Improve request validation (#187)

* Improve request validation
- add validation for rules
- deduplicate zod definitions shared between permission types

* Add support for rule type descriptors as object

* Ensure all instances of rule.type are wrapped in extractDescriptorName to support complex descriptors. Remove circular dependency of zod util schemas.

Author: jeffsmale90

packages/gator-permissions-snap/src/core/permissionHandlerFactory.ts

@@ -1,5 +1,5 @@
 import type { PermissionRequest } from '@metamask/7715-permissions-shared/types';
-import { extractPermissionName } from '@metamask/7715-permissions-shared/utils';
+import { extractDescriptorName } from '@metamask/7715-permissions-shared/utils';
 import { InvalidInputError } from '@metamask/snaps-sdk';
 
 import type { AccountController } from './accountController';
@@ -63,7 +63,7 @@ export class PermissionHandlerFactory {
   createPermissionHandler(
     permissionRequest: PermissionRequest,
   ): PermissionHandlerType {
-    const type = extractPermissionName(permissionRequest.permission.type);
+    const type = extractDescriptorName(permissionRequest.permission.type);
 
     const createPermissionHandler = <
       TRequest extends PermissionRequest,

packages/gator-permissions-snap/src/core/permissionRequestLifecycleOrchestrator.ts

@@ -3,7 +3,10 @@ import type {
   PermissionRequest,
   PermissionResponse,
 } from '@metamask/7715-permissions-shared/types';
-import { logger } from '@metamask/7715-permissions-shared/utils';
+import {
+  extractDescriptorName,
+  logger,
+} from '@metamask/7715-permissions-shared/utils';
 import type { Delegation } from '@metamask/delegation-core';
 import {
   createNonceTerms,
@@ -355,7 +358,7 @@ export class PermissionRequestLifecycleOrchestrator {
     });
 
     const expiryRule = resolvedRequest.rules?.find(
-      (rule) => rule.type === 'expiry',
+      (rule) => extractDescriptorName(rule.type) === 'expiry',
     );
 
     if (expiryRule) {

packages/gator-permissions-snap/src/permissions/erc20TokenPeriodic/context.ts

@@ -1,3 +1,4 @@
+import { extractDescriptorName } from '@metamask/7715-permissions-shared/utils';
 import { InvalidInputError } from '@metamask/snaps-sdk';
 import {
   bigIntToHex,
@@ -55,7 +56,7 @@ export async function applyContext({
 
   const rules: Erc20TokenPeriodicPermissionRequest['rules'] =
     originalRequest.rules?.map((rule) => {
-      if (rule.type === 'expiry') {
+      if (extractDescriptorName(rule.type) === 'expiry') {
         isExpiryRuleFound = true;
         return {
           ...rule,
@@ -157,7 +158,7 @@ export async function buildContext({
     : null;
 
   const expiryRule = permissionRequest.rules?.find(
-    (rule) => rule.type === 'expiry',
+    (rule) => extractDescriptorName(rule.type) === 'expiry',
   );
 
   if (!expiryRule) {

packages/gator-permissions-snap/src/permissions/erc20TokenPeriodic/types.ts

@@ -3,6 +3,8 @@ import {
   zPermission,
   zMetaMaskPermissionData,
   zAddress,
+  zTimestamp,
+  zStartTime,
 } from '@metamask/7715-permissions-shared/types';
 import { z } from 'zod';
 
@@ -13,7 +15,6 @@ import type {
   TimePeriod,
   BaseMetadata,
 } from '../../core/types';
-import { validateStartTimeZod } from '../../utils/validate';
 
 export type Erc20TokenPeriodicMetadata = BaseMetadata & {
   validationErrors: {
@@ -40,24 +41,8 @@ export const zErc20TokenPeriodicPermission = zPermission.extend({
     zMetaMaskPermissionData,
     z.object({
       periodAmount: zHexStr,
-      periodDuration: z.number().int().positive(),
-      startTime: z
-        .number()
-        .int()
-        .positive()
-        .nullable()
-        .optional()
-        .refine(
-          (value) => {
-            if (value === undefined || value === null) {
-              return true;
-            }
-            return validateStartTimeZod(value);
-          },
-          {
-            message: 'Start time must be today or later',
-          },
-        ),
+      periodDuration: zTimestamp,
+      startTime: zStartTime,
       tokenAddress: zAddress,
     }),
   ),

packages/gator-permissions-snap/src/permissions/erc20TokenPeriodic/validation.ts

@@ -2,7 +2,7 @@ import type { PermissionRequest } from '@metamask/7715-permissions-shared/types'
 import { extractZodError } from '@metamask/7715-permissions-shared/utils';
 import { InvalidInputError } from '@metamask/snaps-sdk';
 
-import { validateHexInteger } from '../validation';
+import { validateHexInteger, validateStartTime } from '../validation';
 import type {
   Erc20TokenPeriodicPermission,
   Erc20TokenPeriodicPermissionRequest,
@@ -29,18 +29,7 @@ function validatePermissionData(
     allowZero: false,
   });
 
-  const expiryRule = rules?.find((rule) => rule.type === 'expiry');
-
-  if (!expiryRule) {
-    throw new InvalidInputError('Expiry rule is required');
-  }
-
-  const expiry = Number(expiryRule.data.timestamp);
-
-  // If startTime is not provided it default to Date.now(), expiry is always in the future so no need to check.
-  if (startTime && startTime >= expiry) {
-    throw new InvalidInputError('Invalid startTime: must be before expiry');
-  }
+  validateStartTime(startTime, rules);
 
   return true;
 }

packages/gator-permissions-snap/src/permissions/erc20TokenStream/context.ts

@@ -1,3 +1,4 @@
+import { extractDescriptorName } from '@metamask/7715-permissions-shared/utils';
 import { InvalidInputError } from '@metamask/snaps-sdk';
 import {
   bigIntToHex,
@@ -58,7 +59,7 @@ export async function applyContext({
 
   const rules: Erc20TokenStreamPermissionRequest['rules'] =
     originalRequest.rules?.map((rule) => {
-      if (rule.type === 'expiry') {
+      if (extractDescriptorName(rule.type) === 'expiry') {
         isExpiryRuleFound = true;
         return {
           ...rule,
@@ -175,7 +176,7 @@ export async function buildContext({
     : null;
 
   const expiryRule = permissionRequest.rules?.find(
-    (rule) => rule.type === 'expiry',
+    (rule) => extractDescriptorName(rule.type) === 'expiry',
   );
 
   if (!expiryRule) {

packages/gator-permissions-snap/src/permissions/erc20TokenStream/types.ts

@@ -3,6 +3,8 @@ import {
   zPermission,
   zMetaMaskPermissionData,
   zAddress,
+  zStartTime,
+  zHexStrNullableOptional,
 } from '@metamask/7715-permissions-shared/types';
 import { z } from 'zod';
 
@@ -13,7 +15,6 @@ import type {
   BaseContext,
   BaseMetadata,
 } from '../../core/types';
-import { validateStartTimeZod } from '../../utils/validate';
 
 export type Erc20TokenStreamMetadata = BaseMetadata & {
   amountPerSecond: string;
@@ -41,26 +42,10 @@ export const zErc20TokenStreamPermission = zPermission.extend({
   data: z.intersection(
     zMetaMaskPermissionData,
     z.object({
-      initialAmount: zHexStr.optional().nullable(),
-      maxAmount: zHexStr.optional().nullable(),
+      initialAmount: zHexStrNullableOptional,
+      maxAmount: zHexStrNullableOptional,
       amountPerSecond: zHexStr,
-      startTime: z
-        .number()
-        .int()
-        .positive()
-        .nullable()
-        .optional()
-        .refine(
-          (value) => {
-            if (value === undefined || value === null) {
-              return true;
-            }
-            return validateStartTimeZod(value);
-          },
-          {
-            message: 'Start time must be today or later',
-          },
-        ),
+      startTime: zStartTime,
       tokenAddress: zAddress,
     }),
   ),

packages/gator-permissions-snap/src/permissions/erc20TokenStream/validation.ts

@@ -2,7 +2,7 @@ import type { PermissionRequest } from '@metamask/7715-permissions-shared/types'
 import { extractZodError } from '@metamask/7715-permissions-shared/utils';
 import { InvalidInputError } from '@metamask/snaps-sdk';
 
-import { validateHexInteger } from '../validation';
+import { validateHexInteger, validateStartTime } from '../validation';
 import type {
   Erc20TokenStreamPermission,
   Erc20TokenStreamPermissionRequest,
@@ -50,18 +50,7 @@ function validatePermissionData(
     );
   }
 
-  const expiryRule = rules?.find((rule) => rule.type === 'expiry');
-
-  if (!expiryRule) {
-    throw new InvalidInputError('Expiry rule is required');
-  }
-
-  const expiry = Number(expiryRule.data.timestamp);
-
-  // If startTime is not provided it default to Date.now(), expiry is always in the future so no need to check.
-  if (startTime && startTime >= expiry) {
-    throw new InvalidInputError('Invalid startTime: must be before expiry');
-  }
+  validateStartTime(startTime, rules);
 
   return true;
 }

packages/gator-permissions-snap/src/permissions/nativeTokenPeriodic/context.ts

@@ -1,3 +1,4 @@
+import { extractDescriptorName } from '@metamask/7715-permissions-shared/utils';
 import { InvalidInputError } from '@metamask/snaps-sdk';
 import {
   bigIntToHex,
@@ -56,7 +57,7 @@ export async function applyContext({
 
   const rules: NativeTokenPeriodicPermissionRequest['rules'] =
     originalRequest.rules?.map((rule) => {
-      if (rule.type === 'expiry') {
+      if (extractDescriptorName(rule.type) === 'expiry') {
         isExpiryRuleFound = true;
         return {
           ...rule,
@@ -157,7 +158,7 @@ export async function buildContext({
     : null;
 
   const expiryRule = permissionRequest.rules?.find(
-    (rule) => rule.type === 'expiry',
+    (rule) => extractDescriptorName(rule.type) === 'expiry',
   );
 
   if (!expiryRule) {

packages/gator-permissions-snap/src/permissions/nativeTokenPeriodic/types.ts

@@ -2,6 +2,8 @@ import {
   zHexStr,
   zPermission,
   zMetaMaskPermissionData,
+  zTimestamp,
+  zStartTime,
 } from '@metamask/7715-permissions-shared/types';
 import { z } from 'zod';
 
@@ -12,7 +14,6 @@ import type {
   TimePeriod,
   BaseMetadata,
 } from '../../core/types';
-import { validateStartTimeZod } from '../../utils/validate';
 
 export type NativeTokenPeriodicMetadata = BaseMetadata & {
   validationErrors: {
@@ -39,24 +40,8 @@ export const zNativeTokenPeriodicPermission = zPermission.extend({
     zMetaMaskPermissionData,
     z.object({
       periodAmount: zHexStr,
-      periodDuration: z.number().int().positive(),
-      startTime: z
-        .number()
-        .int()
-        .positive()
-        .nullable()
-        .optional()
-        .refine(
-          (value) => {
-            if (value === undefined || value === null) {
-              return true;
-            }
-            return validateStartTimeZod(value);
-          },
-          {
-            message: 'Start time must be today or later',
-          },
-        ),
+      periodDuration: zTimestamp,
+      startTime: zStartTime,
     }),
   ),
 });