all: change the remote temporary directory to "~/.cache/awwan"

If the file to be copied contains sensitive data, putting them in
"/tmp" considered a security risk, even though it will be moved to
destination later.

The issue is when the "#put" command failed, the plain file is left
on "/tmp" directory.

This changes add additional advantage where we did not need to remove
the temporary directory on remote when execution completed, since the
temporary directory should be accessible by user only.

Implements: https://todo.sr.ht/~shulhan/awwan/8

1 files changed, 6 insertions, 7 deletions

diff --git a/awwan.go b/awwan.go
index 4923779..4827f94 100644
--- a/awwan.go
+++ b/awwan.go
@@ -47,7 +47,6 @@ const (
 	defEnvFileName = `awwan.env` // The default awwan environment file name.
 	defSSHConfig   = `config`    // The default SSH config file name.
 	defSSHDir      = `.ssh`      // The default SSH config directory name.
-	defTmpDir      = `/tmp`
 )
 
 // defEncryptExt default file extension for encrypted file.
@@ -56,6 +55,12 @@ const defEncryptExt = `.vault`
 // defFileEnvVault default awwan environment file name that is encrypted.
 const defFileEnvVault = `.awwan.env.vault`
 
+// defTmpDirLocal default temporary directory in local.
+const defTmpDirLocal = `.cache/`
+
+// defTmpDirPlay default temporary directory in remote.
+const defTmpDirPlay = `~/.cache/awwan`
+
 // Awwan is the service that run script in local or remote.
 // Awwan contains cache of sessions and cache of environment files.
 type Awwan struct {
@@ -328,12 +333,6 @@ func (aww *Awwan) Local(req *ExecRequest) (err error) {
 	}
 	req.mlog.Outf(`=== END: %s %s %s`, req.Mode, req.Script, req.LineRange)
 out:
-	if ses != nil {
-		var errRemove = os.RemoveAll(ses.dirTmp)
-		if errRemove != nil {
-			req.mlog.Errf(`!!! %s: %s`, logp, errRemove)
-		}
-	}
 	if err != nil {
 		req.mlog.Errf(`!!! %s`, err)
 		err = fmt.Errorf(`%s: %w`, logp, err)