feat(aura-gui): privilege escalation via sudo + one-click NOPASSWD installer
The v0.1 GUI's Connect button was broken in practice: the Tauri app launched from /Applications runs as the desktop user, so `Command::new(aura).spawn()` started aura without root. aura died in ms with EPERM at TUN creation, faster than the 1.5 s status poller could catch — the UI just silently flipped back to "disconnected" with no clue. ## Fix * `cli_proc::spawn_client` now prepends `sudo -n` on Unix. After spawn it blocks for 1.5 s and checks `try_wait`; if the child already exited, it reads the stderr ring's last 20 lines and returns an anyhow Error with that tail + a hint list of common causes. The Tauri command surfaces it to the frontend's `error` state where the UI renders it as a multi-line `<pre>` block instead of the previous single-line text. * `ClientHandle::kill` no longer uses `Child::kill` (SIGKILL) on its sudo parent — that would have left aura orphaned with the TUN lingering. Sends SIGTERM to sudo, which sudo forwards to aura, giving the inner `OsRouteGuard::Drop` 2 s to run cleanup. Falls back to SIGKILL only after the grace period. ## One-click NOPASSWD installer Two new Tauri commands plus a UI banner: * `check_admin_access` — runs `sudo -n aura --help` and returns whether the sudoers entry is in place. Used by the React side to decide whether to show the banner. * `install_sudoers_admin` — runs `osascript ... with administrator privileges` which surfaces the native macOS auth dialog, then writes `/etc/sudoers.d/aura-gui` scoped to `<aura> client *` only (not arbitrary aura invocations), runs `visudo -c` for syntax validation, and reports success or the syntax error. The frontend shows a yellow "One-time setup needed" banner above the profile list whenever `adminReady === false`. Clicking the button pops the Mac password dialog once; from then on Connect is a single click with no prompt. ## UI feedback * "Connecting…" disabled state on the Connect button while spawn_client's 1.5 s wait is in progress * Errors render as monospace `<pre>` so the multi-line stderr tail is readable * `.error` and `.admin-banner` CSS classes added to App.css 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
xah30
+36
-2
@@ -263,12 +263,46 @@ button.danger:hover:not(:disabled) {
|
||||
background: rgba(239, 90, 90, 0.12);
|
||||
border: 1px solid rgba(239, 90, 90, 0.4);
|
||||
border-radius: 8px;
|
||||
padding: 10px 14px;
|
||||
padding: 12px 14px;
|
||||
color: #ffb1b1;
|
||||
display: flex;
|
||||
justify-content: space-between;
|
||||
flex-direction: column;
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
.error-body {
|
||||
margin: 0;
|
||||
font-family: ui-monospace, "JetBrains Mono", "SF Mono", Menlo, monospace;
|
||||
font-size: 11px;
|
||||
color: #ffc8c8;
|
||||
white-space: pre-wrap;
|
||||
word-break: break-word;
|
||||
max-height: 200px;
|
||||
overflow: auto;
|
||||
}
|
||||
|
||||
.error button {
|
||||
align-self: flex-end;
|
||||
}
|
||||
|
||||
.admin-banner {
|
||||
background: rgba(247, 185, 85, 0.12);
|
||||
border: 1px solid rgba(247, 185, 85, 0.4);
|
||||
border-radius: 8px;
|
||||
padding: 14px 16px;
|
||||
color: #f7b955;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 16px;
|
||||
font-size: 13px;
|
||||
}
|
||||
|
||||
.admin-banner > div {
|
||||
flex: 1;
|
||||
}
|
||||
|
||||
.admin-banner button {
|
||||
flex-shrink: 0;
|
||||
}
|
||||
|
||||
.aura-bin code {
|
||||
|
||||
Reference in New Issue
Block a user