rise-wallet 0.3.0 → 0.3.2

package/src/core/internal/modes/relay.ts

@@ -62,6 +62,7 @@ export function relay(parameters: relay.Parameters = {}) {
           permissions,
           internal,
           signInWithEthereum,
+          providerRdns,
         } = parameters
         const { client } = internal
 
@@ -70,14 +71,16 @@ export function relay(parameters: relay.Parameters = {}) {
         const feeTokens = await Tokens.getTokens(client)
 
         const adminKey = !mock
-          ? await Key.createWebAuthnP256({
-              createFn: webAuthn?.createFn,
-              label:
-                label ||
-                `${eoa.address.slice(0, 8)}\u2026${eoa.address.slice(-6)}`,
-              rpId: keystoreHost,
-              userId: Bytes.from(eoa.address),
-            })
+          ? providerRdns
+            ? await Key.createEip1193Provider({ rdns: providerRdns })
+            : await Key.createWebAuthnP256({
+                createFn: webAuthn?.createFn,
+                label:
+                  label ||
+                  `${eoa.address.slice(0, 8)}\u2026${eoa.address.slice(-6)}`,
+                rpId: keystoreHost,
+                userId: Bytes.from(eoa.address),
+              })
           : Key.createHeadlessWebAuthnP256()
         const sessionKey = await PermissionsRequest.toKey(permissions, {
           chainId: client.chain.id,
@@ -86,14 +89,47 @@ export function relay(parameters: relay.Parameters = {}) {
 
         const adminKeys = admins?.map((admin) => Key.from(admin))
 
-        const account = await RelayActions.upgradeAccount(client, {
-          account: eoa,
-          authorizeKeys: [
-            adminKey,
-            ...(adminKeys ?? []),
-            ...(sessionKey ? [sessionKey] : []),
-          ],
-        })
+        const { address: existingAccount } = providerRdns
+          ? await RelayActions.getAccount(client, { keyHash: adminKey.hash })
+          : { address: null }
+
+        const account = existingAccount
+          ? Account.from({
+              address: existingAccount,
+              keys: [
+                adminKey,
+                ...(adminKeys ?? []),
+                ...(sessionKey ? [sessionKey] : []),
+              ],
+            })
+          : await RelayActions.upgradeAccount(client, {
+              account: eoa,
+              authorizeKeys: [
+                adminKey,
+                ...(adminKeys ?? []),
+                ...(sessionKey ? [sessionKey] : []),
+              ],
+            })
+
+        if (existingAccount && sessionKey) {
+          const { context, digest, typedData } =
+            await RelayActions.prepareCalls(client, {
+              account,
+              authorizeKeys: [sessionKey],
+              key: adminKey,
+              preCalls: true,
+            })
+          const signature = await Key.sign(adminKey, {
+            address: null,
+            payload: digest,
+            typedData,
+          })
+          await RelayActions.sendPreparedCalls(client, {
+            context,
+            key: adminKey,
+            signature,
+          })
+        }
 
         address_internal = eoa.address
 
@@ -306,15 +342,19 @@ export function relay(parameters: relay.Parameters = {}) {
         )
         if (!adminKey) throw new Error('admin key not found.')
 
-        const { context, digest } = await RelayActions.prepareCalls(client, {
-          account,
-          authorizeKeys: [authorizeKey],
-          key: adminKey,
-          preCalls: true,
-        })
+        const { context, digest, typedData } = await RelayActions.prepareCalls(
+          client,
+          {
+            account,
+            authorizeKeys: [authorizeKey],
+            key: adminKey,
+            preCalls: true,
+          },
+        )
         const signature = await Key.sign(adminKey, {
           address: null,
           payload: digest,
+          typedData,
         })
         await RelayActions.sendPreparedCalls(client, {
           context,
@@ -326,7 +366,12 @@ export function relay(parameters: relay.Parameters = {}) {
       },
 
       async loadAccounts(parameters) {
-        const { internal, permissions, signInWithEthereum } = parameters
+        const {
+          internal,
+          permissions,
+          signInWithEthereum,
+          providerRdns: _providerRdns,
+        } = parameters
         const { client } = internal
 
         const feeTokens = await Tokens.getTokens(client)
@@ -362,42 +407,86 @@ export function relay(parameters: relay.Parameters = {}) {
           } as const
         })()
 
-        const { address, credentialId, webAuthnSignature } =
-          await (async () => {
-            if (mock) {
-              if (!address_internal)
-                throw new Error('address_internal not found.')
-              return {
-                address: address_internal,
-                credentialId: undefined,
-              } as const
-            }
+        const {
+          address,
+          credentialId,
+          webAuthnSignature,
+          rdns,
+          providerSignature,
+        } = await (async () => {
+          if (mock) {
+            if (!address_internal)
+              throw new Error('address_internal not found.')
+            return {
+              address: address_internal,
+              credentialId: undefined,
+            } as const
+          }
 
-            // If the address and credentialId are provided, we can skip the
-            // WebAuthn discovery step.
-            if (parameters.address && parameters.key)
+          // If the address and credentialId are provided, we can skip the
+          // WebAuthn discovery step.
+          if (parameters.address && parameters.key) {
+            if ('credentialId' in parameters.key)
               return {
                 address: parameters.address,
                 credentialId: parameters.key.credentialId,
               }
+            if ('rdns' in parameters.key)
+              return {
+                address: parameters.address,
+                rdns: parameters.key.rdns,
+              }
+          }
 
-            // Discovery step. We need to do this to extract the key id
-            // to query for the Account.
-            // We will also optionally sign over a digest to authorize
-            // a session key if the user has provided one.
-            const webAuthnSignature = await WebAuthnP256.sign({
-              challenge: digest,
-              getFn: webAuthn?.getFn,
-              rpId: keystoreHost,
+          if (_providerRdns) {
+            const key = await Key.createEip1193Provider({
+              rdns: _providerRdns,
             })
-            const response = webAuthnSignature.raw
-              .response as AuthenticatorAssertionResponse
 
-            const address = Bytes.toHex(new Uint8Array(response.userHandle!))
-            const credentialId = webAuthnSignature.raw.id
+            const account = await RelayActions.getAccount(client, {
+              keyHash: key.hash,
+            })
 
-            return { address, credentialId, webAuthnSignature }
-          })()
+            if (account.address) {
+              const signature =
+                digest !== '0x'
+                  ? await Key.sign(key, {
+                      address: null,
+                      payload: message as Hex.Hex,
+                      wrap: true,
+                    })
+                  : undefined
+
+              return {
+                address: account.address,
+                providerSignature: signature,
+                rdns: _providerRdns,
+              }
+            }
+            throw new Error(
+              `No account found for external wallet ${key.publicKey}`,
+            )
+          }
+
+          // Discovery step. We need to do this to extract the key id
+          // to query for the Account.
+          // We will also optionally sign over a digest to authorize
+          // a session key if the user has provided one.
+          const webAuthnSignature = await WebAuthnP256.sign({
+            challenge: digest,
+            getFn: webAuthn?.getFn,
+            rpId: keystoreHost,
+          })
+          const response = webAuthnSignature.raw
+            .response as AuthenticatorAssertionResponse
+
+          const address = Bytes.toHex(new Uint8Array(response.userHandle!))
+          const credentialId = webAuthnSignature.raw.id
+
+          return { address, credentialId, webAuthnSignature }
+        })()
+
+        const providerRdns = rdns ?? _providerRdns
 
         const keys = await RelayActions.getKeys(client, {
           account: address,
@@ -421,6 +510,12 @@ export function relay(parameters: relay.Parameters = {}) {
                     id: address,
                     rpId: keystoreHost,
                   })
+                if (key.type === 'address' && providerRdns)
+                  return Key.fromEip1193Provider({
+                    ...key,
+                    account: key.publicKey,
+                    rdns: providerRdns,
+                  })
               }
               return key
             },
@@ -446,6 +541,8 @@ export function relay(parameters: relay.Parameters = {}) {
               },
             )
 
+          if (providerSignature) return providerSignature
+
           // Otherwise, we will sign over the digest for authorizing
           // the session key.
           return await Key.sign(adminKey, {
@@ -456,14 +553,16 @@ export function relay(parameters: relay.Parameters = {}) {
 
         // Prepare and send the authorize key pre-call.
         if (authorizeKey) {
-          const { context, digest } = await RelayActions.prepareCalls(client, {
-            account,
-            authorizeKeys: [authorizeKey],
-            preCalls: true,
-          })
+          const { context, digest, typedData } =
+            await RelayActions.prepareCalls(client, {
+              account,
+              authorizeKeys: [authorizeKey],
+              preCalls: true,
+            })
           const signature = await Key.sign(adminKey, {
             address: null,
             payload: digest,
+            typedData,
           })
           await RelayActions.sendPreparedCalls(client, {
             context,
@@ -492,7 +591,9 @@ export function relay(parameters: relay.Parameters = {}) {
               },
             )
             const signature = await Account.sign(account, {
-              payload: PersonalMessage.getSignPayload(Hex.fromString(message)),
+              payload: providerRdns
+                ? (message as Hex.Hex)
+                : PersonalMessage.getSignPayload(Hex.fromString(message)),
               role: 'admin',
             })
             const signature_erc8010 = await Erc8010.wrap(client, {
@@ -803,6 +904,7 @@ export function relay(parameters: relay.Parameters = {}) {
           payload: TypedData.getSignPayload(data),
           // If the domain is the Orchestrator, we don't need to replay-safe sign.
           replaySafe: !isOrchestrator,
+          typedData: data,
           webAuthn,
         })
 

package/src/core/internal/provider.ts

@@ -783,6 +783,7 @@ export function from<
                 grantPermissions: permissions,
                 selectAccount,
                 signInWithEthereum,
+                providerRdns,
               } = capabilities ?? {}
 
               const internal = {
@@ -802,6 +803,7 @@ export function from<
                     internal,
                     label,
                     permissions,
+                    providerRdns,
                     signInWithEthereum,
                   })
                   return { accounts: [account] }
@@ -826,6 +828,17 @@ export function from<
                           publicKey: key.publicKey,
                         },
                       }
+                    if (
+                      key.type === 'eip1193provider' &&
+                      key.role === 'admin' &&
+                      !providerRdns
+                    )
+                      return {
+                        address: account?.address,
+                        key: {
+                          rdns: key.privateKey?.rdns,
+                        },
+                      }
                   }
                   return {
                     address: undefined,
@@ -835,6 +848,7 @@ export function from<
                 const loadAccountsParams = {
                   internal,
                   permissions,
+                  providerRdns,
                   signInWithEthereum,
                 }
                 try {

package/src/core/internal/relay/rpcSchema.ts

@@ -52,6 +52,10 @@ export type Schema = RpcSchema_ox.From<
       Request: z.input<typeof Rpc.wallet_feeTokens.Request>
       ReturnType: z.input<typeof Rpc.wallet_feeTokens.Response>
     }
+  | {
+      Request: z.input<typeof Rpc.wallet_getAccount.Request>
+      ReturnType: z.input<typeof Rpc.wallet_getAccount.Response>
+    }
   | {
       Request: z.input<typeof Rpc.wallet_getAccounts.Request>
       ReturnType: z.input<typeof Rpc.wallet_getAccounts.Response>

package/src/core/internal/relay/schema/rpc.ts

@@ -231,6 +231,29 @@ export namespace wallet_addFaucetFunds {
   export type Response = z.infer<typeof Response>
 }
 
+export namespace wallet_getAccount {
+  /** Parameters for `wallet_getAccount` request. */
+  export const Parameters = z.object({
+    /** Key hash to look up account by. */
+    keyHash: u.hex(),
+  })
+  export type Parameters = z.infer<typeof Parameters>
+
+  /** Request for `wallet_getAccount`. */
+  export const Request = z.object({
+    method: z.literal('wallet_getAccount'),
+    params: z.readonly(z.tuple([Parameters])),
+  })
+  export type Request = z.infer<typeof Request>
+
+  /** Response for `wallet_getAccount`. */
+  export const Response = z.object({
+    /** Account address. */
+    address: z.nullable(u.address()),
+  })
+  export type Response = z.infer<typeof Response>
+}
+
 export namespace wallet_getAccounts {
   /** Parameters for `wallet_getAccounts` request. */
   export const Parameters = z.object({

package/src/core/internal/schema/key.ts

@@ -23,6 +23,7 @@ export const Base = z.object({
     z.literal('p256'),
     z.literal('secp256k1'),
     z.literal('webauthn-p256'),
+    z.literal('eip1193provider'),
   ]),
 })
 export type Base = z.infer<typeof Base>

package/src/core/internal/schema/rpc.ts

@@ -465,6 +465,7 @@ export namespace wallet_connect {
     ),
     grantPermissions: z.optional(C.grantPermissions.Request),
     preCalls: z.optional(C.preCalls.Request),
+    providerRdns: z.optional(z.string()),
     selectAccount: z.optional(
       z.union([
         z.boolean(),

package/src/remote/Events.ts

@@ -7,7 +7,11 @@ import type { Payload } from '../core/Messenger.js'
 import * as Actions from './Actions.js'
 import type * as Remote from './Porto.js'
 
-const trustedOrigins = ['id.porto.sh', 'localhost:5174', 'localhost:5173']
+const trustedOrigins = [
+  'wallet.risechain.com',
+  'localhost:5174',
+  'localhost:5173',
+]
 
 /**
  * Event listener which is triggered when a request is ready
@@ -87,8 +91,11 @@ export function onDialogRequest(
             typeof rule === 'object' &&
             rule.sameOrigin &&
             event.origin !== window.location.origin
-          )
-            return false
+          ) {
+            // Allow bypass for RISEx origins
+            const risexOrigins = ['localhost:3009', 'rise.trade']
+            return risexOrigins.some((origin) => event.origin.endsWith(origin))
+          }
           return true
         }
 

package/src/trusted-hosts.ts

@@ -40,4 +40,9 @@ export const hostnames = [
   'swap.defillama.com',
   'uniswap.org',
   'www.bungee.exchange',
+  'wallet.risechain.com',
+  'risechain.com',
+  'testnet.rise.trade',
+  'dev.rise.trade',
+  'rise.trade',
 ]

package/src/viem/Account.ts

@@ -13,6 +13,7 @@ import {
 import { toAccount } from 'viem/accounts'
 import type { Assign, Compute } from '../core/internal/types.js'
 import type * as Storage from '../core/Storage.js'
+import type { prepareCalls } from './internal/relayActions.js'
 import * as Key from './Key.js'
 
 export type Account<
@@ -164,7 +165,9 @@ export function getKey(
   if (account.keys && account.keys.length > 0) {
     if (typeof key === 'number') return account.keys[key]
     return account.keys.find(
-      (key) => key.privateKey && (!role || key.role === role),
+      (key) =>
+        (key.privateKey && (!role || key.role === role)) ||
+        key.type === 'eip1193provider',
     )
   }
 
@@ -191,24 +194,34 @@ export async function sign(
   account: Account,
   parameters: sign.Parameters,
 ): Promise<Compute<Hex.Hex>> {
-  const { storage, replaySafe = true, wrap = true, webAuthn } = parameters
+  const {
+    storage,
+    replaySafe = true,
+    wrap = true,
+    webAuthn,
+    typedData,
+  } = parameters
 
   const key = getKey(account, parameters)
 
+  const wrapped = {
+    domain: { verifyingContract: account.address },
+    message: {
+      digest: parameters.payload,
+    },
+    primaryType: 'ERC1271Sign',
+    types: {
+      ERC1271Sign: [{ name: 'digest', type: 'bytes32' }],
+    },
+  } as TypedData.Definition
+
   const payload = (() => {
     if (!replaySafe) return parameters.payload
-    return TypedData.getSignPayload({
-      domain: { verifyingContract: account.address },
-      message: {
-        digest: parameters.payload,
-      },
-      primaryType: 'ERC1271Sign',
-      types: {
-        ERC1271Sign: [{ name: 'digest', type: 'bytes32' }],
-      },
-    })
+    return TypedData.getSignPayload(wrapped)
   })()
 
+  const typedDataPayload = !replaySafe ? typedData : wrapped
+
   const sign = (() => {
     if (!key) {
       if (account.source === 'privateKey') return account.sign
@@ -219,6 +232,7 @@ export async function sign(
         address: null,
         payload: hash,
         storage,
+        typedData: typedDataPayload,
         webAuthn,
         wrap,
       })
@@ -274,5 +288,9 @@ export declare namespace sign {
           getFn?: WebAuthnP256.sign.Options['getFn'] | undefined
         }
       | undefined
+    typedData?:
+      | prepareCalls.ReturnType['typedData']
+      | TypedData.Definition
+      | undefined
   }
 }