@metamask/snaps-controllers 0.32.1 → 0.32.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -146,7 +146,7 @@ async function _JsonSnapsRegistry_getMetadata(snapId) {
|
|
|
146
146
|
*/
|
|
147
147
|
async function _JsonSnapsRegistry_verifySignature(database, signature) {
|
|
148
148
|
(0, utils_1.assert)(__classPrivateFieldGet(this, _JsonSnapsRegistry_publicKey, "f"), 'No public key provided.');
|
|
149
|
-
const valid = (0, snaps_registry_1.verify)({
|
|
149
|
+
const valid = await (0, snaps_registry_1.verify)({
|
|
150
150
|
registry: database,
|
|
151
151
|
signature: JSON.parse(signature),
|
|
152
152
|
publicKey: __classPrivateFieldGet(this, _JsonSnapsRegistry_publicKey, "f"),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"json.js","sourceRoot":"","sources":["../../../src/snaps/registry/json.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+DAGmC;AACnC,6DAAyE;AAEzE,2CAMyB;AAEzB,yCAOoB;AAEpB,kCAAkC;AAClC,MAAM,iBAAiB,GACrB,mFAAmF,CAAC;AAEtF,MAAM,2BAA2B,GAC/B,oFAAoF,CAAC;AA6CvF,MAAM,cAAc,GAAG,eAAe,CAAC;AAEvC,MAAM,YAAY,GAAG;IACnB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,IAAI;CAClB,CAAC;AAEF,MAAa,iBAAkB,SAAQ,kCAItC;IAaC,YAAY,EACV,SAAS,EACT,KAAK,EACL,GAAG,GAAG;QACJ,QAAQ,EAAE,iBAAiB;QAC3B,SAAS,EAAE,2BAA2B;KACvC,EACD,SAAS,EACT,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EACjD,oBAAoB,GAAG,IAAA,sBAAc,EAAC,CAAC,EAAE,gBAAQ,CAAC,MAAM,CAAC,EACzD,yBAAyB,GAAG,IAAI,EAChC,sBAAsB,GAAG,IAAI,GACP;QACtB,KAAK,CAAC;YACJ,SAAS;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE;gBAC7C,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE;aACjD;YACD,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE;gBACL,GAAG,YAAY;gBACf,GAAG,KAAK;aACT;SACF,CAAC,CAAC;;QApCL,yCAA2B;QAE3B,+CAAiB;QAEjB,mDAA6B;QAE7B,0DAA8B;QAE9B,4DAAiC;QAEjC,+DAAoC;QA2BlC,uBAAA,IAAI,0BAAQ,GAAG,MAAA,CAAC;QAChB,uBAAA,IAAI,gCAAc,SAAS,MAAA,CAAC;QAC5B,uBAAA,IAAI,oCAAkB,aAAa,MAAA,CAAC;QACpC,uBAAA,IAAI,2CAAyB,oBAAoB,MAAA,CAAC;QAClD,uBAAA,IAAI,6CAA2B,sBAAsB,MAAA,CAAC;QACtD,uBAAA,IAAI,gDAA8B,yBAAyB,MAAA,CAAC;QAE5D,IAAI,CAAC,eAAe,CAAC,qBAAqB,CACxC,mBAAmB,EACnB,KAAK,EAAE,GAAG,IAAI,EAAE,EAAE,CAAC,uBAAA,IAAI,4DAAK,MAAT,IAAI,EAAM,GAAG,IAAI,CAAC,CACtC,CAAC;QACF,IAAI,CAAC,eAAe,CAAC,qBAAqB,CACxC,2BAA2B,EAC3B,KAAK,EAAE,GAAG,IAAI,EAAE,EAAE,CAAC,uBAAA,IAAI,oEAAa,MAAjB,IAAI,EAAc,GAAG,IAAI,CAAC,CAC9C,CAAC;IACJ,CAAC;CA8IF;AAvMD,8CAuMC;;IA3IG,OAAO,CACL,IAAI,CAAC,KAAK,CAAC,WAAW;QACtB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,uBAAA,IAAI,+CAAsB,CACjE,CAAC;AACJ,CAAC,sCAED,KAAK;IACH,6CAA6C;IAC7C,IAAI,uBAAA,IAAI,2EAAoB,MAAxB,IAAI,CAAsB,EAAE;QAC9B,OAAO;KACR;IAED,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,uBAAA,IAAI,8BAAK,CAAC,QAAQ,CAAC,CAAC;QAE3D,IAAI,uBAAA,IAAI,oCAAW,EAAE;YACnB,MAAM,SAAS,GAAG,MAAM,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,uBAAA,IAAI,8BAAK,CAAC,SAAS,CAAC,CAAC;YAC7D,MAAM,uBAAA,IAAI,wEAAiB,MAArB,IAAI,EAAkB,QAAQ,EAAE,SAAS,CAAC,CAAC;SAClD;QAED,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YACpB,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACtC,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACjC,CAAC,CAAC,CAAC;KACJ;IAAC,MAAM;QACN,SAAS;KACV;AACH,CAAC,mCAED,KAAK;IACH,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE;QAChC,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;KAC9B;IAED,0DAA0D;IAC1D,IAAI,uBAAA,IAAI,oDAA2B,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE;QACnE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;AAC7B,CAAC,iCAED,KAAK,uCACH,MAAc,EACd,QAA2B,EAC3B,OAAO,GAAG,KAAK;IAEf,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,oEAAa,MAAjB,IAAI,CAAe,CAAC;IAE3C,MAAM,YAAY,GAAG,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3D,IAAI,IAAI,IAAI,OAAO,EAAE;YACnB,OAAO,CACL,OAAO,CAAC,EAAE,KAAK,MAAM;gBACrB,IAAA,6BAAqB,EAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAC9D,CAAC;SACH;QAED,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,IAAI,YAAY,EAAE;QAChB,OAAO;YACL,MAAM,EAAE,8BAAmB,CAAC,OAAO;YACnC,MAAM,EAAE,YAAY,CAAC,MAAM;SAC5B,CAAC;KACH;IAED,MAAM,QAAQ,GAAG,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,QAAQ,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ,EAAE;QACrD,OAAO,EAAE,MAAM,EAAE,8BAAmB,CAAC,QAAQ,EAAE,CAAC;KACjD;IACD,4EAA4E;IAC5E,IAAI,uBAAA,IAAI,iDAAwB,IAAI,CAAC,OAAO,EAAE;QAC5C,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7B,OAAO,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;KAChD;IACD,OAAO,EAAE,MAAM,EAAE,8BAAmB,CAAC,UAAU,EAAE,CAAC;AACpD,CAAC,2BAED,KAAK,iCACH,KAA2B;IAE3B,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAEjC,KAAK,EAAE,eAAe,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,EAAE;QAC9C,MAAM,MAAM,GAAG,MAAM,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC;QAClC,GAAG,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;QACrB,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,KAAK,yCAAc,MAAc;IAC/B,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,oEAAa,MAAjB,IAAI,CAAe,CAAC;IAC3C,OAAO,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,QAAQ,IAAI,IAAI,CAAC;AAC3D,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,6CAAkB,QAAgB,EAAE,SAAiB;IACxD,IAAA,cAAM,EAAC,uBAAA,IAAI,oCAAW,EAAE,yBAAyB,CAAC,CAAC;IAEnD,MAAM,KAAK,GAAG,IAAA,uBAAM,EAAC;QACnB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;QAChC,SAAS,EAAE,uBAAA,IAAI,oCAAW;KAC3B,CAAC,CAAC;IAEH,IAAA,cAAM,EAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,KAAK,uCAAY,GAAW;IAC1B,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,wCAAe,MAAnB,IAAI,EAAgB,GAAG,CAAC,CAAC;IAChD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,GAAG,CAAC,CAAC;KAC5C;IAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC/B,CAAC","sourcesContent":["import {\n BaseControllerV2 as BaseController,\n RestrictedControllerMessenger,\n} from '@metamask/base-controller';\nimport { SnapsRegistryDatabase, verify } from '@metamask/snaps-registry';\nimport { SnapId } from '@metamask/snaps-utils';\nimport {\n assert,\n Duration,\n Hex,\n inMilliseconds,\n satisfiesVersionRange,\n} from '@metamask/utils';\n\nimport {\n SnapsRegistry,\n SnapsRegistryInfo,\n SnapsRegistryMetadata,\n SnapsRegistryRequest,\n SnapsRegistryResult,\n SnapsRegistryStatus,\n} from './registry';\n\n// TODO: Replace with a Codefi URL\nconst SNAP_REGISTRY_URL =\n 'https://cdn.jsdelivr.net/gh/MetaMask/snaps-registry@gh-pages/latest/registry.json';\n\nconst SNAP_REGISTRY_SIGNATURE_URL =\n 'https://cdn.jsdelivr.net/gh/MetaMask/snaps-registry@gh-pages/latest/signature.json';\n\ntype JsonSnapsRegistryUrl = {\n registry: string;\n signature: string;\n};\n\nexport type JsonSnapsRegistryArgs = {\n messenger: SnapsRegistryMessenger;\n state?: SnapsRegistryState;\n fetchFunction?: typeof fetch;\n url?: JsonSnapsRegistryUrl;\n recentFetchThreshold?: number;\n refetchOnAllowlistMiss?: boolean;\n failOnUnavailableRegistry?: boolean;\n publicKey?: Hex;\n};\n\nexport type GetResult = {\n type: `${typeof controllerName}:get`;\n handler: SnapsRegistry['get'];\n};\n\nexport type GetMetadata = {\n type: `${typeof controllerName}:getMetadata`;\n handler: SnapsRegistry['getMetadata'];\n};\n\nexport type SnapsRegistryActions = GetResult | GetMetadata;\n\nexport type SnapsRegistryEvents = never;\n\nexport type SnapsRegistryMessenger = RestrictedControllerMessenger<\n 'SnapsRegistry',\n SnapsRegistryActions,\n SnapsRegistryEvents,\n SnapsRegistryActions['type'],\n SnapsRegistryEvents['type']\n>;\n\nexport type SnapsRegistryState = {\n database: SnapsRegistryDatabase | null;\n lastUpdated: number | null;\n};\n\nconst controllerName = 'SnapsRegistry';\n\nconst defaultState = {\n database: null,\n lastUpdated: null,\n};\n\nexport class JsonSnapsRegistry extends BaseController<\n typeof controllerName,\n SnapsRegistryState,\n SnapsRegistryMessenger\n> {\n #url: JsonSnapsRegistryUrl;\n\n #publicKey?: Hex;\n\n #fetchFunction: typeof fetch;\n\n #recentFetchThreshold: number;\n\n #refetchOnAllowlistMiss: boolean;\n\n #failOnUnavailableRegistry: boolean;\n\n constructor({\n messenger,\n state,\n url = {\n registry: SNAP_REGISTRY_URL,\n signature: SNAP_REGISTRY_SIGNATURE_URL,\n },\n publicKey,\n fetchFunction = globalThis.fetch.bind(globalThis),\n recentFetchThreshold = inMilliseconds(5, Duration.Minute),\n failOnUnavailableRegistry = true,\n refetchOnAllowlistMiss = true,\n }: JsonSnapsRegistryArgs) {\n super({\n messenger,\n metadata: {\n database: { persist: true, anonymous: false },\n lastUpdated: { persist: true, anonymous: false },\n },\n name: controllerName,\n state: {\n ...defaultState,\n ...state,\n },\n });\n this.#url = url;\n this.#publicKey = publicKey;\n this.#fetchFunction = fetchFunction;\n this.#recentFetchThreshold = recentFetchThreshold;\n this.#refetchOnAllowlistMiss = refetchOnAllowlistMiss;\n this.#failOnUnavailableRegistry = failOnUnavailableRegistry;\n\n this.messagingSystem.registerActionHandler(\n 'SnapsRegistry:get',\n async (...args) => this.#get(...args),\n );\n this.messagingSystem.registerActionHandler(\n 'SnapsRegistry:getMetadata',\n async (...args) => this.#getMetadata(...args),\n );\n }\n\n #wasRecentlyFetched() {\n return (\n this.state.lastUpdated &&\n Date.now() - this.state.lastUpdated < this.#recentFetchThreshold\n );\n }\n\n async #updateDatabase() {\n // No-op if we recently fetched the registry.\n if (this.#wasRecentlyFetched()) {\n return;\n }\n\n try {\n const database = await this.#safeFetch(this.#url.registry);\n\n if (this.#publicKey) {\n const signature = await this.#safeFetch(this.#url.signature);\n await this.#verifySignature(database, signature);\n }\n\n this.update((state) => {\n state.database = JSON.parse(database);\n state.lastUpdated = Date.now();\n });\n } catch {\n // Ignore\n }\n }\n\n async #getDatabase(): Promise<SnapsRegistryDatabase | null> {\n if (this.state.database === null) {\n await this.#updateDatabase();\n }\n\n // If the database is still null and we require it, throw.\n if (this.#failOnUnavailableRegistry && this.state.database === null) {\n throw new Error('Snaps registry is unavailable, installation blocked.');\n }\n return this.state.database;\n }\n\n async #getSingle(\n snapId: SnapId,\n snapInfo: SnapsRegistryInfo,\n refetch = false,\n ): Promise<SnapsRegistryResult> {\n const database = await this.#getDatabase();\n\n const blockedEntry = database?.blockedSnaps.find((blocked) => {\n if ('id' in blocked) {\n return (\n blocked.id === snapId &&\n satisfiesVersionRange(snapInfo.version, blocked.versionRange)\n );\n }\n\n return blocked.checksum === snapInfo.checksum;\n });\n\n if (blockedEntry) {\n return {\n status: SnapsRegistryStatus.Blocked,\n reason: blockedEntry.reason,\n };\n }\n\n const verified = database?.verifiedSnaps[snapId];\n const version = verified?.versions?.[snapInfo.version];\n if (version && version.checksum === snapInfo.checksum) {\n return { status: SnapsRegistryStatus.Verified };\n }\n // For now, if we have an allowlist miss, we can refetch once and try again.\n if (this.#refetchOnAllowlistMiss && !refetch) {\n await this.#updateDatabase();\n return this.#getSingle(snapId, snapInfo, true);\n }\n return { status: SnapsRegistryStatus.Unverified };\n }\n\n async #get(\n snaps: SnapsRegistryRequest,\n ): Promise<Record<SnapId, SnapsRegistryResult>> {\n return Object.entries(snaps).reduce<\n Promise<Record<SnapId, SnapsRegistryResult>>\n >(async (previousPromise, [snapId, snapInfo]) => {\n const result = await this.#getSingle(snapId, snapInfo);\n const acc = await previousPromise;\n acc[snapId] = result;\n return acc;\n }, Promise.resolve({}));\n }\n\n /**\n * Get metadata for the given snap ID.\n *\n * @param snapId - The ID of the snap to get metadata for.\n * @returns The metadata for the given snap ID, or `null` if the snap is not\n * verified.\n */\n async #getMetadata(snapId: SnapId): Promise<SnapsRegistryMetadata | null> {\n const database = await this.#getDatabase();\n return database?.verifiedSnaps[snapId]?.metadata ?? null;\n }\n\n /**\n * Verify the signature of the registry.\n *\n * @param database - The registry database.\n * @param signature - The signature of the registry.\n * @throws If the signature is invalid.\n * @private\n */\n async #verifySignature(database: string, signature: string) {\n assert(this.#publicKey, 'No public key provided.');\n\n const valid = verify({\n registry: database,\n signature: JSON.parse(signature),\n publicKey: this.#publicKey,\n });\n\n assert(valid, 'Invalid registry signature.');\n }\n\n /**\n * Fetch the given URL, throwing if the response is not OK.\n *\n * @param url - The URL to fetch.\n * @returns The response body.\n * @private\n */\n async #safeFetch(url: string) {\n const response = await this.#fetchFunction(url);\n if (!response.ok) {\n throw new Error(`Failed to fetch ${url}.`);\n }\n\n return await response.text();\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"json.js","sourceRoot":"","sources":["../../../src/snaps/registry/json.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+DAGmC;AACnC,6DAAyE;AAEzE,2CAMyB;AAEzB,yCAOoB;AAEpB,kCAAkC;AAClC,MAAM,iBAAiB,GACrB,mFAAmF,CAAC;AAEtF,MAAM,2BAA2B,GAC/B,oFAAoF,CAAC;AA6CvF,MAAM,cAAc,GAAG,eAAe,CAAC;AAEvC,MAAM,YAAY,GAAG;IACnB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,IAAI;CAClB,CAAC;AAEF,MAAa,iBAAkB,SAAQ,kCAItC;IAaC,YAAY,EACV,SAAS,EACT,KAAK,EACL,GAAG,GAAG;QACJ,QAAQ,EAAE,iBAAiB;QAC3B,SAAS,EAAE,2BAA2B;KACvC,EACD,SAAS,EACT,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EACjD,oBAAoB,GAAG,IAAA,sBAAc,EAAC,CAAC,EAAE,gBAAQ,CAAC,MAAM,CAAC,EACzD,yBAAyB,GAAG,IAAI,EAChC,sBAAsB,GAAG,IAAI,GACP;QACtB,KAAK,CAAC;YACJ,SAAS;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE;gBAC7C,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE;aACjD;YACD,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE;gBACL,GAAG,YAAY;gBACf,GAAG,KAAK;aACT;SACF,CAAC,CAAC;;QApCL,yCAA2B;QAE3B,+CAAiB;QAEjB,mDAA6B;QAE7B,0DAA8B;QAE9B,4DAAiC;QAEjC,+DAAoC;QA2BlC,uBAAA,IAAI,0BAAQ,GAAG,MAAA,CAAC;QAChB,uBAAA,IAAI,gCAAc,SAAS,MAAA,CAAC;QAC5B,uBAAA,IAAI,oCAAkB,aAAa,MAAA,CAAC;QACpC,uBAAA,IAAI,2CAAyB,oBAAoB,MAAA,CAAC;QAClD,uBAAA,IAAI,6CAA2B,sBAAsB,MAAA,CAAC;QACtD,uBAAA,IAAI,gDAA8B,yBAAyB,MAAA,CAAC;QAE5D,IAAI,CAAC,eAAe,CAAC,qBAAqB,CACxC,mBAAmB,EACnB,KAAK,EAAE,GAAG,IAAI,EAAE,EAAE,CAAC,uBAAA,IAAI,4DAAK,MAAT,IAAI,EAAM,GAAG,IAAI,CAAC,CACtC,CAAC;QACF,IAAI,CAAC,eAAe,CAAC,qBAAqB,CACxC,2BAA2B,EAC3B,KAAK,EAAE,GAAG,IAAI,EAAE,EAAE,CAAC,uBAAA,IAAI,oEAAa,MAAjB,IAAI,EAAc,GAAG,IAAI,CAAC,CAC9C,CAAC;IACJ,CAAC;CA8IF;AAvMD,8CAuMC;;IA3IG,OAAO,CACL,IAAI,CAAC,KAAK,CAAC,WAAW;QACtB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,uBAAA,IAAI,+CAAsB,CACjE,CAAC;AACJ,CAAC,sCAED,KAAK;IACH,6CAA6C;IAC7C,IAAI,uBAAA,IAAI,2EAAoB,MAAxB,IAAI,CAAsB,EAAE;QAC9B,OAAO;KACR;IAED,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,uBAAA,IAAI,8BAAK,CAAC,QAAQ,CAAC,CAAC;QAE3D,IAAI,uBAAA,IAAI,oCAAW,EAAE;YACnB,MAAM,SAAS,GAAG,MAAM,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,uBAAA,IAAI,8BAAK,CAAC,SAAS,CAAC,CAAC;YAC7D,MAAM,uBAAA,IAAI,wEAAiB,MAArB,IAAI,EAAkB,QAAQ,EAAE,SAAS,CAAC,CAAC;SAClD;QAED,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YACpB,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACtC,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACjC,CAAC,CAAC,CAAC;KACJ;IAAC,MAAM;QACN,SAAS;KACV;AACH,CAAC,mCAED,KAAK;IACH,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE;QAChC,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;KAC9B;IAED,0DAA0D;IAC1D,IAAI,uBAAA,IAAI,oDAA2B,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE;QACnE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;AAC7B,CAAC,iCAED,KAAK,uCACH,MAAc,EACd,QAA2B,EAC3B,OAAO,GAAG,KAAK;IAEf,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,oEAAa,MAAjB,IAAI,CAAe,CAAC;IAE3C,MAAM,YAAY,GAAG,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3D,IAAI,IAAI,IAAI,OAAO,EAAE;YACnB,OAAO,CACL,OAAO,CAAC,EAAE,KAAK,MAAM;gBACrB,IAAA,6BAAqB,EAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAC9D,CAAC;SACH;QAED,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,IAAI,YAAY,EAAE;QAChB,OAAO;YACL,MAAM,EAAE,8BAAmB,CAAC,OAAO;YACnC,MAAM,EAAE,YAAY,CAAC,MAAM;SAC5B,CAAC;KACH;IAED,MAAM,QAAQ,GAAG,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,QAAQ,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ,EAAE;QACrD,OAAO,EAAE,MAAM,EAAE,8BAAmB,CAAC,QAAQ,EAAE,CAAC;KACjD;IACD,4EAA4E;IAC5E,IAAI,uBAAA,IAAI,iDAAwB,IAAI,CAAC,OAAO,EAAE;QAC5C,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7B,OAAO,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;KAChD;IACD,OAAO,EAAE,MAAM,EAAE,8BAAmB,CAAC,UAAU,EAAE,CAAC;AACpD,CAAC,2BAED,KAAK,iCACH,KAA2B;IAE3B,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAEjC,KAAK,EAAE,eAAe,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,EAAE;QAC9C,MAAM,MAAM,GAAG,MAAM,uBAAA,IAAI,kEAAW,MAAf,IAAI,EAAY,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC;QAClC,GAAG,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;QACrB,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,KAAK,yCAAc,MAAc;IAC/B,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,oEAAa,MAAjB,IAAI,CAAe,CAAC;IAC3C,OAAO,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,QAAQ,IAAI,IAAI,CAAC;AAC3D,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,6CAAkB,QAAgB,EAAE,SAAiB;IACxD,IAAA,cAAM,EAAC,uBAAA,IAAI,oCAAW,EAAE,yBAAyB,CAAC,CAAC;IAEnD,MAAM,KAAK,GAAG,MAAM,IAAA,uBAAM,EAAC;QACzB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;QAChC,SAAS,EAAE,uBAAA,IAAI,oCAAW;KAC3B,CAAC,CAAC;IAEH,IAAA,cAAM,EAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,KAAK,uCAAY,GAAW;IAC1B,MAAM,QAAQ,GAAG,MAAM,uBAAA,IAAI,wCAAe,MAAnB,IAAI,EAAgB,GAAG,CAAC,CAAC;IAChD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,GAAG,CAAC,CAAC;KAC5C;IAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC/B,CAAC","sourcesContent":["import {\n BaseControllerV2 as BaseController,\n RestrictedControllerMessenger,\n} from '@metamask/base-controller';\nimport { SnapsRegistryDatabase, verify } from '@metamask/snaps-registry';\nimport { SnapId } from '@metamask/snaps-utils';\nimport {\n assert,\n Duration,\n Hex,\n inMilliseconds,\n satisfiesVersionRange,\n} from '@metamask/utils';\n\nimport {\n SnapsRegistry,\n SnapsRegistryInfo,\n SnapsRegistryMetadata,\n SnapsRegistryRequest,\n SnapsRegistryResult,\n SnapsRegistryStatus,\n} from './registry';\n\n// TODO: Replace with a Codefi URL\nconst SNAP_REGISTRY_URL =\n 'https://cdn.jsdelivr.net/gh/MetaMask/snaps-registry@gh-pages/latest/registry.json';\n\nconst SNAP_REGISTRY_SIGNATURE_URL =\n 'https://cdn.jsdelivr.net/gh/MetaMask/snaps-registry@gh-pages/latest/signature.json';\n\ntype JsonSnapsRegistryUrl = {\n registry: string;\n signature: string;\n};\n\nexport type JsonSnapsRegistryArgs = {\n messenger: SnapsRegistryMessenger;\n state?: SnapsRegistryState;\n fetchFunction?: typeof fetch;\n url?: JsonSnapsRegistryUrl;\n recentFetchThreshold?: number;\n refetchOnAllowlistMiss?: boolean;\n failOnUnavailableRegistry?: boolean;\n publicKey?: Hex;\n};\n\nexport type GetResult = {\n type: `${typeof controllerName}:get`;\n handler: SnapsRegistry['get'];\n};\n\nexport type GetMetadata = {\n type: `${typeof controllerName}:getMetadata`;\n handler: SnapsRegistry['getMetadata'];\n};\n\nexport type SnapsRegistryActions = GetResult | GetMetadata;\n\nexport type SnapsRegistryEvents = never;\n\nexport type SnapsRegistryMessenger = RestrictedControllerMessenger<\n 'SnapsRegistry',\n SnapsRegistryActions,\n SnapsRegistryEvents,\n SnapsRegistryActions['type'],\n SnapsRegistryEvents['type']\n>;\n\nexport type SnapsRegistryState = {\n database: SnapsRegistryDatabase | null;\n lastUpdated: number | null;\n};\n\nconst controllerName = 'SnapsRegistry';\n\nconst defaultState = {\n database: null,\n lastUpdated: null,\n};\n\nexport class JsonSnapsRegistry extends BaseController<\n typeof controllerName,\n SnapsRegistryState,\n SnapsRegistryMessenger\n> {\n #url: JsonSnapsRegistryUrl;\n\n #publicKey?: Hex;\n\n #fetchFunction: typeof fetch;\n\n #recentFetchThreshold: number;\n\n #refetchOnAllowlistMiss: boolean;\n\n #failOnUnavailableRegistry: boolean;\n\n constructor({\n messenger,\n state,\n url = {\n registry: SNAP_REGISTRY_URL,\n signature: SNAP_REGISTRY_SIGNATURE_URL,\n },\n publicKey,\n fetchFunction = globalThis.fetch.bind(globalThis),\n recentFetchThreshold = inMilliseconds(5, Duration.Minute),\n failOnUnavailableRegistry = true,\n refetchOnAllowlistMiss = true,\n }: JsonSnapsRegistryArgs) {\n super({\n messenger,\n metadata: {\n database: { persist: true, anonymous: false },\n lastUpdated: { persist: true, anonymous: false },\n },\n name: controllerName,\n state: {\n ...defaultState,\n ...state,\n },\n });\n this.#url = url;\n this.#publicKey = publicKey;\n this.#fetchFunction = fetchFunction;\n this.#recentFetchThreshold = recentFetchThreshold;\n this.#refetchOnAllowlistMiss = refetchOnAllowlistMiss;\n this.#failOnUnavailableRegistry = failOnUnavailableRegistry;\n\n this.messagingSystem.registerActionHandler(\n 'SnapsRegistry:get',\n async (...args) => this.#get(...args),\n );\n this.messagingSystem.registerActionHandler(\n 'SnapsRegistry:getMetadata',\n async (...args) => this.#getMetadata(...args),\n );\n }\n\n #wasRecentlyFetched() {\n return (\n this.state.lastUpdated &&\n Date.now() - this.state.lastUpdated < this.#recentFetchThreshold\n );\n }\n\n async #updateDatabase() {\n // No-op if we recently fetched the registry.\n if (this.#wasRecentlyFetched()) {\n return;\n }\n\n try {\n const database = await this.#safeFetch(this.#url.registry);\n\n if (this.#publicKey) {\n const signature = await this.#safeFetch(this.#url.signature);\n await this.#verifySignature(database, signature);\n }\n\n this.update((state) => {\n state.database = JSON.parse(database);\n state.lastUpdated = Date.now();\n });\n } catch {\n // Ignore\n }\n }\n\n async #getDatabase(): Promise<SnapsRegistryDatabase | null> {\n if (this.state.database === null) {\n await this.#updateDatabase();\n }\n\n // If the database is still null and we require it, throw.\n if (this.#failOnUnavailableRegistry && this.state.database === null) {\n throw new Error('Snaps registry is unavailable, installation blocked.');\n }\n return this.state.database;\n }\n\n async #getSingle(\n snapId: SnapId,\n snapInfo: SnapsRegistryInfo,\n refetch = false,\n ): Promise<SnapsRegistryResult> {\n const database = await this.#getDatabase();\n\n const blockedEntry = database?.blockedSnaps.find((blocked) => {\n if ('id' in blocked) {\n return (\n blocked.id === snapId &&\n satisfiesVersionRange(snapInfo.version, blocked.versionRange)\n );\n }\n\n return blocked.checksum === snapInfo.checksum;\n });\n\n if (blockedEntry) {\n return {\n status: SnapsRegistryStatus.Blocked,\n reason: blockedEntry.reason,\n };\n }\n\n const verified = database?.verifiedSnaps[snapId];\n const version = verified?.versions?.[snapInfo.version];\n if (version && version.checksum === snapInfo.checksum) {\n return { status: SnapsRegistryStatus.Verified };\n }\n // For now, if we have an allowlist miss, we can refetch once and try again.\n if (this.#refetchOnAllowlistMiss && !refetch) {\n await this.#updateDatabase();\n return this.#getSingle(snapId, snapInfo, true);\n }\n return { status: SnapsRegistryStatus.Unverified };\n }\n\n async #get(\n snaps: SnapsRegistryRequest,\n ): Promise<Record<SnapId, SnapsRegistryResult>> {\n return Object.entries(snaps).reduce<\n Promise<Record<SnapId, SnapsRegistryResult>>\n >(async (previousPromise, [snapId, snapInfo]) => {\n const result = await this.#getSingle(snapId, snapInfo);\n const acc = await previousPromise;\n acc[snapId] = result;\n return acc;\n }, Promise.resolve({}));\n }\n\n /**\n * Get metadata for the given snap ID.\n *\n * @param snapId - The ID of the snap to get metadata for.\n * @returns The metadata for the given snap ID, or `null` if the snap is not\n * verified.\n */\n async #getMetadata(snapId: SnapId): Promise<SnapsRegistryMetadata | null> {\n const database = await this.#getDatabase();\n return database?.verifiedSnaps[snapId]?.metadata ?? null;\n }\n\n /**\n * Verify the signature of the registry.\n *\n * @param database - The registry database.\n * @param signature - The signature of the registry.\n * @throws If the signature is invalid.\n * @private\n */\n async #verifySignature(database: string, signature: string) {\n assert(this.#publicKey, 'No public key provided.');\n\n const valid = await verify({\n registry: database,\n signature: JSON.parse(signature),\n publicKey: this.#publicKey,\n });\n\n assert(valid, 'Invalid registry signature.');\n }\n\n /**\n * Fetch the given URL, throwing if the response is not OK.\n *\n * @param url - The URL to fetch.\n * @returns The response body.\n * @private\n */\n async #safeFetch(url: string) {\n const response = await this.#fetchFunction(url);\n if (!response.ok) {\n throw new Error(`Failed to fetch ${url}.`);\n }\n\n return await response.text();\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@metamask/snaps-controllers",
|
|
3
|
-
"version": "0.32.
|
|
3
|
+
"version": "0.32.2",
|
|
4
4
|
"description": "Controllers for MetaMask Snaps.",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -39,10 +39,10 @@
|
|
|
39
39
|
"@metamask/object-multiplex": "^1.1.0",
|
|
40
40
|
"@metamask/permission-controller": "^3.1.0",
|
|
41
41
|
"@metamask/post-message-stream": "^6.1.1",
|
|
42
|
-
"@metamask/rpc-methods": "^0.32.
|
|
43
|
-
"@metamask/snaps-execution-environments": "^0.32.
|
|
42
|
+
"@metamask/rpc-methods": "^0.32.2",
|
|
43
|
+
"@metamask/snaps-execution-environments": "^0.32.2",
|
|
44
44
|
"@metamask/snaps-registry": "^1.2.0",
|
|
45
|
-
"@metamask/snaps-utils": "^0.32.
|
|
45
|
+
"@metamask/snaps-utils": "^0.32.2",
|
|
46
46
|
"@metamask/subject-metadata-controller": "^2.0.0",
|
|
47
47
|
"@metamask/utils": "^5.0.0",
|
|
48
48
|
"@xstate/fsm": "^2.0.0",
|