feat(BRIDGE-356): Added retry logic for unavailable preferred keychain on Linux; Feature flag support before bridge initialization; Refactored some bits of the code;

internal/vault/helper.go

@@ -76,6 +76,34 @@ func SetHelper(vaultDir, helper string) error {
 	return settings.Save(vaultDir)
 }
 
+func GetKeychainFailedAttemptCount(vaultDir string) (int, error) {
+	keychainState, err := LoadKeychainState(vaultDir)
+	if err != nil {
+		return 0, err
+	}
+	return keychainState.FailedAttempts, nil
+}
+
+func IncrementKeychainFailedAttemptCount(vaultDir string) error {
+	keychainState, err := LoadKeychainState(vaultDir)
+	if err != nil {
+		return err
+	}
+
+	keychainState.FailedAttempts++
+	return keychainState.Save(vaultDir)
+}
+
+// ResetFailedKeychainAttemptCount - resets the failed keychain attempt count, and stores the data in the appropriate helper file.
+func ResetFailedKeychainAttemptCount(vaultDir string) error {
+	keychainState, err := LoadKeychainState(vaultDir)
+	if err != nil {
+		return err
+	}
+
+	return keychainState.ResetAndSave(vaultDir)
+}
+
 func GetVaultKey(kc *keychain.Keychain) ([]byte, error) {
 	_, keyEnc, err := kc.Get(vaultSecretName)
 	if err != nil {

internal/vault/keychain_settings.go

@@ -17,15 +17,7 @@
 
 package vault
 
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/sirupsen/logrus"
-)
+import "github.com/ProtonMail/proton-bridge/v3/internal/vault/storage"
 
 const keychainSettingsFileName = "keychain.json"
 
@@ -35,40 +27,15 @@ type KeychainSettings struct {
 	DisableTest bool   // Is the keychain test on startup disabled?
 }
 
+var keychainSettingsFile = storage.NewJSONStorageFile[KeychainSettings](keychainSettingsFileName, "keychain settings") //nolint:gochecknoglobals
+
 // LoadKeychainSettings load keychain settings from the vaultDir folder, or returns a default one if the file
 // does not exists or is invalid.
 func LoadKeychainSettings(vaultDir string) (KeychainSettings, error) {
-	path := filepath.Join(vaultDir, keychainSettingsFileName)
-	bytes, err := os.ReadFile(path) //nolint:gosec
-	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			logrus.
-				WithFields(logrus.Fields{"pkg": "vault", "path": path}).
-				Trace("Keychain settings file does not exists, default values will be used")
-			return KeychainSettings{}, nil
-		}
-		return KeychainSettings{}, err
-	}
-
-	var result KeychainSettings
-	if err := json.Unmarshal(bytes, &result); err != nil {
-		return KeychainSettings{}, fmt.Errorf("keychain settings file is invalid settings: %w", err)
-	}
-
-	return result, nil
+	return keychainSettingsFile.Load(vaultDir)
 }
 
 // Save saves the keychain settings in a file in the vaultDir folder.
 func (k KeychainSettings) Save(vaultDir string) error {
-	bytes, err := json.MarshalIndent(k, "", "  ")
-	if err != nil {
-		return err
-	}
-
-	if err = os.MkdirAll(vaultDir, 0o700); err != nil {
-		return err
-	}
-
-	path := filepath.Join(vaultDir, keychainSettingsFileName)
-	return os.WriteFile(path, bytes, 0o600)
+	return keychainSettingsFile.Save(vaultDir, k)
 }

internal/vault/keychain_state.go

@@ -0,0 +1,53 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package vault
+
+import (
+	"runtime"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/platform"
+	"github.com/ProtonMail/proton-bridge/v3/internal/vault/storage"
+)
+
+const keychainStateFileName = "keychain_state.json"
+
+type KeychainState struct {
+	FailedAttempts int
+}
+
+var keychainStateFile = storage.NewJSONStorageFile[KeychainState](keychainStateFileName, "keychain state") //nolint:gochecknoglobals
+
+func LoadKeychainState(vaultDir string) (KeychainState, error) {
+	if runtime.GOOS != platform.LINUX {
+		return KeychainState{}, nil
+	}
+	return keychainStateFile.Load(vaultDir)
+}
+
+func (k KeychainState) Save(vaultDir string) error {
+	if runtime.GOOS != platform.LINUX {
+		return nil
+	}
+
+	return keychainStateFile.Save(vaultDir, k)
+}
+
+func (k KeychainState) ResetAndSave(vaultDir string) error {
+	k.FailedAttempts = 0
+	return k.Save(vaultDir)
+}

internal/vault/keychain_state_test.go

@@ -0,0 +1,75 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package vault
+
+import (
+	"runtime"
+	"testing"
+
+	"github.com/ProtonMail/proton-bridge/v3/internal/platform"
+	"github.com/stretchr/testify/require"
+)
+
+func TestKeychainState(t *testing.T) {
+	dir := t.TempDir()
+
+	// Load a non-existing keychain state file. It should return the defaults if it does not exist and no error will be thrown.
+	keychainState, err := LoadKeychainState(dir)
+	require.NoError(t, err)
+	require.Equal(t, KeychainState{}, keychainState)
+
+	// Increment the failed attempt count. The function call will save the data to the file.
+	err = IncrementKeychainFailedAttemptCount(dir)
+	require.NoError(t, err)
+
+	// Load the state from the now existing file. We isolate the behaviour of the helper to Linux.
+	// Thus, a nil state is expected on other OS'.
+	keychainState, err = LoadKeychainState(dir)
+	require.NoError(t, err)
+	if runtime.GOOS == platform.LINUX {
+		require.Equal(t, KeychainState{
+			FailedAttempts: 1,
+		}, keychainState)
+	} else {
+		require.Equal(t, KeychainState{}, keychainState)
+	}
+
+	// Increment again.
+	err = IncrementKeychainFailedAttemptCount(dir)
+	require.NoError(t, err)
+
+	// Same thing, we only expect linux to have data.
+	keychainState, err = LoadKeychainState(dir)
+	require.NoError(t, err)
+	if runtime.GOOS == platform.LINUX {
+		require.Equal(t, KeychainState{
+			FailedAttempts: 2,
+		}, keychainState)
+	} else {
+		require.Equal(t, KeychainState{}, keychainState)
+	}
+
+	// Reset the failed attempt count.
+	err = ResetFailedKeychainAttemptCount(dir)
+	require.NoError(t, err)
+
+	// All OS' states should match in this case.
+	keychainState, err = LoadKeychainState(dir)
+	require.NoError(t, err)
+	require.Equal(t, KeychainState{}, keychainState)
+}

internal/vault/storage/storage.go

@@ -0,0 +1,75 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package storage
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/sirupsen/logrus"
+)
+
+type JSONFile[T any] struct {
+	fileName string
+	fileType string
+}
+
+func NewJSONStorageFile[T any](fileName, fileType string) *JSONFile[T] {
+	return &JSONFile[T]{
+		fileName: fileName,
+		fileType: fileType,
+	}
+}
+
+func (jf *JSONFile[T]) Load(vaultDir string) (T, error) {
+	var result T
+	path := filepath.Join(vaultDir, jf.fileName)
+	bytes, err := os.ReadFile(path) //nolint:gosec
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			logrus.
+				WithFields(logrus.Fields{"pkg": "vault", "path": path}).
+				Tracef("%s file does not exists, default values will be used", jf.fileType)
+			return result, nil
+		}
+		return result, err
+	}
+
+	if err := json.Unmarshal(bytes, &result); err != nil {
+		return result, fmt.Errorf("%s file has invalid data: %w", jf.fileType, err)
+	}
+
+	return result, nil
+}
+
+func (jf *JSONFile[T]) Save(vaultDir string, data T) error {
+	bytes, err := json.MarshalIndent(data, "", "  ")
+	if err != nil {
+		return err
+	}
+
+	if err = os.MkdirAll(vaultDir, 0o700); err != nil {
+		return err
+	}
+
+	path := filepath.Join(vaultDir, jf.fileName)
+	return os.WriteFile(path, bytes, 0o600)
+}