You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
378 lines
10 KiB
378 lines
10 KiB
5 years ago
|
const JsonRpcEngine = require('json-rpc-engine')
|
||
|
const asMiddleware = require('json-rpc-engine/src/asMiddleware')
|
||
|
const ObservableStore = require('obs-store')
|
||
|
const RpcCap = require('rpc-cap').CapabilitiesController
|
||
|
const { ethErrors } = require('eth-json-rpc-errors')
|
||
|
|
||
|
const getRestrictedMethods = require('./restrictedMethods')
|
||
|
const createMethodMiddleware = require('./methodMiddleware')
|
||
|
const createLoggerMiddleware = require('./loggerMiddleware')
|
||
|
|
||
|
// Methods that do not require any permissions to use:
|
||
|
const SAFE_METHODS = require('./permissions-safe-methods.json')
|
||
|
|
||
|
// some constants
|
||
|
const METADATA_STORE_KEY = 'domainMetadata'
|
||
|
const LOG_STORE_KEY = 'permissionsLog'
|
||
|
const HISTORY_STORE_KEY = 'permissionsHistory'
|
||
|
const WALLET_METHOD_PREFIX = 'wallet_'
|
||
|
const CAVEAT_NAMES = {
|
||
|
exposedAccounts: 'exposedAccounts',
|
||
|
}
|
||
|
const ACCOUNTS_CHANGED_NOTIFICATION = 'wallet_accountsChanged'
|
||
|
|
||
|
class PermissionsController {
|
||
|
|
||
|
constructor (
|
||
|
{
|
||
|
platform, notifyDomain, notifyAllDomains, keyringController,
|
||
|
} = {},
|
||
|
restoredPermissions = {},
|
||
|
restoredState = {}) {
|
||
|
this.store = new ObservableStore({
|
||
|
[METADATA_STORE_KEY]: restoredState[METADATA_STORE_KEY] || {},
|
||
|
[LOG_STORE_KEY]: restoredState[LOG_STORE_KEY] || [],
|
||
|
[HISTORY_STORE_KEY]: restoredState[HISTORY_STORE_KEY] || {},
|
||
|
})
|
||
|
this.notifyDomain = notifyDomain
|
||
|
this.notifyAllDomains = notifyAllDomains
|
||
|
this.keyringController = keyringController
|
||
|
this._platform = platform
|
||
|
this._restrictedMethods = getRestrictedMethods(this)
|
||
|
this._initializePermissions(restoredPermissions)
|
||
|
}
|
||
|
|
||
|
createMiddleware ({ origin, extensionId }) {
|
||
|
|
||
|
if (extensionId) {
|
||
|
this.store.updateState({
|
||
|
[METADATA_STORE_KEY]: {
|
||
|
...this.store.getState()[METADATA_STORE_KEY],
|
||
|
[origin]: { extensionId },
|
||
|
},
|
||
|
})
|
||
|
}
|
||
|
|
||
|
const engine = new JsonRpcEngine()
|
||
|
|
||
|
engine.push(createLoggerMiddleware({
|
||
|
walletPrefix: WALLET_METHOD_PREFIX,
|
||
|
restrictedMethods: Object.keys(this._restrictedMethods),
|
||
|
ignoreMethods: [ 'wallet_sendDomainMetadata' ],
|
||
|
store: this.store,
|
||
|
logStoreKey: LOG_STORE_KEY,
|
||
|
historyStoreKey: HISTORY_STORE_KEY,
|
||
|
}))
|
||
|
|
||
|
engine.push(createMethodMiddleware({
|
||
|
store: this.store,
|
||
|
storeKey: METADATA_STORE_KEY,
|
||
|
getAccounts: this.getAccounts.bind(this, origin),
|
||
|
requestAccountsPermission: this._requestPermissions.bind(
|
||
|
this, origin, { eth_accounts: {} }
|
||
|
),
|
||
|
}))
|
||
|
|
||
|
engine.push(this.permissions.providerMiddlewareFunction.bind(
|
||
|
this.permissions, { origin }
|
||
|
))
|
||
|
return asMiddleware(engine)
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Returns the accounts that should be exposed for the given origin domain,
|
||
|
* if any. This method exists for when a trusted context needs to know
|
||
|
* which accounts are exposed to a given domain.
|
||
|
*
|
||
|
* @param {string} origin - The origin string.
|
||
|
*/
|
||
|
getAccounts (origin) {
|
||
|
return new Promise((resolve, _) => {
|
||
|
|
||
|
const req = { method: 'eth_accounts' }
|
||
|
const res = {}
|
||
|
this.permissions.providerMiddlewareFunction(
|
||
|
{ origin }, req, res, () => {}, _end
|
||
|
)
|
||
|
|
||
|
function _end () {
|
||
|
if (res.error || !Array.isArray(res.result)) {
|
||
|
resolve([])
|
||
|
} else {
|
||
|
resolve(res.result)
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Submits a permissions request to rpc-cap. Internal use only.
|
||
|
*
|
||
|
* @param {string} origin - The origin string.
|
||
|
* @param {IRequestedPermissions} permissions - The requested permissions.
|
||
|
*/
|
||
|
_requestPermissions (origin, permissions) {
|
||
|
return new Promise((resolve, reject) => {
|
||
|
|
||
|
const req = { method: 'wallet_requestPermissions', params: [permissions] }
|
||
|
const res = {}
|
||
|
this.permissions.providerMiddlewareFunction(
|
||
|
{ origin }, req, res, () => {}, _end
|
||
|
)
|
||
|
|
||
|
function _end (err) {
|
||
|
if (err || res.error) {
|
||
|
reject(err || res.error)
|
||
|
} else {
|
||
|
resolve(res.result)
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* User approval callback. The request can fail if the request is invalid.
|
||
|
*
|
||
|
* @param {object} approved the approved request object
|
||
|
*/
|
||
|
async approvePermissionsRequest (approved, accounts) {
|
||
|
|
||
|
const { id } = approved.metadata
|
||
|
const approval = this.pendingApprovals[id]
|
||
|
|
||
|
try {
|
||
|
|
||
|
// attempt to finalize the request and resolve it
|
||
|
await this.finalizePermissionsRequest(approved.permissions, accounts)
|
||
|
approval.resolve(approved.permissions)
|
||
|
|
||
|
} catch (err) {
|
||
|
|
||
|
// if finalization fails, reject the request
|
||
|
approval.reject(ethErrors.rpc.invalidRequest({
|
||
|
message: err.message, data: err,
|
||
|
}))
|
||
|
}
|
||
|
|
||
|
delete this.pendingApprovals[id]
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* User rejection callback.
|
||
|
*
|
||
|
* @param {string} id the id of the rejected request
|
||
|
*/
|
||
|
async rejectPermissionsRequest (id) {
|
||
|
const approval = this.pendingApprovals[id]
|
||
|
approval.reject(ethErrors.provider.userRejectedRequest())
|
||
|
delete this.pendingApprovals[id]
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Grants the given origin the eth_accounts permission for the given account(s).
|
||
|
* This method should ONLY be called as a result of direct user action in the UI,
|
||
|
* with the intention of supporting legacy dapps that don't support EIP 1102.
|
||
|
*
|
||
|
* @param {string} origin - The origin to expose the account(s) to.
|
||
|
* @param {Array<string>} accounts - The account(s) to expose.
|
||
|
*/
|
||
|
async legacyExposeAccounts (origin, accounts) {
|
||
|
|
||
|
const permissions = {
|
||
|
eth_accounts: {},
|
||
|
}
|
||
|
|
||
|
await this.finalizePermissionsRequest(permissions, accounts)
|
||
|
|
||
|
let error
|
||
|
try {
|
||
|
await new Promise((resolve, reject) => {
|
||
|
this.permissions.grantNewPermissions(origin, permissions, {}, err => err ? resolve() : reject(err))
|
||
|
})
|
||
|
} catch (err) {
|
||
|
error = err
|
||
|
}
|
||
|
|
||
|
if (error) {
|
||
|
if (error.code === 4001) {
|
||
|
throw error
|
||
|
} else {
|
||
|
throw ethErrors.rpc.internal({
|
||
|
message: `Failed to add 'eth_accounts' to '${origin}'.`,
|
||
|
data: {
|
||
|
originalError: error,
|
||
|
accounts,
|
||
|
},
|
||
|
})
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Update the accounts exposed to the given origin.
|
||
|
* Throws error if the update fails.
|
||
|
*
|
||
|
* @param {string} origin - The origin to change the exposed accounts for.
|
||
|
* @param {string[]} accounts - The new account(s) to expose.
|
||
|
*/
|
||
|
async updateExposedAccounts (origin, accounts) {
|
||
|
|
||
|
await this.validateExposedAccounts(accounts)
|
||
|
|
||
|
this.permissions.updateCaveatFor(
|
||
|
origin, 'eth_accounts', CAVEAT_NAMES.exposedAccounts, accounts
|
||
|
)
|
||
|
|
||
|
this.notifyDomain(origin, {
|
||
|
method: ACCOUNTS_CHANGED_NOTIFICATION,
|
||
|
result: accounts,
|
||
|
})
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Finalizes a permissions request.
|
||
|
* Throws if request validation fails.
|
||
|
*
|
||
|
* @param {Object} requestedPermissions - The requested permissions.
|
||
|
* @param {string[]} accounts - The accounts to expose, if any.
|
||
|
*/
|
||
|
async finalizePermissionsRequest (requestedPermissions, accounts) {
|
||
|
|
||
|
const { eth_accounts: ethAccounts } = requestedPermissions
|
||
|
|
||
|
if (ethAccounts) {
|
||
|
|
||
|
await this.validateExposedAccounts(accounts)
|
||
|
|
||
|
if (!ethAccounts.caveats) {
|
||
|
ethAccounts.caveats = []
|
||
|
}
|
||
|
|
||
|
// caveat names are unique, and we will only construct this caveat here
|
||
|
ethAccounts.caveats = ethAccounts.caveats.filter(c => (
|
||
|
c.name !== CAVEAT_NAMES.exposedAccounts
|
||
|
))
|
||
|
|
||
|
ethAccounts.caveats.push(
|
||
|
{
|
||
|
type: 'filterResponse',
|
||
|
value: accounts,
|
||
|
name: CAVEAT_NAMES.exposedAccounts,
|
||
|
},
|
||
|
)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Validate an array of accounts representing accounts to be exposed
|
||
|
* to a domain. Throws error if validation fails.
|
||
|
*
|
||
|
* @param {string[]} accounts - An array of addresses.
|
||
|
*/
|
||
|
async validateExposedAccounts (accounts) {
|
||
|
|
||
|
if (!Array.isArray(accounts) || accounts.length === 0) {
|
||
|
throw new Error('Must provide non-empty array of account(s).')
|
||
|
}
|
||
|
|
||
|
// assert accounts exist
|
||
|
const allAccounts = await this.keyringController.getAccounts()
|
||
|
accounts.forEach(acc => {
|
||
|
if (!allAccounts.includes(acc)) {
|
||
|
throw new Error(`Unknown account: ${acc}`)
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Removes the given permissions for the given domain.
|
||
|
* @param {object} domains { origin: [permissions] }
|
||
|
*/
|
||
|
removePermissionsFor (domains) {
|
||
|
|
||
|
Object.entries(domains).forEach(([origin, perms]) => {
|
||
|
|
||
|
this.permissions.removePermissionsFor(
|
||
|
origin,
|
||
|
perms.map(methodName => {
|
||
|
|
||
|
if (methodName === 'eth_accounts') {
|
||
|
this.notifyDomain(
|
||
|
origin,
|
||
|
{ method: ACCOUNTS_CHANGED_NOTIFICATION, result: [] }
|
||
|
)
|
||
|
}
|
||
|
|
||
|
return { parentCapability: methodName }
|
||
|
})
|
||
|
)
|
||
|
})
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Removes all known domains and their related permissions.
|
||
|
*/
|
||
|
clearPermissions () {
|
||
|
this.permissions.clearDomains()
|
||
|
this.notifyAllDomains({
|
||
|
method: ACCOUNTS_CHANGED_NOTIFICATION,
|
||
|
result: [],
|
||
|
})
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* A convenience method for retrieving a login object
|
||
|
* or creating a new one if needed.
|
||
|
*
|
||
|
* @param {string} origin = The origin string representing the domain.
|
||
|
*/
|
||
|
_initializePermissions (restoredState) {
|
||
|
|
||
|
// these permission requests are almost certainly stale
|
||
|
const initState = { ...restoredState, permissionsRequests: [] }
|
||
|
|
||
|
this.pendingApprovals = {}
|
||
|
|
||
|
this.permissions = new RpcCap({
|
||
|
|
||
|
// Supports passthrough methods:
|
||
|
safeMethods: SAFE_METHODS,
|
||
|
|
||
|
// optional prefix for internal methods
|
||
|
methodPrefix: WALLET_METHOD_PREFIX,
|
||
|
|
||
|
restrictedMethods: this._restrictedMethods,
|
||
|
|
||
|
/**
|
||
|
* A promise-returning callback used to determine whether to approve
|
||
|
* permissions requests or not.
|
||
|
*
|
||
|
* Currently only returns a boolean, but eventually should return any
|
||
|
* specific parameters or amendments to the permissions.
|
||
|
*
|
||
|
* @param {string} req - The internal rpc-cap user request object.
|
||
|
*/
|
||
|
requestUserApproval: async (req) => {
|
||
|
const { metadata: { id } } = req
|
||
|
|
||
|
this._platform.openExtensionInBrowser('connect')
|
||
|
|
||
|
return new Promise((resolve, reject) => {
|
||
|
this.pendingApprovals[id] = { resolve, reject }
|
||
|
})
|
||
|
},
|
||
|
}, initState)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
module.exports = {
|
||
|
PermissionsController,
|
||
|
addInternalMethodPrefix: prefix,
|
||
|
CAVEAT_NAMES,
|
||
|
}
|
||
|
|
||
|
|
||
|
function prefix (method) {
|
||
|
return WALLET_METHOD_PREFIX + method
|
||
|
}
|