@metamask/snaps-controllers 3.1.1 → 3.3.0

package/CHANGELOG.md

@@ -6,6 +6,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.3.0]
+### Added
+- Add manifest localization functionality ([#1889](https://github.com/MetaMask/snaps/pull/1889))
+- Add support for unencrypted storage using `snap_manageState` ([#1902](https://github.com/MetaMask/snaps/pull/1902))
+- Add `OnHomePage` export ([#1896](https://github.com/MetaMask/snaps/pull/1896))
+
+## [3.2.0]
+### Added
+- Add support for links in custom UI and notifications ([#1814](https://github.com/MetaMask/snaps/pull/1814))
+
+### Fixed
+- Fix an issue where snaps throwing a `SnapError` would be allowed to run for longer than expected ([#1897](https://github.com/MetaMask/snaps/pull/1897))
+
 ## [3.1.1]
 ### Fixed
 - Fix a few issues with allowlist version resolving ([#1888](https://github.com/MetaMask/snaps/pull/1888))
@@ -94,7 +107,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.1.1...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.3.0...HEAD
+[3.3.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.2.0...@metamask/snaps-controllers@3.3.0
+[3.2.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.1.1...@metamask/snaps-controllers@3.2.0
 [3.1.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.1.0...@metamask/snaps-controllers@3.1.1
 [3.1.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.0.0...@metamask/snaps-controllers@3.1.0
 [3.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@2.0.2...@metamask/snaps-controllers@3.0.0

package/dist/cjs/snaps/SnapController.js

@@ -29,6 +29,7 @@ const _basecontroller = require("@metamask/base-controller");
 const _permissioncontroller = require("@metamask/permission-controller");
 const _rpcerrors = require("@metamask/rpc-errors");
 const _snapsrpcmethods = require("@metamask/snaps-rpc-methods");
+const _snapsui = require("@metamask/snaps-ui");
 const _snapsutils = require("@metamask/snaps-utils");
 const _utils = require("@metamask/utils");
 const _fsm = require("@xstate/fsm");
@@ -120,7 +121,8 @@ const TRUNCATED_SNAP_PROPERTIES = new Set([
 ]);
 const defaultState = {
     snaps: {},
-    snapStates: {}
+    snapStates: {},
+    unencryptedSnapStates: {}
 };
 /**
  * Truncates the properties of a snap to only ones that are easily serializable.
@@ -192,7 +194,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param snapId - The id of the Snap whose message handler to get.
    * @returns The RPC handler for the given snap.
-   */ _getRpcRequestHandler = /*#__PURE__*/ new WeakSet(), _executeWithTimeout = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestStart = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestFinish = /*#__PURE__*/ new WeakSet(), /**
+   */ _getRpcRequestHandler = /*#__PURE__*/ new WeakSet(), _triggerPhishingListUpdate = /*#__PURE__*/ new WeakSet(), _checkPhishingList = /*#__PURE__*/ new WeakSet(), _assertSnapRpcRequestResult = /*#__PURE__*/ new WeakSet(), _executeWithTimeout = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestStart = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestFinish = /*#__PURE__*/ new WeakSet(), /**
    * Retrieves the rollback snapshot of a snap.
    *
    * @param snapId - The snap id.
@@ -401,9 +403,14 @@ class SnapController extends _basecontroller.BaseControllerV2 {
    *
    * @param snapId - The id of the Snap whose state should be updated.
    * @param newSnapState - The new state of the snap.
-   */ async updateSnapState(snapId, newSnapState) {
+   * @param encrypted - A flag to indicate whether to use encrypted storage or not.
+   */ updateSnapState(snapId, newSnapState, encrypted) {
         this.update((state)=>{
-            state.snapStates[snapId] = newSnapState;
+            if (encrypted) {
+                state.snapStates[snapId] = newSnapState;
+            } else {
+                state.unencryptedSnapStates[snapId] = newSnapState;
+            }
         });
     }
     /**
@@ -411,9 +418,14 @@ class SnapController extends _basecontroller.BaseControllerV2 {
    * This is distinct from the state MetaMask uses to manage snaps.
    *
    * @param snapId - The id of the Snap whose state should be cleared.
-   */ clearSnapState(snapId) {
+   * @param encrypted - A flag to indicate whether to use encrypted storage or not.
+   */ clearSnapState(snapId, encrypted) {
         this.update((state)=>{
-            state.snapStates[snapId] = null;
+            if (encrypted) {
+                state.snapStates[snapId] = null;
+            } else {
+                state.unencryptedSnapStates[snapId] = null;
+            }
         });
     }
     /**
@@ -421,10 +433,10 @@ class SnapController extends _basecontroller.BaseControllerV2 {
    * This is distinct from the state MetaMask uses to manage snaps.
    *
    * @param snapId - The id of the Snap whose state to get.
-   * @returns A promise that resolves with the decrypted snap state or null if no state exists.
-   * @throws If the snap state decryption fails.
-   */ async getSnapState(snapId) {
-        const state = this.state.snapStates[snapId];
+   * @param encrypted - A flag to indicate whether to use encrypted storage or not.
+   * @returns The requested snap state or null if no state exists.
+   */ getSnapState(snapId, encrypted) {
+        const state = encrypted ? this.state.snapStates[snapId] : this.state.unencryptedSnapStates[snapId];
         return state ?? null;
     }
     /**
@@ -941,6 +953,10 @@ class SnapController extends _basecontroller.BaseControllerV2 {
                     persist: true,
                     anonymous: false
                 },
+                unencryptedSnapStates: {
+                    persist: true,
+                    anonymous: false
+                },
                 snaps: {
                     persist: (snaps)=>{
                         return Object.values(snaps)// We should not persist snaps that are in the installing state,
@@ -1020,6 +1036,14 @@ class SnapController extends _basecontroller.BaseControllerV2 {
    */ _class_private_method_init(this, _fetchSnap);
         _class_private_method_init(this, _validateSnapPermissions);
         _class_private_method_init(this, _getRpcRequestHandler);
+        _class_private_method_init(this, _triggerPhishingListUpdate);
+        _class_private_method_init(this, _checkPhishingList);
+        /**
+   * Asserts that the returned result of a Snap RPC call is the expected shape.
+   *
+   * @param handlerType - The handler type of the RPC Request.
+   * @param result - The result of the RPC request.
+   */ _class_private_method_init(this, _assertSnapRpcRequestResult);
         /**
    * Awaits the specified promise and rejects if the promise doesn't resolve
    * before the timeout.
@@ -1212,11 +1236,11 @@ function initializeStateMachine() {
 function registerMessageHandlers() {
     this.messagingSystem.registerActionHandler(`${controllerName}:clearSnapState`, (...args)=>this.clearSnapState(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:get`, (...args)=>this.get(...args));
-    this.messagingSystem.registerActionHandler(`${controllerName}:getSnapState`, async (...args)=>this.getSnapState(...args));
+    this.messagingSystem.registerActionHandler(`${controllerName}:getSnapState`, (...args)=>this.getSnapState(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:handleRequest`, async (...args)=>this.handleRequest(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:has`, (...args)=>this.has(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:updateBlockedSnaps`, async ()=>this.updateBlockedSnaps());
-    this.messagingSystem.registerActionHandler(`${controllerName}:updateSnapState`, async (...args)=>this.updateSnapState(...args));
+    this.messagingSystem.registerActionHandler(`${controllerName}:updateSnapState`, (...args)=>this.updateSnapState(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:enable`, (...args)=>this.enableSnap(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:disable`, async (...args)=>this.disableSnap(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:remove`, async (...args)=>this.removeSnap(...args));
@@ -1425,7 +1449,7 @@ async function getEndowments(snapId) {
 }
 function set(args) {
     const { id: snapId, origin, files, isUpdate = false } = args;
-    const { manifest, sourceCode: sourceCodeFile, svgIcon, auxiliaryFiles: rawAuxiliaryFiles } = files;
+    const { manifest, sourceCode: sourceCodeFile, svgIcon, auxiliaryFiles: rawAuxiliaryFiles, localizationFiles } = files;
     (0, _snapsutils.assertIsSnapManifest)(manifest.result);
     const { version } = manifest.result;
     const sourceCode = sourceCodeFile.toString();
@@ -1459,7 +1483,8 @@ function set(args) {
         sourceCode,
         version,
         versionHistory,
-        auxiliaryFiles
+        auxiliaryFiles,
+        localizationFiles: localizationFiles.map((file)=>file.result)
     };
     // If the snap was blocked, it isn't any longer
     delete snap.blockInformation;
@@ -1487,12 +1512,15 @@ async function fetchSnap(snapId, location) {
         const sourceCode = await location.fetch(manifest.result.source.location.npm.filePath);
         const { iconPath } = manifest.result.source.location.npm;
         const svgIcon = iconPath ? await location.fetch(iconPath) : undefined;
-        const auxiliaryFiles = manifest.result.source.files ? await Promise.all(manifest.result.source.files.map(async (filePath)=>location.fetch(filePath))) : [];
+        const auxiliaryFiles = await (0, _utils1.getSnapFiles)(location, manifest.result.source.files);
+        const localizationFiles = await (0, _utils1.getSnapFiles)(location, manifest.result.source.locales);
+        const validatedLocalizationFiles = (0, _snapsutils.getValidatedLocalizationFiles)(localizationFiles);
         const files = {
             manifest,
             sourceCode,
             svgIcon,
-            auxiliaryFiles
+            auxiliaryFiles,
+            localizationFiles: validatedLocalizationFiles
         };
         (0, _snapsutils.validateFetchedSnap)(files);
         return {
@@ -1561,7 +1589,7 @@ function getRpcRequestHandler(snapId) {
         // This will either get the result or reject due to the timeout.
         try {
             const result = await _class_private_method_get(this, _executeWithTimeout, executeWithTimeout).call(this, handleRpcRequestPromise, timer);
-            _class_private_method_get(this, _recordSnapRpcRequestFinish, recordSnapRpcRequestFinish).call(this, snapId, request.id);
+            await _class_private_method_get(this, _assertSnapRpcRequestResult, assertSnapRpcRequestResult).call(this, handlerType, result);
             return result;
         } catch (error) {
             const [jsonRpcError, handled] = (0, _snapsutils.unwrapError)(error);
@@ -1569,11 +1597,35 @@ function getRpcRequestHandler(snapId) {
                 await this.stopSnap(snapId, _snapsutils.SnapStatusEvents.Crash);
             }
             throw jsonRpcError;
+        } finally{
+            _class_private_method_get(this, _recordSnapRpcRequestFinish, recordSnapRpcRequestFinish).call(this, snapId, request.id);
         }
     };
     runtime.rpcHandler = rpcHandler;
     return rpcHandler;
 }
+async function triggerPhishingListUpdate() {
+    return this.messagingSystem.call('PhishingController:maybeUpdateState');
+}
+function checkPhishingList(origin) {
+    return this.messagingSystem.call('PhishingController:testOrigin', origin).result;
+}
+async function assertSnapRpcRequestResult(handlerType, result) {
+    switch(handlerType){
+        case _snapsutils.HandlerType.OnTransaction:
+            (0, _utils.assertStruct)(result, _snapsutils.OnTransactionResponseStruct);
+            await _class_private_method_get(this, _triggerPhishingListUpdate, triggerPhishingListUpdate).call(this);
+            (0, _snapsui.assertUILinksAreSafe)(result.content, _class_private_method_get(this, _checkPhishingList, checkPhishingList).bind(this));
+            break;
+        case _snapsutils.HandlerType.OnHomePage:
+            (0, _utils.assertStruct)(result, _snapsutils.OnHomePageResponseStruct);
+            await _class_private_method_get(this, _triggerPhishingListUpdate, triggerPhishingListUpdate).call(this);
+            (0, _snapsui.assertUILinksAreSafe)(result.content, _class_private_method_get(this, _checkPhishingList, checkPhishingList).bind(this));
+            break;
+        default:
+            break;
+    }
+}
 async function executeWithTimeout(promise, timer) {
     const result = await (0, _utils1.withTimeout)(promise, timer ?? this.maxRequestTime);
     if (result === _utils1.hasTimedOut) {