Improve UX of TypedData usage #1198
Conversation
__tests__/rpcProvider.test.ts
Outdated
|
|
||
| describeIfDevnet('EIP712 verification', () => { | ||
| // currently only in Devnet-rs, because can fail in Sepolia. | ||
| // to test in all cases once PR#989 implemented. |
There was a problem hiding this comment.
This comment has been addressed through #1128
So, we can either remove it or add more tests
There was a problem hiding this comment.
If the problem is solved, then it can be made in all networks.
Modified.
There was a problem hiding this comment.
I didn't verify about devnet vs testnet :D I just saw that PR#989 was merged
There was a problem hiding this comment.
Well, my PR#989 has not been merged : Tony closed it, implementing its own PR#1128 on this subject.
So, I suppose that he made the necessary tests to validate that it now works everywhere in all networks.
| export function verifyMessage( | ||
| message: BigNumberish | TypedData, | ||
| signature: Signature, | ||
| fullPublicKey: BigNumberish, | ||
| accountAddress?: BigNumberish | ||
| ): boolean { |
There was a problem hiding this comment.
| export function verifyMessage( | |
| message: BigNumberish | TypedData, | |
| signature: Signature, | |
| fullPublicKey: BigNumberish, | |
| accountAddress?: BigNumberish | |
| ): boolean { | |
| export function verifyMessage( | |
| message: TypedData, | |
| signature: Signature, | |
| fullPublicKey: BigNumberish, | |
| accountAddress: BigNumberish | |
| ): boolean; | |
| export function verifyMessage( | |
| message: BigNumberish, | |
| signature: Signature, | |
| fullPublicKey: BigNumberish | |
| ): boolean; | |
| export function verifyMessage( | |
| message: BigNumberish | TypedData, | |
| signature: Signature, | |
| fullPublicKey: BigNumberish, | |
| accountAddress?: BigNumberish | |
| ): boolean { |
These overrides should make the parameter relationship explicit within TS.
There was a problem hiding this comment.
@penovicp
Once modified, the code is not compiling :
src/utils/typedData.ts:632:17
632 export function verifyMessage(
~~~~~~~~~~~~~
The call would have succeeded against this implementation, but implementation signatures of overloads are not externally visible.
What's this???
There was a problem hiding this comment.
Don't ask me why, but this is working :
export function verifyMessage(
message: TypedData,
signature: Signature,
fullPublicKey: BigNumberish,
accountAddress: BigNumberish
): boolean;
export function verifyMessage(
message: BigNumberish,
signature: Signature,
fullPublicKey: BigNumberish
): boolean;
export function verifyMessage(
message: BigNumberish | TypedData,
signature: Signature,
fullPublicKey: BigNumberish,
accountAddress?: BigNumberish
): boolean;
export function verifyMessage(
message: BigNumberish | TypedData,
signature: Signature,
fullPublicKey: BigNumberish,
accountAddress?: BigNumberish
): boolean {There was a problem hiding this comment.
The error is probably from one of the failure tests where the parameters are deliberately wrong. I'll double check soon and add a tweak if I'm right. Either way I'll approve the PR.
Edit: Yes, the error was from a failure test. Essentially it was complaining that the call will work but that it was using a mix of two overrides, this would be a potential issue in actual code but the test was wrong deliberately. When you added the new override the test call aligned with it so it stopped complaining. I added an any cast in the relevant test instead.
src/utils/num.ts
Outdated
| return ( | ||
| isNumber(input) || | ||
| isBigInt(input) || | ||
| (typeof input === 'string' && (isHex(input) || /^[0-9]*$/i.test(input))) |
There was a problem hiding this comment.
| (typeof input === 'string' && (isHex(input) || /^[0-9]*$/i.test(input))) | |
| (typeof input === 'string' && (isHex(input) || isStringWholeNumber(input))) |
Without the change isBigNumberish('') would return true.
__tests__/utils/ec.test.ts
Outdated
| @@ -0,0 +1,10 @@ | |||
| import { ec } from '../../src'; | |||
|
|
|||
| describe.only('ec full public key', () => { | |||
There was a problem hiding this comment.
| describe.only('ec full public key', () => { | |
| describe('ec full public key', () => { |
There was a problem hiding this comment.
Moved in stark test
__tests__/utils/num.test.ts
Outdated
| @@ -216,3 +216,14 @@ describe('stringToSha256ToArrayBuff4', () => { | |||
| expect(buff).toEqual(new Uint8Array([43, 206, 231, 219])); | |||
| }); | |||
| }); | |||
|
|
|||
| describe.only('isBigNumberish', () => { | |||
There was a problem hiding this comment.
| describe.only('isBigNumberish', () => { | |
| describe('isBigNumberish', () => { |
src/utils/ec.ts
Outdated
| * // result = "0x0400b730bd22358612b5a67f8ad52ce80f9e8e893639ade263537e6ef35852e5d3057795f6b090f7c6985ee143f798608a53b3659222c06693c630857a10a92acf" | ||
| * ``` | ||
| */ | ||
| export function getFullPublicKey(privateKey: BigNumberish): string { |
There was a problem hiding this comment.
I would prefer to avoid expanding utils/ec.ts to keep its identity as a submodule alias. I would suggest moving this method to utils/stark.ts.
src/utils/ec.ts
Outdated
| * ``` | ||
| */ | ||
| export function getFullPublicKey(privateKey: BigNumberish): string { | ||
| const privKey = addHexPrefix(BigInt(privateKey).toString(16)); |
There was a problem hiding this comment.
| const privKey = addHexPrefix(BigInt(privateKey).toString(16)); | |
| const privKey = toHex(privateKey); |
There was a problem hiding this comment.
Not possible.
Dependency cycle
Once moved in stark, I was able to change to toHex
# [6.13.0](v6.12.1...v6.13.0) (2024-08-27) ### Bug Fixes * repair enum type lookup for typed data hashing ([36f8c3c](36f8c3c)) * sync cryptographic dependencies ([da20310](da20310)) ### Features * implement SNIP-9 outside execution functionality ([#1208](#1208)) ([e3c80c5](e3c80c5)), closes [#1111](#1111) [#1202](#1202) * improve message verification utilities ([#1198](#1198)) ([bdad9a5](bdad9a5))
|
🎉 This issue has been resolved in version 6.13.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Motivation and Resolution
Solves #529
Several users have reported difficulties to use signature and verification of
TypedData(SNIP-12, EIP712), especially with relatedAccountmethods.Account.verifyMessage()&Account.verifyMessageHash()are shadowed.Provider.verifyMessageInStarknet()method has been added.ec.getFullPublikey()helper has been added.typedData.verifyMessage()function has been added.Usage related changes
Important
No breaking changes in this PR.
Account.verifyMessage()&Account.verifyMessageHash()needs to instantiate a fake Account with a fake private key, these functions are shadowed (tagged as @ deprecated) and are replaced byProvider.verifyMessageInStarknet().It clarify also that this verification is working by interacting with Starknet.
can now also be made with
It was problematic to verify a message outside of Starknet, with usage of low level functions and problematic types ( Uint8Array, ArraySignature not supported, ...).
We have now a dedicated function, with friendly types (
BigNumberish,Signature, ...) :Development related changes
verifyMessage()&verifyMessageHash()have been removed from the Account interface.verifyMessageInStarknet()has not been added in RpcProvider class, to not impact users implementations.Account.verifyMessage()&Account.verifyMessageHash()has been refactored inProvider.verifyMessageInStarknet().num.isBigNumberish(),typedData.verifyMessage()&ec.getFullPublikey()Account.verifyMessage()&Account.verifyMessageHash()have been removed.All new functions includes JSDoc, and have been explained in the Signature guide.
Checklist: