-
Notifications
You must be signed in to change notification settings - Fork 1
Info for Developers
I'm a fan of MVVM and Clean Architecture. As such, modules for the application are split into self-contained feature-based packages. No package interacts with other packages outside of the core package. Any packages that require to be referenced from other packages will be placed into the core package. The idea is that you could copy and paste a package into a new project and it'd work as well as possible.
As mentioned, Troupetent leans heavily into KMM for the benefit of shared code. I hate repeating code.
With this in mind, libraries that were previously used when Troupetent targeted Android are now being replaced with libraries that support KMM. This includes Dagger/Hilt and Room for SQLDelight, and potentially Compose Destinations and Coil. At the moment, I'm still evaluating different libraries to see which ones I like most.
UI libraries will very likely be platform-specific to make full use of each platform's features.
Troupetent currently requires a minimum SDK of 23 for usage of Keystore-related functions.
Since Troupetent requires access to a user's token, it's encrypted locally to avoid it being nicked by a bad actor. There are essentially two approaches to keeping the key safe in this context: We can either create and use a keyfile, or use a password.
Using a password to encrypt the token isn't difficult, but it presents an annoyance in having to ask the user to provide that password at least once per use. There's mitigations with things like biometric methods of verification, but who uses a password for a music app, let alone a biometric scan?
The other option is creating a keyfile and using that to decrypt the token when Troupetent starts. There's no bugging the user for a password, but now we have an issue of storage. Here are either native (or the closest to it) key storage solutions Troupetent aims to use.
| Platform | Key Storage Solution | Native |
|---|---|---|
| Android | KeyStore | X |
| Linux | Secret Service | - |
| MacOS | Keychain | X |
| Windows | Key Containers | X |
Troupetent should also have the option of syncing with KeePass where possible.