diff --git a/README b/README index cd8950e..b32ce86 100644 --- a/README +++ b/README @@ -131,11 +131,12 @@ great for saving power. Security -------- + At the moment only one widget type (Gmail) requires auth. information in order to get to the data. In the future there could be more, and you should give some thought to the issue of protecting your data. The -Gmail widget type by default stores login information in the module it -self, and you are advised to make sure that file is only readable by +Gmail widget type by default stores login information in the ~/.netrc +file, and you are advised to make sure that file is only readable by the owner. Other than that we can not force all users to conform to one standard, one way of keeping it secure, like in some keyring. @@ -152,11 +153,9 @@ be done with tools like "dbus-send" and "qdbus". The Gnome keyring should support the same, so those with parts of Gnome installed could use that keyring. -Some users move their login into an external file and read it from -there. Not much different than keeping it in the module, but what if -you encrypt the file with your GPG key? Users of the GPG Passphrase -Agent could decrypt the file transparently while their session is -active. +Users of GnuPG (and its agent) could consider encrypting the netrc +file with their GPG key. Trough the GPG Passphrase Agent they could +then decrypt the file transparently while their session is active. Widget types @@ -271,6 +270,8 @@ vicious.widgets.gmail - takes an (optional) argument, if it's a number subject will be truncated, if a table, with 1st field as maximum lenght and 2nd the widget name (i.e. "gmailwidget"), scrolling will be used + - keeps login information in the ~/.netrc file, example: + machine mail.google.com login user password pass - returns a table with string keys: {count} and {subject} vicious.widgets.entropy diff --git a/gmail.lua b/gmail.lua index da086c7..b4bd081 100644 --- a/gmail.lua +++ b/gmail.lua @@ -8,8 +8,11 @@ local type = type local tonumber = tonumber local io = { popen = io.popen } local setmetatable = setmetatable -local string = { match = string.match } local helpers = require("vicious.helpers") +local string = { + find = string.find, + match = string.match +} -- }}} @@ -21,37 +24,32 @@ module("vicious.gmail") local rss = { inbox = { "https://mail.google.com/mail/feed/atom", - "Gmail - Inbox for " + "Gmail %- Inbox" }, unread = { "https://mail.google.com/mail/feed/atom/unread", - "Gmail - Label 'unread' for " + "Gmail %- Label" }, --labelname = { -- "https://mail.google.com/mail/feed/atom/labelname", - -- "Gmail - Label 'labelname' for " + -- "Gmail %- Label" --}, } --- Todo: safer storage, maybe hook into Kwallet -local cfg = { - user = "", -- user@gmail.com - pass = "", -- users password - feed = rss.unread -- default is all unread -} +-- Default is all unread +local feed = rss.unread -- }}} -- {{{ Gmail widget type local function worker(format, warg) - local auth = cfg.user ..":".. cfg.pass local mail = { ["{count}"] = 0, ["{subject}"] = "N/A" } -- Get info from the Gmail atom feed - local f = io.popen("curl --connect-timeout 1 -m 3 -fsu '"..auth.."' "..cfg.feed[1]) + local f = io.popen("curl --connect-timeout 1 -m 3 -fsn " .. feed[1]) -- Could be huge don't read it all at once, info we are after is at the top for line in f:lines() do @@ -61,7 +59,7 @@ local function worker(format, warg) -- Find subject tags local title = string.match(line, "(.*)") -- If the subject changed then break out of the loop - if title ~= nil and title ~= cfg.feed[2] .. cfg.user then + if title ~= nil and not string.find(title, feed[2]) then -- Check if we should scroll, or maybe truncate if warg then if type(warg) == "table" then