Move snap_manageAccounts to a gated permitted method

Author: GuillaumeRx

packages/snaps-rpc-methods/src/permissions.test.ts

@@ -211,15 +211,6 @@ describe('buildSnapRestrictedMethodSpecifications', () => {
           ],
           "targetName": "snap_getPreferences",
         },
-        "snap_manageAccounts": {
-          "allowedCaveats": null,
-          "methodImplementation": [Function],
-          "permissionType": "RestrictedMethod",
-          "subjectTypes": [
-            "snap",
-          ],
-          "targetName": "snap_manageAccounts",
-        },
         "snap_manageState": {
           "allowedCaveats": null,
           "methodImplementation": [Function],

packages/snaps-rpc-methods/src/permitted/handlers.ts

@@ -9,6 +9,7 @@ import { getInterfaceStateHandler } from './getInterfaceState';
 import { getSnapsHandler } from './getSnaps';
 import { invokeKeyringHandler } from './invokeKeyring';
 import { invokeSnapSugarHandler } from './invokeSnapSugar';
+import { manageAccountsHandler } from './manageAccounts';
 import { requestSnapsHandler } from './requestSnaps';
 import { resolveInterfaceHandler } from './resolveInterface';
 import { updateInterfaceHandler } from './updateInterface';
@@ -29,6 +30,7 @@ export const methodHandlers = {
   snap_resolveInterface: resolveInterfaceHandler,
   snap_getCurrencyRate: getCurrencyRateHandler,
   snap_experimentalProviderRequest: providerRequestHandler,
+  snap_manageAccounts: manageAccountsHandler,
 };
 /* eslint-enable @typescript-eslint/naming-convention */
 

packages/snaps-rpc-methods/src/permitted/index.ts

@@ -5,6 +5,7 @@ import type { GetClientStatusHooks } from './getClientStatus';
 import type { GetCurrencyRateMethodHooks } from './getCurrencyRate';
 import type { GetInterfaceStateMethodHooks } from './getInterfaceState';
 import type { GetSnapsHooks } from './getSnaps';
+import type { ManageAccountsMethodHooks } from './manageAccounts';
 import type { RequestSnapsHooks } from './requestSnaps';
 import type { ResolveInterfaceMethodHooks } from './resolveInterface';
 import type { UpdateInterfaceMethodHooks } from './updateInterface';
@@ -18,7 +19,8 @@ export type PermittedRpcMethodHooks = GetAllSnapsHooks &
   GetInterfaceStateMethodHooks &
   ResolveInterfaceMethodHooks &
   GetCurrencyRateMethodHooks &
-  ProviderRequestMethodHooks;
+  ProviderRequestMethodHooks &
+  ManageAccountsMethodHooks;
 
 export * from './handlers';
 export * from './middleware';

packages/snaps-rpc-methods/src/permitted/manageAccounts.test.ts

@@ -0,0 +1,208 @@
+import { JsonRpcEngine } from '@metamask/json-rpc-engine';
+import { rpcErrors } from '@metamask/rpc-errors';
+import type { ManageAccountsResult } from '@metamask/snaps-sdk';
+import type {
+  JsonRpcFailure,
+  JsonRpcRequest,
+  PendingJsonRpcResponse,
+} from '@metamask/utils';
+
+import type { ManageAccountsParameters } from './manageAccounts';
+import { manageAccountsHandler } from './manageAccounts';
+
+describe('snap_manageAccounts', () => {
+  describe('manageAccountsHandler', () => {
+    it('has the expected shape', () => {
+      expect(manageAccountsHandler).toMatchObject({
+        methodNames: ['snap_manageAccounts'],
+        implementation: expect.any(Function),
+        hookNames: {
+          hasPermission: true,
+          handleKeyringSnapMessage: true,
+        },
+      });
+    });
+  });
+
+  describe('implementation', () => {
+    it('returns the result from the `handleKeyringSnapMessage` hook', async () => {
+      const { implementation } = manageAccountsHandler;
+
+      const hasPermission = jest.fn().mockReturnValue(true);
+      const handleKeyringSnapMessage = jest.fn().mockReturnValue('foo');
+
+      const hooks = {
+        hasPermission,
+        handleKeyringSnapMessage,
+      };
+
+      const engine = new JsonRpcEngine();
+
+      engine.push((request, response, next, end) => {
+        const result = implementation(
+          request as JsonRpcRequest<ManageAccountsParameters>,
+          response as PendingJsonRpcResponse<ManageAccountsResult>,
+          next,
+          end,
+          hooks,
+        );
+
+        result?.catch(end);
+      });
+
+      const response = await engine.handle({
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'snap_manageAccounts',
+        params: {
+          method: 'foo',
+          params: { bar: 'baz' },
+        },
+      });
+
+      expect(handleKeyringSnapMessage).toHaveBeenCalledWith({
+        method: 'foo',
+        params: { bar: 'baz' },
+      });
+
+      expect(response).toStrictEqual({ jsonrpc: '2.0', id: 1, result: 'foo' });
+    });
+
+    it('throws an error if the snap does not have permission', async () => {
+      const { implementation } = manageAccountsHandler;
+
+      const hasPermission = jest.fn().mockReturnValue(false);
+      const handleKeyringSnapMessage = jest.fn().mockReturnValue('foo');
+
+      const hooks = {
+        hasPermission,
+        handleKeyringSnapMessage,
+      };
+
+      const engine = new JsonRpcEngine();
+
+      engine.push((request, response, next, end) => {
+        const result = implementation(
+          request as JsonRpcRequest<ManageAccountsParameters>,
+          response as PendingJsonRpcResponse<ManageAccountsResult>,
+          next,
+          end,
+          hooks,
+        );
+
+        result?.catch(end);
+      });
+
+      const response = (await engine.handle({
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'snap_manageAccounts',
+        params: {
+          method: 'foo',
+          params: { bar: 'baz' },
+        },
+      })) as JsonRpcFailure;
+
+      expect(response.error).toStrictEqual({
+        ...rpcErrors.methodNotFound().serialize(),
+        stack: expect.any(String),
+      });
+    });
+
+    it('throws an error if the `handleKeyringSnapMessage` hook throws', async () => {
+      const { implementation } = manageAccountsHandler;
+
+      const hasPermission = jest.fn().mockReturnValue(true);
+      const handleKeyringSnapMessage = jest
+        .fn()
+        .mockRejectedValue(new Error('foo'));
+
+      const hooks = {
+        hasPermission,
+        handleKeyringSnapMessage,
+      };
+
+      const engine = new JsonRpcEngine();
+
+      engine.push((request, response, next, end) => {
+        const result = implementation(
+          request as JsonRpcRequest<ManageAccountsParameters>,
+          response as PendingJsonRpcResponse<ManageAccountsResult>,
+          next,
+          end,
+          hooks,
+        );
+
+        result?.catch(end);
+      });
+
+      const response = (await engine.handle({
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'snap_manageAccounts',
+        params: {
+          method: 'foo',
+          params: { bar: 'baz' },
+        },
+      })) as JsonRpcFailure;
+
+      expect(response.error).toStrictEqual({
+        code: -32603,
+        message: 'foo',
+        data: {
+          cause: {
+            message: 'foo',
+            stack: expect.any(String),
+          },
+        },
+      });
+    });
+
+    it('throws on invalid params', async () => {
+      const { implementation } = manageAccountsHandler;
+
+      const hasPermission = jest.fn().mockReturnValue(true);
+      const handleKeyringSnapMessage = jest.fn().mockReturnValue('foo');
+
+      const hooks = {
+        hasPermission,
+        handleKeyringSnapMessage,
+      };
+
+      const engine = new JsonRpcEngine();
+
+      engine.push((request, response, next, end) => {
+        const result = implementation(
+          request as JsonRpcRequest<ManageAccountsParameters>,
+          response as PendingJsonRpcResponse<ManageAccountsResult>,
+          next,
+          end,
+          hooks,
+        );
+
+        result?.catch(end);
+      });
+
+      const response = await engine.handle({
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'snap_manageAccounts',
+        params: {
+          method: 'foo',
+          params: 42,
+        },
+      });
+
+      expect(response).toStrictEqual({
+        jsonrpc: '2.0',
+        id: 1,
+        error: {
+          code: -32602,
+          message:
+            'Invalid params: At path: params -- Expected the value to satisfy a union of `array | record`, but received: 42.',
+          stack: expect.any(String),
+        },
+      });
+    });
+  });
+});

packages/snaps-rpc-methods/src/permitted/manageAccounts.ts

@@ -0,0 +1,128 @@
+import type { JsonRpcEngineEndCallback } from '@metamask/json-rpc-engine';
+import type { PermittedHandlerExport } from '@metamask/permission-controller';
+import { rpcErrors } from '@metamask/rpc-errors';
+import type {
+  ManageAccountsParams,
+  ManageAccountsResult,
+} from '@metamask/snaps-sdk';
+import { type InferMatching } from '@metamask/snaps-utils';
+import {
+  array,
+  create,
+  object,
+  optional,
+  record,
+  string,
+  StructError,
+  union,
+} from '@metamask/superstruct';
+import type {
+  Json,
+  JsonRpcRequest,
+  PendingJsonRpcResponse,
+} from '@metamask/utils';
+import { JsonStruct } from '@metamask/utils';
+
+import { SnapEndowments } from '../endowments';
+import type { MethodHooksObject } from '../utils';
+
+const hookNames: MethodHooksObject<ManageAccountsMethodHooks> = {
+  hasPermission: true,
+  handleKeyringSnapMessage: true,
+};
+
+export type ManageAccountsMethodHooks = {
+  /**
+   * Checks if the current snap has a permission.
+   *
+   * @param permissionName - The name of the permission.
+   * @returns Whether the snap has the permission.
+   */
+  hasPermission: (permissionName: string) => boolean;
+  /**
+   * Handles the keyring snap message.
+   *
+   * @returns The snap keyring message result.
+   */
+  handleKeyringSnapMessage: (
+    message: ManageAccountsParameters,
+  ) => Promise<Json>;
+};
+
+export const manageAccountsHandler: PermittedHandlerExport<
+  ManageAccountsMethodHooks,
+  ManageAccountsParams,
+  ManageAccountsResult
+> = {
+  methodNames: ['snap_manageAccounts'],
+  implementation: getManageAccountsImplementation,
+  hookNames,
+};
+
+const ManageAccountsParametersStruct = object({
+  method: string(),
+  params: optional(union([array(JsonStruct), record(string(), JsonStruct)])),
+});
+
+export type ManageAccountsParameters = InferMatching<
+  typeof ManageAccountsParametersStruct,
+  ManageAccountsParams
+>;
+
+/**
+ * The `snap_manageAccounts` method implementation.
+ *
+ * @param req - The JSON-RPC request object.
+ * @param res - The JSON-RPC response object.
+ * @param _next - The `json-rpc-engine` "next" callback. Not used by this
+ * function.
+ * @param end - The `json-rpc-engine` "end" callback.
+ * @param hooks - The RPC method hooks.
+ * @param hooks.hasPermission - The function to check if the snap has a permission.
+ * @param hooks.handleKeyringSnapMessage - The function to handle the keyring snap message.
+ * @returns Nothing.
+ */
+async function getManageAccountsImplementation(
+  req: JsonRpcRequest<ManageAccountsParameters>,
+  res: PendingJsonRpcResponse<ManageAccountsResult>,
+  _next: unknown,
+  end: JsonRpcEngineEndCallback,
+  { hasPermission, handleKeyringSnapMessage }: ManageAccountsMethodHooks,
+): Promise<void> {
+  if (!hasPermission(SnapEndowments.Keyring)) {
+    return end(rpcErrors.methodNotFound());
+  }
+
+  const { params } = req;
+
+  try {
+    const validatedParams = getValidatedParams(params);
+
+    res.result = await handleKeyringSnapMessage(validatedParams);
+  } catch (error) {
+    return end(error);
+  }
+
+  return end();
+}
+
+/**
+ * Validate the manageAccounts method `params` and returns them cast to the correct
+ * type. Throws if validation fails.
+ *
+ * @param params - The unvalidated params object from the method request.
+ * @returns The validated manageAccounts method parameter object.
+ */
+function getValidatedParams(params: unknown): ManageAccountsParameters {
+  try {
+    return create(params, ManageAccountsParametersStruct);
+  } catch (error) {
+    if (error instanceof StructError) {
+      throw rpcErrors.invalidParams({
+        message: `Invalid params: ${error.message}.`,
+      });
+    }
+    /* istanbul ignore next */
+    throw rpcErrors.internal();
+  }
+}