commit 1b5aca4447239c625c6c73ae3ee783e4e37b2978
parent 6ce588675cbbf11a8c137fcf7b711076f56cae5f
Author: triesap <tyson@radroots.org>
Date: Sat, 21 Mar 2026 18:53:09 +0000
ios: require auth before revealing recovery key
- require native Apple user authentication before the ios backup action reveals the current nsec
- reuse the shared Apple user-presence bridge instead of adding an ios-only security path
- keep the recovery-key reason string aligned with the cleaned desktop prompt wording
- preserve deterministic non-ios crate tests by bypassing the auth gate off target
Diffstat:
1 file changed, 14 insertions(+), 0 deletions(-)
diff --git a/crates/ios/src/lib.rs b/crates/ios/src/lib.rs
@@ -2,6 +2,8 @@
#[cfg(target_os = "ios")]
use eframe::egui::ViewportBuilder;
+#[cfg(target_os = "ios")]
+use radroots_app_apple_security::verify_user_presence;
#[cfg(any(target_os = "ios", test))]
use radroots_app_core::IdentityGateState;
#[cfg(target_os = "ios")]
@@ -81,6 +83,8 @@ impl IosBackend {
fn export_selected_local_recovery_key(
manager: &RadrootsNostrAccountsManager,
) -> Result<String, String> {
+ Self::authorize_recovery_key_export()?;
+
let Some(account_id) = manager
.selected_account_id()
.map_err(|source| source.to_string())?
@@ -101,6 +105,16 @@ impl IosBackend {
Ok(identity.nsec())
}
+ #[cfg(target_os = "ios")]
+ fn authorize_recovery_key_export() -> Result<(), String> {
+ verify_user_presence("reveal the current recovery key").map_err(|source| source.to_string())
+ }
+
+ #[cfg(not(target_os = "ios"))]
+ fn authorize_recovery_key_export() -> Result<(), String> {
+ Ok(())
+ }
+
fn remove_all_local_identities(
manager: &RadrootsNostrAccountsManager,
) -> Result<IdentityGateState, String> {
