MarketTakers/arbiter
5
0
Fork 0
Code Issues 27 Pull Requests 4 Packages Projects Releases Wiki Activity

merge: main

Browse Source
This commit is contained in:
hdbg
2026-03-29 11:07:26 +02:00
parent 6987e5f70f e2d8b7841b
commit d5ec303b9a
147 changed files with 10654 additions and 4354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.claude/memory/feedback_widget_decomposition.md Normal file
View File

@@ -0,0 +1,11 @@
---
name: Widget decomposition and provider subscriptions
description: Prefer splitting screens into multiple focused files/widgets; each widget subscribes to its own relevant providers
type: feedback
---
Split screens into multiple smaller widgets across multiple files. Each widget should subscribe only to the providers it needs (`ref.watch` at lowest possible level), rather than having one large screen widget that watches everything and passes data down as parameters.
**Why:** Reduces unnecessary rebuilds; improves readability; each file has one clear responsibility.
**How to apply:** When building a new screen, identify which sub-widgets need their own provider subscriptions and extract them into separate files (e.g., `widgets/grant_card.dart` watches enrichment providers itself, rather than the screen doing it and passing resolved strings down).

1
.gitignore vendored
View File

@@ -3,3 +3,4 @@ scripts/__pycache__/
.DS_Store .DS_Store
.cargo/config.toml .cargo/config.toml
.vscode/ .vscode/
docs/

2
AGENTS.md
View File

@@ -67,7 +67,7 @@ The server is actor-based using the **kameo** crate. All long-lived state lives
- **`Bootstrapper`** — Manages the one-time bootstrap token written to `~/.arbiter/bootstrap_token` on first run. - **`Bootstrapper`** — Manages the one-time bootstrap token written to `~/.arbiter/bootstrap_token` on first run.
- **`KeyHolder`** — Holds the encrypted root key and manages the Sealed/Unsealed vault state machine. On unseal, decrypts the root key into a `memsafe` hardened memory cell. - **`KeyHolder`** — Holds the encrypted root key and manages the Sealed/Unsealed vault state machine. On unseal, decrypts the root key into a `memsafe` hardened memory cell.
- **`MessageRouter`** — Coordinates streaming messages between user agents and SDK clients. - **`FlowCoordinator`** — Coordinates cross-connection flow between user agents and SDK clients.
- **`EvmActor`** — Handles EVM transaction policy enforcement and signing. - **`EvmActor`** — Handles EVM transaction policy enforcement and signing.
Per-connection actors live under `actors/user_agent/` and `actors/client/`, each with `auth` (challenge-response authentication) and `session` (post-auth operations) sub-modules. Per-connection actors live under `actors/user_agent/` and `actors/client/`, each with `auth` (challenge-response authentication) and `session` (post-auth operations) sub-modules.

2
CLAUDE.md
View File

@@ -67,7 +67,7 @@ The server is actor-based using the **kameo** crate. All long-lived state lives
- **`Bootstrapper`** — Manages the one-time bootstrap token written to `~/.arbiter/bootstrap_token` on first run. - **`Bootstrapper`** — Manages the one-time bootstrap token written to `~/.arbiter/bootstrap_token` on first run.
- **`KeyHolder`** — Holds the encrypted root key and manages the Sealed/Unsealed vault state machine. On unseal, decrypts the root key into a `memsafe` hardened memory cell. - **`KeyHolder`** — Holds the encrypted root key and manages the Sealed/Unsealed vault state machine. On unseal, decrypts the root key into a `memsafe` hardened memory cell.
- **`MessageRouter`** — Coordinates streaming messages between user agents and SDK clients. - **`FlowCoordinator`** — Coordinates cross-connection flow between user agents and SDK clients.
- **`EvmActor`** — Handles EVM transaction policy enforcement and signing. - **`EvmActor`** — Handles EVM transaction policy enforcement and signing.
Per-connection actors live under `actors/user_agent/` and `actors/client/`, each with `auth` (challenge-response authentication) and `session` (post-auth operations) sub-modules. Per-connection actors live under `actors/user_agent/` and `actors/client/`, each with `auth` (challenge-response authentication) and `session` (post-auth operations) sub-modules.

7
protobufs/client.proto
View File

@@ -5,8 +5,15 @@ package arbiter.client;
import "evm.proto"; import "evm.proto";
import "google/protobuf/empty.proto"; import "google/protobuf/empty.proto";
message ClientInfo {
string name = 1;
optional string description = 2;
optional string version = 3;
}
message AuthChallengeRequest { message AuthChallengeRequest {
bytes pubkey = 1; bytes pubkey = 1;
ClientInfo client_info = 2;
} }
message AuthChallenge { message AuthChallenge {

14
protobufs/evm.proto
View File

@@ -12,7 +12,8 @@ enum EvmError {
} }
message WalletEntry { message WalletEntry {
bytes address = 1; // 20-byte Ethereum address int32 id = 1;
bytes address = 2; // 20-byte Ethereum address
} }
message WalletList { message WalletList {
@@ -46,7 +47,7 @@ message VolumeRateLimit {
} }
message SharedSettings { message SharedSettings {
int32 wallet_id = 1; int32 wallet_access_id = 1;
uint64 chain_id = 2; uint64 chain_id = 2;
optional google.protobuf.Timestamp valid_from = 3; optional google.protobuf.Timestamp valid_from = 3;
optional google.protobuf.Timestamp valid_until = 4; optional google.protobuf.Timestamp valid_until = 4;
@@ -139,9 +140,8 @@ message TransactionEvalError {
// --- UserAgent grant management --- // --- UserAgent grant management ---
message EvmGrantCreateRequest { message EvmGrantCreateRequest {
int32 client_id = 1; SharedSettings shared = 1;
SharedSettings shared = 2; SpecificGrant specific = 2;
SpecificGrant specific = 3;
} }
message EvmGrantCreateResponse { message EvmGrantCreateResponse {
@@ -165,13 +165,13 @@ message EvmGrantDeleteResponse {
// Basic grant info returned in grant listings // Basic grant info returned in grant listings
message GrantEntry { message GrantEntry {
int32 id = 1; int32 id = 1;
int32 client_id = 2; int32 wallet_access_id = 2;
SharedSettings shared = 3; SharedSettings shared = 3;
SpecificGrant specific = 4; SpecificGrant specific = 4;
} }
message EvmGrantListRequest { message EvmGrantListRequest {
optional int32 wallet_id = 1; optional int32 wallet_access_id = 1;
} }
message EvmGrantListResponse { message EvmGrantListResponse {

62
protobufs/user_agent.proto
View File

@@ -2,6 +2,7 @@ syntax = "proto3";
package arbiter.user_agent; package arbiter.user_agent;
import "client.proto";
import "evm.proto"; import "evm.proto";
import "google/protobuf/empty.proto"; import "google/protobuf/empty.proto";
@@ -22,10 +23,6 @@ enum SdkClientError {
SDK_CLIENT_ERROR_INTERNAL = 4; SDK_CLIENT_ERROR_INTERNAL = 4;
} }
message SdkClientApproveRequest {
bytes pubkey = 1; // 32-byte ed25519 public key
}
message SdkClientRevokeRequest { message SdkClientRevokeRequest {
int32 client_id = 1; int32 client_id = 1;
} }
@@ -33,20 +30,14 @@ message SdkClientRevokeRequest {
message SdkClientEntry { message SdkClientEntry {
int32 id = 1; int32 id = 1;
bytes pubkey = 2; bytes pubkey = 2;
int32 created_at = 3; arbiter.client.ClientInfo info = 3;
int32 created_at = 4;
} }
message SdkClientList { message SdkClientList {
repeated SdkClientEntry clients = 1; repeated SdkClientEntry clients = 1;
} }
message SdkClientApproveResponse {
oneof result {
SdkClientEntry client = 1;
SdkClientError error = 2;
}
}
message SdkClientRevokeResponse { message SdkClientRevokeResponse {
oneof result { oneof result {
google.protobuf.Empty ok = 1; google.protobuf.Empty ok = 1;
@@ -129,13 +120,39 @@ enum VaultState {
message SdkClientConnectionRequest { message SdkClientConnectionRequest {
bytes pubkey = 1; bytes pubkey = 1;
arbiter.client.ClientInfo info = 2;
} }
message SdkClientConnectionResponse { message SdkClientConnectionResponse {
bool approved = 1; bool approved = 1;
bytes pubkey = 2;
} }
message SdkClientConnectionCancel {} message SdkClientConnectionCancel {
bytes pubkey = 1;
}
message WalletAccess {
int32 wallet_id = 1;
int32 sdk_client_id = 2;
}
message SdkClientWalletAccess {
int32 id = 1;
WalletAccess access = 2;
}
message SdkClientGrantWalletAccess {
repeated WalletAccess accesses = 1;
}
message SdkClientRevokeWalletAccess {
repeated int32 accesses = 1;
}
message ListWalletAccessResponse {
repeated SdkClientWalletAccess accesses = 1;
}
message UserAgentEvmSignTransactionRequest { message UserAgentEvmSignTransactionRequest {
int32 client_id = 1; int32 client_id = 1;
@@ -156,11 +173,13 @@ message UserAgentRequest {
arbiter.evm.EvmGrantDeleteRequest evm_grant_delete = 9; arbiter.evm.EvmGrantDeleteRequest evm_grant_delete = 9;
arbiter.evm.EvmGrantListRequest evm_grant_list = 10; arbiter.evm.EvmGrantListRequest evm_grant_list = 10;
SdkClientConnectionResponse sdk_client_connection_response = 11; SdkClientConnectionResponse sdk_client_connection_response = 11;
SdkClientApproveRequest sdk_client_approve = 12; SdkClientRevokeRequest sdk_client_revoke = 12;
SdkClientRevokeRequest sdk_client_revoke = 13; google.protobuf.Empty sdk_client_list = 13;
google.protobuf.Empty sdk_client_list = 14; BootstrapEncryptedKey bootstrap_encrypted_key = 14;
BootstrapEncryptedKey bootstrap_encrypted_key = 15; SdkClientGrantWalletAccess grant_wallet_access = 15;
UserAgentEvmSignTransactionRequest evm_sign_transaction = 17; SdkClientRevokeWalletAccess revoke_wallet_access = 17;
google.protobuf.Empty list_wallet_access = 18;
UserAgentEvmSignTransactionRequest evm_sign_transaction = 19;
} }
} }
message UserAgentResponse { message UserAgentResponse {
@@ -176,11 +195,12 @@ message UserAgentResponse {
arbiter.evm.EvmGrantCreateResponse evm_grant_create = 8; arbiter.evm.EvmGrantCreateResponse evm_grant_create = 8;
arbiter.evm.EvmGrantDeleteResponse evm_grant_delete = 9; arbiter.evm.EvmGrantDeleteResponse evm_grant_delete = 9;
arbiter.evm.EvmGrantListResponse evm_grant_list = 10; arbiter.evm.EvmGrantListResponse evm_grant_list = 10;
SdkClientConnectionResponse sdk_client_connection_response = 11; SdkClientConnectionRequest sdk_client_connection_request = 11;
SdkClientApproveResponse sdk_client_approve_response = 12; SdkClientConnectionCancel sdk_client_connection_cancel = 12;
SdkClientRevokeResponse sdk_client_revoke_response = 13; SdkClientRevokeResponse sdk_client_revoke_response = 13;
SdkClientListResponse sdk_client_list_response = 14; SdkClientListResponse sdk_client_list_response = 14;
BootstrapResult bootstrap_result = 15; BootstrapResult bootstrap_result = 15;
arbiter.evm.EvmSignTransactionResponse evm_sign_transaction = 17; ListWalletAccessResponse list_wallet_access_response = 17;
arbiter.evm.EvmSignTransactionResponse evm_sign_transaction = 18;
} }
} }

63
server/crates/arbiter-client/src/auth.rs
View File

@@ -1,8 +1,8 @@
use arbiter_proto::{ use arbiter_proto::{
format_challenge, ClientMetadata, format_challenge,
proto::client::{ proto::client::{
AuthChallengeRequest, AuthChallengeSolution, AuthResult, ClientRequest, AuthChallengeRequest, AuthChallengeSolution, AuthResult, ClientInfo as ProtoClientInfo,
client_request::Payload as ClientRequestPayload, ClientRequest, client_request::Payload as ClientRequestPayload,
client_response::Payload as ClientResponsePayload, client_response::Payload as ClientResponsePayload,
}, },
}; };
@@ -14,19 +14,7 @@ use crate::{
}; };
#[derive(Debug, thiserror::Error)] #[derive(Debug, thiserror::Error)]
pub enum ConnectError { pub enum AuthError {
#[error("Could not establish connection")]
Connection(#[from] tonic::transport::Error),
#[error("Invalid server URI")]
InvalidUri(#[from] http::uri::InvalidUri),
#[error("Invalid CA certificate")]
InvalidCaCert(#[from] webpki::Error),
#[error("gRPC error")]
Grpc(#[from] tonic::Status),
#[error("Auth challenge was not returned by server")] #[error("Auth challenge was not returned by server")]
MissingAuthChallenge, MissingAuthChallenge,
@@ -43,48 +31,54 @@ pub enum ConnectError {
Storage(#[from] StorageError), Storage(#[from] StorageError),
} }
fn map_auth_result(code: i32) -> ConnectError { fn map_auth_result(code: i32) -> AuthError {
match AuthResult::try_from(code).unwrap_or(AuthResult::Unspecified) { match AuthResult::try_from(code).unwrap_or(AuthResult::Unspecified) {
AuthResult::ApprovalDenied => ConnectError::ApprovalDenied, AuthResult::ApprovalDenied => AuthError::ApprovalDenied,
AuthResult::NoUserAgentsOnline => ConnectError::NoUserAgentsOnline, AuthResult::NoUserAgentsOnline => AuthError::NoUserAgentsOnline,
AuthResult::Unspecified AuthResult::Unspecified
| AuthResult::Success | AuthResult::Success
| AuthResult::InvalidKey | AuthResult::InvalidKey
| AuthResult::InvalidSignature | AuthResult::InvalidSignature
| AuthResult::Internal => ConnectError::UnexpectedAuthResponse, | AuthResult::Internal => AuthError::UnexpectedAuthResponse,
} }
} }
async fn send_auth_challenge_request( async fn send_auth_challenge_request(
transport: &mut ClientTransport, transport: &mut ClientTransport,
metadata: ClientMetadata,
key: &ed25519_dalek::SigningKey, key: &ed25519_dalek::SigningKey,
) -> std::result::Result<(), ConnectError> { ) -> std::result::Result<(), AuthError> {
transport transport
.send(ClientRequest { .send(ClientRequest {
request_id: next_request_id(), request_id: next_request_id(),
payload: Some(ClientRequestPayload::AuthChallengeRequest( payload: Some(ClientRequestPayload::AuthChallengeRequest(
AuthChallengeRequest { AuthChallengeRequest {
pubkey: key.verifying_key().to_bytes().to_vec(), pubkey: key.verifying_key().to_bytes().to_vec(),
client_info: Some(ProtoClientInfo {
name: metadata.name,
description: metadata.description,
version: metadata.version,
}),
}, },
)), )),
}) })
.await .await
.map_err(|_| ConnectError::UnexpectedAuthResponse) .map_err(|_| AuthError::UnexpectedAuthResponse)
} }
async fn receive_auth_challenge( async fn receive_auth_challenge(
transport: &mut ClientTransport, transport: &mut ClientTransport,
) -> std::result::Result<arbiter_proto::proto::client::AuthChallenge, ConnectError> { ) -> std::result::Result<arbiter_proto::proto::client::AuthChallenge, AuthError> {
let response = transport let response = transport
.recv() .recv()
.await .await
.map_err(|_| ConnectError::MissingAuthChallenge)?; .map_err(|_| AuthError::MissingAuthChallenge)?;
let payload = response.payload.ok_or(ConnectError::MissingAuthChallenge)?; let payload = response.payload.ok_or(AuthError::MissingAuthChallenge)?;
match payload { match payload {
ClientResponsePayload::AuthChallenge(challenge) => Ok(challenge), ClientResponsePayload::AuthChallenge(challenge) => Ok(challenge),
ClientResponsePayload::AuthResult(result) => Err(map_auth_result(result)), ClientResponsePayload::AuthResult(result) => Err(map_auth_result(result)),
_ => Err(ConnectError::UnexpectedAuthResponse), _ => Err(AuthError::UnexpectedAuthResponse),
} }
} }
@@ -92,7 +86,7 @@ async fn send_auth_challenge_solution(
transport: &mut ClientTransport, transport: &mut ClientTransport,
key: &ed25519_dalek::SigningKey, key: &ed25519_dalek::SigningKey,
challenge: arbiter_proto::proto::client::AuthChallenge, challenge: arbiter_proto::proto::client::AuthChallenge,
) -> std::result::Result<(), ConnectError> { ) -> std::result::Result<(), AuthError> {
let challenge_payload = format_challenge(challenge.nonce, &challenge.pubkey); let challenge_payload = format_challenge(challenge.nonce, &challenge.pubkey);
let signature = key.sign(&challenge_payload).to_bytes().to_vec(); let signature = key.sign(&challenge_payload).to_bytes().to_vec();
@@ -104,20 +98,20 @@ async fn send_auth_challenge_solution(
)), )),
}) })
.await .await
.map_err(|_| ConnectError::UnexpectedAuthResponse) .map_err(|_| AuthError::UnexpectedAuthResponse)
} }
async fn receive_auth_confirmation( async fn receive_auth_confirmation(
transport: &mut ClientTransport, transport: &mut ClientTransport,
) -> std::result::Result<(), ConnectError> { ) -> std::result::Result<(), AuthError> {
let response = transport let response = transport
.recv() .recv()
.await .await
.map_err(|_| ConnectError::UnexpectedAuthResponse)?; .map_err(|_| AuthError::UnexpectedAuthResponse)?;
let payload = response let payload = response
.payload .payload
.ok_or(ConnectError::UnexpectedAuthResponse)?; .ok_or(AuthError::UnexpectedAuthResponse)?;
match payload { match payload {
ClientResponsePayload::AuthResult(result) ClientResponsePayload::AuthResult(result)
if AuthResult::try_from(result).ok() == Some(AuthResult::Success) => if AuthResult::try_from(result).ok() == Some(AuthResult::Success) =>
@@ -125,15 +119,16 @@ async fn receive_auth_confirmation(
Ok(()) Ok(())
} }
ClientResponsePayload::AuthResult(result) => Err(map_auth_result(result)), ClientResponsePayload::AuthResult(result) => Err(map_auth_result(result)),
_ => Err(ConnectError::UnexpectedAuthResponse), _ => Err(AuthError::UnexpectedAuthResponse),
} }
} }
pub(crate) async fn authenticate( pub(crate) async fn authenticate(
transport: &mut ClientTransport, transport: &mut ClientTransport,
metadata: ClientMetadata,
key: &ed25519_dalek::SigningKey, key: &ed25519_dalek::SigningKey,
) -> std::result::Result<(), ConnectError> { ) -> std::result::Result<(), AuthError> {
send_auth_challenge_request(transport, key).await?; send_auth_challenge_request(transport, metadata, key).await?;
let challenge = receive_auth_challenge(transport).await?; let challenge = receive_auth_challenge(transport).await?;
send_auth_challenge_solution(transport, key, challenge).await?; send_auth_challenge_solution(transport, key, challenge).await?;
receive_auth_confirmation(transport).await receive_auth_confirmation(transport).await

48
server/crates/arbiter-client/src/bin/test_connect.rs Normal file
View File

@@ -0,0 +1,48 @@
use std::io::{self, Write};
use arbiter_client::ArbiterClient;
use arbiter_proto::{ClientMetadata, url::ArbiterUrl};
use tonic::ConnectError;
#[tokio::main]
async fn main() {
println!("Testing connection to Arbiter server...");
print!("Enter ArbiterUrl: ");
let _ = io::stdout().flush();
let mut input = String::new();
if let Err(err) = io::stdin().read_line(&mut input) {
eprintln!("Failed to read input: {err}");
return;
}
let input = input.trim();
if input.is_empty() {
eprintln!("ArbiterUrl cannot be empty");
return;
}
let url = match ArbiterUrl::try_from(input) {
Ok(url) => url,
Err(err) => {
eprintln!("Invalid ArbiterUrl: {err}");
return;
}
};
println!("{:#?}", url);
let metadata = ClientMetadata {
name: "arbiter-client test_connect".to_string(),
description: Some("Manual connection smoke test".to_string()),
version: Some(env!("CARGO_PKG_VERSION").to_string()),
};
match ArbiterClient::connect(url, metadata).await {
Ok(_) => println!("Connected and authenticated successfully."),
Err(err) => eprintln!("Failed to connect: {:#?}", err),
}
}

43
server/crates/arbiter-client/src/client.rs
View File

@@ -1,25 +1,36 @@
use arbiter_proto::{proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl}; use arbiter_proto::{ClientMetadata, proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl};
use std::sync::Arc; use std::sync::Arc;
use tokio::sync::{Mutex, mpsc}; use tokio::sync::{Mutex, mpsc};
use tokio_stream::wrappers::ReceiverStream; use tokio_stream::wrappers::ReceiverStream;
use tonic::transport::ClientTlsConfig; use tonic::transport::ClientTlsConfig;
use crate::{ use crate::{
auth::{ConnectError, authenticate}, StorageError, auth::{AuthError, authenticate}, storage::{FileSigningKeyStorage, SigningKeyStorage}, transport::{BUFFER_LENGTH, ClientTransport}
storage::{FileSigningKeyStorage, SigningKeyStorage},
transport::{BUFFER_LENGTH, ClientTransport},
}; };
#[cfg(feature = "evm")] #[cfg(feature = "evm")]
use crate::wallets::evm::ArbiterEvmWallet; use crate::wallets::evm::ArbiterEvmWallet;
#[derive(Debug, thiserror::Error)] #[derive(Debug, thiserror::Error)]
pub enum ClientError { pub enum Error {
#[error("gRPC error")] #[error("gRPC error")]
Grpc(#[from] tonic::Status), Grpc(#[from] tonic::Status),
#[error("Connection closed by server")] #[error("Could not establish connection")]
ConnectionClosed, Connection(#[from] tonic::transport::Error),
#[error("Invalid server URI")]
InvalidUri(#[from] http::uri::InvalidUri),
#[error("Invalid CA certificate")]
InvalidCaCert(#[from] webpki::Error),
#[error("Authentication error")]
Authentication(#[from] AuthError),
#[error("Storage error")]
Storage(#[from] StorageError),
} }
pub struct ArbiterClient { pub struct ArbiterClient {
@@ -28,27 +39,29 @@ pub struct ArbiterClient {
} }
impl ArbiterClient { impl ArbiterClient {
pub async fn connect(url: ArbiterUrl) -> Result<Self, ConnectError> { pub async fn connect(url: ArbiterUrl, metadata: ClientMetadata) -> Result<Self, Error> {
let storage = FileSigningKeyStorage::from_default_location()?; let storage = FileSigningKeyStorage::from_default_location()?;
Self::connect_with_storage(url, &storage).await Self::connect_with_storage(url, metadata, &storage).await
} }
pub async fn connect_with_storage<S: SigningKeyStorage>( pub async fn connect_with_storage<S: SigningKeyStorage>(
url: ArbiterUrl, url: ArbiterUrl,
metadata: ClientMetadata,
storage: &S, storage: &S,
) -> Result<Self, ConnectError> { ) -> Result<Self, Error> {
let key = storage.load_or_create()?; let key = storage.load_or_create()?;
Self::connect_with_key(url, key).await Self::connect_with_key(url, metadata, key).await
} }
pub async fn connect_with_key( pub async fn connect_with_key(
url: ArbiterUrl, url: ArbiterUrl,
metadata: ClientMetadata,
key: ed25519_dalek::SigningKey, key: ed25519_dalek::SigningKey,
) -> Result<Self, ConnectError> { ) -> Result<Self, Error> {
let anchor = webpki::anchor_from_trusted_cert(&url.ca_cert)?.to_owned(); let anchor = webpki::anchor_from_trusted_cert(&url.ca_cert)?.to_owned();
let tls = ClientTlsConfig::new().trust_anchor(anchor); let tls = ClientTlsConfig::new().trust_anchor(anchor);
let channel = tonic::transport::Channel::from_shared(format!("{}:{}", url.host, url.port))? let channel = tonic::transport::Channel::from_shared(format!("https://{}:{}", url.host, url.port))?
.tls_config(tls)? .tls_config(tls)?
.connect() .connect()
.await?; .await?;
@@ -62,7 +75,7 @@ impl ArbiterClient {
receiver: response_stream, receiver: response_stream,
}; };
authenticate(&mut transport, &key).await?; authenticate(&mut transport, metadata, &key).await?;
Ok(Self { Ok(Self {
transport: Arc::new(Mutex::new(transport)), transport: Arc::new(Mutex::new(transport)),
@@ -70,7 +83,7 @@ impl ArbiterClient {
} }
#[cfg(feature = "evm")] #[cfg(feature = "evm")]
pub async fn evm_wallets(&self) -> Result<Vec<ArbiterEvmWallet>, ClientError> { pub async fn evm_wallets(&self) -> Result<Vec<ArbiterEvmWallet>, Error> {
todo!("fetch EVM wallet list from server") todo!("fetch EVM wallet list from server")
} }
} }

4
server/crates/arbiter-client/src/lib.rs
View File

@@ -4,8 +4,8 @@ mod storage;
mod transport; mod transport;
pub mod wallets; pub mod wallets;
pub use auth::ConnectError; pub use auth::AuthError;
pub use client::{ArbiterClient, ClientError}; pub use client::{ArbiterClient, Error};
pub use storage::{FileSigningKeyStorage, SigningKeyStorage, StorageError}; pub use storage::{FileSigningKeyStorage, SigningKeyStorage, StorageError};
#[cfg(feature = "evm")] #[cfg(feature = "evm")]

27
server/crates/arbiter-proto/build.rs
View File

@@ -1,32 +1,21 @@
use std::path::PathBuf;
use tonic_prost_build::configure; use tonic_prost_build::configure;
static PROTOBUF_DIR: &str = "../../../protobufs"; static PROTOBUF_DIR: &str = "../../../protobufs";
fn main() -> Result<(), Box<dyn std::error::Error>> { fn main() -> Result<(), Box<dyn std::error::Error>> {
let manifest_dir = PathBuf::from(std::env::var("CARGO_MANIFEST_DIR")?); println!("cargo::rerun-if-changed={PROTOBUF_DIR}");
let protobuf_dir = manifest_dir.join(PROTOBUF_DIR);
let protoc_include = protoc_bin_vendored::include_path()?;
let protoc_path = protoc_bin_vendored::protoc_bin_path()?;
unsafe {
std::env::set_var("PROTOC", &protoc_path);
std::env::set_var("PROTOC_INCLUDE", &protoc_include);
}
println!("cargo::rerun-if-changed={}", protobuf_dir.display());
configure() configure()
.message_attribute(".", "#[derive(::kameo::Reply)]") .message_attribute(".", "#[derive(::kameo::Reply)]")
.compile_well_known_types(true)
.compile_protos( .compile_protos(
&[ &[
protobuf_dir.join("arbiter.proto"), format!("{}/arbiter.proto", PROTOBUF_DIR),
protobuf_dir.join("user_agent.proto"), format!("{}/user_agent.proto", PROTOBUF_DIR),
protobuf_dir.join("client.proto"), format!("{}/client.proto", PROTOBUF_DIR),
protobuf_dir.join("evm.proto"), format!("{}/evm.proto", PROTOBUF_DIR),
], ],
&[protobuf_dir], &[PROTOBUF_DIR.to_string()],
)?; )
.unwrap();
Ok(()) Ok(())
} }

13
server/crates/arbiter-proto/src/lib.rs
View File

@@ -3,12 +3,6 @@ pub mod url;
use base64::{Engine, prelude::BASE64_STANDARD}; use base64::{Engine, prelude::BASE64_STANDARD};
pub mod google {
pub mod protobuf {
tonic::include_proto!("google.protobuf");
}
}
pub mod proto { pub mod proto {
tonic::include_proto!("arbiter"); tonic::include_proto!("arbiter");
@@ -25,6 +19,13 @@ pub mod proto {
} }
} }
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ClientMetadata {
pub name: String,
pub description: Option<String>,
pub version: Option<String>,
}
pub static BOOTSTRAP_PATH: &str = "bootstrap_token"; pub static BOOTSTRAP_PATH: &str = "bootstrap_token";
pub fn home_path() -> Result<std::path::PathBuf, std::io::Error> { pub fn home_path() -> Result<std::path::PathBuf, std::io::Error> {

2
server/crates/arbiter-proto/src/url.rs
View File

@@ -7,6 +7,8 @@ const ARBITER_URL_SCHEME: &str = "arbiter";
const CERT_QUERY_KEY: &str = "cert"; const CERT_QUERY_KEY: &str = "cert";
const BOOTSTRAP_TOKEN_QUERY_KEY: &str = "bootstrap_token"; const BOOTSTRAP_TOKEN_QUERY_KEY: &str = "bootstrap_token";
#[derive(Debug, Clone)]
pub struct ArbiterUrl { pub struct ArbiterUrl {
pub host: String, pub host: String,
pub port: u16, pub port: u16,

80
server/crates/arbiter-server/migrations/2026-02-14-171124-0000_init/up.sql
View File

@@ -40,7 +40,8 @@ create table if not exists arbiter_settings (
tls_id integer references tls_history (id) on delete RESTRICT tls_id integer references tls_history (id) on delete RESTRICT
) STRICT; ) STRICT;
insert into arbiter_settings (id) values (1) on conflict do nothing; -- ensure singleton row exists insert into arbiter_settings (id) values (1) on conflict do nothing;
-- ensure singleton row exists
create table if not exists useragent_client ( create table if not exists useragent_client (
id integer not null primary key, id integer not null primary key,
@@ -50,15 +51,40 @@ create table if not exists useragent_client (
created_at integer not null default(unixepoch ('now')), created_at integer not null default(unixepoch ('now')),
updated_at integer not null default(unixepoch ('now')) updated_at integer not null default(unixepoch ('now'))
) STRICT; ) STRICT;
create unique index if not exists uniq_useragent_client_public_key on useragent_client (public_key, key_type);
create table if not exists client_metadata (
id integer not null primary key,
name text not null, -- human-readable name for the client
description text, -- optional description for the client
version text, -- client version for tracking and debugging
created_at integer not null default(unixepoch ('now'))
) STRICT;
-- created to track history of changes
create table if not exists client_metadata_history (
id integer not null primary key,
metadata_id integer not null references client_metadata (id) on delete cascade,
client_id integer not null references program_client (id) on delete cascade,
created_at integer not null default(unixepoch ('now'))
) STRICT;
create unique index if not exists uniq_metadata_binding_client on client_metadata_history (client_id);
create table if not exists program_client ( create table if not exists program_client (
id integer not null primary key, id integer not null primary key,
nonce integer not null default(1), -- used for auth challenge nonce integer not null default(1), -- used for auth challenge
public_key blob not null, public_key blob not null,
metadata_id integer not null references client_metadata (id) on delete cascade,
created_at integer not null default(unixepoch ('now')), created_at integer not null default(unixepoch ('now')),
updated_at integer not null default(unixepoch ('now')) updated_at integer not null default(unixepoch ('now'))
) STRICT; ) STRICT;
create unique index if not exists program_client_public_key_unique
on program_client (public_key);
create unique index if not exists uniq_program_client_public_key on program_client (public_key);
create table if not exists evm_wallet ( create table if not exists evm_wallet (
id integer not null primary key, id integer not null primary key,
address blob not null, -- 20-byte Ethereum address address blob not null, -- 20-byte Ethereum address
@@ -67,8 +93,18 @@ create table if not exists evm_wallet (
) STRICT; ) STRICT;
create unique index if not exists uniq_evm_wallet_address on evm_wallet (address); create unique index if not exists uniq_evm_wallet_address on evm_wallet (address);
create unique index if not exists uniq_evm_wallet_aead on evm_wallet (aead_encrypted_id); create unique index if not exists uniq_evm_wallet_aead on evm_wallet (aead_encrypted_id);
create table if not exists evm_wallet_access (
id integer not null primary key,
wallet_id integer not null references evm_wallet (id) on delete cascade,
client_id integer not null references program_client (id) on delete cascade,
created_at integer not null default(unixepoch ('now'))
) STRICT;
create unique index if not exists uniq_wallet_access on evm_wallet_access (wallet_id, client_id);
create table if not exists evm_ether_transfer_limit ( create table if not exists evm_ether_transfer_limit (
id integer not null primary key, id integer not null primary key,
window_secs integer not null, -- window duration in seconds window_secs integer not null, -- window duration in seconds
@@ -78,8 +114,7 @@ create table if not exists evm_ether_transfer_limit (
-- Shared grant properties: client scope, timeframe, fee caps, and rate limit -- Shared grant properties: client scope, timeframe, fee caps, and rate limit
create table if not exists evm_basic_grant ( create table if not exists evm_basic_grant (
id integer not null primary key, id integer not null primary key,
wallet_id integer not null references evm_wallet(id) on delete restrict, wallet_access_id integer not null references evm_wallet_access (id) on delete restrict,
client_id integer not null references program_client(id) on delete restrict,
chain_id integer not null, -- EIP-155 chain ID chain_id integer not null, -- EIP-155 chain ID
valid_from integer, -- unix timestamp (seconds), null = no lower bound valid_from integer, -- unix timestamp (seconds), null = no lower bound
valid_until integer, -- unix timestamp (seconds), null = no upper bound valid_until integer, -- unix timestamp (seconds), null = no upper bound
@@ -88,28 +123,27 @@ create table if not exists evm_basic_grant (
rate_limit_count integer, -- max transactions in window, null = unlimited rate_limit_count integer, -- max transactions in window, null = unlimited
rate_limit_window_secs integer, -- window duration in seconds, null = unlimited rate_limit_window_secs integer, -- window duration in seconds, null = unlimited
revoked_at integer, -- unix timestamp when revoked, null = still active revoked_at integer, -- unix timestamp when revoked, null = still active
created_at integer not null default(unixepoch('now')) created_at integer not null default(unixepoch ('now'))
) STRICT; ) STRICT;
-- Shared transaction log for all EVM grants, used for rate limit tracking and auditing -- Shared transaction log for all EVM grants, used for rate limit tracking and auditing
create table if not exists evm_transaction_log ( create table if not exists evm_transaction_log (
id integer not null primary key, id integer not null primary key,
grant_id integer not null references evm_basic_grant(id) on delete restrict, wallet_access_id integer not null references evm_wallet_access (id) on delete restrict,
client_id integer not null references program_client(id) on delete restrict, grant_id integer not null references evm_basic_grant (id) on delete restrict,
wallet_id integer not null references evm_wallet(id) on delete restrict,
chain_id integer not null, chain_id integer not null,
eth_value blob not null, -- always present on any EVM tx eth_value blob not null, -- always present on any EVM tx
signed_at integer not null default(unixepoch('now')) signed_at integer not null default(unixepoch ('now'))
) STRICT; ) STRICT;
create index if not exists idx_evm_basic_grant_wallet_chain on evm_basic_grant(client_id, wallet_id, chain_id); create index if not exists idx_evm_basic_grant_access_chain on evm_basic_grant (wallet_access_id, chain_id);
-- =============================== -- ===============================
-- ERC20 token transfer grant -- ERC20 token transfer grant
-- =============================== -- ===============================
create table if not exists evm_token_transfer_grant ( create table if not exists evm_token_transfer_grant (
id integer not null primary key, id integer not null primary key,
basic_grant_id integer not null unique references evm_basic_grant(id) on delete cascade, basic_grant_id integer not null unique references evm_basic_grant (id) on delete cascade,
token_contract blob not null, -- 20-byte ERC20 contract address token_contract blob not null, -- 20-byte ERC20 contract address
receiver blob -- 20-byte recipient address or null if every recipient allowed receiver blob -- 20-byte recipient address or null if every recipient allowed
) STRICT; ) STRICT;
@@ -117,7 +151,7 @@ create table if not exists evm_token_transfer_grant (
-- Per-window volume limits for token transfer grants -- Per-window volume limits for token transfer grants
create table if not exists evm_token_transfer_volume_limit ( create table if not exists evm_token_transfer_volume_limit (
id integer not null primary key, id integer not null primary key,
grant_id integer not null references evm_token_transfer_grant(id) on delete cascade, grant_id integer not null references evm_token_transfer_grant (id) on delete cascade,
window_secs integer not null, -- window duration in seconds window_secs integer not null, -- window duration in seconds
max_volume blob not null -- big-endian 32-byte U256 max_volume blob not null -- big-endian 32-byte U256
) STRICT; ) STRICT;
@@ -125,37 +159,35 @@ create table if not exists evm_token_transfer_volume_limit (
-- Log table for token transfer grant usage -- Log table for token transfer grant usage
create table if not exists evm_token_transfer_log ( create table if not exists evm_token_transfer_log (
id integer not null primary key, id integer not null primary key,
grant_id integer not null references evm_token_transfer_grant(id) on delete restrict, grant_id integer not null references evm_token_transfer_grant (id) on delete restrict,
log_id integer not null references evm_transaction_log(id) on delete restrict, log_id integer not null references evm_transaction_log (id) on delete restrict,
chain_id integer not null, -- EIP-155 chain ID chain_id integer not null, -- EIP-155 chain ID
token_contract blob not null, -- 20-byte ERC20 contract address token_contract blob not null, -- 20-byte ERC20 contract address
recipient_address blob not null, -- 20-byte recipient address recipient_address blob not null, -- 20-byte recipient address
value blob not null, -- big-endian 32-byte U256 value blob not null, -- big-endian 32-byte U256
created_at integer not null default(unixepoch('now')) created_at integer not null default(unixepoch ('now'))
) STRICT; ) STRICT;
create index if not exists idx_token_transfer_log_grant on evm_token_transfer_log(grant_id); create index if not exists idx_token_transfer_log_grant on evm_token_transfer_log (grant_id);
create index if not exists idx_token_transfer_log_log_id on evm_token_transfer_log(log_id);
create index if not exists idx_token_transfer_log_chain on evm_token_transfer_log(chain_id);
create index if not exists idx_token_transfer_log_log_id on evm_token_transfer_log (log_id);
create index if not exists idx_token_transfer_log_chain on evm_token_transfer_log (chain_id);
-- =============================== -- ===============================
-- Ether transfer grant (uses base log) -- Ether transfer grant (uses base log)
-- =============================== -- ===============================
create table if not exists evm_ether_transfer_grant ( create table if not exists evm_ether_transfer_grant (
id integer not null primary key, id integer not null primary key,
basic_grant_id integer not null unique references evm_basic_grant(id) on delete cascade, basic_grant_id integer not null unique references evm_basic_grant (id) on delete cascade,
limit_id integer not null references evm_ether_transfer_limit(id) on delete restrict limit_id integer not null references evm_ether_transfer_limit (id) on delete restrict
) STRICT; ) STRICT;
-- Specific recipient addresses for an ether transfer grant -- Specific recipient addresses for an ether transfer grant
create table if not exists evm_ether_transfer_grant_target ( create table if not exists evm_ether_transfer_grant_target (
id integer not null primary key, id integer not null primary key,
grant_id integer not null references evm_ether_transfer_grant(id) on delete cascade, grant_id integer not null references evm_ether_transfer_grant (id) on delete cascade,
address blob not null -- 20-byte recipient address address blob not null -- 20-byte recipient address
) STRICT; ) STRICT;
create unique index if not exists uniq_ether_transfer_target on evm_ether_transfer_grant_target(grant_id, address); create unique index if not exists uniq_ether_transfer_target on evm_ether_transfer_grant_target (grant_id, address);
CREATE UNIQUE INDEX program_client_public_key_unique
ON program_client (public_key);

222
server/crates/arbiter-server/src/actors/client/auth.rs
View File

@@ -1,9 +1,11 @@
use arbiter_proto::{ use arbiter_proto::{
format_challenge, ClientMetadata, format_challenge,
transport::{Bi, expect_message}, transport::{Bi, expect_message},
}; };
use chrono::Utc;
use diesel::{ use diesel::{
ExpressionMethods as _, OptionalExtension as _, QueryDsl as _, dsl::insert_into, update, ExpressionMethods as _, OptionalExtension as _, QueryDsl as _, SelectableHelper as _,
dsl::insert_into, update,
}; };
use diesel_async::RunQueryDsl as _; use diesel_async::RunQueryDsl as _;
use ed25519_dalek::{Signature, VerifyingKey}; use ed25519_dalek::{Signature, VerifyingKey};
@@ -12,10 +14,14 @@ use tracing::error;
use crate::{ use crate::{
actors::{ actors::{
client::ClientConnection, client::{ClientConnection, ClientProfile},
router::{self, RequestClientApproval}, flow_coordinator::{self, RequestClientApproval},
},
db::{
self,
models::{ProgramClientMetadata, SqliteTimestamp},
schema::program_client,
}, },
db::{self, schema::program_client},
}; };
#[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)] #[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)]
@@ -39,13 +45,18 @@ pub enum ApproveError {
#[error("Client connection denied by user agents")] #[error("Client connection denied by user agents")]
Denied, Denied,
#[error("Upstream error: {0}")] #[error("Upstream error: {0}")]
Upstream(router::ApprovalError), Upstream(flow_coordinator::ApprovalError),
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub enum Inbound { pub enum Inbound {
AuthChallengeRequest { pubkey: VerifyingKey }, AuthChallengeRequest {
AuthChallengeSolution { signature: Signature }, pubkey: VerifyingKey,
metadata: ClientMetadata,
},
AuthChallengeSolution {
signature: Signature,
},
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
@@ -54,19 +65,18 @@ pub enum Outbound {
AuthSuccess, AuthSuccess,
} }
#[derive(Debug, Clone)] pub struct ClientInfo {
pub struct AuthenticatedClient { pub id: i32,
pub pubkey: VerifyingKey, pub current_nonce: i32,
pub client_id: i32,
} }
/// Atomically reads and increments the nonce for a known client. /// Atomically reads and increments the nonce for a known client.
/// Returns `None` if the pubkey is not registered. /// Returns `None` if the pubkey is not registered.
async fn get_nonce( async fn get_client_and_nonce(
db: &db::DatabasePool, db: &db::DatabasePool,
pubkey: &VerifyingKey, pubkey: &VerifyingKey,
) -> Result<Option<(/* client_id */ i32, /* nonce */ i32)>, Error> { ) -> Result<Option<ClientInfo>, Error> {
let pubkey_bytes = pubkey.as_bytes(); let pubkey_bytes = pubkey.as_bytes().to_vec();
let mut conn = db.get().await.map_err(|e| { let mut conn = db.get().await.map_err(|e| {
error!(error = ?e, "Database pool error"); error!(error = ?e, "Database pool error");
@@ -91,7 +101,10 @@ async fn get_nonce(
.execute(conn) .execute(conn)
.await?; .await?;
Ok(Some((client_id, current_nonce))) Ok(Some(ClientInfo {
id: client_id,
current_nonce,
}))
}) })
}) })
.await .await
@@ -103,13 +116,11 @@ async fn get_nonce(
async fn approve_new_client( async fn approve_new_client(
actors: &crate::actors::GlobalActors, actors: &crate::actors::GlobalActors,
pubkey: VerifyingKey, profile: ClientProfile,
) -> Result<(), Error> { ) -> Result<(), Error> {
let result = actors let result = actors
.router .flow_coordinator
.ask(RequestClientApproval { .ask(RequestClientApproval { client: profile })
client_pubkey: pubkey,
})
.await; .await;
match result { match result {
@@ -120,65 +131,124 @@ async fn approve_new_client(
Err(Error::ApproveError(ApproveError::Upstream(e))) Err(Error::ApproveError(ApproveError::Upstream(e)))
} }
Err(e) => { Err(e) => {
error!(error = ?e, "Approval request to router failed"); error!(error = ?e, "Approval request to flow coordinator failed");
Err(Error::ApproveError(ApproveError::Internal)) Err(Error::ApproveError(ApproveError::Internal))
} }
} }
} }
enum InsertClientResult {
Inserted,
AlreadyExists,
}
async fn insert_client( async fn insert_client(
db: &db::DatabasePool, db: &db::DatabasePool,
pubkey: &VerifyingKey, pubkey: &VerifyingKey,
) -> Result<InsertClientResult, Error> { metadata: &ClientMetadata,
let now = std::time::SystemTime::now() ) -> Result<i32, Error> {
.duration_since(std::time::UNIX_EPOCH) use crate::db::schema::{client_metadata, program_client};
.unwrap_or_default() let mut conn = db.get().await.map_err(|e| {
.as_secs() as i32; error!(error = ?e, "Database pool error");
Error::DatabasePoolUnavailable
})?;
let metadata_id = insert_into(client_metadata::table)
.values((
client_metadata::name.eq(&metadata.name),
client_metadata::description.eq(&metadata.description),
client_metadata::version.eq(&metadata.version),
))
.returning(client_metadata::id)
.get_result::<i32>(&mut conn)
.await
.map_err(|e| {
error!(error = ?e, "Failed to insert client metadata");
Error::DatabaseOperationFailed
})?;
let client_id = insert_into(program_client::table)
.values((
program_client::public_key.eq(pubkey.as_bytes().to_vec()),
program_client::metadata_id.eq(metadata_id),
program_client::nonce.eq(1), // pre-incremented; challenge uses 0
))
.on_conflict_do_nothing()
.returning(program_client::id)
.get_result::<i32>(&mut conn)
.await
.map_err(|e| {
error!(error = ?e, "Failed to insert client metadata");
Error::DatabaseOperationFailed
})?;
Ok(client_id)
}
async fn sync_client_metadata(
db: &db::DatabasePool,
client_id: i32,
metadata: &ClientMetadata,
) -> Result<(), Error> {
use crate::db::schema::{client_metadata, client_metadata_history};
let now = SqliteTimestamp(Utc::now());
let mut conn = db.get().await.map_err(|e| { let mut conn = db.get().await.map_err(|e| {
error!(error = ?e, "Database pool error"); error!(error = ?e, "Database pool error");
Error::DatabasePoolUnavailable Error::DatabasePoolUnavailable
})?; })?;
match insert_into(program_client::table) conn.exclusive_transaction(|conn| {
let metadata = metadata.clone();
Box::pin(async move {
let (current_metadata_id, current): (i32, ProgramClientMetadata) =
program_client::table
.find(client_id)
.inner_join(client_metadata::table)
.select((
program_client::metadata_id,
ProgramClientMetadata::as_select(),
))
.first(conn)
.await?;
let unchanged = current.name == metadata.name
&& current.description == metadata.description
&& current.version == metadata.version;
if unchanged {
return Ok(());
}
insert_into(client_metadata_history::table)
.values(( .values((
program_client::public_key.eq(pubkey.as_bytes().to_vec()), client_metadata_history::metadata_id.eq(current_metadata_id),
program_client::nonce.eq(1), // pre-incremented; challenge uses 0 client_metadata_history::client_id.eq(client_id),
program_client::created_at.eq(now), ))
.execute(conn)
.await?;
let metadata_id = insert_into(client_metadata::table)
.values((
client_metadata::name.eq(&metadata.name),
client_metadata::description.eq(&metadata.description),
client_metadata::version.eq(&metadata.version),
))
.returning(client_metadata::id)
.get_result::<i32>(conn)
.await?;
update(program_client::table.find(client_id))
.set((
program_client::metadata_id.eq(metadata_id),
program_client::updated_at.eq(now), program_client::updated_at.eq(now),
)) ))
.execute(&mut conn) .execute(conn)
.await .await?;
{
Ok(_) => {}
Err(diesel::result::Error::DatabaseError(
diesel::result::DatabaseErrorKind::UniqueViolation,
_,
)) => return Ok(InsertClientResult::AlreadyExists),
Err(e) => {
error!(error = ?e, "Failed to insert new client");
return Err(Error::DatabaseOperationFailed);
}
}
let client_id = program_client::table Ok::<(), diesel::result::Error>(())
.filter(program_client::public_key.eq(pubkey.as_bytes().to_vec())) })
.order(program_client::id.desc()) })
.select(program_client::id)
.first::<i32>(&mut conn)
.await .await
.map_err(|e| { .map_err(|e| {
error!(error = ?e, "Failed to load inserted client id"); error!(error = ?e, "Database error");
Error::DatabaseOperationFailed Error::DatabaseOperationFailed
})?; })
let _ = client_id;
Ok(InsertClientResult::Inserted)
} }
async fn challenge_client<T>( async fn challenge_client<T>(
@@ -220,32 +290,36 @@ where
pub async fn authenticate<T>( pub async fn authenticate<T>(
props: &mut ClientConnection, props: &mut ClientConnection,
transport: &mut T, transport: &mut T,
) -> Result<AuthenticatedClient, Error> ) -> Result<i32, Error>
where where
T: Bi<Inbound, Result<Outbound, Error>> + Send + ?Sized, T: Bi<Inbound, Result<Outbound, Error>> + Send + ?Sized,
{ {
let Some(Inbound::AuthChallengeRequest { pubkey }) = transport.recv().await else { let Some(Inbound::AuthChallengeRequest { pubkey, metadata }) = transport.recv().await else {
return Err(Error::Transport); return Err(Error::Transport);
}; };
let (client_id, nonce) = match get_nonce(&props.db, &pubkey).await? { let info = match get_client_and_nonce(&props.db, &pubkey).await? {
Some(client_nonce) => client_nonce, Some(nonce) => nonce,
None => { None => {
approve_new_client(&props.actors, pubkey).await?; approve_new_client(
match insert_client(&props.db, &pubkey).await? { &props.actors,
InsertClientResult::Inserted => match get_nonce(&props.db, &pubkey).await? { ClientProfile {
Some((client_id, _)) => (client_id, 0), pubkey,
None => return Err(Error::DatabaseOperationFailed), metadata: metadata.clone(),
},
InsertClientResult::AlreadyExists => match get_nonce(&props.db, &pubkey).await? {
Some((client_id, nonce)) => (client_id, nonce),
None => return Err(Error::DatabaseOperationFailed),
}, },
)
.await?;
let client_id = insert_client(&props.db, &pubkey, &metadata).await?;
ClientInfo {
id: client_id,
current_nonce: 0,
} }
} }
}; };
challenge_client(transport, pubkey, nonce).await?; sync_client_metadata(&props.db, info.id, &metadata).await?;
challenge_client(transport, pubkey, info.current_nonce).await?;
transport transport
.send(Ok(Outbound::AuthSuccess)) .send(Ok(Outbound::AuthSuccess))
.await .await
@@ -254,5 +328,5 @@ where
Error::Transport Error::Transport
})?; })?;
Ok(AuthenticatedClient { pubkey, client_id }) Ok(info.id)
} }

15
server/crates/arbiter-server/src/actors/client/mod.rs
View File

@@ -1,4 +1,4 @@
use arbiter_proto::transport::Bi; use arbiter_proto::{ClientMetadata, transport::Bi};
use kameo::actor::Spawn; use kameo::actor::Spawn;
use tracing::{error, info}; use tracing::{error, info};
@@ -7,10 +7,15 @@ use crate::{
db, db,
}; };
#[derive(Debug, Clone)]
pub struct ClientProfile {
pub pubkey: ed25519_dalek::VerifyingKey,
pub metadata: ClientMetadata,
}
pub struct ClientConnection { pub struct ClientConnection {
pub(crate) db: db::DatabasePool, pub(crate) db: db::DatabasePool,
pub(crate) actors: GlobalActors, pub(crate) actors: GlobalActors,
pub(crate) client_id: i32,
} }
impl ClientConnection { impl ClientConnection {
@@ -18,7 +23,6 @@ impl ClientConnection {
Self { Self {
db, db,
actors, actors,
client_id: 0,
} }
} }
} }
@@ -31,9 +35,8 @@ where
T: Bi<auth::Inbound, Result<auth::Outbound, auth::Error>> + Send + ?Sized, T: Bi<auth::Inbound, Result<auth::Outbound, auth::Error>> + Send + ?Sized,
{ {
match auth::authenticate(&mut props, transport).await { match auth::authenticate(&mut props, transport).await {
Ok(authenticated) => { Ok(client_id) => {
props.client_id = authenticated.client_id; ClientSession::spawn(ClientSession::new(props, client_id));
ClientSession::spawn(ClientSession::new(props));
info!("Client authenticated, session started"); info!("Client authenticated, session started");
} }
Err(err) => { Err(err) => {

17
server/crates/arbiter-server/src/actors/client/session.rs
View File

@@ -1,3 +1,4 @@
use ed25519_dalek::VerifyingKey;
use kameo::{Actor, messages}; use kameo::{Actor, messages};
use tracing::error; use tracing::error;
@@ -6,10 +7,11 @@ use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
use crate::{ use crate::{
actors::{ actors::{
GlobalActors, GlobalActors,
client::ClientConnection, client::ClientConnection, flow_coordinator::RegisterClient,
evm::{ClientSignTransaction, SignTransactionError}, evm::{ClientSignTransaction, SignTransactionError},
keyholder::KeyHolderState, keyholder::KeyHolderState,
router::RegisterClient,
}, },
db, db,
evm::VetError, evm::VetError,
@@ -17,11 +19,12 @@ use crate::{
pub struct ClientSession { pub struct ClientSession {
props: ClientConnection, props: ClientConnection,
client_id: i32,
} }
impl ClientSession { impl ClientSession {
pub(crate) fn new(props: ClientConnection) -> Self { pub(crate) fn new(props: ClientConnection, client_id: i32) -> Self {
Self { props } Self { props, client_id }
} }
} }
@@ -53,7 +56,7 @@ impl ClientSession {
.actors .actors
.evm .evm
.ask(ClientSignTransaction { .ask(ClientSignTransaction {
client_id: self.props.client_id, client_id: self.client_id,
wallet_address, wallet_address,
transaction, transaction,
}) })
@@ -82,7 +85,7 @@ impl Actor for ClientSession {
) -> Result<Self, Self::Error> { ) -> Result<Self, Self::Error> {
args.props args.props
.actors .actors
.router .flow_coordinator
.ask(RegisterClient { actor: this }) .ask(RegisterClient { actor: this })
.await .await
.map_err(|_| Error::ConnectionRegistrationFailed)?; .map_err(|_| Error::ConnectionRegistrationFailed)?;
@@ -93,7 +96,7 @@ impl Actor for ClientSession {
impl ClientSession { impl ClientSession {
pub fn new_test(db: db::DatabasePool, actors: GlobalActors) -> Self { pub fn new_test(db: db::DatabasePool, actors: GlobalActors) -> Self {
let props = ClientConnection::new(db, actors); let props = ClientConnection::new(db, actors);
Self { props } Self { props, client_id: 0 }
} }
} }

117
server/crates/arbiter-server/src/actors/evm/mod.rs
View File

@@ -9,12 +9,12 @@ use rand::{SeedableRng, rng, rngs::StdRng};
use crate::{ use crate::{
actors::keyholder::{CreateNew, Decrypt, KeyHolder}, actors::keyholder::{CreateNew, Decrypt, KeyHolder},
db::{ db::{
self, DatabasePool, self, DatabaseError, DatabasePool,
models::{self, SqliteTimestamp}, models::{self, SqliteTimestamp},
schema, schema,
}, },
evm::{ evm::{
self, ListGrantsError, RunKind, self, RunKind,
policies::{ policies::{
FullGrant, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning, FullGrant, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning,
ether_transfer::EtherTransfer, token_transfers::TokenTransfer, ether_transfer::EtherTransfer, token_transfers::TokenTransfer,
@@ -33,11 +33,7 @@ pub enum SignTransactionError {
#[error("Database error: {0}")] #[error("Database error: {0}")]
#[diagnostic(code(arbiter::evm::sign::database))] #[diagnostic(code(arbiter::evm::sign::database))]
Database(#[from] diesel::result::Error), Database(#[from] DatabaseError),
#[error("Database pool error: {0}")]
#[diagnostic(code(arbiter::evm::sign::pool))]
Pool(#[from] db::PoolError),
#[error("Keyholder error: {0}")] #[error("Keyholder error: {0}")]
#[diagnostic(code(arbiter::evm::sign::keyholder))] #[diagnostic(code(arbiter::evm::sign::keyholder))]
@@ -68,15 +64,7 @@ pub enum Error {
#[error("Database error: {0}")] #[error("Database error: {0}")]
#[diagnostic(code(arbiter::evm::database))] #[diagnostic(code(arbiter::evm::database))]
Database(#[from] diesel::result::Error), Database(#[from] DatabaseError),
#[error("Database pool error: {0}")]
#[diagnostic(code(arbiter::evm::database_pool))]
DatabasePool(#[from] db::PoolError),
#[error("Grant creation error: {0}")]
#[diagnostic(code(arbiter::evm::creation))]
Creation(#[from] evm::CreationError),
} }
#[derive(Actor)] #[derive(Actor)]
@@ -105,7 +93,7 @@ impl EvmActor {
#[messages] #[messages]
impl EvmActor { impl EvmActor {
#[message] #[message]
pub async fn generate(&mut self) -> Result<Address, Error> { pub async fn generate(&mut self) -> Result<(i32, Address), Error> {
let (mut key_cell, address) = safe_signer::generate(&mut self.rng); let (mut key_cell, address) = safe_signer::generate(&mut self.rng);
let plaintext = key_cell.read_inline(|reader| SafeCell::new(reader.to_vec())); let plaintext = key_cell.read_inline(|reader| SafeCell::new(reader.to_vec()));
@@ -116,29 +104,32 @@ impl EvmActor {
.await .await
.map_err(|_| Error::KeyholderSend)?; .map_err(|_| Error::KeyholderSend)?;
let mut conn = self.db.get().await?; let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
insert_into(schema::evm_wallet::table) let wallet_id = insert_into(schema::evm_wallet::table)
.values(&models::NewEvmWallet { .values(&models::NewEvmWallet {
address: address.as_slice().to_vec(), address: address.as_slice().to_vec(),
aead_encrypted_id: aead_id, aead_encrypted_id: aead_id,
}) })
.execute(&mut conn) .returning(schema::evm_wallet::id)
.await?; .get_result(&mut conn)
.await
.map_err(DatabaseError::from)?;
Ok(address) Ok((wallet_id, address))
} }
#[message] #[message]
pub async fn list_wallets(&self) -> Result<Vec<Address>, Error> { pub async fn list_wallets(&self) -> Result<Vec<(i32, Address)>, Error> {
let mut conn = self.db.get().await?; let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
let rows: Vec<models::EvmWallet> = schema::evm_wallet::table let rows: Vec<models::EvmWallet> = schema::evm_wallet::table
.select(models::EvmWallet::as_select()) .select(models::EvmWallet::as_select())
.load(&mut conn) .load(&mut conn)
.await?; .await
.map_err(DatabaseError::from)?;
Ok(rows Ok(rows
.into_iter() .into_iter()
.map(|w| Address::from_slice(&w.address)) .map(|w| (w.id, Address::from_slice(&w.address)))
.collect()) .collect())
} }
} }
@@ -148,31 +139,24 @@ impl EvmActor {
#[message] #[message]
pub async fn useragent_create_grant( pub async fn useragent_create_grant(
&mut self, &mut self,
client_id: i32,
basic: SharedGrantSettings, basic: SharedGrantSettings,
grant: SpecificGrant, grant: SpecificGrant,
) -> Result<i32, evm::CreationError> { ) -> Result<i32, DatabaseError> {
match grant { match grant {
SpecificGrant::EtherTransfer(settings) => { SpecificGrant::EtherTransfer(settings) => {
self.engine self.engine
.create_grant::<EtherTransfer>( .create_grant::<EtherTransfer>(FullGrant {
client_id,
FullGrant {
basic, basic,
specific: settings, specific: settings,
}, })
)
.await .await
} }
SpecificGrant::TokenTransfer(settings) => { SpecificGrant::TokenTransfer(settings) => {
self.engine self.engine
.create_grant::<TokenTransfer>( .create_grant::<TokenTransfer>(FullGrant {
client_id,
FullGrant {
basic, basic,
specific: settings, specific: settings,
}, })
)
.await .await
} }
} }
@@ -180,22 +164,23 @@ impl EvmActor {
#[message] #[message]
pub async fn useragent_delete_grant(&mut self, grant_id: i32) -> Result<(), Error> { pub async fn useragent_delete_grant(&mut self, grant_id: i32) -> Result<(), Error> {
let mut conn = self.db.get().await?; let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
diesel::update(schema::evm_basic_grant::table) diesel::update(schema::evm_basic_grant::table)
.filter(schema::evm_basic_grant::id.eq(grant_id)) .filter(schema::evm_basic_grant::id.eq(grant_id))
.set(schema::evm_basic_grant::revoked_at.eq(SqliteTimestamp::now())) .set(schema::evm_basic_grant::revoked_at.eq(SqliteTimestamp::now()))
.execute(&mut conn) .execute(&mut conn)
.await?; .await
.map_err(DatabaseError::from)?;
Ok(()) Ok(())
} }
#[message] #[message]
pub async fn useragent_list_grants(&mut self) -> Result<Vec<Grant<SpecificGrant>>, Error> { pub async fn useragent_list_grants(&mut self) -> Result<Vec<Grant<SpecificGrant>>, Error> {
match self.engine.list_all_grants().await { Ok(self
Ok(grants) => Ok(grants), .engine
Err(ListGrantsError::Database(db)) => Err(Error::Database(db)), .list_all_grants()
Err(ListGrantsError::Pool(pool)) => Err(Error::DatabasePool(pool)), .await
} .map_err(DatabaseError::from)?)
} }
#[message] #[message]
@@ -205,24 +190,29 @@ impl EvmActor {
wallet_address: Address, wallet_address: Address,
transaction: TxEip1559, transaction: TxEip1559,
) -> Result<SpecificMeaning, SignTransactionError> { ) -> Result<SpecificMeaning, SignTransactionError> {
let mut conn = self.db.get().await?; let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
let wallet = schema::evm_wallet::table let wallet = schema::evm_wallet::table
.select(models::EvmWallet::as_select()) .select(models::EvmWallet::as_select())
.filter(schema::evm_wallet::address.eq(wallet_address.as_slice())) .filter(schema::evm_wallet::address.eq(wallet_address.as_slice()))
.first(&mut conn) .first(&mut conn)
.await .await
.optional()? .optional()
.map_err(DatabaseError::from)?
.ok_or(SignTransactionError::WalletNotFound)?;
let wallet_access = schema::evm_wallet_access::table
.select(models::EvmWalletAccess::as_select())
.filter(schema::evm_wallet_access::wallet_id.eq(wallet.id))
.filter(schema::evm_wallet_access::client_id.eq(client_id))
.first(&mut conn)
.await
.optional()
.map_err(DatabaseError::from)?
.ok_or(SignTransactionError::WalletNotFound)?; .ok_or(SignTransactionError::WalletNotFound)?;
drop(conn); drop(conn);
let meaning = self let meaning = self
.engine .engine
.evaluate_transaction( .evaluate_transaction(wallet_access, transaction.clone(), RunKind::Execution)
wallet.id,
client_id,
transaction.clone(),
RunKind::Execution,
)
.await?; .await?;
Ok(meaning) Ok(meaning)
@@ -235,13 +225,23 @@ impl EvmActor {
wallet_address: Address, wallet_address: Address,
mut transaction: TxEip1559, mut transaction: TxEip1559,
) -> Result<Signature, SignTransactionError> { ) -> Result<Signature, SignTransactionError> {
let mut conn = self.db.get().await?; let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
let wallet = schema::evm_wallet::table let wallet = schema::evm_wallet::table
.select(models::EvmWallet::as_select()) .select(models::EvmWallet::as_select())
.filter(schema::evm_wallet::address.eq(wallet_address.as_slice())) .filter(schema::evm_wallet::address.eq(wallet_address.as_slice()))
.first(&mut conn) .first(&mut conn)
.await .await
.optional()? .optional()
.map_err(DatabaseError::from)?
.ok_or(SignTransactionError::WalletNotFound)?;
let wallet_access = schema::evm_wallet_access::table
.select(models::EvmWalletAccess::as_select())
.filter(schema::evm_wallet_access::wallet_id.eq(wallet.id))
.filter(schema::evm_wallet_access::client_id.eq(client_id))
.first(&mut conn)
.await
.optional()
.map_err(DatabaseError::from)?
.ok_or(SignTransactionError::WalletNotFound)?; .ok_or(SignTransactionError::WalletNotFound)?;
drop(conn); drop(conn);
@@ -256,12 +256,7 @@ impl EvmActor {
let signer = safe_signer::SafeSigner::from_cell(raw_key)?; let signer = safe_signer::SafeSigner::from_cell(raw_key)?;
self.engine self.engine
.evaluate_transaction( .evaluate_transaction(wallet_access, transaction.clone(), RunKind::Execution)
wallet.id,
client_id,
transaction.clone(),
RunKind::Execution,
)
.await?; .await?;
use alloy::network::TxSignerSync as _; use alloy::network::TxSignerSync as _;

101
server/crates/arbiter-server/src/actors/flow_coordinator/client_connect_approval.rs Normal file
View File

@@ -0,0 +1,101 @@
use std::ops::ControlFlow;
use kameo::{
Actor, messages,
prelude::{ActorId, ActorRef, ActorStopReason, Context, WeakActorRef},
reply::ReplySender,
};
use crate::actors::{
client::ClientProfile,
flow_coordinator::ApprovalError,
user_agent::{UserAgentSession, session::BeginNewClientApproval},
};
pub struct Args {
pub client: ClientProfile,
pub user_agents: Vec<ActorRef<UserAgentSession>>,
pub reply: ReplySender<Result<bool, ApprovalError>>
}
pub struct ClientApprovalController {
/// Number of UAs that have not yet responded (approval or denial) or died.
pending: usize,
/// Number of approvals received so far.
approved: usize,
reply: Option<ReplySender<Result<bool, ApprovalError>>>,
}
impl ClientApprovalController {
fn send_reply(&mut self, result: Result<bool, ApprovalError>) {
if let Some(reply) = self.reply.take() {
reply.send(result);
}
}
}
impl Actor for ClientApprovalController {
type Args = Args;
type Error = ();
async fn on_start(
Args { client, mut user_agents, reply }: Self::Args,
actor_ref: ActorRef<Self>,
) -> Result<Self, Self::Error> {
let this = Self {
pending: user_agents.len(),
approved: 0,
reply: Some(reply),
};
for user_agent in user_agents.drain(..) {
actor_ref.link(&user_agent).await;
let _ = user_agent
.tell(BeginNewClientApproval {
client: client.clone(),
controller: actor_ref.clone(),
})
.await;
}
Ok(this)
}
async fn on_link_died(
&mut self,
_: WeakActorRef<Self>,
_: ActorId,
_: ActorStopReason,
) -> Result<ControlFlow<ActorStopReason>, Self::Error> {
// A linked UA died before responding — counts as a non-approval.
self.pending = self.pending.saturating_sub(1);
if self.pending == 0 {
// At least one UA didn't approve: deny.
self.send_reply(Ok(false));
return Ok(ControlFlow::Break(ActorStopReason::Normal));
}
Ok(ControlFlow::Continue(()))
}
}
#[messages]
impl ClientApprovalController {
#[message(ctx)]
pub async fn client_approval_answer(&mut self, approved: bool, ctx: &mut Context<Self, ()>) {
if !approved {
// Denial wins immediately regardless of other pending responses.
self.send_reply(Ok(false));
ctx.stop();
return;
}
self.approved += 1;
self.pending = self.pending.saturating_sub(1);
if self.pending == 0 {
// Every connected UA approved.
self.send_reply(Ok(true));
ctx.stop();
}
}
}

118
server/crates/arbiter-server/src/actors/flow_coordinator/mod.rs Normal file
View File

@@ -0,0 +1,118 @@
use std::{collections::HashMap, ops::ControlFlow};
use kameo::{
Actor,
actor::{ActorId, ActorRef, Spawn},
messages,
prelude::{ActorStopReason, Context, WeakActorRef},
reply::DelegatedReply,
};
use tracing::info;
use crate::actors::{
client::{ClientProfile, session::ClientSession},
flow_coordinator::client_connect_approval::ClientApprovalController,
user_agent::session::UserAgentSession,
};
pub mod client_connect_approval;
#[derive(Default)]
pub struct FlowCoordinator {
pub user_agents: HashMap<ActorId, ActorRef<UserAgentSession>>,
pub clients: HashMap<ActorId, ActorRef<ClientSession>>,
}
impl Actor for FlowCoordinator {
type Args = Self;
type Error = ();
async fn on_start(args: Self::Args, _: ActorRef<Self>) -> Result<Self, Self::Error> {
Ok(args)
}
async fn on_link_died(
&mut self,
_: WeakActorRef<Self>,
id: ActorId,
_: ActorStopReason,
) -> Result<ControlFlow<ActorStopReason>, Self::Error> {
if self.user_agents.remove(&id).is_some() {
info!(
?id,
actor = "FlowCoordinator",
event = "useragent.disconnected"
);
} else if self.clients.remove(&id).is_some() {
info!(
?id,
actor = "FlowCoordinator",
event = "client.disconnected"
);
} else {
info!(
?id,
actor = "FlowCoordinator",
event = "unknown.actor.disconnected"
);
}
Ok(ControlFlow::Continue(()))
}
}
#[derive(Debug, thiserror::Error, Clone, PartialEq, Eq, Hash)]
pub enum ApprovalError {
#[error("No user agents connected")]
NoUserAgentsConnected,
}
#[messages]
impl FlowCoordinator {
#[message(ctx)]
pub async fn register_user_agent(
&mut self,
actor: ActorRef<UserAgentSession>,
ctx: &mut Context<Self, ()>,
) {
info!(id = %actor.id(), actor = "FlowCoordinator", event = "useragent.connected");
ctx.actor_ref().link(&actor).await;
self.user_agents.insert(actor.id(), actor);
}
#[message(ctx)]
pub async fn register_client(
&mut self,
actor: ActorRef<ClientSession>,
ctx: &mut Context<Self, ()>,
) {
info!(id = %actor.id(), actor = "FlowCoordinator", event = "client.connected");
ctx.actor_ref().link(&actor).await;
self.clients.insert(actor.id(), actor);
}
#[message(ctx)]
pub async fn request_client_approval(
&mut self,
client: ClientProfile,
ctx: &mut Context<Self, DelegatedReply<Result<bool, ApprovalError>>>,
) -> DelegatedReply<Result<bool, ApprovalError>> {
let (reply, Some(reply_sender)) = ctx.reply_sender() else {
unreachable!("Expected `request_client_approval` to have callback channel");
};
let refs: Vec<_> = self.user_agents.values().cloned().collect();
if refs.is_empty() {
reply_sender.send(Err(ApprovalError::NoUserAgentsConnected));
return reply;
}
ClientApprovalController::spawn(client_connect_approval::Args {
client,
user_agents: refs,
reply: reply_sender,
});
reply
}
}

11
server/crates/arbiter-server/src/actors/mod.rs
View File

@@ -3,15 +3,18 @@ use miette::Diagnostic;
use thiserror::Error; use thiserror::Error;
use crate::{ use crate::{
actors::{bootstrap::Bootstrapper, evm::EvmActor, keyholder::KeyHolder, router::MessageRouter}, actors::{
bootstrap::Bootstrapper, evm::EvmActor, flow_coordinator::FlowCoordinator,
keyholder::KeyHolder,
},
db, db,
}; };
pub mod bootstrap; pub mod bootstrap;
pub mod client; pub mod client;
mod evm; mod evm;
pub mod flow_coordinator;
pub mod keyholder; pub mod keyholder;
pub mod router;
pub mod user_agent; pub mod user_agent;
#[derive(Error, Debug, Diagnostic)] #[derive(Error, Debug, Diagnostic)]
@@ -30,7 +33,7 @@ pub enum SpawnError {
pub struct GlobalActors { pub struct GlobalActors {
pub key_holder: ActorRef<KeyHolder>, pub key_holder: ActorRef<KeyHolder>,
pub bootstrapper: ActorRef<Bootstrapper>, pub bootstrapper: ActorRef<Bootstrapper>,
pub router: ActorRef<MessageRouter>, pub flow_coordinator: ActorRef<FlowCoordinator>,
pub evm: ActorRef<EvmActor>, pub evm: ActorRef<EvmActor>,
} }
@@ -41,7 +44,7 @@ impl GlobalActors {
bootstrapper: Bootstrapper::spawn(Bootstrapper::new(&db).await?), bootstrapper: Bootstrapper::spawn(Bootstrapper::new(&db).await?),
evm: EvmActor::spawn(EvmActor::new(key_holder.clone(), db)), evm: EvmActor::spawn(EvmActor::new(key_holder.clone(), db)),
key_holder, key_holder,
router: MessageRouter::spawn(MessageRouter::default()), flow_coordinator: FlowCoordinator::spawn(FlowCoordinator::default()),
}) })
} }
} }

173
server/crates/arbiter-server/src/actors/router/mod.rs
View File

@@ -1,173 +0,0 @@
use std::{collections::HashMap, ops::ControlFlow};
use ed25519_dalek::VerifyingKey;
use kameo::{
Actor,
actor::{ActorId, ActorRef},
messages,
prelude::{ActorStopReason, Context, WeakActorRef},
reply::DelegatedReply,
};
use tokio::{sync::watch, task::JoinSet};
use tracing::{info, warn};
use crate::actors::{
client::session::ClientSession,
user_agent::session::{RequestNewClientApproval, UserAgentSession},
};
#[derive(Default)]
pub struct MessageRouter {
pub user_agents: HashMap<ActorId, ActorRef<UserAgentSession>>,
pub clients: HashMap<ActorId, ActorRef<ClientSession>>,
}
impl Actor for MessageRouter {
type Args = Self;
type Error = ();
async fn on_start(args: Self::Args, _: ActorRef<Self>) -> Result<Self, Self::Error> {
Ok(args)
}
async fn on_link_died(
&mut self,
_: WeakActorRef<Self>,
id: ActorId,
_: ActorStopReason,
) -> Result<ControlFlow<ActorStopReason>, Self::Error> {
if self.user_agents.remove(&id).is_some() {
info!(
?id,
actor = "MessageRouter",
event = "useragent.disconnected"
);
} else if self.clients.remove(&id).is_some() {
info!(?id, actor = "MessageRouter", event = "client.disconnected");
} else {
info!(
?id,
actor = "MessageRouter",
event = "unknown.actor.disconnected"
);
}
Ok(ControlFlow::Continue(()))
}
}
#[derive(Debug, thiserror::Error, Clone, PartialEq, Eq, Hash)]
pub enum ApprovalError {
#[error("No user agents connected")]
NoUserAgentsConnected,
}
async fn request_client_approval(
user_agents: &[WeakActorRef<UserAgentSession>],
client_pubkey: VerifyingKey,
) -> Result<bool, ApprovalError> {
if user_agents.is_empty() {
return Err(ApprovalError::NoUserAgentsConnected);
}
let mut pool = JoinSet::new();
let (cancel_tx, cancel_rx) = watch::channel(());
for weak_ref in user_agents {
match weak_ref.upgrade() {
Some(agent) => {
let cancel_rx = cancel_rx.clone();
pool.spawn(async move {
agent
.ask(RequestNewClientApproval {
client_pubkey,
cancel_flag: cancel_rx.clone(),
})
.await
});
}
None => {
warn!(
id = weak_ref.id().to_string(),
actor = "MessageRouter",
event = "useragent.disconnected_before_approval"
);
}
}
}
while let Some(result) = pool.join_next().await {
match result {
Ok(Ok(approved)) => {
// cancel other pending requests
let _ = cancel_tx.send(());
return Ok(approved);
}
Ok(Err(err)) => {
warn!(
?err,
actor = "MessageRouter",
event = "useragent.approval_error"
);
}
Err(err) => {
warn!(
?err,
actor = "MessageRouter",
event = "useragent.approval_task_failed"
);
}
}
}
Err(ApprovalError::NoUserAgentsConnected)
}
#[messages]
impl MessageRouter {
#[message(ctx)]
pub async fn register_user_agent(
&mut self,
actor: ActorRef<UserAgentSession>,
ctx: &mut Context<Self, ()>,
) {
info!(id = %actor.id(), actor = "MessageRouter", event = "useragent.connected");
ctx.actor_ref().link(&actor).await;
self.user_agents.insert(actor.id(), actor);
}
#[message(ctx)]
pub async fn register_client(
&mut self,
actor: ActorRef<ClientSession>,
ctx: &mut Context<Self, ()>,
) {
info!(id = %actor.id(), actor = "MessageRouter", event = "client.connected");
ctx.actor_ref().link(&actor).await;
self.clients.insert(actor.id(), actor);
}
#[message(ctx)]
pub async fn request_client_approval(
&mut self,
client_pubkey: VerifyingKey,
ctx: &mut Context<Self, DelegatedReply<Result<bool, ApprovalError>>>,
) -> DelegatedReply<Result<bool, ApprovalError>> {
let (reply, Some(reply_sender)) = ctx.reply_sender() else {
unreachable!("Expected `request_client_approval` to have callback channel");
};
let weak_refs = self
.user_agents
.values()
.map(|agent| agent.downgrade())
.collect::<Vec<_>>();
tokio::task::spawn(async move {
let result = request_client_approval(&weak_refs, client_pubkey).await;
reply_sender.send(result);
});
reply
}
}

6
server/crates/arbiter-server/src/actors/user_agent/mod.rs
View File

@@ -1,5 +1,5 @@
use crate::{ use crate::{
actors::GlobalActors, actors::{GlobalActors, client::ClientProfile},
db::{self, models::KeyType}, db::{self, models::KeyType},
}; };
@@ -72,8 +72,8 @@ impl TryFrom<(KeyType, Vec<u8>)> for AuthPublicKey {
// Messages, sent by user agent to connection client without having a request // Messages, sent by user agent to connection client without having a request
#[derive(Debug)] #[derive(Debug)]
pub enum OutOfBand { pub enum OutOfBand {
ClientConnectionRequest { pubkey: ed25519_dalek::VerifyingKey }, ClientConnectionRequest { profile: ClientProfile },
ClientConnectionCancel, ClientConnectionCancel { pubkey: ed25519_dalek::VerifyingKey },
} }
pub struct UserAgentConnection { pub struct UserAgentConnection {

107
server/crates/arbiter-server/src/actors/user_agent/session.rs
View File

@@ -1,15 +1,15 @@
use std::borrow::Cow; use std::{borrow::Cow, collections::HashMap};
use arbiter_proto::transport::Sender; use arbiter_proto::transport::Sender;
use async_trait::async_trait; use async_trait::async_trait;
use ed25519_dalek::VerifyingKey; use ed25519_dalek::VerifyingKey;
use kameo::{Actor, messages}; use kameo::{Actor, actor::ActorRef, messages};
use thiserror::Error; use thiserror::Error;
use tokio::sync::watch;
use tracing::error; use tracing::error;
use crate::actors::{ use crate::actors::{
router::RegisterUserAgent, client::ClientProfile,
flow_coordinator::{RegisterUserAgent, client_connect_approval::ClientApprovalController},
user_agent::{OutOfBand, UserAgentConnection}, user_agent::{OutOfBand, UserAgentConnection},
}; };
@@ -25,6 +25,19 @@ pub enum Error {
Internal { message: Cow<'static, str> }, Internal { message: Cow<'static, str> },
} }
impl From<crate::db::PoolError> for Error {
fn from(err: crate::db::PoolError) -> Self {
error!(?err, "Database pool error");
Self::internal("Database pool error")
}
}
impl From<diesel::result::Error> for Error {
fn from(err: diesel::result::Error) -> Self {
error!(?err, "Database error");
Self::internal("Database error")
}
}
impl Error { impl Error {
pub fn internal(message: impl Into<Cow<'static, str>>) -> Self { pub fn internal(message: impl Into<Cow<'static, str>>) -> Self {
Self::Internal { Self::Internal {
@@ -33,25 +46,19 @@ impl Error {
} }
} }
pub struct PendingClientApproval {
controller: ActorRef<ClientApprovalController>,
}
pub struct UserAgentSession { pub struct UserAgentSession {
props: UserAgentConnection, props: UserAgentConnection,
state: UserAgentStateMachine<DummyContext>, state: UserAgentStateMachine<DummyContext>,
#[allow(
dead_code,
reason = "The session keeps ownership of the outbound transport even before the state-machine flow starts using it directly"
)]
sender: Box<dyn Sender<OutOfBand>>, sender: Box<dyn Sender<OutOfBand>>,
pending_client_approvals: HashMap<VerifyingKey, PendingClientApproval>,
} }
mod connection; pub mod connection;
pub(crate) use connection::{
BootstrapError, HandleBootstrapEncryptedKey, HandleEvmWalletCreate, HandleEvmWalletList,
HandleGrantCreate, HandleGrantDelete, HandleGrantList, HandleQueryVaultState,
HandleSignTransaction,
};
pub use connection::{
HandleUnsealEncryptedKey, HandleUnsealRequest, SignTransactionError, UnsealError,
};
impl UserAgentSession { impl UserAgentSession {
pub(crate) fn new(props: UserAgentConnection, sender: Box<dyn Sender<OutOfBand>>) -> Self { pub(crate) fn new(props: UserAgentConnection, sender: Box<dyn Sender<OutOfBand>>) -> Self {
@@ -59,6 +66,7 @@ impl UserAgentSession {
props, props,
state: UserAgentStateMachine::new(DummyContext), state: UserAgentStateMachine::new(DummyContext),
sender, sender,
pending_client_approvals: Default::default(),
} }
} }
@@ -90,26 +98,28 @@ impl UserAgentSession {
#[messages] #[messages]
impl UserAgentSession { impl UserAgentSession {
#[message] #[message]
pub async fn request_new_client_approval( pub async fn begin_new_client_approval(
&mut self, &mut self,
client_pubkey: VerifyingKey, client: ClientProfile,
mut cancel_flag: watch::Receiver<()>, controller: ActorRef<ClientApprovalController>,
) -> Result<bool, ()> { ) {
if self if let Err(e) = self
.sender .sender
.send(OutOfBand::ClientConnectionRequest { .send(OutOfBand::ClientConnectionRequest {
pubkey: client_pubkey, profile: client.clone(),
}) })
.await .await
.is_err()
{ {
return Err(()); error!(
?e,
actor = "user_agent",
event = "failed to announce new client connection"
);
return;
} }
let _ = cancel_flag.changed().await; self.pending_client_approvals
.insert(client.pubkey, PendingClientApproval { controller });
let _ = self.sender.send(OutOfBand::ClientConnectionCancel).await;
Ok(false)
} }
} }
@@ -124,15 +134,48 @@ impl Actor for UserAgentSession {
) -> Result<Self, Self::Error> { ) -> Result<Self, Self::Error> {
args.props args.props
.actors .actors
.router .flow_coordinator
.ask(RegisterUserAgent { .ask(RegisterUserAgent {
actor: this.clone(), actor: this.clone(),
}) })
.await .await
.map_err(|err| { .map_err(|err| {
error!(?err, "Failed to register user agent connection with router"); error!(
Error::internal("Failed to register user agent connection with router") ?err,
"Failed to register user agent connection with flow coordinator"
);
Error::internal("Failed to register user agent connection with flow coordinator")
})?; })?;
Ok(args) Ok(args)
} }
async fn on_link_died(
&mut self,
_: kameo::prelude::WeakActorRef<Self>,
id: kameo::prelude::ActorId,
_: kameo::prelude::ActorStopReason,
) -> Result<std::ops::ControlFlow<kameo::prelude::ActorStopReason>, Self::Error> {
let cancelled_pubkey = self
.pending_client_approvals
.iter()
.find_map(|(k, v)| (v.controller.id() == id).then_some(*k));
if let Some(pubkey) = cancelled_pubkey {
self.pending_client_approvals.remove(&pubkey);
if let Err(e) = self
.sender
.send(OutOfBand::ClientConnectionCancel { pubkey })
.await
{
error!(
?e,
actor = "user_agent",
event = "failed to announce client connection cancellation"
);
}
}
Ok(std::ops::ControlFlow::Continue(()))
}
} }

137
server/crates/arbiter-server/src/actors/user_agent/session/connection.rs
View File

@@ -2,13 +2,22 @@ use std::sync::Mutex;
use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature}; use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit}; use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
use diesel::sql_types::ops::Add;
use diesel::{BoolExpressionMethods as _, ExpressionMethods as _, QueryDsl as _, SelectableHelper};
use diesel_async::{AsyncConnection, RunQueryDsl};
use kameo::error::SendError; use kameo::error::SendError;
use kameo::messages; use kameo::prelude::Context;
use kameo::{message, messages};
use tracing::{error, info}; use tracing::{error, info};
use x25519_dalek::{EphemeralSecret, PublicKey}; use x25519_dalek::{EphemeralSecret, PublicKey};
use crate::actors::flow_coordinator::client_connect_approval::ClientApprovalAnswer;
use crate::actors::keyholder::KeyHolderState; use crate::actors::keyholder::KeyHolderState;
use crate::actors::user_agent::session::Error; use crate::actors::user_agent::session::Error;
use crate::db::models::{
CoreEvmWalletAccess, EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata,
};
use crate::db::schema::evm_wallet_access;
use crate::evm::policies::{Grant, SpecificGrant}; use crate::evm::policies::{Grant, SpecificGrant};
use crate::safe_cell::SafeCell; use crate::safe_cell::SafeCell;
use crate::{ use crate::{
@@ -281,7 +290,7 @@ impl UserAgentSession {
#[messages] #[messages]
impl UserAgentSession { impl UserAgentSession {
#[message] #[message]
pub(crate) async fn handle_evm_wallet_create(&mut self) -> Result<Address, Error> { pub(crate) async fn handle_evm_wallet_create(&mut self) -> Result<(i32, Address), Error> {
match self.props.actors.evm.ask(Generate {}).await { match self.props.actors.evm.ask(Generate {}).await {
Ok(address) => Ok(address), Ok(address) => Ok(address),
Err(SendError::HandlerError(err)) => Err(Error::internal(format!( Err(SendError::HandlerError(err)) => Err(Error::internal(format!(
@@ -295,7 +304,7 @@ impl UserAgentSession {
} }
#[message] #[message]
pub(crate) async fn handle_evm_wallet_list(&mut self) -> Result<Vec<Address>, Error> { pub(crate) async fn handle_evm_wallet_list(&mut self) -> Result<Vec<(i32, Address)>, Error> {
match self.props.actors.evm.ask(ListWallets {}).await { match self.props.actors.evm.ask(ListWallets {}).await {
Ok(wallets) => Ok(wallets), Ok(wallets) => Ok(wallets),
Err(err) => { Err(err) => {
@@ -322,7 +331,6 @@ impl UserAgentSession {
#[message] #[message]
pub(crate) async fn handle_grant_create( pub(crate) async fn handle_grant_create(
&mut self, &mut self,
client_id: i32,
basic: crate::evm::policies::SharedGrantSettings, basic: crate::evm::policies::SharedGrantSettings,
grant: crate::evm::policies::SpecificGrant, grant: crate::evm::policies::SpecificGrant,
) -> Result<i32, Error> { ) -> Result<i32, Error> {
@@ -330,11 +338,7 @@ impl UserAgentSession {
.props .props
.actors .actors
.evm .evm
.ask(UseragentCreateGrant { .ask(UseragentCreateGrant { basic, grant })
client_id,
basic,
grant,
})
.await .await
{ {
Ok(grant_id) => Ok(grant_id), Ok(grant_id) => Ok(grant_id),
@@ -390,4 +394,119 @@ impl UserAgentSession {
} }
} }
} }
#[message]
pub(crate) async fn handle_grant_evm_wallet_access(
&mut self,
entries: Vec<NewEvmWalletAccess>,
) -> Result<(), Error> {
let mut conn = self.props.db.get().await?;
conn.transaction(|conn| {
Box::pin(async move {
use crate::db::schema::evm_wallet_access;
for entry in entries {
diesel::insert_into(evm_wallet_access::table)
.values(&entry)
.on_conflict_do_nothing()
.execute(conn)
.await?;
}
Result::<_, Error>::Ok(())
})
})
.await?;
Ok(())
}
#[message]
pub(crate) async fn handle_revoke_evm_wallet_access(
&mut self,
entries: Vec<i32>,
) -> Result<(), Error> {
let mut conn = self.props.db.get().await?;
conn.transaction(|conn| {
Box::pin(async move {
use crate::db::schema::evm_wallet_access;
for entry in entries {
diesel::delete(evm_wallet_access::table)
.filter(evm_wallet_access::wallet_id.eq(entry))
.execute(conn)
.await?;
}
Result::<_, Error>::Ok(())
})
})
.await?;
Ok(())
}
#[message]
pub(crate) async fn handle_list_wallet_access(
&mut self,
) -> Result<Vec<EvmWalletAccess>, Error> {
let mut conn = self.props.db.get().await?;
use crate::db::schema::evm_wallet_access;
let access_entries = evm_wallet_access::table
.select(EvmWalletAccess::as_select())
.load::<_>(&mut conn)
.await?;
Ok(access_entries)
}
}
#[messages]
impl UserAgentSession {
#[message(ctx)]
pub(crate) async fn handle_new_client_approve(
&mut self,
approved: bool,
pubkey: ed25519_dalek::VerifyingKey,
ctx: &mut Context<Self, Result<(), Error>>,
) -> Result<(), Error> {
let pending_approval = match self.pending_client_approvals.remove(&pubkey) {
Some(approval) => approval,
None => {
error!("Received client connection response for unknown client");
return Err(Error::internal("Unknown client in connection response"));
}
};
pending_approval
.controller
.tell(ClientApprovalAnswer { approved })
.await
.map_err(|err| {
error!(
?err,
"Failed to send client approval response to controller"
);
Error::internal("Failed to send client approval response to controller")
})?;
ctx.actor_ref().unlink(&pending_approval.controller).await;
Ok(())
}
#[message]
pub(crate) async fn handle_sdk_client_list(
&mut self,
) -> Result<Vec<(ProgramClient, ProgramClientMetadata)>, Error> {
use crate::db::schema::{client_metadata, program_client};
let mut conn = self.props.db.get().await?;
let clients = program_client::table
.inner_join(client_metadata::table)
.select((
ProgramClient::as_select(),
ProgramClientMetadata::as_select(),
))
.load::<(ProgramClient, ProgramClientMetadata)>(&mut conn)
.await?;
Ok(clients)
}
} }

9
server/crates/arbiter-server/src/context/tls.rs
View File

@@ -1,4 +1,4 @@
use std::string::FromUtf8Error; use std::{net::IpAddr, string::FromUtf8Error};
use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper as _}; use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper as _};
use diesel_async::{AsyncConnection, RunQueryDsl}; use diesel_async::{AsyncConnection, RunQueryDsl};
@@ -6,7 +6,7 @@ use miette::Diagnostic;
use pem::Pem; use pem::Pem;
use rcgen::{ use rcgen::{
BasicConstraints, Certificate, CertificateParams, CertifiedIssuer, DistinguishedName, DnType, BasicConstraints, Certificate, CertificateParams, CertifiedIssuer, DistinguishedName, DnType,
IsCa, Issuer, KeyPair, KeyUsagePurpose, IsCa, Issuer, KeyPair, KeyUsagePurpose, SanType,
}; };
use rustls::pki_types::pem::PemObject; use rustls::pki_types::pem::PemObject;
use thiserror::Error; use thiserror::Error;
@@ -114,6 +114,11 @@ impl TlsCa {
KeyUsagePurpose::DigitalSignature, KeyUsagePurpose::DigitalSignature,
KeyUsagePurpose::KeyEncipherment, KeyUsagePurpose::KeyEncipherment,
]; ];
params
.subject_alt_names
.push(SanType::IpAddress(IpAddr::from([
127, 0, 0, 1,
])));
let mut dn = DistinguishedName::new(); let mut dn = DistinguishedName::new();
dn.push(DnType::CommonName, "Arbiter Instance Leaf"); dn.push(DnType::CommonName, "Arbiter Instance Leaf");

51
server/crates/arbiter-server/src/db/models.rs
View File

@@ -21,7 +21,7 @@ pub mod types {
sqlite::{Sqlite, SqliteType}, sqlite::{Sqlite, SqliteType},
}; };
#[derive(Debug, FromSqlRow, AsExpression)] #[derive(Debug, FromSqlRow, AsExpression, Clone)]
#[diesel(sql_type = Integer)] #[diesel(sql_type = Integer)]
#[repr(transparent)] // hint compiler to optimize the wrapper struct away #[repr(transparent)] // hint compiler to optimize the wrapper struct away
pub struct SqliteTimestamp(pub DateTime<Utc>); pub struct SqliteTimestamp(pub DateTime<Utc>);
@@ -185,12 +185,53 @@ pub struct EvmWallet {
pub created_at: SqliteTimestamp, pub created_at: SqliteTimestamp,
} }
#[derive(Queryable, Debug, Insertable, Selectable)] #[derive(Models, Queryable, Debug, Insertable, Selectable, Clone)]
#[diesel(table_name = schema::evm_wallet_access, check_for_backend(Sqlite))]
#[view(
NewEvmWalletAccess,
derive(Insertable),
omit(id, created_at),
attributes_with = "deriveless"
)]
#[view(
CoreEvmWalletAccess,
derive(Insertable),
omit(created_at),
attributes_with = "deriveless"
)]
pub struct EvmWalletAccess {
pub id: i32,
pub wallet_id: i32,
pub client_id: i32,
pub created_at: SqliteTimestamp,
}
#[derive(Models, Queryable, Debug, Insertable, Selectable)]
#[diesel(table_name = schema::client_metadata, check_for_backend(Sqlite))]
pub struct ProgramClientMetadata {
pub id: i32,
pub name: String,
pub description: Option<String>,
pub version: Option<String>,
pub created_at: SqliteTimestamp,
}
#[derive(Models, Queryable, Debug, Insertable, Selectable)]
#[diesel(table_name = schema::client_metadata_history, check_for_backend(Sqlite))]
pub struct ProgramClientMetadataHistory {
pub id: i32,
pub metadata_id: i32,
pub client_id: i32,
pub created_at: SqliteTimestamp,
}
#[derive(Models, Queryable, Debug, Insertable, Selectable)]
#[diesel(table_name = schema::program_client, check_for_backend(Sqlite))] #[diesel(table_name = schema::program_client, check_for_backend(Sqlite))]
pub struct ProgramClient { pub struct ProgramClient {
pub id: i32, pub id: i32,
pub nonce: i32, pub nonce: i32,
pub public_key: Vec<u8>, pub public_key: Vec<u8>,
pub metadata_id: i32,
pub created_at: SqliteTimestamp, pub created_at: SqliteTimestamp,
pub updated_at: SqliteTimestamp, pub updated_at: SqliteTimestamp,
} }
@@ -230,8 +271,7 @@ pub struct EvmEtherTransferLimit {
)] )]
pub struct EvmBasicGrant { pub struct EvmBasicGrant {
pub id: i32, pub id: i32,
pub wallet_id: i32, // references evm_wallet.id pub wallet_access_id: i32, // references evm_wallet_access.id
pub client_id: i32, // references program_client.id
pub chain_id: i32, pub chain_id: i32,
pub valid_from: Option<SqliteTimestamp>, pub valid_from: Option<SqliteTimestamp>,
pub valid_until: Option<SqliteTimestamp>, pub valid_until: Option<SqliteTimestamp>,
@@ -254,8 +294,7 @@ pub struct EvmBasicGrant {
pub struct EvmTransactionLog { pub struct EvmTransactionLog {
pub id: i32, pub id: i32,
pub grant_id: i32, pub grant_id: i32,
pub client_id: i32, pub wallet_access_id: i32,
pub wallet_id: i32,
pub chain_id: i32, pub chain_id: i32,
pub eth_value: Vec<u8>, pub eth_value: Vec<u8>,
pub signed_at: SqliteTimestamp, pub signed_at: SqliteTimestamp,

50
server/crates/arbiter-server/src/db/schema.rs
View File

@@ -20,11 +20,29 @@ diesel::table! {
} }
} }
diesel::table! {
client_metadata (id) {
id -> Integer,
name -> Text,
description -> Nullable<Text>,
version -> Nullable<Text>,
created_at -> Integer,
}
}
diesel::table! {
client_metadata_history (id) {
id -> Integer,
metadata_id -> Integer,
client_id -> Integer,
created_at -> Integer,
}
}
diesel::table! { diesel::table! {
evm_basic_grant (id) { evm_basic_grant (id) {
id -> Integer, id -> Integer,
wallet_id -> Integer, wallet_access_id -> Integer,
client_id -> Integer,
chain_id -> Integer, chain_id -> Integer,
valid_from -> Nullable<Integer>, valid_from -> Nullable<Integer>,
valid_until -> Nullable<Integer>, valid_until -> Nullable<Integer>,
@@ -95,9 +113,8 @@ diesel::table! {
diesel::table! { diesel::table! {
evm_transaction_log (id) { evm_transaction_log (id) {
id -> Integer, id -> Integer,
wallet_access_id -> Integer,
grant_id -> Integer, grant_id -> Integer,
client_id -> Integer,
wallet_id -> Integer,
chain_id -> Integer, chain_id -> Integer,
eth_value -> Binary, eth_value -> Binary,
signed_at -> Integer, signed_at -> Integer,
@@ -113,11 +130,21 @@ diesel::table! {
} }
} }
diesel::table! {
evm_wallet_access (id) {
id -> Integer,
wallet_id -> Integer,
client_id -> Integer,
created_at -> Integer,
}
}
diesel::table! { diesel::table! {
program_client (id) { program_client (id) {
id -> Integer, id -> Integer,
nonce -> Integer, nonce -> Integer,
public_key -> Binary, public_key -> Binary,
metadata_id -> Integer,
created_at -> Integer, created_at -> Integer,
updated_at -> Integer, updated_at -> Integer,
} }
@@ -151,17 +178,18 @@ diesel::table! {
id -> Integer, id -> Integer,
nonce -> Integer, nonce -> Integer,
public_key -> Binary, public_key -> Binary,
key_type -> Integer,
created_at -> Integer, created_at -> Integer,
updated_at -> Integer, updated_at -> Integer,
key_type -> Integer,
} }
} }
diesel::joinable!(aead_encrypted -> root_key_history (associated_root_key_id)); diesel::joinable!(aead_encrypted -> root_key_history (associated_root_key_id));
diesel::joinable!(arbiter_settings -> root_key_history (root_key_id)); diesel::joinable!(arbiter_settings -> root_key_history (root_key_id));
diesel::joinable!(arbiter_settings -> tls_history (tls_id)); diesel::joinable!(arbiter_settings -> tls_history (tls_id));
diesel::joinable!(evm_basic_grant -> evm_wallet (wallet_id)); diesel::joinable!(client_metadata_history -> client_metadata (metadata_id));
diesel::joinable!(evm_basic_grant -> program_client (client_id)); diesel::joinable!(client_metadata_history -> program_client (client_id));
diesel::joinable!(evm_basic_grant -> evm_wallet_access (wallet_access_id));
diesel::joinable!(evm_ether_transfer_grant -> evm_basic_grant (basic_grant_id)); diesel::joinable!(evm_ether_transfer_grant -> evm_basic_grant (basic_grant_id));
diesel::joinable!(evm_ether_transfer_grant -> evm_ether_transfer_limit (limit_id)); diesel::joinable!(evm_ether_transfer_grant -> evm_ether_transfer_limit (limit_id));
diesel::joinable!(evm_ether_transfer_grant_target -> evm_ether_transfer_grant (grant_id)); diesel::joinable!(evm_ether_transfer_grant_target -> evm_ether_transfer_grant (grant_id));
@@ -169,11 +197,18 @@ diesel::joinable!(evm_token_transfer_grant -> evm_basic_grant (basic_grant_id));
diesel::joinable!(evm_token_transfer_log -> evm_token_transfer_grant (grant_id)); diesel::joinable!(evm_token_transfer_log -> evm_token_transfer_grant (grant_id));
diesel::joinable!(evm_token_transfer_log -> evm_transaction_log (log_id)); diesel::joinable!(evm_token_transfer_log -> evm_transaction_log (log_id));
diesel::joinable!(evm_token_transfer_volume_limit -> evm_token_transfer_grant (grant_id)); diesel::joinable!(evm_token_transfer_volume_limit -> evm_token_transfer_grant (grant_id));
diesel::joinable!(evm_transaction_log -> evm_basic_grant (grant_id));
diesel::joinable!(evm_transaction_log -> evm_wallet_access (wallet_access_id));
diesel::joinable!(evm_wallet -> aead_encrypted (aead_encrypted_id)); diesel::joinable!(evm_wallet -> aead_encrypted (aead_encrypted_id));
diesel::joinable!(evm_wallet_access -> evm_wallet (wallet_id));
diesel::joinable!(evm_wallet_access -> program_client (client_id));
diesel::joinable!(program_client -> client_metadata (metadata_id));
diesel::allow_tables_to_appear_in_same_query!( diesel::allow_tables_to_appear_in_same_query!(
aead_encrypted, aead_encrypted,
arbiter_settings, arbiter_settings,
client_metadata,
client_metadata_history,
evm_basic_grant, evm_basic_grant,
evm_ether_transfer_grant, evm_ether_transfer_grant,
evm_ether_transfer_grant_target, evm_ether_transfer_grant_target,
@@ -183,6 +218,7 @@ diesel::allow_tables_to_appear_in_same_query!(
evm_token_transfer_volume_limit, evm_token_transfer_volume_limit,
evm_transaction_log, evm_transaction_log,
evm_wallet, evm_wallet,
evm_wallet_access,
program_client, program_client,
root_key_history, root_key_history,
tls_history, tls_history,

83
server/crates/arbiter-server/src/evm/mod.rs
View File

@@ -6,13 +6,16 @@ use alloy::{
primitives::{TxKind, U256}, primitives::{TxKind, U256},
}; };
use chrono::Utc; use chrono::Utc;
use diesel::{ExpressionMethods as _, QueryDsl, QueryResult, insert_into, sqlite::Sqlite}; use diesel::{ExpressionMethods as _, QueryDsl as _, QueryResult, insert_into, sqlite::Sqlite};
use diesel_async::{AsyncConnection, RunQueryDsl}; use diesel_async::{AsyncConnection, RunQueryDsl};
use tracing_subscriber::registry::Data;
use crate::{ use crate::{
db::{ db::{
self, self, DatabaseError,
models::{EvmBasicGrant, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp}, models::{
EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp,
},
schema::{self, evm_transaction_log}, schema::{self, evm_transaction_log},
}, },
evm::policies::{ evm::policies::{
@@ -28,12 +31,8 @@ mod utils;
/// Errors that can only occur once the transaction meaning is known (during policy evaluation) /// Errors that can only occur once the transaction meaning is known (during policy evaluation)
#[derive(Debug, thiserror::Error, miette::Diagnostic)] #[derive(Debug, thiserror::Error, miette::Diagnostic)]
pub enum PolicyError { pub enum PolicyError {
#[error("Database connection pool error")] #[error("Database error")]
#[diagnostic(code(arbiter_server::evm::policy_error::pool))] Database(#[from] crate::db::DatabaseError),
Pool(#[from] db::PoolError),
#[error("Database returned error")]
#[diagnostic(code(arbiter_server::evm::policy_error::database))]
Database(#[from] diesel::result::Error),
#[error("Transaction violates policy: {0:?}")] #[error("Transaction violates policy: {0:?}")]
#[diagnostic(code(arbiter_server::evm::policy_error::violation))] #[diagnostic(code(arbiter_server::evm::policy_error::violation))]
Violations(Vec<EvalViolation>), Violations(Vec<EvalViolation>),
@@ -55,16 +54,6 @@ pub enum VetError {
Evaluated(SpecificMeaning, #[source] PolicyError), Evaluated(SpecificMeaning, #[source] PolicyError),
} }
#[derive(Debug, thiserror::Error, miette::Diagnostic)]
pub enum SignError {
#[error("Database connection pool error")]
#[diagnostic(code(arbiter_server::evm::database_error))]
Pool(#[from] db::PoolError),
#[error("Database returned error")]
#[diagnostic(code(arbiter_server::evm::database_error))]
Database(#[from] diesel::result::Error),
}
#[derive(Debug, thiserror::Error, miette::Diagnostic)] #[derive(Debug, thiserror::Error, miette::Diagnostic)]
pub enum AnalyzeError { pub enum AnalyzeError {
#[error("Engine doesn't support granting permissions for contract creation")] #[error("Engine doesn't support granting permissions for contract creation")]
@@ -76,28 +65,6 @@ pub enum AnalyzeError {
UnsupportedTransactionType, UnsupportedTransactionType,
} }
#[derive(Debug, thiserror::Error, miette::Diagnostic)]
pub enum CreationError {
#[error("Database connection pool error")]
#[diagnostic(code(arbiter_server::evm::creation_error::database_error))]
Pool(#[from] db::PoolError),
#[error("Database returned error")]
#[diagnostic(code(arbiter_server::evm::creation_error::database_error))]
Database(#[from] diesel::result::Error),
}
#[derive(Debug, thiserror::Error, miette::Diagnostic)]
pub enum ListGrantsError {
#[error("Database connection pool error")]
#[diagnostic(code(arbiter_server::evm::list_grants_error::pool))]
Pool(#[from] db::PoolError),
#[error("Database returned error")]
#[diagnostic(code(arbiter_server::evm::list_grants_error::database))]
Database(#[from] diesel::result::Error),
}
/// Controls whether a transaction should be executed or only validated /// Controls whether a transaction should be executed or only validated
#[derive(Debug, Clone, Copy, PartialEq, Eq)] #[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum RunKind { pub enum RunKind {
@@ -165,16 +132,22 @@ impl Engine {
meaning: &P::Meaning, meaning: &P::Meaning,
run_kind: RunKind, run_kind: RunKind,
) -> Result<(), PolicyError> { ) -> Result<(), PolicyError> {
let mut conn = self.db.get().await?; let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
let grant = P::try_find_grant(&context, &mut conn) let grant = P::try_find_grant(&context, &mut conn)
.await? .await
.map_err(DatabaseError::from)?
.ok_or(PolicyError::NoMatchingGrant)?; .ok_or(PolicyError::NoMatchingGrant)?;
let mut violations = let mut violations =
check_shared_constraints(&context, &grant.shared, grant.shared_grant_id, &mut conn) check_shared_constraints(&context, &grant.shared, grant.shared_grant_id, &mut conn)
.await?; .await
violations.extend(P::evaluate(&context, meaning, &grant, &mut conn).await?); .map_err(DatabaseError::from)?;
violations.extend(
P::evaluate(&context, meaning, &grant, &mut conn)
.await
.map_err(DatabaseError::from)?,
);
if !violations.is_empty() { if !violations.is_empty() {
return Err(PolicyError::Violations(violations)); return Err(PolicyError::Violations(violations));
@@ -184,8 +157,7 @@ impl Engine {
let log_id: i32 = insert_into(evm_transaction_log::table) let log_id: i32 = insert_into(evm_transaction_log::table)
.values(&NewEvmTransactionLog { .values(&NewEvmTransactionLog {
grant_id: grant.shared_grant_id, grant_id: grant.shared_grant_id,
client_id: context.client_id, wallet_access_id: context.target.id,
wallet_id: context.wallet_id,
chain_id: context.chain as i32, chain_id: context.chain as i32,
eth_value: utils::u256_to_bytes(context.value).to_vec(), eth_value: utils::u256_to_bytes(context.value).to_vec(),
signed_at: Utc::now().into(), signed_at: Utc::now().into(),
@@ -199,7 +171,8 @@ impl Engine {
QueryResult::Ok(()) QueryResult::Ok(())
}) })
}) })
.await?; .await
.map_err(DatabaseError::from)?;
} }
Ok(()) Ok(())
@@ -213,9 +186,8 @@ impl Engine {
pub async fn create_grant<P: Policy>( pub async fn create_grant<P: Policy>(
&self, &self,
client_id: i32,
full_grant: FullGrant<P::Settings>, full_grant: FullGrant<P::Settings>,
) -> Result<i32, CreationError> { ) -> Result<i32, DatabaseError> {
let mut conn = self.db.get().await?; let mut conn = self.db.get().await?;
let id = conn let id = conn
@@ -225,9 +197,8 @@ impl Engine {
let basic_grant: EvmBasicGrant = insert_into(evm_basic_grant::table) let basic_grant: EvmBasicGrant = insert_into(evm_basic_grant::table)
.values(&NewEvmBasicGrant { .values(&NewEvmBasicGrant {
wallet_id: full_grant.basic.wallet_id,
chain_id: full_grant.basic.chain as i32, chain_id: full_grant.basic.chain as i32,
client_id, wallet_access_id: full_grant.basic.wallet_access_id,
valid_from: full_grant.basic.valid_from.map(SqliteTimestamp), valid_from: full_grant.basic.valid_from.map(SqliteTimestamp),
valid_until: full_grant.basic.valid_until.map(SqliteTimestamp), valid_until: full_grant.basic.valid_until.map(SqliteTimestamp),
max_gas_fee_per_gas: full_grant max_gas_fee_per_gas: full_grant
@@ -262,7 +233,7 @@ impl Engine {
Ok(id) Ok(id)
} }
pub async fn list_all_grants(&self) -> Result<Vec<Grant<SpecificGrant>>, ListGrantsError> { pub async fn list_all_grants(&self) -> Result<Vec<Grant<SpecificGrant>>, DatabaseError> {
let mut conn = self.db.get().await?; let mut conn = self.db.get().await?;
let mut grants: Vec<Grant<SpecificGrant>> = Vec::new(); let mut grants: Vec<Grant<SpecificGrant>> = Vec::new();
@@ -295,8 +266,7 @@ impl Engine {
pub async fn evaluate_transaction( pub async fn evaluate_transaction(
&self, &self,
wallet_id: i32, target: EvmWalletAccess,
client_id: i32,
transaction: TxEip1559, transaction: TxEip1559,
run_kind: RunKind, run_kind: RunKind,
) -> Result<SpecificMeaning, VetError> { ) -> Result<SpecificMeaning, VetError> {
@@ -304,8 +274,7 @@ impl Engine {
return Err(VetError::ContractCreationNotSupported); return Err(VetError::ContractCreationNotSupported);
}; };
let context = policies::EvalContext { let context = policies::EvalContext {
wallet_id, target,
client_id,
chain: transaction.chain_id, chain: transaction.chain_id,
to, to,
value: transaction.value, value: transaction.value,

13
server/crates/arbiter-server/src/evm/policies.rs
View File

@@ -10,7 +10,7 @@ use miette::Diagnostic;
use thiserror::Error; use thiserror::Error;
use crate::{ use crate::{
db::models::{self, EvmBasicGrant}, db::models::{self, EvmBasicGrant, EvmWalletAccess},
evm::utils, evm::utils,
}; };
@@ -19,9 +19,8 @@ pub mod token_transfers;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct EvalContext { pub struct EvalContext {
// Which wallet is this transaction for // Which wallet is this transaction for and who requested it
pub client_id: i32, pub target: EvmWalletAccess,
pub wallet_id: i32,
// The transaction data // The transaction data
pub chain: ChainId, pub chain: ChainId,
@@ -145,8 +144,7 @@ pub struct VolumeRateLimit {
#[derive(Clone, Debug, PartialEq, Eq, Hash)] #[derive(Clone, Debug, PartialEq, Eq, Hash)]
pub struct SharedGrantSettings { pub struct SharedGrantSettings {
pub wallet_id: i32, pub wallet_access_id: i32,
pub client_id: i32,
pub chain: ChainId, pub chain: ChainId,
pub valid_from: Option<DateTime<Utc>>, pub valid_from: Option<DateTime<Utc>>,
@@ -161,8 +159,7 @@ pub struct SharedGrantSettings {
impl SharedGrantSettings { impl SharedGrantSettings {
fn try_from_model(model: EvmBasicGrant) -> QueryResult<Self> { fn try_from_model(model: EvmBasicGrant) -> QueryResult<Self> {
Ok(Self { Ok(Self {
wallet_id: model.wallet_id, wallet_access_id: model.wallet_access_id,
client_id: model.client_id,
chain: model.chain_id as u64, // safe because chain_id is stored as i32 but is guaranteed to be a valid ChainId by the API when creating grants chain: model.chain_id as u64, // safe because chain_id is stored as i32 but is guaranteed to be a valid ChainId by the API when creating grants
valid_from: model.valid_from.map(Into::into), valid_from: model.valid_from.map(Into::into),
valid_until: model.valid_until.map(Into::into), valid_until: model.valid_until.map(Into::into),

5
server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs
View File

@@ -196,9 +196,8 @@ impl Policy for EtherTransfer {
.inner_join(evm_basic_grant::table) .inner_join(evm_basic_grant::table)
.inner_join(evm_ether_transfer_grant_target::table) .inner_join(evm_ether_transfer_grant_target::table)
.filter( .filter(
evm_basic_grant::wallet_id evm_basic_grant::wallet_access_id
.eq(context.wallet_id) .eq(context.target.id)
.and(evm_basic_grant::client_id.eq(context.client_id))
.and(evm_basic_grant::revoked_at.is_null()) .and(evm_basic_grant::revoked_at.is_null())
.and(evm_ether_transfer_grant_target::address.eq(&target_bytes)), .and(evm_ether_transfer_grant_target::address.eq(&target_bytes)),
) )

30
server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs
View File

@@ -5,7 +5,9 @@ use diesel_async::RunQueryDsl;
use crate::db::{ use crate::db::{
self, DatabaseConnection, self, DatabaseConnection,
models::{EvmBasicGrant, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp}, models::{
EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp,
},
schema::{evm_basic_grant, evm_transaction_log}, schema::{evm_basic_grant, evm_transaction_log},
}; };
use crate::evm::{ use crate::evm::{
@@ -15,8 +17,7 @@ use crate::evm::{
use super::{EtherTransfer, Settings}; use super::{EtherTransfer, Settings};
const WALLET_ID: i32 = 1; const WALLET_ACCESS_ID: i32 = 1;
const CLIENT_ID: i32 = 2;
const CHAIN_ID: u64 = 1; const CHAIN_ID: u64 = 1;
const ALLOWED: Address = address!("1111111111111111111111111111111111111111"); const ALLOWED: Address = address!("1111111111111111111111111111111111111111");
@@ -24,8 +25,12 @@ const OTHER: Address = address!("2222222222222222222222222222222222222222");
fn ctx(to: Address, value: U256) -> EvalContext { fn ctx(to: Address, value: U256) -> EvalContext {
EvalContext { EvalContext {
wallet_id: WALLET_ID, target: EvmWalletAccess {
client_id: CLIENT_ID, id: WALLET_ACCESS_ID,
wallet_id: 10,
client_id: 20,
created_at: SqliteTimestamp(Utc::now()),
},
chain: CHAIN_ID, chain: CHAIN_ID,
to, to,
value, value,
@@ -38,8 +43,7 @@ fn ctx(to: Address, value: U256) -> EvalContext {
async fn insert_basic(conn: &mut DatabaseConnection, revoked: bool) -> EvmBasicGrant { async fn insert_basic(conn: &mut DatabaseConnection, revoked: bool) -> EvmBasicGrant {
insert_into(evm_basic_grant::table) insert_into(evm_basic_grant::table)
.values(NewEvmBasicGrant { .values(NewEvmBasicGrant {
wallet_id: WALLET_ID, wallet_access_id: WALLET_ACCESS_ID,
client_id: CLIENT_ID,
chain_id: CHAIN_ID as i32, chain_id: CHAIN_ID as i32,
valid_from: None, valid_from: None,
valid_until: None, valid_until: None,
@@ -67,14 +71,13 @@ fn make_settings(targets: Vec<Address>, max_volume: u64) -> Settings {
fn shared() -> SharedGrantSettings { fn shared() -> SharedGrantSettings {
SharedGrantSettings { SharedGrantSettings {
wallet_id: WALLET_ID, wallet_access_id: WALLET_ACCESS_ID,
chain: CHAIN_ID, chain: CHAIN_ID,
valid_from: None, valid_from: None,
valid_until: None, valid_until: None,
max_gas_fee_per_gas: None, max_gas_fee_per_gas: None,
max_priority_fee_per_gas: None, max_priority_fee_per_gas: None,
rate_limit: None, rate_limit: None,
client_id: CLIENT_ID,
} }
} }
@@ -153,8 +156,7 @@ async fn evaluate_passes_when_volume_within_limit() {
insert_into(evm_transaction_log::table) insert_into(evm_transaction_log::table)
.values(NewEvmTransactionLog { .values(NewEvmTransactionLog {
grant_id, grant_id,
client_id: CLIENT_ID, wallet_access_id: WALLET_ACCESS_ID,
wallet_id: WALLET_ID,
chain_id: CHAIN_ID as i32, chain_id: CHAIN_ID as i32,
eth_value: utils::u256_to_bytes(U256::from(500u64)).to_vec(), eth_value: utils::u256_to_bytes(U256::from(500u64)).to_vec(),
signed_at: SqliteTimestamp(Utc::now()), signed_at: SqliteTimestamp(Utc::now()),
@@ -194,8 +196,7 @@ async fn evaluate_rejects_volume_over_limit() {
insert_into(evm_transaction_log::table) insert_into(evm_transaction_log::table)
.values(NewEvmTransactionLog { .values(NewEvmTransactionLog {
grant_id, grant_id,
client_id: CLIENT_ID, wallet_access_id: WALLET_ACCESS_ID,
wallet_id: WALLET_ID,
chain_id: CHAIN_ID as i32, chain_id: CHAIN_ID as i32,
eth_value: utils::u256_to_bytes(U256::from(1_001u64)).to_vec(), eth_value: utils::u256_to_bytes(U256::from(1_001u64)).to_vec(),
signed_at: SqliteTimestamp(Utc::now()), signed_at: SqliteTimestamp(Utc::now()),
@@ -236,8 +237,7 @@ async fn evaluate_passes_at_exactly_volume_limit() {
insert_into(evm_transaction_log::table) insert_into(evm_transaction_log::table)
.values(NewEvmTransactionLog { .values(NewEvmTransactionLog {
grant_id, grant_id,
client_id: CLIENT_ID, wallet_access_id: WALLET_ACCESS_ID,
wallet_id: WALLET_ID,
chain_id: CHAIN_ID as i32, chain_id: CHAIN_ID as i32,
eth_value: utils::u256_to_bytes(U256::from(1_000u64)).to_vec(), eth_value: utils::u256_to_bytes(U256::from(1_000u64)).to_vec(),
signed_at: SqliteTimestamp(Utc::now()), signed_at: SqliteTimestamp(Utc::now()),

3
server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs
View File

@@ -209,8 +209,7 @@ impl Policy for TokenTransfer {
let grant: Option<(EvmBasicGrant, EvmTokenTransferGrant)> = grant_join() let grant: Option<(EvmBasicGrant, EvmTokenTransferGrant)> = grant_join()
.filter(evm_basic_grant::revoked_at.is_null()) .filter(evm_basic_grant::revoked_at.is_null())
.filter(evm_basic_grant::wallet_id.eq(context.wallet_id)) .filter(evm_basic_grant::wallet_access_id.eq(context.target.id))
.filter(evm_basic_grant::client_id.eq(context.client_id))
.filter(evm_token_transfer_grant::token_contract.eq(&token_contract_bytes)) .filter(evm_token_transfer_grant::token_contract.eq(&token_contract_bytes))
.select(( .select((
EvmBasicGrant::as_select(), EvmBasicGrant::as_select(),

19
server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs
View File

@@ -6,7 +6,7 @@ use diesel_async::RunQueryDsl;
use crate::db::{ use crate::db::{
self, DatabaseConnection, self, DatabaseConnection,
models::{EvmBasicGrant, NewEvmBasicGrant, SqliteTimestamp}, models::{EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, SqliteTimestamp},
schema::evm_basic_grant, schema::evm_basic_grant,
}; };
use crate::evm::{ use crate::evm::{
@@ -21,8 +21,7 @@ use super::{Settings, TokenTransfer};
const CHAIN_ID: u64 = 1; const CHAIN_ID: u64 = 1;
const DAI: Address = address!("6B175474E89094C44Da98b954EedeAC495271d0F"); const DAI: Address = address!("6B175474E89094C44Da98b954EedeAC495271d0F");
const WALLET_ID: i32 = 1; const WALLET_ACCESS_ID: i32 = 1;
const CLIENT_ID: i32 = 2;
const RECIPIENT: Address = address!("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); const RECIPIENT: Address = address!("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
const OTHER: Address = address!("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"); const OTHER: Address = address!("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
@@ -38,8 +37,12 @@ fn transfer_calldata(to: Address, value: U256) -> Bytes {
fn ctx(to: Address, calldata: Bytes) -> EvalContext { fn ctx(to: Address, calldata: Bytes) -> EvalContext {
EvalContext { EvalContext {
wallet_id: WALLET_ID, target: EvmWalletAccess {
client_id: CLIENT_ID, id: WALLET_ACCESS_ID,
wallet_id: 10,
client_id: 20,
created_at: SqliteTimestamp(Utc::now()),
},
chain: CHAIN_ID, chain: CHAIN_ID,
to, to,
value: U256::ZERO, value: U256::ZERO,
@@ -52,8 +55,7 @@ fn ctx(to: Address, calldata: Bytes) -> EvalContext {
async fn insert_basic(conn: &mut DatabaseConnection, revoked: bool) -> EvmBasicGrant { async fn insert_basic(conn: &mut DatabaseConnection, revoked: bool) -> EvmBasicGrant {
insert_into(evm_basic_grant::table) insert_into(evm_basic_grant::table)
.values(NewEvmBasicGrant { .values(NewEvmBasicGrant {
wallet_id: WALLET_ID, wallet_access_id: WALLET_ACCESS_ID,
client_id: CLIENT_ID,
chain_id: CHAIN_ID as i32, chain_id: CHAIN_ID as i32,
valid_from: None, valid_from: None,
valid_until: None, valid_until: None,
@@ -86,14 +88,13 @@ fn make_settings(target: Option<Address>, max_volume: Option<u64>) -> Settings {
fn shared() -> SharedGrantSettings { fn shared() -> SharedGrantSettings {
SharedGrantSettings { SharedGrantSettings {
wallet_id: WALLET_ID, wallet_access_id: WALLET_ACCESS_ID,
chain: CHAIN_ID, chain: CHAIN_ID,
valid_from: None, valid_from: None,
valid_until: None, valid_until: None,
max_gas_fee_per_gas: None, max_gas_fee_per_gas: None,
max_priority_fee_per_gas: None, max_priority_fee_per_gas: None,
rate_limit: None, rate_limit: None,
client_id: CLIENT_ID,
} }
} }

303
server/crates/arbiter-server/src/grpc/client.rs
View File

@@ -1,10 +1,16 @@
use alloy::primitives::Address;
use arbiter_proto::{ use arbiter_proto::{
google::protobuf::Empty as ProtoEmpty, proto::{
proto::client::{ client::{
ClientRequest, ClientResponse, VaultState as ProtoVaultState, ClientRequest, ClientResponse, VaultState as ProtoVaultState,
client_request::Payload as ClientRequestPayload, client_request::Payload as ClientRequestPayload,
client_response::Payload as ClientResponsePayload, client_response::Payload as ClientResponsePayload,
}, },
evm::{
EvmError as ProtoEvmError, EvmSignTransactionResponse,
evm_sign_transaction_response::Result as EvmSignTransactionResult,
},
},
transport::{Receiver, Sender, grpc::GrpcBi}, transport::{Receiver, Sender, grpc::GrpcBi},
}; };
use kameo::{ use kameo::{
@@ -25,127 +31,16 @@ use crate::{
}, },
keyholder::KeyHolderState, keyholder::KeyHolderState,
}, },
evm::{PolicyError, VetError, policies::EvalViolation}, grpc::{
grpc::request_tracker::RequestTracker, Convert, TryConvert,
utils::defer, common::inbound::{RawEvmAddress, RawEvmTransaction},
}; request_tracker::RequestTracker,
},
use alloy::{
consensus::TxEip1559,
primitives::{Address, U256},
rlp::Decodable,
};
use arbiter_proto::proto::evm::{
EvmError as ProtoEvmError, EvmSignTransactionResponse, EvalViolation as ProtoEvalViolation,
GasLimitExceededViolation, NoMatchingGrantError, PolicyViolationsError,
SpecificMeaning as ProtoSpecificMeaning, TokenInfo as ProtoTokenInfo,
TransactionEvalError,
evm_sign_transaction_response::Result as EvmSignTransactionResult,
eval_violation::Kind as ProtoEvalViolationKind,
specific_meaning::Meaning as ProtoSpecificMeaningKind,
transaction_eval_error::Kind as ProtoTransactionEvalErrorKind,
}; };
mod auth; mod auth;
mod inbound;
fn u256_to_proto_bytes(value: U256) -> Vec<u8> { mod outbound;
value.to_be_bytes::<32>().to_vec()
}
fn meaning_to_proto(meaning: crate::evm::policies::SpecificMeaning) -> ProtoSpecificMeaning {
let kind = match meaning {
crate::evm::policies::SpecificMeaning::EtherTransfer(meaning) => {
ProtoSpecificMeaningKind::EtherTransfer(arbiter_proto::proto::evm::EtherTransferMeaning {
to: meaning.to.to_vec(),
value: u256_to_proto_bytes(meaning.value),
})
}
crate::evm::policies::SpecificMeaning::TokenTransfer(meaning) => {
ProtoSpecificMeaningKind::TokenTransfer(arbiter_proto::proto::evm::TokenTransferMeaning {
token: Some(ProtoTokenInfo {
symbol: meaning.token.symbol.to_string(),
address: meaning.token.contract.to_vec(),
chain_id: meaning.token.chain,
}),
to: meaning.to.to_vec(),
value: u256_to_proto_bytes(meaning.value),
})
}
};
ProtoSpecificMeaning {
meaning: Some(kind),
}
}
fn violation_to_proto(violation: EvalViolation) -> ProtoEvalViolation {
let kind = match violation {
EvalViolation::InvalidTarget { target } => ProtoEvalViolationKind::InvalidTarget(target.to_vec()),
EvalViolation::GasLimitExceeded {
max_gas_fee_per_gas,
max_priority_fee_per_gas,
} => ProtoEvalViolationKind::GasLimitExceeded(GasLimitExceededViolation {
max_gas_fee_per_gas: max_gas_fee_per_gas.map(u256_to_proto_bytes),
max_priority_fee_per_gas: max_priority_fee_per_gas.map(u256_to_proto_bytes),
}),
EvalViolation::RateLimitExceeded => ProtoEvalViolationKind::RateLimitExceeded(ProtoEmpty {}),
EvalViolation::VolumetricLimitExceeded => {
ProtoEvalViolationKind::VolumetricLimitExceeded(ProtoEmpty {})
}
EvalViolation::InvalidTime => ProtoEvalViolationKind::InvalidTime(ProtoEmpty {}),
EvalViolation::InvalidTransactionType => {
ProtoEvalViolationKind::InvalidTransactionType(ProtoEmpty {})
}
};
ProtoEvalViolation { kind: Some(kind) }
}
fn eval_error_to_proto(err: VetError) -> Option<TransactionEvalError> {
let kind = match err {
VetError::ContractCreationNotSupported => {
ProtoTransactionEvalErrorKind::ContractCreationNotSupported(ProtoEmpty {})
}
VetError::UnsupportedTransactionType => {
ProtoTransactionEvalErrorKind::UnsupportedTransactionType(ProtoEmpty {})
}
VetError::Evaluated(meaning, policy_error) => match policy_error {
PolicyError::NoMatchingGrant => {
ProtoTransactionEvalErrorKind::NoMatchingGrant(NoMatchingGrantError {
meaning: Some(meaning_to_proto(meaning)),
})
}
PolicyError::Violations(violations) => {
ProtoTransactionEvalErrorKind::PolicyViolations(PolicyViolationsError {
meaning: Some(meaning_to_proto(meaning)),
violations: violations.into_iter().map(violation_to_proto).collect(),
})
}
PolicyError::Pool(_) | PolicyError::Database(_) => {
return None;
}
},
};
Some(TransactionEvalError { kind: Some(kind) })
}
fn decode_eip1559_transaction(payload: &[u8]) -> Result<TxEip1559, ()> {
let mut body = payload;
if let Some((prefix, rest)) = payload.split_first()
&& *prefix == 0x02
{
body = rest;
}
let mut cursor = body;
let transaction = TxEip1559::decode(&mut cursor).map_err(|_| ())?;
if !cursor.is_empty() {
return Err(());
}
Ok(transaction)
}
async fn dispatch_loop( async fn dispatch_loop(
mut bi: GrpcBi<ClientRequest, ClientResponse>, mut bi: GrpcBi<ClientRequest, ClientResponse>,
@@ -153,52 +48,63 @@ async fn dispatch_loop(
mut request_tracker: RequestTracker, mut request_tracker: RequestTracker,
) { ) {
loop { loop {
let Some(conn) = bi.recv().await else { let Some(message) = bi.recv().await else {
return; return;
}; };
if dispatch_conn_message(&mut bi, &actor, &mut request_tracker, conn) let conn = match message {
.await
.is_err()
{
return;
}
}
}
async fn dispatch_conn_message(
bi: &mut GrpcBi<ClientRequest, ClientResponse>,
actor: &ActorRef<ClientSession>,
request_tracker: &mut RequestTracker,
conn: Result<ClientRequest, Status>,
) -> Result<(), ()> {
let conn = match conn {
Ok(conn) => conn, Ok(conn) => conn,
Err(err) => { Err(err) => {
warn!(error = ?err, "Failed to receive client request"); warn!(error = ?err, "Failed to receive client request");
return Err(()); return;
} }
}; };
let request_id = match request_tracker.request(conn.request_id) { let request_id = match request_tracker.request(conn.request_id) {
Ok(request_id) => request_id, Ok(id) => id,
Err(err) => { Err(err) => {
let _ = bi.send(Err(err)).await; let _ = bi.send(Err(err)).await;
return Err(()); return;
} }
}; };
let Some(payload) = conn.payload else { let Some(payload) = conn.payload else {
let _ = bi let _ = bi
.send(Err(Status::invalid_argument( .send(Err(Status::invalid_argument(
"Missing client request payload", "Missing client request payload",
))) )))
.await; .await;
return Err(()); return;
}; };
let payload = match payload { match dispatch_inner(&actor, payload).await {
ClientRequestPayload::QueryVaultState(_) => ClientResponsePayload::VaultState( Ok(response) => {
match actor.ask(HandleQueryVaultState {}).await { if bi
.send(Ok(ClientResponse {
request_id: Some(request_id),
payload: Some(response),
}))
.await
.is_err()
{
return;
}
}
Err(status) => {
let _ = bi.send(Err(status)).await;
return;
}
}
}
}
async fn dispatch_inner(
actor: &ActorRef<ClientSession>,
payload: ClientRequestPayload,
) -> Result<ClientResponsePayload, Status> {
match payload {
ClientRequestPayload::QueryVaultState(_) => {
let state = match actor.ask(HandleQueryVaultState {}).await {
Ok(KeyHolderState::Unbootstrapped) => ProtoVaultState::Unbootstrapped, Ok(KeyHolderState::Unbootstrapped) => ProtoVaultState::Unbootstrapped,
Ok(KeyHolderState::Sealed) => ProtoVaultState::Sealed, Ok(KeyHolderState::Sealed) => ProtoVaultState::Sealed,
Ok(KeyHolderState::Unsealed) => ProtoVaultState::Unsealed, Ok(KeyHolderState::Unsealed) => ProtoVaultState::Unsealed,
@@ -207,109 +113,78 @@ async fn dispatch_conn_message(
warn!(error = ?err, "Failed to query vault state"); warn!(error = ?err, "Failed to query vault state");
ProtoVaultState::Error ProtoVaultState::Error
} }
};
Ok(ClientResponsePayload::VaultState(state.into()))
} }
.into(),
),
ClientRequestPayload::EvmSignTransaction(request) => { ClientRequestPayload::EvmSignTransaction(request) => {
let wallet_address = match <[u8; 20]>::try_from(request.wallet_address.as_slice()) { let address: Address = RawEvmAddress(request.wallet_address).try_convert()?;
Ok(address) => Address::from(address), let transaction = RawEvmTransaction(request.rlp_transaction).try_convert()?;
Err(_) => {
let _ = bi
.send(Err(Status::invalid_argument("Invalid EVM wallet address")))
.await;
return Err(());
}
};
let transaction = match decode_eip1559_transaction(&request.rlp_transaction) {
Ok(transaction) => transaction,
Err(()) => {
let _ = bi
.send(Err(Status::invalid_argument(
"Invalid EIP-1559 RLP transaction",
)))
.await;
return Err(());
}
};
let response = match actor let response = match actor
.ask(HandleSignTransaction { .ask(HandleSignTransaction {
wallet_address, wallet_address: address,
transaction, transaction,
}) })
.await .await
{ {
Ok(signature) => EvmSignTransactionResponse { Ok(signature) => EvmSignTransactionResponse {
result: Some(EvmSignTransactionResult::Signature(signature.as_bytes().to_vec())), result: Some(EvmSignTransactionResult::Signature(
signature.as_bytes().to_vec(),
)),
}, },
Err(kameo::error::SendError::HandlerError(SignTransactionRpcError::Vet(vet_error))) => { Err(kameo::error::SendError::HandlerError(SignTransactionRpcError::Vet(
match eval_error_to_proto(vet_error) { vet_error,
Some(eval_error) => EvmSignTransactionResponse { ))) => EvmSignTransactionResponse {
result: Some(EvmSignTransactionResult::EvalError(eval_error)), result: Some(vet_error.convert()),
}, },
None => EvmSignTransactionResponse {
result: Some(EvmSignTransactionResult::Error(ProtoEvmError::Internal.into())),
},
}
}
Err(kameo::error::SendError::HandlerError(SignTransactionRpcError::Internal)) => { Err(kameo::error::SendError::HandlerError(SignTransactionRpcError::Internal)) => {
EvmSignTransactionResponse { EvmSignTransactionResponse {
result: Some(EvmSignTransactionResult::Error(ProtoEvmError::Internal.into())), result: Some(EvmSignTransactionResult::Error(
ProtoEvmError::Internal.into(),
)),
} }
} }
Err(err) => { Err(err) => {
warn!(error = ?err, "Failed to sign EVM transaction"); warn!(error = ?err, "Failed to sign EVM transaction");
EvmSignTransactionResponse { EvmSignTransactionResponse {
result: Some(EvmSignTransactionResult::Error(ProtoEvmError::Internal.into())), result: Some(EvmSignTransactionResult::Error(
ProtoEvmError::Internal.into(),
)),
} }
} }
}; };
ClientResponsePayload::EvmSignTransaction(response) Ok(ClientResponsePayload::EvmSignTransaction(response))
} }
payload => { payload => {
warn!(?payload, "Unsupported post-auth client request"); warn!(?payload, "Unsupported post-auth client request");
Err(Status::invalid_argument("Unsupported client request"))
}
}
}
pub async fn start(mut conn: ClientConnection, mut bi: GrpcBi<ClientRequest, ClientResponse>) {
let mut request_tracker = RequestTracker::default();
let client_id = match auth::start(&mut conn, &mut bi, &mut request_tracker).await {
Ok(id) => id,
Err(err) => {
let _ = bi let _ = bi
.send(Err(Status::invalid_argument("Unsupported client request"))) .send(Err(Status::unauthenticated(format!(
"Authentication failed: {}",
err
))))
.await; .await;
return Err(()); warn!(error = ?err, "Client authentication failed");
return;
} }
}; };
bi.send(Ok(ClientResponse { let actor = ClientSession::spawn(ClientSession::new(conn, client_id));
request_id: Some(request_id),
payload: Some(payload),
}))
.await
.map_err(|_| ())
}
pub async fn start(conn: ClientConnection, mut bi: GrpcBi<ClientRequest, ClientResponse>) {
let mut conn = conn;
let mut request_tracker = RequestTracker::default();
let mut response_id = None;
match auth::start(&mut conn, &mut bi, &mut request_tracker, &mut response_id).await {
Ok(_) => {
let actor =
client::session::ClientSession::spawn(client::session::ClientSession::new(conn));
let actor_for_cleanup = actor.clone(); let actor_for_cleanup = actor.clone();
let _ = defer(move || {
actor_for_cleanup.kill();
});
info!("Client authenticated successfully"); info!("Client authenticated successfully");
dispatch_loop(bi, actor, request_tracker).await; dispatch_loop(bi, actor, request_tracker).await;
} actor_for_cleanup.kill();
Err(e) => {
let mut transport = auth::AuthTransportAdapter::new(
&mut bi,
&mut request_tracker,
&mut response_id,
);
let _ = transport.send(Err(e.clone())).await;
warn!(error = ?e, "Authentication failed");
}
}
} }

51
server/crates/arbiter-server/src/grpc/client/auth.rs
View File

@@ -1,8 +1,10 @@
use arbiter_proto::{ use arbiter_proto::{
ClientMetadata,
proto::client::{ proto::client::{
AuthChallenge as ProtoAuthChallenge, AuthChallengeRequest as ProtoAuthChallengeRequest, AuthChallenge as ProtoAuthChallenge, AuthChallengeRequest as ProtoAuthChallengeRequest,
AuthChallengeSolution as ProtoAuthChallengeSolution, AuthResult as ProtoAuthResult, AuthChallengeSolution as ProtoAuthChallengeSolution, AuthResult as ProtoAuthResult,
ClientRequest, ClientResponse, client_request::Payload as ClientRequestPayload, ClientInfo as ProtoClientInfo, ClientRequest, ClientResponse,
client_request::Payload as ClientRequestPayload,
client_response::Payload as ClientResponsePayload, client_response::Payload as ClientResponsePayload,
}, },
transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi}, transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi},
@@ -19,19 +21,16 @@ use crate::{
pub struct AuthTransportAdapter<'a> { pub struct AuthTransportAdapter<'a> {
bi: &'a mut GrpcBi<ClientRequest, ClientResponse>, bi: &'a mut GrpcBi<ClientRequest, ClientResponse>,
request_tracker: &'a mut RequestTracker, request_tracker: &'a mut RequestTracker,
response_id: &'a mut Option<i32>,
} }
impl<'a> AuthTransportAdapter<'a> { impl<'a> AuthTransportAdapter<'a> {
pub fn new( pub fn new(
bi: &'a mut GrpcBi<ClientRequest, ClientResponse>, bi: &'a mut GrpcBi<ClientRequest, ClientResponse>,
request_tracker: &'a mut RequestTracker, request_tracker: &'a mut RequestTracker,
response_id: &'a mut Option<i32>,
) -> Self { ) -> Self {
Self { Self {
bi, bi,
request_tracker, request_tracker,
response_id,
} }
} }
@@ -57,7 +56,7 @@ impl<'a> AuthTransportAdapter<'a> {
ProtoAuthResult::ApprovalDenied ProtoAuthResult::ApprovalDenied
} }
auth::Error::ApproveError(auth::ApproveError::Upstream( auth::Error::ApproveError(auth::ApproveError::Upstream(
crate::actors::router::ApprovalError::NoUserAgentsConnected, crate::actors::flow_coordinator::ApprovalError::NoUserAgentsConnected,
)) => ProtoAuthResult::NoUserAgentsOnline, )) => ProtoAuthResult::NoUserAgentsOnline,
auth::Error::ApproveError(auth::ApproveError::Internal) auth::Error::ApproveError(auth::ApproveError::Internal)
| auth::Error::DatabasePoolUnavailable | auth::Error::DatabasePoolUnavailable
@@ -72,11 +71,9 @@ impl<'a> AuthTransportAdapter<'a> {
&mut self, &mut self,
payload: ClientResponsePayload, payload: ClientResponsePayload,
) -> Result<(), TransportError> { ) -> Result<(), TransportError> {
let request_id = self.response_id.take();
self.bi self.bi
.send(Ok(ClientResponse { .send(Ok(ClientResponse {
request_id, request_id: Some(self.request_tracker.current_request_id()),
payload: Some(payload), payload: Some(payload),
})) }))
.await .await
@@ -114,19 +111,27 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
} }
}; };
let request_id = match self.request_tracker.request(request.request_id) { match self.request_tracker.request(request.request_id) {
Ok(request_id) => request_id, Ok(request_id) => request_id,
Err(error) => { Err(error) => {
let _ = self.bi.send(Err(error)).await; let _ = self.bi.send(Err(error)).await;
return None; return None;
} }
}; };
*self.response_id = Some(request_id);
let payload = request.payload?; let payload = request.payload?;
match payload { match payload {
ClientRequestPayload::AuthChallengeRequest(ProtoAuthChallengeRequest { pubkey }) => { ClientRequestPayload::AuthChallengeRequest(ProtoAuthChallengeRequest {
pubkey,
client_info,
}) => {
let Some(client_info) = client_info else {
let _ = self
.bi
.send(Err(Status::invalid_argument("Missing client info")))
.await;
return None;
};
let Ok(pubkey) = <[u8; 32]>::try_from(pubkey) else { let Ok(pubkey) = <[u8; 32]>::try_from(pubkey) else {
let _ = self.send_auth_result(ProtoAuthResult::InvalidKey).await; let _ = self.send_auth_result(ProtoAuthResult::InvalidKey).await;
return None; return None;
@@ -135,7 +140,10 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
let _ = self.send_auth_result(ProtoAuthResult::InvalidKey).await; let _ = self.send_auth_result(ProtoAuthResult::InvalidKey).await;
return None; return None;
}; };
Some(auth::Inbound::AuthChallengeRequest { pubkey }) Some(auth::Inbound::AuthChallengeRequest {
pubkey,
metadata: client_metadata_from_proto(client_info),
})
} }
ClientRequestPayload::AuthChallengeSolution(ProtoAuthChallengeSolution { ClientRequestPayload::AuthChallengeSolution(ProtoAuthChallengeSolution {
signature, signature,
@@ -163,14 +171,19 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
impl Bi<auth::Inbound, Result<auth::Outbound, auth::Error>> for AuthTransportAdapter<'_> {} impl Bi<auth::Inbound, Result<auth::Outbound, auth::Error>> for AuthTransportAdapter<'_> {}
fn client_metadata_from_proto(metadata: ProtoClientInfo) -> ClientMetadata {
ClientMetadata {
name: metadata.name,
description: metadata.description,
version: metadata.version,
}
}
pub async fn start( pub async fn start(
conn: &mut ClientConnection, conn: &mut ClientConnection,
bi: &mut GrpcBi<ClientRequest, ClientResponse>, bi: &mut GrpcBi<ClientRequest, ClientResponse>,
request_tracker: &mut RequestTracker, request_tracker: &mut RequestTracker,
response_id: &mut Option<i32>, ) -> Result<i32, auth::Error> {
) -> Result<(), auth::Error> { let mut transport = AuthTransportAdapter::new(bi, request_tracker);
let mut transport = AuthTransportAdapter::new(bi, request_tracker, response_id); client::auth::authenticate(conn, &mut transport).await
let authenticated = client::auth::authenticate(conn, &mut transport).await?;
conn.client_id = authenticated.client_id;
Ok(())
} }

0
server/crates/arbiter-server/src/grpc/client/inbound.rs Normal file
View File

0
server/crates/arbiter-server/src/grpc/client/outbound.rs Normal file
View File

2
server/crates/arbiter-server/src/grpc/common.rs Normal file
View File

@@ -0,0 +1,2 @@
pub mod inbound;
pub mod outbound;

36
server/crates/arbiter-server/src/grpc/common/inbound.rs Normal file
View File

@@ -0,0 +1,36 @@
use alloy::{consensus::TxEip1559, primitives::Address, rlp::Decodable as _};
use crate::grpc::TryConvert;
pub struct RawEvmAddress(pub Vec<u8>);
impl TryConvert for RawEvmAddress {
type Output = Address;
type Error = tonic::Status;
fn try_convert(self) -> Result<Self::Output, Self::Error> {
let wallet_address = match <[u8; 20]>::try_from(self.0.as_slice()) {
Ok(address) => Address::from(address),
Err(_) => {
return Err(tonic::Status::invalid_argument(
"Invalid EVM wallet address",
));
}
};
Ok(wallet_address)
}
}
pub struct RawEvmTransaction(pub Vec<u8>);
impl TryConvert for RawEvmTransaction {
type Output = TxEip1559;
type Error = tonic::Status;
fn try_convert(mut self) -> Result<Self::Output, Self::Error> {
let tx = TxEip1559::decode(&mut self.0.as_slice()).map_err(|_| {
tonic::Status::invalid_argument("Invalid EVM transaction format")
})?;
Ok(tx)
}
}

114
server/crates/arbiter-server/src/grpc/common/outbound.rs Normal file
View File

@@ -0,0 +1,114 @@
use alloy::primitives::U256;
use arbiter_proto::proto::evm::{
EvalViolation as ProtoEvalViolation, EvmError as ProtoEvmError, GasLimitExceededViolation,
NoMatchingGrantError, PolicyViolationsError, SpecificMeaning as ProtoSpecificMeaning,
TokenInfo as ProtoTokenInfo, TransactionEvalError as ProtoTransactionEvalError,
eval_violation::Kind as ProtoEvalViolationKind,
evm_sign_transaction_response::Result as EvmSignTransactionResult,
specific_meaning::Meaning as ProtoSpecificMeaningKind,
transaction_eval_error::Kind as ProtoTransactionEvalErrorKind,
};
use crate::{
evm::{
PolicyError, VetError,
policies::{EvalViolation, SpecificMeaning},
},
grpc::Convert,
};
fn u256_to_proto_bytes(value: U256) -> Vec<u8> {
value.to_be_bytes::<32>().to_vec()
}
impl Convert for SpecificMeaning {
type Output = ProtoSpecificMeaning;
fn convert(self) -> Self::Output {
let kind = match self {
SpecificMeaning::EtherTransfer(meaning) => ProtoSpecificMeaningKind::EtherTransfer(
arbiter_proto::proto::evm::EtherTransferMeaning {
to: meaning.to.to_vec(),
value: u256_to_proto_bytes(meaning.value),
},
),
SpecificMeaning::TokenTransfer(meaning) => ProtoSpecificMeaningKind::TokenTransfer(
arbiter_proto::proto::evm::TokenTransferMeaning {
token: Some(ProtoTokenInfo {
symbol: meaning.token.symbol.to_string(),
address: meaning.token.contract.to_vec(),
chain_id: meaning.token.chain,
}),
to: meaning.to.to_vec(),
value: u256_to_proto_bytes(meaning.value),
},
),
};
ProtoSpecificMeaning {
meaning: Some(kind),
}
}
}
impl Convert for EvalViolation {
type Output = ProtoEvalViolation;
fn convert(self) -> Self::Output {
let kind = match self {
EvalViolation::InvalidTarget { target } => {
ProtoEvalViolationKind::InvalidTarget(target.to_vec())
}
EvalViolation::GasLimitExceeded {
max_gas_fee_per_gas,
max_priority_fee_per_gas,
} => ProtoEvalViolationKind::GasLimitExceeded(GasLimitExceededViolation {
max_gas_fee_per_gas: max_gas_fee_per_gas.map(u256_to_proto_bytes),
max_priority_fee_per_gas: max_priority_fee_per_gas.map(u256_to_proto_bytes),
}),
EvalViolation::RateLimitExceeded => ProtoEvalViolationKind::RateLimitExceeded(()),
EvalViolation::VolumetricLimitExceeded => {
ProtoEvalViolationKind::VolumetricLimitExceeded(())
}
EvalViolation::InvalidTime => ProtoEvalViolationKind::InvalidTime(()),
EvalViolation::InvalidTransactionType => {
ProtoEvalViolationKind::InvalidTransactionType(())
}
};
ProtoEvalViolation { kind: Some(kind) }
}
}
impl Convert for VetError {
type Output = EvmSignTransactionResult;
fn convert(self) -> Self::Output {
let kind = match self {
VetError::ContractCreationNotSupported => {
ProtoTransactionEvalErrorKind::ContractCreationNotSupported(())
}
VetError::UnsupportedTransactionType => {
ProtoTransactionEvalErrorKind::UnsupportedTransactionType(())
}
VetError::Evaluated(meaning, policy_error) => match policy_error {
PolicyError::NoMatchingGrant => {
ProtoTransactionEvalErrorKind::NoMatchingGrant(NoMatchingGrantError {
meaning: Some(meaning.convert()),
})
}
PolicyError::Violations(violations) => {
ProtoTransactionEvalErrorKind::PolicyViolations(PolicyViolationsError {
meaning: Some(meaning.convert()),
violations: violations.into_iter().map(Convert::convert).collect(),
})
}
PolicyError::Database(_) => {
return EvmSignTransactionResult::Error(ProtoEvmError::Internal.into());
}
},
};
EvmSignTransactionResult::EvalError(ProtoTransactionEvalError { kind: Some(kind) }.into())
}
}

18
server/crates/arbiter-server/src/grpc/mod.rs
View File

@@ -14,10 +14,26 @@ use crate::{
grpc::user_agent::start, grpc::user_agent::start,
}; };
pub mod client;
mod request_tracker; mod request_tracker;
pub mod client;
pub mod user_agent; pub mod user_agent;
mod common;
pub trait Convert {
type Output;
fn convert(self) -> Self::Output;
}
pub trait TryConvert {
type Output;
type Error;
fn try_convert(self) -> Result<Self::Output, Self::Error>;
}
#[async_trait] #[async_trait]
impl arbiter_proto::proto::arbiter_service_server::ArbiterService for super::Server { impl arbiter_proto::proto::arbiter_service_server::ArbiterService for super::Server {
type UserAgentStream = ReceiverStream<Result<UserAgentResponse, Status>>; type UserAgentStream = ReceiverStream<Result<UserAgentResponse, Status>>;

6
server/crates/arbiter-server/src/grpc/request_tracker.rs
View File

@@ -17,4 +17,10 @@ impl RequestTracker {
Ok(id) Ok(id)
} }
// This is used to set the response id for auth responses, which need to match the request id of the auth challenge request.
// -1 offset is needed because request() increments the next_request_id after returning the current request id.
pub fn current_request_id(&self) -> i32 {
self.next_request_id - 1
}
} }

903
server/crates/arbiter-server/src/grpc/user_agent.rs
View File

File diff suppressed because it is too large Load Diff

22
server/crates/arbiter-server/src/grpc/user_agent/auth.rs
View File

@@ -21,19 +21,16 @@ use crate::{
pub struct AuthTransportAdapter<'a> { pub struct AuthTransportAdapter<'a> {
bi: &'a mut GrpcBi<UserAgentRequest, UserAgentResponse>, bi: &'a mut GrpcBi<UserAgentRequest, UserAgentResponse>,
request_tracker: &'a mut RequestTracker, request_tracker: &'a mut RequestTracker,
response_id: &'a mut Option<i32>,
} }
impl<'a> AuthTransportAdapter<'a> { impl<'a> AuthTransportAdapter<'a> {
pub fn new( pub fn new(
bi: &'a mut GrpcBi<UserAgentRequest, UserAgentResponse>, bi: &'a mut GrpcBi<UserAgentRequest, UserAgentResponse>,
request_tracker: &'a mut RequestTracker, request_tracker: &'a mut RequestTracker,
response_id: &'a mut Option<i32>,
) -> Self { ) -> Self {
Self { Self {
bi, bi,
request_tracker, request_tracker,
response_id,
} }
} }
@@ -41,11 +38,9 @@ impl<'a> AuthTransportAdapter<'a> {
&mut self, &mut self,
payload: UserAgentResponsePayload, payload: UserAgentResponsePayload,
) -> Result<(), TransportError> { ) -> Result<(), TransportError> {
let id = self.response_id.take();
self.bi self.bi
.send(Ok(UserAgentResponse { .send(Ok(UserAgentResponse {
id, id: Some(self.request_tracker.current_request_id()),
payload: Some(payload), payload: Some(payload),
})) }))
.await .await
@@ -75,9 +70,14 @@ impl Sender<Result<auth::Outbound, auth::Error>> for AuthTransportAdapter<'_> {
Err(Error::InvalidBootstrapToken) => { Err(Error::InvalidBootstrapToken) => {
UserAgentResponsePayload::AuthResult(ProtoAuthResult::TokenInvalid.into()) UserAgentResponsePayload::AuthResult(ProtoAuthResult::TokenInvalid.into())
} }
Err(Error::Internal { details }) => return self.bi.send(Err(Status::internal(details))).await, Err(Error::Internal { details }) => {
return self.bi.send(Err(Status::internal(details))).await;
}
Err(Error::Transport) => { Err(Error::Transport) => {
return self.bi.send(Err(Status::unavailable("transport error"))).await; return self
.bi
.send(Err(Status::unavailable("transport error")))
.await;
} }
}; };
@@ -96,14 +96,13 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
} }
}; };
let request_id = match self.request_tracker.request(request.id) { match self.request_tracker.request(request.id) {
Ok(request_id) => request_id, Ok(request_id) => request_id,
Err(error) => { Err(error) => {
let _ = self.bi.send(Err(error)).await; let _ = self.bi.send(Err(error)).await;
return None; return None;
} }
}; };
*self.response_id = Some(request_id);
let Some(payload) = request.payload else { let Some(payload) = request.payload else {
warn!( warn!(
@@ -173,8 +172,7 @@ pub async fn start(
conn: &mut UserAgentConnection, conn: &mut UserAgentConnection,
bi: &mut GrpcBi<UserAgentRequest, UserAgentResponse>, bi: &mut GrpcBi<UserAgentRequest, UserAgentResponse>,
request_tracker: &mut RequestTracker, request_tracker: &mut RequestTracker,
response_id: &mut Option<i32>,
) -> Result<AuthPublicKey, auth::Error> { ) -> Result<AuthPublicKey, auth::Error> {
let transport = AuthTransportAdapter::new(bi, request_tracker, response_id); let transport = AuthTransportAdapter::new(bi, request_tracker);
auth::authenticate(conn, transport).await auth::authenticate(conn, transport).await
} }

168
server/crates/arbiter-server/src/grpc/user_agent/inbound.rs Normal file
View File

@@ -0,0 +1,168 @@
use alloy::primitives::{Address, U256};
use arbiter_proto::proto::evm::{
EtherTransferSettings as ProtoEtherTransferSettings, SharedSettings as ProtoSharedSettings,
SpecificGrant as ProtoSpecificGrant, TokenTransferSettings as ProtoTokenTransferSettings,
TransactionRateLimit as ProtoTransactionRateLimit, VolumeRateLimit as ProtoVolumeRateLimit,
specific_grant::Grant as ProtoSpecificGrantType,
};
use arbiter_proto::proto::user_agent::{SdkClientWalletAccess, WalletAccess};
use chrono::{DateTime, TimeZone, Utc};
use prost_types::Timestamp as ProtoTimestamp;
use tonic::Status;
use crate::db::models::{CoreEvmWalletAccess, NewEvmWallet, NewEvmWalletAccess};
use crate::grpc::Convert;
use crate::{
evm::policies::{
SharedGrantSettings, SpecificGrant, TransactionRateLimit, VolumeRateLimit, ether_transfer,
token_transfers,
},
grpc::TryConvert,
};
fn address_from_bytes(bytes: Vec<u8>) -> Result<Address, Status> {
if bytes.len() != 20 {
return Err(Status::invalid_argument("Invalid EVM address"));
}
Ok(Address::from_slice(&bytes))
}
fn u256_from_proto_bytes(bytes: &[u8]) -> Result<U256, Status> {
if bytes.len() > 32 {
return Err(Status::invalid_argument("Invalid U256 byte length"));
}
Ok(U256::from_be_slice(bytes))
}
impl TryConvert for ProtoTimestamp {
type Output = DateTime<Utc>;
type Error = Status;
fn try_convert(self) -> Result<DateTime<Utc>, Status> {
Utc.timestamp_opt(self.seconds, self.nanos as u32)
.single()
.ok_or_else(|| Status::invalid_argument("Invalid timestamp"))
}
}
impl TryConvert for ProtoTransactionRateLimit {
type Output = TransactionRateLimit;
type Error = Status;
fn try_convert(self) -> Result<TransactionRateLimit, Status> {
Ok(TransactionRateLimit {
count: self.count,
window: chrono::Duration::seconds(self.window_secs),
})
}
}
impl TryConvert for ProtoVolumeRateLimit {
type Output = VolumeRateLimit;
type Error = Status;
fn try_convert(self) -> Result<VolumeRateLimit, Status> {
Ok(VolumeRateLimit {
max_volume: u256_from_proto_bytes(&self.max_volume)?,
window: chrono::Duration::seconds(self.window_secs),
})
}
}
impl TryConvert for ProtoSharedSettings {
type Output = SharedGrantSettings;
type Error = Status;
fn try_convert(self) -> Result<SharedGrantSettings, Status> {
Ok(SharedGrantSettings {
wallet_access_id: self.wallet_access_id,
chain: self.chain_id,
valid_from: self
.valid_from
.map(ProtoTimestamp::try_convert)
.transpose()?,
valid_until: self
.valid_until
.map(ProtoTimestamp::try_convert)
.transpose()?,
max_gas_fee_per_gas: self
.max_gas_fee_per_gas
.as_deref()
.map(u256_from_proto_bytes)
.transpose()?,
max_priority_fee_per_gas: self
.max_priority_fee_per_gas
.as_deref()
.map(u256_from_proto_bytes)
.transpose()?,
rate_limit: self
.rate_limit
.map(ProtoTransactionRateLimit::try_convert)
.transpose()?,
})
}
}
impl TryConvert for ProtoSpecificGrant {
type Output = SpecificGrant;
type Error = Status;
fn try_convert(self) -> Result<SpecificGrant, Status> {
match self.grant {
Some(ProtoSpecificGrantType::EtherTransfer(ProtoEtherTransferSettings {
targets,
limit,
})) => Ok(SpecificGrant::EtherTransfer(ether_transfer::Settings {
target: targets
.into_iter()
.map(address_from_bytes)
.collect::<Result<_, _>>()?,
limit: limit
.ok_or_else(|| {
Status::invalid_argument("Missing ether transfer volume rate limit")
})?
.try_convert()?,
})),
Some(ProtoSpecificGrantType::TokenTransfer(ProtoTokenTransferSettings {
token_contract,
target,
volume_limits,
})) => Ok(SpecificGrant::TokenTransfer(token_transfers::Settings {
token_contract: address_from_bytes(token_contract)?,
target: target.map(address_from_bytes).transpose()?,
volume_limits: volume_limits
.into_iter()
.map(ProtoVolumeRateLimit::try_convert)
.collect::<Result<_, _>>()?,
})),
None => Err(Status::invalid_argument("Missing specific grant kind")),
}
}
}
impl Convert for WalletAccess {
type Output = NewEvmWalletAccess;
fn convert(self) -> Self::Output {
NewEvmWalletAccess {
wallet_id: self.wallet_id,
client_id: self.sdk_client_id,
}
}
}
impl TryConvert for SdkClientWalletAccess {
type Output = CoreEvmWalletAccess;
type Error = Status;
fn try_convert(self) -> Result<CoreEvmWalletAccess, Status> {
let Some(access) = self.access else {
return Err(Status::invalid_argument("Missing wallet access entry"));
};
Ok(CoreEvmWalletAccess {
wallet_id: access.wallet_id,
client_id: access.sdk_client_id,
id: self.id,
})
}
}

111
server/crates/arbiter-server/src/grpc/user_agent/outbound.rs Normal file
View File

@@ -0,0 +1,111 @@
use arbiter_proto::proto::{
evm::{
EtherTransferSettings as ProtoEtherTransferSettings, SharedSettings as ProtoSharedSettings,
SpecificGrant as ProtoSpecificGrant, TokenTransferSettings as ProtoTokenTransferSettings,
TransactionRateLimit as ProtoTransactionRateLimit, VolumeRateLimit as ProtoVolumeRateLimit,
specific_grant::Grant as ProtoSpecificGrantType,
},
user_agent::{SdkClientWalletAccess as ProtoSdkClientWalletAccess, WalletAccess},
};
use chrono::{DateTime, Utc};
use prost_types::Timestamp as ProtoTimestamp;
use crate::{
db::models::EvmWalletAccess,
evm::policies::{SharedGrantSettings, SpecificGrant, TransactionRateLimit, VolumeRateLimit},
grpc::Convert,
};
impl Convert for DateTime<Utc> {
type Output = ProtoTimestamp;
fn convert(self) -> ProtoTimestamp {
ProtoTimestamp {
seconds: self.timestamp(),
nanos: self.timestamp_subsec_nanos() as i32,
}
}
}
impl Convert for TransactionRateLimit {
type Output = ProtoTransactionRateLimit;
fn convert(self) -> ProtoTransactionRateLimit {
ProtoTransactionRateLimit {
count: self.count,
window_secs: self.window.num_seconds(),
}
}
}
impl Convert for VolumeRateLimit {
type Output = ProtoVolumeRateLimit;
fn convert(self) -> ProtoVolumeRateLimit {
ProtoVolumeRateLimit {
max_volume: self.max_volume.to_be_bytes::<32>().to_vec(),
window_secs: self.window.num_seconds(),
}
}
}
impl Convert for SharedGrantSettings {
type Output = ProtoSharedSettings;
fn convert(self) -> ProtoSharedSettings {
ProtoSharedSettings {
wallet_access_id: self.wallet_access_id,
chain_id: self.chain,
valid_from: self.valid_from.map(DateTime::convert),
valid_until: self.valid_until.map(DateTime::convert),
max_gas_fee_per_gas: self
.max_gas_fee_per_gas
.map(|value| value.to_be_bytes::<32>().to_vec()),
max_priority_fee_per_gas: self
.max_priority_fee_per_gas
.map(|value| value.to_be_bytes::<32>().to_vec()),
rate_limit: self.rate_limit.map(TransactionRateLimit::convert),
}
}
}
impl Convert for SpecificGrant {
type Output = ProtoSpecificGrant;
fn convert(self) -> ProtoSpecificGrant {
let grant = match self {
SpecificGrant::EtherTransfer(s) => {
ProtoSpecificGrantType::EtherTransfer(ProtoEtherTransferSettings {
targets: s.target.into_iter().map(|a| a.to_vec()).collect(),
limit: Some(s.limit.convert()),
})
}
SpecificGrant::TokenTransfer(s) => {
ProtoSpecificGrantType::TokenTransfer(ProtoTokenTransferSettings {
token_contract: s.token_contract.to_vec(),
target: s.target.map(|a| a.to_vec()),
volume_limits: s
.volume_limits
.into_iter()
.map(VolumeRateLimit::convert)
.collect(),
})
}
};
ProtoSpecificGrant { grant: Some(grant) }
}
}
impl Convert for EvmWalletAccess {
type Output = ProtoSdkClientWalletAccess;
fn convert(self) -> Self::Output {
Self::Output {
id: self.id,
access: Some(WalletAccess {
wallet_id: self.wallet_id,
sdk_client_id: self.client_id,
}),
}
}
}

236
server/crates/arbiter-server/tests/client/auth.rs
View File

@@ -1,15 +1,52 @@
use arbiter_proto::ClientMetadata;
use arbiter_proto::transport::{Receiver, Sender}; use arbiter_proto::transport::{Receiver, Sender};
use arbiter_server::actors::GlobalActors; use arbiter_server::actors::GlobalActors;
use arbiter_server::{ use arbiter_server::{
actors::client::{ClientConnection, auth, connect_client}, actors::client::{ClientConnection, auth, connect_client},
db::{self, schema}, db,
}; };
use diesel::{ExpressionMethods as _, insert_into}; use diesel::{ExpressionMethods as _, NullableExpressionMethods as _, QueryDsl as _, insert_into};
use diesel_async::RunQueryDsl; use diesel_async::RunQueryDsl;
use ed25519_dalek::Signer as _; use ed25519_dalek::Signer as _;
use super::common::ChannelTransport; use super::common::ChannelTransport;
fn metadata(name: &str, description: Option<&str>, version: Option<&str>) -> ClientMetadata {
ClientMetadata {
name: name.to_owned(),
description: description.map(str::to_owned),
version: version.map(str::to_owned),
}
}
async fn insert_registered_client(
db: &db::DatabasePool,
pubkey: Vec<u8>,
metadata: &ClientMetadata,
) {
use arbiter_server::db::schema::{client_metadata, program_client};
let mut conn = db.get().await.unwrap();
let metadata_id: i32 = insert_into(client_metadata::table)
.values((
client_metadata::name.eq(&metadata.name),
client_metadata::description.eq(&metadata.description),
client_metadata::version.eq(&metadata.version),
))
.returning(client_metadata::id)
.get_result(&mut conn)
.await
.unwrap();
insert_into(program_client::table)
.values((
program_client::public_key.eq(pubkey),
program_client::metadata_id.eq(metadata_id),
))
.execute(&mut conn)
.await
.unwrap();
}
#[tokio::test] #[tokio::test]
#[test_log::test] #[test_log::test]
pub async fn test_unregistered_pubkey_rejected() { pub async fn test_unregistered_pubkey_rejected() {
@@ -28,6 +65,7 @@ pub async fn test_unregistered_pubkey_rejected() {
test_transport test_transport
.send(auth::Inbound::AuthChallengeRequest { .send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key(), pubkey: new_key.verifying_key(),
metadata: metadata("client", Some("desc"), Some("1.0.0")),
}) })
.await .await
.unwrap(); .unwrap();
@@ -44,14 +82,12 @@ pub async fn test_challenge_auth() {
let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng()); let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
let pubkey_bytes = new_key.verifying_key().to_bytes().to_vec(); let pubkey_bytes = new_key.verifying_key().to_bytes().to_vec();
{ insert_registered_client(
let mut conn = db.get().await.unwrap(); &db,
insert_into(schema::program_client::table) pubkey_bytes.clone(),
.values(schema::program_client::public_key.eq(pubkey_bytes.clone())) &metadata("client", Some("desc"), Some("1.0.0")),
.execute(&mut conn) )
.await .await;
.unwrap();
}
let (server_transport, mut test_transport) = ChannelTransport::new(); let (server_transport, mut test_transport) = ChannelTransport::new();
let actors = GlobalActors::spawn(db.clone()).await.unwrap(); let actors = GlobalActors::spawn(db.clone()).await.unwrap();
@@ -66,6 +102,7 @@ pub async fn test_challenge_auth() {
test_transport test_transport
.send(auth::Inbound::AuthChallengeRequest { .send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key(), pubkey: new_key.verifying_key(),
metadata: metadata("client", Some("desc"), Some("1.0.0")),
}) })
.await .await
.unwrap(); .unwrap();
@@ -106,3 +143,182 @@ pub async fn test_challenge_auth() {
task.await.unwrap(); task.await.unwrap();
} }
#[tokio::test]
#[test_log::test]
pub async fn test_metadata_unchanged_does_not_append_history() {
let db = db::create_test_pool().await;
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
let props = ClientConnection::new(db.clone(), actors);
let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
let requested = metadata("client", Some("desc"), Some("1.0.0"));
{
use arbiter_server::db::schema::{client_metadata, program_client};
let mut conn = db.get().await.unwrap();
let metadata_id: i32 = insert_into(client_metadata::table)
.values((
client_metadata::name.eq(&requested.name),
client_metadata::description.eq(&requested.description),
client_metadata::version.eq(&requested.version),
))
.returning(client_metadata::id)
.get_result(&mut conn)
.await
.unwrap();
insert_into(program_client::table)
.values((
program_client::public_key.eq(new_key.verifying_key().to_bytes().to_vec()),
program_client::metadata_id.eq(metadata_id),
))
.execute(&mut conn)
.await
.unwrap();
}
let (server_transport, mut test_transport) = ChannelTransport::new();
let task = tokio::spawn(async move {
let mut server_transport = server_transport;
connect_client(props, &mut server_transport).await;
});
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key(),
metadata: requested,
})
.await
.unwrap();
let response = test_transport.recv().await.unwrap().unwrap();
let (pubkey, nonce) = match response {
auth::Outbound::AuthChallenge { pubkey, nonce } => (pubkey, nonce),
other => panic!("Expected AuthChallenge, got {other:?}"),
};
let signature = new_key.sign(&arbiter_proto::format_challenge(nonce, pubkey.as_bytes()));
test_transport
.send(auth::Inbound::AuthChallengeSolution { signature })
.await
.unwrap();
let _ = test_transport.recv().await.unwrap();
task.await.unwrap();
{
use arbiter_server::db::schema::{client_metadata, client_metadata_history};
let mut conn = db.get().await.unwrap();
let metadata_count: i64 = client_metadata::table
.count()
.get_result(&mut conn)
.await
.unwrap();
let history_count: i64 = client_metadata_history::table
.count()
.get_result(&mut conn)
.await
.unwrap();
assert_eq!(metadata_count, 1);
assert_eq!(history_count, 0);
}
}
#[tokio::test]
#[test_log::test]
pub async fn test_metadata_change_appends_history_and_repoints_binding() {
let db = db::create_test_pool().await;
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
let props = ClientConnection::new(db.clone(), actors);
let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
{
use arbiter_server::db::schema::{client_metadata, program_client};
let mut conn = db.get().await.unwrap();
let metadata_id: i32 = insert_into(client_metadata::table)
.values((
client_metadata::name.eq("client"),
client_metadata::description.eq(Some("old")),
client_metadata::version.eq(Some("1.0.0")),
))
.returning(client_metadata::id)
.get_result(&mut conn)
.await
.unwrap();
insert_into(program_client::table)
.values((
program_client::public_key.eq(new_key.verifying_key().to_bytes().to_vec()),
program_client::metadata_id.eq(metadata_id),
))
.execute(&mut conn)
.await
.unwrap();
}
let (server_transport, mut test_transport) = ChannelTransport::new();
let task = tokio::spawn(async move {
let mut server_transport = server_transport;
connect_client(props, &mut server_transport).await;
});
test_transport
.send(auth::Inbound::AuthChallengeRequest {
pubkey: new_key.verifying_key(),
metadata: metadata("client", Some("new"), Some("2.0.0")),
})
.await
.unwrap();
let response = test_transport.recv().await.unwrap().unwrap();
let (pubkey, nonce) = match response {
auth::Outbound::AuthChallenge { pubkey, nonce } => (pubkey, nonce),
other => panic!("Expected AuthChallenge, got {other:?}"),
};
let signature = new_key.sign(&arbiter_proto::format_challenge(nonce, pubkey.as_bytes()));
test_transport
.send(auth::Inbound::AuthChallengeSolution { signature })
.await
.unwrap();
let _ = test_transport.recv().await.unwrap();
task.await.unwrap();
{
use arbiter_server::db::schema::{
client_metadata, client_metadata_history, program_client,
};
let mut conn = db.get().await.unwrap();
let metadata_count: i64 = client_metadata::table
.count()
.get_result(&mut conn)
.await
.unwrap();
let history_count: i64 = client_metadata_history::table
.count()
.get_result(&mut conn)
.await
.unwrap();
let metadata_id = program_client::table
.select(program_client::metadata_id)
.first::<i32>(&mut conn)
.await
.unwrap();
let current = client_metadata::table
.find(metadata_id)
.select((
client_metadata::name,
client_metadata::description.nullable(),
client_metadata::version.nullable(),
))
.first::<(String, Option<String>, Option<String>)>(&mut conn)
.await
.unwrap();
assert_eq!(metadata_count, 2);
assert_eq!(history_count, 1);
assert_eq!(
current,
(
"client".to_owned(),
Some("new".to_owned()),
Some("2.0.0".to_owned())
)
);
}
}

6
server/crates/arbiter-server/tests/user_agent/unseal.rs
View File

@@ -2,9 +2,9 @@ use arbiter_server::{
actors::{ actors::{
GlobalActors, GlobalActors,
keyholder::{Bootstrap, Seal}, keyholder::{Bootstrap, Seal},
user_agent::session::{ user_agent::{UserAgentSession, session::connection::{
HandleUnsealEncryptedKey, HandleUnsealRequest, UnsealError, UserAgentSession, HandleUnsealEncryptedKey, HandleUnsealRequest, UnsealError,
}, }},
}, },
db, db,
safe_cell::{SafeCell, SafeCellHandle as _}, safe_cell::{SafeCell, SafeCellHandle as _},

16
useragent/lib/features/callouts/active_callout.dart Normal file
View File

@@ -0,0 +1,16 @@
import 'package:arbiter/features/callouts/callout_event.dart';
import 'package:freezed_annotation/freezed_annotation.dart';
part 'active_callout.freezed.dart';
@freezed
abstract class ActiveCallout with _$ActiveCallout {
const factory ActiveCallout({
required String id,
required String title,
required String description,
String? iconUrl,
required DateTime addedAt,
required CalloutData data,
}) = _ActiveCallout;
}

304
useragent/lib/features/callouts/active_callout.freezed.dart Normal file
View File

@@ -0,0 +1,304 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
// coverage:ignore-file
// ignore_for_file: type=lint
// ignore_for_file: unused_element, deprecated_member_use, deprecated_member_use_from_same_package, use_function_type_syntax_for_parameters, unnecessary_const, avoid_init_to_null, invalid_override_different_default_values_named, prefer_expression_function_bodies, annotate_overrides, invalid_annotation_target, unnecessary_question_mark
part of 'active_callout.dart';
// **************************************************************************
// FreezedGenerator
// **************************************************************************
// dart format off
T _$identity<T>(T value) => value;
/// @nodoc
mixin _$ActiveCallout {
String get id; String get title; String get description; String? get iconUrl; DateTime get addedAt; CalloutData get data;
/// Create a copy of ActiveCallout
/// with the given fields replaced by the non-null parameter values.
@JsonKey(includeFromJson: false, includeToJson: false)
@pragma('vm:prefer-inline')
$ActiveCalloutCopyWith<ActiveCallout> get copyWith => _$ActiveCalloutCopyWithImpl<ActiveCallout>(this as ActiveCallout, _$identity);
@override
bool operator ==(Object other) {
return identical(this, other) || (other.runtimeType == runtimeType&&other is ActiveCallout&&(identical(other.id, id) || other.id == id)&&(identical(other.title, title) || other.title == title)&&(identical(other.description, description) || other.description == description)&&(identical(other.iconUrl, iconUrl) || other.iconUrl == iconUrl)&&(identical(other.addedAt, addedAt) || other.addedAt == addedAt)&&(identical(other.data, data) || other.data == data));
}
@override
int get hashCode => Object.hash(runtimeType,id,title,description,iconUrl,addedAt,data);
@override
String toString() {
return 'ActiveCallout(id: $id, title: $title, description: $description, iconUrl: $iconUrl, addedAt: $addedAt, data: $data)';
}
}
/// @nodoc
abstract mixin class $ActiveCalloutCopyWith<$Res> {
factory $ActiveCalloutCopyWith(ActiveCallout value, $Res Function(ActiveCallout) _then) = _$ActiveCalloutCopyWithImpl;
@useResult
$Res call({
String id, String title, String description, String? iconUrl, DateTime addedAt, CalloutData data
});
$CalloutDataCopyWith<$Res> get data;
}
/// @nodoc
class _$ActiveCalloutCopyWithImpl<$Res>
implements $ActiveCalloutCopyWith<$Res> {
_$ActiveCalloutCopyWithImpl(this._self, this._then);
final ActiveCallout _self;
final $Res Function(ActiveCallout) _then;
/// Create a copy of ActiveCallout
/// with the given fields replaced by the non-null parameter values.
@pragma('vm:prefer-inline') @override $Res call({Object? id = null,Object? title = null,Object? description = null,Object? iconUrl = freezed,Object? addedAt = null,Object? data = null,}) {
return _then(_self.copyWith(
id: null == id ? _self.id : id // ignore: cast_nullable_to_non_nullable
as String,title: null == title ? _self.title : title // ignore: cast_nullable_to_non_nullable
as String,description: null == description ? _self.description : description // ignore: cast_nullable_to_non_nullable
as String,iconUrl: freezed == iconUrl ? _self.iconUrl : iconUrl // ignore: cast_nullable_to_non_nullable
as String?,addedAt: null == addedAt ? _self.addedAt : addedAt // ignore: cast_nullable_to_non_nullable
as DateTime,data: null == data ? _self.data : data // ignore: cast_nullable_to_non_nullable
as CalloutData,
));
}
/// Create a copy of ActiveCallout
/// with the given fields replaced by the non-null parameter values.
@override
@pragma('vm:prefer-inline')
$CalloutDataCopyWith<$Res> get data {
return $CalloutDataCopyWith<$Res>(_self.data, (value) {
return _then(_self.copyWith(data: value));
});
}
}
/// Adds pattern-matching-related methods to [ActiveCallout].
extension ActiveCalloutPatterns on ActiveCallout {
/// A variant of `map` that fallback to returning `orElse`.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case _:
/// return orElse();
/// }
/// ```
@optionalTypeArgs TResult maybeMap<TResult extends Object?>(TResult Function( _ActiveCallout value)? $default,{required TResult orElse(),}){
final _that = this;
switch (_that) {
case _ActiveCallout() when $default != null:
return $default(_that);case _:
return orElse();
}
}
/// A `switch`-like method, using callbacks.
///
/// Callbacks receives the raw object, upcasted.
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case final Subclass2 value:
/// return ...;
/// }
/// ```
@optionalTypeArgs TResult map<TResult extends Object?>(TResult Function( _ActiveCallout value) $default,){
final _that = this;
switch (_that) {
case _ActiveCallout():
return $default(_that);case _:
throw StateError('Unexpected subclass');
}
}
/// A variant of `map` that fallback to returning `null`.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case _:
/// return null;
/// }
/// ```
@optionalTypeArgs TResult? mapOrNull<TResult extends Object?>(TResult? Function( _ActiveCallout value)? $default,){
final _that = this;
switch (_that) {
case _ActiveCallout() when $default != null:
return $default(_that);case _:
return null;
}
}
/// A variant of `when` that fallback to an `orElse` callback.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case _:
/// return orElse();
/// }
/// ```
@optionalTypeArgs TResult maybeWhen<TResult extends Object?>(TResult Function( String id, String title, String description, String? iconUrl, DateTime addedAt, CalloutData data)? $default,{required TResult orElse(),}) {final _that = this;
switch (_that) {
case _ActiveCallout() when $default != null:
return $default(_that.id,_that.title,_that.description,_that.iconUrl,_that.addedAt,_that.data);case _:
return orElse();
}
}
/// A `switch`-like method, using callbacks.
///
/// As opposed to `map`, this offers destructuring.
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case Subclass2(:final field2):
/// return ...;
/// }
/// ```
@optionalTypeArgs TResult when<TResult extends Object?>(TResult Function( String id, String title, String description, String? iconUrl, DateTime addedAt, CalloutData data) $default,) {final _that = this;
switch (_that) {
case _ActiveCallout():
return $default(_that.id,_that.title,_that.description,_that.iconUrl,_that.addedAt,_that.data);case _:
throw StateError('Unexpected subclass');
}
}
/// A variant of `when` that fallback to returning `null`
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case _:
/// return null;
/// }
/// ```
@optionalTypeArgs TResult? whenOrNull<TResult extends Object?>(TResult? Function( String id, String title, String description, String? iconUrl, DateTime addedAt, CalloutData data)? $default,) {final _that = this;
switch (_that) {
case _ActiveCallout() when $default != null:
return $default(_that.id,_that.title,_that.description,_that.iconUrl,_that.addedAt,_that.data);case _:
return null;
}
}
}
/// @nodoc
class _ActiveCallout implements ActiveCallout {
const _ActiveCallout({required this.id, required this.title, required this.description, this.iconUrl, required this.addedAt, required this.data});
@override final String id;
@override final String title;
@override final String description;
@override final String? iconUrl;
@override final DateTime addedAt;
@override final CalloutData data;
/// Create a copy of ActiveCallout
/// with the given fields replaced by the non-null parameter values.
@override @JsonKey(includeFromJson: false, includeToJson: false)
@pragma('vm:prefer-inline')
_$ActiveCalloutCopyWith<_ActiveCallout> get copyWith => __$ActiveCalloutCopyWithImpl<_ActiveCallout>(this, _$identity);
@override
bool operator ==(Object other) {
return identical(this, other) || (other.runtimeType == runtimeType&&other is _ActiveCallout&&(identical(other.id, id) || other.id == id)&&(identical(other.title, title) || other.title == title)&&(identical(other.description, description) || other.description == description)&&(identical(other.iconUrl, iconUrl) || other.iconUrl == iconUrl)&&(identical(other.addedAt, addedAt) || other.addedAt == addedAt)&&(identical(other.data, data) || other.data == data));
}
@override
int get hashCode => Object.hash(runtimeType,id,title,description,iconUrl,addedAt,data);
@override
String toString() {
return 'ActiveCallout(id: $id, title: $title, description: $description, iconUrl: $iconUrl, addedAt: $addedAt, data: $data)';
}
}
/// @nodoc
abstract mixin class _$ActiveCalloutCopyWith<$Res> implements $ActiveCalloutCopyWith<$Res> {
factory _$ActiveCalloutCopyWith(_ActiveCallout value, $Res Function(_ActiveCallout) _then) = __$ActiveCalloutCopyWithImpl;
@override @useResult
$Res call({
String id, String title, String description, String? iconUrl, DateTime addedAt, CalloutData data
});
@override $CalloutDataCopyWith<$Res> get data;
}
/// @nodoc
class __$ActiveCalloutCopyWithImpl<$Res>
implements _$ActiveCalloutCopyWith<$Res> {
__$ActiveCalloutCopyWithImpl(this._self, this._then);
final _ActiveCallout _self;
final $Res Function(_ActiveCallout) _then;
/// Create a copy of ActiveCallout
/// with the given fields replaced by the non-null parameter values.
@override @pragma('vm:prefer-inline') $Res call({Object? id = null,Object? title = null,Object? description = null,Object? iconUrl = freezed,Object? addedAt = null,Object? data = null,}) {
return _then(_ActiveCallout(
id: null == id ? _self.id : id // ignore: cast_nullable_to_non_nullable
as String,title: null == title ? _self.title : title // ignore: cast_nullable_to_non_nullable
as String,description: null == description ? _self.description : description // ignore: cast_nullable_to_non_nullable
as String,iconUrl: freezed == iconUrl ? _self.iconUrl : iconUrl // ignore: cast_nullable_to_non_nullable
as String?,addedAt: null == addedAt ? _self.addedAt : addedAt // ignore: cast_nullable_to_non_nullable
as DateTime,data: null == data ? _self.data : data // ignore: cast_nullable_to_non_nullable
as CalloutData,
));
}
/// Create a copy of ActiveCallout
/// with the given fields replaced by the non-null parameter values.
@override
@pragma('vm:prefer-inline')
$CalloutDataCopyWith<$Res> get data {
return $CalloutDataCopyWith<$Res>(_self.data, (value) {
return _then(_self.copyWith(data: value));
});
}
}
// dart format on

25
useragent/lib/features/callouts/callout_event.dart Normal file
View File

@@ -0,0 +1,25 @@
import 'package:arbiter/proto/client.pb.dart';
import 'package:freezed_annotation/freezed_annotation.dart';
import 'package:hooks_riverpod/experimental/mutation.dart';
part 'callout_event.freezed.dart';
@freezed
sealed class CalloutData with _$CalloutData {
const factory CalloutData.connectApproval({
required String pubkey,
required ClientInfo clientInfo,
}) = ConnectApprovalData;
}
@freezed
sealed class CalloutEvent with _$CalloutEvent {
const factory CalloutEvent.added({
required String id,
required CalloutData data,
}) = CalloutEventAdded;
const factory CalloutEvent.cancelled({
required String id,
}) = CalloutEventCancelled;
}

602
useragent/lib/features/callouts/callout_event.freezed.dart Normal file
View File

@@ -0,0 +1,602 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
// coverage:ignore-file
// ignore_for_file: type=lint
// ignore_for_file: unused_element, deprecated_member_use, deprecated_member_use_from_same_package, use_function_type_syntax_for_parameters, unnecessary_const, avoid_init_to_null, invalid_override_different_default_values_named, prefer_expression_function_bodies, annotate_overrides, invalid_annotation_target, unnecessary_question_mark
part of 'callout_event.dart';
// **************************************************************************
// FreezedGenerator
// **************************************************************************
// dart format off
T _$identity<T>(T value) => value;
/// @nodoc
mixin _$CalloutData {
String get pubkey; ClientInfo get clientInfo;
/// Create a copy of CalloutData
/// with the given fields replaced by the non-null parameter values.
@JsonKey(includeFromJson: false, includeToJson: false)
@pragma('vm:prefer-inline')
$CalloutDataCopyWith<CalloutData> get copyWith => _$CalloutDataCopyWithImpl<CalloutData>(this as CalloutData, _$identity);
@override
bool operator ==(Object other) {
return identical(this, other) || (other.runtimeType == runtimeType&&other is CalloutData&&(identical(other.pubkey, pubkey) || other.pubkey == pubkey)&&(identical(other.clientInfo, clientInfo) || other.clientInfo == clientInfo));
}
@override
int get hashCode => Object.hash(runtimeType,pubkey,clientInfo);
@override
String toString() {
return 'CalloutData(pubkey: $pubkey, clientInfo: $clientInfo)';
}
}
/// @nodoc
abstract mixin class $CalloutDataCopyWith<$Res> {
factory $CalloutDataCopyWith(CalloutData value, $Res Function(CalloutData) _then) = _$CalloutDataCopyWithImpl;
@useResult
$Res call({
String pubkey, ClientInfo clientInfo
});
}
/// @nodoc
class _$CalloutDataCopyWithImpl<$Res>
implements $CalloutDataCopyWith<$Res> {
_$CalloutDataCopyWithImpl(this._self, this._then);
final CalloutData _self;
final $Res Function(CalloutData) _then;
/// Create a copy of CalloutData
/// with the given fields replaced by the non-null parameter values.
@pragma('vm:prefer-inline') @override $Res call({Object? pubkey = null,Object? clientInfo = null,}) {
return _then(_self.copyWith(
pubkey: null == pubkey ? _self.pubkey : pubkey // ignore: cast_nullable_to_non_nullable
as String,clientInfo: null == clientInfo ? _self.clientInfo : clientInfo // ignore: cast_nullable_to_non_nullable
as ClientInfo,
));
}
}
/// Adds pattern-matching-related methods to [CalloutData].
extension CalloutDataPatterns on CalloutData {
/// A variant of `map` that fallback to returning `orElse`.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case _:
/// return orElse();
/// }
/// ```
@optionalTypeArgs TResult maybeMap<TResult extends Object?>({TResult Function( ConnectApprovalData value)? connectApproval,required TResult orElse(),}){
final _that = this;
switch (_that) {
case ConnectApprovalData() when connectApproval != null:
return connectApproval(_that);case _:
return orElse();
}
}
/// A `switch`-like method, using callbacks.
///
/// Callbacks receives the raw object, upcasted.
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case final Subclass2 value:
/// return ...;
/// }
/// ```
@optionalTypeArgs TResult map<TResult extends Object?>({required TResult Function( ConnectApprovalData value) connectApproval,}){
final _that = this;
switch (_that) {
case ConnectApprovalData():
return connectApproval(_that);}
}
/// A variant of `map` that fallback to returning `null`.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case _:
/// return null;
/// }
/// ```
@optionalTypeArgs TResult? mapOrNull<TResult extends Object?>({TResult? Function( ConnectApprovalData value)? connectApproval,}){
final _that = this;
switch (_that) {
case ConnectApprovalData() when connectApproval != null:
return connectApproval(_that);case _:
return null;
}
}
/// A variant of `when` that fallback to an `orElse` callback.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case _:
/// return orElse();
/// }
/// ```
@optionalTypeArgs TResult maybeWhen<TResult extends Object?>({TResult Function( String pubkey, ClientInfo clientInfo)? connectApproval,required TResult orElse(),}) {final _that = this;
switch (_that) {
case ConnectApprovalData() when connectApproval != null:
return connectApproval(_that.pubkey,_that.clientInfo);case _:
return orElse();
}
}
/// A `switch`-like method, using callbacks.
///
/// As opposed to `map`, this offers destructuring.
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case Subclass2(:final field2):
/// return ...;
/// }
/// ```
@optionalTypeArgs TResult when<TResult extends Object?>({required TResult Function( String pubkey, ClientInfo clientInfo) connectApproval,}) {final _that = this;
switch (_that) {
case ConnectApprovalData():
return connectApproval(_that.pubkey,_that.clientInfo);}
}
/// A variant of `when` that fallback to returning `null`
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case _:
/// return null;
/// }
/// ```
@optionalTypeArgs TResult? whenOrNull<TResult extends Object?>({TResult? Function( String pubkey, ClientInfo clientInfo)? connectApproval,}) {final _that = this;
switch (_that) {
case ConnectApprovalData() when connectApproval != null:
return connectApproval(_that.pubkey,_that.clientInfo);case _:
return null;
}
}
}
/// @nodoc
class ConnectApprovalData implements CalloutData {
const ConnectApprovalData({required this.pubkey, required this.clientInfo});
@override final String pubkey;
@override final ClientInfo clientInfo;
/// Create a copy of CalloutData
/// with the given fields replaced by the non-null parameter values.
@override @JsonKey(includeFromJson: false, includeToJson: false)
@pragma('vm:prefer-inline')
$ConnectApprovalDataCopyWith<ConnectApprovalData> get copyWith => _$ConnectApprovalDataCopyWithImpl<ConnectApprovalData>(this, _$identity);
@override
bool operator ==(Object other) {
return identical(this, other) || (other.runtimeType == runtimeType&&other is ConnectApprovalData&&(identical(other.pubkey, pubkey) || other.pubkey == pubkey)&&(identical(other.clientInfo, clientInfo) || other.clientInfo == clientInfo));
}
@override
int get hashCode => Object.hash(runtimeType,pubkey,clientInfo);
@override
String toString() {
return 'CalloutData.connectApproval(pubkey: $pubkey, clientInfo: $clientInfo)';
}
}
/// @nodoc
abstract mixin class $ConnectApprovalDataCopyWith<$Res> implements $CalloutDataCopyWith<$Res> {
factory $ConnectApprovalDataCopyWith(ConnectApprovalData value, $Res Function(ConnectApprovalData) _then) = _$ConnectApprovalDataCopyWithImpl;
@override @useResult
$Res call({
String pubkey, ClientInfo clientInfo
});
}
/// @nodoc
class _$ConnectApprovalDataCopyWithImpl<$Res>
implements $ConnectApprovalDataCopyWith<$Res> {
_$ConnectApprovalDataCopyWithImpl(this._self, this._then);
final ConnectApprovalData _self;
final $Res Function(ConnectApprovalData) _then;
/// Create a copy of CalloutData
/// with the given fields replaced by the non-null parameter values.
@override @pragma('vm:prefer-inline') $Res call({Object? pubkey = null,Object? clientInfo = null,}) {
return _then(ConnectApprovalData(
pubkey: null == pubkey ? _self.pubkey : pubkey // ignore: cast_nullable_to_non_nullable
as String,clientInfo: null == clientInfo ? _self.clientInfo : clientInfo // ignore: cast_nullable_to_non_nullable
as ClientInfo,
));
}
}
/// @nodoc
mixin _$CalloutEvent {
String get id;
/// Create a copy of CalloutEvent
/// with the given fields replaced by the non-null parameter values.
@JsonKey(includeFromJson: false, includeToJson: false)
@pragma('vm:prefer-inline')
$CalloutEventCopyWith<CalloutEvent> get copyWith => _$CalloutEventCopyWithImpl<CalloutEvent>(this as CalloutEvent, _$identity);
@override
bool operator ==(Object other) {
return identical(this, other) || (other.runtimeType == runtimeType&&other is CalloutEvent&&(identical(other.id, id) || other.id == id));
}
@override
int get hashCode => Object.hash(runtimeType,id);
@override
String toString() {
return 'CalloutEvent(id: $id)';
}
}
/// @nodoc
abstract mixin class $CalloutEventCopyWith<$Res> {
factory $CalloutEventCopyWith(CalloutEvent value, $Res Function(CalloutEvent) _then) = _$CalloutEventCopyWithImpl;
@useResult
$Res call({
String id
});
}
/// @nodoc
class _$CalloutEventCopyWithImpl<$Res>
implements $CalloutEventCopyWith<$Res> {
_$CalloutEventCopyWithImpl(this._self, this._then);
final CalloutEvent _self;
final $Res Function(CalloutEvent) _then;
/// Create a copy of CalloutEvent
/// with the given fields replaced by the non-null parameter values.
@pragma('vm:prefer-inline') @override $Res call({Object? id = null,}) {
return _then(_self.copyWith(
id: null == id ? _self.id : id // ignore: cast_nullable_to_non_nullable
as String,
));
}
}
/// Adds pattern-matching-related methods to [CalloutEvent].
extension CalloutEventPatterns on CalloutEvent {
/// A variant of `map` that fallback to returning `orElse`.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case _:
/// return orElse();
/// }
/// ```
@optionalTypeArgs TResult maybeMap<TResult extends Object?>({TResult Function( CalloutEventAdded value)? added,TResult Function( CalloutEventCancelled value)? cancelled,required TResult orElse(),}){
final _that = this;
switch (_that) {
case CalloutEventAdded() when added != null:
return added(_that);case CalloutEventCancelled() when cancelled != null:
return cancelled(_that);case _:
return orElse();
}
}
/// A `switch`-like method, using callbacks.
///
/// Callbacks receives the raw object, upcasted.
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case final Subclass2 value:
/// return ...;
/// }
/// ```
@optionalTypeArgs TResult map<TResult extends Object?>({required TResult Function( CalloutEventAdded value) added,required TResult Function( CalloutEventCancelled value) cancelled,}){
final _that = this;
switch (_that) {
case CalloutEventAdded():
return added(_that);case CalloutEventCancelled():
return cancelled(_that);}
}
/// A variant of `map` that fallback to returning `null`.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case final Subclass value:
/// return ...;
/// case _:
/// return null;
/// }
/// ```
@optionalTypeArgs TResult? mapOrNull<TResult extends Object?>({TResult? Function( CalloutEventAdded value)? added,TResult? Function( CalloutEventCancelled value)? cancelled,}){
final _that = this;
switch (_that) {
case CalloutEventAdded() when added != null:
return added(_that);case CalloutEventCancelled() when cancelled != null:
return cancelled(_that);case _:
return null;
}
}
/// A variant of `when` that fallback to an `orElse` callback.
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case _:
/// return orElse();
/// }
/// ```
@optionalTypeArgs TResult maybeWhen<TResult extends Object?>({TResult Function( String id, CalloutData data)? added,TResult Function( String id)? cancelled,required TResult orElse(),}) {final _that = this;
switch (_that) {
case CalloutEventAdded() when added != null:
return added(_that.id,_that.data);case CalloutEventCancelled() when cancelled != null:
return cancelled(_that.id);case _:
return orElse();
}
}
/// A `switch`-like method, using callbacks.
///
/// As opposed to `map`, this offers destructuring.
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case Subclass2(:final field2):
/// return ...;
/// }
/// ```
@optionalTypeArgs TResult when<TResult extends Object?>({required TResult Function( String id, CalloutData data) added,required TResult Function( String id) cancelled,}) {final _that = this;
switch (_that) {
case CalloutEventAdded():
return added(_that.id,_that.data);case CalloutEventCancelled():
return cancelled(_that.id);}
}
/// A variant of `when` that fallback to returning `null`
///
/// It is equivalent to doing:
/// ```dart
/// switch (sealedClass) {
/// case Subclass(:final field):
/// return ...;
/// case _:
/// return null;
/// }
/// ```
@optionalTypeArgs TResult? whenOrNull<TResult extends Object?>({TResult? Function( String id, CalloutData data)? added,TResult? Function( String id)? cancelled,}) {final _that = this;
switch (_that) {
case CalloutEventAdded() when added != null:
return added(_that.id,_that.data);case CalloutEventCancelled() when cancelled != null:
return cancelled(_that.id);case _:
return null;
}
}
}
/// @nodoc
class CalloutEventAdded implements CalloutEvent {
const CalloutEventAdded({required this.id, required this.data});
@override final String id;
final CalloutData data;
/// Create a copy of CalloutEvent
/// with the given fields replaced by the non-null parameter values.
@override @JsonKey(includeFromJson: false, includeToJson: false)
@pragma('vm:prefer-inline')
$CalloutEventAddedCopyWith<CalloutEventAdded> get copyWith => _$CalloutEventAddedCopyWithImpl<CalloutEventAdded>(this, _$identity);
@override
bool operator ==(Object other) {
return identical(this, other) || (other.runtimeType == runtimeType&&other is CalloutEventAdded&&(identical(other.id, id) || other.id == id)&&(identical(other.data, data) || other.data == data));
}
@override
int get hashCode => Object.hash(runtimeType,id,data);
@override
String toString() {
return 'CalloutEvent.added(id: $id, data: $data)';
}
}
/// @nodoc
abstract mixin class $CalloutEventAddedCopyWith<$Res> implements $CalloutEventCopyWith<$Res> {
factory $CalloutEventAddedCopyWith(CalloutEventAdded value, $Res Function(CalloutEventAdded) _then) = _$CalloutEventAddedCopyWithImpl;
@override @useResult
$Res call({
String id, CalloutData data
});
$CalloutDataCopyWith<$Res> get data;
}
/// @nodoc
class _$CalloutEventAddedCopyWithImpl<$Res>
implements $CalloutEventAddedCopyWith<$Res> {
_$CalloutEventAddedCopyWithImpl(this._self, this._then);
final CalloutEventAdded _self;
final $Res Function(CalloutEventAdded) _then;
/// Create a copy of CalloutEvent
/// with the given fields replaced by the non-null parameter values.
@override @pragma('vm:prefer-inline') $Res call({Object? id = null,Object? data = null,}) {
return _then(CalloutEventAdded(
id: null == id ? _self.id : id // ignore: cast_nullable_to_non_nullable
as String,data: null == data ? _self.data : data // ignore: cast_nullable_to_non_nullable
as CalloutData,
));
}
/// Create a copy of CalloutEvent
/// with the given fields replaced by the non-null parameter values.
@override
@pragma('vm:prefer-inline')
$CalloutDataCopyWith<$Res> get data {
return $CalloutDataCopyWith<$Res>(_self.data, (value) {
return _then(_self.copyWith(data: value));
});
}
}
/// @nodoc
class CalloutEventCancelled implements CalloutEvent {
const CalloutEventCancelled({required this.id});
@override final String id;
/// Create a copy of CalloutEvent
/// with the given fields replaced by the non-null parameter values.
@override @JsonKey(includeFromJson: false, includeToJson: false)
@pragma('vm:prefer-inline')
$CalloutEventCancelledCopyWith<CalloutEventCancelled> get copyWith => _$CalloutEventCancelledCopyWithImpl<CalloutEventCancelled>(this, _$identity);
@override
bool operator ==(Object other) {
return identical(this, other) || (other.runtimeType == runtimeType&&other is CalloutEventCancelled&&(identical(other.id, id) || other.id == id));
}
@override
int get hashCode => Object.hash(runtimeType,id);
@override
String toString() {
return 'CalloutEvent.cancelled(id: $id)';
}
}
/// @nodoc
abstract mixin class $CalloutEventCancelledCopyWith<$Res> implements $CalloutEventCopyWith<$Res> {
factory $CalloutEventCancelledCopyWith(CalloutEventCancelled value, $Res Function(CalloutEventCancelled) _then) = _$CalloutEventCancelledCopyWithImpl;
@override @useResult
$Res call({
String id
});
}
/// @nodoc
class _$CalloutEventCancelledCopyWithImpl<$Res>
implements $CalloutEventCancelledCopyWith<$Res> {
_$CalloutEventCancelledCopyWithImpl(this._self, this._then);
final CalloutEventCancelled _self;
final $Res Function(CalloutEventCancelled) _then;
/// Create a copy of CalloutEvent
/// with the given fields replaced by the non-null parameter values.
@override @pragma('vm:prefer-inline') $Res call({Object? id = null,}) {
return _then(CalloutEventCancelled(
id: null == id ? _self.id : id // ignore: cast_nullable_to_non_nullable
as String,
));
}
}
// dart format on

57
useragent/lib/features/callouts/callout_manager.dart Normal file
View File

@@ -0,0 +1,57 @@
import 'package:arbiter/features/callouts/active_callout.dart';
import 'package:arbiter/features/callouts/callout_event.dart';
import 'package:arbiter/features/callouts/types/sdk_connect_approve.dart'
as connect_approve;
import 'package:arbiter/proto/client.pb.dart';
import 'package:riverpod_annotation/riverpod_annotation.dart';
part 'callout_manager.g.dart';
@Riverpod(keepAlive: true)
class CalloutManager extends _$CalloutManager {
@override
Map<String, ActiveCallout> build() {
ref.listen(connect_approve.connectApproveEventsProvider, (_, next) {
next.whenData(_processEvent);
});
return {};
}
void _processEvent(CalloutEvent event) {
switch (event) {
case CalloutEventAdded(:final id, :final data):
state = {...state, id: _toActiveCallout(id, data)};
case CalloutEventCancelled(:final id):
state = {...state}..remove(id);
}
}
Future<void> sendDecision(String id, bool approved) async {
final callout = state[id];
if (callout == null) return;
switch (callout.data) {
case ConnectApprovalData(:final pubkey):
await connect_approve.sendDecision(ref, pubkey, approved);
}
dismiss(id);
}
void dismiss(String id) {
state = {...state}..remove(id);
}
}
ActiveCallout _toActiveCallout(String id, CalloutData data) => switch (data) {
ConnectApprovalData(:final clientInfo) => ActiveCallout(
id: id,
title: 'Connection Request',
description: _clientDisplayName(clientInfo) != null
? '${_clientDisplayName(clientInfo)} is requesting a connection.'
: 'An SDK client is requesting a connection.',
addedAt: DateTime.now(),
data: data,
),
};
String? _clientDisplayName(ClientInfo info) =>
info.hasName() && info.name.isNotEmpty ? info.name : null;

67
useragent/lib/features/callouts/callout_manager.g.dart Normal file
View File

@@ -0,0 +1,67 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
part of 'callout_manager.dart';
// **************************************************************************
// RiverpodGenerator
// **************************************************************************
// GENERATED CODE - DO NOT MODIFY BY HAND
// ignore_for_file: type=lint, type=warning
@ProviderFor(CalloutManager)
final calloutManagerProvider = CalloutManagerProvider._();
final class CalloutManagerProvider
extends $NotifierProvider<CalloutManager, Map<String, ActiveCallout>> {
CalloutManagerProvider._()
: super(
from: null,
argument: null,
retry: null,
name: r'calloutManagerProvider',
isAutoDispose: false,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$calloutManagerHash();
@$internal
@override
CalloutManager create() => CalloutManager();
/// {@macro riverpod.override_with_value}
Override overrideWithValue(Map<String, ActiveCallout> value) {
return $ProviderOverride(
origin: this,
providerOverride: $SyncValueProvider<Map<String, ActiveCallout>>(value),
);
}
}
String _$calloutManagerHash() => r'ff8c9a03a6bbbca822242eb497c503b18240a289';
abstract class _$CalloutManager extends $Notifier<Map<String, ActiveCallout>> {
Map<String, ActiveCallout> build();
@$mustCallSuper
@override
void runBuild() {
final ref =
this.ref
as $Ref<Map<String, ActiveCallout>, Map<String, ActiveCallout>>;
final element =
ref.element
as $ClassProviderElement<
AnyNotifier<
Map<String, ActiveCallout>,
Map<String, ActiveCallout>
>,
Map<String, ActiveCallout>,
Object?,
Object?
>;
element.handleCreate(ref, build);
}
}

99
useragent/lib/features/callouts/show_callout.dart Normal file
View File

@@ -0,0 +1,99 @@
import 'package:arbiter/features/callouts/callout_event.dart';
import 'package:arbiter/features/callouts/callout_manager.dart';
import 'package:arbiter/screens/callouts/sdk_connect.dart';
import 'package:flutter/material.dart';
import 'package:hooks_riverpod/hooks_riverpod.dart';
Future<void> showCallout(BuildContext context, WidgetRef ref, String id) async {
final data = ref.read(calloutManagerProvider)[id]?.data;
if (data == null) return;
await showGeneralDialog(
context: context,
barrierDismissible: false,
barrierLabel: MaterialLocalizations.of(context).modalBarrierDismissLabel,
barrierColor: Colors.transparent,
transitionDuration: const Duration(milliseconds: 320),
pageBuilder: (_, animation, _) => _CalloutOverlay(
id: id,
data: data,
animation: animation,
),
);
}
class _CalloutOverlay extends ConsumerWidget {
const _CalloutOverlay({
required this.id,
required this.data,
required this.animation,
});
final String id;
final CalloutData data;
final Animation<double> animation;
@override
Widget build(BuildContext context, WidgetRef ref) {
ref.listen(
calloutManagerProvider.select((map) => map.containsKey(id)),
(wasPresent, isPresent) {
if (wasPresent == true && !isPresent && context.mounted) {
Navigator.of(context).pop();
}
},
);
final content = switch (data) {
ConnectApprovalData(:final pubkey, :final clientInfo) => SdkConnectCallout(
pubkey: pubkey,
clientInfo: clientInfo,
onAccept: () => ref.read(calloutManagerProvider.notifier).sendDecision(id, true),
onDecline: () => ref.read(calloutManagerProvider.notifier).sendDecision(id, false),
),
};
final barrierAnim = CurvedAnimation(
parent: animation,
curve: const Interval(0, 0.3125, curve: Curves.easeOut),
);
final popupAnim = CurvedAnimation(
parent: animation,
curve: const Interval(0.3125, 1, curve: Curves.easeOutCubic),
);
return Material(
type: MaterialType.transparency,
child: Stack(
children: [
Positioned.fill(
child: AnimatedBuilder(
animation: barrierAnim,
builder: (_, __) => ColoredBox(
color: Colors.black.withValues(alpha: 0.35 * barrierAnim.value),
),
),
),
SafeArea(
child: Align(
alignment: Alignment.bottomCenter,
child: Padding(
padding: const EdgeInsets.all(16),
child: FadeTransition(
opacity: popupAnim,
child: SlideTransition(
position: Tween<Offset>(
begin: const Offset(0, 0.08),
end: Offset.zero,
).animate(popupAnim),
child: content,
),
),
),
),
),
],
),
);
}
}

218
useragent/lib/features/callouts/show_callout_list.dart Normal file
View File

@@ -0,0 +1,218 @@
import 'package:arbiter/features/callouts/active_callout.dart';
import 'package:arbiter/features/callouts/callout_manager.dart';
import 'package:arbiter/features/callouts/show_callout.dart';
import 'package:arbiter/theme/palette.dart';
import 'package:flutter/material.dart';
import 'package:hooks_riverpod/hooks_riverpod.dart';
import 'package:sizer/sizer.dart';
import 'package:timeago/timeago.dart' as timeago;
Future<void> showCalloutList(BuildContext context, WidgetRef ref) async {
final selectedId = await showGeneralDialog<String>(
context: context,
barrierDismissible: true,
barrierLabel: MaterialLocalizations.of(context).modalBarrierDismissLabel,
barrierColor: Colors.transparent,
transitionDuration: const Duration(milliseconds: 280),
pageBuilder: (_, animation, __) => _CalloutListOverlay(animation: animation),
);
if (selectedId != null && context.mounted) {
await showCallout(context, ref, selectedId);
}
}
class _CalloutListOverlay extends ConsumerWidget {
const _CalloutListOverlay({required this.animation});
final Animation<double> animation;
@override
Widget build(BuildContext context, WidgetRef ref) {
final callouts = ref.watch(calloutManagerProvider);
final barrierAnim = CurvedAnimation(
parent: animation,
curve: const Interval(0, 0.3, curve: Curves.easeOut),
);
final panelAnim = CurvedAnimation(
parent: animation,
curve: const Interval(0.3, 1, curve: Curves.easeOutCubic),
);
return Material(
type: MaterialType.transparency,
child: Stack(
children: [
Positioned.fill(
child: GestureDetector(
behavior: HitTestBehavior.opaque,
onTap: () => Navigator.of(context).pop(),
child: AnimatedBuilder(
animation: barrierAnim,
builder: (_, __) => ColoredBox(
color: Colors.black.withValues(alpha: 0.35 * barrierAnim.value),
),
),
),
),
SafeArea(
child: Align(
alignment: Alignment.bottomCenter,
child: Padding(
padding: EdgeInsets.all(1.6.h),
child: FadeTransition(
opacity: panelAnim,
child: SlideTransition(
position: Tween<Offset>(
begin: const Offset(0, 0.08),
end: Offset.zero,
).animate(panelAnim),
child: GestureDetector(
onTap: () {},
child: _CalloutListPanel(callouts: callouts),
),
),
),
),
),
),
],
),
);
}
}
class _CalloutListPanel extends StatelessWidget {
const _CalloutListPanel({required this.callouts});
final Map<String, ActiveCallout> callouts;
@override
Widget build(BuildContext context) {
final theme = Theme.of(context);
return Container(
width: double.infinity,
constraints: BoxConstraints(maxHeight: 48.h),
decoration: BoxDecoration(
color: Palette.cream,
borderRadius: BorderRadius.circular(24),
border: Border.all(color: Palette.line),
),
child: Column(
mainAxisSize: MainAxisSize.min,
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Padding(
padding: EdgeInsets.fromLTRB(2.h, 2.h, 2.h, 1.2.h),
child: Text(
'Notifications',
style: theme.textTheme.titleMedium?.copyWith(
color: Palette.ink,
fontWeight: FontWeight.w800,
),
),
),
if (callouts.isEmpty)
Padding(
padding: EdgeInsets.fromLTRB(2.h, 0, 2.h, 2.h),
child: Text(
'No pending notifications.',
style: theme.textTheme.bodyMedium?.copyWith(
color: Palette.ink.withValues(alpha: 0.50),
),
),
)
else
Flexible(
child: SingleChildScrollView(
padding: EdgeInsets.fromLTRB(1.2.h, 0, 1.2.h, 1.2.h),
child: Column(
spacing: 0.5.h,
children: [
for (final entry in callouts.values)
_CalloutListEntry(
callout: entry,
onTap: () => Navigator.of(context).pop(entry.id),
),
],
),
),
),
],
),
);
}
}
class _CalloutListEntry extends StatelessWidget {
const _CalloutListEntry({required this.callout, required this.onTap});
final ActiveCallout callout;
final VoidCallback onTap;
@override
Widget build(BuildContext context) {
final theme = Theme.of(context);
return InkWell(
borderRadius: BorderRadius.circular(16),
onTap: onTap,
child: Container(
padding: EdgeInsets.symmetric(horizontal: 1.2.h, vertical: 1.2.h),
decoration: BoxDecoration(
borderRadius: BorderRadius.circular(16),
border: Border.all(color: Palette.line),
),
child: Row(
crossAxisAlignment: CrossAxisAlignment.start,
spacing: 1.2.h,
children: [
if (callout.iconUrl != null)
CircleAvatar(
radius: 2.2.h,
backgroundColor: Palette.line,
backgroundImage: NetworkImage(callout.iconUrl!),
),
Expanded(
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
spacing: 0.3.h,
children: [
Row(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Expanded(
child: Text(
callout.title,
style: theme.textTheme.bodyMedium?.copyWith(
color: Palette.ink,
fontWeight: FontWeight.w700,
),
),
),
Text(
timeago.format(callout.addedAt),
style: theme.textTheme.bodySmall?.copyWith(
color: Palette.ink.withValues(alpha: 0.45),
),
),
],
),
Text(
callout.description,
style: theme.textTheme.bodySmall?.copyWith(
color: Palette.ink.withValues(alpha: 0.65),
height: 1.4,
),
),
],
),
),
],
),
),
);
}
}

51
useragent/lib/features/callouts/types/sdk_connect_approve.dart Normal file
View File

@@ -0,0 +1,51 @@
import 'dart:convert';
import 'package:arbiter/features/callouts/callout_event.dart';
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:arbiter/providers/connection/connection_manager.dart';
import 'package:riverpod_annotation/riverpod_annotation.dart';
part 'sdk_connect_approve.g.dart';
@riverpod
Stream<CalloutEvent> connectApproveEvents(Ref ref) async* {
final connection = await ref.watch(connectionManagerProvider.future);
if (connection == null) return;
await for (final message in connection.outOfBandMessages) {
switch (message.whichPayload()) {
case UserAgentResponse_Payload.sdkClientConnectionRequest:
final body = message.sdkClientConnectionRequest;
final id = base64Encode(body.pubkey);
yield CalloutEvent.added(
id: 'connect_approve:$id',
data: CalloutData.connectApproval(
pubkey: id,
clientInfo: body.info,
),
);
case UserAgentResponse_Payload.sdkClientConnectionCancel:
final id = base64Encode(message.sdkClientConnectionCancel.pubkey);
yield CalloutEvent.cancelled(id: 'connect_approve:$id');
default:
break;
}
}
}
Future<void> sendDecision(Ref ref, String pubkey, bool approved) async {
final connection = await ref.watch(connectionManagerProvider.future);
if (connection == null) return;
final bytes = base64Decode(pubkey);
final req = UserAgentRequest(sdkClientConnectionResponse: SdkClientConnectionResponse(
approved: approved,
pubkey: bytes
));
await connection.tell(req);
}

50
useragent/lib/features/callouts/types/sdk_connect_approve.g.dart Normal file
View File

@@ -0,0 +1,50 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
part of 'sdk_connect_approve.dart';
// **************************************************************************
// RiverpodGenerator
// **************************************************************************
// GENERATED CODE - DO NOT MODIFY BY HAND
// ignore_for_file: type=lint, type=warning
@ProviderFor(connectApproveEvents)
final connectApproveEventsProvider = ConnectApproveEventsProvider._();
final class ConnectApproveEventsProvider
extends
$FunctionalProvider<
AsyncValue<CalloutEvent>,
CalloutEvent,
Stream<CalloutEvent>
>
with $FutureModifier<CalloutEvent>, $StreamProvider<CalloutEvent> {
ConnectApproveEventsProvider._()
: super(
from: null,
argument: null,
retry: null,
name: r'connectApproveEventsProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$connectApproveEventsHash();
@$internal
@override
$StreamProviderElement<CalloutEvent> $createElement(
$ProviderPointer pointer,
) => $StreamProviderElement(pointer);
@override
Stream<CalloutEvent> create(Ref ref) {
return connectApproveEvents(ref);
}
}
String _$connectApproveEventsHash() =>
r'6a0998288afc0836a7c1701a983f64c33d318fd6';

4
useragent/lib/features/connection/auth.dart
View File

@@ -66,7 +66,7 @@ Future<Connection> connectAndAuthorize(
KeyAlgorithm.ed25519 => KeyType.KEY_TYPE_ED25519, KeyAlgorithm.ed25519 => KeyType.KEY_TYPE_ED25519,
}, },
); );
final response = await connection.request( final response = await connection.ask(
UserAgentRequest(authChallengeRequest: req), UserAgentRequest(authChallengeRequest: req),
); );
talker.info( talker.info(
@@ -94,7 +94,7 @@ Future<Connection> connectAndAuthorize(
); );
final signature = await key.sign(challenge); final signature = await key.sign(challenge);
final solutionResponse = await connection.request( final solutionResponse = await connection.ask(
UserAgentRequest(authChallengeSolution: AuthChallengeSolution(signature: signature)), UserAgentRequest(authChallengeSolution: AuthChallengeSolution(signature: signature)),
); );

19
useragent/lib/features/connection/connection.dart
View File

@@ -29,7 +29,7 @@ class Connection {
Stream<UserAgentResponse> get outOfBandMessages => _outOfBandMessages.stream; Stream<UserAgentResponse> get outOfBandMessages => _outOfBandMessages.stream;
Future<UserAgentResponse> request(UserAgentRequest message) async { Future<UserAgentResponse> ask(UserAgentRequest message) async {
_ensureOpen(); _ensureOpen();
final requestId = _nextRequestId++; final requestId = _nextRequestId++;
@@ -49,7 +49,23 @@ class Connection {
return completer.future; return completer.future;
} }
Future<void> tell(UserAgentRequest message) async {
_ensureOpen();
final requestId = _nextRequestId++;
message.id = requestId;
talker.debug('Sending message: ${message.toDebugString()}');
try {
_tx.add(message);
} catch (error, stackTrace) {
talker.error('Failed to send message: $error', error, stackTrace);
}
}
Future<void> close() async { Future<void> close() async {
talker.debug('Closing connection...');
final rxSubscription = _rxSubscription; final rxSubscription = _rxSubscription;
if (rxSubscription == null) { if (rxSubscription == null) {
return; return;
@@ -86,6 +102,7 @@ class Connection {
} }
void _handleDone() { void _handleDone() {
talker.debug('Connection closed by server.');
if (_rxSubscription == null) { if (_rxSubscription == null) {
return; return;
} }

4
useragent/lib/features/connection/evm.dart
View File

@@ -4,7 +4,7 @@ import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:protobuf/well_known_types/google/protobuf/empty.pb.dart'; import 'package:protobuf/well_known_types/google/protobuf/empty.pb.dart';
Future<List<WalletEntry>> listEvmWallets(Connection connection) async { Future<List<WalletEntry>> listEvmWallets(Connection connection) async {
final response = await connection.request( final response = await connection.ask(
UserAgentRequest(evmWalletList: Empty()), UserAgentRequest(evmWalletList: Empty()),
); );
if (!response.hasEvmWalletList()) { if (!response.hasEvmWalletList()) {
@@ -25,7 +25,7 @@ Future<List<WalletEntry>> listEvmWallets(Connection connection) async {
} }
Future<void> createEvmWallet(Connection connection) async { Future<void> createEvmWallet(Connection connection) async {
final response = await connection.request( final response = await connection.ask(
UserAgentRequest(evmWalletCreate: Empty()), UserAgentRequest(evmWalletCreate: Empty()),
); );
if (!response.hasEvmWalletCreate()) { if (!response.hasEvmWalletCreate()) {

53
useragent/lib/features/connection/evm/grants.dart
View File

@@ -4,16 +4,10 @@ import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:fixnum/fixnum.dart'; import 'package:fixnum/fixnum.dart';
import 'package:protobuf/well_known_types/google/protobuf/timestamp.pb.dart'; import 'package:protobuf/well_known_types/google/protobuf/timestamp.pb.dart';
Future<List<GrantEntry>> listEvmGrants( Future<List<GrantEntry>> listEvmGrants(Connection connection) async {
Connection connection, {
int? walletId,
}) async {
final request = EvmGrantListRequest(); final request = EvmGrantListRequest();
if (walletId != null) {
request.walletId = walletId;
}
final response = await connection.request( final response = await connection.ask(
UserAgentRequest(evmGrantList: request), UserAgentRequest(evmGrantList: request),
); );
if (!response.hasEvmGrantList()) { if (!response.hasEvmGrantList()) {
@@ -35,52 +29,31 @@ Future<List<GrantEntry>> listEvmGrants(
Future<int> createEvmGrant( Future<int> createEvmGrant(
Connection connection, { Connection connection, {
required int clientId, required SharedSettings sharedSettings,
required int walletId,
required Int64 chainId,
DateTime? validFrom,
DateTime? validUntil,
List<int>? maxGasFeePerGas,
List<int>? maxPriorityFeePerGas,
TransactionRateLimit? rateLimit,
required SpecificGrant specific, required SpecificGrant specific,
}) async { }) async {
final response = await connection.request( final request = UserAgentRequest(
UserAgentRequest(
evmGrantCreate: EvmGrantCreateRequest( evmGrantCreate: EvmGrantCreateRequest(
clientId: clientId, shared: sharedSettings,
shared: SharedSettings(
walletId: walletId,
chainId: chainId,
validFrom: validFrom == null ? null : _toTimestamp(validFrom),
validUntil: validUntil == null ? null : _toTimestamp(validUntil),
maxGasFeePerGas: maxGasFeePerGas,
maxPriorityFeePerGas: maxPriorityFeePerGas,
rateLimit: rateLimit,
),
specific: specific, specific: specific,
), ),
),
); );
if (!response.hasEvmGrantCreate()) {
final resp = await connection.ask(request);
if (!resp.hasEvmGrantCreate()) {
throw Exception( throw Exception(
'Expected EVM grant create response, got ${response.whichPayload()}', 'Expected EVM grant create response, got ${resp.whichPayload()}',
); );
} }
final result = response.evmGrantCreate; final result = resp.evmGrantCreate;
switch (result.whichResult()) {
case EvmGrantCreateResponse_Result.grantId:
return result.grantId; return result.grantId;
case EvmGrantCreateResponse_Result.error:
throw Exception(_describeGrantError(result.error));
case EvmGrantCreateResponse_Result.notSet:
throw Exception('Grant creation returned no result.');
}
} }
Future<void> deleteEvmGrant(Connection connection, int grantId) async { Future<void> deleteEvmGrant(Connection connection, int grantId) async {
final response = await connection.request( final response = await connection.ask(
UserAgentRequest(evmGrantDelete: EvmGrantDeleteRequest(grantId: grantId)), UserAgentRequest(evmGrantDelete: EvmGrantDeleteRequest(grantId: grantId)),
); );
if (!response.hasEvmGrantDelete()) { if (!response.hasEvmGrantDelete()) {

72
useragent/lib/features/connection/evm/wallet_access.dart Normal file
View File

@@ -0,0 +1,72 @@
import 'package:arbiter/features/connection/connection.dart';
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:protobuf/well_known_types/google/protobuf/empty.pb.dart';
Future<Set<int>> readClientWalletAccess(
Connection connection, {
required int clientId,
}) async {
final response = await connection.ask(
UserAgentRequest(listWalletAccess: Empty()),
);
if (!response.hasListWalletAccessResponse()) {
throw Exception(
'Expected list wallet access response, got ${response.whichPayload()}',
);
}
return {
for (final entry in response.listWalletAccessResponse.accesses)
if (entry.access.sdkClientId == clientId) entry.access.walletId,
};
}
Future<List<SdkClientWalletAccess>> listAllWalletAccesses(
Connection connection,
) async {
final response = await connection.ask(
UserAgentRequest(listWalletAccess: Empty()),
);
if (!response.hasListWalletAccessResponse()) {
throw Exception(
'Expected list wallet access response, got ${response.whichPayload()}',
);
}
return response.listWalletAccessResponse.accesses.toList(growable: false);
}
Future<void> writeClientWalletAccess(
Connection connection, {
required int clientId,
required Set<int> walletIds,
}) async {
final current = await readClientWalletAccess(connection, clientId: clientId);
final toGrant = walletIds.difference(current);
final toRevoke = current.difference(walletIds);
if (toGrant.isNotEmpty) {
await connection.tell(
UserAgentRequest(
grantWalletAccess: SdkClientGrantWalletAccess(
accesses: [
for (final walletId in toGrant)
WalletAccess(sdkClientId: clientId, walletId: walletId),
],
),
),
);
}
if (toRevoke.isNotEmpty) {
await connection.tell(
UserAgentRequest(
revokeWalletAccess: SdkClientRevokeWalletAccess(
accesses: [
for (final walletId in toRevoke)
walletId
],
),
),
);
}
}

6
useragent/lib/features/connection/vault.dart
View File

@@ -10,7 +10,7 @@ Future<BootstrapResult> bootstrapVault(
) async { ) async {
final encryptedKey = await _encryptVaultKeyMaterial(connection, password); final encryptedKey = await _encryptVaultKeyMaterial(connection, password);
final response = await connection.request( final response = await connection.ask(
UserAgentRequest( UserAgentRequest(
bootstrapEncryptedKey: BootstrapEncryptedKey( bootstrapEncryptedKey: BootstrapEncryptedKey(
nonce: encryptedKey.nonce, nonce: encryptedKey.nonce,
@@ -31,7 +31,7 @@ Future<BootstrapResult> bootstrapVault(
Future<UnsealResult> unsealVault(Connection connection, String password) async { Future<UnsealResult> unsealVault(Connection connection, String password) async {
final encryptedKey = await _encryptVaultKeyMaterial(connection, password); final encryptedKey = await _encryptVaultKeyMaterial(connection, password);
final response = await connection.request( final response = await connection.ask(
UserAgentRequest( UserAgentRequest(
unsealEncryptedKey: UnsealEncryptedKey( unsealEncryptedKey: UnsealEncryptedKey(
nonce: encryptedKey.nonce, nonce: encryptedKey.nonce,
@@ -56,7 +56,7 @@ Future<_EncryptedVaultKey> _encryptVaultKeyMaterial(
final clientKeyPair = await keyExchange.newKeyPair(); final clientKeyPair = await keyExchange.newKeyPair();
final clientPublicKey = await clientKeyPair.extractPublicKey(); final clientPublicKey = await clientKeyPair.extractPublicKey();
final handshakeResponse = await connection.request( final handshakeResponse = await connection.ask(
UserAgentRequest(unsealStart: UnsealStart(clientPubkey: clientPublicKey.bytes)), UserAgentRequest(unsealStart: UnsealStart(clientPubkey: clientPublicKey.bytes)),
); );
if (!handshakeResponse.hasUnsealStartResponse()) { if (!handshakeResponse.hasUnsealStartResponse()) {

92
useragent/lib/proto/client.pb.dart
View File

@@ -22,12 +22,91 @@ export 'package:protobuf/protobuf.dart' show GeneratedMessageGenericExtensions;
export 'client.pbenum.dart'; export 'client.pbenum.dart';
class ClientInfo extends $pb.GeneratedMessage {
factory ClientInfo({
$core.String? name,
$core.String? description,
$core.String? version,
}) {
final result = create();
if (name != null) result.name = name;
if (description != null) result.description = description;
if (version != null) result.version = version;
return result;
}
ClientInfo._();
factory ClientInfo.fromBuffer($core.List<$core.int> data,
[$pb.ExtensionRegistry registry = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromBuffer(data, registry);
factory ClientInfo.fromJson($core.String json,
[$pb.ExtensionRegistry registry = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromJson(json, registry);
static final $pb.BuilderInfo _i = $pb.BuilderInfo(
_omitMessageNames ? '' : 'ClientInfo',
package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.client'),
createEmptyInstance: create)
..aOS(1, _omitFieldNames ? '' : 'name')
..aOS(2, _omitFieldNames ? '' : 'description')
..aOS(3, _omitFieldNames ? '' : 'version')
..hasRequiredFields = false;
@$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.')
ClientInfo clone() => deepCopy();
@$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.')
ClientInfo copyWith(void Function(ClientInfo) updates) =>
super.copyWith((message) => updates(message as ClientInfo)) as ClientInfo;
@$core.override
$pb.BuilderInfo get info_ => _i;
@$core.pragma('dart2js:noInline')
static ClientInfo create() => ClientInfo._();
@$core.override
ClientInfo createEmptyInstance() => create();
@$core.pragma('dart2js:noInline')
static ClientInfo getDefault() => _defaultInstance ??=
$pb.GeneratedMessage.$_defaultFor<ClientInfo>(create);
static ClientInfo? _defaultInstance;
@$pb.TagNumber(1)
$core.String get name => $_getSZ(0);
@$pb.TagNumber(1)
set name($core.String value) => $_setString(0, value);
@$pb.TagNumber(1)
$core.bool hasName() => $_has(0);
@$pb.TagNumber(1)
void clearName() => $_clearField(1);
@$pb.TagNumber(2)
$core.String get description => $_getSZ(1);
@$pb.TagNumber(2)
set description($core.String value) => $_setString(1, value);
@$pb.TagNumber(2)
$core.bool hasDescription() => $_has(1);
@$pb.TagNumber(2)
void clearDescription() => $_clearField(2);
@$pb.TagNumber(3)
$core.String get version => $_getSZ(2);
@$pb.TagNumber(3)
set version($core.String value) => $_setString(2, value);
@$pb.TagNumber(3)
$core.bool hasVersion() => $_has(2);
@$pb.TagNumber(3)
void clearVersion() => $_clearField(3);
}
class AuthChallengeRequest extends $pb.GeneratedMessage { class AuthChallengeRequest extends $pb.GeneratedMessage {
factory AuthChallengeRequest({ factory AuthChallengeRequest({
$core.List<$core.int>? pubkey, $core.List<$core.int>? pubkey,
ClientInfo? clientInfo,
}) { }) {
final result = create(); final result = create();
if (pubkey != null) result.pubkey = pubkey; if (pubkey != null) result.pubkey = pubkey;
if (clientInfo != null) result.clientInfo = clientInfo;
return result; return result;
} }
@@ -46,6 +125,8 @@ class AuthChallengeRequest extends $pb.GeneratedMessage {
createEmptyInstance: create) createEmptyInstance: create)
..a<$core.List<$core.int>>( ..a<$core.List<$core.int>>(
1, _omitFieldNames ? '' : 'pubkey', $pb.PbFieldType.OY) 1, _omitFieldNames ? '' : 'pubkey', $pb.PbFieldType.OY)
..aOM<ClientInfo>(2, _omitFieldNames ? '' : 'clientInfo',
subBuilder: ClientInfo.create)
..hasRequiredFields = false; ..hasRequiredFields = false;
@$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.') @$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.')
@@ -75,6 +156,17 @@ class AuthChallengeRequest extends $pb.GeneratedMessage {
$core.bool hasPubkey() => $_has(0); $core.bool hasPubkey() => $_has(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
void clearPubkey() => $_clearField(1); void clearPubkey() => $_clearField(1);
@$pb.TagNumber(2)
ClientInfo get clientInfo => $_getN(1);
@$pb.TagNumber(2)
set clientInfo(ClientInfo value) => $_setField(2, value);
@$pb.TagNumber(2)
$core.bool hasClientInfo() => $_has(1);
@$pb.TagNumber(2)
void clearClientInfo() => $_clearField(2);
@$pb.TagNumber(2)
ClientInfo ensureClientInfo() => $_ensure(1);
} }
class AuthChallenge extends $pb.GeneratedMessage { class AuthChallenge extends $pb.GeneratedMessage {

50
useragent/lib/proto/client.pbjson.dart
View File

@@ -55,18 +55,62 @@ final $typed_data.Uint8List vaultStateDescriptor = $convert.base64Decode(
'VfVU5CT09UU1RSQVBQRUQQARIWChJWQVVMVF9TVEFURV9TRUFMRUQQAhIYChRWQVVMVF9TVEFU' 'VfVU5CT09UU1RSQVBQRUQQARIWChJWQVVMVF9TVEFURV9TRUFMRUQQAhIYChRWQVVMVF9TVEFU'
'RV9VTlNFQUxFRBADEhUKEVZBVUxUX1NUQVRFX0VSUk9SEAQ='); 'RV9VTlNFQUxFRBADEhUKEVZBVUxUX1NUQVRFX0VSUk9SEAQ=');
@$core.Deprecated('Use clientInfoDescriptor instead')
const ClientInfo$json = {
'1': 'ClientInfo',
'2': [
{'1': 'name', '3': 1, '4': 1, '5': 9, '10': 'name'},
{
'1': 'description',
'3': 2,
'4': 1,
'5': 9,
'9': 0,
'10': 'description',
'17': true
},
{
'1': 'version',
'3': 3,
'4': 1,
'5': 9,
'9': 1,
'10': 'version',
'17': true
},
],
'8': [
{'1': '_description'},
{'1': '_version'},
],
};
/// Descriptor for `ClientInfo`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List clientInfoDescriptor = $convert.base64Decode(
'CgpDbGllbnRJbmZvEhIKBG5hbWUYASABKAlSBG5hbWUSJQoLZGVzY3JpcHRpb24YAiABKAlIAF'
'ILZGVzY3JpcHRpb26IAQESHQoHdmVyc2lvbhgDIAEoCUgBUgd2ZXJzaW9uiAEBQg4KDF9kZXNj'
'cmlwdGlvbkIKCghfdmVyc2lvbg==');
@$core.Deprecated('Use authChallengeRequestDescriptor instead') @$core.Deprecated('Use authChallengeRequestDescriptor instead')
const AuthChallengeRequest$json = { const AuthChallengeRequest$json = {
'1': 'AuthChallengeRequest', '1': 'AuthChallengeRequest',
'2': [ '2': [
{'1': 'pubkey', '3': 1, '4': 1, '5': 12, '10': 'pubkey'}, {'1': 'pubkey', '3': 1, '4': 1, '5': 12, '10': 'pubkey'},
{
'1': 'client_info',
'3': 2,
'4': 1,
'5': 11,
'6': '.arbiter.client.ClientInfo',
'10': 'clientInfo'
},
], ],
}; };
/// Descriptor for `AuthChallengeRequest`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `AuthChallengeRequest`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List authChallengeRequestDescriptor = final $typed_data.Uint8List authChallengeRequestDescriptor = $convert.base64Decode(
$convert.base64Decode( 'ChRBdXRoQ2hhbGxlbmdlUmVxdWVzdBIWCgZwdWJrZXkYASABKAxSBnB1YmtleRI7CgtjbGllbn'
'ChRBdXRoQ2hhbGxlbmdlUmVxdWVzdBIWCgZwdWJrZXkYASABKAxSBnB1YmtleQ=='); 'RfaW5mbxgCIAEoCzIaLmFyYml0ZXIuY2xpZW50LkNsaWVudEluZm9SCmNsaWVudEluZm8=');
@$core.Deprecated('Use authChallengeDescriptor instead') @$core.Deprecated('Use authChallengeDescriptor instead')
const AuthChallenge$json = { const AuthChallenge$json = {

102
useragent/lib/proto/evm.pb.dart
View File

@@ -26,9 +26,11 @@ export 'evm.pbenum.dart';
class WalletEntry extends $pb.GeneratedMessage { class WalletEntry extends $pb.GeneratedMessage {
factory WalletEntry({ factory WalletEntry({
$core.int? id,
$core.List<$core.int>? address, $core.List<$core.int>? address,
}) { }) {
final result = create(); final result = create();
if (id != null) result.id = id;
if (address != null) result.address = address; if (address != null) result.address = address;
return result; return result;
} }
@@ -46,8 +48,9 @@ class WalletEntry extends $pb.GeneratedMessage {
_omitMessageNames ? '' : 'WalletEntry', _omitMessageNames ? '' : 'WalletEntry',
package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'), package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'),
createEmptyInstance: create) createEmptyInstance: create)
..aI(1, _omitFieldNames ? '' : 'id')
..a<$core.List<$core.int>>( ..a<$core.List<$core.int>>(
1, _omitFieldNames ? '' : 'address', $pb.PbFieldType.OY) 2, _omitFieldNames ? '' : 'address', $pb.PbFieldType.OY)
..hasRequiredFields = false; ..hasRequiredFields = false;
@$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.') @$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.')
@@ -70,13 +73,22 @@ class WalletEntry extends $pb.GeneratedMessage {
static WalletEntry? _defaultInstance; static WalletEntry? _defaultInstance;
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.List<$core.int> get address => $_getN(0); $core.int get id => $_getIZ(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
set address($core.List<$core.int> value) => $_setBytes(0, value); set id($core.int value) => $_setSignedInt32(0, value);
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.bool hasAddress() => $_has(0); $core.bool hasId() => $_has(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
void clearAddress() => $_clearField(1); void clearId() => $_clearField(1);
@$pb.TagNumber(2)
$core.List<$core.int> get address => $_getN(1);
@$pb.TagNumber(2)
set address($core.List<$core.int> value) => $_setBytes(1, value);
@$pb.TagNumber(2)
$core.bool hasAddress() => $_has(1);
@$pb.TagNumber(2)
void clearAddress() => $_clearField(2);
} }
class WalletList extends $pb.GeneratedMessage { class WalletList extends $pb.GeneratedMessage {
@@ -436,7 +448,7 @@ class VolumeRateLimit extends $pb.GeneratedMessage {
class SharedSettings extends $pb.GeneratedMessage { class SharedSettings extends $pb.GeneratedMessage {
factory SharedSettings({ factory SharedSettings({
$core.int? walletId, $core.int? walletAccessId,
$fixnum.Int64? chainId, $fixnum.Int64? chainId,
$0.Timestamp? validFrom, $0.Timestamp? validFrom,
$0.Timestamp? validUntil, $0.Timestamp? validUntil,
@@ -445,7 +457,7 @@ class SharedSettings extends $pb.GeneratedMessage {
TransactionRateLimit? rateLimit, TransactionRateLimit? rateLimit,
}) { }) {
final result = create(); final result = create();
if (walletId != null) result.walletId = walletId; if (walletAccessId != null) result.walletAccessId = walletAccessId;
if (chainId != null) result.chainId = chainId; if (chainId != null) result.chainId = chainId;
if (validFrom != null) result.validFrom = validFrom; if (validFrom != null) result.validFrom = validFrom;
if (validUntil != null) result.validUntil = validUntil; if (validUntil != null) result.validUntil = validUntil;
@@ -469,7 +481,7 @@ class SharedSettings extends $pb.GeneratedMessage {
_omitMessageNames ? '' : 'SharedSettings', _omitMessageNames ? '' : 'SharedSettings',
package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'), package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'),
createEmptyInstance: create) createEmptyInstance: create)
..aI(1, _omitFieldNames ? '' : 'walletId') ..aI(1, _omitFieldNames ? '' : 'walletAccessId')
..a<$fixnum.Int64>(2, _omitFieldNames ? '' : 'chainId', $pb.PbFieldType.OU6, ..a<$fixnum.Int64>(2, _omitFieldNames ? '' : 'chainId', $pb.PbFieldType.OU6,
defaultOrMaker: $fixnum.Int64.ZERO) defaultOrMaker: $fixnum.Int64.ZERO)
..aOM<$0.Timestamp>(3, _omitFieldNames ? '' : 'validFrom', ..aOM<$0.Timestamp>(3, _omitFieldNames ? '' : 'validFrom',
@@ -504,13 +516,13 @@ class SharedSettings extends $pb.GeneratedMessage {
static SharedSettings? _defaultInstance; static SharedSettings? _defaultInstance;
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.int get walletId => $_getIZ(0); $core.int get walletAccessId => $_getIZ(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
set walletId($core.int value) => $_setSignedInt32(0, value); set walletAccessId($core.int value) => $_setSignedInt32(0, value);
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.bool hasWalletId() => $_has(0); $core.bool hasWalletAccessId() => $_has(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
void clearWalletId() => $_clearField(1); void clearWalletAccessId() => $_clearField(1);
@$pb.TagNumber(2) @$pb.TagNumber(2)
$fixnum.Int64 get chainId => $_getI64(1); $fixnum.Int64 get chainId => $_getI64(1);
@@ -1625,12 +1637,10 @@ class TransactionEvalError extends $pb.GeneratedMessage {
/// --- UserAgent grant management --- /// --- UserAgent grant management ---
class EvmGrantCreateRequest extends $pb.GeneratedMessage { class EvmGrantCreateRequest extends $pb.GeneratedMessage {
factory EvmGrantCreateRequest({ factory EvmGrantCreateRequest({
$core.int? clientId,
SharedSettings? shared, SharedSettings? shared,
SpecificGrant? specific, SpecificGrant? specific,
}) { }) {
final result = create(); final result = create();
if (clientId != null) result.clientId = clientId;
if (shared != null) result.shared = shared; if (shared != null) result.shared = shared;
if (specific != null) result.specific = specific; if (specific != null) result.specific = specific;
return result; return result;
@@ -1649,10 +1659,9 @@ class EvmGrantCreateRequest extends $pb.GeneratedMessage {
_omitMessageNames ? '' : 'EvmGrantCreateRequest', _omitMessageNames ? '' : 'EvmGrantCreateRequest',
package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'), package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'),
createEmptyInstance: create) createEmptyInstance: create)
..aI(1, _omitFieldNames ? '' : 'clientId') ..aOM<SharedSettings>(1, _omitFieldNames ? '' : 'shared',
..aOM<SharedSettings>(2, _omitFieldNames ? '' : 'shared',
subBuilder: SharedSettings.create) subBuilder: SharedSettings.create)
..aOM<SpecificGrant>(3, _omitFieldNames ? '' : 'specific', ..aOM<SpecificGrant>(2, _omitFieldNames ? '' : 'specific',
subBuilder: SpecificGrant.create) subBuilder: SpecificGrant.create)
..hasRequiredFields = false; ..hasRequiredFields = false;
@@ -1677,35 +1686,26 @@ class EvmGrantCreateRequest extends $pb.GeneratedMessage {
static EvmGrantCreateRequest? _defaultInstance; static EvmGrantCreateRequest? _defaultInstance;
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.int get clientId => $_getIZ(0); SharedSettings get shared => $_getN(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
set clientId($core.int value) => $_setSignedInt32(0, value); set shared(SharedSettings value) => $_setField(1, value);
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.bool hasClientId() => $_has(0); $core.bool hasShared() => $_has(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
void clearClientId() => $_clearField(1); void clearShared() => $_clearField(1);
@$pb.TagNumber(1)
SharedSettings ensureShared() => $_ensure(0);
@$pb.TagNumber(2) @$pb.TagNumber(2)
SharedSettings get shared => $_getN(1); SpecificGrant get specific => $_getN(1);
@$pb.TagNumber(2) @$pb.TagNumber(2)
set shared(SharedSettings value) => $_setField(2, value); set specific(SpecificGrant value) => $_setField(2, value);
@$pb.TagNumber(2) @$pb.TagNumber(2)
$core.bool hasShared() => $_has(1); $core.bool hasSpecific() => $_has(1);
@$pb.TagNumber(2) @$pb.TagNumber(2)
void clearShared() => $_clearField(2); void clearSpecific() => $_clearField(2);
@$pb.TagNumber(2) @$pb.TagNumber(2)
SharedSettings ensureShared() => $_ensure(1); SpecificGrant ensureSpecific() => $_ensure(1);
@$pb.TagNumber(3)
SpecificGrant get specific => $_getN(2);
@$pb.TagNumber(3)
set specific(SpecificGrant value) => $_setField(3, value);
@$pb.TagNumber(3)
$core.bool hasSpecific() => $_has(2);
@$pb.TagNumber(3)
void clearSpecific() => $_clearField(3);
@$pb.TagNumber(3)
SpecificGrant ensureSpecific() => $_ensure(2);
} }
enum EvmGrantCreateResponse_Result { grantId, error, notSet } enum EvmGrantCreateResponse_Result { grantId, error, notSet }
@@ -1939,13 +1939,13 @@ class EvmGrantDeleteResponse extends $pb.GeneratedMessage {
class GrantEntry extends $pb.GeneratedMessage { class GrantEntry extends $pb.GeneratedMessage {
factory GrantEntry({ factory GrantEntry({
$core.int? id, $core.int? id,
$core.int? clientId, $core.int? walletAccessId,
SharedSettings? shared, SharedSettings? shared,
SpecificGrant? specific, SpecificGrant? specific,
}) { }) {
final result = create(); final result = create();
if (id != null) result.id = id; if (id != null) result.id = id;
if (clientId != null) result.clientId = clientId; if (walletAccessId != null) result.walletAccessId = walletAccessId;
if (shared != null) result.shared = shared; if (shared != null) result.shared = shared;
if (specific != null) result.specific = specific; if (specific != null) result.specific = specific;
return result; return result;
@@ -1965,7 +1965,7 @@ class GrantEntry extends $pb.GeneratedMessage {
package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'), package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'),
createEmptyInstance: create) createEmptyInstance: create)
..aI(1, _omitFieldNames ? '' : 'id') ..aI(1, _omitFieldNames ? '' : 'id')
..aI(2, _omitFieldNames ? '' : 'clientId') ..aI(2, _omitFieldNames ? '' : 'walletAccessId')
..aOM<SharedSettings>(3, _omitFieldNames ? '' : 'shared', ..aOM<SharedSettings>(3, _omitFieldNames ? '' : 'shared',
subBuilder: SharedSettings.create) subBuilder: SharedSettings.create)
..aOM<SpecificGrant>(4, _omitFieldNames ? '' : 'specific', ..aOM<SpecificGrant>(4, _omitFieldNames ? '' : 'specific',
@@ -2000,13 +2000,13 @@ class GrantEntry extends $pb.GeneratedMessage {
void clearId() => $_clearField(1); void clearId() => $_clearField(1);
@$pb.TagNumber(2) @$pb.TagNumber(2)
$core.int get clientId => $_getIZ(1); $core.int get walletAccessId => $_getIZ(1);
@$pb.TagNumber(2) @$pb.TagNumber(2)
set clientId($core.int value) => $_setSignedInt32(1, value); set walletAccessId($core.int value) => $_setSignedInt32(1, value);
@$pb.TagNumber(2) @$pb.TagNumber(2)
$core.bool hasClientId() => $_has(1); $core.bool hasWalletAccessId() => $_has(1);
@$pb.TagNumber(2) @$pb.TagNumber(2)
void clearClientId() => $_clearField(2); void clearWalletAccessId() => $_clearField(2);
@$pb.TagNumber(3) @$pb.TagNumber(3)
SharedSettings get shared => $_getN(2); SharedSettings get shared => $_getN(2);
@@ -2033,10 +2033,10 @@ class GrantEntry extends $pb.GeneratedMessage {
class EvmGrantListRequest extends $pb.GeneratedMessage { class EvmGrantListRequest extends $pb.GeneratedMessage {
factory EvmGrantListRequest({ factory EvmGrantListRequest({
$core.int? walletId, $core.int? walletAccessId,
}) { }) {
final result = create(); final result = create();
if (walletId != null) result.walletId = walletId; if (walletAccessId != null) result.walletAccessId = walletAccessId;
return result; return result;
} }
@@ -2053,7 +2053,7 @@ class EvmGrantListRequest extends $pb.GeneratedMessage {
_omitMessageNames ? '' : 'EvmGrantListRequest', _omitMessageNames ? '' : 'EvmGrantListRequest',
package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'), package: const $pb.PackageName(_omitMessageNames ? '' : 'arbiter.evm'),
createEmptyInstance: create) createEmptyInstance: create)
..aI(1, _omitFieldNames ? '' : 'walletId') ..aI(1, _omitFieldNames ? '' : 'walletAccessId')
..hasRequiredFields = false; ..hasRequiredFields = false;
@$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.') @$core.Deprecated('See https://github.com/google/protobuf.dart/issues/998.')
@@ -2076,13 +2076,13 @@ class EvmGrantListRequest extends $pb.GeneratedMessage {
static EvmGrantListRequest? _defaultInstance; static EvmGrantListRequest? _defaultInstance;
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.int get walletId => $_getIZ(0); $core.int get walletAccessId => $_getIZ(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
set walletId($core.int value) => $_setSignedInt32(0, value); set walletAccessId($core.int value) => $_setSignedInt32(0, value);
@$pb.TagNumber(1) @$pb.TagNumber(1)
$core.bool hasWalletId() => $_has(0); $core.bool hasWalletAccessId() => $_has(0);
@$pb.TagNumber(1) @$pb.TagNumber(1)
void clearWalletId() => $_clearField(1); void clearWalletAccessId() => $_clearField(1);
} }
enum EvmGrantListResponse_Result { grants, error, notSet } enum EvmGrantListResponse_Result { grants, error, notSet }

59
useragent/lib/proto/evm.pbjson.dart
View File

@@ -34,13 +34,15 @@ final $typed_data.Uint8List evmErrorDescriptor = $convert.base64Decode(
const WalletEntry$json = { const WalletEntry$json = {
'1': 'WalletEntry', '1': 'WalletEntry',
'2': [ '2': [
{'1': 'address', '3': 1, '4': 1, '5': 12, '10': 'address'}, {'1': 'id', '3': 1, '4': 1, '5': 5, '10': 'id'},
{'1': 'address', '3': 2, '4': 1, '5': 12, '10': 'address'},
], ],
}; };
/// Descriptor for `WalletEntry`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `WalletEntry`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List walletEntryDescriptor = $convert final $typed_data.Uint8List walletEntryDescriptor = $convert.base64Decode(
.base64Decode('CgtXYWxsZXRFbnRyeRIYCgdhZGRyZXNzGAEgASgMUgdhZGRyZXNz'); 'CgtXYWxsZXRFbnRyeRIOCgJpZBgBIAEoBVICaWQSGAoHYWRkcmVzcxgCIAEoDFIHYWRkcmVzcw'
'==');
@$core.Deprecated('Use walletListDescriptor instead') @$core.Deprecated('Use walletListDescriptor instead')
const WalletList$json = { const WalletList$json = {
@@ -162,7 +164,7 @@ final $typed_data.Uint8List volumeRateLimitDescriptor = $convert.base64Decode(
const SharedSettings$json = { const SharedSettings$json = {
'1': 'SharedSettings', '1': 'SharedSettings',
'2': [ '2': [
{'1': 'wallet_id', '3': 1, '4': 1, '5': 5, '10': 'walletId'}, {'1': 'wallet_access_id', '3': 1, '4': 1, '5': 5, '10': 'walletAccessId'},
{'1': 'chain_id', '3': 2, '4': 1, '5': 4, '10': 'chainId'}, {'1': 'chain_id', '3': 2, '4': 1, '5': 4, '10': 'chainId'},
{ {
'1': 'valid_from', '1': 'valid_from',
@@ -224,15 +226,15 @@ const SharedSettings$json = {
/// Descriptor for `SharedSettings`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `SharedSettings`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sharedSettingsDescriptor = $convert.base64Decode( final $typed_data.Uint8List sharedSettingsDescriptor = $convert.base64Decode(
'Cg5TaGFyZWRTZXR0aW5ncxIbCgl3YWxsZXRfaWQYASABKAVSCHdhbGxldElkEhkKCGNoYWluX2' 'Cg5TaGFyZWRTZXR0aW5ncxIoChB3YWxsZXRfYWNjZXNzX2lkGAEgASgFUg53YWxsZXRBY2Nlc3'
'lkGAIgASgEUgdjaGFpbklkEj4KCnZhbGlkX2Zyb20YAyABKAsyGi5nb29nbGUucHJvdG9idWYu' 'NJZBIZCghjaGFpbl9pZBgCIAEoBFIHY2hhaW5JZBI+Cgp2YWxpZF9mcm9tGAMgASgLMhouZ29v'
'VGltZXN0YW1wSABSCXZhbGlkRnJvbYgBARJACgt2YWxpZF91bnRpbBgEIAEoCzIaLmdvb2dsZS' 'Z2xlLnByb3RvYnVmLlRpbWVzdGFtcEgAUgl2YWxpZEZyb22IAQESQAoLdmFsaWRfdW50aWwYBC'
'5wcm90b2J1Zi5UaW1lc3RhbXBIAVIKdmFsaWRVbnRpbIgBARIxChNtYXhfZ2FzX2ZlZV9wZXJf' 'ABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wSAFSCnZhbGlkVW50aWyIAQESMQoTbWF4'
'Z2FzGAUgASgMSAJSD21heEdhc0ZlZVBlckdhc4gBARI7ChhtYXhfcHJpb3JpdHlfZmVlX3Blcl' 'X2dhc19mZWVfcGVyX2dhcxgFIAEoDEgCUg9tYXhHYXNGZWVQZXJHYXOIAQESOwoYbWF4X3ByaW'
'9nYXMYBiABKAxIA1IUbWF4UHJpb3JpdHlGZWVQZXJHYXOIAQESRQoKcmF0ZV9saW1pdBgHIAEo' '9yaXR5X2ZlZV9wZXJfZ2FzGAYgASgMSANSFG1heFByaW9yaXR5RmVlUGVyR2FziAEBEkUKCnJh'
'CzIhLmFyYml0ZXIuZXZtLlRyYW5zYWN0aW9uUmF0ZUxpbWl0SARSCXJhdGVMaW1pdIgBAUINCg' 'dGVfbGltaXQYByABKAsyIS5hcmJpdGVyLmV2bS5UcmFuc2FjdGlvblJhdGVMaW1pdEgEUglyYX'
'tfdmFsaWRfZnJvbUIOCgxfdmFsaWRfdW50aWxCFgoUX21heF9nYXNfZmVlX3Blcl9nYXNCGwoZ' 'RlTGltaXSIAQFCDQoLX3ZhbGlkX2Zyb21CDgoMX3ZhbGlkX3VudGlsQhYKFF9tYXhfZ2FzX2Zl'
'X21heF9wcmlvcml0eV9mZWVfcGVyX2dhc0INCgtfcmF0ZV9saW1pdA=='); 'ZV9wZXJfZ2FzQhsKGV9tYXhfcHJpb3JpdHlfZmVlX3Blcl9nYXNCDQoLX3JhdGVfbGltaXQ=');
@$core.Deprecated('Use etherTransferSettingsDescriptor instead') @$core.Deprecated('Use etherTransferSettingsDescriptor instead')
const EtherTransferSettings$json = { const EtherTransferSettings$json = {
@@ -631,10 +633,9 @@ final $typed_data.Uint8List transactionEvalErrorDescriptor = $convert.base64Deco
const EvmGrantCreateRequest$json = { const EvmGrantCreateRequest$json = {
'1': 'EvmGrantCreateRequest', '1': 'EvmGrantCreateRequest',
'2': [ '2': [
{'1': 'client_id', '3': 1, '4': 1, '5': 5, '10': 'clientId'},
{ {
'1': 'shared', '1': 'shared',
'3': 2, '3': 1,
'4': 1, '4': 1,
'5': 11, '5': 11,
'6': '.arbiter.evm.SharedSettings', '6': '.arbiter.evm.SharedSettings',
@@ -642,7 +643,7 @@ const EvmGrantCreateRequest$json = {
}, },
{ {
'1': 'specific', '1': 'specific',
'3': 3, '3': 2,
'4': 1, '4': 1,
'5': 11, '5': 11,
'6': '.arbiter.evm.SpecificGrant', '6': '.arbiter.evm.SpecificGrant',
@@ -653,9 +654,9 @@ const EvmGrantCreateRequest$json = {
/// Descriptor for `EvmGrantCreateRequest`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `EvmGrantCreateRequest`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List evmGrantCreateRequestDescriptor = $convert.base64Decode( final $typed_data.Uint8List evmGrantCreateRequestDescriptor = $convert.base64Decode(
'ChVFdm1HcmFudENyZWF0ZVJlcXVlc3QSGwoJY2xpZW50X2lkGAEgASgFUghjbGllbnRJZBIzCg' 'ChVFdm1HcmFudENyZWF0ZVJlcXVlc3QSMwoGc2hhcmVkGAEgASgLMhsuYXJiaXRlci5ldm0uU2'
'ZzaGFyZWQYAiABKAsyGy5hcmJpdGVyLmV2bS5TaGFyZWRTZXR0aW5nc1IGc2hhcmVkEjYKCHNw' 'hhcmVkU2V0dGluZ3NSBnNoYXJlZBI2CghzcGVjaWZpYxgCIAEoCzIaLmFyYml0ZXIuZXZtLlNw'
'ZWNpZmljGAMgASgLMhouYXJiaXRlci5ldm0uU3BlY2lmaWNHcmFudFIIc3BlY2lmaWM='); 'ZWNpZmljR3JhbnRSCHNwZWNpZmlj');
@$core.Deprecated('Use evmGrantCreateResponseDescriptor instead') @$core.Deprecated('Use evmGrantCreateResponseDescriptor instead')
const EvmGrantCreateResponse$json = { const EvmGrantCreateResponse$json = {
@@ -734,7 +735,7 @@ const GrantEntry$json = {
'1': 'GrantEntry', '1': 'GrantEntry',
'2': [ '2': [
{'1': 'id', '3': 1, '4': 1, '5': 5, '10': 'id'}, {'1': 'id', '3': 1, '4': 1, '5': 5, '10': 'id'},
{'1': 'client_id', '3': 2, '4': 1, '5': 5, '10': 'clientId'}, {'1': 'wallet_access_id', '3': 2, '4': 1, '5': 5, '10': 'walletAccessId'},
{ {
'1': 'shared', '1': 'shared',
'3': 3, '3': 3,
@@ -756,34 +757,34 @@ const GrantEntry$json = {
/// Descriptor for `GrantEntry`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `GrantEntry`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List grantEntryDescriptor = $convert.base64Decode( final $typed_data.Uint8List grantEntryDescriptor = $convert.base64Decode(
'CgpHcmFudEVudHJ5Eg4KAmlkGAEgASgFUgJpZBIbCgljbGllbnRfaWQYAiABKAVSCGNsaWVudE' 'CgpHcmFudEVudHJ5Eg4KAmlkGAEgASgFUgJpZBIoChB3YWxsZXRfYWNjZXNzX2lkGAIgASgFUg'
'lkEjMKBnNoYXJlZBgDIAEoCzIbLmFyYml0ZXIuZXZtLlNoYXJlZFNldHRpbmdzUgZzaGFyZWQS' '53YWxsZXRBY2Nlc3NJZBIzCgZzaGFyZWQYAyABKAsyGy5hcmJpdGVyLmV2bS5TaGFyZWRTZXR0'
'NgoIc3BlY2lmaWMYBCABKAsyGi5hcmJpdGVyLmV2bS5TcGVjaWZpY0dyYW50UghzcGVjaWZpYw' 'aW5nc1IGc2hhcmVkEjYKCHNwZWNpZmljGAQgASgLMhouYXJiaXRlci5ldm0uU3BlY2lmaWNHcm'
'=='); 'FudFIIc3BlY2lmaWM=');
@$core.Deprecated('Use evmGrantListRequestDescriptor instead') @$core.Deprecated('Use evmGrantListRequestDescriptor instead')
const EvmGrantListRequest$json = { const EvmGrantListRequest$json = {
'1': 'EvmGrantListRequest', '1': 'EvmGrantListRequest',
'2': [ '2': [
{ {
'1': 'wallet_id', '1': 'wallet_access_id',
'3': 1, '3': 1,
'4': 1, '4': 1,
'5': 5, '5': 5,
'9': 0, '9': 0,
'10': 'walletId', '10': 'walletAccessId',
'17': true '17': true
}, },
], ],
'8': [ '8': [
{'1': '_wallet_id'}, {'1': '_wallet_access_id'},
], ],
}; };
/// Descriptor for `EvmGrantListRequest`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `EvmGrantListRequest`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List evmGrantListRequestDescriptor = $convert.base64Decode( final $typed_data.Uint8List evmGrantListRequestDescriptor = $convert.base64Decode(
'ChNFdm1HcmFudExpc3RSZXF1ZXN0EiAKCXdhbGxldF9pZBgBIAEoBUgAUgh3YWxsZXRJZIgBAU' 'ChNFdm1HcmFudExpc3RSZXF1ZXN0Ei0KEHdhbGxldF9hY2Nlc3NfaWQYASABKAVIAFIOd2FsbG'
'IMCgpfd2FsbGV0X2lk'); 'V0QWNjZXNzSWSIAQFCEwoRX3dhbGxldF9hY2Nlc3NfaWQ=');
@$core.Deprecated('Use evmGrantListResponseDescriptor instead') @$core.Deprecated('Use evmGrantListResponseDescriptor instead')
const EvmGrantListResponse$json = { const EvmGrantListResponse$json = {

1275
useragent/lib/proto/user_agent.pb.dart
View File

File diff suppressed because it is too large Load Diff

30
useragent/lib/proto/user_agent.pbenum.dart
View File

@@ -39,6 +39,36 @@ class KeyType extends $pb.ProtobufEnum {
const KeyType._(super.value, super.name); const KeyType._(super.value, super.name);
} }
class SdkClientError extends $pb.ProtobufEnum {
static const SdkClientError SDK_CLIENT_ERROR_UNSPECIFIED =
SdkClientError._(0, _omitEnumNames ? '' : 'SDK_CLIENT_ERROR_UNSPECIFIED');
static const SdkClientError SDK_CLIENT_ERROR_ALREADY_EXISTS =
SdkClientError._(
1, _omitEnumNames ? '' : 'SDK_CLIENT_ERROR_ALREADY_EXISTS');
static const SdkClientError SDK_CLIENT_ERROR_NOT_FOUND =
SdkClientError._(2, _omitEnumNames ? '' : 'SDK_CLIENT_ERROR_NOT_FOUND');
static const SdkClientError SDK_CLIENT_ERROR_HAS_RELATED_DATA =
SdkClientError._(
3, _omitEnumNames ? '' : 'SDK_CLIENT_ERROR_HAS_RELATED_DATA');
static const SdkClientError SDK_CLIENT_ERROR_INTERNAL =
SdkClientError._(4, _omitEnumNames ? '' : 'SDK_CLIENT_ERROR_INTERNAL');
static const $core.List<SdkClientError> values = <SdkClientError>[
SDK_CLIENT_ERROR_UNSPECIFIED,
SDK_CLIENT_ERROR_ALREADY_EXISTS,
SDK_CLIENT_ERROR_NOT_FOUND,
SDK_CLIENT_ERROR_HAS_RELATED_DATA,
SDK_CLIENT_ERROR_INTERNAL,
];
static final $core.List<SdkClientError?> _byValue =
$pb.ProtobufEnum.$_initByValueList(values, 4);
static SdkClientError? valueOf($core.int value) =>
value < 0 || value >= _byValue.length ? null : _byValue[value];
const SdkClientError._(super.value, super.name);
}
class AuthResult extends $pb.ProtobufEnum { class AuthResult extends $pb.ProtobufEnum {
static const AuthResult AUTH_RESULT_UNSPECIFIED = static const AuthResult AUTH_RESULT_UNSPECIFIED =
AuthResult._(0, _omitEnumNames ? '' : 'AUTH_RESULT_UNSPECIFIED'); AuthResult._(0, _omitEnumNames ? '' : 'AUTH_RESULT_UNSPECIFIED');

429
useragent/lib/proto/user_agent.pbjson.dart
View File

@@ -31,6 +31,25 @@ final $typed_data.Uint8List keyTypeDescriptor = $convert.base64Decode(
'CgdLZXlUeXBlEhgKFEtFWV9UWVBFX1VOU1BFQ0lGSUVEEAASFAoQS0VZX1RZUEVfRUQyNTUxOR' 'CgdLZXlUeXBlEhgKFEtFWV9UWVBFX1VOU1BFQ0lGSUVEEAASFAoQS0VZX1RZUEVfRUQyNTUxOR'
'ABEhwKGEtFWV9UWVBFX0VDRFNBX1NFQ1AyNTZLMRACEhAKDEtFWV9UWVBFX1JTQRAD'); 'ABEhwKGEtFWV9UWVBFX0VDRFNBX1NFQ1AyNTZLMRACEhAKDEtFWV9UWVBFX1JTQRAD');
@$core.Deprecated('Use sdkClientErrorDescriptor instead')
const SdkClientError$json = {
'1': 'SdkClientError',
'2': [
{'1': 'SDK_CLIENT_ERROR_UNSPECIFIED', '2': 0},
{'1': 'SDK_CLIENT_ERROR_ALREADY_EXISTS', '2': 1},
{'1': 'SDK_CLIENT_ERROR_NOT_FOUND', '2': 2},
{'1': 'SDK_CLIENT_ERROR_HAS_RELATED_DATA', '2': 3},
{'1': 'SDK_CLIENT_ERROR_INTERNAL', '2': 4},
],
};
/// Descriptor for `SdkClientError`. Decode as a `google.protobuf.EnumDescriptorProto`.
final $typed_data.Uint8List sdkClientErrorDescriptor = $convert.base64Decode(
'Cg5TZGtDbGllbnRFcnJvchIgChxTREtfQ0xJRU5UX0VSUk9SX1VOU1BFQ0lGSUVEEAASIwofU0'
'RLX0NMSUVOVF9FUlJPUl9BTFJFQURZX0VYSVNUUxABEh4KGlNES19DTElFTlRfRVJST1JfTk9U'
'X0ZPVU5EEAISJQohU0RLX0NMSUVOVF9FUlJPUl9IQVNfUkVMQVRFRF9EQVRBEAMSHQoZU0RLX0'
'NMSUVOVF9FUlJPUl9JTlRFUk5BTBAE');
@$core.Deprecated('Use authResultDescriptor instead') @$core.Deprecated('Use authResultDescriptor instead')
const AuthResult$json = { const AuthResult$json = {
'1': 'AuthResult', '1': 'AuthResult',
@@ -105,6 +124,131 @@ final $typed_data.Uint8List vaultStateDescriptor = $convert.base64Decode(
'VfVU5CT09UU1RSQVBQRUQQARIWChJWQVVMVF9TVEFURV9TRUFMRUQQAhIYChRWQVVMVF9TVEFU' 'VfVU5CT09UU1RSQVBQRUQQARIWChJWQVVMVF9TVEFURV9TRUFMRUQQAhIYChRWQVVMVF9TVEFU'
'RV9VTlNFQUxFRBADEhUKEVZBVUxUX1NUQVRFX0VSUk9SEAQ='); 'RV9VTlNFQUxFRBADEhUKEVZBVUxUX1NUQVRFX0VSUk9SEAQ=');
@$core.Deprecated('Use sdkClientRevokeRequestDescriptor instead')
const SdkClientRevokeRequest$json = {
'1': 'SdkClientRevokeRequest',
'2': [
{'1': 'client_id', '3': 1, '4': 1, '5': 5, '10': 'clientId'},
],
};
/// Descriptor for `SdkClientRevokeRequest`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientRevokeRequestDescriptor =
$convert.base64Decode(
'ChZTZGtDbGllbnRSZXZva2VSZXF1ZXN0EhsKCWNsaWVudF9pZBgBIAEoBVIIY2xpZW50SWQ=');
@$core.Deprecated('Use sdkClientEntryDescriptor instead')
const SdkClientEntry$json = {
'1': 'SdkClientEntry',
'2': [
{'1': 'id', '3': 1, '4': 1, '5': 5, '10': 'id'},
{'1': 'pubkey', '3': 2, '4': 1, '5': 12, '10': 'pubkey'},
{
'1': 'info',
'3': 3,
'4': 1,
'5': 11,
'6': '.arbiter.client.ClientInfo',
'10': 'info'
},
{'1': 'created_at', '3': 4, '4': 1, '5': 5, '10': 'createdAt'},
],
};
/// Descriptor for `SdkClientEntry`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientEntryDescriptor = $convert.base64Decode(
'Cg5TZGtDbGllbnRFbnRyeRIOCgJpZBgBIAEoBVICaWQSFgoGcHVia2V5GAIgASgMUgZwdWJrZX'
'kSLgoEaW5mbxgDIAEoCzIaLmFyYml0ZXIuY2xpZW50LkNsaWVudEluZm9SBGluZm8SHQoKY3Jl'
'YXRlZF9hdBgEIAEoBVIJY3JlYXRlZEF0');
@$core.Deprecated('Use sdkClientListDescriptor instead')
const SdkClientList$json = {
'1': 'SdkClientList',
'2': [
{
'1': 'clients',
'3': 1,
'4': 3,
'5': 11,
'6': '.arbiter.user_agent.SdkClientEntry',
'10': 'clients'
},
],
};
/// Descriptor for `SdkClientList`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientListDescriptor = $convert.base64Decode(
'Cg1TZGtDbGllbnRMaXN0EjwKB2NsaWVudHMYASADKAsyIi5hcmJpdGVyLnVzZXJfYWdlbnQuU2'
'RrQ2xpZW50RW50cnlSB2NsaWVudHM=');
@$core.Deprecated('Use sdkClientRevokeResponseDescriptor instead')
const SdkClientRevokeResponse$json = {
'1': 'SdkClientRevokeResponse',
'2': [
{
'1': 'ok',
'3': 1,
'4': 1,
'5': 11,
'6': '.google.protobuf.Empty',
'9': 0,
'10': 'ok'
},
{
'1': 'error',
'3': 2,
'4': 1,
'5': 14,
'6': '.arbiter.user_agent.SdkClientError',
'9': 0,
'10': 'error'
},
],
'8': [
{'1': 'result'},
],
};
/// Descriptor for `SdkClientRevokeResponse`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientRevokeResponseDescriptor = $convert.base64Decode(
'ChdTZGtDbGllbnRSZXZva2VSZXNwb25zZRIoCgJvaxgBIAEoCzIWLmdvb2dsZS5wcm90b2J1Zi'
'5FbXB0eUgAUgJvaxI6CgVlcnJvchgCIAEoDjIiLmFyYml0ZXIudXNlcl9hZ2VudC5TZGtDbGll'
'bnRFcnJvckgAUgVlcnJvckIICgZyZXN1bHQ=');
@$core.Deprecated('Use sdkClientListResponseDescriptor instead')
const SdkClientListResponse$json = {
'1': 'SdkClientListResponse',
'2': [
{
'1': 'clients',
'3': 1,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.SdkClientList',
'9': 0,
'10': 'clients'
},
{
'1': 'error',
'3': 2,
'4': 1,
'5': 14,
'6': '.arbiter.user_agent.SdkClientError',
'9': 0,
'10': 'error'
},
],
'8': [
{'1': 'result'},
],
};
/// Descriptor for `SdkClientListResponse`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientListResponseDescriptor = $convert.base64Decode(
'ChVTZGtDbGllbnRMaXN0UmVzcG9uc2USPQoHY2xpZW50cxgBIAEoCzIhLmFyYml0ZXIudXNlcl'
'9hZ2VudC5TZGtDbGllbnRMaXN0SABSB2NsaWVudHMSOgoFZXJyb3IYAiABKA4yIi5hcmJpdGVy'
'LnVzZXJfYWdlbnQuU2RrQ2xpZW50RXJyb3JIAFIFZXJyb3JCCAoGcmVzdWx0');
@$core.Deprecated('Use authChallengeRequestDescriptor instead') @$core.Deprecated('Use authChallengeRequestDescriptor instead')
const AuthChallengeRequest$json = { const AuthChallengeRequest$json = {
'1': 'AuthChallengeRequest', '1': 'AuthChallengeRequest',
@@ -224,46 +368,152 @@ final $typed_data.Uint8List bootstrapEncryptedKeyDescriptor = $convert.base64Dec
'RleHQYAiABKAxSCmNpcGhlcnRleHQSJwoPYXNzb2NpYXRlZF9kYXRhGAMgASgMUg5hc3NvY2lh' 'RleHQYAiABKAxSCmNpcGhlcnRleHQSJwoPYXNzb2NpYXRlZF9kYXRhGAMgASgMUg5hc3NvY2lh'
'dGVkRGF0YQ=='); 'dGVkRGF0YQ==');
@$core.Deprecated('Use clientConnectionRequestDescriptor instead') @$core.Deprecated('Use sdkClientConnectionRequestDescriptor instead')
const ClientConnectionRequest$json = { const SdkClientConnectionRequest$json = {
'1': 'ClientConnectionRequest', '1': 'SdkClientConnectionRequest',
'2': [
{'1': 'pubkey', '3': 1, '4': 1, '5': 12, '10': 'pubkey'},
{
'1': 'info',
'3': 2,
'4': 1,
'5': 11,
'6': '.arbiter.client.ClientInfo',
'10': 'info'
},
],
};
/// Descriptor for `SdkClientConnectionRequest`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientConnectionRequestDescriptor =
$convert.base64Decode(
'ChpTZGtDbGllbnRDb25uZWN0aW9uUmVxdWVzdBIWCgZwdWJrZXkYASABKAxSBnB1YmtleRIuCg'
'RpbmZvGAIgASgLMhouYXJiaXRlci5jbGllbnQuQ2xpZW50SW5mb1IEaW5mbw==');
@$core.Deprecated('Use sdkClientConnectionResponseDescriptor instead')
const SdkClientConnectionResponse$json = {
'1': 'SdkClientConnectionResponse',
'2': [
{'1': 'approved', '3': 1, '4': 1, '5': 8, '10': 'approved'},
{'1': 'pubkey', '3': 2, '4': 1, '5': 12, '10': 'pubkey'},
],
};
/// Descriptor for `SdkClientConnectionResponse`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientConnectionResponseDescriptor =
$convert.base64Decode(
'ChtTZGtDbGllbnRDb25uZWN0aW9uUmVzcG9uc2USGgoIYXBwcm92ZWQYASABKAhSCGFwcHJvdm'
'VkEhYKBnB1YmtleRgCIAEoDFIGcHVia2V5');
@$core.Deprecated('Use sdkClientConnectionCancelDescriptor instead')
const SdkClientConnectionCancel$json = {
'1': 'SdkClientConnectionCancel',
'2': [ '2': [
{'1': 'pubkey', '3': 1, '4': 1, '5': 12, '10': 'pubkey'}, {'1': 'pubkey', '3': 1, '4': 1, '5': 12, '10': 'pubkey'},
], ],
}; };
/// Descriptor for `ClientConnectionRequest`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `SdkClientConnectionCancel`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List clientConnectionRequestDescriptor = final $typed_data.Uint8List sdkClientConnectionCancelDescriptor =
$convert.base64Decode( $convert.base64Decode(
'ChdDbGllbnRDb25uZWN0aW9uUmVxdWVzdBIWCgZwdWJrZXkYASABKAxSBnB1YmtleQ=='); 'ChlTZGtDbGllbnRDb25uZWN0aW9uQ2FuY2VsEhYKBnB1YmtleRgBIAEoDFIGcHVia2V5');
@$core.Deprecated('Use clientConnectionResponseDescriptor instead') @$core.Deprecated('Use walletAccessDescriptor instead')
const ClientConnectionResponse$json = { const WalletAccess$json = {
'1': 'ClientConnectionResponse', '1': 'WalletAccess',
'2': [ '2': [
{'1': 'approved', '3': 1, '4': 1, '5': 8, '10': 'approved'}, {'1': 'wallet_id', '3': 1, '4': 1, '5': 5, '10': 'walletId'},
{'1': 'sdk_client_id', '3': 2, '4': 1, '5': 5, '10': 'sdkClientId'},
], ],
}; };
/// Descriptor for `ClientConnectionResponse`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `WalletAccess`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List clientConnectionResponseDescriptor = final $typed_data.Uint8List walletAccessDescriptor = $convert.base64Decode(
$convert.base64Decode( 'CgxXYWxsZXRBY2Nlc3MSGwoJd2FsbGV0X2lkGAEgASgFUgh3YWxsZXRJZBIiCg1zZGtfY2xpZW'
'ChhDbGllbnRDb25uZWN0aW9uUmVzcG9uc2USGgoIYXBwcm92ZWQYASABKAhSCGFwcHJvdmVk'); '50X2lkGAIgASgFUgtzZGtDbGllbnRJZA==');
@$core.Deprecated('Use clientConnectionCancelDescriptor instead') @$core.Deprecated('Use sdkClientWalletAccessDescriptor instead')
const ClientConnectionCancel$json = { const SdkClientWalletAccess$json = {
'1': 'ClientConnectionCancel', '1': 'SdkClientWalletAccess',
'2': [
{'1': 'id', '3': 1, '4': 1, '5': 5, '10': 'id'},
{
'1': 'access',
'3': 2,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.WalletAccess',
'10': 'access'
},
],
}; };
/// Descriptor for `ClientConnectionCancel`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `SdkClientWalletAccess`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List clientConnectionCancelDescriptor = final $typed_data.Uint8List sdkClientWalletAccessDescriptor = $convert.base64Decode(
$convert.base64Decode('ChZDbGllbnRDb25uZWN0aW9uQ2FuY2Vs'); 'ChVTZGtDbGllbnRXYWxsZXRBY2Nlc3MSDgoCaWQYASABKAVSAmlkEjgKBmFjY2VzcxgCIAEoCz'
'IgLmFyYml0ZXIudXNlcl9hZ2VudC5XYWxsZXRBY2Nlc3NSBmFjY2Vzcw==');
@$core.Deprecated('Use sdkClientGrantWalletAccessDescriptor instead')
const SdkClientGrantWalletAccess$json = {
'1': 'SdkClientGrantWalletAccess',
'2': [
{
'1': 'accesses',
'3': 1,
'4': 3,
'5': 11,
'6': '.arbiter.user_agent.WalletAccess',
'10': 'accesses'
},
],
};
/// Descriptor for `SdkClientGrantWalletAccess`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientGrantWalletAccessDescriptor =
$convert.base64Decode(
'ChpTZGtDbGllbnRHcmFudFdhbGxldEFjY2VzcxI8CghhY2Nlc3NlcxgBIAMoCzIgLmFyYml0ZX'
'IudXNlcl9hZ2VudC5XYWxsZXRBY2Nlc3NSCGFjY2Vzc2Vz');
@$core.Deprecated('Use sdkClientRevokeWalletAccessDescriptor instead')
const SdkClientRevokeWalletAccess$json = {
'1': 'SdkClientRevokeWalletAccess',
'2': [
{'1': 'accesses', '3': 1, '4': 3, '5': 5, '10': 'accesses'},
],
};
/// Descriptor for `SdkClientRevokeWalletAccess`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List sdkClientRevokeWalletAccessDescriptor =
$convert.base64Decode(
'ChtTZGtDbGllbnRSZXZva2VXYWxsZXRBY2Nlc3MSGgoIYWNjZXNzZXMYASADKAVSCGFjY2Vzc2'
'Vz');
@$core.Deprecated('Use listWalletAccessResponseDescriptor instead')
const ListWalletAccessResponse$json = {
'1': 'ListWalletAccessResponse',
'2': [
{
'1': 'accesses',
'3': 1,
'4': 3,
'5': 11,
'6': '.arbiter.user_agent.SdkClientWalletAccess',
'10': 'accesses'
},
],
};
/// Descriptor for `ListWalletAccessResponse`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List listWalletAccessResponseDescriptor =
$convert.base64Decode(
'ChhMaXN0V2FsbGV0QWNjZXNzUmVzcG9uc2USRQoIYWNjZXNzZXMYASADKAsyKS5hcmJpdGVyLn'
'VzZXJfYWdlbnQuU2RrQ2xpZW50V2FsbGV0QWNjZXNzUghhY2Nlc3Nlcw==');
@$core.Deprecated('Use userAgentRequestDescriptor instead') @$core.Deprecated('Use userAgentRequestDescriptor instead')
const UserAgentRequest$json = { const UserAgentRequest$json = {
'1': 'UserAgentRequest', '1': 'UserAgentRequest',
'2': [ '2': [
{'1': 'id', '3': 14, '4': 1, '5': 5, '10': 'id'}, {'1': 'id', '3': 16, '4': 1, '5': 5, '10': 'id'},
{ {
'1': 'auth_challenge_request', '1': 'auth_challenge_request',
'3': 1, '3': 1,
@@ -355,23 +605,68 @@ const UserAgentRequest$json = {
'10': 'evmGrantList' '10': 'evmGrantList'
}, },
{ {
'1': 'client_connection_response', '1': 'sdk_client_connection_response',
'3': 11, '3': 11,
'4': 1, '4': 1,
'5': 11, '5': 11,
'6': '.arbiter.user_agent.ClientConnectionResponse', '6': '.arbiter.user_agent.SdkClientConnectionResponse',
'9': 0, '9': 0,
'10': 'clientConnectionResponse' '10': 'sdkClientConnectionResponse'
},
{
'1': 'sdk_client_revoke',
'3': 12,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.SdkClientRevokeRequest',
'9': 0,
'10': 'sdkClientRevoke'
},
{
'1': 'sdk_client_list',
'3': 13,
'4': 1,
'5': 11,
'6': '.google.protobuf.Empty',
'9': 0,
'10': 'sdkClientList'
}, },
{ {
'1': 'bootstrap_encrypted_key', '1': 'bootstrap_encrypted_key',
'3': 12, '3': 14,
'4': 1, '4': 1,
'5': 11, '5': 11,
'6': '.arbiter.user_agent.BootstrapEncryptedKey', '6': '.arbiter.user_agent.BootstrapEncryptedKey',
'9': 0, '9': 0,
'10': 'bootstrapEncryptedKey' '10': 'bootstrapEncryptedKey'
}, },
{
'1': 'grant_wallet_access',
'3': 15,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.SdkClientGrantWalletAccess',
'9': 0,
'10': 'grantWalletAccess'
},
{
'1': 'revoke_wallet_access',
'3': 17,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.SdkClientRevokeWalletAccess',
'9': 0,
'10': 'revokeWalletAccess'
},
{
'1': 'list_wallet_access',
'3': 18,
'4': 1,
'5': 11,
'6': '.google.protobuf.Empty',
'9': 0,
'10': 'listWalletAccess'
},
], ],
'8': [ '8': [
{'1': 'payload'}, {'1': 'payload'},
@@ -380,7 +675,7 @@ const UserAgentRequest$json = {
/// Descriptor for `UserAgentRequest`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `UserAgentRequest`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List userAgentRequestDescriptor = $convert.base64Decode( final $typed_data.Uint8List userAgentRequestDescriptor = $convert.base64Decode(
'ChBVc2VyQWdlbnRSZXF1ZXN0Eg4KAmlkGA4gASgFUgJpZBJgChZhdXRoX2NoYWxsZW5nZV9yZX' 'ChBVc2VyQWdlbnRSZXF1ZXN0Eg4KAmlkGBAgASgFUgJpZBJgChZhdXRoX2NoYWxsZW5nZV9yZX'
'F1ZXN0GAEgASgLMiguYXJiaXRlci51c2VyX2FnZW50LkF1dGhDaGFsbGVuZ2VSZXF1ZXN0SABS' 'F1ZXN0GAEgASgLMiguYXJiaXRlci51c2VyX2FnZW50LkF1dGhDaGFsbGVuZ2VSZXF1ZXN0SABS'
'FGF1dGhDaGFsbGVuZ2VSZXF1ZXN0EmMKF2F1dGhfY2hhbGxlbmdlX3NvbHV0aW9uGAIgASgLMi' 'FGF1dGhDaGFsbGVuZ2VSZXF1ZXN0EmMKF2F1dGhfY2hhbGxlbmdlX3NvbHV0aW9uGAIgASgLMi'
'kuYXJiaXRlci51c2VyX2FnZW50LkF1dGhDaGFsbGVuZ2VTb2x1dGlvbkgAUhVhdXRoQ2hhbGxl' 'kuYXJiaXRlci51c2VyX2FnZW50LkF1dGhDaGFsbGVuZ2VTb2x1dGlvbkgAUhVhdXRoQ2hhbGxl'
@@ -395,17 +690,24 @@ final $typed_data.Uint8List userAgentRequestDescriptor = $convert.base64Decode(
'DmV2bUdyYW50Q3JlYXRlEk4KEGV2bV9ncmFudF9kZWxldGUYCSABKAsyIi5hcmJpdGVyLmV2bS' 'DmV2bUdyYW50Q3JlYXRlEk4KEGV2bV9ncmFudF9kZWxldGUYCSABKAsyIi5hcmJpdGVyLmV2bS'
'5Fdm1HcmFudERlbGV0ZVJlcXVlc3RIAFIOZXZtR3JhbnREZWxldGUSSAoOZXZtX2dyYW50X2xp' '5Fdm1HcmFudERlbGV0ZVJlcXVlc3RIAFIOZXZtR3JhbnREZWxldGUSSAoOZXZtX2dyYW50X2xp'
'c3QYCiABKAsyIC5hcmJpdGVyLmV2bS5Fdm1HcmFudExpc3RSZXF1ZXN0SABSDGV2bUdyYW50TG' 'c3QYCiABKAsyIC5hcmJpdGVyLmV2bS5Fdm1HcmFudExpc3RSZXF1ZXN0SABSDGV2bUdyYW50TG'
'lzdBJsChpjbGllbnRfY29ubmVjdGlvbl9yZXNwb25zZRgLIAEoCzIsLmFyYml0ZXIudXNlcl9h' 'lzdBJ2Ch5zZGtfY2xpZW50X2Nvbm5lY3Rpb25fcmVzcG9uc2UYCyABKAsyLy5hcmJpdGVyLnVz'
'Z2VudC5DbGllbnRDb25uZWN0aW9uUmVzcG9uc2VIAFIYY2xpZW50Q29ubmVjdGlvblJlc3Bvbn' 'ZXJfYWdlbnQuU2RrQ2xpZW50Q29ubmVjdGlvblJlc3BvbnNlSABSG3Nka0NsaWVudENvbm5lY3'
'NlEmMKF2Jvb3RzdHJhcF9lbmNyeXB0ZWRfa2V5GAwgASgLMikuYXJiaXRlci51c2VyX2FnZW50' 'Rpb25SZXNwb25zZRJYChFzZGtfY2xpZW50X3Jldm9rZRgMIAEoCzIqLmFyYml0ZXIudXNlcl9h'
'LkJvb3RzdHJhcEVuY3J5cHRlZEtleUgAUhVib290c3RyYXBFbmNyeXB0ZWRLZXlCCQoHcGF5bG' 'Z2VudC5TZGtDbGllbnRSZXZva2VSZXF1ZXN0SABSD3Nka0NsaWVudFJldm9rZRJACg9zZGtfY2'
'9hZA=='); 'xpZW50X2xpc3QYDSABKAsyFi5nb29nbGUucHJvdG9idWYuRW1wdHlIAFINc2RrQ2xpZW50TGlz'
'dBJjChdib290c3RyYXBfZW5jcnlwdGVkX2tleRgOIAEoCzIpLmFyYml0ZXIudXNlcl9hZ2VudC'
'5Cb290c3RyYXBFbmNyeXB0ZWRLZXlIAFIVYm9vdHN0cmFwRW5jcnlwdGVkS2V5EmAKE2dyYW50'
'X3dhbGxldF9hY2Nlc3MYDyABKAsyLi5hcmJpdGVyLnVzZXJfYWdlbnQuU2RrQ2xpZW50R3Jhbn'
'RXYWxsZXRBY2Nlc3NIAFIRZ3JhbnRXYWxsZXRBY2Nlc3MSYwoUcmV2b2tlX3dhbGxldF9hY2Nl'
'c3MYESABKAsyLy5hcmJpdGVyLnVzZXJfYWdlbnQuU2RrQ2xpZW50UmV2b2tlV2FsbGV0QWNjZX'
'NzSABSEnJldm9rZVdhbGxldEFjY2VzcxJGChJsaXN0X3dhbGxldF9hY2Nlc3MYEiABKAsyFi5n'
'b29nbGUucHJvdG9idWYuRW1wdHlIAFIQbGlzdFdhbGxldEFjY2Vzc0IJCgdwYXlsb2Fk');
@$core.Deprecated('Use userAgentResponseDescriptor instead') @$core.Deprecated('Use userAgentResponseDescriptor instead')
const UserAgentResponse$json = { const UserAgentResponse$json = {
'1': 'UserAgentResponse', '1': 'UserAgentResponse',
'2': [ '2': [
{'1': 'id', '3': 14, '4': 1, '5': 5, '9': 1, '10': 'id', '17': true}, {'1': 'id', '3': 16, '4': 1, '5': 5, '9': 1, '10': 'id', '17': true},
{ {
'1': 'auth_challenge', '1': 'auth_challenge',
'3': 1, '3': 1,
@@ -497,32 +799,59 @@ const UserAgentResponse$json = {
'10': 'evmGrantList' '10': 'evmGrantList'
}, },
{ {
'1': 'client_connection_request', '1': 'sdk_client_connection_request',
'3': 11, '3': 11,
'4': 1, '4': 1,
'5': 11, '5': 11,
'6': '.arbiter.user_agent.ClientConnectionRequest', '6': '.arbiter.user_agent.SdkClientConnectionRequest',
'9': 0, '9': 0,
'10': 'clientConnectionRequest' '10': 'sdkClientConnectionRequest'
}, },
{ {
'1': 'client_connection_cancel', '1': 'sdk_client_connection_cancel',
'3': 12, '3': 12,
'4': 1, '4': 1,
'5': 11, '5': 11,
'6': '.arbiter.user_agent.ClientConnectionCancel', '6': '.arbiter.user_agent.SdkClientConnectionCancel',
'9': 0, '9': 0,
'10': 'clientConnectionCancel' '10': 'sdkClientConnectionCancel'
},
{
'1': 'sdk_client_revoke_response',
'3': 13,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.SdkClientRevokeResponse',
'9': 0,
'10': 'sdkClientRevokeResponse'
},
{
'1': 'sdk_client_list_response',
'3': 14,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.SdkClientListResponse',
'9': 0,
'10': 'sdkClientListResponse'
}, },
{ {
'1': 'bootstrap_result', '1': 'bootstrap_result',
'3': 13, '3': 15,
'4': 1, '4': 1,
'5': 14, '5': 14,
'6': '.arbiter.user_agent.BootstrapResult', '6': '.arbiter.user_agent.BootstrapResult',
'9': 0, '9': 0,
'10': 'bootstrapResult' '10': 'bootstrapResult'
}, },
{
'1': 'list_wallet_access_response',
'3': 17,
'4': 1,
'5': 11,
'6': '.arbiter.user_agent.ListWalletAccessResponse',
'9': 0,
'10': 'listWalletAccessResponse'
},
], ],
'8': [ '8': [
{'1': 'payload'}, {'1': 'payload'},
@@ -532,7 +861,7 @@ const UserAgentResponse$json = {
/// Descriptor for `UserAgentResponse`. Decode as a `google.protobuf.DescriptorProto`. /// Descriptor for `UserAgentResponse`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List userAgentResponseDescriptor = $convert.base64Decode( final $typed_data.Uint8List userAgentResponseDescriptor = $convert.base64Decode(
'ChFVc2VyQWdlbnRSZXNwb25zZRITCgJpZBgOIAEoBUgBUgJpZIgBARJKCg5hdXRoX2NoYWxsZW' 'ChFVc2VyQWdlbnRSZXNwb25zZRITCgJpZBgQIAEoBUgBUgJpZIgBARJKCg5hdXRoX2NoYWxsZW'
'5nZRgBIAEoCzIhLmFyYml0ZXIudXNlcl9hZ2VudC5BdXRoQ2hhbGxlbmdlSABSDWF1dGhDaGFs' '5nZRgBIAEoCzIhLmFyYml0ZXIudXNlcl9hZ2VudC5BdXRoQ2hhbGxlbmdlSABSDWF1dGhDaGFs'
'bGVuZ2USQQoLYXV0aF9yZXN1bHQYAiABKA4yHi5hcmJpdGVyLnVzZXJfYWdlbnQuQXV0aFJlc3' 'bGVuZ2USQQoLYXV0aF9yZXN1bHQYAiABKA4yHi5hcmJpdGVyLnVzZXJfYWdlbnQuQXV0aFJlc3'
'VsdEgAUgphdXRoUmVzdWx0El0KFXVuc2VhbF9zdGFydF9yZXNwb25zZRgDIAEoCzInLmFyYml0' 'VsdEgAUgphdXRoUmVzdWx0El0KFXVuc2VhbF9zdGFydF9yZXNwb25zZRgDIAEoCzInLmFyYml0'
@@ -546,10 +875,16 @@ final $typed_data.Uint8List userAgentResponseDescriptor = $convert.base64Decode(
'5ldm0uRXZtR3JhbnRDcmVhdGVSZXNwb25zZUgAUg5ldm1HcmFudENyZWF0ZRJPChBldm1fZ3Jh' '5ldm0uRXZtR3JhbnRDcmVhdGVSZXNwb25zZUgAUg5ldm1HcmFudENyZWF0ZRJPChBldm1fZ3Jh'
'bnRfZGVsZXRlGAkgASgLMiMuYXJiaXRlci5ldm0uRXZtR3JhbnREZWxldGVSZXNwb25zZUgAUg' 'bnRfZGVsZXRlGAkgASgLMiMuYXJiaXRlci5ldm0uRXZtR3JhbnREZWxldGVSZXNwb25zZUgAUg'
'5ldm1HcmFudERlbGV0ZRJJCg5ldm1fZ3JhbnRfbGlzdBgKIAEoCzIhLmFyYml0ZXIuZXZtLkV2' '5ldm1HcmFudERlbGV0ZRJJCg5ldm1fZ3JhbnRfbGlzdBgKIAEoCzIhLmFyYml0ZXIuZXZtLkV2'
'bUdyYW50TGlzdFJlc3BvbnNlSABSDGV2bUdyYW50TGlzdBJpChljbGllbnRfY29ubmVjdGlvbl' 'bUdyYW50TGlzdFJlc3BvbnNlSABSDGV2bUdyYW50TGlzdBJzCh1zZGtfY2xpZW50X2Nvbm5lY3'
'9yZXF1ZXN0GAsgASgLMisuYXJiaXRlci51c2VyX2FnZW50LkNsaWVudENvbm5lY3Rpb25SZXF1' 'Rpb25fcmVxdWVzdBgLIAEoCzIuLmFyYml0ZXIudXNlcl9hZ2VudC5TZGtDbGllbnRDb25uZWN0'
'ZXN0SABSF2NsaWVudENvbm5lY3Rpb25SZXF1ZXN0EmYKGGNsaWVudF9jb25uZWN0aW9uX2Nhbm' 'aW9uUmVxdWVzdEgAUhpzZGtDbGllbnRDb25uZWN0aW9uUmVxdWVzdBJwChxzZGtfY2xpZW50X2'
'NlbBgMIAEoCzIqLmFyYml0ZXIudXNlcl9hZ2VudC5DbGllbnRDb25uZWN0aW9uQ2FuY2VsSABS' 'Nvbm5lY3Rpb25fY2FuY2VsGAwgASgLMi0uYXJiaXRlci51c2VyX2FnZW50LlNka0NsaWVudENv'
'FmNsaWVudENvbm5lY3Rpb25DYW5jZWwSUAoQYm9vdHN0cmFwX3Jlc3VsdBgNIAEoDjIjLmFyYm' 'bm5lY3Rpb25DYW5jZWxIAFIZc2RrQ2xpZW50Q29ubmVjdGlvbkNhbmNlbBJqChpzZGtfY2xpZW'
'l0ZXIudXNlcl9hZ2VudC5Cb290c3RyYXBSZXN1bHRIAFIPYm9vdHN0cmFwUmVzdWx0QgkKB3Bh' '50X3Jldm9rZV9yZXNwb25zZRgNIAEoCzIrLmFyYml0ZXIudXNlcl9hZ2VudC5TZGtDbGllbnRS'
'eWxvYWRCBQoDX2lk'); 'ZXZva2VSZXNwb25zZUgAUhdzZGtDbGllbnRSZXZva2VSZXNwb25zZRJkChhzZGtfY2xpZW50X2'
'xpc3RfcmVzcG9uc2UYDiABKAsyKS5hcmJpdGVyLnVzZXJfYWdlbnQuU2RrQ2xpZW50TGlzdFJl'
'c3BvbnNlSABSFXNka0NsaWVudExpc3RSZXNwb25zZRJQChBib290c3RyYXBfcmVzdWx0GA8gAS'
'gOMiMuYXJiaXRlci51c2VyX2FnZW50LkJvb3RzdHJhcFJlc3VsdEgAUg9ib290c3RyYXBSZXN1'
'bHQSbQobbGlzdF93YWxsZXRfYWNjZXNzX3Jlc3BvbnNlGBEgASgLMiwuYXJiaXRlci51c2VyX2'
'FnZW50Lkxpc3RXYWxsZXRBY2Nlc3NSZXNwb25zZUgAUhhsaXN0V2FsbGV0QWNjZXNzUmVzcG9u'
'c2VCCQoHcGF5bG9hZEIFCgNfaWQ=');

2
useragent/lib/providers/connection/connection_manager.dart
View File

@@ -14,7 +14,7 @@ class ConnectionManager extends _$ConnectionManager {
Future<Connection?> build() async { Future<Connection?> build() async {
final serverInfo = await ref.watch(serverInfoProvider.future); final serverInfo = await ref.watch(serverInfoProvider.future);
final key = await ref.watch(keyProvider.future); final key = await ref.watch(keyProvider.future);
final token = ref.watch(bootstrapTokenProvider); final token = ref.read(bootstrapTokenProvider);
if (serverInfo == null || key == null) { if (serverInfo == null || key == null) {
return null; return null;

2
useragent/lib/providers/connection/connection_manager.g.dart
View File

@@ -33,7 +33,7 @@ final class ConnectionManagerProvider
ConnectionManager create() => ConnectionManager(); ConnectionManager create() => ConnectionManager();
} }
String _$connectionManagerHash() => r'd01084e550f315bc6cadfe74413a7f959426a80e'; String _$connectionManagerHash() => r'f471afb49bdcde77238424942f5af1716634f084';
abstract class _$ConnectionManager extends $AsyncNotifier<Connection?> { abstract class _$ConnectionManager extends $AsyncNotifier<Connection?> {
FutureOr<Connection?> build(); FutureOr<Connection?> build();

23
useragent/lib/providers/evm.dart → useragent/lib/providers/evm/evm.dart
View File

@@ -1,6 +1,8 @@
import 'package:arbiter/features/connection/evm.dart'; import 'package:arbiter/features/connection/evm.dart' as evm;
import 'package:arbiter/proto/evm.pb.dart'; import 'package:arbiter/proto/evm.pb.dart';
import 'package:arbiter/providers/connection/connection_manager.dart'; import 'package:arbiter/providers/connection/connection_manager.dart';
import 'package:hooks_riverpod/experimental/mutation.dart';
import 'package:hooks_riverpod/hooks_riverpod.dart';
import 'package:riverpod_annotation/riverpod_annotation.dart'; import 'package:riverpod_annotation/riverpod_annotation.dart';
part 'evm.g.dart'; part 'evm.g.dart';
@@ -14,7 +16,7 @@ class Evm extends _$Evm {
return null; return null;
} }
return listEvmWallets(connection); return evm.listEvmWallets(connection);
} }
Future<void> refreshWallets() async { Future<void> refreshWallets() async {
@@ -25,16 +27,21 @@ class Evm extends _$Evm {
} }
state = const AsyncLoading(); state = const AsyncLoading();
state = await AsyncValue.guard(() => listEvmWallets(connection)); state = await AsyncValue.guard(() => evm.listEvmWallets(connection));
} }
}
Future<void> createWallet() async { final createEvmWallet = Mutation();
final connection = await ref.read(connectionManagerProvider.future);
Future<void> executeCreateEvmWallet(MutationTarget target) async {
return await createEvmWallet.run(target, (tsx) async {
final connection = await tsx.get(connectionManagerProvider.future);
if (connection == null) { if (connection == null) {
throw Exception('Not connected to the server.'); throw Exception('Not connected to the server.');
} }
await createEvmWallet(connection); await evm.createEvmWallet(connection);
state = await AsyncValue.guard(() => listEvmWallets(connection));
} await tsx.get(evmProvider.notifier).refreshWallets();
});
} }

2
useragent/lib/providers/evm.g.dart → useragent/lib/providers/evm/evm.g.dart
View File

@@ -33,7 +33,7 @@ final class EvmProvider
Evm create() => Evm(); Evm create() => Evm();
} }
String _$evmHash() => r'f5d05bfa7b820d0b96026a47ca47702a3793af5d'; String _$evmHash() => r'ca2c9736065c5dc7cc45d8485000dd85dfbfa572';
abstract class _$Evm extends $AsyncNotifier<List<WalletEntry>?> { abstract class _$Evm extends $AsyncNotifier<List<WalletEntry>?> {
FutureOr<List<WalletEntry>?> build(); FutureOr<List<WalletEntry>?> build();

19
useragent/lib/providers/evm_grants.dart → useragent/lib/providers/evm/evm_grants.dart
View File

@@ -1,7 +1,6 @@
import 'package:arbiter/features/connection/evm/grants.dart'; import 'package:arbiter/features/connection/evm/grants.dart';
import 'package:arbiter/proto/evm.pb.dart'; import 'package:arbiter/proto/evm.pb.dart';
import 'package:arbiter/providers/connection/connection_manager.dart'; import 'package:arbiter/providers/connection/connection_manager.dart';
import 'package:fixnum/fixnum.dart';
import 'package:freezed_annotation/freezed_annotation.dart'; import 'package:freezed_annotation/freezed_annotation.dart';
import 'package:hooks_riverpod/experimental/mutation.dart'; import 'package:hooks_riverpod/experimental/mutation.dart';
import 'package:mtcore/markettakers.dart'; import 'package:mtcore/markettakers.dart';
@@ -73,14 +72,7 @@ class EvmGrants extends _$EvmGrants {
Future<int> executeCreateEvmGrant( Future<int> executeCreateEvmGrant(
MutationTarget ref, { MutationTarget ref, {
required int clientId, required SharedSettings sharedSettings,
required int walletId,
required Int64 chainId,
DateTime? validFrom,
DateTime? validUntil,
List<int>? maxGasFeePerGas,
List<int>? maxPriorityFeePerGas,
TransactionRateLimit? rateLimit,
required SpecificGrant specific, required SpecificGrant specific,
}) { }) {
return createEvmGrantMutation.run(ref, (tsx) async { return createEvmGrantMutation.run(ref, (tsx) async {
@@ -91,14 +83,7 @@ Future<int> executeCreateEvmGrant(
final grantId = await createEvmGrant( final grantId = await createEvmGrant(
connection, connection,
clientId: clientId, sharedSettings: sharedSettings,
walletId: walletId,
chainId: chainId,
validFrom: validFrom,
validUntil: validUntil,
maxGasFeePerGas: maxGasFeePerGas,
maxPriorityFeePerGas: maxPriorityFeePerGas,
rateLimit: rateLimit,
specific: specific, specific: specific,
); );

0
useragent/lib/providers/evm_grants.freezed.dart → useragent/lib/providers/evm/evm_grants.freezed.dart
View File

0
useragent/lib/providers/evm_grants.g.dart → useragent/lib/providers/evm/evm_grants.g.dart
View File

19
useragent/lib/providers/sdk_clients/details.dart Normal file
View File

@@ -0,0 +1,19 @@
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:arbiter/providers/sdk_clients/list.dart';
import 'package:riverpod_annotation/riverpod_annotation.dart';
part 'details.g.dart';
@riverpod
Future<SdkClientEntry?> clientDetails(Ref ref, int clientId) async {
final clients = await ref.watch(sdkClientsProvider.future);
if (clients == null) {
return null;
}
for (final client in clients) {
if (client.id == clientId) {
return client;
}
}
return null;
}

85
useragent/lib/providers/sdk_clients/details.g.dart Normal file
View File

@@ -0,0 +1,85 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
part of 'details.dart';
// **************************************************************************
// RiverpodGenerator
// **************************************************************************
// GENERATED CODE - DO NOT MODIFY BY HAND
// ignore_for_file: type=lint, type=warning
@ProviderFor(clientDetails)
final clientDetailsProvider = ClientDetailsFamily._();
final class ClientDetailsProvider
extends
$FunctionalProvider<
AsyncValue<SdkClientEntry?>,
SdkClientEntry?,
FutureOr<SdkClientEntry?>
>
with $FutureModifier<SdkClientEntry?>, $FutureProvider<SdkClientEntry?> {
ClientDetailsProvider._({
required ClientDetailsFamily super.from,
required int super.argument,
}) : super(
retry: null,
name: r'clientDetailsProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$clientDetailsHash();
@override
String toString() {
return r'clientDetailsProvider'
''
'($argument)';
}
@$internal
@override
$FutureProviderElement<SdkClientEntry?> $createElement(
$ProviderPointer pointer,
) => $FutureProviderElement(pointer);
@override
FutureOr<SdkClientEntry?> create(Ref ref) {
final argument = this.argument as int;
return clientDetails(ref, argument);
}
@override
bool operator ==(Object other) {
return other is ClientDetailsProvider && other.argument == argument;
}
@override
int get hashCode {
return argument.hashCode;
}
}
String _$clientDetailsHash() => r'21449a1a2cc4fa4e65ce761e6342e97c1d957a7a';
final class ClientDetailsFamily extends $Family
with $FunctionalFamilyOverride<FutureOr<SdkClientEntry?>, int> {
ClientDetailsFamily._()
: super(
retry: null,
name: r'clientDetailsProvider',
dependencies: null,
$allTransitiveDependencies: null,
isAutoDispose: true,
);
ClientDetailsProvider call(int clientId) =>
ClientDetailsProvider._(argument: clientId, from: this);
@override
String toString() => r'clientDetailsProvider';
}

34
useragent/lib/providers/sdk_clients/list.dart Normal file
View File

@@ -0,0 +1,34 @@
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:arbiter/providers/connection/connection_manager.dart';
import 'package:protobuf/well_known_types/google/protobuf/empty.pb.dart';
import 'package:riverpod_annotation/riverpod_annotation.dart';
part 'list.g.dart';
@riverpod
Future<List<SdkClientEntry>?> sdkClients(Ref ref) async {
final connection = await ref.watch(connectionManagerProvider.future);
if (connection == null) {
return null;
}
final resp = await connection.ask(
UserAgentRequest(sdkClientList: Empty()),
);
if (!resp.hasSdkClientListResponse()) {
throw Exception(
'Expected SDK client list response, got ${resp.whichPayload()}',
);
}
final result = resp.sdkClientListResponse;
switch (result.whichResult()) {
case SdkClientListResponse_Result.clients:
return result.clients.clients.toList(growable: false);
case SdkClientListResponse_Result.error:
throw Exception('Error listing SDK clients: ${result.error}');
case SdkClientListResponse_Result.notSet:
throw Exception('SDK client list response was empty.');
}
}

51
useragent/lib/providers/sdk_clients/list.g.dart Normal file
View File

@@ -0,0 +1,51 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
part of 'list.dart';
// **************************************************************************
// RiverpodGenerator
// **************************************************************************
// GENERATED CODE - DO NOT MODIFY BY HAND
// ignore_for_file: type=lint, type=warning
@ProviderFor(sdkClients)
final sdkClientsProvider = SdkClientsProvider._();
final class SdkClientsProvider
extends
$FunctionalProvider<
AsyncValue<List<SdkClientEntry>?>,
List<SdkClientEntry>?,
FutureOr<List<SdkClientEntry>?>
>
with
$FutureModifier<List<SdkClientEntry>?>,
$FutureProvider<List<SdkClientEntry>?> {
SdkClientsProvider._()
: super(
from: null,
argument: null,
retry: null,
name: r'sdkClientsProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$sdkClientsHash();
@$internal
@override
$FutureProviderElement<List<SdkClientEntry>?> $createElement(
$ProviderPointer pointer,
) => $FutureProviderElement(pointer);
@override
FutureOr<List<SdkClientEntry>?> create(Ref ref) {
return sdkClients(ref);
}
}
String _$sdkClientsHash() => r'9b50ef901a7b68e4e604d6d0b4777dbd3e6499e1';

174
useragent/lib/providers/sdk_clients/wallet_access.dart Normal file
View File

@@ -0,0 +1,174 @@
import 'package:arbiter/features/connection/evm/wallet_access.dart';
import 'package:arbiter/proto/evm.pb.dart';
import 'package:arbiter/providers/connection/connection_manager.dart';
import 'package:arbiter/providers/evm/evm.dart';
import 'package:flutter/foundation.dart';
import 'package:hooks_riverpod/experimental/mutation.dart';
import 'package:riverpod_annotation/riverpod_annotation.dart';
part 'wallet_access.g.dart';
class ClientWalletOption {
const ClientWalletOption({required this.walletId, required this.address});
final int walletId;
final String address;
}
class ClientWalletAccessState {
const ClientWalletAccessState({
this.searchQuery = '',
this.originalWalletIds = const {},
this.selectedWalletIds = const {},
});
final String searchQuery;
final Set<int> originalWalletIds;
final Set<int> selectedWalletIds;
bool get hasChanges => !setEquals(originalWalletIds, selectedWalletIds);
ClientWalletAccessState copyWith({
String? searchQuery,
Set<int>? originalWalletIds,
Set<int>? selectedWalletIds,
}) {
return ClientWalletAccessState(
searchQuery: searchQuery ?? this.searchQuery,
originalWalletIds: originalWalletIds ?? this.originalWalletIds,
selectedWalletIds: selectedWalletIds ?? this.selectedWalletIds,
);
}
}
final saveClientWalletAccessMutation = Mutation<void>();
abstract class ClientWalletAccessRepository {
Future<Set<int>> fetchSelectedWalletIds(int clientId);
Future<void> saveSelectedWalletIds(int clientId, Set<int> walletIds);
}
class ServerClientWalletAccessRepository
implements ClientWalletAccessRepository {
ServerClientWalletAccessRepository(this.ref);
final Ref ref;
@override
Future<Set<int>> fetchSelectedWalletIds(int clientId) async {
final connection = await ref.read(connectionManagerProvider.future);
if (connection == null) {
throw Exception('Not connected to the server.');
}
return readClientWalletAccess(connection, clientId: clientId);
}
@override
Future<void> saveSelectedWalletIds(int clientId, Set<int> walletIds) async {
final connection = await ref.read(connectionManagerProvider.future);
if (connection == null) {
throw Exception('Not connected to the server.');
}
await writeClientWalletAccess(
connection,
clientId: clientId,
walletIds: walletIds,
);
}
}
@riverpod
ClientWalletAccessRepository clientWalletAccessRepository(Ref ref) {
return ServerClientWalletAccessRepository(ref);
}
@riverpod
Future<List<ClientWalletOption>> clientWalletOptions(Ref ref) async {
final wallets = await ref.watch(evmProvider.future) ?? const <WalletEntry>[];
return [
for (var index = 0; index < wallets.length; index++)
ClientWalletOption(
walletId: index + 1,
address: formatWalletAddress(wallets[index].address),
),
];
}
@riverpod
Future<Set<int>> clientWalletAccessSelection(Ref ref, int clientId) async {
final repository = ref.watch(clientWalletAccessRepositoryProvider);
return repository.fetchSelectedWalletIds(clientId);
}
@riverpod
class ClientWalletAccessController extends _$ClientWalletAccessController {
@override
ClientWalletAccessState build(int clientId) {
final selection = ref.read(clientWalletAccessSelectionProvider(clientId));
void sync(AsyncValue<Set<int>> value) {
value.when(data: hydrate, error: (_, _) {}, loading: () {});
}
ref.listen<AsyncValue<Set<int>>>(
clientWalletAccessSelectionProvider(clientId),
(_, next) => sync(next),
);
return selection.when(
data: (walletIds) => ClientWalletAccessState(
originalWalletIds: Set.of(walletIds),
selectedWalletIds: Set.of(walletIds),
),
error: (error, _) => const ClientWalletAccessState(),
loading: () => const ClientWalletAccessState(),
);
}
void hydrate(Set<int> selectedWalletIds) {
state = state.copyWith(
originalWalletIds: Set.of(selectedWalletIds),
selectedWalletIds: Set.of(selectedWalletIds),
);
}
void setSearchQuery(String value) {
state = state.copyWith(searchQuery: value);
}
void toggleWallet(int walletId) {
final next = Set<int>.of(state.selectedWalletIds);
if (!next.add(walletId)) {
next.remove(walletId);
}
state = state.copyWith(selectedWalletIds: next);
}
void discardChanges() {
state = state.copyWith(selectedWalletIds: Set.of(state.originalWalletIds));
}
}
Future<void> executeSaveClientWalletAccess(
MutationTarget ref, {
required int clientId,
}) {
final mutation = saveClientWalletAccessMutation(clientId);
return mutation.run(ref, (tsx) async {
final repository = tsx.get(clientWalletAccessRepositoryProvider);
final controller = tsx.get(
clientWalletAccessControllerProvider(clientId).notifier,
);
final selectedWalletIds = tsx
.get(clientWalletAccessControllerProvider(clientId))
.selectedWalletIds;
await repository.saveSelectedWalletIds(clientId, selectedWalletIds);
controller.hydrate(selectedWalletIds);
});
}
String formatWalletAddress(List<int> bytes) {
final hex = bytes
.map((byte) => byte.toRadixString(16).padLeft(2, '0'))
.join();
return '0x$hex';
}

280
useragent/lib/providers/sdk_clients/wallet_access.g.dart Normal file
View File

@@ -0,0 +1,280 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
part of 'wallet_access.dart';
// **************************************************************************
// RiverpodGenerator
// **************************************************************************
// GENERATED CODE - DO NOT MODIFY BY HAND
// ignore_for_file: type=lint, type=warning
@ProviderFor(clientWalletAccessRepository)
final clientWalletAccessRepositoryProvider =
ClientWalletAccessRepositoryProvider._();
final class ClientWalletAccessRepositoryProvider
extends
$FunctionalProvider<
ClientWalletAccessRepository,
ClientWalletAccessRepository,
ClientWalletAccessRepository
>
with $Provider<ClientWalletAccessRepository> {
ClientWalletAccessRepositoryProvider._()
: super(
from: null,
argument: null,
retry: null,
name: r'clientWalletAccessRepositoryProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$clientWalletAccessRepositoryHash();
@$internal
@override
$ProviderElement<ClientWalletAccessRepository> $createElement(
$ProviderPointer pointer,
) => $ProviderElement(pointer);
@override
ClientWalletAccessRepository create(Ref ref) {
return clientWalletAccessRepository(ref);
}
/// {@macro riverpod.override_with_value}
Override overrideWithValue(ClientWalletAccessRepository value) {
return $ProviderOverride(
origin: this,
providerOverride: $SyncValueProvider<ClientWalletAccessRepository>(value),
);
}
}
String _$clientWalletAccessRepositoryHash() =>
r'bbc332284bc36a8b5d807bd5c45362b6b12b19e7';
@ProviderFor(clientWalletOptions)
final clientWalletOptionsProvider = ClientWalletOptionsProvider._();
final class ClientWalletOptionsProvider
extends
$FunctionalProvider<
AsyncValue<List<ClientWalletOption>>,
List<ClientWalletOption>,
FutureOr<List<ClientWalletOption>>
>
with
$FutureModifier<List<ClientWalletOption>>,
$FutureProvider<List<ClientWalletOption>> {
ClientWalletOptionsProvider._()
: super(
from: null,
argument: null,
retry: null,
name: r'clientWalletOptionsProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$clientWalletOptionsHash();
@$internal
@override
$FutureProviderElement<List<ClientWalletOption>> $createElement(
$ProviderPointer pointer,
) => $FutureProviderElement(pointer);
@override
FutureOr<List<ClientWalletOption>> create(Ref ref) {
return clientWalletOptions(ref);
}
}
String _$clientWalletOptionsHash() =>
r'32183c2b281e2a41400de07f2381132a706815ab';
@ProviderFor(clientWalletAccessSelection)
final clientWalletAccessSelectionProvider =
ClientWalletAccessSelectionFamily._();
final class ClientWalletAccessSelectionProvider
extends
$FunctionalProvider<AsyncValue<Set<int>>, Set<int>, FutureOr<Set<int>>>
with $FutureModifier<Set<int>>, $FutureProvider<Set<int>> {
ClientWalletAccessSelectionProvider._({
required ClientWalletAccessSelectionFamily super.from,
required int super.argument,
}) : super(
retry: null,
name: r'clientWalletAccessSelectionProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$clientWalletAccessSelectionHash();
@override
String toString() {
return r'clientWalletAccessSelectionProvider'
''
'($argument)';
}
@$internal
@override
$FutureProviderElement<Set<int>> $createElement($ProviderPointer pointer) =>
$FutureProviderElement(pointer);
@override
FutureOr<Set<int>> create(Ref ref) {
final argument = this.argument as int;
return clientWalletAccessSelection(ref, argument);
}
@override
bool operator ==(Object other) {
return other is ClientWalletAccessSelectionProvider &&
other.argument == argument;
}
@override
int get hashCode {
return argument.hashCode;
}
}
String _$clientWalletAccessSelectionHash() =>
r'f33705ee7201cd9b899cc058d6642de85a22b03e';
final class ClientWalletAccessSelectionFamily extends $Family
with $FunctionalFamilyOverride<FutureOr<Set<int>>, int> {
ClientWalletAccessSelectionFamily._()
: super(
retry: null,
name: r'clientWalletAccessSelectionProvider',
dependencies: null,
$allTransitiveDependencies: null,
isAutoDispose: true,
);
ClientWalletAccessSelectionProvider call(int clientId) =>
ClientWalletAccessSelectionProvider._(argument: clientId, from: this);
@override
String toString() => r'clientWalletAccessSelectionProvider';
}
@ProviderFor(ClientWalletAccessController)
final clientWalletAccessControllerProvider =
ClientWalletAccessControllerFamily._();
final class ClientWalletAccessControllerProvider
extends
$NotifierProvider<
ClientWalletAccessController,
ClientWalletAccessState
> {
ClientWalletAccessControllerProvider._({
required ClientWalletAccessControllerFamily super.from,
required int super.argument,
}) : super(
retry: null,
name: r'clientWalletAccessControllerProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$clientWalletAccessControllerHash();
@override
String toString() {
return r'clientWalletAccessControllerProvider'
''
'($argument)';
}
@$internal
@override
ClientWalletAccessController create() => ClientWalletAccessController();
/// {@macro riverpod.override_with_value}
Override overrideWithValue(ClientWalletAccessState value) {
return $ProviderOverride(
origin: this,
providerOverride: $SyncValueProvider<ClientWalletAccessState>(value),
);
}
@override
bool operator ==(Object other) {
return other is ClientWalletAccessControllerProvider &&
other.argument == argument;
}
@override
int get hashCode {
return argument.hashCode;
}
}
String _$clientWalletAccessControllerHash() =>
r'45bff81382fec3e8610190167b55667a7dfc1111';
final class ClientWalletAccessControllerFamily extends $Family
with
$ClassFamilyOverride<
ClientWalletAccessController,
ClientWalletAccessState,
ClientWalletAccessState,
ClientWalletAccessState,
int
> {
ClientWalletAccessControllerFamily._()
: super(
retry: null,
name: r'clientWalletAccessControllerProvider',
dependencies: null,
$allTransitiveDependencies: null,
isAutoDispose: true,
);
ClientWalletAccessControllerProvider call(int clientId) =>
ClientWalletAccessControllerProvider._(argument: clientId, from: this);
@override
String toString() => r'clientWalletAccessControllerProvider';
}
abstract class _$ClientWalletAccessController
extends $Notifier<ClientWalletAccessState> {
late final _$args = ref.$arg as int;
int get clientId => _$args;
ClientWalletAccessState build(int clientId);
@$mustCallSuper
@override
void runBuild() {
final ref =
this.ref as $Ref<ClientWalletAccessState, ClientWalletAccessState>;
final element =
ref.element
as $ClassProviderElement<
AnyNotifier<ClientWalletAccessState, ClientWalletAccessState>,
ClientWalletAccessState,
Object?,
Object?
>;
element.handleCreate(ref, () => build(_$args));
}
}

22
useragent/lib/providers/sdk_clients/wallet_access_list.dart Normal file
View File

@@ -0,0 +1,22 @@
import 'package:arbiter/features/connection/evm/wallet_access.dart';
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:arbiter/providers/connection/connection_manager.dart';
import 'package:mtcore/markettakers.dart';
import 'package:riverpod_annotation/riverpod_annotation.dart';
part 'wallet_access_list.g.dart';
@riverpod
Future<List<SdkClientWalletAccess>?> walletAccessList(Ref ref) async {
final connection = await ref.watch(connectionManagerProvider.future);
if (connection == null) {
return null;
}
try {
return await listAllWalletAccesses(connection);
} catch (e, st) {
talker.handle(e, st);
rethrow;
}
}

51
useragent/lib/providers/sdk_clients/wallet_access_list.g.dart Normal file
View File

@@ -0,0 +1,51 @@
// GENERATED CODE - DO NOT MODIFY BY HAND
part of 'wallet_access_list.dart';
// **************************************************************************
// RiverpodGenerator
// **************************************************************************
// GENERATED CODE - DO NOT MODIFY BY HAND
// ignore_for_file: type=lint, type=warning
@ProviderFor(walletAccessList)
final walletAccessListProvider = WalletAccessListProvider._();
final class WalletAccessListProvider
extends
$FunctionalProvider<
AsyncValue<List<SdkClientWalletAccess>?>,
List<SdkClientWalletAccess>?,
FutureOr<List<SdkClientWalletAccess>?>
>
with
$FutureModifier<List<SdkClientWalletAccess>?>,
$FutureProvider<List<SdkClientWalletAccess>?> {
WalletAccessListProvider._()
: super(
from: null,
argument: null,
retry: null,
name: r'walletAccessListProvider',
isAutoDispose: true,
dependencies: null,
$allTransitiveDependencies: null,
);
@override
String debugGetCreateSourceHash() => _$walletAccessListHash();
@$internal
@override
$FutureProviderElement<List<SdkClientWalletAccess>?> $createElement(
$ProviderPointer pointer,
) => $FutureProviderElement(pointer);
@override
FutureOr<List<SdkClientWalletAccess>?> create(Ref ref) {
return walletAccessList(ref);
}
}
String _$walletAccessListHash() => r'c06006d6792ae463105a539723e9bb396192f96b';

2
useragent/lib/providers/vault_state.dart
View File

@@ -13,7 +13,7 @@ Future<VaultState?> vaultState(Ref ref) async {
return null; return null;
} }
final resp = await conn.request(UserAgentRequest(queryVaultState: Empty())); final resp = await conn.ask(UserAgentRequest(queryVaultState: Empty()));
if (resp.whichPayload() != UserAgentResponse_Payload.vaultState) { if (resp.whichPayload() != UserAgentResponse_Payload.vaultState) {
talker.warning('Expected vault state response, got ${resp.whichPayload()}'); talker.warning('Expected vault state response, got ${resp.whichPayload()}');
return null; return null;

2
useragent/lib/providers/vault_state.g.dart
View File

@@ -46,4 +46,4 @@ final class VaultStateProvider
} }
} }
String _$vaultStateHash() => r'97085e49bc3a296e36fa6c04a8f4c9abafac0835'; String _$vaultStateHash() => r'81887aa99a3e928efd73dbe85caf81284c9f5803';

2
useragent/lib/router.dart
View File

@@ -10,6 +10,7 @@ class Router extends RootStackRouter {
AutoRoute(page: ServerInfoSetupRoute.page, path: '/server-info'), AutoRoute(page: ServerInfoSetupRoute.page, path: '/server-info'),
AutoRoute(page: ServerConnectionRoute.page, path: '/server-connection'), AutoRoute(page: ServerConnectionRoute.page, path: '/server-connection'),
AutoRoute(page: VaultSetupRoute.page, path: '/vault'), AutoRoute(page: VaultSetupRoute.page, path: '/vault'),
AutoRoute(page: ClientDetailsRoute.page, path: '/clients/:clientId'),
AutoRoute(page: CreateEvmGrantRoute.page, path: '/evm-grants/create'), AutoRoute(page: CreateEvmGrantRoute.page, path: '/evm-grants/create'),
AutoRoute( AutoRoute(
@@ -17,6 +18,7 @@ class Router extends RootStackRouter {
path: '/dashboard', path: '/dashboard',
children: [ children: [
AutoRoute(page: EvmRoute.page, path: 'evm'), AutoRoute(page: EvmRoute.page, path: 'evm'),
AutoRoute(page: ClientsRoute.page, path: 'clients'),
AutoRoute(page: EvmGrantsRoute.page, path: 'grants'), AutoRoute(page: EvmGrantsRoute.page, path: 'grants'),
AutoRoute(page: AboutRoute.page, path: 'about'), AutoRoute(page: AboutRoute.page, path: 'about'),
], ],

224
useragent/lib/router.gr.dart
View File

@@ -9,27 +9,32 @@
// coverage:ignore-file // coverage:ignore-file
// ignore_for_file: no_leading_underscores_for_library_prefixes // ignore_for_file: no_leading_underscores_for_library_prefixes
import 'package:arbiter/proto/user_agent.pb.dart' as _i15;
import 'package:arbiter/screens/bootstrap.dart' as _i2; import 'package:arbiter/screens/bootstrap.dart' as _i2;
import 'package:arbiter/screens/dashboard.dart' as _i4; import 'package:arbiter/screens/dashboard.dart' as _i7;
import 'package:arbiter/screens/dashboard/about.dart' as _i1; import 'package:arbiter/screens/dashboard/about.dart' as _i1;
import 'package:arbiter/screens/dashboard/evm.dart' as _i6; import 'package:arbiter/screens/dashboard/clients/details.dart' as _i3;
import 'package:arbiter/screens/dashboard/evm_grant_create.dart' as _i3; import 'package:arbiter/screens/dashboard/clients/details/client_details.dart'
import 'package:arbiter/screens/dashboard/evm_grants.dart' as _i5; as _i4;
import 'package:arbiter/screens/server_connection.dart' as _i7; import 'package:arbiter/screens/dashboard/clients/table.dart' as _i5;
import 'package:arbiter/screens/server_info_setup.dart' as _i8; import 'package:arbiter/screens/dashboard/evm/evm.dart' as _i9;
import 'package:arbiter/screens/vault_setup.dart' as _i9; import 'package:arbiter/screens/dashboard/evm/grants/create/screen.dart' as _i6;
import 'package:auto_route/auto_route.dart' as _i10; import 'package:arbiter/screens/dashboard/evm/grants/grants.dart' as _i8;
import 'package:flutter/material.dart' as _i11; import 'package:arbiter/screens/server_connection.dart' as _i10;
import 'package:arbiter/screens/server_info_setup.dart' as _i11;
import 'package:arbiter/screens/vault_setup.dart' as _i12;
import 'package:auto_route/auto_route.dart' as _i13;
import 'package:flutter/material.dart' as _i14;
/// generated route for /// generated route for
/// [_i1.AboutScreen] /// [_i1.AboutScreen]
class AboutRoute extends _i10.PageRouteInfo<void> { class AboutRoute extends _i13.PageRouteInfo<void> {
const AboutRoute({List<_i10.PageRouteInfo>? children}) const AboutRoute({List<_i13.PageRouteInfo>? children})
: super(AboutRoute.name, initialChildren: children); : super(AboutRoute.name, initialChildren: children);
static const String name = 'AboutRoute'; static const String name = 'AboutRoute';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i1.AboutScreen(); return const _i1.AboutScreen();
@@ -39,13 +44,13 @@ class AboutRoute extends _i10.PageRouteInfo<void> {
/// generated route for /// generated route for
/// [_i2.Bootstrap] /// [_i2.Bootstrap]
class Bootstrap extends _i10.PageRouteInfo<void> { class Bootstrap extends _i13.PageRouteInfo<void> {
const Bootstrap({List<_i10.PageRouteInfo>? children}) const Bootstrap({List<_i13.PageRouteInfo>? children})
: super(Bootstrap.name, initialChildren: children); : super(Bootstrap.name, initialChildren: children);
static const String name = 'Bootstrap'; static const String name = 'Bootstrap';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i2.Bootstrap(); return const _i2.Bootstrap();
@@ -54,77 +59,192 @@ class Bootstrap extends _i10.PageRouteInfo<void> {
} }
/// generated route for /// generated route for
/// [_i3.CreateEvmGrantScreen] /// [_i3.ClientDetails]
class CreateEvmGrantRoute extends _i10.PageRouteInfo<void> { class ClientDetails extends _i13.PageRouteInfo<ClientDetailsArgs> {
const CreateEvmGrantRoute({List<_i10.PageRouteInfo>? children}) ClientDetails({
_i14.Key? key,
required _i15.SdkClientEntry client,
List<_i13.PageRouteInfo>? children,
}) : super(
ClientDetails.name,
args: ClientDetailsArgs(key: key, client: client),
initialChildren: children,
);
static const String name = 'ClientDetails';
static _i13.PageInfo page = _i13.PageInfo(
name,
builder: (data) {
final args = data.argsAs<ClientDetailsArgs>();
return _i3.ClientDetails(key: args.key, client: args.client);
},
);
}
class ClientDetailsArgs {
const ClientDetailsArgs({this.key, required this.client});
final _i14.Key? key;
final _i15.SdkClientEntry client;
@override
String toString() {
return 'ClientDetailsArgs{key: $key, client: $client}';
}
@override
bool operator ==(Object other) {
if (identical(this, other)) return true;
if (other is! ClientDetailsArgs) return false;
return key == other.key && client == other.client;
}
@override
int get hashCode => key.hashCode ^ client.hashCode;
}
/// generated route for
/// [_i4.ClientDetailsScreen]
class ClientDetailsRoute extends _i13.PageRouteInfo<ClientDetailsRouteArgs> {
ClientDetailsRoute({
_i14.Key? key,
required int clientId,
List<_i13.PageRouteInfo>? children,
}) : super(
ClientDetailsRoute.name,
args: ClientDetailsRouteArgs(key: key, clientId: clientId),
rawPathParams: {'clientId': clientId},
initialChildren: children,
);
static const String name = 'ClientDetailsRoute';
static _i13.PageInfo page = _i13.PageInfo(
name,
builder: (data) {
final pathParams = data.inheritedPathParams;
final args = data.argsAs<ClientDetailsRouteArgs>(
orElse: () =>
ClientDetailsRouteArgs(clientId: pathParams.getInt('clientId')),
);
return _i4.ClientDetailsScreen(key: args.key, clientId: args.clientId);
},
);
}
class ClientDetailsRouteArgs {
const ClientDetailsRouteArgs({this.key, required this.clientId});
final _i14.Key? key;
final int clientId;
@override
String toString() {
return 'ClientDetailsRouteArgs{key: $key, clientId: $clientId}';
}
@override
bool operator ==(Object other) {
if (identical(this, other)) return true;
if (other is! ClientDetailsRouteArgs) return false;
return key == other.key && clientId == other.clientId;
}
@override
int get hashCode => key.hashCode ^ clientId.hashCode;
}
/// generated route for
/// [_i5.ClientsScreen]
class ClientsRoute extends _i13.PageRouteInfo<void> {
const ClientsRoute({List<_i13.PageRouteInfo>? children})
: super(ClientsRoute.name, initialChildren: children);
static const String name = 'ClientsRoute';
static _i13.PageInfo page = _i13.PageInfo(
name,
builder: (data) {
return const _i5.ClientsScreen();
},
);
}
/// generated route for
/// [_i6.CreateEvmGrantScreen]
class CreateEvmGrantRoute extends _i13.PageRouteInfo<void> {
const CreateEvmGrantRoute({List<_i13.PageRouteInfo>? children})
: super(CreateEvmGrantRoute.name, initialChildren: children); : super(CreateEvmGrantRoute.name, initialChildren: children);
static const String name = 'CreateEvmGrantRoute'; static const String name = 'CreateEvmGrantRoute';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i3.CreateEvmGrantScreen(); return const _i6.CreateEvmGrantScreen();
}, },
); );
} }
/// generated route for /// generated route for
/// [_i4.DashboardRouter] /// [_i7.DashboardRouter]
class DashboardRouter extends _i10.PageRouteInfo<void> { class DashboardRouter extends _i13.PageRouteInfo<void> {
const DashboardRouter({List<_i10.PageRouteInfo>? children}) const DashboardRouter({List<_i13.PageRouteInfo>? children})
: super(DashboardRouter.name, initialChildren: children); : super(DashboardRouter.name, initialChildren: children);
static const String name = 'DashboardRouter'; static const String name = 'DashboardRouter';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i4.DashboardRouter(); return const _i7.DashboardRouter();
}, },
); );
} }
/// generated route for /// generated route for
/// [_i5.EvmGrantsScreen] /// [_i8.EvmGrantsScreen]
class EvmGrantsRoute extends _i10.PageRouteInfo<void> { class EvmGrantsRoute extends _i13.PageRouteInfo<void> {
const EvmGrantsRoute({List<_i10.PageRouteInfo>? children}) const EvmGrantsRoute({List<_i13.PageRouteInfo>? children})
: super(EvmGrantsRoute.name, initialChildren: children); : super(EvmGrantsRoute.name, initialChildren: children);
static const String name = 'EvmGrantsRoute'; static const String name = 'EvmGrantsRoute';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i5.EvmGrantsScreen(); return const _i8.EvmGrantsScreen();
}, },
); );
} }
/// generated route for /// generated route for
/// [_i6.EvmScreen] /// [_i9.EvmScreen]
class EvmRoute extends _i10.PageRouteInfo<void> { class EvmRoute extends _i13.PageRouteInfo<void> {
const EvmRoute({List<_i10.PageRouteInfo>? children}) const EvmRoute({List<_i13.PageRouteInfo>? children})
: super(EvmRoute.name, initialChildren: children); : super(EvmRoute.name, initialChildren: children);
static const String name = 'EvmRoute'; static const String name = 'EvmRoute';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i6.EvmScreen(); return const _i9.EvmScreen();
}, },
); );
} }
/// generated route for /// generated route for
/// [_i7.ServerConnectionScreen] /// [_i10.ServerConnectionScreen]
class ServerConnectionRoute class ServerConnectionRoute
extends _i10.PageRouteInfo<ServerConnectionRouteArgs> { extends _i13.PageRouteInfo<ServerConnectionRouteArgs> {
ServerConnectionRoute({ ServerConnectionRoute({
_i11.Key? key, _i14.Key? key,
String? arbiterUrl, String? arbiterUrl,
List<_i10.PageRouteInfo>? children, List<_i13.PageRouteInfo>? children,
}) : super( }) : super(
ServerConnectionRoute.name, ServerConnectionRoute.name,
args: ServerConnectionRouteArgs(key: key, arbiterUrl: arbiterUrl), args: ServerConnectionRouteArgs(key: key, arbiterUrl: arbiterUrl),
@@ -133,13 +253,13 @@ class ServerConnectionRoute
static const String name = 'ServerConnectionRoute'; static const String name = 'ServerConnectionRoute';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
final args = data.argsAs<ServerConnectionRouteArgs>( final args = data.argsAs<ServerConnectionRouteArgs>(
orElse: () => const ServerConnectionRouteArgs(), orElse: () => const ServerConnectionRouteArgs(),
); );
return _i7.ServerConnectionScreen( return _i10.ServerConnectionScreen(
key: args.key, key: args.key,
arbiterUrl: args.arbiterUrl, arbiterUrl: args.arbiterUrl,
); );
@@ -150,7 +270,7 @@ class ServerConnectionRoute
class ServerConnectionRouteArgs { class ServerConnectionRouteArgs {
const ServerConnectionRouteArgs({this.key, this.arbiterUrl}); const ServerConnectionRouteArgs({this.key, this.arbiterUrl});
final _i11.Key? key; final _i14.Key? key;
final String? arbiterUrl; final String? arbiterUrl;
@@ -171,33 +291,33 @@ class ServerConnectionRouteArgs {
} }
/// generated route for /// generated route for
/// [_i8.ServerInfoSetupScreen] /// [_i11.ServerInfoSetupScreen]
class ServerInfoSetupRoute extends _i10.PageRouteInfo<void> { class ServerInfoSetupRoute extends _i13.PageRouteInfo<void> {
const ServerInfoSetupRoute({List<_i10.PageRouteInfo>? children}) const ServerInfoSetupRoute({List<_i13.PageRouteInfo>? children})
: super(ServerInfoSetupRoute.name, initialChildren: children); : super(ServerInfoSetupRoute.name, initialChildren: children);
static const String name = 'ServerInfoSetupRoute'; static const String name = 'ServerInfoSetupRoute';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i8.ServerInfoSetupScreen(); return const _i11.ServerInfoSetupScreen();
}, },
); );
} }
/// generated route for /// generated route for
/// [_i9.VaultSetupScreen] /// [_i12.VaultSetupScreen]
class VaultSetupRoute extends _i10.PageRouteInfo<void> { class VaultSetupRoute extends _i13.PageRouteInfo<void> {
const VaultSetupRoute({List<_i10.PageRouteInfo>? children}) const VaultSetupRoute({List<_i13.PageRouteInfo>? children})
: super(VaultSetupRoute.name, initialChildren: children); : super(VaultSetupRoute.name, initialChildren: children);
static const String name = 'VaultSetupRoute'; static const String name = 'VaultSetupRoute';
static _i10.PageInfo page = _i10.PageInfo( static _i13.PageInfo page = _i13.PageInfo(
name, name,
builder: (data) { builder: (data) {
return const _i9.VaultSetupScreen(); return const _i12.VaultSetupScreen();
}, },
); );
} }

147
useragent/lib/screens/callouts/sdk_connect.dart Normal file
View File

@@ -0,0 +1,147 @@
import 'package:arbiter/proto/client.pb.dart';
import 'package:arbiter/theme/palette.dart';
import 'package:arbiter/widgets/cream_frame.dart';
import 'package:flutter/material.dart';
import 'package:sizer/sizer.dart';
class SdkConnectCallout extends StatelessWidget {
const SdkConnectCallout({
super.key,
required this.pubkey,
required this.clientInfo,
this.onAccept,
this.onDecline,
});
final String pubkey;
final ClientInfo clientInfo;
final VoidCallback? onAccept;
final VoidCallback? onDecline;
@override
Widget build(BuildContext context) {
final theme = Theme.of(context);
final name = clientInfo.hasName() && clientInfo.name.isNotEmpty
? clientInfo.name
: _shortPubkey(pubkey);
final hasDescription =
clientInfo.hasDescription() && clientInfo.description.isNotEmpty;
final hasVersion =
clientInfo.hasVersion() && clientInfo.version.isNotEmpty;
final showInfoCard = hasDescription || hasVersion;
return CreamFrame(
padding: EdgeInsets.all(2.4.h),
child: Column(
mainAxisSize: MainAxisSize.min,
crossAxisAlignment: CrossAxisAlignment.center,
spacing: 1.6.h,
children: [
// if (clientInfo.iconUrl != null)
// CircleAvatar(
// radius: 36,
// backgroundColor: Palette.line,
// backgroundImage: NetworkImage(iconUrl!),
// ),
Column(
crossAxisAlignment: CrossAxisAlignment.center,
spacing: 0.4.h,
children: [
Text(
name,
textAlign: TextAlign.center,
style: theme.textTheme.titleLarge?.copyWith(
color: Palette.ink,
fontWeight: FontWeight.w800,
),
),
Text(
'is requesting a connection',
textAlign: TextAlign.center,
style: theme.textTheme.bodyMedium?.copyWith(
color: Palette.ink.withValues(alpha: 0.55),
),
),
],
),
if (showInfoCard)
Container(
width: double.infinity,
decoration: BoxDecoration(
color: Palette.ink.withValues(alpha: 0.04),
borderRadius: BorderRadius.circular(14),
border: Border.all(color: Palette.line),
),
padding: EdgeInsets.symmetric(
horizontal: 1.6.w,
vertical: 1.2.h,
),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
spacing: 0.6.h,
children: [
if (hasDescription)
Text(
clientInfo.description,
style: theme.textTheme.bodyMedium?.copyWith(
color: Palette.ink.withValues(alpha: 0.80),
height: 1.5,
),
),
if (hasVersion)
Text(
'v${clientInfo.version}',
style: theme.textTheme.bodySmall?.copyWith(
color: Palette.ink.withValues(alpha: 0.50),
),
),
],
),
),
Row(
mainAxisAlignment: MainAxisAlignment.spaceEvenly,
children: [
Expanded(
child: OutlinedButton(
onPressed: onDecline,
style: OutlinedButton.styleFrom(
foregroundColor: Palette.coral,
side: BorderSide(
color: Palette.coral.withValues(alpha: 0.50),
),
shape: RoundedRectangleBorder(
borderRadius: BorderRadius.circular(14),
),
padding: EdgeInsets.symmetric(vertical: 1.4.h),
),
child: const Text('Decline'),
),
),
Expanded(
child: FilledButton(
onPressed: onAccept,
style: FilledButton.styleFrom(
backgroundColor: Palette.ink,
foregroundColor: Palette.cream,
shape: RoundedRectangleBorder(
borderRadius: BorderRadius.circular(14),
),
padding: EdgeInsets.symmetric(vertical: 1.4.h),
),
child: const Text('Accept'),
),
),
],
),
],
),
);
}
}
String _shortPubkey(String base64Pubkey) {
if (base64Pubkey.length < 12) return base64Pubkey;
return '${base64Pubkey.substring(0, 8)}${base64Pubkey.substring(base64Pubkey.length - 4)}';
}

82
useragent/lib/screens/dashboard.dart
View File

@@ -1,11 +1,20 @@
import 'package:arbiter/features/callouts/callout_manager.dart';
import 'package:arbiter/features/callouts/show_callout_list.dart';
import 'package:arbiter/router.gr.dart'; import 'package:arbiter/router.gr.dart';
import 'package:arbiter/theme/palette.dart';
import 'package:auto_route/auto_route.dart'; import 'package:auto_route/auto_route.dart';
import 'package:flutter/material.dart'; import 'package:flutter/material.dart';
import 'package:flutter_adaptive_scaffold/flutter_adaptive_scaffold.dart'; import 'package:flutter_adaptive_scaffold/flutter_adaptive_scaffold.dart';
import 'package:hooks_riverpod/hooks_riverpod.dart';
const breakpoints = MaterialAdaptiveBreakpoints(); const breakpoints = MaterialAdaptiveBreakpoints();
final routes = [const EvmRoute(), const EvmGrantsRoute(), const AboutRoute()]; final routes = [
const EvmRoute(),
const ClientsRoute(),
const EvmGrantsRoute(),
const AboutRoute(),
];
@RoutePage() @RoutePage()
class DashboardRouter extends StatelessWidget { class DashboardRouter extends StatelessWidget {
@@ -13,13 +22,18 @@ class DashboardRouter extends StatelessWidget {
@override @override
Widget build(BuildContext context) { Widget build(BuildContext context) {
final title = Container(
margin: const EdgeInsets.all(16),
child: const Text(
"Arbiter",
style: TextStyle(fontWeight: FontWeight.w800),
),
);
return AutoTabsRouter( return AutoTabsRouter(
routes: routes, routes: routes,
transitionBuilder: (context, child, animation) => FadeTransition( transitionBuilder: (context, child, animation) =>
opacity: animation, FadeTransition(opacity: animation, child: child),
// the passed child is technically our animated selected-tab page
child: child,
),
builder: (context, child) { builder: (context, child) {
final tabsRouter = AutoTabsRouter.of(context); final tabsRouter = AutoTabsRouter.of(context);
final currentActive = tabsRouter.activeIndex; final currentActive = tabsRouter.activeIndex;
@@ -31,8 +45,13 @@ class DashboardRouter extends StatelessWidget {
label: "Wallets", label: "Wallets",
), ),
NavigationDestination( NavigationDestination(
icon: Icon(Icons.rule_folder_outlined), icon: Icon(Icons.devices_other_outlined),
selectedIcon: Icon(Icons.rule_folder), selectedIcon: Icon(Icons.devices_other),
label: "Clients",
),
NavigationDestination(
icon: Icon(Icons.policy_outlined),
selectedIcon: Icon(Icons.policy),
label: "Grants", label: "Grants",
), ),
NavigationDestination( NavigationDestination(
@@ -45,11 +64,58 @@ class DashboardRouter extends StatelessWidget {
onSelectedIndexChange: (index) { onSelectedIndexChange: (index) {
tabsRouter.navigate(routes[index]); tabsRouter.navigate(routes[index]);
}, },
leadingExtendedNavRail: title,
leadingUnextendedNavRail: title,
selectedIndex: currentActive, selectedIndex: currentActive,
transitionDuration: const Duration(milliseconds: 800), transitionDuration: const Duration(milliseconds: 800),
internalAnimations: true, internalAnimations: true,
trailingNavRail: const _CalloutBell(),
); );
}, },
); );
} }
} }
class _CalloutBell extends ConsumerWidget {
const _CalloutBell({super.key});
@override
Widget build(BuildContext context, WidgetRef ref) {
final count = ref.watch(calloutManagerProvider.select((map) => map.length));
return IconButton(
onPressed: () => showCalloutList(context, ref),
icon: Stack(
clipBehavior: Clip.none,
children: [
Icon(
count > 0 ? Icons.notifications : Icons.notifications_outlined,
color: Palette.ink,
),
if (count > 0)
Positioned(
top: -2,
right: -4,
child: Container(
padding: const EdgeInsets.symmetric(horizontal: 4, vertical: 1),
decoration: BoxDecoration(
color: Colors.green,
borderRadius: BorderRadius.circular(10),
),
child: Text(
count > 99 ? '99+' : '$count',
style: const TextStyle(
color: Colors.white,
fontSize: 9,
fontWeight: FontWeight.w800,
height: 1.2,
),
),
),
),
],
),
);
}
}

17
useragent/lib/screens/dashboard/clients/details.dart Normal file
View File

@@ -0,0 +1,17 @@
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:auto_route/auto_route.dart';
import 'package:flutter/material.dart';
import 'package:hooks_riverpod/hooks_riverpod.dart';
@RoutePage()
class ClientDetails extends ConsumerWidget {
final SdkClientEntry client;
const ClientDetails({super.key, required this.client});
@override
Widget build(BuildContext context, WidgetRef ref) {
throw UnimplementedError();
}
}

56
useragent/lib/screens/dashboard/clients/details/client_details.dart Normal file
View File

@@ -0,0 +1,56 @@
import 'package:arbiter/providers/sdk_clients/details.dart';
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:arbiter/screens/dashboard/clients/details/widgets/client_details_content.dart';
import 'package:arbiter/screens/dashboard/clients/details/widgets/client_details_state_panel.dart';
import 'package:auto_route/auto_route.dart';
import 'package:flutter/material.dart';
import 'package:hooks_riverpod/hooks_riverpod.dart';
@RoutePage()
class ClientDetailsScreen extends ConsumerWidget {
const ClientDetailsScreen({super.key, @pathParam required this.clientId});
final int clientId;
@override
Widget build(BuildContext context, WidgetRef ref) {
final clientAsync = ref.watch(clientDetailsProvider(clientId));
return Scaffold(
body: SafeArea(
child: clientAsync.when(
data: (client) =>
_ClientDetailsState(clientId: clientId, client: client),
error: (error, _) => ClientDetailsStatePanel(
title: 'Client unavailable',
body: error.toString(),
icon: Icons.sync_problem,
),
loading: () => const ClientDetailsStatePanel(
title: 'Loading client',
body: 'Pulling client details from Arbiter.',
icon: Icons.hourglass_top,
),
),
),
);
}
}
class _ClientDetailsState extends StatelessWidget {
const _ClientDetailsState({required this.clientId, required this.client});
final int clientId;
final SdkClientEntry? client;
@override
Widget build(BuildContext context) {
if (client == null) {
return const ClientDetailsStatePanel(
title: 'Client not found',
body: 'The selected SDK client is no longer available.',
icon: Icons.person_off_outlined,
);
}
return ClientDetailsContent(clientId: clientId, client: client!);
}
}

55
useragent/lib/screens/dashboard/clients/details/widgets/client_details_content.dart Normal file
View File

@@ -0,0 +1,55 @@
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:arbiter/providers/sdk_clients/wallet_access.dart';
import 'package:arbiter/screens/dashboard/clients/details/widgets/client_details_header.dart';
import 'package:arbiter/screens/dashboard/clients/details/widgets/client_summary_card.dart';
import 'package:arbiter/screens/dashboard/clients/details/widgets/wallet_access_save_bar.dart';
import 'package:arbiter/screens/dashboard/clients/details/widgets/wallet_access_section.dart';
import 'package:flutter/material.dart';
import 'package:hooks_riverpod/experimental/mutation.dart';
import 'package:hooks_riverpod/hooks_riverpod.dart';
class ClientDetailsContent extends ConsumerWidget {
const ClientDetailsContent({
super.key,
required this.clientId,
required this.client,
});
final int clientId;
final SdkClientEntry client;
@override
Widget build(BuildContext context, WidgetRef ref) {
final state = ref.watch(clientWalletAccessControllerProvider(clientId));
final notifier = ref.read(
clientWalletAccessControllerProvider(clientId).notifier,
);
final saveMutation = ref.watch(saveClientWalletAccessMutation(clientId));
return ListView(
padding: const EdgeInsets.all(16),
children: [
const ClientDetailsHeader(),
const SizedBox(height: 16),
ClientSummaryCard(client: client),
const SizedBox(height: 16),
WalletAccessSection(
clientId: clientId,
state: state,
accessSelectionAsync: ref.watch(
clientWalletAccessSelectionProvider(clientId),
),
isSavePending: saveMutation is MutationPending,
onSearchChanged: notifier.setSearchQuery,
onToggleWallet: notifier.toggleWallet,
),
const SizedBox(height: 16),
WalletAccessSaveBar(
state: state,
saveMutation: saveMutation,
onDiscard: notifier.discardChanges,
onSave: () => executeSaveClientWalletAccess(ref, clientId: clientId),
),
],
);
}
}

23
useragent/lib/screens/dashboard/clients/details/widgets/client_details_header.dart Normal file
View File

@@ -0,0 +1,23 @@
import 'package:flutter/material.dart';
class ClientDetailsHeader extends StatelessWidget {
const ClientDetailsHeader({super.key});
@override
Widget build(BuildContext context) {
final theme = Theme.of(context);
return Row(
children: [
BackButton(onPressed: () => Navigator.of(context).maybePop()),
Expanded(
child: Text(
'Client Details',
style: theme.textTheme.headlineSmall?.copyWith(
fontWeight: FontWeight.w800,
),
),
),
],
);
}
}

37
useragent/lib/screens/dashboard/clients/details/widgets/client_details_state_panel.dart Normal file
View File

@@ -0,0 +1,37 @@
import 'package:arbiter/theme/palette.dart';
import 'package:arbiter/widgets/cream_frame.dart';
import 'package:flutter/material.dart';
class ClientDetailsStatePanel extends StatelessWidget {
const ClientDetailsStatePanel({
super.key,
required this.title,
required this.body,
required this.icon,
});
final String title;
final String body;
final IconData icon;
@override
Widget build(BuildContext context) {
final theme = Theme.of(context);
return Center(
child: CreamFrame(
margin: const EdgeInsets.all(24),
padding: const EdgeInsets.all(24),
child: Column(
mainAxisSize: MainAxisSize.min,
children: [
Icon(icon, color: Palette.coral),
const SizedBox(height: 12),
Text(title, style: theme.textTheme.titleLarge),
const SizedBox(height: 8),
Text(body, textAlign: TextAlign.center),
],
),
),
);
}
}

75
useragent/lib/screens/dashboard/clients/details/widgets/client_summary_card.dart Normal file
View File

@@ -0,0 +1,75 @@
import 'package:arbiter/proto/user_agent.pb.dart';
import 'package:arbiter/widgets/cream_frame.dart';
import 'package:flutter/material.dart';
class ClientSummaryCard extends StatelessWidget {
const ClientSummaryCard({super.key, required this.client});
final SdkClientEntry client;
@override
Widget build(BuildContext context) {
return CreamFrame(
padding: const EdgeInsets.all(20),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(
client.info.name,
style: Theme.of(context).textTheme.titleLarge,
),
const SizedBox(height: 8),
Text(client.info.description),
const SizedBox(height: 16),
Wrap(
runSpacing: 8,
spacing: 16,
children: [
_Fact(label: 'Client ID', value: '${client.id}'),
_Fact(label: 'Version', value: client.info.version),
_Fact(
label: 'Registered',
value: _formatDate(client.createdAt),
),
_Fact(label: 'Pubkey', value: _shortPubkey(client.pubkey)),
],
),
],
),
);
}
}
class _Fact extends StatelessWidget {
const _Fact({required this.label, required this.value});
final String label;
final String value;
@override
Widget build(BuildContext context) {
final theme = Theme.of(context);
return Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(label, style: theme.textTheme.labelMedium),
Text(value.isEmpty ? '' : value, style: theme.textTheme.bodyMedium),
],
);
}
}
String _formatDate(int unixSecs) {
final dt = DateTime.fromMillisecondsSinceEpoch(unixSecs * 1000).toLocal();
return '${dt.year}-${dt.month.toString().padLeft(2, '0')}-${dt.day.toString().padLeft(2, '0')}';
}
String _shortPubkey(List<int> bytes) {
final hex = bytes
.map((byte) => byte.toRadixString(16).padLeft(2, '0'))
.join();
if (hex.length < 12) {
return '0x$hex';
}
return '0x${hex.substring(0, 8)}...${hex.substring(hex.length - 4)}';
}

Some files were not shown because too many files have changed in this diff Show More