Feature: Local cache for op items

README.md

@@ -22,6 +22,7 @@ This plugin relies on the following:
 In any tmux mode:
 
 - `prefix + u` - list login items in a bottom pane.
+- `prefix + C` - clear the cache of tmux-1password.
 
 ## Install
 
@@ -77,8 +78,9 @@ sessions expires automatically after 30 minutes of inactivity.
 ### Configuring login items in 1Password
 
 In order to show only relevant login items and to maintain compatibility with
-[sudolikeaboss](https://github.com/ravenac95/sudolikeaboss), its required to set the value of the
-`website` field for each login item with the value of `sudolikeaboss://local`.
+[sudolikeaboss](https://github.com/ravenac95/sudolikeaboss), by default it is required to set the value of the
+`website` field for each login item with the value of `sudolikeaboss://local`. To override this behavior and provide
+customized filtering, see configuration options `@1password-enabled-url-filter` and `@1password-items-jq-filter` below.
 
 ## Configuration
 
@@ -121,6 +123,60 @@ set -g @1password-copy-to-clipboard 'on'
 
 Default: `'off'`
 
+#### Enabled URL Filter
+
+By default, the plugin maintains compatibility with [sudolikeaboss](https://github.com/ravenac95/sudolikeaboss) by
+filtering urls using the string "sudolikeaboss://local", by setting the following, the list of items will no longer be
+filtered.
+
+```
+set -g @1password-enabled-url-filter 'off'
+```
+
+Default: `'on'`
+
+#### Customize URL Filtering
+
+If complete customization of url filtering is required, a `jq` filter can be provided to filter and map
+items.
+
+##### Filtering by tags
+
+```
+set -g @1password-items-jq-filter '.[] | [select(.overview.tags | map(select(. == "tag_name")) | length == 1)?] | map([ .overview.title, .uuid ] | join(",")) | .[]'
+```
+
+##### Filtering by custom url
+
+```
+set -g @1password-items-jq-filter '.[] | [select(.overview.URLs | map(select(.u == "myspecial-url-filter")) | length == 1)?] | map([ .overview.title, .uuid ] | join(",")) | .[]'
+```
+
+Default: `''`
+
+Items come in the following format from which the filter operates:
+
+```
+[
+  {
+    "uuid": "some-long-uuid",
+    "overview": {
+      "URLs": [
+        { "u": "sudolikeaboss://local" }
+      ],
+      "title": "Some item",
+      "tags": ["tag_name"]
+    }
+  }
+]
+```
+
+## Security
+
+This plugin is based on using `op list-items` to get a filtered list of passwords from your vault, and them asking for the password you wan't with `get-item`. To improve the performance, we've added a file cache, stored at `tmp/tmux-op-items` which has a TTL of 6 hours and stores a simple list containing your account names and the related IDs.
+
+**No password is stored on the disk,** just a simple pointer to be used in the future when you ask to fetch a specific password.
+
 ## Prior art
 
 Also see:

plugin.tmux

@@ -28,9 +28,12 @@ main() {
   done
 
   local -r opt_key="$(get_tmux_option "@1password-key" "u")"
+  local -r clear_key="$(get_tmux_option "@1password-key" "C")"
 
   tmux bind-key "$opt_key" \
     run "tmux split-window -l 10 \"$CURRENT_DIR/scripts/main.sh '#{pane_id}'\""
+
+  tmux bind-key "$clear_key" run "$CURRENT_DIR/scripts/clear.sh"
 }
 
 main "$@"

scripts/clear.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+cd "$(dirname "${BASH_SOURCE[0]}")" \
+  || exit 1
+
+# ------------------------------------------------------------------------------
+
+source "./utils.sh"
+
+# ------------------------------------------------------------------------------
+
+clear() {
+  clear_cache
+}
+
+clear_cache() {
+  local -r CACHE_FILE="/tmp/tmux-op-items"
+
+  rm $CACHE_FILE
+
+  display_message "Cache cleared"
+}
+
+clear

scripts/main.sh

@@ -10,11 +10,15 @@ source "./spinner.sh"
 
 # ------------------------------------------------------------------------------
 
-declare -r TMP_TOKEN_FILE="$HOME/.op_tmux_token_tmp"
+declare -r TMP_TOKEN_FILE="/tmp/tmux-op-token"
+declare -r CACHE_FILE="/tmp/tmux-op-items"
+declare -r CACHE_TTL=1800 # 30 minutes, since we cannot fetch passwords with invalid session token
 
 declare -r OPT_SUBDOMAIN="$(get_tmux_option "@1password-subdomain" "my")"
 declare -r OPT_VAULT="$(get_tmux_option "@1password-vault" "")"
 declare -r OPT_COPY_TO_CLIPBOARD="$(get_tmux_option "@1password-copy-to-clipboard" "off")"
+declare -r OPT_ENABLED_URL_FILTER="$(get_tmux_option "@1password-enabled-url-filter" "on")"
+declare -r OPT_ITEMS_JQ_FILTER="$(get_tmux_option "@1password-items-jq-filter" "")"
 
 declare spinner_pid=""
 
@@ -44,7 +48,14 @@ op_get_session() {
 }
 
 get_op_items() {
+  if [[ -e $CACHE_FILE ]]; then
+    echo "$(cat $CACHE_FILE)"
+  else
+    fetch_items
+  fi
+}
 
+fetch_items() {
   # The structure (we need) looks like the following:
   # [
   #   {
@@ -58,18 +69,47 @@ get_op_items() {
   #   }
   # ]
 
-  local -r JQ_FILTER="
-    .[]
-    | [select(.overview.URLs | map(select(.u == \"sudolikeaboss://local\")) | length == 1)?]
-    | map([ .overview.title, .uuid ]
-    | join(\",\"))
-    | .[]
-  "
+  if [ -n "$OPT_ITEMS_JQ_FILTER" ]; then
+    local -r JQ_FILTER="$OPT_ITEMS_JQ_FILTER"
+  elif [ "$OPT_ENABLED_URL_FILTER" == "on" ]; then
+    local -r JQ_FILTER="
+      .[]
+      | [select(.overview.URLs | map(select(.u == \"sudolikeaboss://local\")) | length == 1)?]
+      | map([ .overview.title, .uuid ]
+      | join(\",\"))
+      | .[]
+    "
+  else
+    local -r JQ_FILTER="
+      .[]
+      | [select(.overview.URLs | map(select(.u)) | length == 1)?]
+      | map([ .overview.title, .uuid ]
+      | join(\",\"))
+      | .[]
+    "
+  fi
 
   op list items --vault="$OPT_VAULT" --session="$(op_get_session)" 2> /dev/null \
     | jq "$JQ_FILTER" --raw-output
 }
 
+cache_items() {
+  local items=$1
+
+  if ! [[ -e $CACHE_FILE ]]; then
+    echo "$items" > $CACHE_FILE
+  else
+    local last_update="$(stat -c %Y $CACHE_FILE)"
+    local now="$(date +%s)"
+    local seconds_since_last_update="$(($now-$last_update))"
+
+    # Remove cache file if last cache was from 6h ago
+    if [[ $seconds_since_last_update < $CACHE_TTL ]]; then
+      rm $CACHE_FILE
+    fi
+  fi
+}
+
 get_op_item_password() {
   local -r ITEM_UUID="$1"
 
@@ -139,6 +179,7 @@ main() {
     spinner_stop
   fi
 
+  cache_items "$items"
   selected_item_name="$(echo "$items" | awk -F ',' '{ print $1 }' | fzf --no-multi)"
 
   if [[ -n "$selected_item_name" ]]; then