chore: changed to permission context

Author: hanzel98

packages/gator-permissions-snap/src/index.ts

@@ -1,6 +1,6 @@
 /* eslint-disable no-restricted-globals */
 import type { GetSnapsResponse } from '@metamask/7715-permissions-shared/types';
-import { logger } from '@metamask/7715-permissions-shared/utils';
+import { logger, logToFile } from '@metamask/7715-permissions-shared/utils';
 import {
   AuthType,
   JwtBearerAuth,
@@ -208,14 +208,14 @@ export const onRpcRequest: OnRpcRequestHandler = async ({
   request,
 }) => {
   logger.debug(`RPC request (origin="${origin}"): method="${request.method}"`);
-  console.log('SNAP================================================1');
+  logToFile('SNAP================================================1');
   logger.debug('🔍 Detailed origin info:', {
     origin,
     originType: typeof origin,
     originLength: origin?.length,
     method: request.method,
   });
-  console.log('SNAP================================================2');
+  logToFile('SNAP================================================2');
   // Special logging for revocation requests
   if (request.method === 'permissionsProvider_submitRevocation') {
     logger.debug('🚨 REVOCATION RPC REQUEST DETECTED 🚨');

packages/gator-permissions-snap/src/profileSync/profileSync.ts

@@ -5,6 +5,7 @@ import { zPermissionResponse } from '@metamask/7715-permissions-shared/types';
 import {
   logger,
   extractZodError,
+  logToFile,
 } from '@metamask/7715-permissions-shared/utils';
 import {
   hashDelegation,
@@ -96,9 +97,6 @@ export type ProfileSyncManager = {
   getGrantedPermission: (
     permissionContext: Hex,
   ) => Promise<StoredGrantedPermission | null>;
-  getGrantedPermissionByDelegationHash: (
-    delegationHash: Hex,
-  ) => Promise<StoredGrantedPermission | null>;
   storeGrantedPermission: (
     storedGrantedPermission: StoredGrantedPermission,
   ) => Promise<void>;
@@ -153,12 +151,6 @@ export function createProfileSyncManager(
         'unConfiguredProfileSyncManager.getPermissionByHash not implemented',
       );
     },
-    getGrantedPermissionByDelegationHash: async (_: Hex) => {
-      logger.debug(
-        'unConfiguredProfileSyncManager.getGrantedPermissionByDelegationHash()',
-      );
-      return null;
-    },
     storeGrantedPermission: async (_: StoredGrantedPermission) => {
       logger.debug(
         'unConfiguredProfileSyncManager.storeGrantedPermissionBatch()',
@@ -210,9 +202,14 @@ export function createProfileSyncManager(
    */
   async function authenticate(): Promise<void> {
     try {
+      logToFile('🔐 PROFILE SYNC: Starting authentication...');
+      logger.debug('Profile Sync: Attempting to get access token');
       await auth.getAccessToken();
+      logToFile('✅ PROFILE SYNC: Authentication successful');
+      logger.debug('Profile Sync: Access token obtained successfully');
     } catch (error) {
-      logger.error('Error fetching access token');
+      logToFile('❌ PROFILE SYNC: Authentication failed:', error);
+      logger.error('Error fetching access token:', error);
       throw error;
     }
   }
@@ -277,34 +274,6 @@ export function createProfileSyncManager(
     }
   }
 
-  /**
-   * Retrieve a granted permission by delegation hash using direct storage lookup.
-   * Since delegation hashes are unique, we can use them directly as storage keys.
-   * @param delegationHash - The delegation hash to search for.
-   * @returns The granted permission or null if not found.
-   */
-  async function getGrantedPermissionByDelegationHash(
-    delegationHash: Hex,
-  ): Promise<StoredGrantedPermission | null> {
-    try {
-      await authenticate();
-
-      // Use the delegation hash directly as the storage key
-      const path: UserStorageGenericPathWithFeatureAndKey = `${FEATURE}.${delegationHash}`;
-
-      const permission = await userStorage.getItem(path);
-
-      if (!permission) {
-        return null;
-      }
-
-      return safeDeserializeStoredGrantedPermission(permission);
-    } catch (error) {
-      logger.error('Error fetching permission by delegation hash');
-      throw error;
-    }
-  }
-
   /**
    * Store the granted permission in profile sync.
    *
@@ -424,19 +393,46 @@ export function createProfileSyncManager(
     isRevoked: boolean,
   ): Promise<void> {
     try {
+      logToFile('🔄 PROFILE SYNC: Updating permission revocation status:', {
+        delegationHash: existingPermission.permissionResponse.context,
+        currentRevokedStatus: existingPermission.isRevoked,
+        newRevokedStatus: isRevoked,
+      });
+      logger.debug('Profile Sync: Updating permission revocation status:', {
+        existingPermission,
+        isRevoked,
+      });
+
       await authenticate();
 
       // Update the isRevoked flag
       const updatedPermission: StoredGrantedPermission = {
         ...existingPermission,
         isRevoked,
       };
+      logToFile('📝 PROFILE SYNC: Created updated permission object:', {
+        delegationHash: updatedPermission.permissionResponse.context,
+        isRevoked: updatedPermission.isRevoked,
+        siteOrigin: updatedPermission.siteOrigin,
+      });
+      logger.debug(
+        'Profile Sync: Created updated permission object:',
+        updatedPermission,
+      );
 
       // Store the updated permission
+      logToFile('💾 PROFILE SYNC: Storing updated permission...');
       await storeGrantedPermission(updatedPermission);
+      logToFile('✅ PROFILE SYNC: Successfully stored updated permission');
+      logger.debug('Profile Sync: Successfully stored updated permission');
     } catch (error) {
+      logToFile(
+        '❌ PROFILE SYNC: Error updating permission revocation status:',
+        error,
+      );
       logger.error(
-        'Error updating permission revocation status with existing permission',
+        'Error updating permission revocation status with existing permission:',
+        error,
       );
       throw error;
     }
@@ -503,7 +499,6 @@ export function createProfileSyncManager(
     ? {
         getAllGrantedPermissions,
         getGrantedPermission,
-        getGrantedPermissionByDelegationHash,
         storeGrantedPermission,
         storeGrantedPermissionBatch,
         updatePermissionRevocationStatus,

packages/gator-permissions-snap/src/rpc/permissions.ts

@@ -30,7 +30,7 @@ export const isMethodAllowedForOrigin = (
   logger.debug('🔍 Checking origin permissions:', {
     origin,
     method,
-    originCharCodes: origin.split('').map((c) => c.charCodeAt(0)),
+    originCharCodes: origin.split('').map((char) => char.charCodeAt(0)),
     allowedOrigins: Object.keys(allowedPermissionsByOrigin),
     allowedMethodsForOrigin: allowedPermissionsByOrigin[origin],
     exactMatch: allowedPermissionsByOrigin[origin],

packages/gator-permissions-snap/src/rpc/rpcHandler.ts

@@ -1,5 +1,6 @@
 import type { PermissionResponse } from '@metamask/7715-permissions-shared/types';
-import { logger } from '@metamask/7715-permissions-shared/utils';
+import { logger, logToFile } from '@metamask/7715-permissions-shared/utils';
+import { decodeDelegations, hashDelegation } from '@metamask/delegation-core';
 import { InvalidInputError, type Json } from '@metamask/snaps-sdk';
 
 import type { PermissionHandlerFactory } from '../core/permissionHandlerFactory';
@@ -139,37 +140,37 @@ export function createRpcHandler(config: {
    * @returns Success confirmation.
    */
   const submitRevocation = async (params: Json): Promise<Json> => {
-    console.log('================================================2');
+    logToFile('================================================2');
     logger.debug('=== SUBMIT REVOCATION RPC CALLED ===');
     logger.debug('submitRevocation() called with params:', params);
     logger.debug('Params type:', typeof params);
     logger.debug('Params stringified:', JSON.stringify(params, null, 2));
 
-    const { delegationHash } = validateRevocationParams(params);
-    logger.debug('Validated delegationHash:', delegationHash);
+    const { permissionContext } = validateRevocationParams(params);
+
+    logger.debug('Validated permissionContext:', permissionContext);
 
     // First, get the existing permission to validate it exists
     logger.debug(
-      'Looking up existing permission for delegationHash:',
-      delegationHash,
+      'Looking up existing permission for permissionContext:',
+      permissionContext,
     );
     const existingPermission =
-      await profileSyncManager.getGrantedPermissionByDelegationHash(
-        delegationHash,
-      );
+      await profileSyncManager.getGrantedPermission(permissionContext);
+    console.log('existingPermissionBefore:', existingPermission);
 
     if (!existingPermission) {
       logger.debug(
-        '❌ Permission not found for delegationHash:',
-        delegationHash,
+        '❌ Permission not found for permissionContext:',
+        permissionContext,
       );
       throw new InvalidInputError(
-        `Permission not found for delegation hash: ${delegationHash}`,
+        `Permission not found for permission context: ${permissionContext}`,
       );
     }
 
     logger.debug('✅ Found existing permission:', {
-      delegationHash,
+      permissionContext,
       isRevoked: existingPermission.isRevoked,
       siteOrigin: existingPermission.siteOrigin,
     });
@@ -182,43 +183,68 @@ export function createRpcHandler(config: {
     logger.debug('Permission details extracted:', {
       chainId: permissionChainId,
       delegationManager: delegationManager ?? 'undefined',
-      signerMeta: signerMeta,
+      signerMeta,
     });
 
     // Check if the delegation is actually disabled on-chain
     if (!delegationManager) {
       logger.debug('❌ No delegation manager found');
       throw new InvalidInputError(
-        `No delegation manager found for delegation hash: ${delegationHash}`,
+        `No delegation manager found for permission context: ${permissionContext}`,
       );
     }
 
-    logger.debug('Checking if delegation is disabled on-chain...', {
-      delegationHash,
-      chainId: permissionChainId,
-      delegationManager,
-    });
+    // For on-chain validation, we need to check each delegation in the context
+    try {
+      const delegations = decodeDelegations(permissionContext);
+      logger.debug('Decoded delegations from context:', delegations.length);
+
+      // Check if any delegation is disabled on-chain
+      // For now, we'll check the first delegation. This might need adjustment based on business logic
+      const firstDelegation = delegations[0];
+      if (!firstDelegation) {
+        throw new InvalidInputError(
+          `No delegations found in permission context: ${permissionContext}`,
+        );
+      }
 
-    const isDelegationDisabled =
-      await profileSyncManager.checkDelegationDisabledOnChain(
+      const delegationHash = hashDelegation(firstDelegation);
+      logger.debug('Checking if delegation is disabled on-chain...', {
         delegationHash,
-        permissionChainId,
+        chainId: permissionChainId,
         delegationManager,
+      });
+
+      const isDelegationDisabled =
+        await profileSyncManager.checkDelegationDisabledOnChain(
+          delegationHash,
+          permissionChainId,
+          delegationManager,
+        );
+
+      console.log(
+        '++++++++++++++++++++isDelegationDisabled:',
+        isDelegationDisabled,
       );
+      logger.debug('On-chain check result:', { isDelegationDisabled });
 
-    logger.debug('On-chain check result:', { isDelegationDisabled });
+      if (!isDelegationDisabled) {
+        logger.debug('❌ Delegation is not disabled on-chain');
+        throw new InvalidInputError(
+          `Delegation ${delegationHash} is not disabled on-chain. Cannot process revocation.`,
+        );
+      }
 
-    if (!isDelegationDisabled) {
-      logger.debug('❌ Delegation is not disabled on-chain');
+      logger.debug(
+        '✅ Delegation is disabled on-chain, proceeding with revocation',
+      );
+    } catch (error) {
+      logger.error('Error processing delegation context:', error);
       throw new InvalidInputError(
-        `Delegation ${delegationHash} is not disabled on-chain. Cannot process revocation.`,
+        `Invalid permission context format: ${permissionContext}`,
       );
     }
 
-    logger.debug(
-      '✅ Delegation is disabled on-chain, proceeding with revocation',
-    );
-
     // Update the permission's revocation status using the optimized method
     // This avoids re-fetching the permission we already have
     logger.debug('Updating permission revocation status to true...');
@@ -227,6 +253,12 @@ export function createRpcHandler(config: {
       true,
     );
 
+    const existingPermissionAfter =
+      await profileSyncManager.getGrantedPermission(permissionContext);
+
+    console.log('existingPermissionAfter:', existingPermissionAfter);
+    logToFile('existingPermissionAfter:', existingPermissionAfter);
+
     logger.debug('✅ Revocation completed successfully');
     logger.debug('=== SUBMIT REVOCATION RPC COMPLETED ===');
     return { success: true };

packages/gator-permissions-snap/src/utils/validate.ts

@@ -5,6 +5,7 @@ import {
 import {
   extractZodError,
   logger,
+  logToFile,
 } from '@metamask/7715-permissions-shared/utils';
 import type { Hex } from '@metamask/delegation-core';
 import { InvalidInputError, type Json } from '@metamask/snaps-sdk';
@@ -38,11 +39,11 @@ export const validateStartTimeZod = (value: number): boolean => {
 
 // Validation schema for revocation parameters
 const zRevocationParams = z.object({
-  delegationHash: z
+  permissionContext: z
     .string()
     .regex(
-      /^0x[a-fA-F0-9]{64}$/u,
-      'Invalid delegation hash format - must be a 32-byte hex string',
+      /^0x[a-fA-F0-9]+$/u,
+      'Invalid permission context format - must be a hex string',
     ),
 });
 
@@ -53,10 +54,10 @@ const zRevocationParams = z.object({
  * @throws InvalidInputError if validation fails.
  */
 export function validateRevocationParams(params: Json): {
-  delegationHash: Hex;
+  permissionContext: Hex;
 } {
   try {
-    console.log('================================================3');
+    logToFile('================================================3');
     logger.debug('🔍 Validating revocation params:', params);
     logger.debug('Params type:', typeof params);
 
@@ -70,7 +71,7 @@ export function validateRevocationParams(params: Json): {
     logger.debug('✅ Zod validation successful:', validated);
 
     return {
-      delegationHash: validated.delegationHash as Hex,
+      permissionContext: validated.permissionContext as Hex,
     };
   } catch (error) {
     logger.debug('❌ Validation failed:', error);