For the Snap documentation, check here.
To test the Snap, check here.
This project forked from metamask/template-snap-monorepo
License: Apache License 2.0
As noted by the comment, type validation is required here. It's very much okay to track this in a separate issue without further modifications to the current PR, but I want to stress how important it is for the Snap to validate every last piece of data it receives from RPC. It's very easy to introduce security holes if we don't.
Upstream Metamask Snaps sources seem to rely on superstruct
quite heavily, and they actually provide some helpers here. Our validation logic may look something like this:
import { Bytes } from '@metamask/utils';
import { Bip32PathStruct } from '@metamask/snaps-utils/*';
import { Infer, boolean, enums, object, optional, type } from 'superstruct';
export const SupportedCurveEnums = enums(['ed25519', 'sec256k1']);
/**
* The supported curves for deriving a BIP-32 account.
*/
export type SupportedCurve = Infer<typeof SupportedCurveEnums>;
/**
* `type` is used instead of `object` to allow unknown properties.
*/
export const GetBip32PublicKeyParamsStruct = type({
/**
* The BIP-32 path to the account.
*/
path: Bip32PathStruct,
/**
* The curve used to derive the account.
*/
curve: SupportedCurveEnums,
/**
* Whether to return the public key in compressed form.
*/
compressed: optional(boolean()),
});
/**
* The parameters for calling the `getPublicKey` JSON-RPC method.
*
* Unknown properties are ignored and passed to `snap_getBip32PublicKey`.
*/
export type GetBip32PublicKeyParams = Infer<
typeof GetBip32PublicKeyParamsStruct
>;
export const SignMessageParamsStruct = object({
/**
* The BIP-32 path to the account.
*/
message: Bytes,
/**
* The curve used to derive the account.
*/
curve: SupportedCurveEnums,
/**
* The BIP-32 path to the account.
*/
path: Bip32PathStruct,
});
/**
* The parameters for calling the `signMessage` JSON-RPC method.
*/
export type SignMessageParams = Infer<typeof SignMessageParamsStruct>;
Originally posted by @neysofu in #1 (comment)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.