-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Place permission middleware ahead of all method implementations #24472
Conversation
@MetaMask/snaps-devs @MetaMask/mmi tagging you guys to confirm that your RPC methods continue to work as expected. |
760c9a6
to
9fb45c4
Compare
This comment was marked as resolved.
This comment was marked as resolved.
e39e390
to
653e514
Compare
Builds ready [653e514]
Page Load Metrics (2225 ± 753 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
Builds ready [611dac9]
Page Load Metrics (1833 ± 699 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #24472 +/- ##
===========================================
+ Coverage 67.37% 67.48% +0.11%
===========================================
Files 1278 1289 +11
Lines 49881 50168 +287
Branches 12944 13015 +71
===========================================
+ Hits 33605 33853 +248
- Misses 16276 16315 +39 ☔ View full report in Codecov by Sentry. |
9c346cd
to
d3f1a0a
Compare
// If the origin is not in the selectedNetworkController's `domains` state | ||
// when the provider engine is created, the selectedNetworkController will | ||
// fetch the globally selected networkClient from the networkController and wrap | ||
// it in a proxy which can be switched to use its own state if/when the origin | ||
// is added to the `domains` state | ||
const proxyClient = | ||
this.selectedNetworkController.getProviderAndBlockTracker(origin); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I moved this declaration closer to where it is used. I do not see how it could result in a behavioral change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The thing one could imagine would be if something further up has been relying on specific error being thrown from getProviderAndBlockTracker
under certain conditions, but sounds far-fetched and move makes sense to me.
Builds ready [91dc4ea]
Page Load Metrics (991 ± 545 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
Builds ready [8f971bf]
Page Load Metrics (1231 ± 610 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
58a0b80
to
3175d64
Compare
Builds ready [3175d64]
Page Load Metrics (663 ± 491 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Builds ready [782af6c]
Page Load Metrics (745 ± 493 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
app/scripts/lib/rpc-method-middleware/createMethodMiddleware.js
Outdated
Show resolved
Hide resolved
@@ -35,4 +34,4 @@ const handlers = [ | |||
///: END:ONLY_INCLUDE_IF | |||
]; | |||
|
|||
export default handlers; | |||
export const legacyHandlers = [ethAccounts]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not a huge deal but wondering if "legacy" is the right framing here? It seems like the main reason this is separated out is that you need to be able to call this method and receive an empty array if there is no authorization? Perhaps that is a legacy pattern in that we don't want to it to be reused but legacyHandlers implies to me that this method or handler is set for deprecation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps that is a legacy pattern in that we don't want to it to be reused
on second thought, maybe this is the proper use of legacy... 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, well, our implementation of eth_accounts
is using a legacy pattern that we should never have cause to return to. However, it falls under a more general category of "middleware that do stuff to requests before the permission system". We could be establishing a pattern for that, but that also includes almost every other middleware in front of the permission middleware...
No, I think legacy is our best bet. We shouldn't do this!
782af6c
to
03017e7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Description of problem makes sense as does the solution. LGTM 👍🏻
Builds ready [7506f83]
Page Load Metrics (294 ± 347 ms)
|
Description
Adds all unrestricted RPC methods to the
unrestrictedMethods
array passed to the permission controller, and moves the permission middleware ahead of all RPC method implementations insetupProviderEngine
. This forces us to add all methods that aren't permission to theunrestrictedMethods
array, as a "method not found" error will be thrown otherwise. It's safer this way.Due the requirement that it swallows authorization errors, the implementation of
eth_accounts
is moved to a new "legacy method middleware", which we by necessity place ahead of the permission middleware. In addition, the responsibility of rejecting intentionally unsupported RPC methods has been moved to a dedicated middleware in front of the legacy method middleware.Related issues
Fixes: #24331
Manual testing steps
Pre-merge author checklist
Pre-merge reviewer checklist