feat: add biometric authentication support and related UI screens
- Updated AndroidManifest.xml to include permissions for biometric authentication. - Changed MainActivity to extend FlutterFragmentActivity for better compatibility. - Modified gradle.properties to optimize memory settings. - Enhanced app.dart to manage new app phases for biometric authentication. - Implemented LocalVaultService methods for handling biometric key protection. - Created BiometricChoiceScreen and BiometricGateScreen for user interaction. - Updated HomeScreen to handle vault invalidation scenarios. - Registered local_auth plugin for biometric functionality on macOS and Windows. - Updated pubspec.yaml and pubspec.lock to include local_auth dependency.
This commit is contained in:
+405
-36
@@ -1,3 +1,4 @@
|
||||
import 'dart:async';
|
||||
import 'dart:io';
|
||||
|
||||
import 'package:flutter/material.dart';
|
||||
@@ -6,6 +7,8 @@ import 'package:notas/data/local_vault_service.dart';
|
||||
import 'package:notas/data/note_repository.dart';
|
||||
import 'package:notas/platform/app_platform.dart';
|
||||
import 'package:notas/platform/window_state.dart';
|
||||
import 'package:notas/screens/biometric_choice_screen.dart';
|
||||
import 'package:notas/screens/biometric_gate_screen.dart';
|
||||
import 'package:notas/screens/home_screen.dart';
|
||||
import 'package:notas/screens/settings_screen.dart';
|
||||
import 'package:notas/screens/vault_access_screen.dart';
|
||||
@@ -20,6 +23,14 @@ enum _AppSection {
|
||||
settings,
|
||||
}
|
||||
|
||||
enum _AppPhase {
|
||||
loading,
|
||||
access,
|
||||
biometricChoice,
|
||||
biometricGate,
|
||||
notes,
|
||||
}
|
||||
|
||||
class NotesApp extends StatefulWidget {
|
||||
const NotesApp({super.key});
|
||||
|
||||
@@ -27,43 +38,125 @@ class NotesApp extends StatefulWidget {
|
||||
State<NotesApp> createState() => _NotesAppState();
|
||||
}
|
||||
|
||||
class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
class _NotesAppState extends State<NotesApp>
|
||||
with WindowListener, WidgetsBindingObserver {
|
||||
static const Duration _screenTransitionDuration = Duration(milliseconds: 280);
|
||||
static const Duration _biometricInactivityTimeout = Duration(minutes: 5);
|
||||
|
||||
final LocalVaultService _vaultService = LocalVaultService.instance;
|
||||
final GlobalKey<ScaffoldMessengerState> _scaffoldMessengerKey =
|
||||
GlobalKey<ScaffoldMessengerState>();
|
||||
final GlobalKey<NavigatorState> _navigatorKey = GlobalKey<NavigatorState>();
|
||||
|
||||
AppDatabase? _database;
|
||||
NoteRepository? _repository;
|
||||
String? _pendingEncryptionKey;
|
||||
bool _isBootstrapping = true;
|
||||
bool _isUnlocking = false;
|
||||
bool _biometricGateEnabled = false;
|
||||
int _biometricGateSession = 0;
|
||||
Timer? _biometricLockTimer;
|
||||
bool _isHandlingWindowClose = false;
|
||||
_AppPhase _phase = _AppPhase.loading;
|
||||
_AppSection _currentSection = _AppSection.home;
|
||||
|
||||
@override
|
||||
void initState() {
|
||||
super.initState();
|
||||
WidgetsBinding.instance.addObserver(this);
|
||||
if (isDesktop) {
|
||||
windowManager.addListener(this);
|
||||
windowManager.setPreventClose(true);
|
||||
}
|
||||
_bootstrapVault();
|
||||
}
|
||||
|
||||
@override
|
||||
void dispose() {
|
||||
WidgetsBinding.instance.removeObserver(this);
|
||||
if (isDesktop) {
|
||||
windowManager.removeListener(this);
|
||||
windowManager.setPreventClose(false);
|
||||
}
|
||||
_biometricLockTimer?.cancel();
|
||||
_database?.close();
|
||||
super.dispose();
|
||||
}
|
||||
|
||||
@override
|
||||
void didChangeAppLifecycleState(AppLifecycleState state) {
|
||||
if (_isUnlocking) {
|
||||
return;
|
||||
}
|
||||
|
||||
switch (state) {
|
||||
case AppLifecycleState.resumed:
|
||||
_cancelBiometricLockTimer();
|
||||
return;
|
||||
case AppLifecycleState.inactive:
|
||||
case AppLifecycleState.paused:
|
||||
_scheduleBiometricLockTimer();
|
||||
return;
|
||||
case AppLifecycleState.detached:
|
||||
case AppLifecycleState.hidden:
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
Future<void> _bootstrapVault() async {
|
||||
try {
|
||||
final String? encryptionKey = await _vaultService.readEncryptionKey();
|
||||
final bool hasEncryptionKey = await _vaultService.hasEncryptionKey();
|
||||
_biometricGateEnabled = hasEncryptionKey && await _vaultService.isBiometricGateEnabled();
|
||||
|
||||
if (!hasEncryptionKey) {
|
||||
_pendingEncryptionKey = null;
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_phase = _AppPhase.access;
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
final bool accessCompleted = await _vaultService.isVaultAccessCompleted();
|
||||
final bool biometricChoicePending = await _vaultService.isBiometricChoicePending();
|
||||
|
||||
if (!accessCompleted) {
|
||||
_pendingEncryptionKey = await _vaultService.readStoredEncryptionKeyRaw();
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_phase = _AppPhase.access;
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (biometricChoicePending) {
|
||||
_pendingEncryptionKey = await _vaultService.readStoredEncryptionKeyRaw();
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_phase = _AppPhase.biometricChoice;
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (_biometricGateEnabled) {
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_phase = _AppPhase.biometricGate;
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
final String? encryptionKey = await _vaultService.readStoredEncryptionKeyRaw();
|
||||
if (encryptionKey != null) {
|
||||
await _openVault(encryptionKey);
|
||||
} else if (mounted) {
|
||||
setState(() {
|
||||
_phase = _AppPhase.access;
|
||||
});
|
||||
}
|
||||
} finally {
|
||||
if (mounted) {
|
||||
@@ -77,16 +170,190 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
Future<void> _openVault(String encryptionKey) async {
|
||||
await _database?.close();
|
||||
|
||||
final AppDatabase database = AppDatabase(encryptionKey: encryptionKey);
|
||||
if (!mounted) {
|
||||
await database.close();
|
||||
try {
|
||||
final AppDatabase database = AppDatabase(encryptionKey: encryptionKey);
|
||||
if (!mounted) {
|
||||
await database.close();
|
||||
return;
|
||||
}
|
||||
|
||||
setState(() {
|
||||
_database = database;
|
||||
_repository = NoteRepository(database: database);
|
||||
_phase = _AppPhase.notes;
|
||||
});
|
||||
} catch (e) {
|
||||
// If the database file is not a valid SQLite DB (e.g., wrong key or corruption),
|
||||
// reset the local vault so the app doesn't crash. The reset will delete DB files
|
||||
// and clear the stored encryption key.
|
||||
await _resetLocalVaultData();
|
||||
|
||||
if (mounted) {
|
||||
_scaffoldMessengerKey.currentState?.showSnackBar(
|
||||
const SnackBar(content: Text('El vault local estaba corrupto y ha sido reiniciado.')),
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Future<void> _beginInitialVaultFlow({String? actionLabel}) async {
|
||||
if (_isUnlocking) {
|
||||
return;
|
||||
}
|
||||
|
||||
setState(() {
|
||||
_database = database;
|
||||
_repository = NoteRepository(database: database);
|
||||
_isUnlocking = true;
|
||||
});
|
||||
|
||||
try {
|
||||
if (actionLabel != null) {
|
||||
_showAccountPlaceholder(actionLabel);
|
||||
}
|
||||
|
||||
final String? existingKey = await _vaultService.readStoredEncryptionKeyRaw();
|
||||
final String encryptionKey = existingKey ?? await _vaultService.createEncryptionKey();
|
||||
|
||||
_pendingEncryptionKey = encryptionKey;
|
||||
await _vaultService.setVaultAccessCompleted(true);
|
||||
await _vaultService.setBiometricChoicePending(true);
|
||||
await _vaultService.setBiometricGateEnabled(false);
|
||||
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_phase = _AppPhase.biometricChoice;
|
||||
_biometricGateEnabled = false;
|
||||
});
|
||||
}
|
||||
} catch (error) {
|
||||
_scaffoldMessengerKey.currentState?.showSnackBar(
|
||||
SnackBar(content: Text('No se pudo preparar el vault local: $error')),
|
||||
);
|
||||
} finally {
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_isUnlocking = false;
|
||||
_isBootstrapping = false;
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Future<void> _enterWithoutAccount() {
|
||||
return _beginInitialVaultFlow();
|
||||
}
|
||||
|
||||
Future<void> _completeBiometricChoice({required bool enableBiometrics}) async {
|
||||
if (_isUnlocking) {
|
||||
return;
|
||||
}
|
||||
|
||||
setState(() {
|
||||
_isUnlocking = true;
|
||||
});
|
||||
|
||||
try {
|
||||
final String? pendingKey = _pendingEncryptionKey ?? await _vaultService.readStoredEncryptionKeyRaw();
|
||||
|
||||
if (pendingKey == null) {
|
||||
throw StateError('No se encontró la llave local.');
|
||||
}
|
||||
|
||||
if (enableBiometrics) {
|
||||
final bool available = await _vaultService.isBiometricAvailable();
|
||||
if (available) {
|
||||
bool activated = await _vaultService.enableBiometricProtection();
|
||||
while (!activated) {
|
||||
// Ask the user to retry or skip
|
||||
final BuildContext? dialogCtx = _navigatorKey.currentContext;
|
||||
if (dialogCtx == null) {
|
||||
break;
|
||||
}
|
||||
|
||||
final NavigatorState navigator = Navigator.of(dialogCtx);
|
||||
|
||||
final bool? retry = await showDialog<bool>(
|
||||
context: dialogCtx,
|
||||
builder: (BuildContext context) => AlertDialog(
|
||||
title: const Text('No se pudo activar la biometría'),
|
||||
content: const Text('No se pudo activar la biometría. ¿Quieres intentarlo de nuevo o entrar sin huella?'),
|
||||
actions: [
|
||||
TextButton(onPressed: () => navigator.pop(false), child: const Text('Entrar sin huella')),
|
||||
FilledButton(onPressed: () => navigator.pop(true), child: const Text('Reintentar')),
|
||||
],
|
||||
),
|
||||
);
|
||||
|
||||
if (retry != true) {
|
||||
// User chose to skip biometric activation
|
||||
break;
|
||||
}
|
||||
|
||||
activated = await _vaultService.enableBiometricProtection();
|
||||
}
|
||||
|
||||
if (activated) {
|
||||
await _vaultService.setBiometricChoicePending(false);
|
||||
await _vaultService.setVaultAccessCompleted(true);
|
||||
_biometricGateEnabled = true;
|
||||
_pendingEncryptionKey = pendingKey;
|
||||
await _openVault(pendingKey);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
_scaffoldMessengerKey.currentState?.showSnackBar(
|
||||
const SnackBar(content: Text('La biometría no está disponible en este dispositivo.')),
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
await _vaultService.setBiometricGateEnabled(false);
|
||||
await _vaultService.setBiometricChoicePending(false);
|
||||
await _vaultService.setVaultAccessCompleted(true);
|
||||
_biometricGateEnabled = false;
|
||||
_pendingEncryptionKey = pendingKey;
|
||||
await _openVault(pendingKey);
|
||||
} catch (error) {
|
||||
_scaffoldMessengerKey.currentState?.showSnackBar(
|
||||
SnackBar(content: Text('No se pudo finalizar la configuración del vault: $error')),
|
||||
);
|
||||
} finally {
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_isUnlocking = false;
|
||||
_isBootstrapping = false;
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Future<void> _unlockBiometricGate() async {
|
||||
if (_isUnlocking) {
|
||||
return;
|
||||
}
|
||||
|
||||
setState(() {
|
||||
_isUnlocking = true;
|
||||
});
|
||||
|
||||
try {
|
||||
final String? encryptionKey = await _vaultService.readEncryptionKey();
|
||||
|
||||
if (encryptionKey != null) {
|
||||
await _openVault(encryptionKey);
|
||||
}
|
||||
} catch (error) {
|
||||
_scaffoldMessengerKey.currentState?.showSnackBar(
|
||||
SnackBar(content: Text('No se pudo desbloquear el vault: $error')),
|
||||
);
|
||||
} finally {
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_isUnlocking = false;
|
||||
_isBootstrapping = false;
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void _openSettings() {
|
||||
@@ -116,6 +383,7 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
_repository = null;
|
||||
_database = null;
|
||||
_isBootstrapping = true;
|
||||
_phase = _AppPhase.loading;
|
||||
});
|
||||
|
||||
await database?.close();
|
||||
@@ -145,33 +413,64 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
setState(() {
|
||||
_isBootstrapping = false;
|
||||
_isUnlocking = false;
|
||||
_biometricGateEnabled = false;
|
||||
_pendingEncryptionKey = null;
|
||||
_phase = _AppPhase.access;
|
||||
});
|
||||
}
|
||||
|
||||
Future<void> _enterWithoutAccount() async {
|
||||
if (_isUnlocking) {
|
||||
Future<void> _lockVault() async {
|
||||
final AppDatabase? database = _database;
|
||||
|
||||
if (database == null && _repository == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
await database?.close();
|
||||
|
||||
if (!mounted) {
|
||||
return;
|
||||
}
|
||||
|
||||
setState(() {
|
||||
_isUnlocking = true;
|
||||
_database = null;
|
||||
_repository = null;
|
||||
_isBootstrapping = false;
|
||||
_biometricGateSession += 1;
|
||||
_phase = _AppPhase.biometricGate;
|
||||
_currentSection = _AppSection.home;
|
||||
});
|
||||
}
|
||||
|
||||
try {
|
||||
final String encryptionKey = await _vaultService.createEncryptionKey();
|
||||
await _openVault(encryptionKey);
|
||||
} catch (error) {
|
||||
_scaffoldMessengerKey.currentState?.showSnackBar(
|
||||
SnackBar(content: Text('No se pudo crear el vault local: $error')),
|
||||
);
|
||||
} finally {
|
||||
if (mounted) {
|
||||
setState(() {
|
||||
_isUnlocking = false;
|
||||
_isBootstrapping = false;
|
||||
});
|
||||
}
|
||||
bool get _needsBiometricLock => _biometricGateEnabled && _repository != null;
|
||||
|
||||
void _cancelBiometricLockTimer() {
|
||||
_biometricLockTimer?.cancel();
|
||||
_biometricLockTimer = null;
|
||||
}
|
||||
|
||||
void _scheduleBiometricLockTimer() {
|
||||
if (!_needsBiometricLock) {
|
||||
return;
|
||||
}
|
||||
|
||||
_biometricLockTimer?.cancel();
|
||||
_biometricLockTimer = Timer(_biometricInactivityTimeout, () {
|
||||
if (!mounted || !_needsBiometricLock) {
|
||||
return;
|
||||
}
|
||||
|
||||
unawaited(_lockVault());
|
||||
});
|
||||
}
|
||||
|
||||
Future<void> _allowWindowClose() async {
|
||||
if (!isDesktop) {
|
||||
return;
|
||||
}
|
||||
|
||||
await windowManager.setPreventClose(false);
|
||||
await windowManager.close();
|
||||
}
|
||||
|
||||
void _showAccountPlaceholder(String actionLabel) {
|
||||
@@ -199,6 +498,7 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
|
||||
Widget _buildLoadingScreen() {
|
||||
return MaterialApp(
|
||||
navigatorKey: _navigatorKey,
|
||||
title: 'Mis Notas',
|
||||
debugShowCheckedModeBanner: false,
|
||||
theme: AppTheme.theme,
|
||||
@@ -228,6 +528,7 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
|
||||
Widget _buildAppShell({required Widget home}) {
|
||||
return MaterialApp(
|
||||
navigatorKey: _navigatorKey,
|
||||
title: 'Mis Notas',
|
||||
debugShowCheckedModeBanner: false,
|
||||
scaffoldMessengerKey: _scaffoldMessengerKey,
|
||||
@@ -242,6 +543,7 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
key: const ValueKey<String>('home-screen'),
|
||||
repository: repository,
|
||||
onOpenSettings: _openSettings,
|
||||
onVaultInvalid: _resetLocalVaultData,
|
||||
)
|
||||
: SettingsScreen(
|
||||
key: const ValueKey<String>('settings-screen'),
|
||||
@@ -250,6 +552,7 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
);
|
||||
|
||||
return MaterialApp(
|
||||
navigatorKey: _navigatorKey,
|
||||
title: 'Mis Notas',
|
||||
debugShowCheckedModeBanner: false,
|
||||
scaffoldMessengerKey: _scaffoldMessengerKey,
|
||||
@@ -308,6 +611,44 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
_saveWindowSize();
|
||||
}
|
||||
|
||||
@override
|
||||
void onWindowFocus() {
|
||||
_cancelBiometricLockTimer();
|
||||
}
|
||||
|
||||
@override
|
||||
void onWindowBlur() {
|
||||
_scheduleBiometricLockTimer();
|
||||
}
|
||||
|
||||
@override
|
||||
void onWindowClose() {
|
||||
if (_isHandlingWindowClose) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!_needsBiometricLock) {
|
||||
unawaited(_allowWindowClose());
|
||||
return;
|
||||
}
|
||||
|
||||
_isHandlingWindowClose = true;
|
||||
_cancelBiometricLockTimer();
|
||||
|
||||
unawaited(() async {
|
||||
try {
|
||||
final String? encryptionKey = await _vaultService.readEncryptionKey();
|
||||
if (encryptionKey == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
await _allowWindowClose();
|
||||
} finally {
|
||||
_isHandlingWindowClose = false;
|
||||
}
|
||||
}());
|
||||
}
|
||||
|
||||
@override
|
||||
Widget build(BuildContext context) {
|
||||
if (_isBootstrapping) {
|
||||
@@ -320,17 +661,45 @@ class _NotesAppState extends State<NotesApp> with WindowListener {
|
||||
return _buildMainShell(repository);
|
||||
}
|
||||
|
||||
return _buildAppShell(
|
||||
home: VaultAccessScreen(
|
||||
isBusy: _isUnlocking,
|
||||
onCreateAccountPressed: (String email, String password) async {
|
||||
_showAccountPlaceholder('Crear cuenta');
|
||||
},
|
||||
onSignInPressed: (String email, String password) async {
|
||||
_showAccountPlaceholder('Iniciar sesión');
|
||||
},
|
||||
onContinueWithoutAccount: _enterWithoutAccount,
|
||||
),
|
||||
);
|
||||
switch (_phase) {
|
||||
case _AppPhase.loading:
|
||||
return _buildLoadingScreen();
|
||||
case _AppPhase.access:
|
||||
return _buildAppShell(
|
||||
home: VaultAccessScreen(
|
||||
isBusy: _isUnlocking,
|
||||
onCreateAccountPressed: (String email, String password) async {
|
||||
await _beginInitialVaultFlow(actionLabel: 'Crear cuenta');
|
||||
},
|
||||
onSignInPressed: (String email, String password) async {
|
||||
await _beginInitialVaultFlow(actionLabel: 'Iniciar sesión');
|
||||
},
|
||||
onContinueWithoutAccount: _enterWithoutAccount,
|
||||
),
|
||||
);
|
||||
case _AppPhase.biometricChoice:
|
||||
return _buildAppShell(
|
||||
home: BiometricChoiceScreen(
|
||||
isBusy: _isUnlocking,
|
||||
onEnableBiometrics: () => _completeBiometricChoice(enableBiometrics: true),
|
||||
onSkipBiometrics: () => _completeBiometricChoice(enableBiometrics: false),
|
||||
),
|
||||
);
|
||||
case _AppPhase.biometricGate:
|
||||
return _buildAppShell(
|
||||
home: BiometricGateScreen(
|
||||
key: ValueKey<int>(_biometricGateSession),
|
||||
isBusy: _isUnlocking,
|
||||
onUnlockRequested: _unlockBiometricGate,
|
||||
),
|
||||
);
|
||||
case _AppPhase.notes:
|
||||
if (repository == null) {
|
||||
return _buildLoadingScreen();
|
||||
}
|
||||
|
||||
return _buildMainShell(repository);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,8 @@
|
||||
import 'dart:math';
|
||||
import 'dart:io' show Platform;
|
||||
|
||||
import 'package:flutter_secure_storage/flutter_secure_storage.dart';
|
||||
import 'package:local_auth/local_auth.dart';
|
||||
|
||||
class LocalVaultService {
|
||||
LocalVaultService._();
|
||||
@@ -9,26 +11,110 @@ class LocalVaultService {
|
||||
|
||||
static const String _encryptionKeyStorageKey =
|
||||
'notes_local_encryption_key_v1';
|
||||
static const String _vaultAccessCompletedKey =
|
||||
'notes_vault_access_completed_v1';
|
||||
static const String _biometricChoicePendingKey =
|
||||
'notes_vault_biometric_choice_pending_v1';
|
||||
static const String _biometricGateEnabledKey =
|
||||
'notes_vault_biometric_gate_enabled_v1';
|
||||
|
||||
final FlutterSecureStorage _secureStorage = FlutterSecureStorage();
|
||||
final LocalAuthentication _localAuth = LocalAuthentication();
|
||||
String? _lastBiometricError;
|
||||
|
||||
String? _cachedEncryptionKey;
|
||||
/// Último error conocido al consultar/activar biometría. Útil para diagnóstico.
|
||||
String? getLastBiometricError() => _lastBiometricError;
|
||||
|
||||
Future<String?> readEncryptionKey() async {
|
||||
final String? cachedKey = _cachedEncryptionKey;
|
||||
if (cachedKey != null) {
|
||||
return cachedKey;
|
||||
}
|
||||
|
||||
final String? storedKey = await _secureStorage.read(
|
||||
key: _encryptionKeyStorageKey,
|
||||
);
|
||||
|
||||
_cachedEncryptionKey = storedKey;
|
||||
if (storedKey == null) return null;
|
||||
|
||||
// If biometric protection was enabled when the key was created, require
|
||||
// authentication before returning the key. We only enable biometric
|
||||
// protection on mobile (Android/iOS).
|
||||
if (await isBiometricGateEnabled()) {
|
||||
// Only attempt authentication on Android/iOS.
|
||||
if (!Platform.isAndroid && !Platform.isIOS) {
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
final bool supported = await _localAuth.isDeviceSupported();
|
||||
final bool canCheck = await _localAuth.canCheckBiometrics;
|
||||
|
||||
if (supported || canCheck) {
|
||||
final bool didAuthenticate = await _localAuth.authenticate(
|
||||
localizedReason:
|
||||
'Autentícate para acceder a la llave de encriptación',
|
||||
biometricOnly: false,
|
||||
sensitiveTransaction: true,
|
||||
persistAcrossBackgrounding: false,
|
||||
);
|
||||
|
||||
if (!didAuthenticate) return null;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
} catch (e, st) {
|
||||
_lastBiometricError = e.toString();
|
||||
// Also print stack for debugging when running locally.
|
||||
// ignore: avoid_print
|
||||
print('LocalVaultService.readEncryptionKey biometric error: $e\n$st');
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
return storedKey;
|
||||
}
|
||||
|
||||
Future<String> createEncryptionKey() async {
|
||||
Future<String?> readStoredEncryptionKeyRaw() {
|
||||
return _secureStorage.read(key: _encryptionKeyStorageKey);
|
||||
}
|
||||
|
||||
Future<bool> hasEncryptionKey() async {
|
||||
return (await readStoredEncryptionKeyRaw()) != null;
|
||||
}
|
||||
|
||||
Future<bool> isVaultAccessCompleted() async {
|
||||
return (await _secureStorage.read(key: _vaultAccessCompletedKey)) == '1';
|
||||
}
|
||||
|
||||
Future<void> setVaultAccessCompleted(bool value) async {
|
||||
if (value) {
|
||||
await _secureStorage.write(key: _vaultAccessCompletedKey, value: '1');
|
||||
} else {
|
||||
await _secureStorage.delete(key: _vaultAccessCompletedKey);
|
||||
}
|
||||
}
|
||||
|
||||
Future<bool> isBiometricChoicePending() async {
|
||||
return (await _secureStorage.read(key: _biometricChoicePendingKey)) == '1';
|
||||
}
|
||||
|
||||
Future<void> setBiometricChoicePending(bool value) async {
|
||||
if (value) {
|
||||
await _secureStorage.write(key: _biometricChoicePendingKey, value: '1');
|
||||
} else {
|
||||
await _secureStorage.delete(key: _biometricChoicePendingKey);
|
||||
}
|
||||
}
|
||||
|
||||
Future<bool> isBiometricGateEnabled() async {
|
||||
return (await _secureStorage.read(key: _biometricGateEnabledKey)) == '1';
|
||||
}
|
||||
|
||||
Future<void> setBiometricGateEnabled(bool value) async {
|
||||
if (value) {
|
||||
await _secureStorage.write(key: _biometricGateEnabledKey, value: '1');
|
||||
} else {
|
||||
await _secureStorage.delete(key: _biometricGateEnabledKey);
|
||||
}
|
||||
}
|
||||
|
||||
Future<String> createEncryptionKey({bool protectWithBiometrics = false}) async {
|
||||
final String encryptionKey = _generateEncryptionKey();
|
||||
|
||||
await _secureStorage.write(
|
||||
@@ -36,13 +122,86 @@ class LocalVaultService {
|
||||
value: encryptionKey,
|
||||
);
|
||||
|
||||
_cachedEncryptionKey = encryptionKey;
|
||||
// If requested, try to enable biometric protection. Only enable on mobile
|
||||
// platforms and only if the authentication succeeds.
|
||||
if (protectWithBiometrics && (Platform.isAndroid || Platform.isIOS)) {
|
||||
try {
|
||||
final bool supported = await _localAuth.isDeviceSupported();
|
||||
final bool canCheck = await _localAuth.canCheckBiometrics;
|
||||
|
||||
if (supported || canCheck) {
|
||||
final bool didAuthenticate = await _localAuth.authenticate(
|
||||
localizedReason: 'Configura biometría para proteger la llave',
|
||||
biometricOnly: false,
|
||||
sensitiveTransaction: true,
|
||||
persistAcrossBackgrounding: false,
|
||||
);
|
||||
|
||||
if (didAuthenticate) {
|
||||
await setBiometricGateEnabled(true);
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
_lastBiometricError = e.toString();
|
||||
// ignore: avoid_print
|
||||
print('LocalVaultService.createEncryptionKey biometric error: $e');
|
||||
// Ignore errors and leave biometric protection disabled.
|
||||
}
|
||||
}
|
||||
|
||||
return encryptionKey;
|
||||
}
|
||||
|
||||
Future<void> clearEncryptionKey() async {
|
||||
await _secureStorage.delete(key: _encryptionKeyStorageKey);
|
||||
_cachedEncryptionKey = null;
|
||||
await _secureStorage.delete(key: _vaultAccessCompletedKey);
|
||||
await _secureStorage.delete(key: _biometricChoicePendingKey);
|
||||
await _secureStorage.delete(key: _biometricGateEnabledKey);
|
||||
}
|
||||
|
||||
Future<bool> isBiometricAvailable() async {
|
||||
if (!Platform.isAndroid && !Platform.isIOS) return false;
|
||||
|
||||
try {
|
||||
final bool supported = await _localAuth.isDeviceSupported();
|
||||
final bool canCheck = await _localAuth.canCheckBiometrics;
|
||||
if (!supported && !canCheck) return false;
|
||||
|
||||
final List<BiometricType> types = await _localAuth.getAvailableBiometrics();
|
||||
_lastBiometricError = null;
|
||||
return types.isNotEmpty;
|
||||
} catch (e) {
|
||||
_lastBiometricError = e.toString();
|
||||
// ignore: avoid_print
|
||||
print('LocalVaultService.isBiometricAvailable error: $e');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
Future<bool> enableBiometricProtection() async {
|
||||
if (!await isBiometricAvailable()) return false;
|
||||
|
||||
try {
|
||||
// Prefer biometric-only authentication for activation to ensure the
|
||||
// user sets up biometric unlocking (no device credential fallback).
|
||||
final bool didAuthenticate = await _localAuth.authenticate(
|
||||
localizedReason: 'Autentícate para habilitar biometría',
|
||||
biometricOnly: true,
|
||||
sensitiveTransaction: true,
|
||||
persistAcrossBackgrounding: false,
|
||||
);
|
||||
|
||||
if (!didAuthenticate) return false;
|
||||
|
||||
await setBiometricGateEnabled(true);
|
||||
_lastBiometricError = null;
|
||||
return true;
|
||||
} catch (e) {
|
||||
_lastBiometricError = e.toString();
|
||||
// ignore: avoid_print
|
||||
print('LocalVaultService.enableBiometricProtection error: $e');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
String _generateEncryptionKey() {
|
||||
|
||||
@@ -0,0 +1,120 @@
|
||||
import 'package:flutter/material.dart';
|
||||
import 'package:notas/widgets/app_title_bar.dart';
|
||||
|
||||
class BiometricChoiceScreen extends StatelessWidget {
|
||||
const BiometricChoiceScreen({
|
||||
super.key,
|
||||
required this.isBusy,
|
||||
required this.onEnableBiometrics,
|
||||
required this.onSkipBiometrics,
|
||||
});
|
||||
|
||||
final bool isBusy;
|
||||
final Future<void> Function() onEnableBiometrics;
|
||||
final Future<void> Function() onSkipBiometrics;
|
||||
|
||||
@override
|
||||
Widget build(BuildContext context) {
|
||||
return Scaffold(
|
||||
body: Container(
|
||||
decoration: const BoxDecoration(
|
||||
gradient: LinearGradient(
|
||||
colors: [
|
||||
Color(0xFF191A1D),
|
||||
Color(0xFF222326),
|
||||
Color(0xFF101114),
|
||||
],
|
||||
begin: Alignment.topLeft,
|
||||
end: Alignment.bottomRight,
|
||||
),
|
||||
),
|
||||
child: SafeArea(
|
||||
child: Column(
|
||||
children: [
|
||||
const AppTitleBar(),
|
||||
Expanded(
|
||||
child: Center(
|
||||
child: SingleChildScrollView(
|
||||
padding: const EdgeInsets.all(24),
|
||||
child: ConstrainedBox(
|
||||
constraints: const BoxConstraints(maxWidth: 460),
|
||||
child: Container(
|
||||
padding: const EdgeInsets.all(24),
|
||||
decoration: BoxDecoration(
|
||||
color: const Color(0xFF1D1E20),
|
||||
borderRadius: BorderRadius.circular(24),
|
||||
border: Border.all(color: Colors.white.withValues(alpha: 0.08)),
|
||||
boxShadow: [
|
||||
BoxShadow(
|
||||
color: Colors.black.withValues(alpha: 0.35),
|
||||
blurRadius: 30,
|
||||
offset: const Offset(0, 18),
|
||||
),
|
||||
],
|
||||
),
|
||||
child: Column(
|
||||
mainAxisSize: MainAxisSize.min,
|
||||
crossAxisAlignment: CrossAxisAlignment.stretch,
|
||||
children: [
|
||||
const Icon(
|
||||
Icons.fingerprint,
|
||||
color: Colors.amber,
|
||||
size: 44,
|
||||
),
|
||||
const SizedBox(height: 16),
|
||||
const Text(
|
||||
'Proteger con huella',
|
||||
textAlign: TextAlign.center,
|
||||
style: TextStyle(
|
||||
color: Colors.white,
|
||||
fontSize: 28,
|
||||
fontWeight: FontWeight.w700,
|
||||
),
|
||||
),
|
||||
const SizedBox(height: 10),
|
||||
Text(
|
||||
'¿Quieres que la app te pida huella o cara antes de entrar a tus notas?',
|
||||
textAlign: TextAlign.center,
|
||||
style: TextStyle(
|
||||
color: Colors.white.withValues(alpha: 0.72),
|
||||
height: 1.4,
|
||||
),
|
||||
),
|
||||
const SizedBox(height: 22),
|
||||
FilledButton(
|
||||
onPressed: isBusy ? null : onEnableBiometrics,
|
||||
style: FilledButton.styleFrom(
|
||||
padding: const EdgeInsets.symmetric(vertical: 14),
|
||||
),
|
||||
child: isBusy
|
||||
? const SizedBox(
|
||||
width: 18,
|
||||
height: 18,
|
||||
child: CircularProgressIndicator(strokeWidth: 2),
|
||||
)
|
||||
: const Text('Sí, activar huella'),
|
||||
),
|
||||
const SizedBox(height: 10),
|
||||
OutlinedButton(
|
||||
onPressed: isBusy ? null : onSkipBiometrics,
|
||||
style: OutlinedButton.styleFrom(
|
||||
padding: const EdgeInsets.symmetric(vertical: 14),
|
||||
side: const BorderSide(color: Colors.white24),
|
||||
foregroundColor: Colors.white,
|
||||
),
|
||||
child: const Text('No, entrar sin huella'),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,134 @@
|
||||
import 'package:flutter/material.dart';
|
||||
import 'package:notas/widgets/app_title_bar.dart';
|
||||
|
||||
class BiometricGateScreen extends StatefulWidget {
|
||||
const BiometricGateScreen({
|
||||
super.key,
|
||||
required this.isBusy,
|
||||
required this.onUnlockRequested,
|
||||
});
|
||||
|
||||
final bool isBusy;
|
||||
final Future<void> Function() onUnlockRequested;
|
||||
|
||||
@override
|
||||
State<BiometricGateScreen> createState() => _BiometricGateScreenState();
|
||||
}
|
||||
|
||||
class _BiometricGateScreenState extends State<BiometricGateScreen> {
|
||||
bool _autoRequested = false;
|
||||
|
||||
@override
|
||||
void initState() {
|
||||
super.initState();
|
||||
WidgetsBinding.instance.addPostFrameCallback((_) {
|
||||
if (mounted) {
|
||||
_requestUnlockOnce();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
Future<void> _requestUnlockOnce() async {
|
||||
if (_autoRequested || widget.isBusy) {
|
||||
return;
|
||||
}
|
||||
|
||||
_autoRequested = true;
|
||||
await widget.onUnlockRequested();
|
||||
}
|
||||
|
||||
@override
|
||||
Widget build(BuildContext context) {
|
||||
return Scaffold(
|
||||
body: Container(
|
||||
decoration: const BoxDecoration(
|
||||
gradient: LinearGradient(
|
||||
colors: [
|
||||
Color(0xFF191A1D),
|
||||
Color(0xFF222326),
|
||||
Color(0xFF101114),
|
||||
],
|
||||
begin: Alignment.topLeft,
|
||||
end: Alignment.bottomRight,
|
||||
),
|
||||
),
|
||||
child: SafeArea(
|
||||
child: Column(
|
||||
children: [
|
||||
const AppTitleBar(),
|
||||
Expanded(
|
||||
child: Center(
|
||||
child: SingleChildScrollView(
|
||||
padding: const EdgeInsets.all(24),
|
||||
child: ConstrainedBox(
|
||||
constraints: const BoxConstraints(maxWidth: 460),
|
||||
child: Container(
|
||||
padding: const EdgeInsets.all(24),
|
||||
decoration: BoxDecoration(
|
||||
color: const Color(0xFF1D1E20),
|
||||
borderRadius: BorderRadius.circular(24),
|
||||
border: Border.all(color: Colors.white.withValues(alpha: 0.08)),
|
||||
boxShadow: [
|
||||
BoxShadow(
|
||||
color: Colors.black.withValues(alpha: 0.35),
|
||||
blurRadius: 30,
|
||||
offset: const Offset(0, 18),
|
||||
),
|
||||
],
|
||||
),
|
||||
child: Column(
|
||||
mainAxisSize: MainAxisSize.min,
|
||||
crossAxisAlignment: CrossAxisAlignment.stretch,
|
||||
children: [
|
||||
const Icon(
|
||||
Icons.fingerprint,
|
||||
color: Colors.amber,
|
||||
size: 44,
|
||||
),
|
||||
const SizedBox(height: 16),
|
||||
const Text(
|
||||
'Desbloqueo biométrico',
|
||||
textAlign: TextAlign.center,
|
||||
style: TextStyle(
|
||||
color: Colors.white,
|
||||
fontSize: 28,
|
||||
fontWeight: FontWeight.w700,
|
||||
),
|
||||
),
|
||||
const SizedBox(height: 10),
|
||||
Text(
|
||||
'Pon tu huella o cara para entrar a tus notas.',
|
||||
textAlign: TextAlign.center,
|
||||
style: TextStyle(
|
||||
color: Colors.white.withValues(alpha: 0.72),
|
||||
height: 1.4,
|
||||
),
|
||||
),
|
||||
const SizedBox(height: 22),
|
||||
FilledButton(
|
||||
onPressed: widget.isBusy ? null : widget.onUnlockRequested,
|
||||
style: FilledButton.styleFrom(
|
||||
padding: const EdgeInsets.symmetric(vertical: 14),
|
||||
),
|
||||
child: widget.isBusy
|
||||
? const SizedBox(
|
||||
width: 18,
|
||||
height: 18,
|
||||
child: CircularProgressIndicator(strokeWidth: 2),
|
||||
)
|
||||
: const Text('Desbloquear'),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -15,10 +15,12 @@ class HomeScreen extends StatefulWidget {
|
||||
super.key,
|
||||
required this.repository,
|
||||
required this.onOpenSettings,
|
||||
this.onVaultInvalid,
|
||||
});
|
||||
|
||||
final NoteRepository repository;
|
||||
final VoidCallback onOpenSettings;
|
||||
final Future<void> Function()? onVaultInvalid;
|
||||
|
||||
@override
|
||||
State<HomeScreen> createState() => _HomeScreenState();
|
||||
@@ -38,16 +40,21 @@ class _HomeScreenState extends State<HomeScreen> {
|
||||
}
|
||||
|
||||
Future<void> _loadNotes() async {
|
||||
final List<Note> storedNotes = await widget.repository.loadNotes();
|
||||
try {
|
||||
final List<Note> storedNotes = await widget.repository.loadNotes();
|
||||
|
||||
if (!mounted) {
|
||||
return;
|
||||
if (!mounted) return;
|
||||
|
||||
setState(() {
|
||||
_notes = storedNotes;
|
||||
_isLoading = false;
|
||||
});
|
||||
} catch (e) {
|
||||
// If loading notes fails (e.g., DB corrupt), notify the app to reset the vault.
|
||||
if (widget.onVaultInvalid != null) {
|
||||
await widget.onVaultInvalid!();
|
||||
}
|
||||
}
|
||||
|
||||
setState(() {
|
||||
_notes = storedNotes;
|
||||
_isLoading = false;
|
||||
});
|
||||
}
|
||||
|
||||
Future<void> _openNoteComposer() async {
|
||||
|
||||
Reference in New Issue
Block a user