metamask-extension/app/scripts/controllers/provider-approval.js

const ObservableStore = require('obs-store')

/**
 * A controller that services user-approved requests for a full Ethereum provider API
 */
class ProviderApprovalController {
  /**
   * Determines if caching is enabled
   */
  caching = true

  /**
   * Creates a ProviderApprovalController
   *
   * @param {Object} [config] - Options to configure controller
   */
  constructor ({ closePopup, keyringController, openPopup, platform, preferencesController, publicConfigStore } = {}) {
    this.approvedOrigins = {}
    this.closePopup = closePopup
    this.keyringController = keyringController
    this.openPopup = openPopup
    this.platform = platform
    this.preferencesController = preferencesController
    this.publicConfigStore = publicConfigStore
    this.store = new ObservableStore({
      providerRequests: [],
    })

    if (platform && platform.addMessageListener) {
      platform.addMessageListener(({ action = '', force, origin, siteTitle, siteImage }, { tab }) => {
        switch (action) {
          case 'init-provider-request':
            this._handleProviderRequest(origin, siteTitle, siteImage, force, tab.id)
            break
          case 'init-is-approved':
            this._handleIsApproved(origin, tab.id)
            break
          case 'init-is-unlocked':
            this._handleIsUnlocked(tab.id)
            break
          case 'init-privacy-request':
            this._handlePrivacyRequest(tab.id)
            break
        }
      })
    }
  }

  /**
   * Called when a tab requests access to a full Ethereum provider API
   *
   * @param {string} origin - Origin of the window requesting full provider access
   * @param {string} siteTitle - The title of the document requesting full provider access
   * @param {string} siteImage - The icon of the window requesting full provider access
   */
  _handleProviderRequest (origin, siteTitle, siteImage, force, tabID) {
    this.store.updateState({ providerRequests: [{ origin, siteTitle, siteImage, tabID }] })
    const isUnlocked = this.keyringController.memStore.getState().isUnlocked
    if (!force && this.approvedOrigins[origin] && this.caching && isUnlocked) {
      this.approveProviderRequest(tabID)
      return
    }
    this.openPopup && this.openPopup()
  }

  /**
   * Called by a tab to determine if an origin has been approved in the past
   *
   * @param {string} origin - Origin of the window
   */
  _handleIsApproved (origin, tabID) {
    this.platform && this.platform.sendMessage({
      action: 'answer-is-approved',
      isApproved: this.approvedOrigins[origin] && this.caching,
      caching: this.caching,
    }, { id: tabID })
  }

  /**
   * Called by a tab to determine if MetaMask is currently locked or unlocked
   */
  _handleIsUnlocked (tabID) {
    const isUnlocked = this.keyringController.memStore.getState().isUnlocked
    this.platform && this.platform.sendMessage({ action: 'answer-is-unlocked', isUnlocked }, { id: tabID })
  }

  /**
   * Called to check privacy mode; if privacy mode is off, this will automatically enable the provider (legacy behavior)
   */
  _handlePrivacyRequest (tabID) {
    const privacyMode = this.preferencesController.getFeatureFlags().privacyMode
    if (!privacyMode) {
      this.platform && this.platform.sendMessage({
        action: 'approve-legacy-provider-request',
        selectedAddress: this.publicConfigStore.getState().selectedAddress,
      }, { id: tabID })
      this.publicConfigStore.emit('update', this.publicConfigStore.getState())
    }
  }

  /**
   * Called when a user approves access to a full Ethereum provider API
   *
   * @param {string} tabID - ID of the target window that approved provider access
   */
  approveProviderRequest (tabID) {
    this.closePopup && this.closePopup()
    const requests = this.store.getState().providerRequests
    const origin = requests.find(request => request.tabID === tabID).origin
    this.platform && this.platform.sendMessage({
      action: 'approve-provider-request',
      selectedAddress: this.publicConfigStore.getState().selectedAddress,
    }, { id: tabID })
    this.publicConfigStore.emit('update', this.publicConfigStore.getState())
    const providerRequests = requests.filter(request => request.tabID !== tabID)
    this.store.updateState({ providerRequests })
    this.approvedOrigins[origin] = true
  }

  /**
   * Called when a tab rejects access to a full Ethereum provider API
   *
   * @param {string} tabID - ID of the target window that rejected provider access
   */
  rejectProviderRequest (tabID) {
    this.closePopup && this.closePopup()
    const requests = this.store.getState().providerRequests
    const origin = requests.find(request => request.tabID === tabID).origin
    this.platform && this.platform.sendMessage({ action: 'reject-provider-request' }, { id: tabID })
    const providerRequests = requests.filter(request => request.tabID !== tabID)
    this.store.updateState({ providerRequests })
    delete this.approvedOrigins[origin]
  }

  /**
   * Clears any cached approvals for user-approved origins
   */
  clearApprovedOrigins () {
    this.approvedOrigins = {}
  }

  /**
   * Determines if a given origin should have accounts exposed
   *
   * @param {string} origin - Domain origin to check for approval status
   * @returns {boolean} - True if the origin has been approved
   */
  shouldExposeAccounts (origin) {
    const privacyMode = this.preferencesController.getFeatureFlags().privacyMode
    return !privacyMode || this.approvedOrigins[origin]
  }

  /**
   * Tells all tabs that MetaMask is now locked. This is primarily used to set
   * internal flags in the contentscript and inpage script.
   */
  setLocked () {
    this.platform.sendMessage({ action: 'metamask-set-locked' })
  }
}

module.exports = ProviderApprovalController
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`const ObservableStore = require('obs-store')`

			`/**`
			`* A controller that services user-approved requests for a full Ethereum provider API`
			`*/`
			`class ProviderApprovalController {`
Disable approval caching 2018-10-29 23:44:04 +01:00			`/**`
			`* Determines if caching is enabled`
			`*/`
Enable caching 2018-10-31 10:07:49 +01:00			`caching = true`
Disable approval caching 2018-10-29 23:44:04 +01:00
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`/**`
			`* Creates a ProviderApprovalController`
			`*`
			`* @param {Object} [config] - Options to configure controller`
			`*/`
Code bath 2018-10-29 22:28:59 +01:00			`constructor ({ closePopup, keyringController, openPopup, platform, preferencesController, publicConfigStore } = {}) {`
			`this.approvedOrigins = {}`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.closePopup = closePopup`
Code bath 2018-10-29 22:28:59 +01:00			`this.keyringController = keyringController`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.openPopup = openPopup`
			`this.platform = platform`
EIP-1102: add user privacy option 2018-10-10 20:52:26 +02:00			`this.preferencesController = preferencesController`
Code bath 2018-10-29 22:28:59 +01:00			`this.publicConfigStore = publicConfigStore`
Use initState to avoid type-checking providerRequests in state 2018-11-26 16:36:17 +01:00			`this.store = new ObservableStore({`
			`providerRequests: [],`
			`})`
Code bath 2018-10-29 22:28:59 +01:00
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`if (platform && platform.addMessageListener) {`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`platform.addMessageListener(({ action = '', force, origin, siteTitle, siteImage }, { tab }) => {`
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`switch (action) {`
			`case 'init-provider-request':`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`this._handleProviderRequest(origin, siteTitle, siteImage, force, tab.id)`
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`break`
			`case 'init-is-approved':`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`this._handleIsApproved(origin, tab.id)`
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`break`
			`case 'init-is-unlocked':`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`this._handleIsUnlocked(tab.id)`
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`break`
			`case 'init-privacy-request':`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`this._handlePrivacyRequest(tab.id)`
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`break`
			`}`
			`})`
			`}`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`

			`/**`
			`* Called when a tab requests access to a full Ethereum provider API`
			`*`
			`* @param {string} origin - Origin of the window requesting full provider access`
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`* @param {string} siteTitle - The title of the document requesting full provider access`
			`* @param {string} siteImage - The icon of the window requesting full provider access`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*/`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`_handleProviderRequest (origin, siteTitle, siteImage, force, tabID) {`
			`this.store.updateState({ providerRequests: [{ origin, siteTitle, siteImage, tabID }] })`
Mark origins as unapproved if user explicitly locks MetaMask 2018-11-03 12:06:11 +01:00			`const isUnlocked = this.keyringController.memStore.getState().isUnlocked`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`if (!force && this.approvedOrigins[origin] && this.caching && isUnlocked) {`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`this.approveProviderRequest(tabID)`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`return`
			`}`
			`this.openPopup && this.openPopup()`
			`}`

EIP-1102: add isEnabled convenience method to provider 2018-10-04 17:05:32 +02:00			`/**`
Code bath 2018-10-29 22:28:59 +01:00			`* Called by a tab to determine if an origin has been approved in the past`
EIP-1102: add isEnabled convenience method to provider 2018-10-04 17:05:32 +02:00			`*`
Code bath 2018-10-29 22:28:59 +01:00			`* @param {string} origin - Origin of the window`
EIP-1102: add isEnabled convenience method to provider 2018-10-04 17:05:32 +02:00			`*/`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`_handleIsApproved (origin, tabID) {`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`this.platform && this.platform.sendMessage({`
			`action: 'answer-is-approved',`
			`isApproved: this.approvedOrigins[origin] && this.caching,`
Fix lint errors 2018-11-06 20:30:33 +01:00			`caching: this.caching,`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`}, { id: tabID })`
EIP-1102: add user privacy option 2018-10-10 20:52:26 +02:00			`}`

Code bath 2018-10-29 22:28:59 +01:00			`/**`
			`* Called by a tab to determine if MetaMask is currently locked or unlocked`
			`*/`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`_handleIsUnlocked (tabID) {`
Add isUnlocked provider hook 2018-10-18 00:38:31 +02:00			`const isUnlocked = this.keyringController.memStore.getState().isUnlocked`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`this.platform && this.platform.sendMessage({ action: 'answer-is-unlocked', isUnlocked }, { id: tabID })`
Add isUnlocked provider hook 2018-10-18 00:38:31 +02:00			`}`

Code bath 2018-10-29 22:28:59 +01:00			`/**`
			`* Called to check privacy mode; if privacy mode is off, this will automatically enable the provider (legacy behavior)`
			`*/`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`_handlePrivacyRequest (tabID) {`
EIP-1102: add user privacy option 2018-10-10 20:52:26 +02:00			`const privacyMode = this.preferencesController.getFeatureFlags().privacyMode`
			`if (!privacyMode) {`
EIP-1102: Update publicConfig store concurrently with approval 2018-11-10 02:40:32 +01:00			`this.platform && this.platform.sendMessage({`
			`action: 'approve-legacy-provider-request',`
			`selectedAddress: this.publicConfigStore.getState().selectedAddress,`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`}, { id: tabID })`
EIP-1102: add user privacy option 2018-10-10 20:52:26 +02:00			`this.publicConfigStore.emit('update', this.publicConfigStore.getState())`
			`}`
EIP-1102: add isEnabled convenience method to provider 2018-10-04 17:05:32 +02:00			`}`

EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`/**`
			`* Called when a user approves access to a full Ethereum provider API`
			`*`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`* @param {string} tabID - ID of the target window that approved provider access`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*/`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`approveProviderRequest (tabID) {`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.closePopup && this.closePopup()`
Use initState to avoid type-checking providerRequests in state 2018-11-26 16:36:17 +01:00			`const requests = this.store.getState().providerRequests`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`const origin = requests.find(request => request.tabID === tabID).origin`
EIP-1102: Update publicConfig store concurrently with approval 2018-11-10 02:40:32 +01:00			`this.platform && this.platform.sendMessage({`
			`action: 'approve-provider-request',`
			`selectedAddress: this.publicConfigStore.getState().selectedAddress,`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`}, { id: tabID })`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.publicConfigStore.emit('update', this.publicConfigStore.getState())`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`const providerRequests = requests.filter(request => request.tabID !== tabID)`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.store.updateState({ providerRequests })`
			`this.approvedOrigins[origin] = true`
			`}`

			`/**`
			`* Called when a tab rejects access to a full Ethereum provider API`
			`*`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`* @param {string} tabID - ID of the target window that rejected provider access`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*/`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`rejectProviderRequest (tabID) {`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.closePopup && this.closePopup()`
Use initState to avoid type-checking providerRequests in state 2018-11-26 16:36:17 +01:00			`const requests = this.store.getState().providerRequests`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`const origin = requests.find(request => request.tabID === tabID).origin`
			`this.platform && this.platform.sendMessage({ action: 'reject-provider-request' }, { id: tabID })`
			`const providerRequests = requests.filter(request => request.tabID !== tabID)`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.store.updateState({ providerRequests })`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`delete this.approvedOrigins[origin]`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`

			`/**`
			`* Clears any cached approvals for user-approved origins`
			`*/`
			`clearApprovedOrigins () {`
			`this.approvedOrigins = {}`
			`}`

			`/**`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`* Determines if a given origin should have accounts exposed`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*`
			`* @param {string} origin - Domain origin to check for approval status`
			`* @returns {boolean} - True if the origin has been approved`
			`*/`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`shouldExposeAccounts (origin) {`
EIP-1102: add user privacy option 2018-10-10 20:52:26 +02:00			`const privacyMode = this.preferencesController.getFeatureFlags().privacyMode`
Do not modify isApproved when locked 2018-11-04 18:19:47 +01:00			`return !privacyMode \|\| this.approvedOrigins[origin]`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`
Disable approval caching 2018-10-29 23:44:04 +01:00
			`/**`
			`* Tells all tabs that MetaMask is now locked. This is primarily used to set`
			`* internal flags in the contentscript and inpage script.`
			`*/`
			`setLocked () {`
			`this.platform.sendMessage({ action: 'metamask-set-locked' })`
			`}`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`

			`module.exports = ProviderApprovalController`