-
-
Notifications
You must be signed in to change notification settings - Fork 286
Expand file tree
/
Copy pathSafeModeGuard.swift
More file actions
126 lines (112 loc) · 4.3 KB
/
SafeModeGuard.swift
File metadata and controls
126 lines (112 loc) · 4.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
//
// SafeModeGuard.swift
// TablePro
//
import AppKit
import LocalAuthentication
import os
@MainActor
internal final class SafeModeGuard {
private static let logger = Logger(subsystem: "com.TablePro", category: "SafeModeGuard")
internal enum Permission {
case allowed
case blocked(String)
}
internal static func checkPermission(
level: SafeModeLevel,
isWriteOperation: Bool,
sql: String,
operationDescription: String,
window: NSWindow?,
databaseType: DatabaseType? = nil
) async -> Permission {
let effectiveLevel: SafeModeLevel
if level.requiresPro && !LicenseManager.shared.isFeatureAvailable(.safeMode) {
logger.info("Safe mode \(level.rawValue) requires Pro license; downgrading to silent")
effectiveLevel = .silent
} else {
effectiveLevel = level
}
let effectiveIsWrite: Bool
if let dbType = databaseType, !PluginManager.shared.supportsReadOnlyMode(for: dbType) {
effectiveIsWrite = true
} else {
effectiveIsWrite = isWriteOperation
}
switch effectiveLevel {
case .silent:
return .allowed
case .readOnly:
if effectiveIsWrite {
return .blocked(String(localized: "Cannot execute write queries: connection is read-only"))
}
return .allowed
case .alert:
if effectiveIsWrite {
guard await showConfirmationAlert(sql: sql, operationDescription: operationDescription, window: window) else {
return .blocked(String(localized: "Operation cancelled by user"))
}
}
return .allowed
case .alertFull:
guard await showConfirmationAlert(sql: sql, operationDescription: operationDescription, window: window) else {
return .blocked(String(localized: "Operation cancelled by user"))
}
return .allowed
case .safeMode:
if effectiveIsWrite {
guard await showConfirmationAlert(sql: sql, operationDescription: operationDescription, window: window) else {
return .blocked(String(localized: "Operation cancelled by user"))
}
guard await authenticateUser() else {
return .blocked(String(localized: "Authentication required to execute write operations"))
}
}
return .allowed
case .safeModeFull:
guard await showConfirmationAlert(sql: sql, operationDescription: operationDescription, window: window) else {
return .blocked(String(localized: "Operation cancelled by user"))
}
guard await authenticateUser() else {
return .blocked(String(localized: "Authentication required to execute operations"))
}
return .allowed
}
}
private static func showConfirmationAlert(
sql: String,
operationDescription: String,
window: NSWindow?
) async -> Bool {
let trimmed = sql.trimmingCharacters(in: .whitespacesAndNewlines)
let preview: String
if (trimmed as NSString).length > 200 {
preview = String(trimmed.prefix(200)) + "..."
} else {
preview = trimmed
}
return await AlertHelper.confirmDestructive(
title: operationDescription,
message: String(localized: "Are you sure you want to execute this query?\n\n\(preview)"),
confirmButton: String(localized: "Execute"),
cancelButton: String(localized: "Cancel"),
window: window
)
}
private static func authenticateUser() async -> Bool {
await Task.detached {
let context = LAContext()
do {
return try await context.evaluatePolicy(
.deviceOwnerAuthentication,
localizedReason: String(localized: "Authenticate to execute database operations")
)
} catch {
await MainActor.run {
logger.warning("Biometric authentication failed: \(error.localizedDescription)")
}
return false
}
}.value
}
}