Re-added code to clean branch (JavaScript Desktop Wallet) #1964
Conversation
|
@SocketSecurity ignore [email protected] |
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
|
New dependencies detected. Learn more about Socket for GitHub ↗︎
|
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
…ipt.md Co-authored-by: Jackson Mills <[email protected]>
…ipt.md Co-authored-by: Jackson Mills <[email protected]>
…ipt.md Co-authored-by: Jackson Mills <[email protected]>
…ipt.md Co-authored-by: Jackson Mills <[email protected]>
…ipt.md Co-authored-by: Jackson Mills <[email protected]>
…ipt.md Co-authored-by: Jackson Mills <[email protected]>
|
I'm currently reworking the steps to "code along" style, testing the tutorial myself to make sure everything works. I will drop you a note when I'm done which will also take care of the issues that are still open. |
|
@JST5000 1-7 is in, I've even played it through myself, repo here: https://github.com/AlexanderBuzz/xrpl-dev-desktop-wallet. Contains one commit per step, so it should work just from the explanation without jumping to external files. |
|
@JST5000 I forgot to push, now all steps are in. |
|
Hoping to review tomorrow :) |
|
Three remaining comments, but seems solid. I reached out to my teammate for next steps - once you've resolved those issues I'm happy to approve though! |
|
@JST5000 Ok, everything done, I left the bootstrap issue open for review. |
|
One last comment from me - There's an error check which would be super helpful to avoid the app performing very oddly when entering the wrong password right here: https://github.com/XRPLF/xrpl-dev-portal/pull/1964/files/183bed65b131bc7c12bca00bb414a77822eb8742#r1283698777 |
|
@JST5000 I've added that check, as simple as possible, in order to bloat this mote than necessary. Next thing to add would be a state manager :) |
There was a problem hiding this comment.
I was making good progress through the tutorial, fixing a couple typos and suggesting some non-critical improvements to the wording, until I got to step 4, where I found a big problem.
This tutorial, as written, creates a wallet that is vulnerable to the partial payments exploit because it uses the transaction's Amount field rather than delivered_amount. That needs to change. I also noticed some other discrepancies that stopped me at step 4.
It feels really close, but I definitely can't approve this until the vulnerability is fixed.
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/_code-samples/build-a-wallet/desktop-js/library/4_helpers.js
Outdated
Show resolved
Hide resolved
| // Step 4 code additions - start | ||
| const transactions = prepareTxData([{tx: transaction.transaction}]) | ||
| appWindow.webContents.send('update-transaction-data', transactions) | ||
| // Step 4 code additions - end |
There was a problem hiding this comment.
This part doesn't seem to be enough on its own. Comparing mine to the version of index.js in 4-tx-history/, I'm missing the "Initial Transaction Request" section (the steps as called out in the tutorial never have you add it) and I'm not sure if that or something else is why I was getting a ReferenceError: transaction is not defined error at this stage, and the transaction table not populating.
There was a problem hiding this comment.
It vanished from the tutorial somehow, I've re-added it
There was a problem hiding this comment.
I don't think these changes got pushed to the branch—it looks like they're still missing here.
|
P.S. the other JS wallet tutorial has a similar problem, although it was less obvious because it only says "Amount" rather than "Amount delivered". I've opened #2075 to get that one fixed ASAP as well. |
|
@mDuo13 I'll fix that when in back from APEX. |
|
Continuing today, but we should see that we get a lid on this now. With the squashed branch from a couple of weeks ago we're at over 350 commits. Don't know why this bounty is expected to provide 10x the value it is valued at. |
…ipt.md Co-authored-by: Rome Reginelli <[email protected]>
…ipt.md Co-authored-by: Rome Reginelli <[email protected]>
…ipt.md Co-authored-by: Rome Reginelli <[email protected]>
…ipt.md Co-authored-by: Rome Reginelli <[email protected]>
…ipt.md Co-authored-by: Rome Reginelli <[email protected]>
…ipt.md Co-authored-by: Rome Reginelli <[email protected]>
…ipt.md Co-authored-by: Rome Reginelli <[email protected]>
- added custom token to displayable amount
There was a problem hiding this comment.
Good stuff! I still ran into a couple problems when running through the tutorial, but at this point it's close enough that I'm happy to resolve them myself as I merge this. Thanks so much for your efforts! For what it's worth, I've put in a word to get you a bonus since the level of effort you put into this bounty was above and beyond.
| // Step 3 - Section start - this remains as it is, the rest is new | ||
| const ledgerIndexEl = document.getElementById('ledger-index') | ||
| const ledgerHashEl = document.getElementById('ledger-hash') | ||
| const ledgerCloseTimeEl = document.getElementById('ledger-close-time') | ||
|
|
||
| window.electronAPI.onUpdateLedgerData((_event, ledger) => { | ||
| ledgerIndexEl.innerText = ledger.ledgerIndex | ||
| ledgerHashEl.innerText = ledger.ledgerHash | ||
| ledgerCloseTimeEl.innerText = ledger.ledgerCloseTime | ||
| }) | ||
| // Step 3 - Section end |
There was a problem hiding this comment.
This doesn't actually remain "as it is" from the previous step, which uses snake_case fields like ledger.ledger_index instead of camelCase fields like the ledger.ledgerIndex fields now being passed in from prepareLedgerData(...).
Probably the easiest fix is to tell the user to replace the whole file.
| // Step 3 - Section start - this remains as it is, the rest is new | |
| const ledgerIndexEl = document.getElementById('ledger-index') | |
| const ledgerHashEl = document.getElementById('ledger-hash') | |
| const ledgerCloseTimeEl = document.getElementById('ledger-close-time') | |
| window.electronAPI.onUpdateLedgerData((_event, ledger) => { | |
| ledgerIndexEl.innerText = ledger.ledgerIndex | |
| ledgerHashEl.innerText = ledger.ledgerHash | |
| ledgerCloseTimeEl.innerText = ledger.ledgerCloseTime | |
| }) | |
| // Step 3 - Section end | |
| const ledgerIndexEl = document.getElementById('ledger-index') | |
| const ledgerHashEl = document.getElementById('ledger-hash') | |
| const ledgerCloseTimeEl = document.getElementById('ledger-close-time') | |
| window.electronAPI.onUpdateLedgerData((_event, ledger) => { | |
| ledgerIndexEl.innerText = ledger.ledgerIndex | |
| ledgerHashEl.innerText = ledger.ledgerHash | |
| ledgerCloseTimeEl.innerText = ledger.ledgerCloseTime | |
| }) |
| <form method="dialog"> | ||
| ``` | ||
|
|
||
| The table here will be filled dynamically with the accounts transactions. |
There was a problem hiding this comment.
Fix typo
| The table here will be filled dynamically with the accounts transactions. | |
| The table here will be filled dynamically with the account's transactions. |
| // Step 4 code additions - start | ||
| const transactions = prepareTxData([{tx: transaction.transaction}]) | ||
| appWindow.webContents.send('update-transaction-data', transactions) | ||
| // Step 4 code additions - end |
There was a problem hiding this comment.
I don't think these changes got pushed to the branch—it looks like they're still missing here.
| confirmed: transaction.tx.date, | ||
| type: transaction.tx.TransactionType, | ||
| from: transaction.tx.Account, | ||
| to: transaction.tx.Destination, |
There was a problem hiding this comment.
Since this function can get passed any type of transaction, we need to handle transactions that don't have a Destination field. This will return the string - if the field is undefined:
| to: transaction.tx.Destination, | |
| to: transaction.tx.Destination ?? "-", |
| } | ||
|
|
||
| const getDisplayableAmount = (rawAmount) => { | ||
| if (rawAmount === 'unavailable') { |
There was a problem hiding this comment.
Similar to above, not all transactions have a delivered_amount field. (There are ones that don't deliver value, like AccountSet for example, and ones that don't have it implemented like EscrowFinish.)
The browser wallet handles this in the code that calls this function, but for this tutorial I think it's easier to handle it here by adding a case for undefined:
| if (rawAmount === 'unavailable') { | |
| if (rawAmount === undefined) { | |
| // Not all transaction types have delivered_amount | |
| return "-" | |
| } else if (rawAmount === 'unavailable') { |
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
content/tutorials/build-apps/build-a-desktop-wallet-in-javascript.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Jackson Mills <[email protected]>
No description provided.