From 03c70f3f21a4f458a3bc095893e92550a229d816 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Sza=C5=82owski?= Date: Tue, 12 Mar 2024 19:09:14 +0100 Subject: [PATCH] [#378] feat: add hash and validation of the metadata --- CHANGELOG.md | 3 +- govtool/frontend/package.json | 1 + .../CreateGovernanceActionForm.tsx | 8 +- .../StorageInformation.tsx | 103 +++++++++++++++++- .../src/components/organisms/StatusModal.tsx | 46 +++++++- .../src/consts/governanceActionFields.ts | 23 ++-- govtool/frontend/src/context/modal.tsx | 2 +- govtool/frontend/src/i18n/locales/en.ts | 19 ++++ govtool/frontend/src/utils/canonizeJSON.ts | 12 ++ govtool/frontend/src/utils/index.ts | 2 + .../src/utils/validateMetadataHash.ts | 61 +++++++++++ 11 files changed, 254 insertions(+), 26 deletions(-) create mode 100644 govtool/frontend/src/utils/canonizeJSON.ts create mode 100644 govtool/frontend/src/utils/validateMetadataHash.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index a89f944c1..2cb0840cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,8 +14,8 @@ changes. - Create GA creation form [Issue 360](https://github.com/IntersectMBO/govtool/issues/360) - Create TextArea [Issue 110](https://github.com/IntersectMBO/govtool/issues/110) - Choose GA type - GA Submiter [Issue 358](https://github.com/IntersectMBO/govtool/issues/358) - - Add on-chain inputs validation [Issue 377](https://github.com/IntersectMBO/govtool/issues/377) +- Add hash and validation of the metadata [Issue 378](https://github.com/IntersectMBO/govtool/issues/378) ### Added @@ -44,6 +44,7 @@ changes. - Fixed CSP settings to allow error reports with Sentry [Issue 291](https://github.com/IntersectMBO/govtool/issues/291). ### Changed + - `drep/list` now return also `status` and `type` fields. Also it now returns the retired dreps, and you can search for given drep by name using optional query parameter. If the drep name is passed exactly, then you can even find a drep that's sole voter. [Issue 446](https://github.com/IntersectMBO/govtool/issues/446) - `drep/list` and `drep/info` endpoints now return additional data such as metadata url and hash, and voting power [Issue 223](https://github.com/IntersectMBO/govtool/issues/223) - `drep/info` now does not return sole voters (dreps without metadata) [Issue 317](https://github.com/IntersectMBO/govtool/issues/317) diff --git a/govtool/frontend/package.json b/govtool/frontend/package.json index b6ca5e643..8ce160dd4 100644 --- a/govtool/frontend/package.json +++ b/govtool/frontend/package.json @@ -22,6 +22,7 @@ "@mui/icons-material": "^5.14.3", "@mui/material": "^5.14.4", "@sentry/react": "^7.77.0", + "@types/jsonld": "^1.5.13", "@types/react": "^18.2.12", "@types/react-gtm-module": "^2.0.2", "axios": "^1.4.0", diff --git a/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/CreateGovernanceActionForm.tsx b/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/CreateGovernanceActionForm.tsx index 0d49018e5..ca96904e6 100644 --- a/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/CreateGovernanceActionForm.tsx +++ b/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/CreateGovernanceActionForm.tsx @@ -6,11 +6,11 @@ import { Button, InfoText, Spacer, Typography } from "@atoms"; import { GOVERNANCE_ACTION_FIELDS } from "@consts"; import { useCreateGovernanceActionForm, useTranslation } from "@hooks"; import { Field } from "@molecules"; +import { URL_REGEX } from "@/utils"; +import { GovernanceActionField } from "@/types/governanceAction"; import { BgCard } from "../BgCard"; import { ControlledField } from "../ControlledField"; -import { GovernanceActionField } from "@/types/governanceAction"; -import { URL_REGEX } from "@/utils"; const LINK_PLACEHOLDER = "https://website.com/"; const MAX_NUMBER_OF_LINKS = 8; @@ -117,10 +117,6 @@ export const CreateGovernanceActionForm = ({ placeholder={LINK_PLACEHOLDER} name={`links.${index}.link`} rules={{ - required: { - value: true, - message: t("createGovernanceAction.fields.validations.required"), - }, pattern: { value: URL_REGEX, message: t("createGovernanceAction.fields.validations.url"), diff --git a/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/StorageInformation.tsx b/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/StorageInformation.tsx index dd1840868..e899a0db9 100644 --- a/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/StorageInformation.tsx +++ b/govtool/frontend/src/components/organisms/CreateGovernanceActionSteps/StorageInformation.tsx @@ -1,20 +1,85 @@ import { Dispatch, SetStateAction, useCallback, useState } from "react"; +import { useNavigate } from "react-router-dom"; import { Box } from "@mui/material"; import OpenInNewIcon from "@mui/icons-material/OpenInNew"; import { Button, Spacer, Typography } from "@atoms"; -import { ICONS } from "@consts"; +import { ICONS, PATHS } from "@consts"; import { useCreateGovernanceActionForm, useTranslation } from "@hooks"; import { Step } from "@molecules"; -import { BgCard, ControlledField } from "@organisms"; -import { URL_REGEX, downloadJson, openInNewTab } from "@utils"; +import { BgCard, ControlledField, StatusModalState } from "@organisms"; +import { + URL_REGEX, + downloadJson, + openInNewTab, + validateMetadataHash, + MetadataHashValidationErrors, +} from "@utils"; +import { ModalState, useModal } from "@/context"; +import I18n from "@/i18n"; type StorageInformationProps = { setStep: Dispatch>; }; +const externalDataDoesntMatchModal = { + type: "statusModal", + state: { + status: "warning", + title: I18n.t( + "createGovernanceAction.modals.externalDataDoesntMatch.title" + ), + message: I18n.t( + "createGovernanceAction.modals.externalDataDoesntMatch.message" + ), + buttonText: I18n.t( + "createGovernanceAction.modals.externalDataDoesntMatch.buttonText" + ), + cancelText: I18n.t( + "createGovernanceAction.modals.externalDataDoesntMatch.cancelRegistrationText" + ), + feedbackText: I18n.t( + "createGovernanceAction.modals.externalDataDoesntMatch.feedbackText" + ), + }, +} as const; + +const urlCannotBeFound = { + type: "statusModal", + state: { + status: "warning", + title: I18n.t("createGovernanceAction.modals.urlCannotBeFound.title"), + message: I18n.t("createGovernanceAction.modals.urlCannotBeFound.message"), + link: "https://docs.sanchogov.tools", + linkText: I18n.t("createGovernanceAction.modals.urlCannotBeFound.linkText"), + buttonText: I18n.t( + "createGovernanceAction.modals.urlCannotBeFound.buttonText" + ), + cancelText: I18n.t( + "createGovernanceAction.modals.urlCannotBeFound.cancelRegistrationText" + ), + feedbackText: I18n.t( + "createGovernanceAction.modals.urlCannotBeFound.feedbackText" + ), + }, +} as const; + +const storageInformationErrorModals: Record< + MetadataHashValidationErrors, + ModalState< + | (typeof externalDataDoesntMatchModal)["state"] + | (typeof urlCannotBeFound)["state"] + > +> = { + [MetadataHashValidationErrors.INVALID_URL]: urlCannotBeFound, + [MetadataHashValidationErrors.FETCH_ERROR]: urlCannotBeFound, + [MetadataHashValidationErrors.INVALID_JSON]: externalDataDoesntMatchModal, + [MetadataHashValidationErrors.INVALID_HASH]: externalDataDoesntMatchModal, +}; + export const StorageInformation = ({ setStep }: StorageInformationProps) => { const { t } = useTranslation(); + const navigate = useNavigate(); const { control, errors, @@ -23,6 +88,7 @@ export const StorageInformation = ({ setStep }: StorageInformationProps) => { getValues, watch, } = useCreateGovernanceActionForm(); + const { openModal, closeModal } = useModal(); const [isJsonDownloaded, setIsJsonDownloaded] = useState(false); // TODO: change on correct file name @@ -45,12 +111,41 @@ export const StorageInformation = ({ setStep }: StorageInformationProps) => { setIsJsonDownloaded(true); }; + const backToDashboard = () => { + navigate(PATHS.dashboard); + closeModal(); + }; + + const handleStoringURLJSONValidation = useCallback(async () => { + const storingURL = getValues("storingURL"); + try { + await createGovernanceAction(); + + // TODO: To be replaced wtih the correct hash + await validateMetadataHash(storingURL, "hash"); + } catch (error: any) { + if (Object.values(MetadataHashValidationErrors).includes(error.message)) { + openModal({ + ...storageInformationErrorModals[ + error.message as MetadataHashValidationErrors + ], + onSubmit: () => { + setStep(3); + }, + onCancel: backToDashboard, + // TODO: Open usersnap feedback + onFeedback: backToDashboard, + } as ModalState); + } + } + }, [getValues, generateJsonBody]); + return ( diff --git a/govtool/frontend/src/components/organisms/StatusModal.tsx b/govtool/frontend/src/components/organisms/StatusModal.tsx index 35b24ef4a..0a6ec6c66 100644 --- a/govtool/frontend/src/components/organisms/StatusModal.tsx +++ b/govtool/frontend/src/components/organisms/StatusModal.tsx @@ -8,11 +8,16 @@ import { useScreenDimension, useTranslation } from "@/hooks"; export interface StatusModalState { buttonText?: string; + cancelText?: string; + feedbackText?: string; status: "warning" | "info" | "success"; isInfo?: boolean; link?: string; + linkText?: string; message: React.ReactNode; onSubmit?: () => void; + onCancel?: () => void; + onFeedback?: () => void; title: string; dataTestId: string; } @@ -43,20 +48,20 @@ export function StatusModal() { textAlign="center" sx={{ fontSize: "16px", fontWeight: "400" }} > - {state?.message}{" "} + {state?.message} {state?.link && ( openInNewTab(state?.link || "")} target="_blank" sx={[{ "&:hover": { cursor: "pointer" } }]} > - {t("thisLink")} + {state?.linkText || t("thisLink")} )} + {state?.cancelText && ( + + )} + {state?.feedbackText && ( + + )} ); } diff --git a/govtool/frontend/src/consts/governanceActionFields.ts b/govtool/frontend/src/consts/governanceActionFields.ts index e5663758b..f96e7fb16 100644 --- a/govtool/frontend/src/consts/governanceActionFields.ts +++ b/govtool/frontend/src/consts/governanceActionFields.ts @@ -95,10 +95,15 @@ export const GOVERNANCE_ACTION_FIELDS: GovernanceActionFields = { placeholderI18nKey: "createGovernanceAction.fields.declarations.receivingAddress.placeholder", rules: { - validate: (value) => { - if (bech32.decode(value).words.length) { - return true; - } else { + validate: async (value) => { + try { + const decoded = await bech32.decode(value); + if (decoded.words.length) { + return true; + } else { + throw new Error(); + } + } catch (error) { return I18n.t("createGovernanceAction.fields.validations.bech32"); } }, @@ -114,13 +119,9 @@ export const GOVERNANCE_ACTION_FIELDS: GovernanceActionFields = { value: true, message: I18n.t("createGovernanceAction.fields.validations.required"), }, - validate: (value) => { - if (Number.isInteger(Number(value))) { - return true; - } else { - return I18n.t("createGovernanceAction.fields.validations.number"); - } - }, + validate: (value) => + Number.isInteger(Number(value)) || + I18n.t("createGovernanceAction.fields.validations.number"), }, }, }, diff --git a/govtool/frontend/src/context/modal.tsx b/govtool/frontend/src/context/modal.tsx index 4d6afdf0a..985910fde 100644 --- a/govtool/frontend/src/context/modal.tsx +++ b/govtool/frontend/src/context/modal.tsx @@ -47,7 +47,7 @@ const modals: Record = { type Optional = Pick, K> & Omit; -interface ModalState { +export interface ModalState { type: ModalType; state: T | null; } diff --git a/govtool/frontend/src/i18n/locales/en.ts b/govtool/frontend/src/i18n/locales/en.ts index edc1e2be7..904bcc045 100644 --- a/govtool/frontend/src/i18n/locales/en.ts +++ b/govtool/frontend/src/i18n/locales/en.ts @@ -191,6 +191,25 @@ export const en = { url: "Invalid URL", }, }, + modals: { + externalDataDoesntMatch: { + title: "Your External Data Does Not Match the Original File.", + message: + "GovTool checks the URL you entered to see if the JSON file that you self-host matches the one that was generated in GovTool. To complete registration, this match must be exact.\n\nIn this case, there is a mismatch. You can go back to the data edit screen and try the process again.", + buttonText: "Go to Data Edit Screen", + cancelRegistrationText: "Cancel Registration", + feedbackText: "Feedback", + }, + urlCannotBeFound: { + title: "The URL You Entered Cannot Be Found", + message: + "GovTool cannot find the URL that you entered. Please check it and re-enter.", + linkText: "Learn More about self-hosting", + buttonText: "Go to Data Edit Screen", + cancelRegistrationText: "Cancel Registration", + feedbackText: "Feedback", + }, + }, }, delegation: { description: diff --git a/govtool/frontend/src/utils/canonizeJSON.ts b/govtool/frontend/src/utils/canonizeJSON.ts new file mode 100644 index 000000000..72f884708 --- /dev/null +++ b/govtool/frontend/src/utils/canonizeJSON.ts @@ -0,0 +1,12 @@ +import jsonld from "jsonld"; + +/** + * Canonizes a JSON object using jsonld.canonize. + * + * @param json - The JSON object to be canonized. + * @returns A Promise that resolves to the canonized JSON object. + */ +export const canonizeJSON = async (json: Record) => { + const canonized = await jsonld.canonize(json); + return canonized; +}; diff --git a/govtool/frontend/src/utils/index.ts b/govtool/frontend/src/utils/index.ts index 313353de7..6a738852d 100644 --- a/govtool/frontend/src/utils/index.ts +++ b/govtool/frontend/src/utils/index.ts @@ -1,6 +1,7 @@ export * from "./adaFormat"; export * from "./basicReducer"; export * from "./callAll"; +export * from "./canonizeJSON"; export * from "./checkIsMaintenanceOn"; export * from "./checkIsWalletConnected"; export * from "./formatDate"; @@ -14,3 +15,4 @@ export * from "./jsonUtils"; export * from "./localStorage"; export * from "./openInNewTab"; export * from "./removeDuplicatedProposals"; +export * from "./validateMetadataHash"; diff --git a/govtool/frontend/src/utils/validateMetadataHash.ts b/govtool/frontend/src/utils/validateMetadataHash.ts new file mode 100644 index 000000000..b35f23e71 --- /dev/null +++ b/govtool/frontend/src/utils/validateMetadataHash.ts @@ -0,0 +1,61 @@ +import * as blake from "blakejs"; +import { isAxiosError } from "axios"; + +import { API } from "@/services"; + +import { canonizeJSON } from "./canonizeJSON"; +import { URL_REGEX } from "."; + +export enum MetadataHashValidationErrors { + INVALID_URL = "Invalid URL", + INVALID_JSON = "Invalid JSON", + INVALID_HASH = "Invalid hash", + FETCH_ERROR = "Error fetching data", +} + +/** + * Validates the metadata hash by fetching the metadata from the given URL, + * canonizing it, and comparing the hash with the provided hash. + * + * @param storingURL - The URL where the metadata is stored. + * @param hash - The hash to compare with the calculated hash of the metadata. + * @returns A promise that resolves to `true` if the metadata hash is valid, or rejects with an error message if validation fails. + */ +export const validateMetadataHash = async ( + storingURL: string, + hash: string +) => { + try { + if (!storingURL.match(URL_REGEX)) { + throw new Error(MetadataHashValidationErrors.INVALID_URL); + } + + const { data: userMetadataJSON } = await API.get(storingURL); + + let canonizedUserMetadata; + try { + canonizedUserMetadata = await canonizeJSON(userMetadataJSON); + } catch (error) { + throw new Error(MetadataHashValidationErrors.INVALID_JSON); + } + if (!canonizedUserMetadata) { + throw new Error(MetadataHashValidationErrors.INVALID_JSON); + } + + const hashedUserMetadata = blake.blake2bHex( + canonizedUserMetadata, + undefined, + 32 + ); + + if (hashedUserMetadata !== hash) { + throw new Error(MetadataHashValidationErrors.INVALID_HASH); + } + return true; + } catch (error) { + if (isAxiosError(error)) { + throw new Error(MetadataHashValidationErrors.FETCH_ERROR); + } + throw error; + } +};