Feat/spec 2.4 sign message (#28)

* wip implementation

* actualize sign-message utils

* publish 0.13.0-beta.0

* upd sign message utils

* publish 0.13.0-beta.1

* simplify / remove validations

* add word break

* remove console logs

* add reference to orig for sing message utils

---------

Co-authored-by: Victoria Prusakova <[email protected]>

Author: tsmbl

bun.lockb

@@ -1,6 +1,6 @@
 {
   "name": "@dialectlabs/blinks-core",
-  "version": "0.12.1",
+  "version": "0.13.0-beta.1",
   "license": "Apache-2.0",
   "private": false,
   "sideEffects": true,
@@ -27,7 +27,7 @@
     "dist"
   ],
   "devDependencies": {
-    "@solana/actions-spec": "~2.3.0",
+    "@solana/actions-spec": "~2.4.0",
     "@types/react": "^18.3.3",
     "@types/react-dom": "^18.3.0",
     "@typescript-eslint/eslint-plugin": "^7.16.1",

packages/blinks-core/package.json

@@ -24,6 +24,7 @@ import {
 import { checkSecurity, isInterstitial, type SecurityLevel } from './utils';
 import {
   isPostRequestError,
+  isSignMessageError,
   isSignTransactionError,
 } from './utils/type-guards.ts';
 import { isURL } from './utils/validators.ts';
@@ -486,6 +487,7 @@ export const BlinkContainer = ({
         const nextAction = await action.chain(response.links.next, {
           signature: signature,
           account: account,
+          state: response.type === 'message' ? response.state : undefined,
         });
 
         // if this is running in partial action mode, then we end the chain, if passed fn returns a null value for the next action
@@ -518,6 +520,20 @@ export const BlinkContainer = ({
         return;
       }
 
+      if (response.type === 'message') {
+        const signResult = await action.adapter.signMessage(
+          response.data,
+          context,
+        );
+
+        if (!signResult || isSignMessageError(signResult)) {
+          dispatch({ type: ExecutionType.RESET });
+          return;
+        }
+
+        await chain(signResult.signature);
+      }
+
       if (response.type === 'post') {
         await chain();
         return;

packages/blinks-core/src/BlinkContainer.tsx

@@ -1,3 +1,4 @@
 export * from './action-components';
 export * from './action-supportability.ts';
 export * from './Action.ts';
+export * from './sign-message-data.ts';

packages/blinks-core/src/api/Action/index.ts

@@ -0,0 +1,150 @@
+// THIS FILE IS COPIED FROM https://github.com/solana-developers/solana-actions/blob/main/packages/solana-actions/src/signMessageData.ts
+import type { SignMessageData as SignMessageDataSpec } from '@solana/actions-spec';
+
+export type SignMessageData = SignMessageDataSpec;
+
+export interface SignMessageVerificationOptions {
+  expectedAddress?: string;
+  expectedDomains?: string[];
+  expectedChainIds?: string[];
+  issuedAtThreshold?: number;
+}
+
+export enum SignMessageVerificationErrorType {
+  ADDRESS_MISMATCH = 'ADDRESS_MISMATCH',
+  DOMAIN_MISMATCH = 'DOMAIN_MISMATCH',
+  CHAIN_ID_MISMATCH = 'CHAIN_ID_MISMATCH',
+  ISSUED_TOO_FAR_IN_THE_PAST = 'ISSUED_TOO_FAR_IN_THE_PAST',
+  ISSUED_TOO_FAR_IN_THE_FUTURE = 'ISSUED_TOO_FAR_IN_THE_FUTURE',
+  INVALID_DATA = 'INVALID_DATA',
+}
+
+const DOMAIN =
+  '(?<domain>[^\\n]+?) wants you to sign a message with your account:\\n';
+const ADDRESS = '(?<address>[^\\n]+)(?:\\n|$)';
+const STATEMENT = '(?:\\n(?<statement>[\\S\\s]*?)(?:\\n|$))';
+const CHAIN_ID = '(?:\\nChain ID: (?<chainId>[^\\n]+))?';
+const NONCE = '\\nNonce: (?<nonce>[^\\n]+)';
+const ISSUED_AT = '\\nIssued At: (?<issuedAt>[^\\n]+)';
+const FIELDS = `${CHAIN_ID}${NONCE}${ISSUED_AT}`;
+const MESSAGE = new RegExp(`^${DOMAIN}${ADDRESS}${STATEMENT}${FIELDS}\\n*$`);
+
+/**
+ * Create a human-readable message text for the user to sign.
+ *
+ * @param input The data to be signed.
+ * @returns The message text.
+ */
+export function createSignMessageText(input: SignMessageData): string {
+  let message = `${input.domain} wants you to sign a message with your account:\n`;
+  message += `${input.address}`;
+  message += `\n\n${input.statement}`;
+  const fields: string[] = [];
+
+  if (input.chainId) {
+    fields.push(`Chain ID: ${input.chainId}`);
+  }
+  fields.push(`Nonce: ${input.nonce}`);
+  fields.push(`Issued At: ${input.issuedAt}`);
+  message += `\n\n${fields.join('\n')}`;
+
+  return message;
+}
+
+/**
+ * Parse the sign message text to extract the data to be signed.
+ * @param text The message text to be parsed.
+ */
+export function parseSignMessageText(text: string): SignMessageData | null {
+  const match = MESSAGE.exec(text);
+  if (!match) return null;
+  const groups = match.groups;
+  if (!groups) return null;
+
+  return {
+    domain: groups.domain,
+    address: groups.address,
+    statement: groups.statement,
+    nonce: groups.nonce,
+    chainId: groups.chainId,
+    issuedAt: groups.issuedAt,
+  };
+}
+
+/**
+ * Verify the sign message data before signing.
+ * @param data The data to be signed.
+ * @param opts Options for verification, including the expected address, chainId, issuedAt, and domains.
+ *
+ * @returns An array of errors if the verification fails.
+ */
+export function verifySignMessageData(
+  data: SignMessageData,
+  opts: SignMessageVerificationOptions,
+) {
+  if (
+    !data.address ||
+    !data.domain ||
+    !data.issuedAt ||
+    !data.nonce ||
+    !data.statement
+  ) {
+    return [SignMessageVerificationErrorType.INVALID_DATA];
+  }
+
+  try {
+    const {
+      expectedAddress,
+      expectedChainIds,
+      issuedAtThreshold,
+      expectedDomains,
+    } = opts;
+    const errors: SignMessageVerificationErrorType[] = [];
+    const now = Date.now();
+
+    // verify if parsed address is same as the expected address
+    if (expectedAddress && data.address !== expectedAddress) {
+      errors.push(SignMessageVerificationErrorType.ADDRESS_MISMATCH);
+    }
+
+    if (expectedDomains) {
+      const expectedDomainsNormalized = expectedDomains.map(normalizeDomain);
+      const normalizedDomain = normalizeDomain(data.domain);
+
+      if (!expectedDomainsNormalized.includes(normalizedDomain)) {
+        errors.push(SignMessageVerificationErrorType.DOMAIN_MISMATCH);
+      }
+    }
+
+    if (
+      expectedChainIds &&
+      data.chainId &&
+      !expectedChainIds.includes(data.chainId)
+    ) {
+      errors.push(SignMessageVerificationErrorType.CHAIN_ID_MISMATCH);
+    }
+
+    if (issuedAtThreshold !== undefined) {
+      const iat = Date.parse(data.issuedAt);
+      if (Math.abs(iat - now) > issuedAtThreshold) {
+        if (iat < now) {
+          errors.push(
+            SignMessageVerificationErrorType.ISSUED_TOO_FAR_IN_THE_PAST,
+          );
+        } else {
+          errors.push(
+            SignMessageVerificationErrorType.ISSUED_TOO_FAR_IN_THE_FUTURE,
+          );
+        }
+      }
+    }
+
+    return errors;
+  } catch (e) {
+    return [SignMessageVerificationErrorType.INVALID_DATA];
+  }
+}
+
+function normalizeDomain(domain: string): string {
+  return domain.replace(/^www\./, '');
+}

packages/blinks-core/src/api/Action/sign-message-data.ts

@@ -1,3 +1,4 @@
+import type { SignMessageData } from '@solana/actions-spec';
 import { Connection } from '@solana/web3.js';
 import {
   type Action,
@@ -14,7 +15,7 @@ export interface ActionContext {
 
 export interface IncomingActionConfig {
   rpcUrl: string;
-  adapter: Pick<ActionAdapter, 'connect' | 'signTransaction'> &
+  adapter: Pick<ActionAdapter, 'connect' | 'signTransaction' | 'signMessage'> &
     Partial<Pick<ActionAdapter, 'metadata'>>;
 }
 
@@ -43,6 +44,10 @@ export interface ActionAdapter {
     signature: string,
     context: ActionContext,
   ) => Promise<void>;
+  signMessage: (
+    data: string | SignMessageData,
+    context: ActionContext,
+  ) => Promise<{ signature: string } | { error: string }>;
 }
 
 export class ActionConfig implements ActionAdapter {
@@ -116,6 +121,13 @@ export class ActionConfig implements ActionAdapter {
     });
   }
 
+  async signMessage(
+    data: string | SignMessageData,
+    context: ActionContext,
+  ): Promise<{ signature: string } | { error: string }> {
+    return this.adapter.signMessage(data, context);
+  }
+
   async connect(context: ActionContext) {
     try {
       return await this.adapter.connect(context);

packages/blinks-core/src/api/ActionConfig.ts

@@ -4,6 +4,8 @@ export const isSignTransactionError = (
   data: { signature: string } | { error: string },
 ): data is { error: string } => !!(data as any).error;
 
+export const isSignMessageError = isSignTransactionError;
+
 export const isPostRequestError = (
   data: ActionPostResponse | { error: string },
 ): data is { error: string } => !!(data as any).error;

packages/blinks-core/src/utils/type-guards.ts

@@ -1,6 +1,6 @@
 {
   "name": "@dialectlabs/blinks",
-  "version": "0.12.1",
+  "version": "0.13.0-beta.2",
   "license": "Apache-2.0",
   "private": false,
   "sideEffects": true,
@@ -38,7 +38,7 @@
     "dist"
   ],
   "devDependencies": {
-    "@solana/actions-spec": "~2.3.0",
+    "@solana/actions-spec": "~2.4.0",
     "@types/react": "^18.3.3",
     "@types/react-dom": "^18.3.0",
     "@typescript-eslint/eslint-plugin": "^7.16.1",
@@ -58,6 +58,7 @@
     "typescript": "^5.5.3"
   },
   "peerDependencies": {
+    "bs58": "^5.0.0",
     "@solana/wallet-adapter-react": "^0.15.0",
     "@solana/wallet-adapter-react-ui": "^0.9.0",
     "@solana/web3.js": "^1.95.1",
@@ -66,6 +67,6 @@
   },
   "dependencies": {
     "clsx": "^2.1.1",
-    "@dialectlabs/blinks-core": "0.12.1"
+    "@dialectlabs/blinks-core": "0.13.0-beta.1"
   }
 }

packages/blinks/package.json

@@ -1,10 +1,17 @@
 'use client';
-import { ActionConfig } from '@dialectlabs/blinks-core';
+import {
+  ActionConfig,
+  createSignMessageText,
+  type SignMessageVerificationOptions,
+  verifySignMessageData,
+} from '@dialectlabs/blinks-core';
+
+import type { SignMessageData } from '@solana/actions-spec';
 import { useWallet } from '@solana/wallet-adapter-react';
 import { useWalletModal } from '@solana/wallet-adapter-react-ui';
 import { Connection, VersionedTransaction } from '@solana/web3.js';
+import bs58 from 'bs58';
 import { useMemo } from 'react';
-
 /**
  * Hook to create an action adapter using solana's wallet adapter.
  *
@@ -26,6 +33,23 @@ export function useActionSolanaWalletAdapter(
   }, [rpcUrlOrConnection]);
 
   const adapter = useMemo(() => {
+    function verifySignDataValidity(
+      data: string | SignMessageData,
+      opts: SignMessageVerificationOptions,
+    ) {
+      if (typeof data === 'string') {
+        // skip validation for string
+        return true;
+      }
+      const errors = verifySignMessageData(data, opts);
+      if (errors.length > 0) {
+        console.warn(
+          `[@dialectlabs/blinks] Sign message data verification error: ${errors.join(', ')}`,
+        );
+      }
+      return errors.length === 0;
+    }
+
     return new ActionConfig(finalConnection, {
       connect: async () => {
         try {
@@ -48,6 +72,35 @@ export function useActionSolanaWalletAdapter(
           return { error: 'Signing failed.' };
         }
       },
+      signMessage: async (
+        data: string | SignMessageData,
+      ): Promise<
+        | { signature: string }
+        | {
+            error: string;
+          }
+      > => {
+        if (!wallet.signMessage || !wallet.publicKey) {
+          return { error: 'Signing failed.' };
+        }
+        try {
+          // Optional data verification before signing
+          const isSignDataValid = verifySignDataValidity(data, {
+            expectedAddress: wallet.publicKey.toString(),
+          });
+          if (!isSignDataValid) {
+            return { error: 'Signing failed.' };
+          }
+          const text =
+            typeof data === 'string' ? data : createSignMessageText(data);
+          const encoded = new TextEncoder().encode(text);
+          const signed = await wallet.signMessage(encoded);
+          const encodedSignature = bs58.encode(signed);
+          return { signature: encodedSignature };
+        } catch (e) {
+          return { error: 'Signing failed.' };
+        }
+      },
     });
   }, [finalConnection, wallet, walletModal]);
 

packages/blinks/src/hooks/solana/useActionSolanaWalletAdapter.ts

@@ -266,7 +266,7 @@ export const BaseBlinkLayout = ({
           <span className="text-text text-text-primary mb-0.5 font-semibold">
             {title}
           </span>
-          <span className="text-subtext text-text-secondary mb-4 whitespace-pre-wrap">
+          <span className="text-subtext text-text-secondary mb-4 whitespace-pre-wrap break-words">
             {description}
           </span>
           {!supportability.isSupported ? (