fix: address code review — credential injection, Pro gate, decrypt race, passphrase handling

datlechin · datlechin · commit af2603699857 · 2026-03-27T18:14:19.000+07:00
diff --git a/TablePro/Core/Services/Export/ConnectionExportService.swift b/TablePro/Core/Services/Export/ConnectionExportService.swift
@@ -350,8 +350,8 @@ enum ConnectionExportService {
         let decryptedData: Data
         do {
             decryptedData = try ConnectionExportCrypto.decrypt(data: data, passphrase: passphrase)
-        } catch let error as ConnectionExportCryptoError {
-            throw ConnectionExportError.decryptionFailed(error.localizedDescription ?? "Unknown error")
+        } catch {
+            throw ConnectionExportError.decryptionFailed(error.localizedDescription)
         }
         return try decodeData(decryptedData)
     }
@@ -528,7 +528,7 @@ enum ConnectionExportService {
 
         for item in preview.items {
             let resolution = resolutions[item.id] ?? .skip
-            let envelopeIndex = itemIndexMap[item.id] ?? 0
+            guard let envelopeIndex = itemIndexMap[item.id] else { continue }
 
             switch resolution {
             case .skip:
diff --git a/TablePro/Views/Connection/ConnectionExportOptionsSheet.swift b/TablePro/Views/Connection/ConnectionExportOptionsSheet.swift
@@ -22,7 +22,7 @@ struct ConnectionExportOptionsSheet: View {
 
     private var canExport: Bool {
         if includeCredentials {
-            return passphrase.count >= 8 && passphrase == confirmPassphrase
+            return (passphrase as NSString).length >= 8 && passphrase == confirmPassphrase
         }
         return true
     }
@@ -86,28 +86,34 @@ struct ConnectionExportOptionsSheet: View {
     }
 
     private func performExport() {
+        let shouldEncrypt = includeCredentials && isProAvailable
+        let capturedPassphrase = passphrase
+        let capturedConnections = connections
+
+        // Zero passphrase state before dismissing
+        passphrase = ""
+        confirmPassphrase = ""
         dismiss()
 
-        // Delay slightly to let sheet dismiss before showing NSSavePanel
         DispatchQueue.main.asyncAfter(deadline: .now() + 0.2) {
             let panel = NSSavePanel()
             panel.allowedContentTypes = [.tableproConnectionShare]
-            let defaultName = connections.count == 1
-                ? "\(connections[0].name).tablepro"
+            let defaultName = capturedConnections.count == 1
+                ? "\(capturedConnections[0].name).tablepro"
                 : "Connections.tablepro"
             panel.nameFieldStringValue = defaultName
             panel.canCreateDirectories = true
             guard panel.runModal() == .OK, let url = panel.url else { return }
 
             do {
-                if includeCredentials {
+                if shouldEncrypt {
                     try ConnectionExportService.exportConnectionsEncrypted(
-                        connections,
+                        capturedConnections,
                         to: url,
-                        passphrase: passphrase
+                        passphrase: capturedPassphrase
                     )
                 } else {
-                    try ConnectionExportService.exportConnections(connections, to: url)
+                    try ConnectionExportService.exportConnections(capturedConnections, to: url)
                 }
             } catch {
                 AlertHelper.showErrorSheet(
diff --git a/TablePro/Views/Connection/ConnectionImportSheet.swift b/TablePro/Views/Connection/ConnectionImportSheet.swift
@@ -20,6 +20,8 @@ struct ConnectionImportSheet: View {
     @State private var encryptedData: Data?
     @State private var passphrase = ""
     @State private var passphraseError: String?
+    @State private var isDecrypting = false
+    @State private var wasEncryptedImport = false
 
     var body: some View {
         VStack(spacing: 0) {
@@ -246,7 +248,7 @@ struct ConnectionImportSheet: View {
                 Button(String(localized: "Decrypt")) { decryptFile() }
                     .buttonStyle(.borderedProminent)
                     .keyboardShortcut(.defaultAction)
-                    .disabled(passphrase.isEmpty)
+                    .disabled(passphrase.isEmpty || isDecrypting)
             }
             .padding(12)
         }
@@ -311,8 +313,9 @@ struct ConnectionImportSheet: View {
     }
 
     private func decryptFile() {
-        guard let data = encryptedData else { return }
+        guard let data = encryptedData, !isDecrypting else { return }
         let currentPassphrase = passphrase
+        isDecrypting = true
 
         Task.detached(priority: .userInitiated) {
             do {
@@ -321,13 +324,16 @@ struct ConnectionImportSheet: View {
                 await MainActor.run {
                     passphraseError = nil
                     encryptedData = nil
+                    wasEncryptedImport = true
                     preview = result
                     selectReadyItems(result)
+                    isDecrypting = false
                 }
             } catch {
                 await MainActor.run {
                     passphraseError = error.localizedDescription
                     passphrase = ""
+                    isDecrypting = false
                 }
             }
         }
@@ -361,8 +367,8 @@ struct ConnectionImportSheet: View {
 
         let result = ConnectionExportService.performImport(preview, resolutions: resolutions)
 
-        // Restore credentials if this was an encrypted import
-        if let envelope = preview.envelope.credentials, !envelope.isEmpty {
+        // Only restore credentials from verified encrypted imports (not plaintext files)
+        if wasEncryptedImport, preview.envelope.credentials != nil {
             ConnectionExportService.restoreCredentials(
                 from: preview.envelope,
                 connectionIdMap: result.connectionIdMap
