fix(security): auto-lock the lite wallet on idle
checkAutoLock() called App::lockWallet(), which early-returns without an rpc_ handle — so lite wallets, which have no daemon, never idle-locked and stayed unlocked indefinitely. Route lite through lockLiteWallet() instead, which locks the backend and tears down the chat session so no decrypted store / unlocked DB key survives the idle lock. Full-node builds keep lite_wallet_ null, so the branch is a no-op there and behaviour is unchanged. The idle timer (last_interaction_, reset on ImGui input at the top of App::update()) is already build-agnostic, so no other wiring is needed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -612,7 +612,12 @@ void App::checkAutoLock() {
|
||||
float elapsed = std::chrono::duration<float>(now - last_interaction_).count();
|
||||
|
||||
if (elapsed >= (float)timeout) {
|
||||
lockWallet();
|
||||
// Lite has no daemon `walletlock` — App::lockWallet() early-returns without rpc_, so route
|
||||
// lite through lockLiteWallet() (locks the backend + tears down the chat session so no
|
||||
// decrypted store / unlocked DB key survives the idle lock). In full-node builds
|
||||
// lite_wallet_ is always null, so this branch is a no-op and behaviour is unchanged.
|
||||
if (lite_wallet_) lockLiteWallet();
|
||||
else lockWallet();
|
||||
DEBUG_LOGF("[App] Auto-locked wallet after %d seconds idle\n", timeout);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user