Merge pull request #111 from airgap-it/develop

v2.1.0
airgap-it · Jan 22, 2021 · 7831cad · 7831cad
2 parents d0eb04b + f082ff0
commit 7831cad
Show file tree

Hide file tree

Showing 32 changed files with 457 additions and 127 deletions.
diff --git a/assets/alert/alert-pair.css b/assets/alert/alert-pair.css
@@ -39,6 +39,11 @@
   left: 138px;
   margin: 0;
 }
+#beacon--qr__container {
+  margin-left: auto;
+  margin-right: auto;
+  width: 50%;
+}
 #beacon--qr__container:hover #beacon--qr__copy {
   display: block;
 }

diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js
@@ -17,10 +17,10 @@ const sidebar = [
       'beacon/06.errors',
       'beacon/07.contracts',
       'beacon/08.security',
-      'beacon/09.faq'
+      'beacon/09.faq',
+      'beacon/10.security-audits'
     ]
   },
-  'CHANGELOG',
   {
     title: 'Examples',
     children: [
@@ -44,6 +44,7 @@ const sidebar = [
       'flows/P2PExtension'
     ]
   },
+  'CHANGELOG',
   'supported-wallets'
 ]
 

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -1,5 +1,28 @@
 # Changelog
 
+## 2.1.0 (2021-01-22)
+
+#### Features
+
+- **edonet**: Add Edonet
+- **carthagenet**: Remove Carthagenet
+
+- **accessibility**: Close alerts with "ESC" button
+- **accessibility**: Tab through selection on pairing alert and select item with enter
+
+- **DAppClient**: add `clearActiveAccount()` method. This is just a wrapper for `setActiveAccount()` but should make it more clear how to clear an account.
+
+#### Bug Fixes
+
+- **errors**: Error messages were thrown internally in some cases and could not be caught by the developer
+- **broadcast-error**: The "Broadcast" error was mistakenly displayed as a "Network not supported" error
+- **init**: If the `init` method was called manually by the developer, the following requests would never resolve
+- **pageload**: The transport is now set on pageload even if `init` is not called
+- **pageload**: If a peer was connected but no permissions were shared, a refresh will now reconnect to the previous peer
+- **deeplink**: Deeplinks on iOS did not work in some browsers
+- **pairing**: Center QR code
+- **types**: "kind" of the `OriginationOperation` was wrong
+
 ## 2.0.1 (2021-01-11)
 
 #### Features

diff --git a/docs/beacon/02.getting-started-dapp.md b/docs/beacon/02.getting-started-dapp.md
@@ -12,11 +12,11 @@ The beacon-sdk handles almost everything for you. It detects whether or not a br
 
 Generally, you only have to initialize a DAppClient instance (see below), the rest should be handled for you.
 
-There are some corner cases that are hard to detect, for example when the wallet is changed or an account is removed in the wallet. Please refer to the [FAQ](/beacon/09.faq.html) to read more about how to handle these cases. Also refer to the [Security page](/beacon/08.security.html) for some notes about security considerations.
+There are some corner cases that are hard to detect, for example when the wallet is changed or an account is removed in the wallet. Please refer to the [FAQ](/beacon/09.faq.html) to read more about how to handle these cases. The [Security page](/beacon/08.security.html) outlines additional security considerations.
 
 ## Permission Request
 
-After that you need to import the beacon SDK in your code and initialize the DAppClient.
+After that you need to import the Beacon SDK in your code and initialize the DAppClient.
 
 <<< @/src/examples/permission-request.ts
 
@@ -34,22 +34,22 @@ const permissionResponse = await client.requestPermissions()
 const permissionResponse = await client.requestPermissions({
   network: {
     type: NetworkType.MAINNET,
-    rpcUrl: 'https://mainnet.tezos.cryptium.ch/'
+    rpcUrl: 'https://mainnet-tezos.giganode.io/'
   }
 })
 
-// Carthagenet with default rpcUrl
+// Delphinet with default rpcUrl
 const permissionResponse = await client.requestPermissions({
   network: {
-    type: NetworkType.CARTHAGENET
+    type: NetworkType.DELPHINET
   }
 })
 
-// Carthagenet with different rpcUrl
+// Delphinet with different rpcUrl
 const permissionResponse = await client.requestPermissions({
   network: {
-    type: NetworkType.CARTHAGENET,
-    rpcUrl: 'https://carthagenet.tezos.cryptium.ch/'
+    type: NetworkType.DELPHINET,
+    rpcUrl: 'https://testnet-tezos.giganode.io/'
   }
 })
 
@@ -63,7 +63,7 @@ const permissionResponse = await client.requestPermissions({
 })
 ```
 
-When using type `MAINNET` or `CARTHAGENET`, the block explorer links will point towards a working block explorer to check your transactions. When using type `CUSTOM`, there is currently no working block explorer available.
+When using type `MAINNET`, `DELPHINET` or `EDONET`, the block explorer links will point towards a working block explorer to check your transactions. When using type `CUSTOM`, there is currently no working block explorer available.
 
 Please note that ALL properties (type, name, rpcUrl) have to match in order to use existing permissions. If you change any of the properties, the permissions will not be found anymore and you have to do a new permission request.
 
@@ -78,3 +78,9 @@ If a chrome extension is detected, all requests will be directed to the chrome e
 If no chrome extension is detected, it will fall back to the beacon p2p transport layer, which means that a QR code is shown that has to be scanned by a compatible wallet. As of now, the only mobile wallet with Beacon supprt is [AirGap Wallet](https://github.com/airgap-it/airgap-wallet/releases/). You can download the app from Github or the Play Store (Android) or the AppStore (iOS).
 
 More complex examples can be found [here](/examples/)
+
+### Using a different blockexplorer
+
+You can configure the `beacon-sdk` to use a blockexplorer other than [tezblock.io](https://tezblock.io).
+
+<<< @/src/examples/custom-block-explorer.ts
diff --git a/docs/beacon/03.getting-started-wallet.md b/docs/beacon/03.getting-started-wallet.md
@@ -6,10 +6,10 @@ First, you need to install the `beacon-sdk` package.
 
 `npm install --save @airgap/beacon-sdk`
 
-After that you need to import the beacon SDK in your code and initialize the WalletClient.
+After that you need to import the Beacon SDK in your code and initialize the WalletClient.
 
 <<< @/src/examples/wallet-example.ts
 
-The `beacon-sdk` will automatically try to establish a connection and listen to all beacon messages.
+The `beacon-sdk` will automatically try to establish a connection and listen to all Beacon messages.
 
 > Please also see the [Security](/beacon/08.security.html) page for some security notes.
diff --git a/docs/beacon/05.messages.md b/docs/beacon/05.messages.md
@@ -1,6 +1,6 @@
 # Messages
 
-The messages used in the beacon communication are defined in the [tzip-10 proposal](https://gitlab.com/tzip/tzip/tree/master/proposals/tzip-10).
+The messages used in the Beacon communication are defined in the [tzip-10 proposal](https://gitlab.com/tzip/tzip/tree/master/proposals/tzip-10).
 
 Every message contains a unique, random ID that allows use to match request and response. It also contains the ID (public key) of the sender. In the future, this public key can be used to verify the authenticity of a message.
 

diff --git a/docs/beacon/06.errors.md b/docs/beacon/06.errors.md
@@ -1,6 +1,6 @@
 # Errors
 
-The errors used in the beacon communication are defined in the [tzip-10 proposal](https://gitlab.com/tzip/tzip/tree/master/proposals/tzip-10).
+The errors used in the Beacon communication are defined in the [tzip-10 proposal](https://gitlab.com/tzip/tzip/tree/master/proposals/tzip-10).
 
 If the wallet encounters an error while processing a request, the response will use the `BeaconBaseMessage` described [here](/beacon/05.messages) and additionally add a `BeaconErrorType`.
 

diff --git a/docs/beacon/07.contracts.md b/docs/beacon/07.contracts.md
@@ -1,20 +1,20 @@
 # Interacting with Contracts
 
-The `beacon-sdk` does not provide any abstractions for contracts. The focus of beacon is handling the connection between DApps and wallets and providing a user friendly API to interact with each other.
+The `beacon-sdk` does not provide any abstractions for contracts. The focus of Beacon is handling the connection between DApps and wallets and providing a user friendly API to interact with each other.
 
-[Taquito](https://tezostaquito.io/) is a popular library for development on the Tezos blockchain. They are currently working on a new [Wallet API](https://github.com/ecadlabs/taquito/pull/308) that connects the power of Taquito's contract abstraction with Beacon's communication layer.
+[Taquito](https://tezostaquito.io/) is a popular Typescript library for application development on the Tezos blockchain. Beacon is supported in Taquito's [Wallet API](https://tezostaquito.io/docs/wallet_API), simply combining the contract abstraction of Taquito with Beacon's communicaiton layer.
 
-The Wallet API has only recently been merged into the master branch of Taquito, so make sure you have a recent version:
+Beacon v2 is supported in Taquito v7.1.0, make sure to use the latest Taquito version.
 
 ```
-npm i @taquito/taquito@6.3.0-beta.5
-npm i @taquito/beacon-wallet@6.3.0-beta.5
+npm i @taquito/taquito
+npm i @taquito/beacon-wallet
 ```
 
-As of the time of writing, `6.3.0-beta.5` is the most recent version.
+As of the time of writing, `7.1.0` is the most recent version.
 
-There is currently no documentation available for the Wallet API. There is a community driven document outlining some of the changes between the Contract API and Wallet API [here](https://hackmd.io/Ns6ZpuY6TLSNKDv1Wr9fvA)
+The Taquito docs have a [detailed documentation](https://tezostaquito.io/docs/wallet_API/#--beacon-wallet) on how to import and use Beacon.
 
-The following is a small example of a contract call in Taquito, loosely based on our [Example DApp](https://github.com/airgap-it/beacon-vue-example/blob/master/src/components/Beacon.vue#L122)
+The following is a small example of a contract call in Taquito, loosely based on our [Example DApp](https://github.com/airgap-it/beacon-vue-example/blob/master/src/components/Beacon.vue#L122).
 
 <<< @/docs/beacon/taquito-example.ts
diff --git a/docs/beacon/10.security-audits.md b/docs/beacon/10.security-audits.md
@@ -0,0 +1,14 @@
+# Security Audits
+
+Beacon SDK has and will be regularly audited by third parties, their reports will be made publicly available.
+
+### 17.09.20 - Beacon SDK Audit by Least Authority
+
+In collaboration with the AirGap team, Least Authority conducted an audit of the tzip-10 Typescript implementation Beacon SDK. In total 5 issues have been identified by Least Authority. 3 of these have been resolved, 1 has been partially addressed and 1 was consciously not resolved.
+
+- [Blogpost - Beacon SDK Audit](https://medium.com/airgap-it/beacon-sdk-audited-by-least-authority-fa12f83e91e0)
+- [Report - Beacon SDK Audit Report](./LeastAuthorityReport.pdf)
+
+### Disclosing Security Vulnerabilities
+
+If you discover a security vulnerability within this library, please send an e-mail to [email protected]. All security vulnerabilities will be promptly addressed.
diff --git a/docs/beacon/LeastAuthorityReport.pdf b/docs/beacon/LeastAuthorityReport.pdf
diff --git a/example-dapp.html b/example-dapp.html
@@ -22,6 +22,8 @@
     <br /><br />
     <button id="connect">Connect and Delegate</button>
     <br /><br />
+    <button id="signPayload">Sign Payload</button>
+    <br /><br />
     ---
     <br /><br />
     <button id="getExtensions">Get Extensions</button>
@@ -36,10 +38,22 @@
     <br /><br />
     ---
     <br /><br />
+    Reproducing bugs:
+    <br /><br />
+    <button id="externalInit">External Init</button>
+    <br /><br />
+    <button id="2requests">2 requests at once</button>
+    <br /><br />
+    ---
+    <br /><br />
     <button id="removePeer">Remove Peer</button>
     <br /><br />
     ---
     <br /><br />
+    <button id="contractCall">Contract Call</button>
+    <br /><br />
+    ---
+    <br /><br />
     <button id="reset">Reset and Refresh</button>
 
     <script>
@@ -76,15 +90,35 @@
         })
       }
 
+      // Initiate a delegate operation
+      const sendToSelf = () => {
+        client.getActiveAccount().then((activeAccount) => {
+          client.requestOperation({
+            operationDetails: [
+              {
+                kind: beacon.TezosOperationType.TRANSACTION,
+                destination: activeAccount.address,
+                amount: '1'
+              }
+            ]
+          })
+        })
+      }
+
       // Initiate a permission request
       const requestPermission = (callback) => {
-        client.requestPermissions().then((permissions) => {
-          console.log('permissions', permissions)
-          if (callback) {
-            callback(permissions)
-          }
-          updateActiveAccount()
-        })
+        client
+          .requestPermissions()
+          .then((permissions) => {
+            console.log('permissions', permissions)
+            if (callback) {
+              callback(permissions)
+            }
+            updateActiveAccount()
+          })
+          .catch((error) => {
+            console.log('error during permission request', error)
+          })
       }
 
       // Add event listener to the button
@@ -116,9 +150,18 @@
         })
       })
 
+      // Add event listener to the button
+      document.getElementById('signPayload').addEventListener('click', async () => {
+        const signature = await client.requestSignPayload({
+          payload: 'test'
+        })
+
+        console.log('signature:', signature)
+      })
+
       // Add event listener to the button
       document.getElementById('clearActiveAccount').addEventListener('click', () => {
-        client.setActiveAccount(undefined).then(() => {
+        client.setActiveAccount().then(() => {
           updateActiveAccount()
         })
       })
@@ -181,6 +224,48 @@
           }
         })
       })
+
+      document.getElementById('externalInit').addEventListener('click', () => {
+        console.log('This method has to be called directly after page load to reproduce the error')
+        client.init().then(() => {
+          console.log('init done')
+          client.requestPermissions().then((permissions) => {
+            console.log('permissions', permissions)
+            if (callback) {
+              callback(permissions)
+            }
+            updateActiveAccount()
+          })
+        })
+      })
+
+      // Add event listener to the button
+      document.getElementById('contractCall').addEventListener('click', () => {
+        client
+          .requestOperation({
+            operationDetails: [
+              {
+                kind: beacon.TezosOperationType.TRANSACTION,
+                amount: '0',
+                destination: 'KT1RxKJyi48W3bZR8HErRiisXZQw19HwLGWj',
+                parameters: {
+                  entrypoint: 'toggleStatus',
+                  value: {
+                    prim: 'True'
+                  }
+                }
+              }
+            ]
+          })
+          .then((response) => console.log(response))
+          .catch((error) => console.log(error))
+      })
+
+      // Add event listener to the button
+      document.getElementById('2requests').addEventListener('click', () => {
+        setTimeout(sendToSelf, 0)
+        setTimeout(sendToSelf, 1000)
+      })
     </script>
   </body>
 </html>
diff --git a/package-lock.json b/package-lock.json