@trezor/transport refactor

[mroz22]

Based on

• misc tests improvements #7321
• introduce TrezorConnect.init transports param #7411
• chore(connect): share usb descriptors config with transport #7409
• move types to @suite-common #7336
• feat(connect): add requestWebUsbDevice method #7346
• chore(connect): async TrezorConnect.dispose #7383
• introduce TrezorConnect.init transports param #7411
• feat(suite): add transports menu in debug #7443
• feat(suite): transports in debug menu #7821
• refactor(connect): parsing and validation of ConnectSettings #7870, connect: remove bowser dependency #7844, test(connect-popup): add unsupported browser test #7857 needed to updated jest and run tests with AbortController in connect
• libs(connect): jest update #7922 needed to run make AbortController in tests work

Changes in @trezor/transport:

• removed debug-link support all together. We have not used it since trezor-user-env came into service.
• sessions management. I am adding a module that is called "sessions background" it is used to control access to usb/device and holds information about sessions. This is not new, previously it was implemented here. This module could be used in various contexts. At the moment, we only have SharedWorker.
• created interfaces folder with lowest-possible-level unifying abstraction over native transport interfaces. so far only webusb.
• added abstract transport class for API unification which itself inhertis from a strongly typed event emiter. no method from transport should throw error. each method should return either Success or Error
• added abstract USB class, derived from abstract transport class. Used for code sharing between webusb and nodeusb. This is basically compilation of withSharedConnections.ts and webusb.ts. This is the place that implements low-level transport interface and sessions.
• webusb now does not run iteration cycle in 500ms endless loop. The reasons are that it does not feel right if there are connection events available and also it probably would not work for nodeusb where enumaration cycle takes considerably longer than 500ms
• all transport calls are now abortable
• race conditions related to "cancel" method should now be fixed. Errors such as "Unexpected response, expected Address, received Featrues" should not appear anymore or at least should appear less often.

Related issues

• resolves @trezor/transport logging #5036
• resolves @trezor/transport enumaration cycle #5035 by moving former DescriptorStream logic into the abstract transport class.
• resolves WebUsbPlugin does not conform to LowlevelTransportSharedPlugin in @trezor/transport #5336 because these files will not exist anymore and there will be only transports that inherit from abstract transport class
• resolves TrezorConnect.cancel() throws random errors #5597
• resolves Discovery crashes when opening device selector sometimes #4268
• closes [TRACKER] @trezor/transport followup #4601 - problems described there do not seem relevant anymore
• related @trezor/transport: fix in/out types #5332
• related Error: Cannot read property 'indexOf' of undefined #4041
• enables Add native Node.js USB library to @transport as a PoC #4770
• (node:17456) UnhandledPromiseRejectionWarning: Error: device disconnected during action #5068 - should at least not be unhandled now.
• (node:66231) UnhandledPromiseRejectionWarning: Error: closed device #5069 - should at least not be unhandeld now and might even be fixed. This seems to be part of cancelling problem, here trying to read/write from device that has been released by bridge.
• related Native transport layer - direct USB device communication #6886 - connect now accepts transport as a param in init method.
• please retest Uninitialized device in incorrect state after going to settings and back #5543
• please retest Suite asks you to enable passphrase when you cancel unlock device dialogue #4670
• please retest Reload app on "Install new firmware" prompt. App never loads. #4267
• tmp: reproducible example for suite-side discovery issues #5056 would be interesting to check/finish this test

QA testing tips:

In the first place, focus on regression in communication with device. Nodeusb feature is still hidden behind debug (and I am even considering pulling it out into separate PR based on this). Some tips what to test:

• google-chrome http://localhost:8000/ http://localhost:8000/ open multiple tabs at once
• debugging shared workers chrome://inspect/#workers
• multiple devices connected
• mad-reconnecting in the middle of communication with device
• cancel message (pin, passphrase, etc)
• all of above for both webusb and bridge
• when using bridge transport, app should survive when computer goes to sleep

QA

• first smoke test
• test 2

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

[mroz22]

Finally managed to get to the point where desktop app works with nodeusb transport and code is structured more or less in a good way. Of course it is still terribly messy and I needed to disable few features (sessions, unacquired devices etc) to make it work for now.

[marekrjpolak]

😰

[socket-security]

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages		Version	New capabilities	Transitives1	Size	Publisher
@types/sharedworker	🆕	0.0.84	None	+0	282 kB	types

Footnotes

1. https://docs.socket.dev ↩