Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: secure allowance creationby including protocol information #2930

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/app/components/Enable/WeblnEnable.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ function WeblnEnableComponent(props: Props) {
</div>
</div>
</div>

<div className="text-center flex flex-col">
<ConfirmOrCancel
disabled={loading}
Expand Down
4 changes: 2 additions & 2 deletions src/app/components/LNURLAuth/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ function LNURLAuthComponent() {
lnurlDetails: details,
});

if (navState.isPrompt && origin?.host) {
const allowance = await api.getAllowance(origin.host);
if (navState.isPrompt && origin?.domain) {
const allowance = await api.getAllowance(origin.domain);

if (allowance.lnurlAuth === false) {
await msg.request("updateAllowance", {
Expand Down
2 changes: 1 addition & 1 deletion src/app/components/PublisherPanel/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ export default function PublisherPanel({
</h2>
{url && (
<a
href={`https://${url}`}
href={url}
title={url}
target="_blank"
className="text-gray-500 dark:text-gray-400 overflow-hidden text-ellipsis whitespace-nowrap leading-1 text-lg"
Expand Down
2 changes: 1 addition & 1 deletion src/app/screens/ConfirmKeysend/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ function ConfirmKeysend() {
if (!budget) return;
return msg.request("addAllowance", {
totalBudget: parseInt(budget),
host: origin.host,
host: origin.domain,
name: origin.name,
imageURL: origin.icon,
});
Expand Down
2 changes: 1 addition & 1 deletion src/app/screens/ConfirmPayment/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ function ConfirmPayment() {
if (!budget || !navState.origin) return;
return msg.request("addAllowance", {
totalBudget: parseInt(budget),
host: navState.origin.host,
host: navState.origin.domain,
name: navState.origin.name,
imageURL: navState.origin.icon,
});
Expand Down
2 changes: 1 addition & 1 deletion src/app/screens/Home/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ const Home: FC = () => {
// typeguard, currentUrl should exist at this point
if (!currentUrl) throw new Error("No established browser connection");

const result = await api.getAllowance(currentUrl.host);
const result = await api.getAllowance(currentUrl.origin);

if (result.enabled) {
setAllowance(result);
Expand Down
4 changes: 2 additions & 2 deletions src/common/utils/helpers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ export function getHostFromSender(sender: Sender) {
// from a privileged page, otherwise use MessageSender.url
// MessageSender.origin is more reliable as it is not spoofable by a
// compromised renderer.
if (sender.origin) return new URL(sender.origin).host;
else if (sender.url) return new URL(sender.url).host;
if (sender.origin) return sender.origin;
else if (sender.url) return new URL(sender.url).origin;
else return null;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ describe("add allowance", () => {
internal: true,
},
args: {
host: "lnmarkets.com",
host: "https://lnmarkets.com",
name: "LN Markets",
imageURL: "https://lnmarkets.com/apple-touch-icon.png",
totalBudget: 200,
Expand All @@ -41,7 +41,7 @@ describe("add allowance", () => {
expect(dbAllowances).toContainEqual({
createdAt: "1487076708000",
enabled: true,
host: "lnmarkets.com",
host: "https://lnmarkets.com",
imageURL: "https://lnmarkets.com/apple-touch-icon.png",
lastPaymentAt: 0,
lnurlAuth: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ describe("delete allowance", () => {
expect(dbAllowances).toEqual([
{
enabled: true,
host: "getalby.com",
host: "https://getalby.com",
id: 1,
imageURL: "https://getalby.com/favicon.ico",
lastPaymentAt: 0,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ describe("enable allowance", () => {
external: true,
},
args: {
host: "lnmarkets.com",
host: "https://lnmarkets.com",
},
};

Expand Down Expand Up @@ -87,7 +87,7 @@ describe("enable allowance", () => {
external: true,
},
args: {
host: "getalby.com",
host: `https://getalby.com`,
},
};
const sender: Sender = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ describe("get allowance", () => {
internal: true,
},
args: {
host: "getalby.com",
host: "https://getalby.com",
},
};

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ const sender: Sender = {
documentId: "ALBY123",
documentLifecycle: "active",
id: "alby",
origin: `https://${allowanceInDB.host}`,
url: `https://${allowanceInDB.host}/test`,
origin: `${allowanceInDB.host}`,
url: `${allowanceInDB.host}/test`,
};

const requestResponse = { data: "" };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ const mockPayments: DbPayment[] = [
createdAt: "123456",
description: "A blue bird?!",
destination: "Space",
host: "getalby.com",
host: "https://getalby.com",
id: 4,
location: "https://www.getalby.com",
name: "Alby",
Expand All @@ -26,7 +26,7 @@ const mockPayments: DbPayment[] = [
createdAt: "123456",
description: "A yellow bird?!",
destination: "Space",
host: "getalby.com",
host: "https://getalby.com",
id: 5,
location: "https://www.getalby.com",
name: "Alby",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ const updatedPayments: DbPayment[] = [
createdAt: "1487076708000",
description: "A red bird?!",
destination: "Space",
host: "getalby.com",
host: "https://getalby.com",
id: 6,
location: "test",
name: "Alby",
Expand Down Expand Up @@ -72,8 +72,8 @@ const data: PaymentNotificationData = {
},
origin: {
location: "test",
domain: "",
host: "getalby.com",
domain: "https://getalby.com",
host: "https://getalby.com",
pathname: "test",
name: "Alby",
description: "test",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ const data: PaymentNotificationData = {
origin: {
location: "test",
domain: "",
host: "getalby.com",
host: "https://getalby.com",
pathname: "test",
name: "Alby",
description: "test",
Expand All @@ -56,7 +56,7 @@ describe("Update Allowances", () => {
internal: true,
},
args: {
host: "getalby.com",
host: "https://getalby.com",
},
};

Expand Down
2 changes: 1 addition & 1 deletion src/extension/background-script/events/persistPayments.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ const persistSuccessfulPayment = async (
data: PaymentNotificationData
) => {
const name = data?.origin?.name;
const host = data?.origin?.host || "";
const host = data?.origin?.domain || "";
const location = data?.origin?.location;
const accountId = data.accountId;
const paymentResponse = data.response;
Expand Down
46 changes: 35 additions & 11 deletions src/extension/background-script/migrations/index.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
// import db from "../db";
// import state from "../state";
import db from "~/extension/background-script/db";
import state from "../state";

export type Migration = keyof typeof migrations;

/*

// TS does not want unused code.
// we need this for the next migration again

Expand All @@ -30,19 +28,45 @@ const setMigrated = (name: Migration): Promise<void> => {
return state.getState().saveToStorage();
};

*/
const migrations = {
migrateHostInAllowances: async () => {
const allowances = await db.allowances.toArray();

allowances.forEach(async (allowances) => {
allowances.id &&
(await db.allowances.update(allowances.id, {
host: `https://${allowances.host}`,
}));
});
},

const migrations = {};
migrateHostInPayments: async () => {
const payments = await db.payments.toArray();

payments.forEach(async (payments) => {
payments.id &&
(await db.payments.update(payments.id, {
host: `https://${payments.host}`,
}));
});
},
};

const migrate = async () => {
// going forward we can iterate through the the migrations object above and DRY this up:
// Object.keys(migrations).forEach((name: string) => {
// example:
//if (shouldMigrate("migratePermissionsWithoutAccountId")) {
// console.info("Running migration for: migratePermissionsWithoutAccountId");
// await migrations["migratePermissionsWithoutAccountId"]();
// await setMigrated("migratePermissionsWithoutAccountId");
//}
if (shouldMigrate("migrateHostInAllowances")) {
console.info("Running migration for: migrateHostInAllowances");
await migrations["migrateHostInAllowances"]();
await setMigrated("migrateHostInAllowances");
}

if (shouldMigrate("migrateHostInPayments")) {
console.info("Running migration for: migrateHostInPayments");
await migrations["migrateHostInPayments"]();
await setMigrated("migrateHostInPayments");
}
};

export default migrate;
4 changes: 2 additions & 2 deletions src/fixtures/allowances.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import type { DbAllowance } from "~/types";
export const allowanceFixture: DbAllowance[] = [
{
enabled: true,
host: "getalby.com",
host: "https://getalby.com",
id: 1,
imageURL: "https://getalby.com/favicon.ico",
lastPaymentAt: 0,
Expand All @@ -17,7 +17,7 @@ export const allowanceFixture: DbAllowance[] = [
},
{
enabled: false,
host: "lnmarkets.com",
host: "https://lnmarkets.com",
id: 2,
imageURL: "https://lnmarkets.com/apple-touch-icon.png",
lastPaymentAt: 0,
Expand Down
4 changes: 2 additions & 2 deletions src/fixtures/payment.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ export const paymentsFixture: DbPayment[] = [
createdAt: "123456",
description: "A blue bird?!",
destination: "Space",
host: "getalby.com",
host: "https://getalby.com",
id: 4,
location: "https://www.getalby.com",
name: "Alby",
Expand All @@ -23,7 +23,7 @@ export const paymentsFixture: DbPayment[] = [
createdAt: "123456",
description: "A yellow bird?!",
destination: "Space",
host: "getalby.com",
host: "https://getalby.com",
id: 5,
location: "https://www.getalby.com",
name: "Alby",
Expand Down
6 changes: 3 additions & 3 deletions src/fixtures/permissions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ export const permissionsFixture: DbPermission[] = [
accountId: "8b7f1dc6-ab87-4c6c-bca5-19fa8632731e",
allowanceId: 1,
createdAt: "1487076708000",
host: "getalby.com",
host: "https://getalby.com",
method: "the-request-method-1",
blocked: false,
enabled: true,
Expand All @@ -16,7 +16,7 @@ export const permissionsFixture: DbPermission[] = [
accountId: "8b7f1dc6-ab87-4c6c-bca5-19fa8632731e",
allowanceId: 1,
createdAt: "1487076708000",
host: "getalby.com",
host: "https://getalby.com",
method: "the-request-method-2",
blocked: false,
enabled: true,
Expand All @@ -26,7 +26,7 @@ export const permissionsFixture: DbPermission[] = [
accountId: "8b7f1dc6-ab87-4c6c-bca5-19fa8632731e",
allowanceId: 2,
createdAt: "1487076708000",
host: "lnmarkets.com",
host: "https://lnmarkets.com",
method: "the-request-method-3",
blocked: false,
enabled: true,
Expand Down
Loading