stellar · aristidesstaffieri · Aug 28, 2023 · Aug 21, 2023 · Aug 22, 2023 · Aug 22, 2023
diff --git a/@shared/api/external.ts b/@shared/api/external.ts
@@ -60,6 +60,7 @@ export const submitTransaction = async (
     });
   } catch (e) {
     console.error(e);
+    throw e;
   }
   const { signedTransaction, error } = response;
 
@@ -86,6 +87,7 @@ export const submitBlob = async (
     });
   } catch (e) {
     console.error(e);
+    throw e;
   }
   const { signedBlob, error } = response;
 
@@ -95,6 +97,32 @@ export const submitBlob = async (
   return signedBlob;
 };
 
+export const submitAuthEntry = async (
+  entryXdr: string,
+  opts?: {
+    accountToSign?: string;
+  },
+): Promise<string> => {
+  let response = { signedAuthEntry: "", error: "" };
+  const _opts = opts || {};
+  const accountToSign = _opts.accountToSign || "";
+  try {
+    response = await sendMessageToContentScript({
+      entryXdr,
+      accountToSign,
+      type: EXTERNAL_SERVICE_TYPES.SUBMIT_AUTH_ENTRY,
+    });
+  } catch (e) {
+    console.error(e);
+  }
+  const { signedAuthEntry, error } = response;
+
+  if (error) {
+    throw error;
+  }
+  return signedAuthEntry;
+};
+
 export const requestNetwork = async (): Promise<string> => {
   let response = { network: "", error: "" };
   try {

diff --git a/@shared/api/internal.ts b/@shared/api/internal.ts
@@ -535,6 +535,16 @@ export const signBlob = async (): Promise<void> => {
   }
 };
 
+export const signAuthEntry = async (): Promise<void> => {
+  try {
+    await sendMessageToBackground({
+      type: SERVICE_TYPES.SIGN_AUTH_ENTRY,
+    });
+  } catch (e) {
+    console.error(e);
+  }
+};
+
 export const signFreighterTransaction = async ({
   transactionXDR,
   network,

diff --git a/@shared/api/types.ts b/@shared/api/types.ts
@@ -37,6 +37,7 @@ export interface Response {
   transactionXDR: string;
   signedTransaction: string;
   signedBlob: string;
+  signedAuthEntry: string;
   source: string;
   type: SERVICE_TYPES;
   url: string;
@@ -96,7 +97,14 @@ export interface ExternalRequestBlob extends ExternalRequestBase {
   blob: string;
 }
 
-export type ExternalRequest = ExternalRequestTx | ExternalRequestBlob;
+export interface ExternalRequestAuthEntry extends ExternalRequestBase {
+  entryXdr: string;
+}
+
+export type ExternalRequest =
+  | ExternalRequestTx
+  | ExternalRequestBlob
+  | ExternalRequestAuthEntry;
 
 export interface Account {
   publicKey: string;

diff --git a/@shared/constants/services.ts b/@shared/constants/services.ts
@@ -15,6 +15,7 @@ export enum SERVICE_TYPES {
   GRANT_ACCESS = "GRANT_ACCESS",
   SIGN_TRANSACTION = "SIGN_TRANSACTION",
   SIGN_BLOB = "SIGN_BLOB",
+  SIGN_AUTH_ENTRY = "SIGN_AUTH_ENTRY",
   HANDLE_SIGNED_HW_TRANSACTION = "HANDLE_SIGNED_HW_TRANSACTION",
   REJECT_TRANSACTION = "REJECT_TRANSACTION",
   SIGN_FREIGHTER_TRANSACTION = "SIGN_FREIGHTER_TRANSACTION",
@@ -45,6 +46,7 @@ export enum EXTERNAL_SERVICE_TYPES {
   REQUEST_ACCESS = "REQUEST_ACCESS",
   SUBMIT_TRANSACTION = "SUBMIT_TRANSACTION",
   SUBMIT_BLOB = "SUBMIT_BLOB",
+  SUBMIT_AUTH_ENTRY = "SUBMIT_AUTH_ENTRY",
   REQUEST_NETWORK = "REQUEST_NETWORK",
   REQUEST_NETWORK_DETAILS = "REQUEST_NETWORK_DETAILS",
   REQUEST_CONNECTION_STATUS = "REQUEST_CONNECTION_STATUS",

diff --git a/@shared/constants/stellar.ts b/@shared/constants/stellar.ts
@@ -23,7 +23,9 @@ export enum FRIENDBOT_URLS {
   FUTURENET = "https://friendbot-futurenet.stellar.org",
 }
 
-export const SOROBAN_RPC_URLS = {
+export const SOROBAN_RPC_URLS: { [index: string]: string } = {
+  PUBLIC: "https://rpc-futurenet.stellar.org/",
+  TESTNET: "https://rpc-futurenet.stellar.org/",
   FUTURENET: "https://rpc-futurenet.stellar.org/",
 };
 

diff --git a/@stellar/freighter-api/src/__tests__/index.test.js b/@stellar/freighter-api/src/__tests__/index.test.js
@@ -6,5 +6,6 @@ describe("freighter API", () => {
     expect(typeof FreighterAPI.getPublicKey).toBe("function");
     expect(typeof FreighterAPI.signTransaction).toBe("function");
     expect(typeof FreighterAPI.signBlob).toBe("function");
+    expect(typeof FreighterAPI.signAuthEntry).toBe("function");
   });
 });
diff --git a/@stellar/freighter-api/src/__tests__/signBlob.test.js b/@stellar/freighter-api/src/__tests__/signBlob.test.js
@@ -8,6 +8,7 @@ describe("signBlob", () => {
     const blob = await signBlob();
     expect(blob).toBe(TEST_BLOB);
   });
+
   it("throws a generic error", () => {
     const TEST_ERROR = "Error!";
     apiExternal.submitBlob = jest.fn().mockImplementation(() => {

diff --git a/@stellar/freighter-api/src/index.ts b/@stellar/freighter-api/src/index.ts
@@ -1,6 +1,7 @@
 import { getPublicKey } from "./getPublicKey";
 import { signTransaction } from "./signTransaction";
 import { signBlob } from "./signBlob";
+import { signAuthEntry } from "./signAuthEntry";
 import { isConnected } from "./isConnected";
 import { getNetwork } from "./getNetwork";
 import { getNetworkDetails } from "./getNetworkDetails";
@@ -14,6 +15,7 @@ export {
   getPublicKey,
   signTransaction,
   signBlob,
+  signAuthEntry,
   isConnected,
   getNetwork,
   getNetworkDetails,
@@ -25,6 +27,7 @@ export default {
   getPublicKey,
   signTransaction,
   signBlob,
+  signAuthEntry,
   isConnected,
   getNetwork,
   getNetworkDetails,

diff --git a/@stellar/freighter-api/src/signAuthEntry.ts b/@stellar/freighter-api/src/signAuthEntry.ts
@@ -0,0 +1,10 @@
+import { submitAuthEntry } from "@shared/api/external";
+import { isBrowser } from ".";
+
+export const signAuthEntry = (
+  entryXdr: string,
+  opts?: {
+    accountToSign?: string;
+  }
+): Promise<string> =>
+  isBrowser ? submitAuthEntry(entryXdr, opts) : Promise.resolve("");
diff --git a/docs/docs/guide/usingFreighterNode.md b/docs/docs/guide/usingFreighterNode.md
@@ -19,6 +19,7 @@ or import just the modules you require:
 import {
   isConnected,
   getPublicKey,
+  signAuthEntry,
   signTransaction,
   signBlob,
 } from "@stellar/freighter-api";
@@ -82,6 +83,7 @@ If the user has authorized your application previously, it will be on the extens
 import {
   isConnected,
   getPublicKey,
+  signAuthEntry,
   signTransaction,
   signBlob,
 } from "@stellar/freighter-api";
@@ -124,6 +126,7 @@ import {
   isAllowed,
   setAllowed,
   getUserInfo,
+  signAuthEntry,
   signTransaction,
   signBlob,
 } from "@stellar/freighter-api";
@@ -177,6 +180,7 @@ This function is useful for determining what network the user has configured Fre
 import {
   isConnected,
   getNetwork,
+  signAuthEntry,
   signTransaction,
   signBlob,
 } from "@stellar/freighter-api";
@@ -234,7 +238,7 @@ import {
   isConnected,
   getPublicKey,
   signTransaction,
-  signBlob
+  signBlob,
 } from "@stellar/freighter-api";
 
 if (await isConnected()) {

diff --git a/extension/src/background/messageListener/freighterApiMessageListener.ts b/extension/src/background/messageListener/freighterApiMessageListener.ts
@@ -4,6 +4,7 @@ import browser from "webextension-polyfill";
 import { Store } from "redux";
 
 import {
+  ExternalRequestAuthEntry,
   ExternalRequestBlob,
   ExternalRequestTx,
   ExternalRequest as Request,
@@ -39,6 +40,7 @@ import {
 import { publicKeySelector } from "background/ducks/session";
 
 import {
+  authEntryQueue,
   blobQueue,
   responseQueue,
   transactionQueue,
@@ -254,9 +256,7 @@ export const freighterApiMessageListener = (
     blobQueue.push(blobData);
     const encodedBlob = encodeObject(blobData);
     const popup = browser.windows.create({
-      url: chrome.runtime.getURL(
-        `/index.html#/sign-transaction?${encodedBlob}`,
-      ),
+      url: chrome.runtime.getURL(`/index.html#/sign-blob?${encodedBlob}`),
       ...WINDOW_SETTINGS,
     });
 
@@ -286,6 +286,59 @@ export const freighterApiMessageListener = (
     });
   };
 
+  const submitAuthEntry = async () => {
+    const { entryXdr, accountToSign } = request as ExternalRequestAuthEntry;
+
+    const { tab, url: tabUrl = "" } = sender;
+    const domain = getUrlHostname(tabUrl);
+    const punycodedDomain = getPunycodedDomain(domain);
+
+    const allowListStr = (await localStore.getItem(ALLOWLIST_ID)) || "";
+    const allowList = allowListStr.split(",");
+    const isDomainListedAllowed = await isSenderAllowed({ sender });
+
+    const authEntry = {
+      entry: entryXdr,
+      accountToSign,
+      tab,
+      url: tabUrl,
+    };
+
+    authEntryQueue.push(authEntry);
+    const encodedAuthEntry = encodeObject(authEntry);
+    const popup = browser.windows.create({
+      url: chrome.runtime.getURL(
+        `/index.html#/sign-auth-entry?${encodedAuthEntry}`,
+      ),
+      ...WINDOW_SETTINGS,
+    });
+
+    return new Promise((resolve) => {
+      if (!popup) {
+        resolve({ error: "Couldn't open access prompt" });
+      } else {
+        browser.windows.onRemoved.addListener(() =>
+          resolve({
+            error: "User declined access",
+          }),
+        );
+      }
+      const response = (signedAuthEntry: string) => {
+        if (signedAuthEntry) {
+          if (!isDomainListedAllowed) {
+            allowList.push(punycodedDomain);
+            localStore.setItem(ALLOWLIST_ID, allowList.join());
+          }
+          resolve({ signedAuthEntry });
+        }
+
+        resolve({ error: "User declined access" });
+      };
+
+      responseQueue.push(response);
+    });
+  };
+
   const requestNetwork = async () => {
     let network = "";
 
@@ -378,6 +431,7 @@ export const freighterApiMessageListener = (
     [EXTERNAL_SERVICE_TYPES.REQUEST_ACCESS]: requestAccess,
     [EXTERNAL_SERVICE_TYPES.SUBMIT_TRANSACTION]: submitTransaction,
     [EXTERNAL_SERVICE_TYPES.SUBMIT_BLOB]: submitBlob,
+    [EXTERNAL_SERVICE_TYPES.SUBMIT_AUTH_ENTRY]: submitAuthEntry,
     [EXTERNAL_SERVICE_TYPES.REQUEST_NETWORK]: requestNetwork,
     [EXTERNAL_SERVICE_TYPES.REQUEST_NETWORK_DETAILS]: requestNetworkDetails,
     [EXTERNAL_SERVICE_TYPES.REQUEST_CONNECTION_STATUS]: requestConnectionStatus,

diff --git a/extension/src/background/messageListener/popupMessageListener.ts b/extension/src/background/messageListener/popupMessageListener.ts
@@ -104,6 +104,13 @@ export const blobQueue: Array<{
   accountToSign: string;
 }> = [];
 
+export const authEntryQueue: Array<{
+  accountToSign: string;
+  tab: browser.Tabs.Tab | undefined;
+  entry: string; // xdr.SorobanAuthorizationEntry
+  url: string;
+}> = [];
+
 interface KeyPair {
   publicKey: string;
   privateKey: string;
@@ -932,6 +939,29 @@ export const popupMessageListener = (request: Request, sessionStore: Store) => {
     return { error: "Session timed out" };
   };
 
+  const signAuthEntry = async () => {
+    const privateKey = privateKeySelector(sessionStore.getState());
+
+    if (privateKey.length) {
+      const sourceKeys = SorobanSdk.Keypair.fromSecret(privateKey);
+
+      const authEntry = authEntryQueue.pop();
+
+      const response = authEntry
+        ? await sourceKeys.sign(Buffer.from(authEntry.entry))
+        : null;
+
+      const entryResponse = responseQueue.pop();
+
+      if (typeof entryResponse === "function") {
+        entryResponse(response);
+        return {};
+      }
+    }
+
+    return { error: "Session timed out" };
+  };
+
   const rejectTransaction = () => {
     transactionQueue.pop();
     const response = responseQueue.pop();
@@ -1224,6 +1254,7 @@ export const popupMessageListener = (request: Request, sessionStore: Store) => {
     [SERVICE_TYPES.REJECT_ACCESS]: rejectAccess,
     [SERVICE_TYPES.SIGN_TRANSACTION]: signTransaction,
     [SERVICE_TYPES.SIGN_BLOB]: signBlob,
+    [SERVICE_TYPES.SIGN_AUTH_ENTRY]: signAuthEntry,
     [SERVICE_TYPES.HANDLE_SIGNED_HW_TRANSACTION]: handleSignedHwTransaction,
     [SERVICE_TYPES.REJECT_TRANSACTION]: rejectTransaction,
     [SERVICE_TYPES.SIGN_FREIGHTER_TRANSACTION]: signFreighterTransaction,

diff --git a/extension/src/helpers/__tests__/stellar.test.ts b/extension/src/helpers/__tests__/stellar.test.ts
@@ -26,7 +26,7 @@ describe("getTransactionInfo", () => {
       tab: {},
     });
     const info = getTransactionInfo("foo");
-    if (!("blob" in info)) {
+    if (!("blob" in info) && !("entry" in info)) {
       expect(info.isHttpsDomain).toBe(true);
     }
   });
@@ -41,7 +41,7 @@ describe("getTransactionInfo", () => {
       tab: {},
     });
     const info = getTransactionInfo("foo");
-    if (!("blob" in info)) {
+    if (!("blob" in info) && !("entry" in info)) {
       expect(info.isHttpsDomain).toBe(false);
     }
   });

diff --git a/extension/src/helpers/stellar.ts b/extension/src/helpers/stellar.ts
@@ -10,6 +10,7 @@ import {
   NetworkDetails,
 } from "@shared/constants/stellar";
 
+import { TransactionInfo } from "types/transactions";
 import { parsedSearchParam, getUrlHostname } from "./urls";
 
 // .isBigNumber() not catching correctly, so checking .isBigNumber
@@ -34,11 +35,7 @@ export const truncatedFedAddress = (addr: string) => {
 export const truncatedPoolId = (poolId: string) => truncateString(poolId);
 
 export const getTransactionInfo = (search: string) => {
-  const searchParams = parsedSearchParam(search);
-
-  if ("blob" in searchParams) {
-    return searchParams;
-  }
+  const searchParams = parsedSearchParam(search) as TransactionInfo;
 
   const {
     accountToSign,