1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-26 20:39:08 +01:00
Commit Graph

39 Commits

Author SHA1 Message Date
Etienne Dusseault
9f6fa64d67
Add SES lockdown to extension webapp (#9729)
* Freezeglobals: remove Promise freezing, add lockdown

* background & UI: temp disable sentry

* add loose-envify, dedupe symbol-observable

* use loose envify

* add symbol-observable patch

* run freezeGlobals after sentry init

* use require instead of import

* add lockdown to contentscript

* add error code in message

* try increasing node env heap size to 2048

* change back circe CI option

* make freezeGlobals an exported function

* make freezeGlobals an exported function

* use freezeIntrinsics

* pass down env to child process

* fix unknown module

* fix tests

* change back to 2048

* fix import error

* attempt to fix memory error

* fix lint

* fix lint

* fix mem gain

* use lockdown in phishing detect

* fix lint

* move sentry init into freezeIntrinsics to run lockdown before other imports

* lint fix

* custom lockdown modules per context

* lint fix

* fix global test

* remove run in child process

* remove lavamoat-core, use ses, require lockdown directly

* revert childprocess

* patch package postinstall

* revert back child process

* add postinstall to ci

* revert node max space size to 1024

* put back loose-envify

* Disable sentry to see if e2e tetss pass

* use runLockdown, add as script in manifest

* remove global and require from runlockdown

* add more memory to tests

* upgrade resource class for prep-build & prep-build-test

* fix lint

* lint fix

* upgrade remote-redux-devtools

* skillfully re-add sentry

* lintfix

* fix lint

* put back beep

* remove envify, add loose-envify and patch-package in dev deps

* Replace patch with Yarn resolution (#9923)

Instead of patching `symbol-observable`, this ensures that all
versions of `symbol-observable` are resolved to the given range, even
if it contradicts the requested range.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 11:26:43 +08:00
Brad Decker
2ebf8756a4
[RFC] add prettier to eslint (#8595) 2020-11-02 17:41:28 -06:00
Whymarrh Whitby
b6ccd22d6c
Update ESLint shared config to v3 (#9274)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-08-19 13:57:05 -02:30
Whymarrh Whitby
c1e3c229bc
Fix import/order issues (#9239)
See [`import/order`](https://eslint.org/docs/rules/import/order) for more information.

This change enables `import/order` and fixes the issues raised by the rule.
2020-08-18 16:48:25 -02:30
Whymarrh Whitby
9b78d3ab07
Fix import/extensions issues (#9217)
See [`import/extensions`](https://eslint.org/docs/rules/import/extensions) for more information.

This change enables `import/extensions` and fixes the issues raised by the rule.
2020-08-14 09:16:45 -02:30
Whymarrh Whitby
a8863a3446
Fix consistent-return issues (#9192)
See [`consistent-return`](https://eslint.org/docs/rules/consistent-return) for more information.

This change enables `consistent-return` and fixes the issues raised by the rule.
2020-08-12 16:36:57 -02:30
Mark Stacey
e8b33fb7c8
Restore state snapshot for Sentry errors (#9028)
The state snapshot that was attached to Sentry errors was removed
recently in #8794 because it had become too large. The snapshot has
now been restored and reduced in size.

A utility function has been written to reduce the state object to just
the requested properties. This seemed safer than filtering out state
that is known to be large or to contain identifiable information.
This is not a great solution, as now knowledge about the state shape
resides in this large constant, but it will suffice for now. I am
hopeful that we can decorate our controllers with this metadata in the
future instead, as part of the upcoming background controller refactor.

A separate `getSentryState` global function has been added to get the
reduced state, so that the old `getCleanAppState` function that we used
to use could remain unchanged. It's still useful to get that full state
copy while debugging, and in e2e tests.
2020-07-17 12:09:38 -03:00
Mark Stacey
b25f4bbe4a
Prevent manually connecting to extension UI (#8893)
The `activeTab.id` property is relied upon in the connected sites modal
to prevent the user from manually connecting to the MetaMask extension
itself. Unfortunately the `id` property was never set.

`id` is now set on the `activeTab` state, so manually connecting to the
extension UI is now impossible.
2020-07-02 18:26:45 -03:00
Mark Stacey
a294ca7125
Set empty active tab if origin is invalid (#8890)
The `activeTab` state is now set to an empty object if the `origin` of
the active tab is missing or invalid. It can be invalid if the URL
passed to the `URL` constructor is missing a scheme (e.g.
`about: blank`).

There are currently no cases where the rest of the data in `activeTab`
is useful in the absence of an `origin`. This will make upcoming UI
logic changes a bit simpler than they would be otherwise. Now we can
assume that if any property is set on `activeTab`, it must have a valid
`origin`.
2020-07-02 18:01:04 -03:00
Mark Stacey
37da64aa7e
Omit state snapshot from Sentry errors (#8794)
The state snapshot we were attaching to Sentry errors was too large.
As a temporary solution, it has been removed completely. We can re-add
it later after reducing its size.
2020-06-12 16:13:14 -03:00
Brad Decker
2f50e9fd72
Restore timing function (#8774)
* restore and enhance the time est feature

background: we had a feature for showing a time estimate on pending txs
that was accidently removed during the redesign implementation. This PR
restores that feature and also enhances it:
1. Displays the time estimate on all views instead of just fullscreen
2. Uses Intl.RelativeTimeFormat to format the time
3. Adds a way to toggle the feature flag.
4. Uses a hook to calculate the time remaining instead of a component

* Update app/_locales/en/messages.json

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* do not display on test nets

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-06-12 13:46:01 -05:00
Erik Marks
616a446832
Use URL origin instead of hostname for permission domains (#8717)
* use URL.origin instead of hostname for tabs and permissions
2020-06-01 16:24:27 -07:00
Erik Marks
0470386326
Delete recent blocks controller (#8575)
* delete recent blocks controller

* delete percentile from direct dependencies
2020-05-12 12:40:33 -07:00
Mark Stacey
1282ed774e
Remove ineffectual close popup function (#8316)
During the initialization of the full-screen or popup UI, we attempted
to close the notification popup (if it was open). This never worked (or
at least hasn't in a long time).

The method used to attempt closing the notification popup was
`closePopup` from the `notificationManager`, which keeps track
internally of the id of the notification popup window, and can close
the window by using this id.

However, this id is only set in the first place if the popup is opened
with this specific instance of the `notificationManager`. The popup is
never opened from the UI in practice; it's only opened from the
background (which has its own instance of `notificationManager`). The
popup id is never set for this `notificationManager` instance in the UI.

It's not entirely clear that we'd always want to close the notification
popup in this circumstance anyway. The user might want to open MetaMask
alongside the popup to check something else.
2020-04-10 12:27:58 -03:00
Mark Stacey
44effa0d91
Replace METAMASK_UI_TYPE global with helper function (#8279)
We don't need to store the current UI type as a global. We're already
using the `getEnvironmentType` helper function throughout the UI, so
we'd might as well use that instead of this global state.
2020-04-01 19:28:10 -03:00
Whymarrh Whitby
dea8f0f24d
Use combineReducers for rootReducer (#7964) 2020-02-06 13:08:14 -03:30
Mark Stacey
86c6280bc3
Remove unnecessary get environment type parameter (#7891)
* Remove unnecessary `getEnvironmentType` parameter

The default value of the first parameter is `window.location.href`, so
there is no need to pass it in explicitly.

* Remove junk parameter from `getEnvironmentType` invocation

`getEnvironmentType` doesn't need to be passed any parameter, as the
default value is `window.location.href` which is generally what is
wanted. In this case, the variable `location.href` was always
`undefined` anyway. This particular `location` variable is from React
Router, and does not have an `href` property.

* Fix comment for `getEnvironmentType`

One of the possible return values was referred to by the wrong name.
2020-01-24 15:12:58 -04:00
Mark Stacey
ac01c5c89a
Consistent jsdoc syntax (#7755)
* Specify type before parameter name

Various JSDoc `@param` entries were specified as `name {type}` rather
than `{type} name`.

A couple of `@return` entries have been given types as well.

* Use JSDoc optional syntax rather than Closure syntax

* Use @returns rather than @return

* Use consistent built-in type capitalization

Primitive types are lower-case, and Object is upper-case.

* Separate param/return description with a dash
2020-01-13 14:36:36 -04:00
Whymarrh Whitby
92971d3c87
Migrate codebase to use ESM (#7730)
* Update eslint-plugin-import version

* Convert JS files to use ESM

* Update ESLint rules to check imports

* Fix test:unit:global command env

* Cleanup mock-dev script
2020-01-09 00:04:58 -03:30
Whymarrh Whitby
274a9ecf53 yarn lint --fix 2019-12-03 17:20:55 -03:30
Erik Marks
478d6563f2
Freeze Promise global on boot (#7309)
* freeze background and UI Promise globals on boot

* add new tests

* remove tape
2019-10-24 06:54:32 -07:00
Mark Stacey
50e9c4e5ad
Add polyfill for AbortController (#7157)
The AbortController is used in both the background and the UI. Support
for AbortController was added to Chrome in version 66, which is above
our minimum supported version.

I did consider increasing the minimum Chrome version to 66, but we have
a decent number of users still on Chrome 65 unfortunately.
2019-09-12 17:07:27 -03:00
Mark Stacey
75d5374582
Restrict unconnected notice to specific protocols (#6954)
The notice asking whether you wanted to connect to a site was showing
up in places it shouldn't, like on the Firefox/Chrome settings pages
and on our fullscreen extension. It has now been restricted to only
be displayed for active tabs with specific protocols:

* http
* https
* dat
* dweb
* ipfs
* ipns
* ssb

This prevents the notice from being shown on settings pages, browser
extensions, and files such as PDFs.
2019-08-02 16:29:28 -02:30
Whymarrh Whitby
e9a63d5d5b
Default Privacy Mode to ON, allow force sharing address (#6904) 2019-08-01 10:54:33 -02:30
Mark Stacey
0f8a9a5d49
Serve CSS as an external file (#6894)
The CSS is now served as an external file instead of being injected.
This was done to improve performance. Ideally we would come to a middle
ground between this and the former behaviour by injecting only the CSS
that was required for the initial page load, then lazily loading the
rest. However that change would be more complex. The hope was that
making all CSS external would at least be a slight improvement.

Performance metrics were collected before and after this change to
determine whether this change actually helped. The metrics collected
were the timing events provided by Chrome DevTools:

* DOM Content Loaded (DCL) [1]
* Load (L) [2]
* First Paint (FP) [3]
* First Contentful Paint (FCP) [3]
* First Meaningful Paint (FMP) [3]

Here are the results (units in milliseconds):

Injected CSS:

| Run | DCL | L | FP | FCP | FMP |
| :--- | ---: | ---: | ---: | ---: | ---: |
| 1 | 1569.45 | 1570.97 | 1700.36 | 1700.36 | 1700.36 |
| 2 | 1517.37 | 1518.84 | 1630.98 | 1630.98 | 1630.98 |
| 3 | 1603.71 | 1605.31 | 1712.56 | 1712.56 | 1712.56 |
| 4 | 1522.15 | 1523.72 | 1629.3 | 1629.3 | 1629.3 |
| **Min** | 1517.37 | 1518.84 | 1629.3 | 1629.3 | 1629.3 |
| **Max** | 1603.71 | 1605.31 | 1712.56 | 1712.56 | 1712.56 |
| **Mean** | 1553.17 | 1554.71 | 1668.3 | 1668.3 | 1668.3 |
| **Std. dev.** | 33.41 | 33.43 | 38.16 | 38.16 | 38.16 |

External CSS:

| Run | DCL | L | FP | FCP | FMP |
| :--- | ---: | ---: | ---: | ---: | ---: |
| 1 | 1595.4 | 1598.91 | 284.97 | 1712.86 | 1712.86 |
| 2 | 1537.55 | 1538.99 | 199.38 | 1633.5 | 1633.5 |
| 3 | 1571.28 | 1572.74 | 268.65 | 1677.03 | 1677.03 |
| 4 | 1510.98 | 1512.33 | 206.72 | 1607.03 | 1607.03 |
| **Min** | 1510.98 | 1512.33 | 199.38 | 1607.03 | 1607.03 |
| **Max** | 1595.4 | 1598.91 | 284.97 | 1712.86 | 1712.86 |
| **Mean** | 1553.8025 | 1555.7425 | 239.93 | 1657.605 | 1657.605 |
| **Std. dev.** | 29.5375 | 30.0825 | 36.88 | 37.34 | 37.34 |

Unfortunately, using an external CSS file made no discernible improvement
to the overall page load time. DCM and L were practically identical, and
FCP and FMP were marginally better (well within error margins).

However, the first paint time was _dramatically_ improved. This change
seems worthwhile for the first paint time improvement alone. It also
allows us to delete some code and remove a dependency.

The old `css.js` module included two third-party CSS files as well, so
those have been imported into the main Sass file. This was easier than
bundling them in the gulpfile.

The resulting CSS bundle needs to be served from the root because we're
using a few `@include` rules that make this assumption. We could move
this under `/css/` if desired, but we'd need to update each of these
`@include` rules.

Relates to #6646

[1]: https://developer.mozilla.org/en-US/docs/Web/Events/DOMContentLoaded
[2]: https://developer.mozilla.org/en-US/docs/Web/Events/load
[3]: https://developers.google.com/web/fundamentals/performance/user-centric-performance-metrics
2019-07-23 14:10:13 -03:00
Whymarrh Whitby
a7a6318c13 Default to the new UI for all users 2019-02-05 08:49:55 -03:30
Alexander Tseung
fba17d77de Refactor first time flow, remove seed phrase from state (#5994)
* Refactor and fix styling for first time flow. Remove seed phrase from persisted metamask state

* Fix linting and tests

* Fix translations, initialization notice routing

* Fix drizzle tests

* Fix e2e tests

* Fix integration tests

* Fix styling

* Fix migration naming from 030 to 031

* Open extension in browser when user has not completed onboarding
2019-01-23 11:55:34 -03:30
Whymarrh Whitby
c482c9926c Default to the new UI for first time users 2018-11-20 14:04:17 -03:30
Whymarrh Whitby
1988e1e96b ESLint fixes (#5775)
* eslint . --fix

* Upgrade all ESLint warnings to errors
2018-11-16 14:54:55 -10:00
kumavis
73ec4e66cb sentry - include app state in ui errors 2018-10-20 03:14:59 -04:00
kumavis
e3fda83ab2 sentry - replace raven-js with sentry/browser 2018-10-20 02:22:50 -04:00
Dan Finlay
6ce119d1fb Move inpage-provider and port-stream outside
With the creation of the [metamask-extension-provider](https://github.com/MetaMask/metamask-extension-provider) we have our first non-core module that is dependent on the inpage-provider and port-stream.

To reduce the size of its dependencies, I have moved the
[metamask-inpage-provider](https://github.com/MetaMask/metamask-inpage-provider) into its own module, as well as [extension-port-stream](https://github.com/MetaMask/extension-port-stream).

This allows them to be more easily depended & iterated on by external
projects.
2018-08-20 15:45:50 -07:00
Dan Miller
a61227f224 Remove unneeded code from i4829-close-notifications-from-ui branch. 2018-07-24 15:01:03 -02:30
Dan Miller
64a82fd3da Uncomment closePopupIfOpen code. 2018-07-24 11:45:36 -02:30
Dan Miller
2359062b62 UI confirm screen closes confirmation window on submit or cancel of a tx 2018-07-23 22:20:06 -02:30
brunobar79
a8f745f9fe eslint --fix . 2018-07-02 18:49:33 -04:00
Alexander Tseung
b0a105ce80 Fix confirmation popup not always opening 2018-04-17 08:58:37 -07:00
bitpshr
7129d7c0f3 Require loglevel singleton in each module that uses it 2018-04-13 17:56:28 -04:00
kumavis
5815de33fb build - rename 'popup.js' to 'ui.js' 2018-03-28 14:04:33 -07:00