Audit logs, stricter signing, and fetch rpc gasPrice #124
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 10 commits
January 24, 2022 17:08
* Using metamask ob-store to sync chrome storage and logs * pass password instead of private key down to service level * event logging for decrypt key error, sign, send, sign, and staking * removal of harmony static instance (storing private key) * removal of privatekey in vue states
|
BUILD: onewallet.zip Checksums |
polymorpher
reviewed
Mar 5, 2022
| chrome.runtime.sendMessage( | ||
| { action: GET_LOGS }, | ||
| async (state) => { | ||
| var blob = new Blob([JSON.stringify(state, null, '\t')], {type: "application/json;charset=utf-8"}); |
There was a problem hiding this comment.
JSON stringify can be quite slow if state has a large number of rows (array elements). But I think in most cases it should be fine
|
The change looks good. Reviewing all code from scratch and testing |
polymorpher
reviewed
Mar 5, 2022
| @@ -275,12 +275,11 @@ export default { | |||
| this.$notify({ | |||
| group: "notify", | |||
| type: "error", | |||
| text: err.message, | |||
| text: this.caption, | |||
There was a problem hiding this comment.
Sanitize this to prevent injection? See Matthew's report
There was a problem hiding this comment.
Added lodash escape in new commit
|
Code looks good (checked independent of the diffs) |
polymorpher
reviewed
Mar 5, 2022
| @@ -10,7 +10,7 @@ | |||
| }, | |||
| "scripts": { | |||
| "dev": "NODE_ENV=development webpack --progress --watch", | |||
| "build": "NODE_ENV=production webpack --progress && md5sum dist/*.js dist/*.html > dist/checksums.md5" | |||
| "build": "NODE_ENV=production webpack --progress && cd dist && find -type f -exec md5sum {} \\;|sort -s > checksums.md5" | |||
There was a problem hiding this comment.
Changed so the output path in md5 doesn't have the "dist" so you can compare checksum easier. Everything is relative to the current directory. Also opened up to any files checksums just in case...
added 2 commits
March 7, 2022 12:57
|
Hash confirmed. Transfer and Delegate operations are tested. Signing (smart contract call), personal sign (offline), undelegate, and collectreward are not tested yet |
|
New checksum is |
|
New changes look good. Also I got hashes |
|
It was cached. I added echo to break it.. It matches now: |
|
@polymorpher Previous build didn't checkout PR. This is the correct Dockerfile and build without cache
|
|
okay, hashes are |
|
I think this is ready for a release |
|
Signatures match -- all go for release. |
|
merge this? since it is already deployed |
|
Updated build. All the scripts checksums are the same. The only file changed is the manifest.json. |
|
|
I also changed version to 1.2.8 |
added 3 commits
March 18, 2022 16:43
…odal to re-implement the modal;
|
New build for modaljs fix |
|
I built with termsModal set to |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes in this PR (1.2.7)
Audit Logs
Audit logs are event logging stored in chrome.storage (higher storage limits than localStorage). It stores all the internalEvents, externalEvents, as well as any decrypt fails, successful send one, send token, stake, sign transaction.
Logs can be downloaded from settings menu as JSON.
Strict Signing
Misc