feat: re-enable IPFS validation for registry scripts

Author: micwallace

javascript/engine-js/src/Engine.ts

@@ -134,7 +134,9 @@ export class TokenScriptEngine {
 
 		const resolveResult = await this.repo.getTokenScript(sourceId, forceRefresh);
 
-		return await this.initializeTokenScriptObject(resolveResult.xml, resolveResult.type, resolveResult.sourceId, resolveResult.sourceUrl, resolveResult, viewBinding);
+		const {xml, ...sourceInfo} = resolveResult;
+
+		return await this.initializeTokenScriptObject(resolveResult.xml, resolveResult.type, resolveResult.sourceId, resolveResult.sourceUrl, sourceInfo, viewBinding);
 	}
 
 	/**

javascript/engine-js/src/security/SecurityInfo.ts

@@ -85,6 +85,8 @@ export class SecurityInfo {
 			this.originStatuses[name] = originStatus;
 		}
 
+		// TODO: Show third party message when in warning state
+
 		if (originFailCount === 0){
 			this.securityInfo.status = SecurityStatus.VALID;
 			this.securityInfo.statusText = this.securityInfo.trustedKey ? "The TokenScript is signed by a trusted key" : "The TokenScript is authenticated for use with all specified token origins.";

javascript/engine-js/src/tokenScript/Origin.ts

@@ -204,9 +204,13 @@ export class Origin {
 		const scriptSource = this.tokenScript.getSourceInfo();
 		const [chain, contractAddress] = (scriptSource.tsId ?? "").split("-");
 
+		console.log("Script Info ", scriptSource.scriptInfo);
+
 		// The same script Cid should be specified for all addresses in the same contract scriptUri in order to be valid
 		const addresses = contract.getAddresses();
 
+		let authenticated: boolean = null;
+
 		for (const i in addresses){
 
 			const address = addresses[i];
@@ -215,14 +219,12 @@ export class Origin {
 
 			if (
 				contractAddress &&
-				scriptSource.source === "scriptUri" &&
-				address.address === contractAddress &&
+				address.address.toLowerCase() === contractAddress.toLowerCase() &&
 				address.chain === parseInt(chain)
 			){
 				scriptUri = scriptSource.sourceUrl;
 			} else {
 				// We could fetch the scriptURI of the contract and compare the IPFS hash, but for the moment this seems like overkill and is slow
-				return;
 				/*try {
 					scriptUri = await this.tokenScript.getEngine().getScriptUri(address.chain, address.address);
 				} catch (e) {
@@ -232,6 +234,10 @@ export class Origin {
 				//       JB: Yes.
 			}
 
+			if (authenticated !== false){
+				authenticated = scriptSource.source === ScriptSourceType.SCRIPT_URI || scriptSource.scriptInfo?.authenticated;
+			}
+
 			console.log("IPFS Validator: checking source URL ", scriptUri);
 
 			if (!scriptUri) {
@@ -254,8 +260,14 @@ export class Origin {
 
 		this.securityStatus = {
 			type: AuthenticationType.IPFS_CID,
-			status: SecurityStatus.VALID,
-			statusText: "The TokenScript IPFS CID matches the scriptURI specified by the contract"
+			status: authenticated ? SecurityStatus.VALID : SecurityStatus.WARNING,
+			statusText:
+				(authenticated ?
+					"This TokenScript has been set by the contract owner" :
+					"This is a third party TokenScript, please sign any transaction with care") + "\n" +
+				(scriptSource.source === ScriptSourceType.SCRIPT_URI ?
+					"The IPFS CID matches the scriptURI specified by the contract" :
+					"The IPFS CID matches the scriptURI specified by the registry")
 		}
 	}
 }

javascript/tokenscript-viewer/src/components.d.ts

@@ -14,7 +14,6 @@ import { JSX } from "@stencil/core";
 import { TokenScript as TokenScript1 } from "@tokenscript/engine-js/src/TokenScript";
 import { IntegrationViewer } from "./components/viewers/integration/integration-viewer";
 import { ITxValidationInfo } from "../../engine-js/src/security/TransactionValidator";
-import { TokenScript as TokenScript2 } from "@tokenscript/engine-js/dist/lib.esm/TokenScript";
 import { ScriptInfo } from "@tokenscript/engine-js/src/repo/sources/SourceInterface";
 import { Card } from "@tokenscript/engine-js/src/tokenScript/Card";
 import { TabbedViewer } from "./components/viewers/tabbed/tabbed-viewer";
@@ -30,7 +29,6 @@ export { JSX } from "@stencil/core";
 export { TokenScript as TokenScript1 } from "@tokenscript/engine-js/src/TokenScript";
 export { IntegrationViewer } from "./components/viewers/integration/integration-viewer";
 export { ITxValidationInfo } from "../../engine-js/src/security/TransactionValidator";
-export { TokenScript as TokenScript2 } from "@tokenscript/engine-js/dist/lib.esm/TokenScript";
 export { ScriptInfo } from "@tokenscript/engine-js/src/repo/sources/SourceInterface";
 export { Card } from "@tokenscript/engine-js/src/tokenScript/Card";
 export { TabbedViewer } from "./components/viewers/tabbed/tabbed-viewer";
@@ -108,9 +106,6 @@ export namespace Components {
     interface OpenseaViewer {
         "app": AppRoot;
     }
-    interface OtherTappsButton {
-        "tokenScript": TokenScript2;
-    }
     interface PopoverDialog {
         "closeDialog": () => Promise<void>;
         "dialogClasses": string[];
@@ -490,12 +485,6 @@ declare global {
         prototype: HTMLOpenseaViewerElement;
         new (): HTMLOpenseaViewerElement;
     };
-    interface HTMLOtherTappsButtonElement extends Components.OtherTappsButton, HTMLStencilElement {
-    }
-    var HTMLOtherTappsButtonElement: {
-        prototype: HTMLOtherTappsButtonElement;
-        new (): HTMLOtherTappsButtonElement;
-    };
     interface HTMLPopoverDialogElement extends Components.PopoverDialog, HTMLStencilElement {
     }
     var HTMLPopoverDialogElement: {
@@ -760,7 +749,6 @@ declare global {
         "mooar-viewer": HTMLMooarViewerElement;
         "new-viewer": HTMLNewViewerElement;
         "opensea-viewer": HTMLOpenseaViewerElement;
-        "other-tapps-button": HTMLOtherTappsButtonElement;
         "popover-dialog": HTMLPopoverDialogElement;
         "script-select-dialog": HTMLScriptSelectDialogElement;
         "security-status": HTMLSecurityStatusElement;
@@ -867,9 +855,6 @@ declare namespace LocalJSX {
         "onShowLoader"?: (event: OpenseaViewerCustomEvent<void>) => void;
         "onShowToast"?: (event: OpenseaViewerCustomEvent<ShowToastEventArgs>) => void;
     }
-    interface OtherTappsButton {
-        "tokenScript"?: TokenScript2;
-    }
     interface PopoverDialog {
         "dialogClasses"?: string[];
         "dialogStyles"?: {[cssProp: string]: string};
@@ -1016,7 +1001,6 @@ declare namespace LocalJSX {
         "mooar-viewer": MooarViewer;
         "new-viewer": NewViewer;
         "opensea-viewer": OpenseaViewer;
-        "other-tapps-button": OtherTappsButton;
         "popover-dialog": PopoverDialog;
         "script-select-dialog": ScriptSelectDialog;
         "security-status": SecurityStatus;
@@ -1068,7 +1052,6 @@ declare module "@stencil/core" {
             "mooar-viewer": LocalJSX.MooarViewer & JSXBase.HTMLAttributes<HTMLMooarViewerElement>;
             "new-viewer": LocalJSX.NewViewer & JSXBase.HTMLAttributes<HTMLNewViewerElement>;
             "opensea-viewer": LocalJSX.OpenseaViewer & JSXBase.HTMLAttributes<HTMLOpenseaViewerElement>;
-            "other-tapps-button": LocalJSX.OtherTappsButton & JSXBase.HTMLAttributes<HTMLOtherTappsButtonElement>;
             "popover-dialog": LocalJSX.PopoverDialog & JSXBase.HTMLAttributes<HTMLPopoverDialogElement>;
             "script-select-dialog": LocalJSX.ScriptSelectDialog & JSXBase.HTMLAttributes<HTMLScriptSelectDialogElement>;
             "security-status": LocalJSX.SecurityStatus & JSXBase.HTMLAttributes<HTMLSecurityStatusElement>;

javascript/tokenscript-viewer/src/components/common/tokens-grid/token-security-status-popover.tsx

@@ -29,6 +29,10 @@ export class TokenSecurityStatus {
 				this.statusColor = "#3bd23b";
 				this.statusIcon = "✔";
 				break;
+			case TSSecurityStatus.WARNING:
+				this.statusColor = "#ff871d";
+				this.statusIcon = "✔";
+				break;
 			case TSSecurityStatus.INVALID:
 			default:
 				this.statusColor = "#ff4f4f";
@@ -48,7 +52,7 @@ export class TokenSecurityStatus {
 				<Host>
 					<popover-dialog ref={(el) => this.dialog = el as HTMLPopoverDialogElement} dialogStyles={{background: "#fff !important", color: "#000 !important"}}>
 						<h1 class="security-popover-icon" style={{color: this.statusColor}}>{this.statusIcon}</h1>
-						<strong>{this.securityInfo.statusText}</strong>
+						<strong innerHTML={this.securityInfo.statusText.replaceAll("\n", "<br/>")}/>
 						<p style={{wordWrap: "break-word"}} innerHTML={this.getDetailedSecurityInfo().replaceAll("\n", "<br/>")}>
 						</p>
 					</popover-dialog>

javascript/tokenscript-viewer/src/components/common/tokens-grid/token-security-status.tsx

@@ -30,6 +30,10 @@ export class TokenSecurityStatus {
 				this.statusColor = "#3bd23b";
 				this.statusIcon = "✔";
 				break;
+			case TSSecurityStatus.WARNING:
+				this.statusColor = "#ff871d";
+				this.statusIcon = "✔";
+				break;
 			case TSSecurityStatus.INVALID:
 			default:
 				this.statusColor = "#ff4f4f";