fix: CP-9331 add avacloud to whitelist (#63)

src/background/services/accounts/handlers/avalanche_getAddressesInRange.test.ts

@@ -35,12 +35,12 @@ describe('background/services/accounts/handlers/avalanche_getAddressesInRange.ts
     return handler.handleAuthenticated(request);
   };
 
-  const getPayload = (payload) =>
+  const getPayload = (payload, domain = 'core.app') =>
     ({
       id: '1234',
       method: DAppProviderRequest.AVALANCHE_GET_ADDRESSES_IN_RANGE,
       site: {
-        domain: 'core.app',
+        domain,
         tabId: 3,
       },
       ...payload,
@@ -146,6 +146,21 @@ describe('background/services/accounts/handlers/avalanche_getAddressesInRange.ts
         );
       });
 
+      it('should call `canSkipApproval` with whitelisted domains', async () => {
+        const EXPOSED_DOMAINS = [
+          'develop.avacloud-app.pages.dev',
+          'avacloud.io',
+          'staging--ava-cloud.avacloud-app.pages.dev',
+        ];
+        const request = getPayload({ params: [0, 0, 2, 2] });
+        await handleRequest(buildRpcCall(request));
+        expect(canSkipApproval).toHaveBeenCalledWith(
+          'core.app',
+          3,
+          EXPOSED_DOMAINS
+        );
+      });
+
       it('sets the limit to 0 if not provided', async () => {
         const { result } = await handleRequest(
           buildRpcCall(getPayload({ params: [0, 0] }))

src/background/services/accounts/handlers/avalanche_getAddressesInRange.ts

@@ -22,6 +22,12 @@ type Params = [
 ];
 import { AccountsService } from '../AccountsService';
 
+const EXPOSED_DOMAINS = [
+  'develop.avacloud-app.pages.dev',
+  'avacloud.io',
+  'staging--ava-cloud.avacloud-app.pages.dev',
+];
+
 @injectable()
 export class AvalancheGetAddressesInRangeHandler extends DAppRequestHandler<
   Params,
@@ -140,7 +146,13 @@ export class AvalancheGetAddressesInRangeHandler extends DAppRequestHandler<
         externalLimit: correctedExternalLimit,
       });
 
-      if (await canSkipApproval(request.site.domain, request.site.tabId)) {
+      if (
+        await canSkipApproval(
+          request.site.domain,
+          request.site.tabId,
+          EXPOSED_DOMAINS
+        )
+      ) {
         return {
           ...request,
           result: addresses,

src/background/services/network/utils/getSyncDomain.ts

@@ -7,8 +7,11 @@ const SYNCED_DOMAINS = [
   runtime.id,
 ];
 
-export const isSyncDomain = (domain: string) => {
-  return SYNCED_DOMAINS.some((syncDomain) => {
+export const isSyncDomain = (
+  domain: string,
+  exposedDomainList: string[] = []
+) => {
+  return [...SYNCED_DOMAINS, ...exposedDomainList].some((syncDomain) => {
     // Match exact domains, but also allow subdomains (i.e. develop.core-web.pages.dev)
     return syncDomain === domain || domain.endsWith(`.${syncDomain}`);
   });

src/utils/canSkipApproval.ts

@@ -3,9 +3,13 @@ import { isSyncDomain } from '@src/background/services/network/utils/getSyncDoma
 import { isActiveTab } from './isActiveTab';
 import { runtime } from 'webextension-polyfill';
 
-export const canSkipApproval = async (domain: string, tabId: number) => {
+export const canSkipApproval = async (
+  domain: string,
+  tabId: number,
+  exposedDomainList?: string[]
+) => {
   return (
-    isSyncDomain(domain) &&
+    isSyncDomain(domain, exposedDomainList) &&
     // chrome.tabs.get(...) does not see extension popup
     (domain === runtime.id || (await isActiveTab(tabId)))
   );