Prepare release 0.1.18.

Jack Cowey · cursoragent · Jack Cowey · commit 9d5cace8d581 · 2026-02-18T17:17:50.000Z
Store server passwords in OS secure keyring via Tauri commands, load them at connect time, and keep local snapshots free of plaintext secrets. Also route desktop link opens through a native URL opener command.

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/lib/external-links.ts b/lib/external-links.ts
@@ -1,9 +1,11 @@
+import { openExternalUrl } from "./irc-native"
+
 // Thin wrapper so we can centralize external link behavior.
-// For both web and desktop (Tauri), falling back to window.open
-// is sufficient to open the user's default browser.
 export async function shellOpenExternal(url: string): Promise<void> {
   if (typeof window === "undefined") return
+  if ("__TAURI_INTERNALS__" in window) {
+    await openExternalUrl(url)
+    return
+  }
   window.open(url, "_blank", "noopener,noreferrer")
 }
-
-
diff --git a/lib/irc-native.ts b/lib/irc-native.ts
@@ -82,3 +82,34 @@ export async function sendNativeRaw(serverId: string, line: string) {
   await invoke("irc_raw", { serverId, line })
 }
 
+export async function openExternalUrl(url: string) {
+  if (!hasTauriInternals()) return
+  await invoke("open_external_url", { url })
+}
+
+export async function secureSetServerSecret(
+  serverId: string,
+  secretName: "password" | "saslPassword",
+  value: string
+) {
+  if (!hasTauriInternals()) return
+  await invoke("secure_set_server_secret", { serverId, secretName, value })
+}
+
+export async function secureGetServerSecret(
+  serverId: string,
+  secretName: "password" | "saslPassword"
+): Promise<string | null> {
+  if (!hasTauriInternals()) return null
+  const v = await invoke<string | null>("secure_get_server_secret", { serverId, secretName })
+  return v ?? null
+}
+
+export async function secureDeleteServerSecret(
+  serverId: string,
+  secretName: "password" | "saslPassword"
+) {
+  if (!hasTauriInternals()) return
+  await invoke("secure_delete_server_secret", { serverId, secretName })
+}
+
diff --git a/lib/store.ts b/lib/store.ts
@@ -12,6 +12,9 @@ import {
   partNativeIrc,
   sendNativePrivmsg,
   sendNativeRaw,
+  secureDeleteServerSecret,
+  secureGetServerSecret,
+  secureSetServerSecret,
 } from './irc-native'
 
 function hexToHSL(hex: string): string {
@@ -160,10 +163,8 @@ type ServerSnapshot = Pick<
   | 'nickname'
   | 'username'
   | 'realName'
-  | 'password'
   | 'saslEnabled'
   | 'saslUsername'
-  | 'saslPassword'
   | 'autoJoinChannels'
   | 'onJoinCommands'
 >
@@ -202,17 +203,33 @@ function saveServersSnapshot(servers: IRCServer[]) {
       nickname: s.nickname,
       username: s.username,
       realName: s.realName,
-      password: s.password,
       saslEnabled: s.saslEnabled,
       saslUsername: s.saslUsername,
-      saslPassword: s.saslPassword,
       autoJoinChannels: s.autoJoinChannels,
       onJoinCommands: s.onJoinCommands,
     }))
     localStorage.setItem('patchcord-servers', JSON.stringify(snapshot))
   } catch {}
 }
 
+function persistServerSecrets(server: IRCServer) {
+  if (!isLiveBuild) return
+
+  const pw = (server.password || '').trim()
+  if (pw.length > 0) {
+    void secureSetServerSecret(server.id, 'password', pw).catch(() => {})
+  } else {
+    void secureDeleteServerSecret(server.id, 'password').catch(() => {})
+  }
+
+  const saslPw = (server.saslPassword || '').trim()
+  if (saslPw.length > 0) {
+    void secureSetServerSecret(server.id, 'saslPassword', saslPw).catch(() => {})
+  } else {
+    void secureDeleteServerSecret(server.id, 'saslPassword').catch(() => {})
+  }
+}
+
 interface IRCStore {
   servers: IRCServer[]
   settings: AppSettings
@@ -382,6 +399,7 @@ export const useIRCStore = create<IRCStore>((set, get) => ({
           activeView: state.activeView.serverId ? state.activeView : { serverId: id, channelId: '' },
         }
       })
+      persistServerSecrets(server)
       get().connectServer(id)
       return
     }
@@ -470,12 +488,20 @@ export const useIRCStore = create<IRCStore>((set, get) => ({
       const servers = state.servers.map((s) =>
         s.id === serverId ? { ...s, ...data } : s
       )
+      const updated = servers.find((s) => s.id === serverId)
+      if (updated) {
+        persistServerSecrets(updated)
+      }
       saveServersSnapshot(servers)
       return { servers }
     })
   },
 
   removeServer: (serverId) => {
+    if (isLiveBuild) {
+      void secureDeleteServerSecret(serverId, 'password').catch(() => {})
+      void secureDeleteServerSecret(serverId, 'saslPassword').catch(() => {})
+    }
     set((state) => {
       const newServers = state.servers.filter((s) => s.id !== serverId)
       let newView = state.activeView
@@ -509,18 +535,21 @@ export const useIRCStore = create<IRCStore>((set, get) => ({
       if (!server) return
       get().updateServerStatus(serverId, 'connecting')
       get().addServerMessage(serverId, `Connecting to ${server.host}:${server.port}${server.ssl ? ' (TLS)' : ''}...`)
-      void connectNativeIrc({
-        serverId,
-        host: server.host,
-        port: server.port,
-        ssl: server.ssl,
-        allowInvalidCerts: !!server.allowInvalidCerts,
-        nickname: server.nickname,
-        username: server.username,
-        realName: server.realName,
-        password: server.password,
-        autoJoinChannels: server.autoJoinChannels,
-      }).catch((err) => {
+      void (async () => {
+        const storedPassword = await secureGetServerSecret(serverId, 'password').catch(() => null)
+        await connectNativeIrc({
+          serverId,
+          host: server.host,
+          port: server.port,
+          ssl: server.ssl,
+          allowInvalidCerts: !!server.allowInvalidCerts,
+          nickname: server.nickname,
+          username: server.username,
+          realName: server.realName,
+          password: storedPassword ?? server.password,
+          autoJoinChannels: server.autoJoinChannels,
+        })
+      })().catch((err) => {
         get().updateServerStatus(serverId, 'disconnected')
         get().addServerMessage(serverId, `Connection failed: ${String(err)}`)
       })
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "my-project",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "private": true,
   "scripts": {
     "dev": "next dev --turbo",
diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "patchcord-desktop"
-version = "0.1.17"
+version = "0.1.18"
 description = "Patchcord desktop app"
 authors = ["Patchcord"]
 license = ""
@@ -27,3 +27,4 @@ tokio = { version = "1", features = ["full"] }
 tokio-native-tls = "0.3"
 native-tls = "=0.2.14"
 once_cell = "1"
+keyring = "3"
diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs
@@ -1,4 +1,6 @@
 mod irc;
+use std::process::Command;
+use keyring::Entry;
 
 // Allow camelCase parameter names here so they match
 // the keys sent from the frontend `invoke` calls.
@@ -70,6 +72,89 @@ async fn irc_raw(serverId: String, line: String) -> Result<(), String> {
   irc::raw(serverId, line).await
 }
 
+#[allow(non_snake_case)]
+#[tauri::command]
+async fn open_external_url(url: String) -> Result<(), String> {
+  if !(url.starts_with("http://") || url.starts_with("https://")) {
+    return Err("Only http(s) URLs are allowed".to_string());
+  }
+
+  #[cfg(target_os = "windows")]
+  {
+    Command::new("cmd")
+      .args(["/C", "start", "", &url])
+      .spawn()
+      .map_err(|e| format!("Failed to open URL: {e}"))?;
+  }
+
+  #[cfg(target_os = "macos")]
+  {
+    Command::new("open")
+      .arg(&url)
+      .spawn()
+      .map_err(|e| format!("Failed to open URL: {e}"))?;
+  }
+
+  #[cfg(all(unix, not(target_os = "macos")))]
+  {
+    Command::new("xdg-open")
+      .arg(&url)
+      .spawn()
+      .map_err(|e| format!("Failed to open URL: {e}"))?;
+  }
+
+  Ok(())
+}
+
+fn secret_entry(app: &tauri::AppHandle, server_id: &str, secret_name: &str) -> Result<Entry, String> {
+  let service = app.config().identifier.clone();
+  let account = format!("patchcord:{server_id}:{secret_name}");
+  Entry::new(&service, &account).map_err(|e| format!("Secure storage init failed: {e}"))
+}
+
+#[allow(non_snake_case)]
+#[tauri::command]
+async fn secure_set_server_secret(
+  app: tauri::AppHandle,
+  serverId: String,
+  secretName: String,
+  value: String,
+) -> Result<(), String> {
+  let entry = secret_entry(&app, &serverId, &secretName)?;
+  entry
+    .set_password(&value)
+    .map_err(|e| format!("Secure storage write failed: {e}"))
+}
+
+#[allow(non_snake_case)]
+#[tauri::command]
+async fn secure_get_server_secret(
+  app: tauri::AppHandle,
+  serverId: String,
+  secretName: String,
+) -> Result<Option<String>, String> {
+  let entry = secret_entry(&app, &serverId, &secretName)?;
+  match entry.get_password() {
+    Ok(v) => Ok(Some(v)),
+    Err(keyring::Error::NoEntry) => Ok(None),
+    Err(e) => Err(format!("Secure storage read failed: {e}")),
+  }
+}
+
+#[allow(non_snake_case)]
+#[tauri::command]
+async fn secure_delete_server_secret(
+  app: tauri::AppHandle,
+  serverId: String,
+  secretName: String,
+) -> Result<(), String> {
+  let entry = secret_entry(&app, &serverId, &secretName)?;
+  match entry.delete_credential() {
+    Ok(_) | Err(keyring::Error::NoEntry) => Ok(()),
+    Err(e) => Err(format!("Secure storage delete failed: {e}")),
+  }
+}
+
 #[cfg_attr(mobile, tauri::mobile_entry_point)]
 pub fn run() {
   tauri::Builder::default()
@@ -89,7 +174,11 @@ pub fn run() {
       irc_join,
       irc_part,
       irc_privmsg,
-      irc_raw
+      irc_raw,
+      open_external_url,
+      secure_set_server_secret,
+      secure_get_server_secret,
+      secure_delete_server_secret
     ])
     .run(tauri::generate_context!())
     .expect("error while running tauri application");
diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json
@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "Patchcord",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "identifier": "com.patchcord.desktop",
   "build": {
     "beforeDevCommand": "pnpm dev",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "my-project",`
`3`		`- "version": "0.1.17",`
	`3`	`+ "version": "0.1.18",`
`4`	`4`	`"private": true,`
`5`	`5`	`"scripts": {`
`6`	`6`	`"dev": "next dev --turbo",`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"$schema": "https://schema.tauri.app/config/2",`
`3`	`3`	`"productName": "Patchcord",`
`4`		`- "version": "0.1.17",`
	`4`	`+ "version": "0.1.18",`
`5`	`5`	`"identifier": "com.patchcord.desktop",`
`6`	`6`	`"build": {`
`7`	`7`	`"beforeDevCommand": "pnpm dev",`