Handling conflict responses

.gitignore

@@ -1,4 +1,4 @@
 .DS_Store
 target
 *.bak
-workspace/server/public
+# workspace/server/public

Makefile

@@ -1,28 +1,37 @@
-all: lint fmt check
+dev-certs:
+	@cd sandbox && mkcert -key-file key.pem -cert-file cert.pem localhost 127.0.0.1 ::1
+.PHONY: dev-certs
 
 browser-gui:
 	@rm -rf workspace/server/public
 	@cd ../browser && make dist
 	@cp -r ../browser/app/dist workspace/server/public
-	@rm -rf workspace/server/public/assets
+.PHONY: browser-gui
+
+dev-server:
+	@cd workspace/server && cargo run -- -c ../../sandbox/config.toml
 
 server-release: browser-gui
 	@cd workspace/server && cargo build --release
+.PHONY: server-release
 
 fmt:
 	@cargo fmt --all
+.PHONY: fmt
 
 dev:
 	@cargo test --all
 	@cargo fmt --all
+.PHONY: dev
 
 check:
 	@cargo check --all
+.PHONY: check
 
 test:
 	@cargo test --all
+.PHONY: test
 
 docs:
 	@cargo doc --all --open --no-deps
-
-.PHONY: all browser-gui server-release fmt dev check test docs
+.PHONY: docs

README.md

@@ -1,31 +1,50 @@
 # Save Our Secrets Library
 
-> A distributed, encrypted database with a focus on security, integrity and redundancy.
+> Save our Secrets (SOS) is a cross-platform, distributed, encrypted database with a focus on security, integrity and redundancy. It can be used to store private secrets such as account passwords, notes, certificates and encryption keys.
 
-Used to store private secrets such as account passwords, notes, certificates and encryption keys.
+This repository contains the core library code and several command line interface (CLI) tools.
+
+* [sandbox](/sandbox) Configuration and storage location for local testing.
+* [workspace](/workspace) Libraries and command line interfaces.
+    * [audit](/workspace/audit) The `sos-audit` tool for reading and monitoring audit logs.
+    * [check](/workspace/check) The `sos-check` tool for verifying file integrity and inspecting files.
+    * [client](/workspace/client) Client library and the `sos-client` terminal read-eval-print-loop (REPL) tool.
+    * [core](/workspace/core) Core library including types and traits common to the client and server implementations.
+    * [readline](/workspace/readline) Utility functions for reading from stdin, used by the terminal REPL client.
+    * [server](/workspace/server) Server command line interface.
+
+For webassembly bindings see the [browser][] repository.
 
 ## Server
 
+### Certificates
+
 The server requires TLS so a certificate and key file must be configured.
 
-For local development use [mkcert][] in the sandbox directory:
+For local development use [mkcert][] in the sandbox directory, first install the executable and then create the certificate authority:
 
 ```
 mkcert -install
-cd sandbox && mkcert -key-file key.pem -cert-file cert.pem localhost 127.0.0.1 ::1
 ```
 
+Afterwards create certificates for local servers in the sandbox directory:
+
+```
+make dev-certs
+```
+
+### Web GUI
+
 The server bundles a web-based GUI from the browser webapp code so to run the server CLI tool you must have the [browser][] repository as a sibling folder of this repository and then you can build the public folder containing the bundled assets:
 
 ```
 make browser-gui
 ```
 
-Now you can start a development version of the server:
+Now you can start a development version of the server using the [sandbox configuration](/sandbox/config.toml):
 
 ```
-cd workspace/server
-cargo run -- -c ../../sandbox/config.toml
+make dev-server
 ```
 
 Accounts and vaults will be created in the sandbox directory.

workspace/audit/src/iter.rs

@@ -2,12 +2,13 @@
 use std::path::Path;
 
 use sos_core::{
+    constants::AUDIT_IDENTITY,
     events::AuditEvent,
-    file_identity::{FileIdentity, AUDIT_IDENTITY},
     serde_binary::{
         binary_rw::{BinaryReader, Endian, FileStream, OpenType, SeekStream},
         Decode, Deserializer,
     },
+    FileIdentity,
 };
 
 use crate::{Error, Result};

workspace/audit/src/lib.rs

@@ -27,7 +27,7 @@ pub fn logs(audit_log: PathBuf, json: bool) -> Result<()> {
                 AuditData::Vault(vault_id) => {
                     tracing::info!(
                         "{} {} by {} (vault = {})",
-                        log.time,
+                        log.time.to_rfc3339()?,
                         log.operation,
                         log.address,
                         vault_id,
@@ -36,7 +36,7 @@ pub fn logs(audit_log: PathBuf, json: bool) -> Result<()> {
                 AuditData::Secret(vault_id, secret_id) => {
                     tracing::info!(
                         "{} {} by {} (vault = {}, secret = {})",
-                        log.time,
+                        log.time.to_rfc3339()?,
                         log.operation,
                         log.address,
                         vault_id,
@@ -47,7 +47,7 @@ pub fn logs(audit_log: PathBuf, json: bool) -> Result<()> {
         } else {
             tracing::info!(
                 "{} {} by {}",
-                log.time,
+                log.time.to_rfc3339()?,
                 log.operation,
                 log.address,
             );

workspace/audit/src/log_file.rs

@@ -4,8 +4,8 @@ use tokio::{fs::File, io::AsyncWriteExt};
 
 use crate::Result;
 use sos_core::{
+    constants::AUDIT_IDENTITY,
     events::{AuditEvent, AuditProvider},
-    file_identity::{FileIdentity, AUDIT_IDENTITY},
     vault::encode,
 };
 
@@ -38,9 +38,7 @@ impl AuditLogFile {
 
         let size = file.metadata()?.len();
         if size == 0 {
-            let identity = FileIdentity(AUDIT_IDENTITY);
-            let buffer = encode(&identity)?;
-            file.write_all(&buffer)?;
+            file.write_all(&AUDIT_IDENTITY)?;
         }
 
         Ok(file)
@@ -50,11 +48,15 @@ impl AuditLogFile {
 #[async_trait]
 impl AuditProvider for AuditLogFile {
     type Error = crate::Error;
-    async fn append_audit_event(
+    async fn append_audit_events(
         &mut self,
-        log: AuditEvent,
+        events: &[AuditEvent],
     ) -> std::result::Result<(), Self::Error> {
-        let buffer = encode(&log)?;
+        let mut buffer = Vec::new();
+        for event in events {
+            let mut event = encode(event)?;
+            buffer.append(&mut event);
+        }
         self.file.write_all(&buffer).await?;
         Ok(())
     }

workspace/check/src/lib.rs

@@ -9,8 +9,7 @@ pub use error::Error;
 use sos_core::{
     binary_rw::{FileStream, OpenType},
     commit_tree::{
-        integrity::{vault_commit_tree, wal_commit_tree},
-        CommitTree, RowIterator,
+        vault_commit_tree, wal_commit_tree, CommitTree, RowIterator,
     },
     wal::WalItem,
 };

workspace/client/Cargo.toml

@@ -8,6 +8,8 @@ default-run = "sos-client"
 thiserror = "1"
 sos-core = { path = "../core" }
 sos-readline = { path = "../readline" }
+async-trait = "0.1"
+async-recursion = "1"
 clap = { version = "3", features = ["derive", "wrap_help"] }
 tokio = { version = "1", features = ["full"] }
 url = "2"

workspace/client/src/bin/main.rs

@@ -7,12 +7,11 @@ use std::{
 use clap::{Parser, Subcommand};
 use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
 use url::Url;
-use uuid::Uuid;
 
 use sos_client::{
-    create_vault, exec, monitor, signup, Cache, ClientBuilder, Error, Result,
+    exec, monitor, run_blocking, signup, Cache, ClientBuilder, ClientCache,
+    Error, Result,
 };
-use sos_core::Algorithm;
 use sos_readline::read_shell;
 use terminal_banner::{Banner, Padding};
 
@@ -62,31 +61,6 @@ enum Command {
         #[clap(short, long)]
         keystore: PathBuf,
     },
-    /// Create a new secret storage vault.
-    ///
-    /// A passphrase for the new vault will be read from
-    /// stdin if data is detected on stdin otherwise a
-    /// random diceware passphrase is generated and printed
-    /// to the terminal.
-    ///
-    /// The filename will be the UUID for the new vault.
-    Create {
-        /// Unique identifier for the vault.
-        #[clap(short, long)]
-        uuid: Option<Uuid>,
-
-        /// Public name for the vault.
-        #[clap(short, long)]
-        name: Option<String>,
-
-        /// Encryption algorithm
-        #[clap(short, long)]
-        algorithm: Option<Algorithm>,
-
-        /// Directory to write the vault file
-        #[clap(parse(from_os_str))]
-        destination: PathBuf,
-    },
 }
 
 /// Ensure a supplied URL is https.
@@ -121,14 +95,6 @@ fn run() -> Result<()> {
             ensure_https(&server)?;
             monitor(server, keystore)?;
         }
-        Command::Create {
-            destination,
-            name,
-            uuid,
-            algorithm,
-        } => {
-            create_vault(destination, name, uuid, algorithm)?;
-        }
         Command::Signup {
             server,
             keystore,
@@ -141,12 +107,19 @@ fn run() -> Result<()> {
             ensure_https(&server)?;
             let cache_dir = Cache::cache_dir()?;
             let client = ClientBuilder::new(server, keystore).build()?;
-            let cache = Arc::new(RwLock::new(Cache::new(client, cache_dir)?));
+            let cache =
+                Arc::new(RwLock::new(Cache::new(client, cache_dir, true)?));
 
             let reader = cache.read().unwrap();
-            welcome(reader.client().server())?;
+            welcome(reader.server())?;
             drop(reader);
 
+            let mut writer = cache.write().unwrap();
+            if let Err(e) = run_blocking(writer.load_vaults()) {
+                tracing::error!("failed to load vaults: {}", e);
+            }
+            drop(writer);
+
             let prompt_cache = Arc::clone(&cache);
             let prompt = || -> String {
                 let cache = prompt_cache.read().unwrap();
@@ -184,6 +157,7 @@ fn main() -> Result<()> {
         Ok(_) => {}
         Err(e) => {
             tracing::error!("{}", e);
+            //panic!("{}", e);
         }
     }
     Ok(())