gardesk/garcard / e5a40fb

+[[package]]

+name = "cairo-rs"

+version = "0.20.12"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "91e3bd0f4e25afa9cabc157908d14eeef9067d6448c49414d17b3fb55f0eadd0"

+dependencies = [

+ "bitflags",

+ "cairo-sys-rs",

+ "glib",

+ "libc",

+]

+

+[[package]]

+name = "cairo-sys-rs"

+version = "0.20.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "059cc746549898cbfd9a47754288e5a958756650ef4652bbb6c5f71a6bda4f8b"

+dependencies = [

+ "glib-sys",

+ "libc",

+ "system-deps",

+]

+

+[[package]]

+name = "cfg-expr"

+version = "0.20.6"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "78cef5b5a1a6827c7322ae2a636368a573006b27cfa76c7ebd53e834daeaab6a"

+dependencies = [

+ "smallvec",

+ "target-lexicon",

+]

+

+[[package]]

+name = "futures-channel"

+version = "0.3.32"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"

+dependencies = [

+ "futures-core",

+]

+

+[[package]]

+name = "futures-executor"

+version = "0.3.31"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"

+dependencies = [

+ "futures-core",

+ "futures-task",

+ "futures-util",

+]

+

+[[package]]

+name = "futures-macro"

+version = "0.3.31"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"

+dependencies = [

+ "proc-macro2",

+ "quote",

+ "syn",

+]

+

+ "futures-macro",

+ "gartk-core",

+ "gartk-render",

+ "gartk-x11",

+ "toml 0.8.23",

+ "x11rb",

+[[package]]

+name = "gartk-core"

+version = "0.3.0"

+dependencies = [

+ "serde",

+ "thiserror 2.0.18",

+]

+

+[[package]]

+name = "gartk-render"

+version = "0.3.0"

+dependencies = [

+ "cairo-rs",

+ "gartk-core",

+ "gartk-x11",

+ "pango",

+ "pangocairo",

+ "thiserror 2.0.18",

+ "tracing",

+ "x11rb",

+]

+

+[[package]]

+name = "gartk-x11"

+version = "0.3.0"

+dependencies = [

+ "gartk-core",

+ "thiserror 2.0.18",

+ "tracing",

+ "x11rb",

+]

+

+[[package]]

+name = "gethostname"

+version = "1.1.0"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "1bd49230192a3797a9a4d6abe9b3eed6f7fa4c8a8a4947977c6f80025f92cbd8"

+dependencies = [

+ "rustix",

+ "windows-link",

+]

+

+[[package]]

+name = "gio"

+version = "0.20.12"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "8e27e276e7b6b8d50f6376ee7769a71133e80d093bdc363bd0af71664228b831"

+dependencies = [

+ "futures-channel",

+ "futures-core",

+ "futures-io",

+ "futures-util",

+ "gio-sys",

+ "glib",

+ "libc",

+ "pin-project-lite",

+ "smallvec",

+]

+

+[[package]]

+name = "gio-sys"

+version = "0.20.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "521e93a7e56fc89e84aea9a52cfc9436816a4b363b030260b699950ff1336c83"

+dependencies = [

+ "glib-sys",

+ "gobject-sys",

+ "libc",

+ "system-deps",

+ "windows-sys 0.59.0",

+]

+

+[[package]]

+name = "glib"

+version = "0.20.12"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "ffc4b6e352d4716d84d7dde562dd9aee2a7d48beb872dd9ece7f2d1515b2d683"

+dependencies = [

+ "bitflags",

+ "futures-channel",

+ "futures-core",

+ "futures-executor",

+ "futures-task",

+ "futures-util",

+ "gio-sys",

+ "glib-macros",

+ "glib-sys",

+ "gobject-sys",

+ "libc",

+ "memchr",

+ "smallvec",

+]

+

+[[package]]

+name = "glib-macros"

+version = "0.20.12"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "e8084af62f09475a3f529b1629c10c429d7600ee1398ae12dd3bf175d74e7145"

+dependencies = [

+ "heck",

+ "proc-macro-crate",

+ "proc-macro2",

+ "quote",

+ "syn",

+]

+

+[[package]]

+name = "glib-sys"

+version = "0.20.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "8ab79e1ed126803a8fb827e3de0e2ff95191912b8db65cee467edb56fc4cc215"

+dependencies = [

+ "libc",

+ "system-deps",

+]

+

+[[package]]

+name = "gobject-sys"

+version = "0.20.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "ec9aca94bb73989e3cfdbf8f2e0f1f6da04db4d291c431f444838925c4c63eda"

+dependencies = [

+ "glib-sys",

+ "libc",

+ "system-deps",

+]

+

+[[package]]

+name = "pango"

+version = "0.20.12"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "6576b311f6df659397043a5fa8a021da8f72e34af180b44f7d57348de691ab5c"

+dependencies = [

+ "gio",

+ "glib",

+ "libc",

+ "pango-sys",

+]

+

+[[package]]

+name = "pango-sys"

+version = "0.20.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "186909673fc09be354555c302c0b3dcf753cd9fa08dcb8077fa663c80fb243fa"

+dependencies = [

+ "glib-sys",

+ "gobject-sys",

+ "libc",

+ "system-deps",

+]

+

+[[package]]

+name = "pangocairo"

+version = "0.20.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "58890dc451db9964ac2d8874f903a4370a4b3932aa5281ff0c8d9810937ad84f"

+dependencies = [

+ "cairo-rs",

+ "glib",

+ "libc",

+ "pango",

+ "pangocairo-sys",

+]

+

+[[package]]

+name = "pangocairo-sys"

+version = "0.20.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "b9952903f88aa93e2927e7bca2d1ebae64fc26545a9280b4ce6bddeda26b5c42"

+dependencies = [

+ "cairo-sys-rs",

+ "glib-sys",

+ "libc",

+ "pango-sys",

+ "system-deps",

+]

+

+[[package]]

+name = "pkg-config"

+version = "0.3.32"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"

+

+ "thiserror 1.0.69",

+[[package]]

+name = "serde_spanned"

+version = "1.0.4"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776"

+dependencies = [

+ "serde_core",

+]

+

+[[package]]

+name = "system-deps"

+version = "7.0.7"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "48c8f33736f986f16d69b6cb8b03f55ddcad5c41acc4ccc39dd88e84aa805e7f"

+dependencies = [

+ "cfg-expr",

+ "heck",

+ "pkg-config",

+ "toml 0.9.12+spec-1.1.0",

+ "version-compare",

+]

+

+[[package]]

+name = "target-lexicon"

+version = "0.13.3"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "df7f62577c25e07834649fc3b39fafdc597c0a3527dc1c60129201ccfcbaa50c"

+

+ "thiserror-impl 1.0.69",

+]

+

+[[package]]

+name = "thiserror"

+version = "2.0.18"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"

+dependencies = [

+ "thiserror-impl 2.0.18",

+[[package]]

+name = "thiserror-impl"

+version = "2.0.18"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"

+dependencies = [

+ "proc-macro2",

+ "quote",

+ "syn",

+]

+

+ "serde_spanned 0.6.9",

+[[package]]

+name = "toml"

+version = "0.9.12+spec-1.1.0"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "cf92845e79fc2e2def6a5d828f0801e29a2f8acc037becc5ab08595c7d5e9863"

+dependencies = [

+ "indexmap",

+ "serde_core",

+ "serde_spanned 1.0.4",

+ "toml_datetime 0.7.5+spec-1.1.0",

+ "toml_parser",

+ "toml_writer",

+ "winnow",

+]

+

+ "serde_spanned 0.6.9",

+[[package]]

+name = "toml_writer"

+version = "1.0.6+spec-1.1.0"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607"

+

+[[package]]

+name = "version-compare"

+version = "0.2.1"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "03c2856837ef78f57382f06b2b8563a2f512f7185d732608fd9176cb3b8edf0e"

+

+[[package]]

+name = "x11rb"

+version = "0.13.2"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "9993aa5be5a26815fe2c3eacfc1fde061fc1a1f094bf1ad2a18bf9c495dd7414"

+dependencies = [

+ "gethostname",

+ "rustix",

+ "x11rb-protocol",

+ "xcursor",

+]

+

+[[package]]

+name = "x11rb-protocol"

+version = "0.13.2"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "ea6fc2961e4ef194dcbfe56bb845534d0dc8098940c7e5c012a258bfec6701bd"

+

+[[package]]

+name = "xcursor"

+version = "0.3.10"

+source = "registry+https://github.com/rust-lang/crates.io-index"

+checksum = "bec9e4a500ca8864c5b47b8b482a73d62e4237670e5b5f1d6b9e3cae50f28f2b"

+

+gartk-core = { path = "../gartk/gartk-core" }

+gartk-render = { path = "../gartk/gartk-render" }

+gartk-x11 = { path = "../gartk/gartk-x11" }

+x11rb = { version = "0.13", features = ["randr"] }

+3. `cargo run -p garcard -- prompt --mode secret --message "Validation prompt"`

+9. `GARCARD_PROMPT_TIMEOUT_SECS`

+`GARCARD_PROMPT_COMMAND` is optional. If unset, `garcard` runs the built-in

+`garcard prompt` gartk dialog path and falls back to `systemd-ask-password`

+when the X11 prompt backend is unavailable.

+gartk-core.workspace = true

+gartk-render.workspace = true

+gartk-x11.workspace = true

+x11rb.workspace = true

+            HelperOutcome::Timeout => AuthPhase::Timeout,

+mod prompt_ui;

+use clap::{Parser, Subcommand, ValueEnum};

+    /// Run interactive auth prompt mode (used internally by daemon)

+    Prompt(PromptArgs),

+}

+

+#[derive(Parser, Debug)]

+struct PromptArgs {

+    /// Prompt message to display

+    #[arg(long)]

+    message: String,

+    /// Input mode

+    #[arg(long, value_enum, default_value_t = PromptModeArg::Secret)]

+    mode: PromptModeArg,

+    /// Prompt timeout in seconds

+    #[arg(long, default_value_t = 120)]

+    timeout_secs: u64,

+}

+

+#[derive(Debug, Clone, Copy, ValueEnum)]

+enum PromptModeArg {

+    Secret,

+    Plain,

+        Commands::Prompt(args) => {

+            let request = prompt_ui::PromptRequest {

+                message: args.message,

+                mode: match args.mode {

+                    PromptModeArg::Secret => prompt_ui::PromptMode::Secret,

+                    PromptModeArg::Plain => prompt_ui::PromptMode::Plain,

+                },

+                timeout_secs: args.timeout_secs,

+            };

+

+            let outcome = match prompt_ui::run_prompt_dialog(request) {

+                Ok(outcome) => outcome,

+                Err(err) => {

+                    eprintln!("garcard prompt backend unavailable: {}", err);

+                    std::process::exit(2);

+                }

+            };

+

+            match outcome {

+                prompt_ui::PromptExit::Submitted(value) => {

+                    println!("{}", value);

+                    Ok(())

+                }

+                prompt_ui::PromptExit::Canceled => {

+                    std::process::exit(1);

+                }

+                prompt_ui::PromptExit::TimedOut => {

+                    std::process::exit(124);

+                }

+            }

+        }

+    Timeout,

+#[derive(Debug, Clone, PartialEq, Eq)]

+pub enum PromptResponse {

+    Submitted(String),

+    Canceled,

+    TimedOut,

+}

+

+    fn prompt_secret(&mut self, prompt: &str) -> Result<PromptResponse>;

+    fn prompt_plain(&mut self, prompt: &str) -> Result<PromptResponse>;

+                        PromptResponse::Submitted(response) => {

+                            write_line(&mut stream, &sanitize_response(&response))

+                                .context("failed to send helper secret response")?

+                        }

+                        PromptResponse::Canceled => return Ok(HelperOutcome::Canceled),

+                        PromptResponse::TimedOut => return Ok(HelperOutcome::Timeout),

+                        PromptResponse::Submitted(response) => {

+                            write_line(&mut stream, &sanitize_response(&response))

+                                .context("failed to send helper visible response")?

+                        }

+                        PromptResponse::Canceled => return Ok(HelperOutcome::Canceled),

+                        PromptResponse::TimedOut => return Ok(HelperOutcome::Timeout),

+        secret_response: PromptResponse,

+        plain_response: PromptResponse,

+    impl Default for FakePrompt {

+        fn default() -> Self {

+            Self {

+                secret_response: PromptResponse::Canceled,

+                plain_response: PromptResponse::Canceled,

+                infos: Vec::new(),

+                errors: Vec::new(),

+            }

+        }

+    }

+

+        fn prompt_secret(&mut self, _prompt: &str) -> Result<PromptResponse> {

+        fn prompt_plain(&mut self, _prompt: &str) -> Result<PromptResponse> {

+            secret_response: PromptResponse::Submitted("correct horse".to_string()),

+            plain_response: PromptResponse::Canceled,

+

+    #[test]

+    fn helper_client_reports_timeout_from_prompt_provider() {

+        let socket_path = temp_socket_path();

+        let listener = UnixListener::bind(&socket_path).expect("bind test socket");

+

+        let server = thread::spawn(move || {

+            let (mut stream, _) = listener.accept().expect("accept");

+            let read_stream = stream.try_clone().expect("clone");

+            let mut reader = BufReader::new(read_stream);

+

+            let mut username = String::new();

+            reader.read_line(&mut username).expect("read username");

+            let mut cookie = String::new();

+            reader.read_line(&mut cookie).expect("read cookie");

+

+            stream

+                .write_all(b"PAM_PROMPT_ECHO_OFF Password:\n")

+                .expect("write prompt");

+            stream.flush().expect("flush prompt");

+        });

+

+        let client = HelperSocketClient::new(&socket_path);

+        let mut prompts = FakePrompt {

+            secret_response: PromptResponse::TimedOut,

+            plain_response: PromptResponse::Canceled,

+            infos: Vec::new(),

+            errors: Vec::new(),

+        };

+

+        let outcome = client

+            .authenticate("alice", "cookie-timeout", &mut prompts)

+            .expect("authenticate timeout");

+        assert_eq!(outcome, HelperOutcome::Timeout);

+

+        server.join().expect("server join");

+        let _ = std::fs::remove_file(&socket_path);

+    }

+use crate::polkit_helper::{PromptProvider, PromptResponse};

+use std::process::{Command, ExitStatus};

+    prompt_timeout_secs: u64,

+        let prompt_timeout_secs = std::env::var("GARCARD_PROMPT_TIMEOUT_SECS")

+            .ok()

+            .and_then(|raw| raw.parse::<u64>().ok())

+            .filter(|value| *value > 0)

+            .unwrap_or(DEFAULT_ASK_TIMEOUT_SECS);

+

+            prompt_timeout_secs,

+    fn run_prompt(&self, prompt: &str, visible: bool) -> Result<PromptResponse> {

+        match run_gartk_prompt_subcommand(prompt, visible, self.prompt_timeout_secs) {

+            Ok(response) => Ok(response),

+            Err(err) => {

+                tracing::warn!(

+                    error = %err,

+                    "Failed to run built-in gartk prompt; falling back to systemd-ask-password"

+                );

+                run_systemd_ask_password(prompt, visible, self.prompt_timeout_secs)

+            }

+        }

+    fn prompt_secret(&mut self, prompt: &str) -> Result<PromptResponse> {

+    fn prompt_plain(&mut self, prompt: &str) -> Result<PromptResponse> {

+fn run_custom_prompt_command(command: &str, prompt: &str, visible: bool) -> Result<PromptResponse> {

+    Ok(map_output_to_prompt_response(

+        &output.status,

+        &output.stdout,

+    ))

+}

+

+fn run_gartk_prompt_subcommand(

+    prompt: &str,

+    visible: bool,

+    timeout_secs: u64,

+) -> Result<PromptResponse> {

+    let mode = if visible { "plain" } else { "secret" };

+    let executable =

+        std::env::current_exe().context("failed to resolve current executable path")?;

+    let output = Command::new(executable)

+        .arg("prompt")

+        .arg("--mode")

+        .arg(mode)

+        .arg("--message")

+        .arg(prompt)

+        .arg("--timeout-secs")

+        .arg(timeout_secs.to_string())

+        .output()

+        .context("failed to launch garcard prompt subcommand")?;

+

+    if output.status.code() == Some(2) {

+        let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();

+        anyhow::bail!("garcard prompt subcommand unavailable: {}", stderr);

+    Ok(map_output_to_prompt_response(

+        &output.status,

+        &output.stdout,

+    ))

+fn run_systemd_ask_password(

+    prompt: &str,

+    visible: bool,

+    timeout_secs: u64,

+) -> Result<PromptResponse> {

+    command.arg(format!("--timeout={}", timeout_secs));

+    Ok(map_output_to_prompt_response(

+        &output.status,

+        &output.stdout,

+    ))

+}

+

+fn map_output_to_prompt_response(status: &ExitStatus, stdout: &[u8]) -> PromptResponse {

+    if status.success() {

+        return extract_response(stdout)

+            .map(PromptResponse::Submitted)

+            .unwrap_or(PromptResponse::Canceled);

+    if status.code() == Some(124) {

+        PromptResponse::TimedOut

+    } else {

+        PromptResponse::Canceled

+    }

+

+    #[test]

+    fn map_output_maps_timeout_status_code() {

+        let status = Command::new("sh")

+            .arg("-c")

+            .arg("exit 124")

+            .status()

+            .expect("run shell");

+        let mapped = map_output_to_prompt_response(&status, b"");

+        assert_eq!(mapped, PromptResponse::TimedOut);

+    }

+use anyhow::{Context, Result};

+use gartk_core::{Color, InputEvent, Key, KeyEvent, Rect, Theme};

+use gartk_render::{Renderer, TextStyle, copy_surface_to_window};

+use gartk_x11::{

+    Connection, EventLoop, EventLoopConfig, Window, WindowConfig, monitor_at_pointer,

+    primary_monitor,

+};

+use std::time::{Duration, Instant};

+use x11rb::protocol::xproto::ConnectionExt;

+

+const DIALOG_WIDTH: u32 = 560;

+const DIALOG_HEIGHT: u32 = 240;

+const CARD_PADDING: i32 = 18;

+

+#[derive(Debug, Clone, Copy, PartialEq, Eq)]

+pub enum PromptMode {

+    Secret,

+    Plain,

+}

+

+#[derive(Debug, Clone)]

+pub struct PromptRequest {

+    pub message: String,

+    pub mode: PromptMode,

+    pub timeout_secs: u64,

+}

+

+#[derive(Debug, Clone, PartialEq, Eq)]

+pub enum PromptExit {

+    Submitted(String),

+    Canceled,

+    TimedOut,

+}

+

+struct PromptDialog {

+    window: Window,

+    renderer: Renderer,

+    gc: u32,

+    request: PromptRequest,

+    input: String,

+    cursor: usize,

+    exit: Option<PromptExit>,

+    deadline: Option<Instant>,

+    remaining_secs: Option<u64>,

+    card_background: Color,

+    card_border: Color,

+    accent: Color,

+}

+

+pub fn run_prompt_dialog(request: PromptRequest) -> Result<PromptExit> {

+    let conn = Connection::connect(None).context("failed to connect to X11 display")?;

+    let (x, y) = centered_position(&conn, DIALOG_WIDTH, DIALOG_HEIGHT);

+    let window = Window::create(

+        conn.clone(),

+        WindowConfig::dialog()

+            .title("garcard authentication")

+            .class("garcard")

+            .position(x, y)

+            .size(DIALOG_WIDTH, DIALOG_HEIGHT)

+            .transparent(true)

+            .modal(true),

+    )

+    .context("failed to create prompt window")?;

+    window.focus().context("failed to focus prompt window")?;

+

+    let mut dialog = PromptDialog::new(window, request)?;

+    dialog.run()

+}

+

+fn centered_position(conn: &Connection, width: u32, height: u32) -> (i32, i32) {

+    let monitor = monitor_at_pointer(conn)

+        .or_else(|_| primary_monitor(conn))

+        .ok();

+    if let Some(monitor) = monitor {

+        let x = monitor.rect.x + (monitor.rect.width as i32 - width as i32) / 2;

+        let y = monitor.rect.y + (monitor.rect.height as i32 - height as i32) / 3;

+        return (x, y);

+    }

+

+    (

+        (conn.screen_width() as i32 - width as i32) / 2,

+        (conn.screen_height() as i32 - height as i32) / 3,

+    )

+}

+

+impl PromptDialog {

+    fn new(window: Window, request: PromptRequest) -> Result<Self> {

+        let mut theme = Theme::dark();

+        theme.font_family = "Sans".to_string();

+        theme.font_size = 14.0;

+        let card_background = Color::from_hex("#111318").expect("valid card color");

+        let card_border = Color::from_hex("#2c3442").expect("valid border color");

+        let accent = Color::from_hex("#8ab4f8").expect("valid accent color");

+        let size = window.size();

+        let renderer = Renderer::with_theme(size.width, size.height, theme)?;

+

+        let conn = window.connection();

+        let gc = conn.generate_id()?;

+        conn.inner()

+            .create_gc(gc, window.id(), &Default::default())?;

+        conn.flush()?;

+

+        let deadline = if request.timeout_secs > 0 {

+            Some(Instant::now() + Duration::from_secs(request.timeout_secs))

+        } else {

+            None

+        };

+

+        Ok(Self {

+            window,

+            renderer,

+            gc,

+            request,

+            input: String::new(),

+            cursor: 0,

+            exit: None,

+            deadline,

+            remaining_secs: None,

+            card_background,

+            card_border,

+            accent,

+        })

+    }

+

+    fn run(&mut self) -> Result<PromptExit> {

+        let mut event_loop = EventLoop::new(&self.window, EventLoopConfig::default())?;

+        self.refresh_timeout();

+        self.render()?;

+

+        event_loop.run(|ev, event| {

+            match event {

+                InputEvent::Key(key_event) if key_event.pressed => {

+                    self.handle_key(&key_event);

+                    ev.request_redraw();

+                }

+                InputEvent::Resize { width, height } => {

+                    if let Err(err) = self.renderer.resize(width, height) {

+                        tracing::error!(error = %err, "failed to resize prompt renderer");

+                        self.exit = Some(PromptExit::Canceled);

+                    }

+                    ev.request_redraw();

+                }

+                InputEvent::Expose => {

+                    ev.request_redraw();

+                }

+                InputEvent::CloseRequested => {

+                    self.exit = Some(PromptExit::Canceled);

+                }

+                InputEvent::Idle => {

+                    if self.refresh_timeout() {

+                        ev.request_redraw();

+                    }

+                }

+                _ => {}

+            }

+

+            if ev.needs_redraw() {

+                let _ = self.render();

+                ev.redraw_done();

+            }

+

+            Ok(self.exit.is_none())

+        })?;

+

+        Ok(self.exit.take().unwrap_or(PromptExit::Canceled))

+    }

+

+    fn refresh_timeout(&mut self) -> bool {

+        let Some(deadline) = self.deadline else {

+            return false;

+        };

+

+        let now = Instant::now();

+        if now >= deadline {

+            self.exit = Some(PromptExit::TimedOut);

+            return true;

+        }

+

+        let remaining = deadline.duration_since(now).as_secs();

+        if self.remaining_secs != Some(remaining) {

+            self.remaining_secs = Some(remaining);

+            return true;

+        }

+

+        false

+    }

+

+    fn handle_key(&mut self, key_event: &KeyEvent) {

+        match key_event.key {

+            Key::Escape => {

+                self.exit = Some(PromptExit::Canceled);

+            }

+            Key::Return => {

+                self.exit = Some(PromptExit::Submitted(self.input.clone()));

+            }

+            Key::Left => {

+                if self.cursor > 0 {

+                    self.cursor -= 1;

+                }

+            }

+            Key::Right => {

+                if self.cursor < self.input.chars().count() {

+                    self.cursor += 1;

+                }

+            }

+            Key::Home => {

+                self.cursor = 0;

+            }

+            Key::End => {

+                self.cursor = self.input.chars().count();

+            }

+            Key::Backspace => {

+                remove_char_before(&mut self.input, &mut self.cursor);

+            }

+            Key::Delete => {

+                remove_char_at(&mut self.input, self.cursor);

+            }

+            Key::Space => {

+                if key_event.modifiers.is_empty() || key_event.modifiers.shift {

+                    insert_char_at(&mut self.input, self.cursor, ' ');

+                    self.cursor += 1;

+                }

+            }

+            Key::Char(ch) => {

+                if ch.is_control() {

+                    return;

+                }

+                if key_event.modifiers.ctrl

+                    || key_event.modifiers.alt

+                    || key_event.modifiers.super_key

+                {

+                    return;

+                }

+                insert_char_at(&mut self.input, self.cursor, ch);

+                self.cursor += 1;

+            }

+            _ => {}

+        }

+    }

+

+    fn render(&mut self) -> Result<()> {

+        let size = self.renderer.size();

+        let width = size.width as i32;

+        let height = size.height as i32;

+        let theme = self.renderer.theme().clone();

+

+        self.renderer

+            .clear_color(Color::from_hex("#0a0b10").expect("valid backdrop color"))?;

+

+        let card_rect = Rect::new(

+            CARD_PADDING,

+            CARD_PADDING,

+            (width - CARD_PADDING * 2) as u32,

+            (height - CARD_PADDING * 2) as u32,

+        );

+        self.renderer

+            .fill_rounded_rect(card_rect, 12.0, self.card_background)?;

+        self.renderer

+            .stroke_rounded_rect(card_rect, 12.0, self.card_border, 2.0)?;

+

+        let title_style = TextStyle::new()

+            .font_family(theme.font_family.clone())

+            .font_size(18.0)

+            .color(theme.foreground);

+        self.renderer.text(

+            "Authentication Required",

+            (CARD_PADDING + 16) as f64,

+            (CARD_PADDING + 14) as f64,

+            &title_style,

+        )?;

+

+        let message_style = TextStyle::new()

+            .font_family(theme.font_family.clone())

+            .font_size(13.0)

+            .color(theme.item_description)

+            .max_width(card_rect.width as i32 - 32)

+            .wrap(true)

+            .ellipsize(true);

+        self.renderer.text(

+            &self.request.message,

+            (CARD_PADDING + 16) as f64,

+            (CARD_PADDING + 46) as f64,

+            &message_style,

+        )?;

+

+        let input_label = match self.request.mode {

+            PromptMode::Secret => "Password",

+            PromptMode::Plain => "Response",

+        };

+        let label_style = TextStyle::new()

+            .font_family(theme.font_family.clone())

+            .font_size(12.0)

+            .color(theme.input_placeholder);

+        self.renderer.text(

+            input_label,

+            (CARD_PADDING + 16) as f64,

+            (CARD_PADDING + 108) as f64,

+            &label_style,

+        )?;

+

+        let input_rect = Rect::new(

+            CARD_PADDING + 16,

+            CARD_PADDING + 126,

+            (width - (CARD_PADDING + 16) * 2) as u32,

+            40,

+        );

+        self.renderer

+            .fill_rounded_rect(input_rect, 8.0, theme.input_background)?;

+        self.renderer

+            .stroke_rounded_rect(input_rect, 8.0, self.accent.with_alpha(0.7), 1.5)?;

+

+        let display_input = display_value(&self.input, self.request.mode);

+        let input_style = TextStyle::new()

+            .font_family(theme.font_family.clone())

+            .font_size(14.0)

+            .color(theme.input_foreground);

+        let input_y = input_rect.y + 12;

+        let input_x = input_rect.x + 10;

+        self.renderer

+            .text(&display_input, input_x as f64, input_y as f64, &input_style)?;

+

+        let cursor_prefix = display_prefix(&self.input, self.cursor, self.request.mode);

+        let cursor_size = self.renderer.measure_text(&cursor_prefix, &input_style)?;

+        let cursor_x = input_x + cursor_size.width as i32;

+        self.renderer.fill_rect(

+            Rect::new(cursor_x, input_rect.y + 8, 2, input_rect.height - 16),

+            self.accent,

+        )?;

+

+        let footer_style = TextStyle::new()

+            .font_family(theme.font_family)

+            .font_size(12.0)

+            .color(theme.item_description);

+        self.renderer.text(

+            "Enter submit   Esc cancel",

+            (CARD_PADDING + 16) as f64,

+            (height - CARD_PADDING - 26) as f64,

+            &footer_style,

+        )?;

+

+        if let Some(remaining) = self.remaining_secs {

+            let timer_text = format!("timeout {}s", remaining);

+            let timer_style = TextStyle::new()

+                .font_family("Sans")

+                .font_size(12.0)

+                .color(self.accent);

+            let timer_size = self.renderer.measure_text(&timer_text, &timer_style)?;

+            self.renderer.text(

+                &timer_text,

+                (width - CARD_PADDING - timer_size.width as i32 - 16) as f64,

+                (height - CARD_PADDING - 26) as f64,

+                &timer_style,

+            )?;

+        }

+

+        self.renderer.flush();

+        copy_surface_to_window(self.renderer.surface_mut(), &self.window, self.gc, 0, 0)?;

+        Ok(())

+    }

+}

+

+impl Drop for PromptDialog {

+    fn drop(&mut self) {

+        let _ = self.window.connection().inner().free_gc(self.gc);

+    }

+}

+

+fn display_value(input: &str, mode: PromptMode) -> String {

+    match mode {

+        PromptMode::Secret => "*".repeat(input.chars().count()),

+        PromptMode::Plain => input.to_string(),

+    }

+}

+

+fn display_prefix(input: &str, cursor: usize, mode: PromptMode) -> String {

+    let prefix = prefix_chars(input, cursor);

+    match mode {

+        PromptMode::Secret => "*".repeat(prefix.chars().count()),

+        PromptMode::Plain => prefix,

+    }

+}

+

+fn prefix_chars(input: &str, char_count: usize) -> String {

+    input.chars().take(char_count).collect()

+}

+

+fn char_to_byte_index(input: &str, char_index: usize) -> usize {

+    input

+        .char_indices()

+        .nth(char_index)

+        .map(|(byte, _)| byte)

+        .unwrap_or_else(|| input.len())

+}

+

+fn insert_char_at(input: &mut String, char_index: usize, value: char) {

+    let byte_index = char_to_byte_index(input, char_index);

+    input.insert(byte_index, value);

+}

+

+fn remove_char_before(input: &mut String, cursor: &mut usize) {

+    if *cursor == 0 {

+        return;

+    }

+

+    let end = char_to_byte_index(input, *cursor);

+    let start = char_to_byte_index(input, *cursor - 1);

+    input.drain(start..end);

+    *cursor -= 1;

+}

+

+fn remove_char_at(input: &mut String, cursor: usize) {

+    if cursor >= input.chars().count() {

+        return;

+    }

+

+    let start = char_to_byte_index(input, cursor);

+    let end = char_to_byte_index(input, cursor + 1);

+    input.drain(start..end);

+}

+

+#[cfg(test)]

+mod tests {

+    use super::*;

+

+    #[test]

+    fn display_value_masks_secret_text() {

+        assert_eq!(display_value("secret", PromptMode::Secret), "******");

+        assert_eq!(display_value("plain", PromptMode::Plain), "plain");

+    }

+

+    #[test]

+    fn insert_and_remove_respect_char_positions() {

+        let mut value = String::from("abcd");

+        insert_char_at(&mut value, 2, 'X');

+        assert_eq!(value, "abXcd");

+

+        let mut cursor = 3;

+        remove_char_before(&mut value, &mut cursor);

+        assert_eq!(value, "abcd");

+        assert_eq!(cursor, 2);

+

+        remove_char_at(&mut value, 1);

+        assert_eq!(value, "acd");

+    }

+

+    #[test]

+    fn display_prefix_uses_cursor_and_mode() {

+        assert_eq!(display_prefix("hello", 2, PromptMode::Plain), "he");

+        assert_eq!(display_prefix("hello", 2, PromptMode::Secret), "**");

+    }

+}

+#[allow(dead_code)]

+    #[allow(dead_code)]

+    #[allow(dead_code)]

+    #[cfg(test)]