arconnectio / arconnect Goto Github PK

Can't use on mobile at all, extensions can't interact with mobile browsers.

To my surprise, during debugging, all my Transactions failed, yet my AR balance went down.

I suspect

              quantity: await getFeeAmount(storedAddress, arweave)

At: https://github.com/th8ta/ArConnect/blob/50c2333b7dbe8579bd9408e90a73a038c9e183a4/src/utils/background.ts#L125

Does not take into account uncommitted Transactions, and continues to charge the higher fee

I suppose the normal person won't clip/sign() so quickly, but other developers may do so during debugging (especially at first)

While I do appreciate your work, it doesn't "feel so awesome" to be paying for failed Txes (especially when it seems like the root of the issue stems from ArConnect and arweave-js integration).

Had to go from the blockchain logs, wonder who hacked my wallet and was stealing funds unrelated to my tx, finally found mention of it on the FAQ, then had to go debug the source too.

I suppose my case is a little unique if this is the last developer facing bug :) -- May consider a toggle switch during install/config for "tip the developer/VRT holders" that's a little more visible so it's a bit less "surprising". Could even make the user "wait a little bit" if they decide to say no tip (just spin a box, show an advert, let them click to tip to speed up the UI).

Environment:

Chrome: 94.0.4606.81
AR Connect Extension: 0.3.5
AR Balance in Wallet: 4.51 AR ($233)

Packages:

arweave: 1.10.18
react-scripts: 4.0.3
react: 17.0.2
typescript: 4.1.5

Purpose:

I'm building a decentralised version of YouTube, our platform uploads thumbnails and MP4 videos (multiple GBs in size) straight to ARWeave using the arweave-js package running in the browser in our React web app. I want to go live in coming weeks and I am currently blocked due to this issue.

Description of issue:

Any file I upload above 5MB causes await arweave.transactions.sign(transaction) to block for around 5 seconds, then throws the following Unhandled Exception in the console:

Uncaught (in promise) Error: Message length exceeded maximum allowed length.

This is not an error inside of arweave-js but the ARConnect extension.

Code:

const transaction = await arweave.createTransaction({ data: file })
transaction.addTag('Content-Type', 'video/mp4') 

await arweave.transactions.sign(transaction)

• the file is an ArrayBuffer of the MP4

Other important info

• Any file under 5MB works without any issue

Really hope you all can help :)

In the above example the renamed drive shows all of it's prior rename revisions instead of just the latest one.
The solution would be to just filter out drives with the same drive id from the list and only show the most recent;y updated one.

Suggest rewording to "Enter 12 or 24 word seedphrase" or "Enter seedphrase"

Is there any good reasons why ArConnect doesn't allow direct RSA encryption/decryption, without ArConnect's algorithm with adding symmetric keys there?

Originally mentioned here, but will start a new issue: #128 (comment)

Neither my first or 2nd transaction resulted in a successful U transfer, but the UI gives confirmation of success and a tx. My balance does not decrease, and the recipient's does not increase.

1st tx: https://viewblock.io/arweave/tx/DZ4LH5Udq4pAaban8gXhJEDBlCuvXL-bTA_ggsHZ6XA

2nd tx: https://viewblock.io/arweave/tx/6L-AzvLM3FJdpn2bfKFkp2uKxLRG13hdhUoAFVbYWDI

Keystone wallet, didn't support signMessage method.

I have some U and STAMP, but it won't show those tokens:

When a transaction is sent using arweave.js, an animation effect may appear in the bottom right corner of the page. However, the image file arweave.png.png currently in use does not exist.

Similar to walletSwitch, broadcast GatewayConfig and any changes to the window - this would allow dApps to let arconnect manage gateway configs globally vs. inter-app.

When visiting some websites (typically French taxes or some online shops and specific websites like SUTOM), ArConnect is literally blocking the website from running or login, which is very inconvenient as you could imagine.

The only error I've got on Brave or Firefox with ArConnect installed, visiting SUTOM is this:

Uncaught Error: Mismatched anonymous define() module: function(){return e}
https://requirejs.org/docs/errors.html#mismatch

Pure RSA signature method is not secure. You can easily sign arweave transactions with it, without any knowledge from user that he signs something. This will be honeypot for various scams as soon as arweave eco gets popular.
I propose to take signMessage method from arweave.app ( https://github.com/jfbeats/ArweaveWebWallet/blob/cc6cbeaaa502671b6e362c066bebe252dc19998c/src/providers/Arweave.ts#L209 ), which does hash message before signing it. This way we can achieve almost any logic that you would need to achieve using signature method, while it being much more secure (as you cannot sign arweave transactions with it).

The docs seem to indicate that I can display an image alongside my app name when requesting the user connect to ArConnect, it seems to indicate that it expects a string, but how should i encode my image inside a string? the docs is not clear about this, B64 encode? or something else?

{
  name?: string; // optional application name
  logo?: string; // optional application logo
}

Might want to make a note in the docs too

I'm trying to sign data items to bundle them into a single tx using ArBundles and i'm running into an issue using the signature method. The return type of the method is Promise<string> but it's returning a plain Object. I'm struggling to debug why :)

async sign(message: Uint8Array): Promise<Uint8Array> {
  const signature = await window.arweaveWallet.signature(message, {
    name: "RSA-PSS",
    saltLength: 32,
  })
  console.log('SIGNING WITH THIS SIGNATURE', signature)

  return Buffer.from(signature) // This line will fail as signature is not a string as expected
}

This is running in a browser environment (Brave Version 1.34.81 Chromium: 97.0.4692.99 (Official Build) (64-bit))
Buffer is provided by a dependency in the arbundles package and implements Uint8Array

The return line in the above method will error with the following:

TypeError: First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.

Any pointers or advice? Thanks!

• Background script should delete unused chunks every hour/day

https://github.com/arconnectio/ArConnect/blob/development/.github/CONTRIBUTING.md is 404

arconnect v1.0.5 window.arweaveWallet undefined and the arweaveWalletLoaded event nerver emit

Whenever there's an interaction with a wallet, a ton of error messages

is being logged in the console.

Instead of the 'arweave' "confetti" effect - a confetti of "broken image" icons is displayed.

ArConnect version 0.5.1 (tried reinstalling - did not help)
Chrome: Version 106.0.5249.119 (Official Build) (arm64)

Application is running locally.

Hi guys, ArConnect really amazing product, congratulations on your success!

When creating a wallet, I found that when the user finishes creating the wallet, clicking on an area other than the Modal will cause the popup window to close. Once the user accidentally closes the Modal, they have to wait again for a while to generate a new wallet.
After going through the code I think the code that affects this behavior is here: Welcome/App.tsx#L462, Perhaps we can improve the user experience by adding a props(disableBackdropClick) to the Modal:

<Modal {...loadWalletsModal.bindings} disableBackdropClick>
  ...
</Modal>

Thank you for your work and for making me enjoy the convenience of Arweave even more!

Accessing permissions works fine, but an error get thrown:
Unchecked runtime.lastError: The message port closed before a response was received

And therefore, this error cause error in transaction's signing : Uncaught (in promise) Error signing transaction

I thought it may be due to end-user syntax error, however it seems a mishandled async response to runtime.sendMessage as i checked another dapp using ArConnect as the main and only login option (found on Arweave discord: https://arweave.net/AEn40YjdI2FEeK66pZfBljkHYgmGTD8ONWNhIqbAk3U ) and it has similar logged errors.

Assuming a configured ArConnect (chrome store or yarn build from source) with wallet+AR Funding + chrome extensions permissions granted

If you start from here:
https://github.com/th8ta/arconnect-examples/blob/master/js/main.js#L68

and use

  await window.arweaveWallet.sign(tx);

Then the tx object will not have the signature.

Instead if you use

let stx =   await window.arweaveWallet.sign(tx);

Then eventually stx will have the signature, but for whatever reason it is missing the 'chucks' key/value object.

It seems to have something to do with with copying of the object during signing:
background/api/transaction.ts

       decodeTransaction =
                                                arweave.transactions.fromRaw({
                                                        ...message.transaction,
                                                        owner: keyfile.n
                                                });

// some code removed
                                await arweave.transactions.sign(
                                        decodeTransaction,
                                        keyfile,
                                        message.signatureOptions
                                );

Where somehow the incoming tx as message.transaction doesn't seem to keep chunks going into decodeTransaction... or.....

somehow this sign function (not sure) drops the chunks.

                                                        resolve(await sign());

This has an effect later because the format 2 upload loop fails.

  let uploader = await arweave.transactions.getUploader(stx);

with the error

injected.js:12 Uncaught (in promise) Error: Transaction chunks not prepared

manually copying the chunks object fixes the issue:

  let stx  = await window.arweaveWallet.sign(tx);
  stx.chunks = {...tx.chunks};

But then we run into the next problem where the current arweave-js for whatever reason fails to upload the chunks after the initial tx post.

based on:

while (!uploader.isComplete) {
  await uploader.uploadChunk();
  console.log(`${uploader.pctComplete}% complete, ${uploader.uploadedChunks}/${uploader.totalChunks}`);
}

You would expect to see 0% complete as the first debug message as it forces a post first due to:

"src/common/lib/transaction-uploader.ts"

                if (!this.txPosted) {
                        await this.postTransaction();
                        return;
                }

But in reality, for whatever reason, the first debug message prints as 100% complete.

Yes we do get the HTTP POST /tx

However never HTTP POST /chunk, which seems completely impossible since the "return" should have prevented "this.chunkIndex++;". So maybe somewhere an old version of arweave-js is getting pulled in, but I could not find any such sign.

So of course Arweave never gets the actual chunk data.

It seems that without using ArConnect, that the signed tx retains both the tx.data and tx.chunks{} object. But the upload loop equally strangely "fails" and only posts. However since the data is retained in the tx object, then it posts along with the initial POST /tx, and therefore succeeds (based on the short 88 byte demo data in the arconnect-examples repo).

Looks like arweave-js "src/common/lib/transaction-uploader.ts" shoves the data into the first POST /tx if it's small enough based on

        // POST to /tx
        private async postTransaction(): Promise<void> {
                const uploadInBody = this.totalChunks <= MAX_CHUNKS_IN_BODY;

So it may just be an issue of copying data as well.

Yes indeed this works

  let stx  = await window.arweaveWallet.sign(tx);
  stx.data = tx.data;
  stx.chunks = {...tx.chunks};

But I'm not sure why data and chunks don't carry to the signed tx in the first place

Not sure if this is a known issue or not, but just sharing what I found.

ArConnect @ SHA 28cfd3a
arconnect-examples @ SHA f8072bd (current master)

arweave@^1.10.0, arweave@^1.10.11, arweave@^1.10.13, arweave@^1.10.14, arweave@^1.10.15, arweave@^1.9.1:
  version "1.10.16"
  resolved "https://registry.yarnpkg.com/arweave/-/arweave-1.10.16.tgz#b968590cb413242636196d2339562dd106840bb9"
  integrity sha512-j2UM7C/2MHO7Mv7wbzhihgVs8uN2+QltA+3cYaM82dNNEBBJylIClJUHHMqsK/2ejCnziQm4FofiUFbsQDdQDg==
  dependencies:
    arconnect "^0.2.8"
    asn1.js "^5.4.1"
    axios "^0.21.1"
    base64-js "^1.3.1"
    bignumber.js "^9.0.1"

Currently, if an ardrive-enabled wallet has a private drive, it will break the list of available drives for the Web Page Archiver.

Steps to replicate:

1. Log into app.ardrive.io with an arweave wallet
2. Create a private drive
3. Add that same wallet into ArConnect
4. Archive a Web Page using the same wallet
5. The "Please Select a Drive" list will infinitely load.

ArConnect should only load available public drives. When performing the GQL query to list users drives, the Drive-Privacy: "public" tag can be used to only return public drives from the user.

I have some U, but the ARconnect wallet shows 0. Is this a known bug?

You can see Bazaar picks it up:

Hello,

ArConnect traps this error without getting it back to the application:

Uncaught (in promise) Error: ArConnect does not currently support dispatching transactions with data greater than 120000 bytes.

Here is a minimal code that demonstrate the issue. The catch section is never entered.

Thank you.

I'm seeing just a white line flash where the extension's panel should be.

Hi， I encountered some errors when I build the arconnect

"https://registry.yarnpkg.com/ccxt/-/ccxt-1.58.70.tgz: Request failed \"404 Not Found\"

Can someone know how to solve the problem?

Hi,
Is there anyay to get this to work with the TestWeave in a public facing DAPP?

When you migrate from the previous version, it still shows you a seed entry box. This is optional, but it was confusing at first as it makes it seem like it's asking for the old seed. If you continue, you get your wallet. If you re-add, you still get your single account added.

Understandably, the ability for a page to to access all addresses in ArConnect should be behind a permission. However, there's no way for the page to detect if the wallet was switched at all, even if it doesn't have permission to view the new address.

Would it be possible to fire the event anyway but not provide the new address? This way, the page could revert to an un-authenticated state.

Alternatively, this could be solved by adding a walletDisconnected event, fired when a wallet is switched but the new address isn't connected to the page or the page doesn't have ACCESS_ALL_ADDRESSES permission.

The "Read and change all your data on all websites" looks kinda invasive :-)

Though I see that other wallets (like the Cardano's Yoroi) have a similar "feature"
Emurgo/yoroi-frontend#2655

I pinned the ArConnect extension in the Chrome extensions manager, so that its icon is visible on the browser UI. When I click the icon, I see what appears to be the bottom of an extension's window near the top of Chrome, but only a small portion of such a window, with no content at all.

ArConnect version v1.0.9

ever if there have ACCESS_ADDRESS and ACCESS_ALL_ADDRESSES permisions

Hi,
I am trying to use this along with Arweave js Library in an angular 11 project.

i added the typings npm package and i am referencing the types. But i keep getting this error.

Error: node_modules/arweave/node/transactions.d.ts:78:9 - error TS2717: Subsequent property declarations must have the same type.  Property 'arweaveWallet' must be of type '{ connect(permissions: PermissionType[], appInfo?: AppInfo): Promise<void>; disconnect(): Promise<void>; getActiveAddress(): Promise<string>; ... 6 more ...; getArweaveConfig(): Promise<...>; }', but here has type '{ getPermissions(): Promise<PermissionType[]>; sign(transaction: Transaction, options?: SignatureOptions): Promise<Transaction>; connect(permissions: PermissionType[]): Promise<...>; }'.

78         arweaveWallet: {
           ~~~~~~~~~~~~~

  node_modules/arconnect/index.d.ts:9:5
    9     arweaveWallet: {
          ~~~~~~~~~~~~~
    'arweaveWallet' was also declared here.

Hi,

just came across this and wanted to integrate it with my site.
However I am using arbundles and they require each dataItem to sign with an ArweaveSigner.
How would this translate, if possible, with ArConnect?

Description

When requesting that a user connects it's wallet,if the user cancels the operation in the pop-up, the arconnect overlay does not get removed.

Additional Information

Result after cancelling connection

Connection code:

const asyncConnectWallet = async (dispatch: Dispatch<WalletAction>) => {
  try {
    const currentPermissions = await window.arweaveWallet.getPermissions();
    if (!_.isEqual(currentPermissions, DEFAULT_PERMISSSIONS)) {
      await window.arweaveWallet.connect(DEFAULT_PERMISSSIONS);
    }
    const addr = await window.arweaveWallet.getActiveAddress();
    dispatch({ type: 'wallet_connected', address: addr });
    const winstonBalance = await arweave.wallets.getBalance(addr);
    dispatch({
      type: 'wallet_balance_updated',
      balance: parseFloat(arweave.ar.winstonToAr(winstonBalance)),
    });
  } catch (error) {
    console.log(error);
  }
};

I can catch the error but i dont know how to handle to remove the overlay.

https://www.npmjs.com/package/@types/arconnect

is missing the DISPATCH permission type causing strict type checkers to 🤮