mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-10-22 19:26:13 +02:00
6f6984fa58
Our middleware for handling subscription and filter-related methods (`eth-json-rpc-filters`) currently lives in our RPC pipeline ahead of the network stack. This commit moves this middleware to the network client middleware instead. There are two reasons for this change. First, this middleware wraps RPC methods that are supported by the network. Second, it is necessary for this middleware to live with the network client so that it will aid us in unifying the NetworkController in this repo and the NetworkController in the `controllers` repo. Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
280 lines
8.6 KiB
JavaScript
280 lines
8.6 KiB
JavaScript
import {
|
|
constructPermission,
|
|
PermissionType,
|
|
} from '@metamask/permission-controller';
|
|
///: BEGIN:ONLY_INCLUDE_IN(flask)
|
|
import { endowmentCaveatSpecifications as snapsEndowmentCaveatSpecifications } from '@metamask/snaps-controllers';
|
|
import { caveatSpecifications as snapsCaveatsSpecifications } from '@metamask/rpc-methods';
|
|
///: END:ONLY_INCLUDE_IN
|
|
import {
|
|
CaveatTypes,
|
|
RestrictedMethods,
|
|
} from '../../../../shared/constants/permissions';
|
|
|
|
/**
|
|
* This file contains the specifications of the permissions and caveats
|
|
* that are recognized by our permission system. See the PermissionController
|
|
* README in @metamask/controllers for details.
|
|
*/
|
|
|
|
/**
|
|
* The "keys" of all of permissions recognized by the PermissionController.
|
|
* Permission keys and names have distinct meanings in the permission system.
|
|
*/
|
|
const PermissionKeys = Object.freeze({
|
|
...RestrictedMethods,
|
|
});
|
|
|
|
/**
|
|
* Factory functions for all caveat types recognized by the
|
|
* PermissionController.
|
|
*/
|
|
const CaveatFactories = Object.freeze({
|
|
[CaveatTypes.restrictReturnedAccounts]: (accounts) => {
|
|
return { type: CaveatTypes.restrictReturnedAccounts, value: accounts };
|
|
},
|
|
});
|
|
|
|
/**
|
|
* A PreferencesController identity object.
|
|
*
|
|
* @typedef {object} Identity
|
|
* @property {string} address - The address of the identity.
|
|
* @property {string} name - The name of the identity.
|
|
* @property {number} [lastSelected] - Unix timestamp of when the identity was
|
|
* last selected in the UI.
|
|
*/
|
|
|
|
/**
|
|
* Gets the specifications for all caveats that will be recognized by the
|
|
* PermissionController.
|
|
*
|
|
* @param {{
|
|
* getIdentities: () => Record<string, Identity>,
|
|
* }} options - Options bag.
|
|
*/
|
|
export const getCaveatSpecifications = ({ getIdentities }) => {
|
|
return {
|
|
[CaveatTypes.restrictReturnedAccounts]: {
|
|
type: CaveatTypes.restrictReturnedAccounts,
|
|
|
|
decorator: (method, caveat) => {
|
|
return async (args) => {
|
|
const result = await method(args);
|
|
return result
|
|
.filter((account) => caveat.value.includes(account))
|
|
.slice(0, 1);
|
|
};
|
|
},
|
|
|
|
validator: (caveat, _origin, _target) =>
|
|
validateCaveatAccounts(caveat.value, getIdentities),
|
|
},
|
|
|
|
///: BEGIN:ONLY_INCLUDE_IN(flask)
|
|
...snapsCaveatsSpecifications,
|
|
...snapsEndowmentCaveatSpecifications,
|
|
///: END:ONLY_INCLUDE_IN
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Gets the specifications for all permissions that will be recognized by the
|
|
* PermissionController.
|
|
*
|
|
* @param {{
|
|
* getAllAccounts: () => Promise<string[]>,
|
|
* getIdentities: () => Record<string, Identity>,
|
|
* }} options - Options bag.
|
|
* @param options.getAllAccounts - A function that returns all Ethereum accounts
|
|
* in the current MetaMask instance.
|
|
* @param options.getIdentities - A function that returns the
|
|
* `PreferencesController` identity objects for all Ethereum accounts in the
|
|
* @param options.captureKeyringTypesWithMissingIdentities - A function that
|
|
* captures extra error information about the "Missing identity for address"
|
|
* error.
|
|
* current MetaMask instance.
|
|
*/
|
|
export const getPermissionSpecifications = ({
|
|
getAllAccounts,
|
|
getIdentities,
|
|
captureKeyringTypesWithMissingIdentities,
|
|
}) => {
|
|
return {
|
|
[PermissionKeys.eth_accounts]: {
|
|
permissionType: PermissionType.RestrictedMethod,
|
|
targetKey: PermissionKeys.eth_accounts,
|
|
allowedCaveats: [CaveatTypes.restrictReturnedAccounts],
|
|
|
|
factory: (permissionOptions, requestData) => {
|
|
if (Array.isArray(permissionOptions.caveats)) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Received unexpected caveats. Any permitted caveats will be added automatically.`,
|
|
);
|
|
}
|
|
|
|
// This value will be further validated as part of the caveat.
|
|
if (!requestData.approvedAccounts) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: No approved accounts specified.`,
|
|
);
|
|
}
|
|
|
|
return constructPermission({
|
|
...permissionOptions,
|
|
caveats: [
|
|
CaveatFactories[CaveatTypes.restrictReturnedAccounts](
|
|
requestData.approvedAccounts,
|
|
),
|
|
],
|
|
});
|
|
},
|
|
|
|
methodImplementation: async (_args) => {
|
|
const accounts = await getAllAccounts();
|
|
const identities = getIdentities();
|
|
|
|
return accounts.sort((firstAddress, secondAddress) => {
|
|
if (!identities[firstAddress]) {
|
|
captureKeyringTypesWithMissingIdentities(identities, accounts);
|
|
throw new Error(`Missing identity for address: "${firstAddress}".`);
|
|
} else if (!identities[secondAddress]) {
|
|
captureKeyringTypesWithMissingIdentities(identities, accounts);
|
|
throw new Error(
|
|
`Missing identity for address: "${secondAddress}".`,
|
|
);
|
|
} else if (
|
|
identities[firstAddress].lastSelected ===
|
|
identities[secondAddress].lastSelected
|
|
) {
|
|
return 0;
|
|
} else if (identities[firstAddress].lastSelected === undefined) {
|
|
return 1;
|
|
} else if (identities[secondAddress].lastSelected === undefined) {
|
|
return -1;
|
|
}
|
|
|
|
return (
|
|
identities[secondAddress].lastSelected -
|
|
identities[firstAddress].lastSelected
|
|
);
|
|
});
|
|
},
|
|
|
|
validator: (permission, _origin, _target) => {
|
|
const { caveats } = permission;
|
|
if (
|
|
!caveats ||
|
|
caveats.length !== 1 ||
|
|
caveats[0].type !== CaveatTypes.restrictReturnedAccounts
|
|
) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Invalid caveats. There must be a single caveat of type "${CaveatTypes.restrictReturnedAccounts}".`,
|
|
);
|
|
}
|
|
},
|
|
},
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Validates the accounts associated with a caveat. In essence, ensures that
|
|
* the accounts value is an array of non-empty strings, and that each string
|
|
* corresponds to a PreferencesController identity.
|
|
*
|
|
* @param {string[]} accounts - The accounts associated with the caveat.
|
|
* @param {() => Record<string, Identity>} getIdentities - Gets all
|
|
* PreferencesController identities.
|
|
*/
|
|
function validateCaveatAccounts(accounts, getIdentities) {
|
|
if (!Array.isArray(accounts) || accounts.length === 0) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Expected non-empty array of Ethereum addresses.`,
|
|
);
|
|
}
|
|
|
|
const identities = getIdentities();
|
|
accounts.forEach((address) => {
|
|
if (!address || typeof address !== 'string') {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Expected an array of Ethereum addresses. Received: "${address}".`,
|
|
);
|
|
}
|
|
|
|
if (!identities[address]) {
|
|
throw new Error(
|
|
`${PermissionKeys.eth_accounts} error: Received unrecognized address: "${address}".`,
|
|
);
|
|
}
|
|
});
|
|
}
|
|
|
|
/**
|
|
* All unrestricted methods recognized by the PermissionController.
|
|
* Unrestricted methods are ignored by the permission system, but every
|
|
* JSON-RPC request seen by the permission system must correspond to a
|
|
* restricted or unrestricted method, or the request will be rejected with a
|
|
* "method not found" error.
|
|
*/
|
|
export const unrestrictedMethods = Object.freeze([
|
|
'eth_blockNumber',
|
|
'eth_call',
|
|
'eth_chainId',
|
|
'eth_coinbase',
|
|
'eth_decrypt',
|
|
'eth_estimateGas',
|
|
'eth_feeHistory',
|
|
'eth_gasPrice',
|
|
'eth_getBalance',
|
|
'eth_getBlockByHash',
|
|
'eth_getBlockByNumber',
|
|
'eth_getBlockTransactionCountByHash',
|
|
'eth_getBlockTransactionCountByNumber',
|
|
'eth_getCode',
|
|
'eth_getEncryptionPublicKey',
|
|
'eth_getFilterChanges',
|
|
'eth_getFilterLogs',
|
|
'eth_getLogs',
|
|
'eth_getProof',
|
|
'eth_getStorageAt',
|
|
'eth_getTransactionByBlockHashAndIndex',
|
|
'eth_getTransactionByBlockNumberAndIndex',
|
|
'eth_getTransactionByHash',
|
|
'eth_getTransactionCount',
|
|
'eth_getTransactionReceipt',
|
|
'eth_getUncleByBlockHashAndIndex',
|
|
'eth_getUncleByBlockNumberAndIndex',
|
|
'eth_getUncleCountByBlockHash',
|
|
'eth_getUncleCountByBlockNumber',
|
|
'eth_getWork',
|
|
'eth_hashrate',
|
|
'eth_mining',
|
|
'eth_newBlockFilter',
|
|
'eth_newFilter',
|
|
'eth_newPendingTransactionFilter',
|
|
'eth_protocolVersion',
|
|
'eth_sendRawTransaction',
|
|
'eth_sendTransaction',
|
|
'eth_sign',
|
|
'eth_signTypedData',
|
|
'eth_signTypedData_v1',
|
|
'eth_signTypedData_v3',
|
|
'eth_signTypedData_v4',
|
|
'eth_subscribe',
|
|
'eth_submitHashrate',
|
|
'eth_submitWork',
|
|
'eth_syncing',
|
|
'eth_uninstallFilter',
|
|
'eth_unsubscribe',
|
|
'metamask_getProviderState',
|
|
'metamask_watchAsset',
|
|
'net_listening',
|
|
'net_peerCount',
|
|
'net_version',
|
|
'personal_ecRecover',
|
|
'personal_sign',
|
|
'wallet_watchAsset',
|
|
'web3_clientVersion',
|
|
'web3_sha3',
|
|
]);
|