mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-12-23 09:52:26 +01:00
31cf7c10a4
# Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
85 lines
3.0 KiB
JavaScript
85 lines
3.0 KiB
JavaScript
import { createSelector } from 'reselect';
|
|
import { CaveatTypes } from '../../../../shared/constants/permissions';
|
|
|
|
/**
|
|
* This file contains selectors for PermissionController selector event
|
|
* subscriptions, used to detect whenever a subject's accounts change so that
|
|
* we can notify the subject via the `accountsChanged` provider event.
|
|
*/
|
|
|
|
/**
|
|
* @param {Record<string, Record<string, unknown>>} state - The
|
|
* PermissionController state.
|
|
* @returns {Record<string, unknown>} The PermissionController subjects.
|
|
*/
|
|
const getSubjects = (state) => state.subjects;
|
|
|
|
/**
|
|
* Get the permitted accounts for each subject, keyed by origin.
|
|
* The values of the returned map are immutable values from the
|
|
* PermissionController state.
|
|
*
|
|
* @returns {Map<string, string[]>} The current origin:accounts[] map.
|
|
*/
|
|
export const getPermittedAccountsByOrigin = createSelector(
|
|
getSubjects,
|
|
(subjects) => {
|
|
return Object.values(subjects).reduce((originToAccountsMap, subject) => {
|
|
const caveat = subject.permissions?.eth_accounts?.caveats.find(
|
|
({ type }) => type === CaveatTypes.restrictReturnedAccounts,
|
|
);
|
|
|
|
if (caveat) {
|
|
originToAccountsMap.set(subject.origin, caveat.value);
|
|
}
|
|
return originToAccountsMap;
|
|
}, new Map());
|
|
},
|
|
);
|
|
|
|
/**
|
|
* Given the current and previous exposed accounts for each PermissionController
|
|
* subject, returns a new map containing all accounts that have changed.
|
|
* The values of each map must be immutable values directly from the
|
|
* PermissionController state, or an empty array instantiated in this
|
|
* function.
|
|
*
|
|
* @param {Map<string, string[]>} newAccountsMap - The new origin:accounts[] map.
|
|
* @param {Map<string, string[]>} [previousAccountsMap] - The previous origin:accounts[] map.
|
|
* @returns {Map<string, string[]>} The origin:accounts[] map of changed accounts.
|
|
*/
|
|
export const getChangedAccounts = (newAccountsMap, previousAccountsMap) => {
|
|
if (previousAccountsMap === undefined) {
|
|
return newAccountsMap;
|
|
}
|
|
|
|
const changedAccounts = new Map();
|
|
if (newAccountsMap === previousAccountsMap) {
|
|
return changedAccounts;
|
|
}
|
|
|
|
const newOrigins = new Set([...newAccountsMap.keys()]);
|
|
|
|
for (const origin of previousAccountsMap.keys()) {
|
|
const newAccounts = newAccountsMap.get(origin) ?? [];
|
|
|
|
// The values of these maps are references to immutable values, which is why
|
|
// a strict equality check is enough for diffing. The values are either from
|
|
// PermissionController state, or an empty array initialized in the previous
|
|
// call to this function. `newAccountsMap` will never contain any empty
|
|
// arrays.
|
|
if (previousAccountsMap.get(origin) !== newAccounts) {
|
|
changedAccounts.set(origin, newAccounts);
|
|
}
|
|
|
|
newOrigins.delete(origin);
|
|
}
|
|
|
|
// By now, newOrigins is either empty or contains some number of previously
|
|
// unencountered origins, and all of their accounts have "changed".
|
|
for (const origin of newOrigins.keys()) {
|
|
changedAccounts.set(origin, newAccountsMap.get(origin));
|
|
}
|
|
return changedAccounts;
|
|
};
|