  export function write(text: string, password: boolean): Promise<void>
+}

apps/desktop/desktop_native/napi/index.js

@@ -0,0 +1,213 @@
+const { existsSync, readFileSync } = require('fs')
+const { join } = require('path')
+
+const { platform, arch } = process
+
+let nativeBinding = null
+let localFileExisted = false
+let loadError = null
+
+function isMusl() {
+  // For Node 10
+  if (!process.report || typeof process.report.getReport !== 'function') {
+    try {
+      return readFileSync('/usr/bin/ldd', 'utf8').includes('musl')
+    } catch (e) {
+      return true
+    }
+  } else {
+    const { glibcVersionRuntime } = process.report.getReport().header
+    return !glibcVersionRuntime
+  }
+}
+
+switch (platform) {
+  case 'android':
+    switch (arch) {
+      case 'arm64':
+        localFileExisted = existsSync(join(__dirname, 'desktop_napi.android-arm64.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.android-arm64.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-android-arm64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm':
+        localFileExisted = existsSync(join(__dirname, 'desktop_napi.android-arm-eabi.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.android-arm-eabi.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-android-arm-eabi')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Android ${arch}`)
+    }
+    break
+  case 'win32':
+    switch (arch) {
+      case 'x64':
+        localFileExisted = existsSync(
+          join(__dirname, 'desktop_napi.win32-x64-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.win32-x64-msvc.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-win32-x64-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'ia32':
+        localFileExisted = existsSync(
+          join(__dirname, 'desktop_napi.win32-ia32-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.win32-ia32-msvc.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-win32-ia32-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm64':
+        localFileExisted = existsSync(
+          join(__dirname, 'desktop_napi.win32-arm64-msvc.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.win32-arm64-msvc.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-win32-arm64-msvc')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Windows: ${arch}`)
+    }
+    break
+  case 'darwin':
+    switch (arch) {
+      case 'x64':
+        localFileExisted = existsSync(join(__dirname, 'desktop_napi.darwin-x64.node'))
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.darwin-x64.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-darwin-x64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm64':
+        localFileExisted = existsSync(
+          join(__dirname, 'desktop_napi.darwin-arm64.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.darwin-arm64.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-darwin-arm64')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on macOS: ${arch}`)
+    }
+    break
+  case 'freebsd':
+    if (arch !== 'x64') {
+      throw new Error(`Unsupported architecture on FreeBSD: ${arch}`)
+    }
+    localFileExisted = existsSync(join(__dirname, 'desktop_napi.freebsd-x64.node'))
+    try {
+      if (localFileExisted) {
+        nativeBinding = require('./desktop_napi.freebsd-x64.node')
+      } else {
+        nativeBinding = require('@bitwarden/desktop-napi-freebsd-x64')
+      }
+    } catch (e) {
+      loadError = e
+    }
+    break
+  case 'linux':
+    switch (arch) {
+      case 'x64':
+        localFileExisted = existsSync(
+          join(__dirname, 'desktop_napi.linux-x64-musl.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.linux-x64-musl.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-linux-x64-musl')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm64':
+        localFileExisted = existsSync(
+          join(__dirname, 'desktop_napi.linux-arm64-musl.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.linux-arm64-musl.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-linux-arm64-musl')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      case 'arm':
+        localFileExisted = existsSync(
+          join(__dirname, 'desktop_napi.linux-arm-gnueabihf.node')
+        )
+        try {
+          if (localFileExisted) {
+            nativeBinding = require('./desktop_napi.linux-arm-gnueabihf.node')
+          } else {
+            nativeBinding = require('@bitwarden/desktop-napi-linux-arm-gnueabihf')
+          }
+        } catch (e) {
+          loadError = e
+        }
+        break
+      default:
+        throw new Error(`Unsupported architecture on Linux: ${arch}`)
+    }
+    break
+  default:
+    throw new Error(`Unsupported OS: ${platform}, architecture: ${arch}`)
+}
+
+if (!nativeBinding) {
+  if (loadError) {
+    throw loadError
+  }
+  throw new Error(`Failed to load native binding`)
+}
+
+const { passwords, biometrics, clipboards } = nativeBinding
+
+module.exports.passwords = passwords
+module.exports.biometrics = biometrics
+module.exports.clipboards = clipboards

apps/desktop/desktop_native/napi/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@bitwarden/desktop-napi",
+  "version": "0.1.0",
+  "description": "",
+  "scripts": {
+    "build": "napi build --release --platform --js false",
+    "build:debug": "napi build --platform --js false",
+    "build:cross-platform": "node build.js",
+    "test": "cargo test"
+  },
+  "author": "",
+  "license": "GPL-3.0",
+  "devDependencies": {
+    "@napi-rs/cli": "2.16.2"
+  },
+  "napi": {
+    "name": "desktop_napi",
+    "triples": {
+      "defaults": true,
+      "additional": [
+        "x86_64-unknown-linux-musl",
+        "aarch64-unknown-linux-gnu",
+        "i686-pc-windows-msvc",
+        "armv7-unknown-linux-gnueabihf",
+        "aarch64-apple-darwin",
+        "aarch64-unknown-linux-musl",
+        "aarch64-pc-windows-msvc"
+      ]
+    }
+  }
+}

apps/desktop/desktop_native/napi/src/lib.rs

@@ -0,0 +1,144 @@
+#[macro_use]
+extern crate napi_derive;
+
+#[napi]
+pub mod passwords {
+    /// Fetch the stored password from the keychain.
+    #[napi]
+    pub async fn get_password(service: String, account: String) -> napi::Result<String> {
+        desktop_core::password::get_password(&service, &account)
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    /// Fetch the stored password from the keychain that was stored with Keytar.
+    #[napi]
+    pub async fn get_password_keytar(service: String, account: String) -> napi::Result<String> {
+        desktop_core::password::get_password_keytar(&service, &account)
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    /// Save the password to the keychain. Adds an entry if none exists otherwise updates the existing entry.
+    #[napi]
+    pub async fn set_password(
+        service: String,
+        account: String,
+        password: String,
+    ) -> napi::Result<()> {
+        desktop_core::password::set_password(&service, &account, &password)
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    /// Delete the stored password from the keychain.
+    #[napi]
+    pub async fn delete_password(service: String, account: String) -> napi::Result<()> {
+        desktop_core::password::delete_password(&service, &account)
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+}
+
+#[napi]
+pub mod biometrics {
+    use desktop_core::biometric::{Biometric, BiometricTrait};
+
+    // Prompt for biometric confirmation
+    #[napi]
+    pub async fn prompt(
+        hwnd: napi::bindgen_prelude::Buffer,
+        message: String,
+    ) -> napi::Result<bool> {
+        Biometric::prompt(hwnd.into(), message).map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn available() -> napi::Result<bool> {
+        Biometric::available().map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn set_biometric_secret(
+        service: String,
+        account: String,
+        secret: String,
+        key_material: Option<KeyMaterial>,
+        iv_b64: String,
+    ) -> napi::Result<String> {
+        Biometric::set_biometric_secret(
+            &service,
+            &account,
+            &secret,
+            key_material.map(|m| m.into()),
+            &iv_b64,
+        )
+        .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn get_biometric_secret(
+        service: String,
+        account: String,
+        key_material: Option<KeyMaterial>,
+    ) -> napi::Result<String> {
+        let result =
+            Biometric::get_biometric_secret(&service, &account, key_material.map(|m| m.into()))
+                .map_err(|e| napi::Error::from_reason(e.to_string()));
+        result
+    }
+
+    /// Derives key material from biometric data. Returns a string encoded with a
+    /// base64 encoded key and the base64 encoded challenge used to create it
+    /// separated by a `|` character.
+    ///
+    /// If the iv is provided, it will be used as the challenge. Otherwise a random challenge will be generated.
+    ///
+    /// `format!("<key_base64>|<iv_base64>")`
+    #[napi]
+    pub async fn derive_key_material(iv: Option<String>) -> napi::Result<OsDerivedKey> {
+        Biometric::derive_key_material(iv.as_deref())
+            .map(|k| k.into())
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi(object)]
+    pub struct KeyMaterial {
+        pub os_key_part_b64: String,
+        pub client_key_part_b64: Option<String>,
+    }
+
+    impl From<KeyMaterial> for desktop_core::biometric::KeyMaterial {
+        fn from(km: KeyMaterial) -> Self {
+            desktop_core::biometric::KeyMaterial {
+                os_key_part_b64: km.os_key_part_b64,
+                client_key_part_b64: km.client_key_part_b64,
+            }
+        }
+    }
+
+    #[napi(object)]
+    pub struct OsDerivedKey {
+        pub key_b64: String,
+        pub iv_b64: String,
+    }
+
+    impl From<desktop_core::biometric::OsDerivedKey> for OsDerivedKey {
+        fn from(km: desktop_core::biometric::OsDerivedKey) -> Self {
+            OsDerivedKey {
+                key_b64: km.key_b64,
+                iv_b64: km.iv_b64,
+            }
+        }
+    }
+}
+
+#[napi]
+pub mod clipboards {
+    #[napi]
+    pub async fn read() -> napi::Result<String> {
+        desktop_core::clipboard::read().map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn write(text: String, password: bool) -> napi::Result<()> {
+        desktop_core::clipboard::write(&text, password)
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+}