feat: lock device only after 10s of inactivity

Author: dineshdb

Cargo.lock

@@ -4,12 +4,15 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-anyhow = "1.0.95"
+anyhow = "1.0.96"
 bluer = { version = "0.17.3", features = ["full"] }
 clap = { version = "4.5.30", features = ["derive"] }
 dirs = "6.0.0"
 env_logger = "0.11.6"
 figment = { version = "0.10", features = ["toml", "env"] }
 futures = "0.3.31"
-serde = "1.0.217"
+log = "0.4.26"
+serde = "1.0.218"
 tokio = { version = "1.43.0", features = ["full"] }
+zbus = "5.5.0"
+zbus_systemd = { version = "0.25701.0", features = ["login1"] }

Cargo.toml

@@ -15,11 +15,13 @@ security risk to unlock a device when a device is near. Locking it is fine since
 that's not a security risk. Paired device and better security approach to
 unlocking will be explored in the future.
 
-## Roadmap
+## Roadmap and Changelog
 
 - [ ] Secure unlocking of devices
 - [ ] System Tray for Quick Access
-- [ ] Detect user activity before locking the device
+- [x] Lock device when you're away and after 10 seconds of inactivity. This is
+      to prevent accidental lockinng when your device fails to send its signal
+- [x] Add a `keep-unlocked` option for more secure replacement for `unlock`
 
 ## LICENSE
 

README.md

@@ -8,3 +8,13 @@ actions = [
 	{ type = "away", threshold=2.0, command = "lock"},
 	{ type = "nearby", threshold=1.0, command = "unlock"},
 ]
+
+[[connection]]
+name = "My Phone"
+type = "ble"
+mac = "AA:BB:CC:DD:EE:FF"
+owner = "self"
+actions = [
+	{ type = "away", threshold=1.0, command = "lock"},
+	{ type = "nearby", threshold=2.0, command = "keep-unlocked"},
+]

config/example.toml

@@ -1,59 +1,16 @@
-use crate::delayed::Delayed;
 use serde::Deserialize;
-use std::{process::Output, sync::Mutex};
+use std::process::Output;
 
-#[derive(Debug, Deserialize, Clone)]
-#[serde(rename_all = "lowercase")]
+#[derive(Debug, Deserialize, Clone, PartialEq)]
+#[serde(rename_all = "kebab-case")]
 pub enum Command {
     Unlock,
+    KeepUnlocked,
     Lock,
     String(String),
 }
 
-// fixme: don't use sudo, use proper permissions
 // fixme: use dbus to lock/unlock
-static LOCKED: Mutex<bool> = Mutex::new(false);
-static DELAYED_LOCK: Mutex<Option<Delayed>> = Mutex::new(None);
-
-impl Command {
-    pub fn run(&self) -> anyhow::Result<()> {
-        let locked = *LOCKED.lock().unwrap();
-        match self {
-            Command::Unlock => {
-                // cancel the delayed lock
-                if let Some(delayed) = &mut *DELAYED_LOCK.lock().unwrap() {
-                    delayed.cancel();
-                }
-                if locked {
-                    println!("Unlocking desktop...");
-                    run("sudo loginctl unlock-sessions")?;
-                    *LOCKED.lock().unwrap() = false;
-                };
-            }
-
-            // fixme: unlocking might not be good idea if it wasn't locked automatically
-            Command::Lock => {
-                let duration = std::time::Duration::from_secs(15);
-                if !locked {
-                    println!("Locking desktop in {:?}", duration);
-                    if let Some(delayed) = &mut *DELAYED_LOCK.lock().unwrap() {
-                        delayed.cancel();
-                    }
-                    // wait before actually locking the desktop
-                    let delayed = Delayed::new(duration, || async {
-                        run("sudo loginctl lock-sessions").expect("error running lock command");
-                        *LOCKED.lock().unwrap() = true;
-                    });
-                    *DELAYED_LOCK.lock().unwrap() = Some(delayed);
-                }
-            }
-            Command::String(cmd) => {
-                run(cmd)?;
-            }
-        };
-        Ok(())
-    }
-}
 
 pub fn run(cmd: &str) -> anyhow::Result<Output> {
     let output = std::process::Command::new("sh")

src/commands/mod.rs

@@ -1,4 +1,4 @@
-use crate::commands::Command;
+use crate::{commands::Command, distance_rssi};
 use figment::{
     providers::{Env, Format, Toml},
     Figment,
@@ -18,11 +18,39 @@ impl Config {
             .unwrap_or_default()
     }
 
-    pub fn get_connection_by_mac(&self, mac: &str) -> Option<&Connection> {
+    pub fn update_rssi(&mut self, mac: &str, rssi: i16) {
+        if let Some(connections) = &mut self.connection {
+            for connection in connections.iter_mut() {
+                match connection {
+                    Connection::Ble(ble) => {
+                        if ble.mac == mac {
+                            ble.rssi = Some(rssi);
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    pub fn should_lock(&self) -> bool {
+        self.connections()
+            .iter()
+            .filter_map(|c| c.get_ble())
+            .any(|ble| ble.should_lock())
+    }
+
+    pub fn can_unlock(&self) -> bool {
+        self.connections()
+            .iter()
+            .filter_map(|c| c.get_ble())
+            .any(|ble| ble.can_unlock())
+    }
+
+    pub fn keep_unlocked(&self) -> bool {
         self.connections()
             .iter()
-            .find(|c| c.get_ble().is_some_and(|ble| ble.mac == mac))
-            .copied()
+            .filter_map(|c| c.get_ble())
+            .any(|ble| ble.keep_unlocked())
     }
 }
 
@@ -43,33 +71,55 @@ impl Connection {
 
 #[derive(Deserialize, Debug)]
 pub struct BLEConnection {
-    pub name: String,
     pub mac: String,
+    pub rssi: Option<i16>,
     pub actions: Option<Vec<Action>>,
 }
 
 impl BLEConnection {
-    pub fn run_proximity_actions(&self, distance: f32) {
-        if let Some(actions) = &self.actions {
-            for action in actions {
-                match action {
+    pub fn can_unlock(&self) -> bool {
+        let distance = self.rssi.map(distance_rssi).unwrap_or(1000.0);
+        self.actions
+            .as_ref()
+            .map(|actions| {
+                actions.iter().any(|a| match a {
                     Action::Nearby(action) => {
-                        if distance > action.threshold {
-                            continue;
-                        }
+                        distance < action.threshold && action.command == Command::Unlock
+                    }
+                    Action::Away(_) => false,
+                })
+            })
+            .unwrap_or(false)
+    }
 
-                        action.command.run().unwrap();
+    pub fn keep_unlocked(&self) -> bool {
+        let distance = self.rssi.map(distance_rssi).unwrap_or(1000.0);
+        self.actions
+            .as_ref()
+            .map(|actions| {
+                actions.iter().any(|a| match a {
+                    Action::Nearby(action) => {
+                        distance < action.threshold && action.command == Command::KeepUnlocked
                     }
-                    Action::Away(action) => {
-                        if distance < action.threshold {
-                            continue;
-                        }
+                    Action::Away(_) => false,
+                })
+            })
+            .unwrap_or(false)
+    }
 
-                        action.command.run().unwrap();
+    pub fn should_lock(&self) -> bool {
+        let distance = self.rssi.map(distance_rssi).unwrap_or(1000.0);
+        self.actions
+            .as_ref()
+            .map(|actions| {
+                actions.iter().any(|a| match a {
+                    Action::Nearby(_) => false,
+                    Action::Away(action) => {
+                        distance > action.threshold && action.command == Command::Lock
                     }
-                }
-            }
-        }
+                })
+            })
+            .unwrap_or(false)
     }
 }
 

src/config.rs

@@ -0,0 +1,14 @@
+use zbus_systemd::login1::ManagerProxy;
+
+pub async fn get_idle_hint() -> zbus::Result<(bool, u64)> {
+    let manager = login_manager().await?;
+    let idle_hint = manager.idle_hint().await?;
+    let idle_hint_time = manager.idle_since_hint().await?;
+    Ok((idle_hint, idle_hint_time))
+}
+
+async fn login_manager() -> zbus::Result<ManagerProxy<'static>> {
+    let conn = zbus::Connection::system().await?;
+    let manager = ManagerProxy::new(&conn).await?;
+    Ok(manager)
+}