npm - @metamask/snaps-controllers - Versions diffs - 6.0.4 → 7.0.0 - Mend

@metamask/snaps-controllers 6.0.4 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/CHANGELOG.md +11 -1
package/dist/{chunk-B67RDBZ4.mjs → chunk-42ODFZSH.mjs} +4 -4
package/dist/chunk-HP6S5IOB.js +1 -0
package/dist/chunk-HP6S5IOB.js.map +1 -0
package/dist/{chunk-APQVOL5T.js → chunk-MIYZN7HG.js} +139 -18
package/dist/chunk-MIYZN7HG.js.map +1 -0
package/dist/chunk-NZOUFWUN.mjs +1 -0
package/dist/chunk-NZOUFWUN.mjs.map +1 -0
package/dist/{chunk-7WOG63YY.js → chunk-PT22IXNS.js} +3 -3
package/dist/{chunk-AXXQZJBW.mjs → chunk-TIP3Q7KZ.mjs} +140 -19
package/dist/chunk-TIP3Q7KZ.mjs.map +1 -0
package/dist/cronjob/CronjobController.js +6 -6
package/dist/cronjob/CronjobController.mjs +6 -6
package/dist/cronjob/index.js +6 -6
package/dist/cronjob/index.mjs +6 -6
package/dist/index.js +10 -10
package/dist/index.mjs +12 -12
package/dist/node.js +10 -10
package/dist/node.mjs +12 -12
package/dist/react-native.js +10 -10
package/dist/react-native.mjs +12 -12
package/dist/services/browser.js +1 -1
package/dist/services/browser.mjs +1 -1
package/dist/services/index.js +1 -1
package/dist/services/index.mjs +1 -1
package/dist/services/node-js/NodeProcessExecutionService.js +1 -1
package/dist/services/node-js/NodeProcessExecutionService.mjs +1 -1
package/dist/services/node-js/NodeThreadExecutionService.js +1 -1
package/dist/services/node-js/NodeThreadExecutionService.mjs +1 -1
package/dist/services/node-js/index.js +1 -1
package/dist/services/node-js/index.mjs +1 -1
package/dist/services/node.js +1 -1
package/dist/services/node.mjs +1 -1
package/dist/services/react-native.js +1 -1
package/dist/services/react-native.mjs +1 -1
package/dist/snaps/SnapController.js +6 -6
package/dist/snaps/SnapController.mjs +5 -5
package/dist/snaps/index.js +9 -9
package/dist/snaps/index.mjs +11 -11
package/dist/snaps/location/index.js +4 -4
package/dist/snaps/location/index.mjs +4 -4
package/dist/snaps/location/location.js +3 -3
package/dist/snaps/location/location.mjs +2 -2
package/dist/tsconfig.build.tsbuildinfo +1 -1
package/dist/types/encryptor.js +2 -0
package/dist/types/encryptor.js.map +1 -0
package/dist/types/encryptor.mjs +2 -0
package/dist/types/encryptor.mjs.map +1 -0
package/dist/types/index.js +2 -0
package/dist/types/index.js.map +1 -0
package/dist/types/index.mjs +2 -0
package/dist/types/index.mjs.map +1 -0
package/dist/types/snaps/SnapController.d.ts +18 -3
package/dist/types/types/encryptor.d.ts +98 -0
package/dist/types/types/index.d.ts +1 -0
package/package.json +7 -6
package/dist/chunk-APQVOL5T.js.map +0 -1
package/dist/chunk-AXXQZJBW.mjs.map +0 -1
/package/dist/{chunk-B67RDBZ4.mjs.map → chunk-42ODFZSH.mjs.map} +0 -0
/package/dist/{chunk-7WOG63YY.js.map → chunk-PT22IXNS.js.map} +0 -0

package/dist/{chunk-AXXQZJBW.mjs → chunk-TIP3Q7KZ.mjs} RENAMED Viewed

@@ -1,6 +1,6 @@
 import {
   detectSnapLocation
-} from "./chunk-B67RDBZ4.mjs";
+} from "./chunk-42ODFZSH.mjs";
 import {
   RequestQueue
 } from "./chunk-NC5PBDKD.mjs";
@@ -41,7 +41,8 @@ import {
   SnapEndowments,
   getKeyringCaveatOrigins,
   getRpcCaveatOrigins,
-  processSnapPermissions
+  processSnapPermissions,
+  getEncryptionEntropy
 } from "@metamask/snaps-rpc-methods";
 import { AuxiliaryFileEncoding, getErrorMessage } from "@metamask/snaps-sdk";
 import {
@@ -66,7 +67,8 @@ import {
   VirtualFile,
   NpmSnapFileNames,
   OnNameLookupResponseStruct,
-  getLocalizedSnapManifest
+  getLocalizedSnapManifest,
+  parseJson
 } from "@metamask/snaps-utils";
 import {
   assert,
@@ -78,6 +80,7 @@ import {
   hasProperty,
   inMilliseconds,
   isNonEmptyArray,
+  isValidJson,
   isValidSemVerRange,
   satisfiesVersionRange,
   timeSince
@@ -113,7 +116,7 @@ function truncateSnap(snap) {
   return truncatedSnap;
 }
 var name = "SnapController";
-var _closeAllConnections, _dynamicPermissions, _environmentEndowmentPermissions, _excludedPermissions, _featureFlags, _fetchFunction, _idleTimeCheckInterval, _maxIdleTime, _maxInitTime, _detectSnapLocation, _snapsRuntimeData, _rollbackSnapshots, _timeoutForLastRequestStatus, _statusMachine, _initializeStateMachine, initializeStateMachine_fn, _registerMessageHandlers, registerMessageHandlers_fn, _handlePreinstalledSnaps, handlePreinstalledSnaps_fn, _pollForLastRequestStatus, pollForLastRequestStatus_fn, _blockSnap, blockSnap_fn, _unblockSnap, unblockSnap_fn, _assertIsInstallAllowed, assertIsInstallAllowed_fn, _stopSnapsLastRequestPastMax, stopSnapsLastRequestPastMax_fn, _transition, transition_fn, _terminateSnap, terminateSnap_fn, _handleInitialConnections, handleInitialConnections_fn, _addSnapToSubject, addSnapToSubject_fn, _removeSnapFromSubjects, removeSnapFromSubjects_fn, _revokeAllSnapPermissions, revokeAllSnapPermissions_fn, _createApproval, createApproval_fn, _updateApproval, updateApproval_fn, _resolveAllowlistVersion, resolveAllowlistVersion_fn, _add, add_fn, _startSnap, startSnap_fn, _getEndowments, getEndowments_fn, _set, set_fn, _validateSnapPermissions, validateSnapPermissions_fn, _getExecutionTimeout, getExecutionTimeout_fn, _getRpcRequestHandler, getRpcRequestHandler_fn, _createInterface, createInterface_fn, _assertInterfaceExists, assertInterfaceExists_fn, _transformSnapRpcRequestResult, transformSnapRpcRequestResult_fn, _assertSnapRpcRequestResult, assertSnapRpcRequestResult_fn, _recordSnapRpcRequestStart, recordSnapRpcRequestStart_fn, _recordSnapRpcRequestFinish, recordSnapRpcRequestFinish_fn, _getRollbackSnapshot, getRollbackSnapshot_fn, _createRollbackSnapshot, createRollbackSnapshot_fn, _rollbackSnap, rollbackSnap_fn, _rollbackSnaps, rollbackSnaps_fn, _getRuntime, getRuntime_fn, _getRuntimeExpect, getRuntimeExpect_fn, _setupRuntime, setupRuntime_fn, _calculatePermissionsChange, calculatePermissionsChange_fn, _updatePermissions, updatePermissions_fn, _isValidUpdate, isValidUpdate_fn, _callLifecycleHook, callLifecycleHook_fn;
+var _closeAllConnections, _dynamicPermissions, _environmentEndowmentPermissions, _excludedPermissions, _featureFlags, _fetchFunction, _idleTimeCheckInterval, _maxIdleTime, _maxInitTime, _encryptor, _getMnemonic, _detectSnapLocation, _snapsRuntimeData, _rollbackSnapshots, _timeoutForLastRequestStatus, _statusMachine, _initializeStateMachine, initializeStateMachine_fn, _registerMessageHandlers, registerMessageHandlers_fn, _handlePreinstalledSnaps, handlePreinstalledSnaps_fn, _pollForLastRequestStatus, pollForLastRequestStatus_fn, _blockSnap, blockSnap_fn, _unblockSnap, unblockSnap_fn, _assertIsInstallAllowed, assertIsInstallAllowed_fn, _stopSnapsLastRequestPastMax, stopSnapsLastRequestPastMax_fn, _transition, transition_fn, _terminateSnap, terminateSnap_fn, _getSnapEncryptionKey, getSnapEncryptionKey_fn, _decryptSnapState, decryptSnapState_fn, _encryptSnapState, encryptSnapState_fn, _handleInitialConnections, handleInitialConnections_fn, _addSnapToSubject, addSnapToSubject_fn, _removeSnapFromSubjects, removeSnapFromSubjects_fn, _revokeAllSnapPermissions, revokeAllSnapPermissions_fn, _createApproval, createApproval_fn, _updateApproval, updateApproval_fn, _resolveAllowlistVersion, resolveAllowlistVersion_fn, _add, add_fn, _startSnap, startSnap_fn, _getEndowments, getEndowments_fn, _set, set_fn, _validateSnapPermissions, validateSnapPermissions_fn, _getExecutionTimeout, getExecutionTimeout_fn, _getRpcRequestHandler, getRpcRequestHandler_fn, _createInterface, createInterface_fn, _assertInterfaceExists, assertInterfaceExists_fn, _transformSnapRpcRequestResult, transformSnapRpcRequestResult_fn, _assertSnapRpcRequestResult, assertSnapRpcRequestResult_fn, _recordSnapRpcRequestStart, recordSnapRpcRequestStart_fn, _recordSnapRpcRequestFinish, recordSnapRpcRequestFinish_fn, _getRollbackSnapshot, getRollbackSnapshot_fn, _createRollbackSnapshot, createRollbackSnapshot_fn, _rollbackSnap, rollbackSnap_fn, _rollbackSnaps, rollbackSnaps_fn, _getRuntime, getRuntime_fn, _getRuntimeExpect, getRuntimeExpect_fn, _setupRuntime, setupRuntime_fn, _calculatePermissionsChange, calculatePermissionsChange_fn, _updatePermissions, updatePermissions_fn, _isValidUpdate, isValidUpdate_fn, _callLifecycleHook, callLifecycleHook_fn;
 var SnapController = class extends BaseController {
   constructor({
     closeAllConnections,
@@ -129,7 +132,9 @@ var SnapController = class extends BaseController {
     fetchFunction = globalThis.fetch.bind(globalThis),
     featureFlags = {},
     detectSnapLocation: detectSnapLocationFunction = detectSnapLocation,
-    preinstalledSnaps
+    preinstalledSnaps,
+    encryptor,
+    getMnemonic
   }) {
     super({
       messenger,
@@ -218,6 +223,37 @@ var SnapController = class extends BaseController {
      * @param snapId - The snap to terminate.
      */
     __privateAdd(this, _terminateSnap);
+    /**
+     * Generate an encryption key to be used for state encryption for a given Snap.
+     *
+     * @param options - An options bag.
+     * @param options.snapId - The Snap ID.
+     * @param options.salt - A salt to be used for the encryption key.
+     * @param options.useCache - Whether to use caching or not.
+     * @param options.keyMetadata - Optional metadata about how to derive the encryption key.
+     * @returns An encryption key.
+     */
+    __privateAdd(this, _getSnapEncryptionKey);
+    /**
+     * Decrypt the encrypted state for a given Snap.
+     *
+     * @param snapId - The Snap ID.
+     * @param state - The encrypted state as a string.
+     * @returns A valid JSON object derived from the encrypted state.
+     * @throws If the decryption fails or the decrypted state is not valid JSON.
+     */
+    __privateAdd(this, _decryptSnapState);
+    /**
+     * Encrypt a JSON state object for a given Snap.
+     *
+     * Note: This function does not assert the validity of the object,
+     * please ensure only valid JSON is passed to it.
+     *
+     * @param snapId - The Snap ID.
+     * @param state - The state object.
+     * @returns A string containing the encrypted JSON object.
+     */
+    __privateAdd(this, _encryptSnapState);
     __privateAdd(this, _handleInitialConnections);
     __privateAdd(this, _addSnapToSubject);
     /**
@@ -406,6 +442,8 @@ var SnapController = class extends BaseController {
     __privateAdd(this, _idleTimeCheckInterval, void 0);
     __privateAdd(this, _maxIdleTime, void 0);
     __privateAdd(this, _maxInitTime, void 0);
+    __privateAdd(this, _encryptor, void 0);
+    __privateAdd(this, _getMnemonic, void 0);
     __privateAdd(this, _detectSnapLocation, void 0);
     __privateAdd(this, _snapsRuntimeData, void 0);
     __privateAdd(this, _rollbackSnapshots, void 0);
@@ -422,6 +460,8 @@ var SnapController = class extends BaseController {
     this.maxRequestTime = maxRequestTime;
     __privateSet(this, _maxInitTime, maxInitTime);
     __privateSet(this, _detectSnapLocation, detectSnapLocationFunction);
+    __privateSet(this, _encryptor, encryptor);
+    __privateSet(this, _getMnemonic, getMnemonic);
     this._onUnhandledSnapError = this._onUnhandledSnapError.bind(this);
     this._onOutboundRequest = this._onOutboundRequest.bind(this);
     this._onOutboundResponse = this._onOutboundResponse.bind(this);
@@ -674,14 +714,17 @@ var SnapController = class extends BaseController {
    * @param newSnapState - The new state of the snap.
    * @param encrypted - A flag to indicate whether to use encrypted storage or not.
    */
-  updateSnapState(snapId, newSnapState, encrypted) {
-    this.update((state) => {
-      if (encrypted) {
-        state.snapStates[snapId] = newSnapState;
-      } else {
-        state.unencryptedSnapStates[snapId] = newSnapState;
-      }
-    });
+  async updateSnapState(snapId, newSnapState, encrypted) {
+    if (encrypted) {
+      const encryptedState = await __privateMethod(this, _encryptSnapState, encryptSnapState_fn).call(this, snapId, newSnapState);
+      this.update((state) => {
+        state.snapStates[snapId] = encryptedState;
+      });
+    } else {
+      this.update((state) => {
+        state.unencryptedSnapStates[snapId] = JSON.stringify(newSnapState);
+      });
+    }
   }
   /**
    * Clears the state of the snap with the given id.
@@ -707,9 +750,16 @@ var SnapController = class extends BaseController {
    * @param encrypted - A flag to indicate whether to use encrypted storage or not.
    * @returns The requested snap state or null if no state exists.
    */
-  getSnapState(snapId, encrypted) {
+  async getSnapState(snapId, encrypted) {
     const state = encrypted ? this.state.snapStates[snapId] : this.state.unencryptedSnapStates[snapId];
-    return state ?? null;
+    if (state === null) {
+      return state;
+    }
+    if (!encrypted) {
+      return parseJson(state);
+    }
+    const decrypted = await __privateMethod(this, _decryptSnapState, decryptSnapState_fn).call(this, snapId, state);
+    return decrypted;
   }
   /**
    * Gets a static auxiliary snap file in a chosen file encoding.
@@ -784,6 +834,7 @@ var SnapController = class extends BaseController {
         this.update((state) => {
           delete state.snaps[snapId];
           delete state.snapStates[snapId];
+          delete state.unencryptedSnapStates[snapId];
         });
         if (snap.status !== SnapStatus.Installing) {
           this.messagingSystem.publish(
@@ -1136,6 +1187,7 @@ var SnapController = class extends BaseController {
       __privateMethod(this, _validateSnapPermissions, validateSnapPermissions_fn).call(this, processedPermissions);
       const { newPermissions, unusedPermissions, approvedPermissions } = __privateMethod(this, _calculatePermissionsChange, calculatePermissionsChange_fn).call(this, snapId, processedPermissions);
       __privateMethod(this, _updateApproval, updateApproval_fn).call(this, pendingApproval.id, {
+        connections: manifest.initialConnections ?? {},
         permissions: newPermissions,
         newVersion: manifest.version,
         newPermissions,
@@ -1240,12 +1292,13 @@ var SnapController = class extends BaseController {
     log(`Authorizing snap: ${snapId}`);
     const snapsState = this.state.snaps;
     const snap = snapsState[snapId];
-    const { initialPermissions } = snap;
+    const { initialPermissions, initialConnections } = snap;
     try {
       const processedPermissions = processSnapPermissions(initialPermissions);
       __privateMethod(this, _validateSnapPermissions, validateSnapPermissions_fn).call(this, processedPermissions);
       __privateMethod(this, _updateApproval, updateApproval_fn).call(this, pendingApproval.id, {
         loading: false,
+        connections: initialConnections ?? {},
         permissions: processedPermissions
       });
       const { permissions: approvedPermissions, ...requestData } = await pendingApproval.promise;
@@ -1358,6 +1411,8 @@ _fetchFunction = new WeakMap();
 _idleTimeCheckInterval = new WeakMap();
 _maxIdleTime = new WeakMap();
 _maxInitTime = new WeakMap();
+_encryptor = new WeakMap();
+_getMnemonic = new WeakMap();
 _detectSnapLocation = new WeakMap();
 _snapsRuntimeData = new WeakMap();
 _rollbackSnapshots = new WeakMap();
@@ -1429,7 +1484,7 @@ registerMessageHandlers_fn = function() {
   );
   this.messagingSystem.registerActionHandler(
     `${controllerName}:getSnapState`,
-    (...args) => this.getSnapState(...args)
+    async (...args) => this.getSnapState(...args)
   );
   this.messagingSystem.registerActionHandler(
     `${controllerName}:handleRequest`,
@@ -1445,7 +1500,7 @@ registerMessageHandlers_fn = function() {
   );
   this.messagingSystem.registerActionHandler(
     `${controllerName}:updateSnapState`,
-    (...args) => this.updateSnapState(...args)
+    async (...args) => this.updateSnapState(...args)
   );
   this.messagingSystem.registerActionHandler(
     `${controllerName}:enable`,
@@ -1648,6 +1703,70 @@ terminateSnap_fn = async function(snapId) {
     this.getTruncatedExpect(snapId)
   );
 };
+_getSnapEncryptionKey = new WeakSet();
+getSnapEncryptionKey_fn = async function({
+  snapId,
+  salt,
+  useCache,
+  keyMetadata
+}) {
+  const runtime = __privateMethod(this, _getRuntimeExpect, getRuntimeExpect_fn).call(this, snapId);
+  if (runtime.encryptionKey && useCache) {
+    return __privateGet(this, _encryptor).importKey(runtime.encryptionKey);
+  }
+  const mnemonicPhrase = await __privateGet(this, _getMnemonic).call(this);
+  const entropy = await getEncryptionEntropy({ snapId, mnemonicPhrase });
+  const encryptionKey = await __privateGet(this, _encryptor).keyFromPassword(
+    entropy,
+    salt,
+    true,
+    keyMetadata
+  );
+  const exportedKey = await __privateGet(this, _encryptor).exportKey(encryptionKey);
+  if (useCache) {
+    runtime.encryptionKey = exportedKey;
+  }
+  return encryptionKey;
+};
+_decryptSnapState = new WeakSet();
+decryptSnapState_fn = async function(snapId, state) {
+  try {
+    const parsed = parseJson(state);
+    const { salt, keyMetadata } = parsed;
+    const useCache = __privateGet(this, _encryptor).isVaultUpdated(state);
+    const encryptionKey = await __privateMethod(this, _getSnapEncryptionKey, getSnapEncryptionKey_fn).call(this, {
+      snapId,
+      salt,
+      useCache,
+      keyMetadata
+    });
+    const decryptedState = await __privateGet(this, _encryptor).decryptWithKey(
+      encryptionKey,
+      parsed
+    );
+    assert(isValidJson(decryptedState));
+    return decryptedState;
+  } catch {
+    throw rpcErrors.internal({
+      message: "Failed to decrypt snap state, the state must be corrupted."
+    });
+  }
+};
+_encryptSnapState = new WeakSet();
+encryptSnapState_fn = async function(snapId, state) {
+  const salt = __privateGet(this, _encryptor).generateSalt();
+  const encryptionKey = await __privateMethod(this, _getSnapEncryptionKey, getSnapEncryptionKey_fn).call(this, {
+    snapId,
+    salt,
+    useCache: true
+  });
+  const encryptedState = await __privateGet(this, _encryptor).encryptWithKey(
+    encryptionKey,
+    state
+  );
+  encryptedState.salt = salt;
+  return JSON.stringify(encryptedState);
+};
 _handleInitialConnections = new WeakSet();
 handleInitialConnections_fn = function(snapId, previousInitialConnections, initialConnections) {
   if (previousInitialConnections) {
@@ -1913,6 +2032,7 @@ set_fn = function(args) {
     removable,
     preinstalled,
     id: snapId,
+    initialConnections: manifest.result.initialConnections,
     initialPermissions: manifest.result.initialPermissions,
     manifest: manifest.result,
     status: __privateGet(this, _statusMachine).config.initial,
@@ -2222,6 +2342,7 @@ setupRuntime_fn = function(snapId) {
     lastRequest: null,
     rpcHandler: null,
     installPromise: null,
+    encryptionKey: null,
     activeReferences: 0,
     pendingInboundRequests: [],
     pendingOutboundRequests: 0,
@@ -2301,4 +2422,4 @@ export {
   SNAP_APPROVAL_RESULT,
   SnapController
 };
-//# sourceMappingURL=chunk-AXXQZJBW.mjs.map
+//# sourceMappingURL=chunk-TIP3Q7KZ.mjs.map