fix: enforce permanent RustDesk password fallback

apps/desktop/src-tauri/src/rustdesk.rs

@@ -27,6 +27,8 @@ const SERVICE_NAME: &str = "RustDesk";
 const CACHE_DIR_NAME: &str = "Rever\\RustDeskCache";
 const LOCAL_SERVICE_CONFIG: &str = r"C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Roaming\\RustDesk\\config";
 const LOCAL_SYSTEM_CONFIG: &str = r"C:\\Windows\\System32\\config\\systemprofile\\AppData\\Roaming\\RustDesk\\config";
+const SECURITY_VERIFICATION_VALUE: &str = "use-permanent-password";
+const SECURITY_APPROVE_MODE_VALUE: &str = "password";
 const CREATE_NO_WINDOW: u32 = 0x08000000;
 
 static PROVISION_MUTEX: Lazy<Mutex<()>> = Lazy::new(|| Mutex::new(()));
@@ -135,6 +137,10 @@ pub fn ensure_rustdesk(
             Ok(_) => log_event("Artefatos de senha replicados para o serviço do RustDesk"),
             Err(error) => log_event(&format!("Falha ao replicar artefatos de senha: {error}")),
         }
+
+        if let Err(error) = enforce_security_flags() {
+            log_event(&format!("Falha ao reforçar configuração de senha permanente: {error}"));
+        }
     }
 
     let custom_id = if let Some(value) = machine_id.and_then(|raw| {
@@ -508,14 +514,60 @@ fn ensure_password_files(secret: &str) -> Result<(), String> {
         }
 
         let local_path = dir.join("RustDesk_local.toml");
-        if let Err(error) = write_toml_kv(&local_path, "verification-method", "use-both-passwords") {
+        if let Err(error) = write_toml_kv(&local_path, "verification-method", SECURITY_VERIFICATION_VALUE) {
             log_event(&format!(
                 "Falha ao ajustar verification-method em {}: {error}",
                 local_path.display()
             ));
         } else {
             log_event(&format!(
-                "verification-method atualizado para use-both-passwords em {}",
+                "verification-method atualizado para {} em {}",
+                SECURITY_VERIFICATION_VALUE,
+                local_path.display()
+            ));
+        }
+
+        if let Err(error) = write_toml_kv(&local_path, "approve-mode", SECURITY_APPROVE_MODE_VALUE) {
+            log_event(&format!(
+                "Falha ao ajustar approve-mode em {}: {error}",
+                local_path.display()
+            ));
+        } else {
+            log_event(&format!(
+                "approve-mode atualizado para {} em {}",
+                SECURITY_APPROVE_MODE_VALUE,
+                local_path.display()
+            ));
+        }
+    }
+
+    if errors.is_empty() {
+        Ok(())
+    } else {
+        Err(errors.join(" | "))
+    }
+}
+
+fn enforce_security_flags() -> Result<(), String> {
+    let mut errors = Vec::new();
+    for dir in remote_id_directories() {
+        let local_path = dir.join("RustDesk_local.toml");
+        if let Err(error) = write_toml_kv(&local_path, "verification-method", SECURITY_VERIFICATION_VALUE) {
+            errors.push(format!("{} -> {}", local_path.display(), error));
+        } else {
+            log_event(&format!(
+                "verification-method atualizado para {} em {}",
+                SECURITY_VERIFICATION_VALUE,
+                local_path.display()
+            ));
+        }
+
+        if let Err(error) = write_toml_kv(&local_path, "approve-mode", SECURITY_APPROVE_MODE_VALUE) {
+            errors.push(format!("{} -> {}", local_path.display(), error));
+        } else {
+            log_event(&format!(
+                "approve-mode atualizado para {} em {}",
+                SECURITY_APPROVE_MODE_VALUE,
                 local_path.display()
             ));
         }