Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private Credentials - Presentation Request #231

Open
wants to merge 98 commits into
base: main
Choose a base branch
from

Conversation

martonmoro
Copy link

Describe changes

Ticket or discussion link

Review checklist

  • Proper documentation added
  • Proper tests added

Screenshots

martonmoro and others added 21 commits November 4, 2024 15:18
Copy link

deepsource-io bot commented Nov 12, 2024

Here's the code health analysis summary for commits 4658892..cbdab29. View details on DeepSource ↗.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource JavaScript LogoJavaScript✅ Success
❗ 72 occurences introduced
🎯 24 occurences resolved
View Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

@martonmoro martonmoro marked this pull request as ready for review December 18, 2024 11:30
Copy link

@mitschabaude mitschabaude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

What worries me a bit is how complex this integration with Pallad is. The only thing I can think of to reduce that complexity for other wallets is moving reusable logic into mina-credentials. I guess that mainly includes the logic for pretty-printing credentials and presentations.
We should move those parts to mina-credentials in a follow-up PR!

apps/extension/src/sandbox/index.ts Outdated Show resolved Hide resolved
apps/extension/src/sandbox/index.ts Outdated Show resolved Hide resolved
apps/extension/src/sandbox/index.ts Outdated Show resolved Hide resolved
Comment on lines 138 to 139
// compile
const compiled = await Presentation.compile(deserialized)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note for the future: in an ideal world, we could cache compiled presentation requests so if the same one is used several times we don't have to compile it every time

is the sandbox JS process long-lived? or is a new one spun up every time? at least caching within one browser session seems easy to do if it's long-lived

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Each Web Connector's prompt is a single sandbox instance, we can definitely use chrome.storage.local to persist vk objects.

apps/extension/src/sandbox/index.ts Outdated Show resolved Hide resolved
}
}

window.addEventListener("message", messageHandler)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

who can send messages to this listener? is this isolated from the web page? I'm just worried the web page could trick the wallet into signing something

maybe that's a question for @mrcnk

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, especially that we have signFieldsWithPassphrase, I would check if we can change window message handler. If it's to communicate with iframe, we can check iframe.contentWindow.body.addEventListener. If we need to rely on window, we should check if there are suitable methods in webext-bridge that we use for messaging in Pallad.

packages/web-provider/src/mina-network/mina-provider.ts Outdated Show resolved Hide resolved
@mitschabaude
Copy link

@martonmoro can you switch everything to o1js v2.2.0 before merging this? nicer to be on an official version

Copy link

@mitschabaude mitschabaude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @martonmoro! As for me, this PR works well and is good to go.

We should keep in mind the window messaging question though, but could possibly address that in a separate PR.

We also still need proper e2e testing of the zkApp verifier case, but again I would address any modifications needed for that in future PRs, because this PR already delivers a significant amount of features that are well-tested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants