Add foundation & initial implementation for a full-blown wallet CLI #133
Conversation
app/wallet/USAGE.txt
Outdated
|
|
||
| Usage: | ||
| cardano-wallet address list --wallet-id=UUID | ||
| cardano-wallet wallet create --name=STRING --mnemonic-sentence=STRING --passphrase=STRING [--address-pool-gap=INT] [--mnemonic-second-factor=STRING] |
There was a problem hiding this comment.
The mnemonics will have to be prompted 😶 These are sensitive pieces of info we do not want in the bash history 😅
There was a problem hiding this comment.
The mnemonics will have to be prompted no_mouth These are sensitive pieces of info we do not want in the bash history sweat_smile
That's a really good point. I'm happy to add this. Is there any particular approach you would prefer for reading the mnemonics in?
There was a problem hiding this comment.
Just a plain shell prompt, doesn't necessarily have to be hidden (because it may become very tricky to type-in 24 words if you can see shit 😂 )
But clearing the prompt once done.
$ Please enter your 12-to-24-word mnemonics: ...
|
|
v
$ Please enter your 12-to-24-word mnemonics: patate patate patate patate
|
|
v
hits enter
|
|
v
Please enter your 12-to-24 word mnemonics: ****
Thank you, now we've got all your ADA in a safe place
There was a problem hiding this comment.
The mnemonics will have to be prompted 😶
These are sensitive pieces of info we do not want in the bash history 😅
But clearing the prompt once done.
@KtorZ I've now implemented a basic version of the above. It's still a bit rough at the edges (in particular, with the reporting of errors), but clearing the prompt does work.
One issue that I ran into when clearing data from a terminal screen is that it's not always possible to determine the original position of the cursor. If we're not careful, we run the risk of not clearing all the sensitive data from the display.
Therefore, if the system on which the CLI is running is not able to provide this info, I've opted to clear the entire screen after the user has finished entering their data.
app/wallet/Main.hs
Outdated
| {-# LANGUAGE DuplicateRecordFields #-} | ||
| {-# LANGUAGE QuasiQuotes #-} | ||
|
|
||
| module Main where |
There was a problem hiding this comment.
Side-note but this cli and cardano-wallet-server are one and one thing. We do want to have them merged together in the end, so that there's one CLI to spawn the server, and the same one to interact with it 👍
There was a problem hiding this comment.
Side-note but this cli and
cardano-wallet-serverare one and one thing. We do want to have them merged together in the end, so that there's one CLI to spawn the server, and the same one to interact with it +1
Understood! In that case, are you expecting something like this:
cardano-wallet server start ...
cardano-wallet wallet create --name wibble ...
cardano-wallet wallet list
jonathanknowles
force-pushed
the
jonathanknowles/cli-docopt
branch
4 times, most recently
from
642050b
to
b47368d
Compare
src/Cardano/Wallet/Api/Types.hs
Outdated
|
|
||
| -- | Indicates an error that occurred while decoding from text. | ||
| newtype TextDecodingError = TextDecodingError | ||
| { getTextDecodingError :: String } |
There was a problem hiding this comment.
Not sure what's the value of the newtype here. I'd simply go for a string to be honest. It adds value when we have multiple ones, one per actual type (albeit having a raw string isn't really the best option). But since it has now become a common abstraction, a String has pretty much the same value as the newtype here.
There was a problem hiding this comment.
I think there is some value in having a newtype here.
-
The descriptive name of the type
TextDecodingErroris self-commenting. When I see this type in the wild somewhere, I don't need to think very hard to know that it's an error relating to the decoding of text, and not some random string that happens to have been inserted into the left-hand-side of anEither. -
If I see
TextDecodingErrorin the wild, in a place outside of theApi.Typesmodule, then I have a direct way to look up its definition, at which point I can see the extended comment. -
If I were to try refactor
TextDecodingErrorin some way, then I might get better compiler feedback than if it were just a nakedString.
What do you think? Of course, if you think the arguments I've presented have no basis, then we can remove it.
(Note that I've now created a separate PR for the textual encoding work: #142.)
src/Cardano/Wallet/Api/Types.hs
Outdated
| , encodeApiWalletName | ||
| , ToText (..) | ||
| , FromText (..) | ||
| , TextDecodingError (..) |
There was a problem hiding this comment.
The overall looks clean and re-usable. Nice work!
(one reserve about the TextDecodingError)
There was a problem hiding this comment.
Thanks! I've moved the textual encoding work into a separate PR: #142.
I'll keep this PR for the docopt CLI-specific work.
jonathanknowles
force-pushed
the
jonathanknowles/cli-docopt
branch
from
b47368d
to
88de8b4
Compare
jonathanknowles
force-pushed
the
jonathanknowles/cli-docopt
branch
4 times, most recently
from
d82c76c
to
21f644e
Compare
This function reads a line containing sensitive data from the terminal. The terminal lines containing the data are cleared once the user has finished entering their data.
KtorZ
force-pushed
the
jonathanknowles/cli-docopt
branch
from
8114af7
to
8b8dbfe
Compare
KtorZ
changed the title
| -- The terminal lines containing the data are also cleared if the application | ||
| -- exits abnormally, before the user has finished entering data. | ||
| -- | ||
| getLineWithSensitiveData :: IO Text |
There was a problem hiding this comment.
alternitavelly we could even hide user input from the screen (similar like sudo does).
The cons of hiding the user input is that user is unable to check/verify/easily-correct entered mnemonic or password.
Some CLI application approach the problem of requesting the same input data to be done twice in order to confirm that user didn't make a mistake:
Passphrase: ********
Retype passphrase: ********
user experience is lower with this model but users are now able to enter their their mnemonics or passphrases in public spaces.
Mnemonics are pretty long (15+ words) and passphrase as well (10+ chars) so there is a high chance of mistake. That's also the case not to implement what I am proposing.
I guess CLI will most likely be used by someone already more technically advanced - so there is a higher chance that person already is aware that mnemonic and passphrase is something he should hide and not reveal (ie, type in public place).
Conclusion is that I think this is ok solution but maybe we should keep in mind and research alternatives.
Experimental!
Issue Number
#96
Overview
Add beginnings of a docopt-based CLI for the Wallet.