Skip to content

feat: Add middleware to validate wallet_snap permission request #3838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Mrtenz merged 3 commits into from
Feb 4, 2026
Merged

feat: Add middleware to validate wallet_snap permission request #3838

Mrtenz merged 3 commits into from
Feb 4, 2026

Conversation

@Mrtenz
Copy link
Member

@Mrtenz Mrtenz commented Feb 3, 2026
edited by cursor bot
Loading

This adds middleware which validates wallet_snap permission requests. It ensures wallet_snap is not requested together with other permissions.

https://consensyssoftware.atlassian.net/browse/WPC-398

Note

Medium Risk
Adds new request-validation middleware for wallet_requestPermissions, which can reject previously-accepted multi-permission requests that include wallet_snap and may impact dapp compatibility.

Overview
Adds a new JSON-RPC middleware (createWalletSnapPermissionMiddleware) that validates wallet_requestPermissions and throws invalidParams when wallet_snap is requested together with any other permission.

Exports the middleware via src/middleware/index.ts, adds unit tests covering rejection/allow cases, and nudges Jest coverage thresholds to account for the new test file.

Written by Cursor Bugbot for commit 8c88edc. This will update automatically on new commits. Configure here.

@Mrtenz Mrtenz marked this pull request as ready for review February 3, 2026 14:22
@Mrtenz Mrtenz requested a review from a team as a code owner February 3, 2026 14:22
@codecov
Copy link

codecov bot commented Feb 3, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.47%. Comparing base (ce80114) to head (8c88edc).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3838   +/-   ##
=======================================
  Coverage   98.47%   98.47%           
=======================================
  Files         429      430    +1     
  Lines       12421    12433   +12     
  Branches     1924     1929    +5     
=======================================
+ Hits        12231    12243   +12     
  Misses        190      190

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Mrtenz Mrtenz enabled auto-merge February 3, 2026 14:31
FrederikBolding
FrederikBolding reviewed Feb 4, 2026
View reviewed changes
packages/snaps-rpc-methods/src/middleware/wallet-snap-permission.ts
*
* @returns The middleware.
*/
export function createWalletSnapPermissionMiddleware(): JsonRpcMiddleware<
Copy link
Member

@FrederikBolding FrederikBolding Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can v2 middlewares be dropped in where we need them in clients as-is?

Copy link
Member Author

@Mrtenz Mrtenz Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, there's a function to use it as legacy middleware.

Copy link
Member

@FrederikBolding FrederikBolding Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably make note to start converting our code to use v2

@Mrtenz Mrtenz added this pull request to the merge queue Feb 4, 2026
Merged via the queue into main with commit 2887a53 Feb 4, 2026
126 checks passed
@Mrtenz Mrtenz deleted the mrtenz/wallet-snap-middleware branch February 4, 2026 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FrederikBolding FrederikBolding FrederikBolding approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mrtenz @FrederikBolding