1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 18:00:18 +01:00
Commit Graph

626 Commits

Author SHA1 Message Date
Peter Yinusa
f183dc8b3e
[skip e2e] debug using source maps (#16933) 2022-12-13 14:29:38 +00:00
Jyoti Puri
8125473dc5
Removing flag for EIP1559 V2 support (#16446) 2022-12-09 00:07:06 +05:30
David Walsh
7d3b1d08da
NFTs: Update COLLECTIBLES_V1 to NFTS_V1 (#16851) 2022-12-08 11:37:47 -06:00
Filip Sekulic
c3f329cc80
Transaction security provider feature flag (#16776) 2022-12-06 11:43:53 -03:00
HowardBraham
b1fd7f7796
Fixes 'yarn start' on Windows - LavaPack is not defined (#13318) (#16550)
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
2022-11-30 09:19:45 -06:00
Frederik Bolding
8f775c0f7e
Remove fenced code in TypeScript files (#16742) 2022-11-30 15:36:34 +01:00
weizman
42b8971571
Integrating snow into metamask (#15580) 2022-11-24 02:36:19 +02:00
George Marshall
3af83f8f98
Adding static icon names to test env file (#16078)
* Storing the icon name env var as a string and parsing to use with components

* Moving icon env vars to jest specific env.js file

* Updating snapshots
2022-11-18 22:28:38 +05:30
George Marshall
23b412c13f
Component library adding global index and other housekeeping (#16441)
* Adding global index.js file

* Removing style prop from button base

* Fixing comment on generate-icon-names.js file

* Re-ordering sass imports to atomic structure

* Updating component paths code examples of MDX docs
2022-11-16 14:15:08 -08:00
Vladimir Saric
42be5a07d7
Replaced addresses by the address component on SignTypedData v4 signatures (#16018)
* Replaced addresses by the address component on SignTypedData v4 signatures

* Fixing signature-request e2e tests

* Modified scss file for signature-request message

* Using address component for rendering the addresses and bold label where hex address is not valid

* Modify the address component

* Added proper BEM syntax for class names and used Box and Typography

* FIxing e2e tests

* Commited requested changes from George and added storybook

* Review requested changes

* Created new component for rendering data in signature-request-message.js

* Fixing proper usage for getAccountName and getMetadataContractName selectors

* Fixing e2e tests
2022-11-10 06:58:34 -03:30
Mark Stacey
6ff8044421
Remove obsolete builds (#16430)
The `brave` and `opera` builds are obsolete; in practice we have been
using the Chrome build for those browsers, because they are based upon
Chromium and are compatible with the Chrome extension API.
2022-11-09 05:57:35 -10:00
Michele Esposito
522eb72e49
chore: add bundle size diff to metamaskbot (#16098) 2022-11-09 09:02:44 -06:00
legobeat
348262f2ea
build: run scss pipelines synchronously (#16301)
This resolves a race condition in live-reload when editing scss files.
2022-11-04 02:28:52 +00:00
kumavis
9a74c995bf
[LavaMoat] improve policy generation performance in dev workflow (#16338)
* npm scripts - rename lavamoat:background to lavamoat:webapp

* lavamoat - generate webapp policy - add devMode flag to run in node for speed

* lavamoat - generate webapp policy - dont lint fences

* lint fix
2022-11-01 08:52:38 -10:00
Erik Marks
a8c1756816
Remove 3box feature and delete ThreeBoxController (#14571)
* Remove 3box feature and delete ThreeBoxController

Lint locale messages

lavamoat policy updates

* Restore 3Box user trait with value `false`

The 3Box user trait has been restored and hard-coded as `false`. This
ensures that users don't get stuck in our metrics as having this trait.

A deprecation comment has been left in various places for this trait.

* Remove unused state

* Remove additional 3box-related things

* Run `yarn-deduplicate`

* Restore migration that was lost while rebasing

* Remove obsolete override

* Remove additional unused resolutions/dependencies

* Update LavaMoat policies

* Remove obsolete security advisory ignore entries

* Remove 3Box fixture builder method

* Update unit tests

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2022-10-31 13:50:50 -02:30
Mark Stacey
7279ea5b40
Use current version of the phishing warning page (#16123)
We now use the `latest` tag for the phishing warning page, we now use
the version that matches what we have in our manifest. This ensures
that our phishing warning e2e tests match the behaviour of the
production build, and it ensures that breaking changes to the phishing
warning page don't impact users in production.
2022-10-07 14:19:20 -02:30
Harry
21c9fe2de9
Change endpoint to always use latest build of the phishing warning (#16026)
Co-authored-by: ryanml <ryanlanese@gmail.com>
2022-09-28 22:38:23 -07:00
ryanml
0bc1eeaf37
Deprecating the Rinkeby, Ropsten, and Kovan test networks (#15989)
* Deprecating Rinkeby, setting default debug network to Goerli

* Deprecating Ropsten and Kovan

* Conflict fix

* Remove unused localization, test fixes

* Add migration for moving used deprecated testnets to custom networks

* Fix migrator test

* Add more unit tests

* Migration updates provider type to rpc if deprecated network is selected

* Migration fully and correctly updates the provider if selected network is a deprecated testnet

* Continue to show deprecation warning on each of rinkeby, ropsten and kovan

* Add rpcUrl deprecation message to loading screen

* Removing mayBeFauceting prop

Co-authored-by: Dan Miller <danjm.com@gmail.com>
2022-09-28 20:26:01 -07:00
Brad Decker
99808eb02c
remove customize-gas modal and related code that is no longer used (#16004) 2022-09-28 15:00:57 -05:00
George Marshall
362ef792bd
Fix/remove mistake script (#15983) 2022-09-27 08:24:49 -05:00
David Walsh
d468c9dbde
Dark Mode: Elevate the theme dropdown from experimental to regular settings (#15865)
* Dark Mode: Elevate the theme dropdown from experimental to regular settings

* Fix search

* Fix test

* Adjust settings order

* removing renderTheme call from experimental tab and rearranging setting ref number in general tab

Co-authored-by: Niranjana Binoy <43930900+NiranjanaBinoy@users.noreply.github.com>
2022-09-23 10:15:02 -05:00
George Marshall
e69e207b7d
Adding Icon component and removing BaseIcon component (#15772)
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2022-09-20 12:15:14 -05:00
Nicolas Ferro
1b563188bf
Ability to buy tokens with Coinbase Pay and Transak (#15551)
Co-authored-by: Ariella Vu <20778143+digiwand@users.noreply.github.com>
Co-authored-by: Brad Decker <git@braddecker.dev>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2022-09-19 10:00:57 -05:00
Filip Sekulic
6e13524bcd
Remove related UI code from the app dir (#15384)
Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
Co-authored-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
2022-09-16 14:05:21 -05:00
Mark Stacey
f465089c2a
Make environment variables higher precedence than config (#15858)
Environment variables are now considered as higher-precedence than
configuration by our build system. This means that if the same value is
set in `.metamaskrc` and in an environment variable, the environment
variable is what will be used. Previously the reverse was true, the
configuration would take precedence.

It is conventional for CLI tools to consider environment variables as
higher precedence than configuration. This makes our build system less
surprising for most people.
2022-09-16 14:28:43 -02:30
Mark Stacey
5bfc2f379d
Fix portfolio URL configuration (#15849)
The portfolio URL added in #15407 was meant to be configurable via
environment variable or the `.metamaskrc` file, but that configuration
was broken. Instead the default value was always used.

That configuration has been fixed. The portfolio URL can be set either
by environment variable or configuration file.
2022-09-16 10:43:59 -02:30
ryanml
7b04bf8b47
Adding Sepolia as a default test network (#15787) 2022-09-14 13:26:45 -05:00
Matthew Epps
dcfe80c255
Add entry point for metalabs dapp into metamask home page (#15407)
Co-authored-by: Dan Miller <danjm.com@gmail.com>
2022-09-13 08:41:58 -05:00
legobeat
ef9d5d117b
chore: Adjust trailing whitespace (#15636)
Co-authored-by: ryanml <ryanlanese@gmail.com>
2022-08-24 14:11:49 -05:00
legobeat
2a1c4a00f1
development scripts: add node shebang; mark as executable (#15655) 2022-08-24 12:25:27 -05:00
Filip Sekulic
47d61c6832
Token allowance improvements feature flag (#15646) 2022-08-24 11:04:36 -05:00
Mark Stacey
22552a0152
Fix LavaMoat policy generation script (#15668)
Recently in #15468 the name of the scripts task used by the LavaMoat
policy generation script was renamed from `scripts:prod` to
`scripts:dist`, but we neglected to change this name in the LavaMoat
policy generation script itself.

The script task has now been updated so that the script works again,
and the LavaMoat policy generation script has been re-run.
2022-08-22 21:22:47 -02:30
Mark Stacey
48c02ef641
Add validation to production build script (#15468)
Validation has been added to the build script when the "prod" target is
selected. We now ensure that all expected environment variables are
set, and that no extra environment variables are present (which might
indicate that the wrong configuration file is being used).

The `prod` target uses a new `.metamaskprodrc` configuration file. Each
required variable can be specified either via environment variable or
via this config file. CI will continue set these via environment
variable, but for local manual builds we can use the config file to
simplify the build process and ensure consistency.

A new "dist" target has been added to preserve the ability to build a
"production-like" build without this validation.

The config validation is invoked early in the script, in the CLI
argument parsing step, so that it would fail more quickly. Otherwise
we'd have to wait a few minutes longer for the validation to run.
This required some refactoring, moving functions to the utility module
and moving the config to a dedicated module.

Additionally, support has been added for all environment variables to
be set via the config file. Previously the values `PUBNUB_PUB_KEY`,
`PUBNUB_SUB_KEY`, `SENTRY_DSN`, and `SWAPS_USE_DEV_APIS` could only be
set via environment variable. Now, all of these variables can be set
either way.

Closes #15003
2022-08-19 15:46:18 -02:30
Erik Marks
8210e3a812
Convert LavaMoat policy generation script to Yargs application (#15626)
This PR converts `generate-lavamoat-policies.sh` to `.js` using Yargs. This makes it easier to only generate policy files for a specific build type (using the `-t` flag), which is often useful during Flask development. In addition, the `lavamoat:background:auto` scripts are renamed, and the main readme is updated with some useful tips.

Note that `lavamoat:background:auto:dev` is removed and `lavamoat:background:auto` should be used during local development.
2022-08-18 16:09:26 -07:00
Niranjana Binoy
650eac88a5
Cleanup after TOKEN_DETECTION_V2 flag removal (#15564) 2022-08-16 10:22:05 -04:00
seaona
437acdb74c
Capture user actions times for MV2 benchmark and generate artifacts (#15353)
* User actions benchmark and artifacts

* Lint and fix identation

* Fix lint

* Updated path

* lint

* Add user actions benchmark to pre release job

* Remove title

* Out path updated

* See if url is finally fixed

* Adding some console logs

* lint

* fix lint

* fix lint

* Updated persisting and store artifacts path

* Added MetaMask bot correct link and remove console logs

* Remove console log

* Sort Imports

* Fix lint

* Update loadAccount function and prop name for clarity to loadNewAccount

* Run yarn setup

* Fix yarn

* Update Create Account element for Create account

* Remove unnecessary step on send

Co-authored-by: Jyoti Puri <jyotipuri@gmail.com>
2022-08-12 19:41:20 +02:00
Elliot Winkler
a7d98b695f
Add TypeScript migration dashboard (#13820)
As we convert parts of the codebase to TypeScript, we will want a way to
track progress. This commit adds a dashboard which displays all of the
files that we wish to convert to TypeScript and which files we've
already converted.

The list of all possible files to convert is predetermined by walking
the dependency graph of each entrypoint the build system uses to compile
the extension (the files that the entrypoint imports, the files that the
imports import, etc). The list should not need to be regenerated, but
you can do it by running:

    yarn ts-migration:enumerate

The dashboard is implemented as a separate React app. The CircleCI
configuration has been updated so that when a new commit is pushed, the
React app is built and stored in the CircleCI artifacts. When a PR is
merged, the built files will be pushed to a separate repo whose sole
purpose is to serve the dashboard via GitHub Pages (this is the same
way that the Storybook works). All of the app code and script to build
the app are self-contained under
`development/ts-migration-dashboard`. To build this app yourself, you
can run:

    yarn ts-migration:dashboard:build

or if you want to build automatically as you change files, run:

    yarn ts-migration:dashboard:watch

Then open the following file in your browser (there is no server
component):

    development/ts-migration-dashboard/build/index.html

Finally, although you shouldn't have to do this, to manually deploy the
dashboard once built, you can run:

    git remote add ts-migration-dashboard git@github.com:MetaMask/metamask-extension-ts-migration-dashboard.git
    yarn ts-migration:dashboard:deploy
2022-08-09 14:16:08 -06:00
ryanml
67a7483754
Adding option to update lavamoat policies in parallel (#14536)
Co-authored-by: brad-decker <bhdecker84@gmail.com>
2022-08-09 11:08:34 -05:00
Mark Stacey
e3420a4262
Fix build script errors (#15493)
There is a SES bug that results in errors being printed to the console
as `{}`[1]. The known workaround is to print the error stack rather
than printing the error directly. This affects our build script when it
is run with LavaMoat.

We used this workaround in one place in the build script already, but
not in the handler for task errors. We now use it in both places.

The workaround has been moved to a function that we can use throughout
the build script.

[1]: https://github.com/endojs/endo/issues/944
2022-08-06 03:33:35 -04:00
Mark Stacey
44f8e9e10e
Replace rc with ini (#15464)
We use the `rc` package to read the `.metamaskrc` configuration file,
which is in "ini" format. This package has been replaced by the `ini`
package.

The `rc` package was not actively maintained, and it has had recent
security vulnerabilities. But most importantly, the config object
returned by `rc` includes a bunch of extra information that made build
script validation [1] difficult to implement. Specifically, it made it
challenging to ensure no extra environment variables were present.

The `ini` package on the other hand is simple, well maintained, and
is simpler to use. This package doesn't add any extra properties to the
object it returns, making validation easy.

[1]: https://github.com/MetaMask/metamask-extension/issues/15003
2022-08-05 15:11:18 -02:30
Brad Decker
7b42c54728
Update Babel and dependencies (#15392) 2022-08-05 10:04:44 -05:00
Mark Stacey
fa336b5137
Refactor build script to include build target (#15447)
The "scripts" portion of the build script has been refactored to pass
the "build target" throughout the file. The "build target" is the
target environment for the build, reflected by the command used to
start the build (e.g. "dev", "prod", "test", or "testDev").

Beforehand we derived the variables `devMode` and `testing` from this
build target, and passed these throughout the script. However, there is
a future change [1] that requires adding a new build target that acts
like "prod" in some ways but not others. It was easier to refactor to
pass through `buildTarget` directly than it was to add a _third_
boolean flag to indirectly represent the target.

The existence of the "testDev" target made it convenient to still have
the `testing` and `devMode` flag, so helper functions were added to
derive those values from the build target. I anticipate that these will
only be needed temporarily though. We will probably be able to get rid
of the `testDev` target and the related complexities when we start
adding more flags (like `--watch`[2] and `--minify`[3]) to the build
script directly.

[1]: https://github.com/MetaMask/metamask-extension/issues/15003
[2]: https://github.com/MetaMask/metamask-extension/issues/12767
[3]: https://github.com/MetaMask/metamask-extension/issues/12768
2022-08-04 15:42:06 -02:30
Mark Stacey
3b30984ce5
Fix "app-init" injection (#15320)
* Fix "app-init" injection

The way we were injecting variables into the `app-init.js` bundle was
accidentally overwriting the bundle output with the raw `app-init.js`
source file. This is a problem because the bundling process handles a
lot of things we care about like source maps, polyfills and other
necessary Babel transformations, environment variable injection, and
minification.

Instead of using string replacement to inject variables, we are now
using environment variables. The old string replacement strategy has
been removed, and the `app-init.js` module is now generated using the
same process as our other bundles.

A new option, "extraEnvironmentVariables", was added to allow us to
inject environment variables specifically for this bundle.

* Add check to ensure APPLY_LAVAMOAT is set
2022-08-03 12:51:10 -02:30
Sam Gbafa
5802805597
Add Sign-In with Ethereum (#14438)
Co-authored-by: Gregório Granado Magalhães <greg.magalhaes@gmail.com>
Co-authored-by: George Marshall <georgewrmarshall@gmail.com>
Co-authored-by: georgewrmarshall <george.marshall@consensys.net>
Co-authored-by: Ariella Vu <20778143+digiwand@users.noreply.github.com>
Co-authored-by: brad-decker <bhdecker84@gmail.com>
2022-08-03 09:56:11 -05:00
Brad Decker
c72199a1a6
update prettier (#15360) 2022-07-31 13:26:40 -05:00
Brad Decker
693a6dfc0c
Remove unnecessary file extensions (#15352) 2022-07-27 14:32:17 -05:00
Mark Stacey
73cd2b0306
Add comments to build script (#15319)
This is a follow-up to #15318, which fixed a problem with environment
variables. Every function in this module that passes options related to
environment variables has been updated with a doc comment. This should
make it clearer which options are mandatory and which are optional,
hopefully preventing a similar mistake from happening in the future.
2022-07-27 13:04:02 -02:30
Brad Decker
652d631cda
remove exclusions for mismatched object jsdoc type casing (#15351) 2022-07-27 08:28:05 -05:00
Brad Decker
1db0ee87ec
Update Eslint and deps (#15293) 2022-07-26 13:10:51 -05:00
Mark Stacey
2bcc1c512c
Fix environment variable injection (#15318)
The environment variables `IN_TEST` and `METAMASK_DEBUG` were not
being set to `false` correctly. Instead those variables were being
skipped, and were resolved to `undefined` at runtime. This is confusing
because the other environment variables do not work that way - they can
be set to false.

The build script has been updated to ensure those two environment
variables are always set to `true` or `false` - never `undefined`.

Additionally, the `METAMASK_VERSION` environment variable was being
omitted from the `app-init.js` bundle. For the sake of consistency,
that has also been restored.
2022-07-22 12:37:39 -02:30
Mark Stacey
4c942aa008
Rename various build script functions (#15317)
Some of the functions in `development/build/scripts.js` have been
renamed to better describe their function, and to be more consistent
with other similar functions.
2022-07-21 21:03:28 -02:30
Mark Stacey
61783bbe89
Remove unused bundling options in build script (#15316)
Two unused options have been removed from the `createNormalBundle`
function in the build script: 'extraEntries` and `modulesToExpose`.'

Both of these options were used in the old "main" bundles, before we
began using the "factored" bundles. They have been unused since #11080.
2022-07-21 21:03:06 -02:30
Jyoti Puri
5bae544475
MV3 bundle size stats (#15191) 2022-07-21 23:10:24 +05:30
Jyoti Puri
45cecf385d
Adding artifacts (#15145) 2022-07-20 19:33:16 +04:00
Jyoti Puri
0622883a3c
Capturing load time stats (#15157) 2022-07-20 11:40:31 +04:00
Jyoti Puri
6aa0ecce2a
Capturing lavamoat stats in E2E (#15153) 2022-07-20 03:07:15 +04:00
Mark Stacey
0457d54c9d
Fix invalid build timestamp on certain timezones (#15245)
Currently the build .zip has its time set to the Unix epoch, which
apparently causes problems on certain operating systems when in a
timezone that is behind GMT.

The build timestamp has been changed to MetaMask's birthday. Time
zone adjustments will no longer result in invalid dates.
2022-07-18 15:03:58 -02:30
ryanml
959a376347
Remove 'ADD_POPULAR_NETWORKS' feature flag (#15229) 2022-07-14 08:58:34 -07:00
Jyoti Puri
aeb0147846
Adding tasks for MV3 test build (#15133) 2022-07-14 03:34:33 +04:00
Dan J Miller
e8ea973f0f
Add feature flag to prevent add popular networks from being available on prod (#15117) 2022-07-04 12:20:37 -02:30
Erik Marks
08cc6c5e77
Bump minimum Node.js version to 16 (#15131) 2022-07-02 23:32:18 -07:00
Mark Stacey
b68aee1bef
Migrate the build script to yargs (#14836)
The build script now uses `yargs` rather than `minimist`. The CLI is
now better documented, and we have additional validation for each
option.

A patch for `yargs` was required because it would blow up on the line
`Error.captureStackTrace`. For some reason when running under LavaMoat,
that property did not exist.

Closes #12766
2022-06-21 17:37:05 -02:30
Jyoti Puri
843beb6d20
MV3: fix injection of applyLavamoat variable in service worker (#14920) 2022-06-18 12:40:30 +05:30
PeterYinusa
875a333084
Sentry documentation (#14788)
* Sentry documentation

* Update docs
2022-06-15 21:48:40 +01:00
Jyoti Puri
d8e1961fd1
MV3: Fix dynamic file list injection on service worker reload (#14795) 2022-06-15 20:27:51 +05:30
Mark Stacey
e6d5af5f9a Merge remote-tracking branch 'origin/develop' into master-sync
* origin/develop: (131 commits)
  Update `protobufjs` and remove obsolete advisory exclusion (#14841)
  Include snap version in pill (#14803)
  Update PULL_REQUEST_TEMPLATE.md (#14790)
  fix: keystone transaction qrcode has no white spacing (#14798)
  Snap notifications integration (#14605)
  Upgrade @metamask/eth-ledger-bridge-keyring (#14799)
  snaps-skunkworks@0.15.0 (#14772)
  Fix proptype errors in network dropdown, tx list item details, and account details modal tests (#14747)
  Ensure transaction type is correctly updated on edit (#14721)
  Add fiat onboarding for AVAX and MATIC through Wyre (#14683)
  Bump @metamask/contract-metadata from 1.33.0 to 1.35.0 (#14791)
  Slight cleanup of constants/transactions, useTransactionDisplayData, and TransactionIcon (#14784)
  Migrate the "estimateGas" API call to "getFees" for STX (#14767)
  Ignore advisory GHSA-wm7h-9275-46v2 (#14789)
  Adding flag for MV3 (#14762)
  Add types to send state (#14740)
  Remove site origin on snap install (#14752)
  Update design tokens library from 1.5 to 1.6 WIP (#14732)
  Enables the "Safe Transaction From" copy for safeTransferFrom transactions (#14769)
  remove draft transaction (#14701)
  ...
2022-06-03 11:53:40 -02:30
Mark Stacey
cf5db650fe Merge remote-tracking branch 'origin/master' into Version-v10.14.7
* origin/master: (101 commits)
  Updating changelog
  Add token standard to custom token details (#14506)
  Revert "Dark Mode: What's New Announcement (#14346)"
  Ensure network name in confirm page container is defined (#14520)
  Updating lavamoat policies
  Fix the alerts toggles in settings (#14498)
  Disable swaps whenever the environment is not development or testing, so that behaviour follows production for QA purposes (#14499)
  [skip e2e] Updating changelog for v10.14.0 (#14487)
  Version v10.14.0
  Docs - segment metrics (#14435)
  Add snaps view search (#14419)
  Run main, flask and beta in sequence in generate-lavamoat-policies.sh (#14470)
  Modify import SRP page (#14425)
  Dark Mode: Implement Metrics (#14455)
  HoldToRevealButton component (#13785)
  e2e test import json file as import account strategy (#14449)
  MetaMetrics: Identify 'number_of_tokens' user trait (#14427)
  MetaMetrics: Identify 'nft_autodetection_enabled' &  'opensea_api_enabled' (#14367)
  Swaps: Sort "token_from" dropdown tokens by their fiat value first and "token_to" by top tokens (#14436)
  Update segment instantiation check. Only check if SEGMENT_WRITE_KEY exists (#14407)
  ...
2022-06-02 18:30:23 -02:30
Jyoti Puri
25082ae272
Adding flag for MV3 (#14762) 2022-05-26 10:18:23 +05:30
Mark Stacey
d1ac1a8389 Rename phishing warning page environment variable
The phishing warning page URL environment variable has been renamed
from `PHISHING_PAGE_URL` to `PHISHING_WARNING_PAGE_URL`. We call this
page the "phishing warning page" everywhere else, and this name seemed
better suited (it's not a phishing page itself).

The variable has been listed and documented in `.metamaskrc.dist` as
well.
2022-05-16 18:48:20 -02:30
Mark Stacey
5a5e541b5e Fix e2e tests
The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`.
The iframe case was updated with a new design, which required test
changes. The third test that was meant to ensure the phishing page
can't redirect to an extension page has been updated to navigate
directly to the phishing warning page and setting the URL manually via
query parameters, as that was the only way to test that redirect.
2022-05-16 18:48:20 -02:30
Mark Stacey
3693de7947 Reproducible .zip files (#14623)
* Create `.zip` files deterministically

Our build system now creates `.zip` archives deterministically.
Previously the `.zip` file would differ between builds even when the
files being archived were identical. This was because the order the
files were passed in was non-deterministic, and the `mtime` for each
file was different between builds.

The files are now sorted before being zipped, and the `mtime` for each
file has been set to the unix epoch.

* Update lavamoat build policy
2022-05-16 14:48:09 -02:30
Mark Stacey
7199d9c567 Use externally hosted phishing warning page
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.

The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.

The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.

The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.

New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
2022-05-16 14:40:50 -02:30
kumavis
07da8ce589
LavaMoat - UI upgrade - secure package naming (#14565)
* lavamoat - update lavamoat-browserify to v15

* lavamoat/ui - unify override across build types

* lavamoat/ui - update policy overrides

* lavamoat - update to lavapack@3 to match lavamoat-browserify@15

* lavamoat - add missing policy

* lavamoat - add missing nanoid policy

* lavamoat - regenerate policy

* deps - update lock

* lavamoat - update policy

* lavamoat - update policy
2022-05-05 12:47:51 -10:00
Mark Stacey
91fd8342dc
Reproducible .zip files (#14623)
* Create `.zip` files deterministically

Our build system now creates `.zip` archives deterministically.
Previously the `.zip` file would differ between builds even when the
files being archived were identical. This was because the order the
files were passed in was non-deterministic, and the `mtime` for each
file was different between builds.

The files are now sorted before being zipped, and the `mtime` for each
file has been set to the unix epoch.

* Update lavamoat build policy
2022-05-05 11:58:24 -02:30
PeterYinusa
4127583224
Jest tests - incremental coverage (#14612)
* add jest-it-up dependancy

* add reporter

* post test run jest-it-up

* Add CI check

* update coverage

* deduplicate dependancies
2022-05-04 17:02:42 +01:00
Erik Marks
6915dd1a57
Fix development build scripts (#14594)
#14583 broke the development build scripts (e.g. `yarn start`) by adding a positional argument to a package script (`build:dev`) that is used and passed positional arguments in the build script itself. This PR removes the positional argument from the `build:dev` script and `yarn start` now works again. In addition, the `--apply-lavamoat` flag is properly forwarded to child processes, which was not the case in the original implementation.

To test, `yarn start` should work and LavaMoat should _not_ be applied, in distinction to `yarn build:dev dev --apply-lavamoat=true`. Whether LavaMoat is applied can be determined by checking whether `Object.isFrozen(Object.prototype)` is `true` (with LavaMoat) or `false` (without LavaMoat).
2022-05-02 15:35:52 -07:00
Erik Marks
73a7ce9e39
Add applyLavaMoat build flag (#14583)
Adds a new flag, `--apply-lavamoat`, to the main build script. The flag controls whether LavaMoat is actually applied to the output of the build process. The flag defaults to `true`, but we explicitly set it to `false` in the `start` package script. Meanwhile, the `start:lavamoat` script is modified such that it applies LavaMoat to the build output in development mode, but it no longer runs the build process itself under LavaMoat as there aren't very compelling reasons to do so.

This change is motivated by the fact that development builds do not have their own dedicated LavaMoat policies, which causes development builds to fail since #14537. The downside of this change is that LavaMoat-related failures will not be detected when running `yarn start`. @kumavis has plans for fixing this problem in a future major version of the `@lavamoat` suite.
2022-04-29 15:56:30 -07:00
kumavis
66bd172980
Lavamoat - protect all UI contexts (#14537)
* lavamoat - apply lavamoat protections to popup and notification

* build - enable lavamoat for home

* lavamoat - add missing ui overrides for react family

* deps/patches - patch zxcvbn for ses compat
2022-04-28 08:45:46 -10:00
kumavis
223124a561
lavamoat@6 - update to secure package naming (#14488) 2022-04-26 07:36:57 -10:00
Dan J Miller
f4a00872d9 Run main, flask and beta in sequence in generate-lavamoat-policies.sh (#14470) 2022-04-19 13:38:51 -02:30
PeterYinusa
273c1dedb7
Docs - segment metrics (#14435)
* expand docs for metrics

* link to docs

* link to docs

* remove obsolete docs

* fix broken link
2022-04-19 16:15:41 +01:00
Dan J Miller
073a6e0613
Run main, flask and beta in sequence in generate-lavamoat-policies.sh (#14470) 2022-04-19 11:13:47 -02:30
ryanml
b8c9f370ef Merge remote-tracking branch 'origin/master' into Version-v10.13.0 2022-04-07 02:32:07 -07:00
Mark Stacey
831d274a40 Restore version missing from certain build steps (#14344)
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.

A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
2022-04-04 21:06:12 -02:30
Mark Stacey
2d08fe35e5
Restore version missing from certain build steps (#14344)
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.

A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
2022-04-04 16:44:32 -02:30
kumavis
fd32d3eb2b
Update metamaskbot-build-announce.js (#14320)
* Update metamaskbot-build-announce.js

* Update metamaskbot-build-announce.js
2022-03-31 16:11:59 -10:00
PeterYinusa
1130b58910 E2e metrics (#13904)
* remove metrics build

* remove segment server from tests

* enable cors

* mock segment globally

* metrics e2e test

* running test builds

* move file

* destructuring
2022-03-29 07:35:06 -02:30
Elliot Winkler
53006d4cf0
Add TypeScript to the build system (#13489)
This commit modifies the build system so that TypeScript files can be
transpiled into ES5 just like JavaScript files.

Note that this commit does NOT change the build system to run TypeScript
files through the TypeScript compiler. In other words, no files will be
type-checked at the build stage, as we expect type-checking to be
handled elsewhere (live, via your editor integration with `tsserver`,
and before a PR is merged, via `yarn lint`). Rather, we merely instruct
Babel to strip TypeScript-specific syntax from any files that have it,
as if those files had been written using JavaScript syntax alone.

Why take this approach? Because it prevents the build process from being
negatively impacted with respect to performance (as TypeScript takes a
significant amount of time to run).

It's worth noting the downside of this approach: because we aren't
running files through TypeScript, but relying on Babel's [TypeScript
transform][1] to identify TypeScript syntax, this transform has to keep
up with any syntax changes that TypeScript adds in the future. In fact
there are a few syntactical forms that Babel already does not recognize.
These forms are rare or are deprecated by TypeScript, so I don't
consider them to be a blocker, but it's worth noting just in case it
comes up later. Also, any settings we place in `tsconfig.json` will be
completely ignored by Babel. Again, this isn't a blocker because there
are some analogs for the most important settings reflected in the
options we can pass to the transform. These and other caveats are
detailed in the [documentation for the transform][2].

[1]: https://babeljs.io/docs/en/babel-plugin-transform-typescript
[2]: https://babeljs.io/docs/en/babel-plugin-transform-typescript#caveats
2022-03-28 16:33:40 -06:00
David Walsh
7f239997dc
Dark Mode: Remove feature flag (#14207) 2022-03-25 20:42:52 -05:00
Dan Miller
d5c693d9db Merge remote-tracking branch 'origin/master' into Version-v10.12.0-alt 2022-03-25 14:56:57 -02:30
Mark Stacey
4139aa26a9 Derive version suffix from build type and version (#13895)
The version of a build is now derived from both the `version` field in
`package.json` and the requested build type and version. The build type
and version are added onto the manifest version as a suffix, according
to the SemVer prerelease format.

We already have support in the extension for versions of this format,
but to apply a Flask or Beta version required manual updates to
`package.json`. Now it can be done just with build arguments.

A `get-version` module was created to make it easier to generate the
version in the various places we do that during the build. It was
created in the `development/lib` directory because it will be used by
other non-build development scripts in a future PR.

The `BuildType` constant was extracted to its own module as well, and
moved to the `development/lib` directory. This was to make it clear
that it's used by various different development scripts, not just the
build.
2022-03-22 20:41:01 -07:00
Mark Stacey
ce9dc12f75 Automate the Flask release process (#13898)
* Automate the Flask release

A Flask release will now be published alongside each main extension
release. The version of each Flask release will be the same as the
extension version except it will have the suffix `-flask.0`.

* Programmatically remove build prefix

The create GH release Bash script derives the Flask version from the
Flask build filename by removing the build prefix, leaving just the
version. Rather than hard-coding the prefix size to remove, it is now
calculated programmatically so that it is easier to read and update.

* Fix tag publishing

The tab publishing step used the wrong credentials, and didn't properly
identify the commit author. This has now been fixed.
2022-03-22 19:55:51 -07:00
Dan Finlay
99604e5642 Document Flask build flag (#13597)
* Document Flask build flag

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2022-03-22 19:54:33 -07:00
Niranjana Binoy
90d6143071
Move Token Detection toggle to Advanced tab. (#13977) 2022-03-22 15:14:59 -04:00
Elliot Winkler
4447727eb6
Add TypeScript to the linting process (#13495)
This commit allows developers to write TypeScript files and lint them
(either via a language server in their editor of choice or through the
`yarn lint` command).

The new TypeScript configuration as well as the updated ESLint
configuration not only includes support for parsing TypeScript files,
but also provides some compatibility between JavaScript and TypeScript.
That is, it makes it possible for a TypeScript file that imports a
JavaScript file or a JavaScript file that imports a TypeScript file to
be linted.

Note that this commit does not integrate TypeScript into the build
system yet, so we cannot start converting files to TypeScript and
pushing them to the repo until that final step is complete.
2022-03-21 12:54:47 -06:00
PeterYinusa
c07e477c13
E2e metrics (#13904)
* remove metrics build

* remove segment server from tests

* enable cors

* mock segment globally

* metrics e2e test

* running test builds

* move file

* destructuring
2022-03-15 13:17:48 -03:00
Mark Stacey
6aaeab2f24
Automate the Flask release process (#13898)
* Automate the Flask release

A Flask release will now be published alongside each main extension
release. The version of each Flask release will be the same as the
extension version except it will have the suffix `-flask.0`.

* Programmatically remove build prefix

The create GH release Bash script derives the Flask version from the
Flask build filename by removing the build prefix, leaving just the
version. Rather than hard-coding the prefix size to remove, it is now
calculated programmatically so that it is easier to read and update.

* Fix tag publishing

The tab publishing step used the wrong credentials, and didn't properly
identify the commit author. This has now been fixed.
2022-03-15 08:54:37 -02:30
Mark Stacey
75a8aedc32
Derive version suffix from build type and version (#13895)
The version of a build is now derived from both the `version` field in
`package.json` and the requested build type and version. The build type
and version are added onto the manifest version as a suffix, according
to the SemVer prerelease format.

We already have support in the extension for versions of this format,
but to apply a Flask or Beta version required manual updates to
`package.json`. Now it can be done just with build arguments.

A `get-version` module was created to make it easier to generate the
version in the various places we do that during the build. It was
created in the `development/lib` directory because it will be used by
other non-build development scripts in a future PR.

The `BuildType` constant was extracted to its own module as well, and
moved to the `development/lib` directory. This was to make it clear
that it's used by various different development scripts, not just the
build.
2022-03-10 12:31:50 -03:30
PeterYinusa
d1c05195dd
E2e improve mocking (#13841)
* improve mocking

* improve mocking

* Unnecessary await
2022-03-07 19:23:04 +00:00
Niranjana Binoy
4bb3ba4aef
Adding new settings dropdown for Dark mode in Experimental tab (#13097) 2022-03-07 12:53:19 -06:00
Dan Finlay
1cb0a1bb87
Document Flask build flag (#13597)
* Document Flask build flag

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2022-03-02 23:56:04 -08:00
Elliot Winkler
1e494f3004
Refactor ESLint config (#13482)
We would like to insert TypeScript into the ESLint configuration, and
because of the way that the current config is organized, that is not
easy to do.

Most files are assumed to be files that are suited for running in a
browser context. This isn't correct, as we should expect most files to
work in a Node context instead. This is because all browser-based files
will be run through a transpiler that is able to make use of
Node-specific variables anyway.

There are a couple of important ways we can categories files which our
ESLint config should be capable of handling well:

* Is the file a script or a module? In other words, does the file run
  procedurally or is the file intended to be brought into an existing
  file?
* If the file is a module, does it use the CommonJS syntax (`require()`)
  or does it use the ES syntax (`import`/`export`)?

When we introduce TypeScript, this set of questions will become:

* Is the file a script or a module?
* If the file is a module, is it a JavaScript module or a TypeScript
  module?
* If the file is a JavaScript module, does it use the CommonJS syntax
  (`require()`) or does it use the ES syntax (`import`/`export`)?

To represent these divisions, this commit removes global rules — so now
all of the rules are kept in `overrides` for explicitness — and sets up
rules for CommonJS- and ES-module-compatible files that intentionally do
not overlap with each other. This way TypeScript (which has its own set
of rules independent from JavaScript and therefore shouldn't overlap
with the other rules either) can be easily added later.

Finally, this commit splits up the ESLint config into separate files and
adds documentation to each section. This way sets of rules which are
connected to a particular plugin (`jsdoc`, `@babel`, etc.) can be easily
understood instead of being obscured.
2022-02-28 10:42:09 -07:00
PeterYinusa
30b2afe7bc
E2e phishing detection (#13704)
* phishing detection test

* remove unused arg
2022-02-22 16:48:12 +00:00
Elliot Winkler
b1b4e64ad0
Prevent Browserify error from being swallowed (#13647)
If an error occurs while running Browserify, the stream that Browserify
creates will emit an `error` event. However, this event is not being
handled, so Node will catch it instead. But the error message it
produces is very nebulous, as it merely spits out the stream object and
completely ignores the actual error that occurred. So this commit
listens for the `error` event and outputs the error.

One note here is that when we are outputting the error, we must get
around a bug that exists in Endo where if you pass an Error object to
`console.{log,error,info,debug}` then you will just see `{}` on-screen.
We get around this by printing `err.stack`.
2022-02-17 13:47:50 -07:00
PeterYinusa
ebeb2668ea
E2e mocking (#13640)
* mock gas price api

* fix error

* full url

* remove duplicated packages

* full url

* customise mock per test

* customise mock per test

* enable mocking

* enable mocking

* enable mocking by default

* duplicated packages

* update mockttp

* pass through

* pass through
2022-02-16 14:21:41 +00:00
Erik Marks
35ac762e10
Add Snaps via Flask (#13462)
This PR adds `snaps` under Flask build flags to the extension. This branch is mostly equivalent to the current production version of Flask, excepting some bug fixes and tweaks.

Closes #11626
2022-02-14 16:02:51 -08:00
Jyoti Puri
760ed3457d
Removing EIP_1559_V2 feature flag (#13481) 2022-02-03 05:58:28 +05:30
Jyoti Puri
9a3c917a48
Adding support for EIP-1559 in E2E tests (#13282) 2022-01-19 04:38:41 +05:30
Hassan Malik
ff27f24ef9
Flask devx fix (#13280)
* added fix for snaps devx issue

* reordered lines

* updated comment

* added test that ensures removeFencedCode detects a file with sourceMap inclusion

* fixed test

* Update development/build/transforms/remove-fenced-code.test.js

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2022-01-12 12:37:29 -05:00
Mark Stacey
3732c5f71e
Add JSDoc ESLint rules (#12112)
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.

Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.

Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
2022-01-07 12:27:33 -03:30
Elliot Winkler
af971cd5b6
Remove dupe Prettier config from ESLint config (#13234)
The ESLint config for the extension explicitly includes support for
Prettier. However, this is already being provided by our global ESLint
config (`@metamask/eslint-config`). Therefore there is no need to
include it here. In fact, this is causing weird issues where the `curly`
option is getting overridden somehow. After this change, these syntaxes
are invalid:

``` javascript
if (foo) return;
```

``` javascript
if (foo) return 'bar';
```
2022-01-06 15:56:51 -07:00
Erik Marks
dbfdf3b0eb
Update Flask support links and home footer (#13226)
* Update support links for Flask

* Disable 'prefer-const' in code fence linting

* Add bespoke home footer for Flask and update logic

* fixup! Add bespoke home footer for Flask and update logic

* Fix code fence lint failure

* Fix support request link in account menu

* Fix unit test failure
2022-01-05 21:25:20 -03:30
Mark Stacey
8866c39623
Update the Firefox prerelease version format (#13158)
The Firefox extension version format does not support the version
format we use (SemVer), so we have to specially format the extension
version to be compatible. The format we chose was
`[major].[minor].[patch].[buildType][buildVersion]`. But when we tried
to submit a build with a version in that format, it was rejected as
invalid for unknown reasons.

The Firefox extension format has been updated to
`[major].[minor].[patch][buildType][buildVersion]`. This seems to pass
validation.
2022-01-03 12:48:10 -03:30
Mark Stacey
ae97e91443
Fix how version_name manifest field is used (#13155)
The `version_name` manifest field was being used on Chrome to store the
build type. However, Chrome intended this field to be a full
representation of the version, for display purposes. This was evident
when uploading this version to the Chrome Web Store, because it used
`flask` as the entire version.

Instead the `version_name` field now includes the full SemVer version
string. The version parsing code within the build script and in the
wallet itself have been updated accordingly.
2022-01-03 10:30:13 -03:30
Mark Stacey
0cd4fb1da0
Allow Flask prerelease versions (#13156)
The build script only allowed prerelease versions for the "beta" build
type (e.g. `X.Y.Z-beta.0`). Now it allows Flask prerelease versions as
well.

This is required for the Flask release, where the prerelease version
helps distinguish the Flask error reports and metrics.
2022-01-03 10:29:57 -03:30
Mark Stacey
ba54a3d83b
Update ESLint config to v8 (#12886)
The ESLint config has been updated to v8. The breaking changes are:

* The Prettier rule `quoteProps` has been changed from `consistent` to
`as-needed`, meaning that if one key requires quoting, only that key is
quoted rather than all keys.
* The ESLint rule `no-shadow` has been made more strict. It now
prevents globals from being shadowed as well.

Most of these changes were applied with `yarn lint:fix`. Only the
shadowing changes required manual fixing (shadowing variable names were
either replaced with destructuring or renamed).

The dependency `globalThis` was added to the list of dynamic
dependencies in the build system, where it should have been already.
This was causing `depcheck` to fail because the new lint rules required
removing the one place where `globalThis` had been erroneously imported
previously.

A rule requiring a newline between multiline blocks and expressions has
been disabled temporarily to make this PR smaller and to avoid
introducing conflicts with other PRs.
2021-12-09 15:36:24 -03:30
kumavis
7dac6f2517
Fix browser specific manifest generation (#13007) 2021-12-07 16:31:01 -06:00
Mark Stacey
b983971bfd
Disable remote-redux-devtools in non-dev builds (#12956)
`remote-redux-devtools` is now explicitly excluded and disabled in non-
dev builds, and in the `testDev` build. This was causing console errors
in the `testDev` build during e2e tests, which would cause certain
tests to fail.

This was already only supposed to be enabled for development builds,
but this library used the `NODE_ENV` environment variable to make that
determination. This gives us more control over when it's disabled.
2021-12-06 11:55:40 -03:30
Mark Stacey
56c91262e9
Disable React dev tools in testDev builds (#12955)
The React dev tools can result in console errors if dev tools is not
open during the test. Some of our e2e tests fail if there are any
console errors, so these errors break those tests.

`react-devtools` has been completely disabled for `testDev` builds to
make debugging e2e tests easier. The React dev tools can still be used
from development builds.
2021-12-03 11:22:43 -03:30
Mark Stacey
7226357422
Fix isMainnet propType error (#12951)
A propType error was showing up during e2e tests with a `testDev`
build. It was caused by `process.env.IN_TEST` being treated as a
boolean, when in fact it is either the string `'true'` or a boolean.

`IN_TEST` has been updated to always be a boolean. `loose-envify` has
no trouble injecting boolean values, so there's no reason to treat this
as a string.
2021-12-02 14:46:46 -03:30
Mark Stacey
267cdc4e6b
Update Jest coverage reporters (#12845)
The coverage reporter for the console has been changed from `text` to
`text-summary` because `text` was too long. It exceeded the maximum
length of the CircleCI terminal output shown on their jobs page, making
it very difficult to see why the unit test coverage job failed.

The text summary only displays overall coverage metrics, but that is
usually enough to indicate when the test fails due to a drop in
coverage. The more detailed breakdown is still available as a HTML
report linked in the `metamaskbot` comment, and in the `jest-coverage`
directory when run locally.

The three on-disk coverage reports used previously (`lcov`, `json`, and
`clover`) have been replaced with just `html`. The HTML report was part
of the `lcov` report, and it was the only one we were using.
2021-12-01 15:16:34 -03:30
Mark Stacey
e8b7fcf8dc
Fix LavaMoat background policy generation (#12844)
The LavaMoat policy generation script would sporadically fail because
it ran the build concurrently three times, and the build includes
steps that delete the `dist` directory and write to it. So if one build
process tried to write to the directory after another deleted it, it
would fail.

This was solved by adding a new `--policy-only` flag to the build
script, and a new `scripts:prod` task. The `scripts:prod` task only
runs the script tasks for prod, rather than the entire build process.
The `--policy-only` flag stops the script tasks once the policy has
been written, and stops any other files from being written to disk.

This prevents the three concurrent build processes from getting in each
others way, and it dramatically speeds up the process.
2021-11-26 16:38:23 -03:30
Mark Stacey
609f541b76
Fix environment variables used during test builds (#12855)
The environment variables used for test builds was wrong for certain
bundles because the `testing` flag wasn't passed through to the
function that determines which environment variables to inject.
Effectively this means that test builds on `master` were going to the
production `metamask` Sentry project rather than the `test-metamask`
project. This has been the case since #11080.

The `testing` flag is now included for all bundles, and test builds now
use the `test-metamask` Sentry project in all cases.
2021-11-26 15:39:32 -03:30
Erik Marks
d89e5336a6
Improve code fence transform error handling (#12742)
This PR improves the error handling of the code fence removal transform stream by catching errors thrown by the `removeFencedCode` function and passing them to the `end` callback. This appears to resolve a problem where watched builds would blow up whenever a file with fences was reloaded.
2021-11-19 08:35:04 -08:00
Erik Marks
0e4005b1e7
Fix manifest i18n substitutions for Beta and Flask (#12717) 2021-11-16 08:43:21 -08:00
Erik Marks
d4c71b8683
Add per-build type LavaMoat policies (#12702)
This PR adds one LavaMoat background script policy or each build type. It also renames the build system policy directory from `node` to `build-system` to make its purpose more clear. Each build type has the original `policy-override.json` for `main` builds. The `.prettierignore` file has been updated to match the locations of the new auto-generated policy files.

We need to maintain separate policies for each build type because each type will produce different bundles with different internal and external modules.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-11-15 14:23:46 -08:00
Mark Stacey
faebdd0ccd
Add platform-specific build type manifest modifications (#12638)
The build system now supports platform-specific modifications to the
manifest for each build type. The need to customize the `id` on Firefox
motivated this change.

To support this, a new directory was made in each build type directory
for manifest changes. The images currently in this directory were moved
into an `images` subdirectory.

This new `manifest` directory can include each manifest file currently
in `app/manifest`. The `_base.json` file is assumed to exist, but the
platform manifest modifications are optional.
2021-11-10 19:33:59 -03:30
kumavis
a4053b6b88
Lavamoat - enable lavamoat for the webapp background (#12566)
* lavamoat - update policy for current repo state

* lavamoat - enable for webapp background

* lavamoat - update policy for current repo state
2021-11-10 09:33:19 -10:00
Alex Miller
722c4e5b63
Support for GridPlus Lattice1 hardware wallet (#12053)
* GridPlus: Adds support for GridPlus Lattice1 hardware wallet

* Fixes issue with switching hardware HD path
The main `Select HD Path` piece of the account selection component was not
properly hooked up to the state manager (`onPathChange`) and the extra
`Popover` component was being used instead.
I'm not sure what the origin of this is, but I don't see why the Popover
is needed at all. I have remove it and hooked `onPathChange` directly into
the HD path selector dropdown.
This was an issue that nearly every Lattice user who had come from Ledger
has contacted us about.

* GridPlus: Addresses QA issues
* Adds Lattice tutorial + image
* Cleans up connectivity issues (see: https://github.com/GridPlus/eth-lattice-keyring/pull/16)

* GridPlus: Adds Firefox support
To connect to the Lattice you need to open a new tab/window and get
login data from it. We were not able to do this for Firefox because
we relied on the `window` API. This is now fixed.
See corresponding changes:
* `eth-lattice-keyring`: https://github.com/GridPlus/eth-lattice-keyring/pull/17
* Lattice connector: https://github.com/GridPlus/wallet-web/pull/152

* GridPlus: Adds missing error path for Firefox
See: 242a93f559
2021-11-08 11:18:41 -03:30
Jyoti Puri
3dfc1cc5f6
Edit transaction screen changes for EIP-1559 V2 (#12493)
Edit transaction screen changes for EIP-1559 V2
2021-11-05 22:53:15 +05:30
Mark Stacey
690144a480
Add beta and Flask builds to CI (#12572)
The beta and Flask builds are now built on CI and included in the
metamask bot comment alongside the main builds. The same sourcemap
linter and mozilla linter used for the prod builds is also run on the
beta and Flask builds.

Closes #12426
2021-11-04 16:14:48 -02:30
Erik Marks
5560b7c3e5
Update build system lockdown parameter (#12556)
* Update build system lockdown parameter

* Add @reduxjs/toolkit patch

* Fix Mozilla lint syntax error

* Standardize a thing

* Remove redundant check for globalThis
2021-11-01 22:13:22 -10:00
Erik Marks
a2d3d942ec
Exclude files from builds by build type (#12521)
This PR enables the exclusion of JavaScript and JSON source by `buildType`, and enables the running of `eslint` under LavaMoat. 80-90% of the changes in this PR are `.patch` files and LavaMoat policy additions.

The file exclusion is designed to work in conjunction with our code fencing. If you forget to fence an import statement of an excluded file, the application will now error on boot. **This PR commits us to a particular naming convention for files intended only for certain builds.** Continue reading for details.

### Code Fencing and ESLint

When a file is modified by the code fencing transform, we run ESLint on it to ensure that we fail early for syntax-related issues. This PR adds the first code fences that will be actually be removed in production builds. As a consequence, this was also the first time we attempted to run ESLint under LavaMoat. Making that work required a lot of manual labor because of ESLint's use of dynamic imports, but the manual changes necessary were ultimately quite minor.

### File Exclusion

For all builds, any file in `app/`, `shared/` or `ui/` in a sub-directory matching `**/${otherBuildType}/**` (where `otherBuildType` is any build type except `main`) will be added to the list of excluded files, regardless of its file extension. For example, if we want to add one or more pages to the UI settings in Flask, we'd create the folder `ui/pages/settings/flask`, add any necessary files or sub-folders there, and fence the import statements for anything in that folder. If we wanted the same thing for Beta, we would name the directory `ui/pages/settings/beta`.

As it happens, we already organize some of our source files in this way, namely the logo JSON for Beta and Flask builds. See `ui/helpers/utils/build-types.js` to see how this works in practice.

Because the list of ignored filed is only passed to `browserify.exclude()`, any files not bundled by `browserify` will be ignored. For our purposes, this is mostly relevant for `.scss`. Since we don't have anything like code fencing for SCSS, we'll have to consider how to handle our styles separately.
2021-11-01 20:20:31 -07:00
Erik Marks
2e8752183f
Fix off-by-one error in code fence transform (#12540)
The code fence transform was including contents after the final END directive twice. That was not covered by the tests, because none of the examples contained any content after the final END directive, and concatenating the empty string twice does not produce an observable difference in the test results.

This bug was due to an off-by-one error in the loop of the multiSplice function. The error has been fixed, and more test cases have been added.
2021-10-29 16:45:27 -07:00
Mark Stacey
90e55a445e
Add static files for the Flask build (#12518)
Static files have been added for the Flask build. This includes logos
of each size and variety that we use, and it includes the 3D model JSON
file.

Closes #12427
2021-10-28 23:05:58 -02:30
ryanml
05a80ebeba
Adding collectibles feature flag, default NFT tab (#12463)
* Adding COLLECTIBLES_V1 feature flag

* Adding NFT's tab to home screen, default CollectiblesList view

* Handling null children in Tabs component
2021-10-27 09:55:14 -07:00
Mark Stacey
8e5acee421
Fix production builds (#12488)
The production build was accidentally broken in #12440 because of a
merge conflict with a #12441 that wasn't initially noticed. The
conflict was the renaming of the `BuildTypes` variable to `BuildType`.

This variable is used to check the current build type, but only for
production builds. `BuildTypes` is `undefined`, so this would result in
a crash when that enum was used.
2021-10-27 13:20:55 -02:30
Mark Stacey
17e3ed9437
Add secrets for beta and Flask builds (#12440)
The build script has been updated to embed the correct Infura project
ID and Segment write key for beta and Flask builds. These are set via
environment variable or config file. They have already been added in CI
as environment variables.

The Segment production write key has also been moved into the set of
environment variables that can be set in the configuration file. This
was to make the way we reference it more consistent.

The new project IDs and keys are only used in the "production"
environment, which right now is the merge step into the `master`
branch. This is appropriate for Flask, but it doesn't match our plan
for how the beta release would get created. In a future PR, when the
beta release automation work is completed, the conditions for when
the beta secrets are used should be updated to ensure they're used only
for the beta builds.

Closes #11896
2021-10-26 15:02:20 -02:30
Mark Stacey
4338454e1d
Fix builds from forks (#12485)
Recently validation was added for our build configuration as part of
the PR #12438. This had the unintended consequence of making all builds
from forks fail because they don't get secrets injected. Specifically
it was the missing `INFURA_PROJECT_ID` that made the builds fail.

The Infura project ID is no longer required for building. In practice
it's still required for doing anything with a build but running e2e
tests, but that's all we need to do in CI anyway.
2021-10-26 10:41:39 -02:30
Mark Stacey
345ed9f6f2
Add build type to Sentry environment (#12441)
The build type (i.e. the distribution) is now included in the Sentry
environment during setup, for all builds except the "main" build. This
will allow us to track Flask and beta errors separately from other
errors.

A constant was created for the build types. The equivalent constant in
our build scripts was updated to match it more closely, for
consistency. We can't use the same constant in both places because our
shared constants are in modules that use ES6 exports, and our build
script does not yet support ES6 exports.

The singular `BuildType` was used rather than `BuildTypes` to match our
naming conventions elsewhere for enums. We name them like classes or
types, rather than like a collection.

Relates to #11896
2021-10-25 14:27:30 -02:30
Mark Stacey
8c3a22f994
Use separate Infura project ID for production (#12438)
We now use two separate Infura project IDs for production builds, and
for all other builds. Previously all CI builds used the production
Infura project ID. Separating them will make our Infura dashboard
metrics more representative of real production usage.

The new environment variable for production has been setup in CI
already, but the old environment variable will remain set to the
production project ID until this commit is included in a release.
We can't switch the old environment variable out until we're confident
that it won't get used for a production build.

We now use constants for the various different build environments. This
was done to improve the JSDoc types of the `getInfuraProjectId` helper
method.

The `getConfigValue` function was added to make it easier to validate
that required config values are set. This should ensure builds fail
early with an informative error message when they are missing the
necessary configuration.
2021-10-25 13:04:02 -02:30
Mark Stacey
3068324ae0
Remove unused SEGMENT_LEGACY_WRITE_KEY (#12429)
This key has not been used since #10915, which is where we stopped
using the legacy Segment key.
2021-10-22 10:34:37 -02:30
David Walsh
77f8ec4d3a
Fix 12265 - Update onboarding welcome screen (#12275) 2021-10-13 09:22:51 -05:00
Mark Stacey
3a5538bd50
Migrate beta version to the main version field (#12246)
The main `version` field in `package.json` will now include the beta
version (if present) rather than it being passed in via the CLI when
building. The `version` field is now a fully SemVer-compatible version,
with the added restriction that any prerelease portion of the version
must match the format `<build type>.<build version>`.

This brings the build in-line with the future release process we will
be using for the beta version. The plan is for each future release to
enter a "beta phase" where the version would get updated to reflect
that it's a beta, and we would increment this beta version over time as
we update the beta. The manifest gives us a place to store this beta
version. It was also important to replace the automatic minor bump
logic that was being used previously, because the version in beta might
not be a minor bump.

Additionally, the filename logic used for beta builds was updated to
be generic across all build types rather than beta-specific. This will
be useful for Flask builds in the future.
2021-10-06 15:14:48 -02:30
kumavis
cb174ff8e6
Lavamoat build system integration for WebApp (#12242)
* lavamoat - add lavamoat to webapp background

* test:e2e - add delay to resolve failure

* test:e2e - add delay to resolve failure

* build - add a switch for applying lavamoat, currently off for all

* test/e2e - remove delays added for lavamoat

* Revert "test/e2e - remove delays added for lavamoat"

This reverts commit 79c3479f15c072ed362ba1d4f1af41ea11a17d63.
2021-10-05 12:06:31 -10:00
kumavis
f9ea9e4b43
lockdown - breakout making globalThis properties non-writable (#12258)
* lockdown - breakout making globalThis properties non-writable into lockdown-more.js

* Update app/scripts/lockdown-more.js

Co-authored-by: David Walsh <davidwalsh83@gmail.com>

* Update app/scripts/lockdown-more.js

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>

Co-authored-by: David Walsh <davidwalsh83@gmail.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2021-10-01 08:53:12 -10:00
Alex Donesky
9355fb21c7
Establish onboarding-flow wrapper/router base and feature flag env variable (#12247)
* establish onboarding-flow wrapper/router base and feature flag env variable

* small cleanup

* addressing feedback
2021-09-30 16:34:11 -05:00
Mark Stacey
4c38d12c5f
Fix assets for beta dev build (#12233)
The MetaMask logo used for beta development builds was wrong. The lock
screen (and any other place using the `@metamask/logo` logo) showed the
correct logo, but all of our static assets used the "regular" logo.

Now the beta logo should be used everywhere for beta development
builds.
2021-09-28 19:15:00 -02:30
Mark Stacey
3f577700c6
Replace isBeta with buildType (#12231)
This is a refactor to replace the `isBeta` boolean with `buildType`
throughout the build system. This will allow us to modify the behaviour
of each step of the build process for Flask as well.

This should result in no functional changes.
2021-09-28 13:43:26 -02:30
Erik Marks
2b104603d5
Build: Lint files after removing their code fences (#12075)
* Add linting

* Type the eslintInstance variable

* Update documentation
2021-09-15 17:18:28 -10:00