Polybase: Use real private key and filter using user public key

package.json

@@ -16,15 +16,20 @@
     "@types/webpack": "^5.28.0",
     "copy-webpack-plugin": "^11.0.0",
     "glob": "^8.0.3",
+    "stream-browserify": "^3.0.0",
     "ts-loader": "^9.3.1",
     "ts-node": "^10.8.2",
     "typescript": "^4.7.4",
     "webpack": "^5.73.0",
     "webpack-cli": "^4.10.0"
   },
   "dependencies": {
-    "@polybase/client": "0.3.25",
+    "@polybase/client": "npm:polybase_client@0.3.39",
     "add": "^2.0.6",
-    "crypto-js": "^4.1.1"
+    "buffer": "^6.0.3",
+    "bufferutil": "^4.0.7",
+    "crypto-js": "^4.1.1",
+    "ethers": "^6.1.0",
+    "utf-8-validate": "^6.0.3"
   }
 }

src/background.ts

@@ -1,19 +1,13 @@
 import { createRecord, getAllRecords, getRecordByUrl } from "./polybase";
-import {
-  CurrentParams,
-  GetPasswords,
-  Message,
-  MessageKey,
-  Password,
-} from "./types";
+import { CurrentParams, GetPasswords, Message, MessageKey } from "./types";
 
 const current_params: CurrentParams = {
   password: "",
   username: "",
   website: "",
 };
 
-let passwords_for_requested_website: Data[];
+let passwords_for_requested_website: Data[] = [];
 
 chrome.tabs.onUpdated.addListener((id, change, tab) => {
   const change_url = change.url?.replace(/\/+$/, "");
@@ -30,6 +24,7 @@ chrome.tabs.onUpdated.addListener((id, change, tab) => {
       const new_message: Message<any> = {
         key: MessageKey.LOGIN_SUCCESS,
       };
+      console.log("let c", passwords_for_requested_website);
 
       let exist = passwords_for_requested_website.find((e) => {
         const params_website = new URL(current_params.website).hostname;
@@ -46,13 +41,15 @@ chrome.tabs.onUpdated.addListener((id, change, tab) => {
         chrome.tabs.query(
           { active: true, currentWindow: true },
           function (tabs) {
-            chrome.tabs.sendMessage(tabs?.[0].id ?? 0, new_message);
+            if (!tabs.length) throw new Error("Tab not found");
+            chrome.tabs.sendMessage(tabs?.[0]?.id ?? 0, new_message);
           }
         );
-      }, 300);
+      }, 500);
     }
   }
 });
+
 export interface Data {
   id: string;
   password: string;
@@ -69,13 +66,14 @@ export interface PublicKey {
   x: string;
   y: string;
 }
-chrome.runtime.onMessage.addListener(async (m: Message<any>, _, sendRes) => {
+
+type SendRes = (res: any) => void;
+const handle_chrome_messages = async (m: Message<any>, sendRes: SendRes) => {
   console.log("messag rec", m);
 
   if (m.key == MessageKey.GET_PASSWORDS) {
     const body = m.body as GetPasswords;
-    const passwords = await getRecordByUrl(body.domain);
-    passwords_for_requested_website = passwords.data.map((e) => e.data);
+    passwords_for_requested_website = await getRecordByUrl(body.domain);
 
     sendRes(passwords_for_requested_website);
     return true;
@@ -108,4 +106,8 @@ chrome.runtime.onMessage.addListener(async (m: Message<any>, _, sendRes) => {
     return true;
   }
   return false;
+};
+chrome.runtime.onMessage.addListener((m, _, s) => {
+  handle_chrome_messages(m, s).then(s);
+  return true;
 });

src/content_scripts.ts

@@ -19,6 +19,7 @@ border-radius:12px;
 padding:8px;
 color:black;
 background-color:white;
+z-index:9999;
 -webkit-box-shadow: 10px 10px 88px -8px rgba(0,0,0,1);
 -moz-box-shadow: 10px 10px 88px -8px rgba(0,0,0,1);
 box-shadow: 10px 10px 88px -8px rgba(0,0,0,1);
@@ -104,6 +105,8 @@ const on_load = () => {
     },
   };
   chrome.runtime.sendMessage(new_msg, (res: GetPasswordRes) => {
+    console.log("get pass res", res);
+
     if (!res) {
       return;
     }

src/polybase.ts

@@ -1,4 +1,4 @@
-import { Data, Password, WALLET_PRIV_KEY } from "./types";
+import { Data, WALLET_PRIV_KEY } from "./types";
 import { Polybase } from "@polybase/client";
 import { ethPersonalSign } from "@polybase/eth";
 import {
@@ -8,28 +8,27 @@ import {
   EncryptedDataAesCbc256,
 } from "@polybase/util";
 
-let priv_key: string | undefined = undefined;
+import { Buffer } from "buffer";
+globalThis.Buffer = Buffer;
+import { ethers, Wallet } from "ethers";
+let wallet: Wallet | undefined;
 chrome.storage.session.onChanged.addListener((e) => {
   if (e[WALLET_PRIV_KEY]) {
-    priv_key = e[WALLET_PRIV_KEY].newValue;
+    wallet = new Wallet(e[WALLET_PRIV_KEY].newValue);
   }
 });
 
-const hardKey = decodeFromString(
-  "95tUuJPAkFV5r60rV12uEYoFErTIEXG7am6tMWzcvcU=",
-  "base64"
-); //95tUuJPAkFV5r60rV12uEYoFErTIEXG7am6tMWzcvcU=
 const setDb = (): Polybase => {
+  if (!wallet) {
+    throw new Error("Wallet not unlocked");
+  }
   const db = new Polybase({
     defaultNamespace:
       "pk/0x76c342f1696f2e368454ed296df1ead894232b009084f6cb71670881506e0ee6e3fa1b3ea51a3010afa63cb41559eeab504a706138942d597dfd39d856955d45/polyPass",
     signer: (data) => {
       return {
         h: "eth-personal-sign",
-        sig: ethPersonalSign(
-          "0x79d1fcf6d9334cedc837ee3f9d2c54b7294aa702ed07f6f77f8a49235a9f9114",
-          data
-        ),
+        sig: ethPersonalSign(wallet?.privateKey ?? "", data),
       };
     },
   });
@@ -73,7 +72,11 @@ export async function DecryptString(
 
 const genPass = async (password: string): Promise<string> => {
   // const key = aescbc.generateSecretKey();
-
+  if (!wallet) {
+    throw new Error("Wallet not unlocked");
+    return "";
+  }
+  const hardKey = decodeFromString(wallet.privateKey, "hex");
   var encryptstr = await EncryptString(password, hardKey);
   const cipher_str = encodeToString(encryptstr.ciphertext, "base64");
   const nonce_str = encodeToString(encryptstr.nonce, "base64");
@@ -145,6 +148,11 @@ export const decryptMergedPass = async (
     nonce: decodeFromString(splitEncryptedPass[1], "base64"),
     ciphertext: decodeFromString(splitEncryptedPass[0], "base64"),
   };
+  if (!wallet) {
+    throw new Error("Wallet not unlocked");
+    return "";
+  }
+  const hardKey = decodeFromString(wallet.privateKey, "hex");
   var pass: string = await DecryptString(hardKey, encryptedInterface);
   return pass;
 };
@@ -156,12 +164,30 @@ export const getAllRecords = async () => {
   const records = await collectionReference.get();
   return records.data;
 };
-export const getRecordByUrl = async (url: string) => {
+export const getRecordByUrl = async (url: string): Promise<Data[]> => {
   var db = setDb();
   const collectionReference = db.collection<Data>("passwords");
+  if (!wallet) {
+    throw new Error("Wallet not unlocked");
+    return [];
+  }
 
-  const records = await collectionReference.where("url", "==", url).get();
-  console.log(records);
+  let publicKey = new ethers.SigningKey(wallet.privateKey).publicKey;
+  publicKey = "0x" + publicKey.slice(4);
+  console.log("public key", publicKey);
+
+  let records = await collectionReference
+    .where("url", "==", url)
+    .where("userId", "==", publicKey)
+    .get();
+  const new_data = await Promise.all(
+    records.data.map(async (e) => {
+      return {
+        ...e.data,
+        password: await decryptMergedPass(e.data.password),
+      };
+    })
+  );
 
-  return records;
+  return new_data;
 };

webpack/webpack.config.ts

@@ -1,29 +1,43 @@
 import path from "path";
-import CopyPlugin from "copy-webpack-plugin"
+import CopyPlugin from "copy-webpack-plugin";
 import * as webpack from "webpack";
-import glob from "glob"
+import glob from "glob";
 
-let scripts = glob.sync("./src/scripts/**.ts")
+let scripts = glob.sync("./src/scripts/**.ts");
 
-let scriptEntries: { [key: string]: string; } = {}
-scripts.forEach(pathOfFile => {
-  let fileName = path.basename(pathOfFile)
-  let entryName = fileName.split(".")[0]
-  scriptEntries[entryName] = pathOfFile
-})
+let scriptEntries: { [key: string]: string } = {};
+scripts.forEach((pathOfFile) => {
+  let fileName = path.basename(pathOfFile);
+  let entryName = fileName.split(".")[0];
+  scriptEntries[entryName] = pathOfFile;
+});
 
 const webPackConfig: webpack.Configuration = {
   entry: {
     ...scriptEntries,
     content_scripts: path.resolve(__dirname, "..", "src", "content_scripts.ts"),
-    background: path.resolve(__dirname, "..", "src", "background.ts")
+    background: path.resolve(__dirname, "..", "src", "background.ts"),
   },
   output: {
     path: path.join(__dirname, "../dist"),
     filename: "[name].js",
   },
   resolve: {
     extensions: [".ts", ".js"],
+    fallback: {
+      os: false,
+      fs: false,
+      tls: false,
+      net: false,
+      path: false,
+      zlib: false,
+      http: false,
+      https: false,
+      stream: require.resolve("stream-browserify"),
+      crypto: false,
+      url: false,
+      "crypto-browserify": false,
+    },
   },
   module: {
     rules: [
@@ -39,6 +53,6 @@ const webPackConfig: webpack.Configuration = {
       patterns: [{ from: ".", to: ".", context: "public" }],
     }),
   ],
-}
+};
 
-export default webPackConfig
+export default webPackConfig;