refactor(snaps-rpc-methods)!: Use messenger for restricted method implementations#3968
refactor(snaps-rpc-methods)!: Use messenger for restricted method implementations#3968FrederikBolding wants to merge 19 commits intomainfrom
Conversation
FrederikBolding
force-pushed
the
fb/restricted-methods-messenger
branch
from
e80f1b8 to
bd01104
Compare
FrederikBolding
changed the title
| actionNames: [ | ||
| 'ApprovalController:addRequest', | ||
| 'SnapInterfaceController:createInterface', | ||
| 'SnapInterfaceController:getInterface', | ||
| 'SnapInterfaceController:setInterfaceDisplayed', | ||
| ], |
There was a problem hiding this comment.
Maybe to match the UI messenger:
| actionNames: [ | |
| 'ApprovalController:addRequest', | |
| 'SnapInterfaceController:createInterface', | |
| 'SnapInterfaceController:getInterface', | |
| 'SnapInterfaceController:setInterfaceDisplayed', | |
| ], | |
| capabilities: { | |
| actions: [ | |
| 'ApprovalController:addRequest', | |
| 'SnapInterfaceController:createInterface', | |
| 'SnapInterfaceController:getInterface', | |
| 'SnapInterfaceController:setInterfaceDisplayed', | |
| ], | |
| } |
There was a problem hiding this comment.
createRestrictedMethodMessenger uses the actionNames naming, that's why I chose to name it like that for the specifications. Do you think it is cleaner to do: actionNames: capabilities.actions?
There was a problem hiding this comment.
No strong opinion, actionNames is fine with me.
FrederikBolding
changed the title
| ( | ||
| specifications, | ||
| // @ts-expect-error TypeScript is not convinced methodHooks and actionNames exist | ||
| { targetName, specificationBuilder, methodHooks, actionNames }, | ||
| ) => { | ||
| if (!excludedPermissions.includes(targetName)) { | ||
| specifications[targetName] = specificationBuilder({ | ||
| // @ts-expect-error The selectHooks type is wonky | ||
| methodHooks: selectHooks(hooks, methodHooks), | ||
| // @ts-expect-error Messenger type cannot be narrowed correctly | ||
| messenger: createRestrictedMethodMessenger({ | ||
| namespace: targetName, | ||
| rootMessenger: messenger, | ||
| actionNames, | ||
| }), | ||
| }); | ||
| } | ||
| return specifications; | ||
| }, |
There was a problem hiding this comment.
Suggestions welcome for how to satisfy TypeScript here 🫠
FrederikBolding
force-pushed
the
fb/restricted-methods-messenger
branch
from
37fbc73 to
5aa93a9
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3968 +/- ##
==========================================
+ Coverage 98.56% 98.58% +0.02%
==========================================
Files 429 427 -2
Lines 12365 12399 +34
Branches 1944 1948 +4
==========================================
+ Hits 12187 12223 +36
+ Misses 178 176 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| const { content, message, title, footerLink } = | ||
| validatedParams as NotificationArgs & { | ||
| content?: string; | ||
| title?: string; | ||
| footerLink?: { href: string; text: string }; | ||
| }; |
There was a problem hiding this comment.
This mess is copied from the extension, suggestions for improvements welcome 🫠
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c0bd4e3. Configure here.
| getUnlockPromise, | ||
| getClientCryptography, | ||
| }: GetBip32EntropyMethodHooks) { | ||
| methodHooks: { getUnlockPromise, getClientCryptography }, |
There was a problem hiding this comment.
Wondering if we should add an action to the Snap controller for this, so we can fully remove the hooks?
| | ManageStateMessengerActions | ||
| | NotifyMessengerActions; | ||
|
|
||
| export type RestrictedMethodMessenger = Messenger< |
There was a problem hiding this comment.
Does this mean we create a messenger that has access to all the actions used by these methods? Should it be scoped to individual methods?
| isOnPhishingList: (url: string) => boolean; | ||
|
|
||
| maybeUpdatePhishingList: () => Promise<void>; |
There was a problem hiding this comment.
Can't we get this from the phishing controller?
| // @ts-expect-error TypeScript is not convinced methodHooks and actionNames exist | ||
| { targetName, specificationBuilder, methodHooks, actionNames }, |
There was a problem hiding this comment.
Hmm, this doesn't seem ideal 😅. I can take a look tomorrow.
There was a problem hiding this comment.
I don't love that we have to copy (and maintain) a bunch of types. We should definitely reconsider a messenger types package for each controller.
2 participants
Migrate the restricted method implementations to use the
messengerwhere applicable.https://consensyssoftware.atlassian.net/browse/WPC-995
Note
Medium Risk
Refactors multiple security- and UX-sensitive restricted RPC methods (entropy/key derivation, state storage, dialogs/notifications) to route through the controller
Messenger, which could change call wiring and error behavior if action names/arguments are mismatched.Overview
Refactors restricted method implementations to use the controller
Messengerinstead of direct hook functions.buildSnapRestrictedMethodSpecificationsnow requires a rootRestrictedMethodMessengerand creates per-method restricted messengers viacreateRestrictedMethodMessenger, using each method’s declaredactionNames.Updates the affected restricted methods (e.g.,
snap_dialog,snap_notify,wallet_snap,snap_manageState, and entropy/BIP derivation methods) to call controller actions likeApprovalController:addRequest,SnapController:*,SnapInterfaceController:*,RateLimitController:call, andKeyringController:withKeyring. Adds centralized action typings insrc/types.tsand newutils.tshelpers (getMnemonic,getMnemonicSeed) for keyring-backed entropy access, with expanded tests and a few simulation hook removals/adjustments.Reviewed by Cursor Bugbot for commit 91050f5. Bugbot is set up for automated code reviews on this repo. Configure here.