metamask-extension/app/scripts/controllers/provider-approval.js

const ObservableStore = require('obs-store')
const SafeEventEmitter = require('safe-event-emitter')
const createAsyncMiddleware = require('json-rpc-engine/src/createAsyncMiddleware')

/**
 * A controller that services user-approved requests for a full Ethereum provider API
 */
class ProviderApprovalController extends SafeEventEmitter {
  /**
   * Determines if caching is enabled
   */
  caching = true

  /**
   * Creates a ProviderApprovalController
   *
   * @param {Object} [config] - Options to configure controller
   */
  constructor ({ closePopup, keyringController, openPopup, preferencesController } = {}) {
    super()
    this.approvedOrigins = {}
    this.closePopup = closePopup
    this.keyringController = keyringController
    this.openPopup = openPopup
    this.preferencesController = preferencesController
    this.store = new ObservableStore({
      providerRequests: [],
    })
  }

  /**
   * Called when a user approves access to a full Ethereum provider API
   *
   * @param {object} opts - opts for the middleware contains the origin for the middleware
   */
  createMiddleware ({ origin, getSiteMetadata }) {
    return createAsyncMiddleware(async (req, res, next) => {
      // only handle requestAccounts
      if (req.method !== 'eth_requestAccounts') return next()
      // if already approved or privacy mode disabled, return early
      const isUnlocked = this.keyringController.memStore.getState().isUnlocked
      if (this.shouldExposeAccounts(origin) && isUnlocked) {
        res.result = [this.preferencesController.getSelectedAddress()]
        return
      }
      // register the provider request
      const metadata = await getSiteMetadata(origin)
      this._handleProviderRequest(origin, metadata.name, metadata.icon, false, null)
      // wait for resolution of request
      const approved = await new Promise(resolve => this.once(`resolvedRequest:${origin}`, ({ approved }) => resolve(approved)))
      if (approved) {
        res.result = [this.preferencesController.getSelectedAddress()]
      } else {
        throw new Error('User denied account authorization')
      }
    })
  }

  /**
   * Called when a tab requests access to a full Ethereum provider API
   *
   * @param {string} origin - Origin of the window requesting full provider access
   * @param {string} siteTitle - The title of the document requesting full provider access
   * @param {string} siteImage - The icon of the window requesting full provider access
   */
  _handleProviderRequest (origin, siteTitle, siteImage, force, tabID) {
    this.store.updateState({ providerRequests: [{ origin, siteTitle, siteImage, tabID }] })
    const isUnlocked = this.keyringController.memStore.getState().isUnlocked
    if (!force && this.approvedOrigins[origin] && this.caching && isUnlocked) {
      return
    }
    this.openPopup && this.openPopup()
  }

  /**
   * Called when a user approves access to a full Ethereum provider API
   *
   * @param {string} origin - origin of the domain that had provider access approved
   */
  approveProviderRequestByOrigin (origin) {
    this.closePopup && this.closePopup()
    const requests = this.store.getState().providerRequests
    const providerRequests = requests.filter(request => request.origin !== origin)
    this.store.updateState({ providerRequests })
    this.approvedOrigins[origin] = true
    this.emit(`resolvedRequest:${origin}`, { approved: true })
  }

  /**
   * Called when a tab rejects access to a full Ethereum provider API
   *
   * @param {string} origin - origin of the domain that had provider access approved
   */
  rejectProviderRequestByOrigin (origin) {
    this.closePopup && this.closePopup()
    const requests = this.store.getState().providerRequests
    const providerRequests = requests.filter(request => request.origin !== origin)
    this.store.updateState({ providerRequests })
    delete this.approvedOrigins[origin]
    this.emit(`resolvedRequest:${origin}`, { approved: false })
  }

  /**
   * Clears any cached approvals for user-approved origins
   */
  clearApprovedOrigins () {
    this.approvedOrigins = {}
  }

  /**
   * Determines if a given origin should have accounts exposed
   *
   * @param {string} origin - Domain origin to check for approval status
   * @returns {boolean} - True if the origin has been approved
   */
  shouldExposeAccounts (origin) {
    const privacyMode = this.preferencesController.getFeatureFlags().privacyMode
    const result = !privacyMode || Boolean(this.approvedOrigins[origin])
    return result
  }

}

module.exports = ProviderApprovalController
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`const ObservableStore = require('obs-store')`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`const SafeEventEmitter = require('safe-event-emitter')`
			`const createAsyncMiddleware = require('json-rpc-engine/src/createAsyncMiddleware')`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00
			`/**`
			`* A controller that services user-approved requests for a full Ethereum provider API`
			`*/`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`class ProviderApprovalController extends SafeEventEmitter {`
Disable approval caching 2018-10-29 23:44:04 +01:00			`/**`
			`* Determines if caching is enabled`
			`*/`
Enable caching 2018-10-31 10:07:49 +01:00			`caching = true`
Disable approval caching 2018-10-29 23:44:04 +01:00
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`/**`
			`* Creates a ProviderApprovalController`
			`*`
			`* @param {Object} [config] - Options to configure controller`
			`*/`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`constructor ({ closePopup, keyringController, openPopup, preferencesController } = {}) {`
			`super()`
Code bath 2018-10-29 22:28:59 +01:00			`this.approvedOrigins = {}`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.closePopup = closePopup`
Code bath 2018-10-29 22:28:59 +01:00			`this.keyringController = keyringController`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.openPopup = openPopup`
EIP-1102: add user privacy option 2018-10-10 20:52:26 +02:00			`this.preferencesController = preferencesController`
Use initState to avoid type-checking providerRequests in state 2018-11-26 16:36:17 +01:00			`this.store = new ObservableStore({`
			`providerRequests: [],`
			`})`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`}`
Code bath 2018-10-29 22:28:59 +01:00
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`/**`
			`* Called when a user approves access to a full Ethereum provider API`
			`*`
			`* @param {object} opts - opts for the middleware contains the origin for the middleware`
			`*/`
			`createMiddleware ({ origin, getSiteMetadata }) {`
			`return createAsyncMiddleware(async (req, res, next) => {`
			`// only handle requestAccounts`
			`if (req.method !== 'eth_requestAccounts') return next()`
			`// if already approved or privacy mode disabled, return early`
bugfix: show extension window if locked regardless of approval 2019-05-16 16:53:37 +02:00			`const isUnlocked = this.keyringController.memStore.getState().isUnlocked`
			`if (this.shouldExposeAccounts(origin) && isUnlocked) {`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`res.result = [this.preferencesController.getSelectedAddress()]`
			`return`
			`}`
			`// register the provider request`
			`const metadata = await getSiteMetadata(origin)`
			`this._handleProviderRequest(origin, metadata.name, metadata.icon, false, null)`
			`// wait for resolution of request`
			const approved = await new Promise(resolve => this.once(`resolvedRequest:${origin}`, ({ approved }) => resolve(approved)))
			`if (approved) {`
			`res.result = [this.preferencesController.getSelectedAddress()]`
			`} else {`
			`throw new Error('User denied account authorization')`
			`}`
			`})`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`

			`/**`
			`* Called when a tab requests access to a full Ethereum provider API`
			`*`
			`* @param {string} origin - Origin of the window requesting full provider access`
Update Connect Request screen design (#5644) * Parameterize NetworkDisplay background colour * Update design for login request screen * Pass siteTitle, siteImage through for calls to ethereum.enable() * Bring the site images closer together 2018-11-05 14:07:56 +01:00			`* @param {string} siteTitle - The title of the document requesting full provider access`
			`* @param {string} siteImage - The icon of the window requesting full provider access`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*/`
EIP-1102 updates (#6006) * Update privacy notice * Respond to 1102 messages using tab ID 2019-01-30 19:27:33 +01:00			`_handleProviderRequest (origin, siteTitle, siteImage, force, tabID) {`
			`this.store.updateState({ providerRequests: [{ origin, siteTitle, siteImage, tabID }] })`
Mark origins as unapproved if user explicitly locks MetaMask 2018-11-03 12:06:11 +01:00			`const isUnlocked = this.keyringController.memStore.getState().isUnlocked`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`if (!force && this.approvedOrigins[origin] && this.caching && isUnlocked) {`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`return`
			`}`
			`this.openPopup && this.openPopup()`
			`}`

			`/**`
			`* Called when a user approves access to a full Ethereum provider API`
			`*`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`* @param {string} origin - origin of the domain that had provider access approved`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*/`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`approveProviderRequestByOrigin (origin) {`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.closePopup && this.closePopup()`
Use initState to avoid type-checking providerRequests in state 2018-11-26 16:36:17 +01:00			`const requests = this.store.getState().providerRequests`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`const providerRequests = requests.filter(request => request.origin !== origin)`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.store.updateState({ providerRequests })`
			`this.approvedOrigins[origin] = true`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			this.emit(`resolvedRequest:${origin}`, { approved: true })
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`

			`/**`
			`* Called when a tab rejects access to a full Ethereum provider API`
			`*`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`* @param {string} origin - origin of the domain that had provider access approved`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*/`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`rejectProviderRequestByOrigin (origin) {`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.closePopup && this.closePopup()`
Use initState to avoid type-checking providerRequests in state 2018-11-26 16:36:17 +01:00			`const requests = this.store.getState().providerRequests`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`const providerRequests = requests.filter(request => request.origin !== origin)`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`this.store.updateState({ providerRequests })`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`delete this.approvedOrigins[origin]`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			this.emit(`resolvedRequest:${origin}`, { approved: false })
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`

			`/**`
			`* Clears any cached approvals for user-approved origins`
			`*/`
			`clearApprovedOrigins () {`
			`this.approvedOrigins = {}`
			`}`

			`/**`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`* Determines if a given origin should have accounts exposed`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`*`
			`* @param {string} origin - Domain origin to check for approval status`
			`* @returns {boolean} - True if the origin has been approved`
			`*/`
Clear cached approval after rejection 2018-11-06 20:13:27 +01:00			`shouldExposeAccounts (origin) {`
EIP-1102: add user privacy option 2018-10-10 20:52:26 +02:00			`const privacyMode = this.preferencesController.getFeatureFlags().privacyMode`
Refactor ProviderApprovalController to use rpc and publicConfigStore (#6410) * Ensure home screen does not render if there are unapproved txs (#6501) * Ensure that the confirm screen renders before the home screen if there are unapproved txs. * Only render confirm screen before home screen on mount. * inpage - revert _metamask api to isEnabled isApproved isUnlocked 2019-05-03 19:32:05 +02:00			`const result = !privacyMode \|\| Boolean(this.approvedOrigins[origin])`
			`return result`
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`
Disable approval caching 2018-10-29 23:44:04 +01:00
EIP-1102: updated implementation 2018-09-27 20:19:09 +02:00			`}`

			`module.exports = ProviderApprovalController`