From b3ce69faa33350a17418ebf3f8a389ae169b7e04 Mon Sep 17 00:00:00 2001 From: Frank Bell Date: Fri, 4 Aug 2023 11:14:08 +0100 Subject: [PATCH] SBP-M1 review comments --- .../src/main/java/land/fx/fula/FulaModule.java | 11 +++++++++++ src/interfaces/fulaNativeModule.ts | 11 +++++++++++ src/protocols/blockchain.ts | 17 +++++++++++++++++ src/protocols/chain-api.ts | 4 ++++ src/types/blockchain.ts | 1 + 5 files changed, 44 insertions(+) diff --git a/android/src/main/java/land/fx/fula/FulaModule.java b/android/src/main/java/land/fx/fula/FulaModule.java index eb5a968..b28b79d 100755 --- a/android/src/main/java/land/fx/fula/FulaModule.java +++ b/android/src/main/java/land/fx/fula/FulaModule.java @@ -1148,6 +1148,7 @@ public void shutdown(Promise promise) { //////////////////////ANYTHING BELOW IS FOR BLOCKCHAIN///// /////////////////////////////////////////////////////////// @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void createAccount(String seedString, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "createAccount: seedString = " + seedString); @@ -1186,6 +1187,7 @@ public void checkAccountExists(String accountString, Promise promise) { } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void createPool(String seedString, String poolName, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "createPool: seedString = " + seedString + "; poolName = " + poolName); @@ -1216,6 +1218,7 @@ public void listPools(Promise promise) { } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void joinPool(String seedString, long poolID, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "joinPool: seedString = " + seedString + "; poolID = " + poolID); @@ -1231,6 +1234,7 @@ public void joinPool(String seedString, long poolID, Promise promise) { } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void cancelPoolJoin(String seedString, long poolID, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "cancelPoolJoin: seedString = " + seedString + "; poolID = " + poolID); @@ -1261,6 +1265,7 @@ public void listPoolJoinRequests(long poolID, Promise promise) { } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void votePoolJoinRequest(String seedString, long poolID, String accountString, boolean accept, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "votePoolJoinRequest: seedString = " + seedString + "; poolID = " + poolID + "; accountString = " + accountString + "; accept = " + accept); @@ -1276,6 +1281,7 @@ public void votePoolJoinRequest(String seedString, long poolID, String accountSt } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void leavePool(String seedString, long poolID, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "leavePool: seedString = " + seedString + "; poolID = " + poolID); @@ -1291,6 +1297,7 @@ public void leavePool(String seedString, long poolID, Promise promise) { } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void newReplicationRequest(String seedString, long poolID, long replicationFactor, String cid, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "newReplicationRequest: seedString = " + seedString + "; poolID = " + poolID + "; replicationFactor = " + replicationFactor + "; cid = " + cid); @@ -1306,6 +1313,7 @@ public void newReplicationRequest(String seedString, long poolID, long replicati } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void newStoreRequest(String seedString, long poolID, String uploader, String cid, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "newStoreRequest: seedString = " + seedString + "; poolID = " + poolID + "; uploader = " + uploader + "; cid = " + cid); @@ -1336,6 +1344,7 @@ public void listAvailableReplicationRequests(long poolID, Promise promise) { } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void removeReplicationRequest(String seedString, long poolID, String cid, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "newReplicationRequest: seedString = " + seedString + "; poolID = " + poolID + "; cid = " + cid); @@ -1351,6 +1360,7 @@ public void removeReplicationRequest(String seedString, long poolID, String cid, } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void removeStorer(String seedString, String storage, long poolID, String cid, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "removeStorer: seedString = " + seedString + "; storage = " + storage + "; poolID = " + poolID + "; cid = " + cid); @@ -1366,6 +1376,7 @@ public void removeStorer(String seedString, String storage, long poolID, String } @ReactMethod + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. public void removeStoredReplication(String seedString, String uploader, long poolID, String cid, Promise promise) { ThreadUtils.runOnExecutor(() -> { Log.d("ReactNative", "removeStoredReplication: seedString = " + seedString + "; uploader = " + uploader + "; poolID = " + poolID + "; cid = " + cid); diff --git a/src/interfaces/fulaNativeModule.ts b/src/interfaces/fulaNativeModule.ts index a4495d1..663b99c 100644 --- a/src/interfaces/fulaNativeModule.ts +++ b/src/interfaces/fulaNativeModule.ts @@ -51,27 +51,35 @@ interface FulaNativeModule { testData: (identity: string, bloxAddr: string) => Promise; //Blockchain related functions + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. createAccount: (seed: string) => Promise; checkAccountExists: (account: string) => Promise; + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. createPool: (seed: string, poolName: string) => Promise; listPools: () => Promise; + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. joinPool: (seed: string, poolID: number) => Promise; + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. leavePool: (seed: string, poolID: number) => Promise; + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. cancelPoolJoin: (seed: string, poolID: number) => Promise; listPoolJoinRequests: (poolID: number) => Promise; votePoolJoinRequest: ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, account: string, accept: boolean ) => Promise; newReplicationRequest: ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, replicationFactor: number, cid: string ) => Promise; newStoreRequest: ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, uploader: string, @@ -79,17 +87,20 @@ interface FulaNativeModule { ) => Promise; listAvailableReplicationRequests: (poolID: number) => Promise; removeReplicationRequest: ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, cid: string ) => Promise; removeStorer: ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, storer: string, poolID: number, cid: string ) => Promise; removeStoredReplication: ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, uploader: string, poolID: number, diff --git a/src/protocols/blockchain.ts b/src/protocols/blockchain.ts index 41e51c9..b111c4e 100644 --- a/src/protocols/blockchain.ts +++ b/src/protocols/blockchain.ts @@ -5,8 +5,10 @@ import type * as BType from '../types/blockchain'; createAccount: This function takes a seed argument, which is used to create an account. The seed must start with "/". The function returns a promise of an object that contains the seed and the account that was created. */ export const createAccount = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string //seed that is used to create the account. It must start with "/" ): Promise => { + // SBP-M1 review: seed phrase exposed in logs, remove this. console.log('createAccount in react-native started', seed); let res = Fula.createAccount(seed) .then((res) => { @@ -57,9 +59,11 @@ export const checkAccountExists = ( createPool: This function takes two arguments: seed and poolName. The seed is used to identify the account that is creating the pool, and the poolName is the name of the pool being created. The function returns a promise of an object that contains the owner of the pool and the poolID of the created pool. */ export const createPool = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolName: string ): Promise => { + // SBP-M1 review: seed phrase exposed in logs, remove this. console.log('createPool in react-native started', seed, poolName); let res = Fula.createPool(seed, poolName) .then((res) => { @@ -109,9 +113,11 @@ export const listPools = (): Promise => { */ export const joinPool = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number ): Promise => { + // SBP-M1 review: seed phrase exposed in logs, remove this. console.log('joinPool in react-native started', seed, poolID); let res = Fula.joinPool(seed, poolID) .then((res) => { @@ -137,9 +143,11 @@ export const joinPool = ( */ export const leavePool = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number ): Promise => { + // SBP-M1 review: seed phrase exposed in logs, remove this. console.log('leavePool in react-native started', seed, poolID); let res = Fula.leavePool(seed, poolID) .then((res) => { @@ -161,9 +169,11 @@ export const leavePool = ( }; export const cancelPoolJoin = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number ): Promise => { + // SBP-M1 review: seed phrase exposed in logs, remove this. console.log('cancelPoolJoin in react-native started', seed, poolID); let res = Fula.cancelPoolJoin(seed, poolID) .then((res) => { @@ -214,11 +224,13 @@ accept is a boolean value that indicates whether to accept or reject the join re It returns a promise of BType.PoolVoteResponse which includes the account and poolID */ export const votePoolJoinRequest = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, account: string, accept: boolean ): Promise => { + // SBP-M1 review: seed phrase exposed in logs, remove this. console.log( 'votePoolJoinRequest in react-native started', seed, @@ -255,6 +267,7 @@ cid is the content identifier of the content to be replicated. It returns a promise of BType.ManifestUploadResponse which includes the uploader, storage, ManifestMetadata, and poolID */ export const newReplicationRequest = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, replicationFactor: number, @@ -296,6 +309,7 @@ cid is the content identifier of the content to be stored. It returns a promise of BType.ManifestUploadResponse which includes the uploader, storage, ManifestMetadata, and poolID */ export const newStoreRequest = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, uploader: string, @@ -368,6 +382,7 @@ cid is the content ID of the replication request being removed It returns a promise of BType.ManifestUploadResponse which is the removed replication request, including the uploader, storage, ManifestMetadata, and poolID */ export const removeReplicationRequest = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, poolID: number, cid: string @@ -407,6 +422,7 @@ cid is the content ID of the replication request for which the storer is being r It returns a promise of BType.ManifestUploadResponse which is the replication request, including the uploader, storage, ManifestMetadata, and poolID after the storer has been removed. */ export const removeStorer = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, storer: string, poolID: number, @@ -448,6 +464,7 @@ cid is the content ID of the replication request for which the stored replicatio It returns a promise of BType.ManifestUploadResponse which is the replication request, including the uploader, storage, ManifestMetadata, and poolID after the stored replication has been removed. */ export const removeStoredReplication = ( + // SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. seed: string, uploader: string, poolID: number, diff --git a/src/protocols/chain-api.ts b/src/protocols/chain-api.ts index c94ffab..f4cc629 100644 --- a/src/protocols/chain-api.ts +++ b/src/protocols/chain-api.ts @@ -1,6 +1,7 @@ import { default as EventTypes } from '../interfaces/api-lookup'; import { ApiPromise, WsProvider } from '@polkadot/api'; +// SBP-M1 review: remove commented out code //import { Keyring } from '@polkadot/keyring'; import type * as BType from '../types/blockchain'; @@ -9,6 +10,7 @@ const types = { }; export const init = async ( + // SBP-M1 review: consider making configurable wsAddress: string = 'wss://node3.functionyard.fx.land' ): Promise => { const provider = new WsProvider(wsAddress); @@ -23,6 +25,7 @@ export const disconnectApi = async (api: ApiPromise): Promise => { await api.disconnect(); }; +// SBP-M1 review: remove commented out code /* createAccount: This function takes a seed and returns am account */ @@ -98,6 +101,7 @@ export const listPools = async ( } }; +// SBP-M1 review: typo /* checkJoinRequest: This function takes poolId and AccontId and returns a promise of an object that contains request to the pools. */ diff --git a/src/types/blockchain.ts b/src/types/blockchain.ts index b589936..364a341 100644 --- a/src/types/blockchain.ts +++ b/src/types/blockchain.ts @@ -1,3 +1,4 @@ +// SBP-M1 review: create seed on device and store securely, then use PolkadotJS API to sign an extrinsic which can then be submitted to the node/api. The seed should never leave the device. Remove the seed from here. export interface SeededResponse { seed: string; account: string;