mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-12-23 09:52:26 +01:00
31d5c1cf22
* Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
266 lines
8.1 KiB
JavaScript
266 lines
8.1 KiB
JavaScript
import { constructPermission, PermissionType } from '@metamask/controllers';
|
|
import {
|
|
CaveatTypes,
|
|
RestrictedMethods,
|
|
} from '../../../../shared/constants/permissions';
|
|
|
|
/**
|
|
* This file contains the specifications of the permissions and caveats
|
|
* that are recognized by our permission system. See the PermissionController
|
|
* README in @metamask/snap-controllers for details.
|
|
*/
|
|
|
|
/**
|
|
* The "keys" of all of permissions recognized by the PermissionController.
|
|
* Permission keys and names have distinct meanings in the permission system.
|
|
*/
|
|
const PermissionKeys = Object.freeze({
|
|
...RestrictedMethods,
|
|
});
|
|
|
|
/**
|
|
* Factory functions for all caveat types recognized by the
|
|
* PermissionController.
|
|
*/
|
|
const CaveatFactories = Object.freeze({
|
|
[CaveatTypes.restrictReturnedAccounts]: (accounts) => {
|
|
return { type: CaveatTypes.restrictReturnedAccounts, value: accounts };
|
|
},
|
|
});
|
|
|
|
/**
|
|
* A PreferencesController identity object.
|
|
*
|
|
* @typedef {object} Identity
|
|
* @property {string} address - The address of the identity.
|
|
* @property {string} name - The name of the identity.
|
|
* @property {number} [lastSelected] - Unix timestamp of when the identity was
|
|
* last selected in the UI.
|
|
*/
|
|
|
|
/**
|
|
* Gets the specifications for all caveats that will be recognized by the
|
|
* PermissionController.
|
|
*
|
|
* @param {{
|
|
* getIdentities: () => Record<string, Identity>,
|
|
* }} options - Options bag.
|
|
*/
|
|
export const getCaveatSpecifications = ({ getIdentities }) => {
|
|
return {
|
|
[CaveatTypes.restrictReturnedAccounts]: {
|
|
type: CaveatTypes.restrictReturnedAccounts,
|
|
|
|
decorator: (method, caveat) => {
|
|
return async (args) => {
|
|
const result = await method(args);
|
|
return result
|
|
.filter((account) => caveat.value.includes(account))
|
|
.slice(0, 1);
|
|
};
|
|
},
|
|
|
|
validator: (caveat, _origin, _target) =>
|
|
validateCaveatAccounts(caveat.value, getIdentities),
|
|
},
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Gets the specifications for all permissions that will be recognized by the
|
|
* PermissionController.
|
|
*
|
|
* @param {{
|
|
* getAllAccounts: () => Promise<string[]>,
|
|
* getIdentities: () => Record<string, Identity>,
|
|
* }} options - Options bag.
|
|
* @param options.getAllAccounts - A function that returns all Ethereum accounts
|
|
* in the current MetaMask instance.
|
|
* @param options.getIdentities - A function that returns the
|
|
* `PreferencesController` identity objects for all Ethereum accounts in the
|
|
* @param options.captureKeyringTypesWithMissingIdentities - A function that
|
|
* captures extra error information about the "Missing identity for address"
|
|
* error.
|
|
* current MetaMask instance.
|
|
*/
|
|
export const getPermissionSpecifications = ({
|
|
getAllAccounts,
|
|
getIdentities,
|
|
captureKeyringTypesWithMissingIdentities,
|
|
}) => {
|
|
return {
|
|
[PermissionKeys.eth_accounts]: {
|
|
permissionType: PermissionType.RestrictedMethod,
|
|
targetKey: PermissionKeys.eth_accounts,
|
|
allowedCaveats: [CaveatTypes.restrictReturnedAccounts],
|
|
|
|
factory: (permissionOptions, requestData) => {
|
|
if (Array.isArray(permissionOptions.caveats)) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Received unexpected caveats. Any permitted caveats will be added automatically.`,
|
|
);
|
|
}
|
|
|
|
// This value will be further validated as part of the caveat.
|
|
if (!requestData.approvedAccounts) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: No approved accounts specified.`,
|
|
);
|
|
}
|
|
|
|
return constructPermission({
|
|
...permissionOptions,
|
|
caveats: [
|
|
CaveatFactories[CaveatTypes.restrictReturnedAccounts](
|
|
requestData.approvedAccounts,
|
|
),
|
|
],
|
|
});
|
|
},
|
|
|
|
methodImplementation: async (_args) => {
|
|
const accounts = await getAllAccounts();
|
|
const identities = getIdentities();
|
|
|
|
return accounts.sort((firstAddress, secondAddress) => {
|
|
if (!identities[firstAddress]) {
|
|
captureKeyringTypesWithMissingIdentities(identities, accounts);
|
|
throw new Error(`Missing identity for address: "${firstAddress}".`);
|
|
} else if (!identities[secondAddress]) {
|
|
captureKeyringTypesWithMissingIdentities(identities, accounts);
|
|
throw new Error(
|
|
`Missing identity for address: "${secondAddress}".`,
|
|
);
|
|
} else if (
|
|
identities[firstAddress].lastSelected ===
|
|
identities[secondAddress].lastSelected
|
|
) {
|
|
return 0;
|
|
} else if (identities[firstAddress].lastSelected === undefined) {
|
|
return 1;
|
|
} else if (identities[secondAddress].lastSelected === undefined) {
|
|
return -1;
|
|
}
|
|
|
|
return (
|
|
identities[secondAddress].lastSelected -
|
|
identities[firstAddress].lastSelected
|
|
);
|
|
});
|
|
},
|
|
|
|
validator: (permission, _origin, _target) => {
|
|
const { caveats } = permission;
|
|
if (
|
|
!caveats ||
|
|
caveats.length !== 1 ||
|
|
caveats[0].type !== CaveatTypes.restrictReturnedAccounts
|
|
) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Invalid caveats. There must be a single caveat of type "${CaveatTypes.restrictReturnedAccounts}".`,
|
|
);
|
|
}
|
|
},
|
|
},
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Validates the accounts associated with a caveat. In essence, ensures that
|
|
* the accounts value is an array of non-empty strings, and that each string
|
|
* corresponds to a PreferencesController identity.
|
|
*
|
|
* @param {string[]} accounts - The accounts associated with the caveat.
|
|
* @param {() => Record<string, Identity>} getIdentities - Gets all
|
|
* PreferencesController identities.
|
|
*/
|
|
function validateCaveatAccounts(accounts, getIdentities) {
|
|
if (!Array.isArray(accounts) || accounts.length === 0) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Expected non-empty array of Ethereum addresses.`,
|
|
);
|
|
}
|
|
|
|
const identities = getIdentities();
|
|
accounts.forEach((address) => {
|
|
if (!address || typeof address !== 'string') {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Expected an array of Ethereum addresses. Received: "${address}".`,
|
|
);
|
|
}
|
|
|
|
if (!identities[address]) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Received unrecognized address: "${address}".`,
|
|
);
|
|
}
|
|
});
|
|
}
|
|
|
|
/**
|
|
* All unrestricted methods recognized by the PermissionController.
|
|
* Unrestricted methods are ignored by the permission system, but every
|
|
* JSON-RPC request seen by the permission system must correspond to a
|
|
* restricted or unrestricted method, or the request will be rejected with a
|
|
* "method not found" error.
|
|
*/
|
|
export const unrestrictedMethods = Object.freeze([
|
|
'eth_blockNumber',
|
|
'eth_call',
|
|
'eth_chainId',
|
|
'eth_coinbase',
|
|
'eth_decrypt',
|
|
'eth_estimateGas',
|
|
'eth_feeHistory',
|
|
'eth_gasPrice',
|
|
'eth_getBalance',
|
|
'eth_getBlockByHash',
|
|
'eth_getBlockByNumber',
|
|
'eth_getBlockTransactionCountByHash',
|
|
'eth_getBlockTransactionCountByNumber',
|
|
'eth_getCode',
|
|
'eth_getEncryptionPublicKey',
|
|
'eth_getFilterChanges',
|
|
'eth_getFilterLogs',
|
|
'eth_getLogs',
|
|
'eth_getProof',
|
|
'eth_getStorageAt',
|
|
'eth_getTransactionByBlockHashAndIndex',
|
|
'eth_getTransactionByBlockNumberAndIndex',
|
|
'eth_getTransactionByHash',
|
|
'eth_getTransactionCount',
|
|
'eth_getTransactionReceipt',
|
|
'eth_getUncleByBlockHashAndIndex',
|
|
'eth_getUncleByBlockNumberAndIndex',
|
|
'eth_getUncleCountByBlockHash',
|
|
'eth_getUncleCountByBlockNumber',
|
|
'eth_getWork',
|
|
'eth_hashrate',
|
|
'eth_mining',
|
|
'eth_newBlockFilter',
|
|
'eth_newFilter',
|
|
'eth_newPendingTransactionFilter',
|
|
'eth_protocolVersion',
|
|
'eth_sendRawTransaction',
|
|
'eth_sendTransaction',
|
|
'eth_sign',
|
|
'eth_signTypedData',
|
|
'eth_signTypedData_v1',
|
|
'eth_signTypedData_v3',
|
|
'eth_signTypedData_v4',
|
|
'eth_submitHashrate',
|
|
'eth_submitWork',
|
|
'eth_syncing',
|
|
'eth_uninstallFilter',
|
|
'metamask_getProviderState',
|
|
'metamask_watchAsset',
|
|
'net_listening',
|
|
'net_peerCount',
|
|
'net_version',
|
|
'personal_ecRecover',
|
|
'personal_sign',
|
|
'wallet_watchAsset',
|
|
'web3_clientVersion',
|
|
'web3_sha3',
|
|
]);
|