Skip to content

feat: secure credential storage, progressive CSV streaming, and settings UX improvements#61

Merged
liphvf merged 14 commits intomainfrom
query-improvemnt
Apr 14, 2026
Merged

feat: secure credential storage, progressive CSV streaming, and settings UX improvements#61
liphvf merged 14 commits intomainfrom
query-improvemnt

Conversation

@liphvf
Copy link
Copy Markdown
Owner

@liphvf liphvf commented Apr 14, 2026

Summary

  • Secure credential storage: Passwords for PostgreSQL servers are now encrypted at rest using Microsoft.AspNetCore.DataProtection with DPAPI (Windows). Removed plaintext Password field from ServerConfigEntry; replaced with EncryptedPassword. Keys are stored in %LocalAppData%\FurLab\keys\ and DPAPI-protected per user profile.
  • settings db-servers UX improvements: Interactive mode is now automatic (no -i flag needed) when --name/--host are absent. New set-password [name] subcommand added. Shared SelectServer() helper extracted for
    m, est, and set-password.
  • Progressive CSV writing and execution logging: Multi-server query results are now streamed to partial CSV files as they arrive, rather than buffered in memory. Each run produces an execution log entry with timing and row counts per server.
  • QueryCommand refactor: Connection string building now receives password as an explicit parameter (via TryDecrypt + interactive fallback). Destructive query detection and progress feedback preserved.
  • DPAPI platform guard: ProtectKeysWithDpapi is now called only on Windows via OperatingSystem.IsWindows() + [SupportedOSPlatform("windows")], eliminating CA1416 warning.
  • OpenSpec changes archived: secure-credential-storage and query-run-streaming-output changes archived; all delta specs synced to openspec/specs/.

Test coverage

  • CredentialServiceTests: 7 new unit tests covering encrypt/decrypt round-trip, empty input, corrupted blob, and null provider fallback.
  • CsvExportTests: Expanded to cover progressive/streaming write scenarios and partial file behavior.
  • UserConfigServiceTests: Updated for EncryptedPassword field and SetEncryptedPassword() method.
  • 154 tests passing, 0 failures.

liphvf added 14 commits April 13, 2026 18:32
@liphvf
Add icon configuration and manifest support for winget package
cb30759
@liphvf
Remove query-run-multi-server spec and design docs
53eeee6
@liphvf
feat: implement progressive CSV writing and execution logging for mul…
7d9446b 
…ti-server queries
@liphvf
Exija flush imediato após cada escrita em CSVs parciais
c8b4ff4 
Inclua requisitos e cenários de flush para garantir que cada linha
escrita seja persistida no disco imediatamente, aumentando a
durabilidade dos dados em caso de crash. Atualize tasks e specs para
usar StreamWriter com AutoFlush=true.
@liphvf
Refactor CsvExportTests and enhance CSV export functionality
404d861 
- Updated CsvRow to include Duration and LogFilePath fields.
- Introduced ExecutionLogEntry model for logging execution details.
- Implemented channel-based writing for CSVs, allowing for concurrent processing.
- Added methods for appending to server CSVs, writing error entries, and logging execution details with auto-flush.
- Enhanced tests to cover new functionalities, including appending to CSVs, error logging, and sanitization of filenames.
- Ensured proper handling of inconsistent headers during CSV merging.
- Updated test cases to reflect changes in CSV export behavior and structure.
@liphvf
Clean up using directives and simplify type references
47dd575 
- Remove unused using statements in QueryCommand.cs
- Use direct type references for System.Text.Json types in tests
- Fix service provider assignment for PostgresDatabaseLister in
  Program.cs
@liphvf
Add XML documentation comments to CLI command classes
5e22895
@liphvf
feat: Implementar escrita progressiva de CSVs e log de execução
80c5506 
- Adiciona suporte para escrita progressiva de arquivos CSV parciais por servidor, com append imediato após cada query completar.
- Gera um arquivo CSV consolidado ao final da execução, unindo os resultados parciais.
- Cria um arquivo de erros dedicado que registra falhas de queries em tempo real.
- Implementa feedback visual com uma barra de progresso e um feed de atividades em tempo real durante a execução das queries.
- Organiza todos os arquivos gerados em uma subpasta por execução, nomeada com timestamp.
- Introduz um modelo de log de execução para registrar detalhes de cada query executada, incluindo duração e status.
- Remove a opção `--separate-files`, tornando a escrita por servidor o comportamento padrão.
@liphvf
feat: Implementar armazenamento seguro de credenciais com encriptação…
a2db686 
… de senhas
@liphvf
feat: Implement secure credential storage using Data Protection
4d5d7d6 
- Added `ICredentialService` interface for encrypting and decrypting passwords.
- Created `CredentialService` implementing `ICredentialService` using `IDataProtectionProvider`.
- Updated `ServerConfigEntry` to store encrypted passwords instead of plaintext.
- Refactored `AddServerCommandOptions` and `SettingsCommand` to remove plaintext password handling.
- Introduced `set-password` command to securely set passwords for database servers.
- Updated `QueryCommand` to retrieve passwords securely at runtime.
- Added unit tests for `CredentialService` and updated existing tests for `UserConfigService`.
- Configured Data Protection in `ServiceCollectionExtensions` to persist keys in the local application data directory.
@liphvf
feat: Implement secure credential storage for PostgreSQL server passw…
59001cc 
…ords

- Removed plaintext password storage from ServerConfigEntry and furlab.jsonc.
- Added encrypted password field (EncryptedPassword) to ServerConfigEntry.
- Introduced ICredentialService and CredentialService for encryption/decryption using Microsoft.AspNetCore.DataProtection.
- Configured key management in %LocalAppData%\FurLab\keys\ with DPAPI protection on Windows.
- Added subcommand `fur settings db-servers set-password` for setting/redefining encrypted passwords.
- Modified `fur settings db-servers add` to enable automatic interactive mode when required arguments are missing.
- Updated `fur settings db-servers rm` and `test` commands to use interactive selection when no name is provided.
- Implemented fallback to interactive password prompt if decryption fails, without automatic re-saving.
- Added unit tests for CredentialService methods and updated existing tests to reflect changes in password handling.
@liphvf
Protect data protection keys with DPAPI user scope
c6a4305
@liphvf
Protect keys with DPAPI only on Windows platforms
aa0d356
@liphvf
fix: use fixed Windows invalid filename chars in SanitizeFilename
4bdb254
@liphvf liphvf merged commit 6428628 into main Apr 14, 2026
1 check passed
@liphvf liphvf deleted the query-improvemnt branch April 14, 2026 01:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@liphvf