Skip to content
This repository has been archived by the owner on Jun 21, 2023. It is now read-only.

Commit

Permalink
Merge pull request #48 from PureStake/fxg/limit-origin
Browse files Browse the repository at this point in the history 
Tasks now separated by origin's tabID
  • Loading branch information
@fgamundi
fgamundi committed Aug 12, 2020
2 parents 9046165 + 6bf00dd commit 887e9ce
Show file tree
Hide file tree
Showing 9 changed files with 83 additions and 60 deletions.
4 changes: 0 additions & 4 deletions packages/common/src/messaging/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,6 @@ export enum JsonRpcMethod {

}

export enum SupportedAlgod {
Status = "status"
}

export type JsonPayload = {[key: string]: string | number | JsonPayload | undefined};

export type JsonRpcBody = {
Expand Down
7 changes: 0 additions & 7 deletions packages/common/src/types.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
import {SupportedAlgod} from './messaging/types';

export enum RequestErrors {
None,
NotAuthorized = '[RequestErrors.NotAuthorized] The extension user does not authorize the request.',
Expand All @@ -21,8 +19,3 @@ export type Transaction = {
readonly note?: Note;
readonly to: TAccount;
}

export type AlgodRequest = {
readonly method: SupportedAlgod;
readonly params: {[key: string]: string | number | undefined};
}
4 changes: 2 additions & 2 deletions packages/dapp/src/fn/interfaces.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import {RequestErrors,Transaction} from '@algosigner/common/types';
import {JsonPayload,SupportedAlgod} from '@algosigner/common/messaging/types';
import { RequestErrors, Transaction } from '@algosigner/common/types';
import { JsonPayload } from '@algosigner/common/messaging/types';

export interface ITask {
sign(p: Transaction, e: RequestErrors): Promise<JsonPayload>;
Expand Down
6 changes: 3 additions & 3 deletions packages/dapp/src/fn/task.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ import {ITask} from './interfaces';

import {MessageBuilder} from '../messaging/builder';

import {AlgodRequest,Transaction,RequestErrors} from '@algosigner/common/types';
import {JsonRpcMethod,JsonPayload,SupportedAlgod} from '@algosigner/common/messaging/types';
import {Runtime} from '@algosigner/common/runtime/runtime';
import { Transaction, RequestErrors } from '@algosigner/common/types';
import { JsonRpcMethod, JsonPayload } from '@algosigner/common/messaging/types';
import { Runtime } from '@algosigner/common/runtime/runtime';

export class Task extends Runtime implements ITask {

Expand Down
5 changes: 3 additions & 2 deletions packages/extension/src/background/messaging/api.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ export class MessageApi {
break;
}
}
public static send(d: any,active_tab: boolean = true) {
public static send(d: any) {
console.log('SENDING', d)
var tab_id = d.originTabID || 0;
extensionBrowser.tabs.sendMessage(tab_id, d);
}
}
}
9 changes: 0 additions & 9 deletions packages/extension/src/background/messaging/handler.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,15 +96,6 @@ export class OnMessageHandler extends RequestValidation {
}
}
break;
// A response message for a extension to dapp request
case MessageSource.Router:
if(Task.isAuthorized(request.origin) && id in OnMessageHandler.events){
OnMessageHandler.events[id]();
setTimeout(function(){
delete OnMessageHandler.events[id];
},1000);
}
break;
}
}
}
Expand Down
56 changes: 39 additions & 17 deletions packages/extension/src/background/messaging/task.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,9 @@ import {extensionBrowser} from '@algosigner/common/chrome';
import {logging} from '@algosigner/common/logging';



export class Task {

private static request: {[key: string]: any} = {};
private static requests: {[key: string]: any} = {};
private static authorized_pool: Array<string> = [];

public static isAuthorized(origin: string): boolean {
Expand All @@ -29,13 +28,29 @@ export class Task {
public static build(request: any) {
let body = request.body;
let method = body.method;
return new Promise((resolve,reject) => {

// Check if there's a previous request from the same origin
if (request.originTabID in Task.requests)
return new Promise((resolve,reject) => {
request.error = 'Another query processing';
reject(request);
});
else
Task.requests[request.originTabID] = request;

let prom = new Promise((resolve,reject) => {
Task.methods().public[method](
request,
resolve,
reject
);
})

prom.finally(() => {
delete Task.requests[request.originTabID];
});

return prom
}

public static methods(): {
Expand All @@ -47,6 +62,10 @@ export class Task {
'public': {
// authorization
[JsonRpcMethod.Authorization]: (d: any) => {
// Delete any previous request made from the Tab that it's
// trying to connect.
delete Task.requests[d.originTabID];

// If access was already granted, authorize connection.
if(Task.isAuthorized(d.origin)){
d.response = {};
Expand All @@ -60,7 +79,7 @@ export class Task {
height: 550 + 34
}, function (w: any) {
if(w) {
Task.request = {
Task.requests[d.originTabID] = {
window_id: w.id,
message:d
};
Expand Down Expand Up @@ -108,7 +127,7 @@ export class Task {
height: 550 + 34
}, function (w) {
if(w) {
Task.request = {
Task.requests[d.originTabID] = {
window_id: w.id,
message: d
};
Expand All @@ -130,7 +149,7 @@ export class Task {
height: 550 + 34
}, function (w) {
if(w) {
Task.request = {
Task.requests[d.originTabID] = {
window_id: w.id,
message: d
};
Expand Down Expand Up @@ -260,13 +279,14 @@ export class Task {
},
'private': {
// authorization-allow
[JsonRpcMethod.AuthorizationAllow]: () => {
let auth = Task.request;
[JsonRpcMethod.AuthorizationAllow]: (d) => {
const { responseOriginTabID } = d.body.params;
let auth = Task.requests[responseOriginTabID];
let message = auth.message;

extensionBrowser.windows.remove(auth.window_id);
Task.authorized_pool.push(message.origin);
Task.request = {};
delete Task.requests[responseOriginTabID];

setTimeout(() => {
// Response needed
Expand All @@ -275,13 +295,14 @@ export class Task {
}, 100);
},
// authorization-deny
[JsonRpcMethod.AuthorizationDeny]: () => {
let auth = Task.request;
[JsonRpcMethod.AuthorizationDeny]: (d) => {
const { responseOriginTabID } = d.body.params;
let auth = Task.requests[responseOriginTabID];
let message = auth.message;

auth.message.error = RequestErrors.NotAuthorized;
extensionBrowser.windows.remove(auth.window_id);
Task.request = {};
delete Task.requests[responseOriginTabID];

setTimeout(() => {
MessageApi.send(message);
Expand All @@ -291,7 +312,8 @@ export class Task {
'extension' : {
// sign-allow
[JsonRpcMethod.SignAllow]: (request: any, sendResponse: Function) => {
let auth = Task.request;
const { passphrase, responseOriginTabID } = request.body.params;
let auth = Task.requests[responseOriginTabID];
let message = auth.message;

const { from,
Expand All @@ -303,7 +325,6 @@ export class Task {
genesisID,
genesisHash,
note } = message.body.params;
const { passphrase } = request.body.params;

let ledger
switch (genesisID) {
Expand Down Expand Up @@ -349,7 +370,7 @@ export class Task {
let signedTxn = algosdk.signTransaction(txn, recoveredAccount.sk);

// Clean class saved request
Task.request = {};
delete Task.requests[responseOriginTabID];

message.response = {
txID: signedTxn.txID,
Expand All @@ -360,12 +381,13 @@ export class Task {
return true;
},
[JsonRpcMethod.SignDeny]: (request: any, sendResponse: Function) => {
let auth = Task.request;
const { responseOriginTabID } = request.body.params;
let auth = Task.requests[responseOriginTabID];
let message = auth.message;

auth.message.error = RequestErrors.NotAuthorized;
extensionBrowser.windows.remove(auth.window_id);
Task.request = {};
delete Task.requests[responseOriginTabID];

setTimeout(() => {
MessageApi.send(message);
Expand Down
29 changes: 17 additions & 12 deletions packages/ui/src/pages/Authorize.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,19 @@ import logotype from 'assets/logotype.png'

function deny() {
chrome.runtime.sendMessage({
source:'extension',
body:{
jsonrpc: '2.0',
method:'authorization-deny',
params:[],
id: (+new Date).toString(16)
source: 'extension',
body: {
jsonrpc: '2.0',
method:'authorization-deny',
params: {
responseOriginTabID: responseOriginTabID
}
}
});
}

let responseOriginTabID;

const Authorize: FunctionalComponent = (props) => {
const store:any = useContext(StoreContext);
const [request, setRequest] = useState<any>({});
Expand All @@ -29,6 +32,7 @@ const Authorize: FunctionalComponent = (props) => {
if(request.body.method == JsonRpcMethod.Authorization) {
setRequest(request);
store.saveRequest(request);
responseOriginTabID = request.originTabID;
}
});

Expand All @@ -46,13 +50,14 @@ const Authorize: FunctionalComponent = (props) => {
const grant = () => {
window.removeEventListener("beforeunload", deny);
chrome.runtime.sendMessage({
source:'extension',
body:{
jsonrpc: '2.0',
method:'authorization-allow',
params:[],
id: (+new Date).toString(16)
source:'extension',
body: {
jsonrpc: '2.0',
method: 'authorization-allow',
params: {
responseOriginTabID: responseOriginTabID
}
}
});
}

Expand Down
23 changes: 19 additions & 4 deletions packages/ui/src/pages/SignTransaction.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { html } from 'htm/preact';
import { useState, useEffect, useContext } from 'preact/hooks';

import { JsonRpcMethod } from '@algosigner/common/messaging/types';
import { extensionBrowser } from '@algosigner/common/chrome';

import TxAcfg from 'components/SignTransaction/TxAcfg'
import TxPay from 'components/SignTransaction/TxPay'
Expand All @@ -15,9 +16,14 @@ import { StoreContext } from 'index'
import logotype from 'assets/logotype.png'

function deny() {
sendMessage(JsonRpcMethod.SignDeny, {}, function() {});
const params = {
responseOriginTabID: responseOriginTabID
};
sendMessage(JsonRpcMethod.SignDeny, params, function() {});
}

let responseOriginTabID = 0;

const SignTransaction: FunctionalComponent = (props) => {
const store:any = useContext(StoreContext);
const [askAuth, setAskAuth] = useState<boolean>(false);
Expand All @@ -30,9 +36,17 @@ const SignTransaction: FunctionalComponent = (props) => {
const [ledger, setLedger] = useState<string>('');

useEffect(() => {
chrome.runtime.onMessage.addListener((request,sender,sendResponse) => {
if(request.body.method == JsonRpcMethod.SignTransaction)

chrome.runtime.onMessage.addListener((request, sender: any) => {
// Check if a message has already been recieved
if (Object.keys(request).length === 0)
return false;

// Check if the message is coming from the background script
if(sender.origin.split("//")[1] === extensionBrowser.runtime.id && request.body.method == JsonRpcMethod.SignTransaction){
setRequest(request);
responseOriginTabID = request.originTabID;
}
});

window.addEventListener("beforeunload", deny);
Expand All @@ -43,13 +57,14 @@ const SignTransaction: FunctionalComponent = (props) => {
const sign = (pwd: string) => {
const params = {
passphrase: pwd,
responseOriginTabID: responseOriginTabID
};
setLoading(true);
setAuthError('');
setError('');
window.removeEventListener("beforeunload", deny);


console.log('SIGNINg', 'params', params)
sendMessage(JsonRpcMethod.SignAllow, params, function(response) {
if ('error' in response) {
window.addEventListener("beforeunload", deny);
Expand Down

0 comments on commit 887e9ce

Please sign in to comment.