arconnectio / arconnect Goto Github PK
View Code? Open in Web Editor NEW๐ฆ Secure wallet management for Arweave
Home Page: https://arconnect.io
License: MIT License
๐ฆ Secure wallet management for Arweave
Home Page: https://arconnect.io
License: MIT License
Can't use on mobile at all, extensions can't interact with mobile browsers.
To my surprise, during debugging, all my Transactions failed, yet my AR balance went down.
I suspect
quantity: await getFeeAmount(storedAddress, arweave)
Does not take into account uncommitted Transactions, and continues to charge the higher fee
I suppose the normal person won't clip/sign() so quickly, but other developers may do so during debugging (especially at first)
While I do appreciate your work, it doesn't "feel so awesome" to be paying for failed Txes (especially when it seems like the root of the issue stems from ArConnect and arweave-js integration).
Had to go from the blockchain logs, wonder who hacked my wallet and was stealing funds unrelated to my tx, finally found mention of it on the FAQ, then had to go debug the source too.
I suppose my case is a little unique if this is the last developer facing bug :) -- May consider a toggle switch during install/config for "tip the developer/VRT holders" that's a little more visible so it's a bit less "surprising". Could even make the user "wait a little bit" if they decide to say no tip (just spin a box, show an advert, let them click to tip to speed up the UI).
Chrome: 94.0.4606.81
AR Connect Extension: 0.3.5
AR Balance in Wallet: 4.51 AR ($233)
arweave: 1.10.18
react-scripts: 4.0.3
react: 17.0.2
typescript: 4.1.5
I'm building a decentralised version of YouTube, our platform uploads thumbnails and MP4 videos (multiple GBs in size) straight to ARWeave using the arweave-js
package running in the browser in our React web app. I want to go live in coming weeks and I am currently blocked due to this issue.
Any file I upload above 5MB causes await arweave.transactions.sign(transaction)
to block for around 5 seconds, then throws the following Unhandled Exception in the console:
Uncaught (in promise) Error: Message length exceeded maximum allowed length.
This is not an error inside of arweave-js
but the ARConnect
extension.
const transaction = await arweave.createTransaction({ data: file })
transaction.addTag('Content-Type', 'video/mp4')
await arweave.transactions.sign(transaction)
file
is an ArrayBuffer
of the MP4Really hope you all can help :)
Is there any good reasons why ArConnect doesn't allow direct RSA encryption/decryption, without ArConnect's algorithm with adding symmetric keys there?
Originally mentioned here, but will start a new issue: #128 (comment)
Neither my first or 2nd transaction resulted in a successful U transfer, but the UI gives confirmation of success and a tx. My balance does not decrease, and the recipient's does not increase.
1st tx: https://viewblock.io/arweave/tx/DZ4LH5Udq4pAaban8gXhJEDBlCuvXL-bTA_ggsHZ6XA
2nd tx: https://viewblock.io/arweave/tx/6L-AzvLM3FJdpn2bfKFkp2uKxLRG13hdhUoAFVbYWDI
Keystone wallet, didn't support signMessage method.
Similar to walletSwitch
, broadcast GatewayConfig
and any changes to the window - this would allow dApps to let arconnect
manage gateway configs globally vs. inter-app.
When visiting some websites (typically French taxes or some online shops and specific websites like SUTOM), ArConnect is literally blocking the website from running or login, which is very inconvenient as you could imagine.
The only error I've got on Brave or Firefox with ArConnect installed, visiting SUTOM is this:
Uncaught Error: Mismatched anonymous define() module: function(){return e}
https://requirejs.org/docs/errors.html#mismatch
Pure RSA signature method is not secure. You can easily sign arweave transactions with it, without any knowledge from user that he signs something. This will be honeypot for various scams as soon as arweave eco gets popular.
I propose to take signMessage method from arweave.app ( https://github.com/jfbeats/ArweaveWebWallet/blob/cc6cbeaaa502671b6e362c066bebe252dc19998c/src/providers/Arweave.ts#L209 ), which does hash message before signing it. This way we can achieve almost any logic that you would need to achieve using signature method, while it being much more secure (as you cannot sign arweave transactions with it).
The docs seem to indicate that I can display an image alongside my app name when requesting the user connect to ArConnect, it seems to indicate that it expects a string, but how should i encode my image inside a string? the docs is not clear about this, B64 encode? or something else?
{
name?: string; // optional application name
logo?: string; // optional application logo
}
Might want to make a note in the docs too
I'm trying to sign data items to bundle them into a single tx using ArBundles
and i'm running into an issue using the signature
method. The return type of the method is Promise<string>
but it's returning a plain Object. I'm struggling to debug why :)
async sign(message: Uint8Array): Promise<Uint8Array> {
const signature = await window.arweaveWallet.signature(message, {
name: "RSA-PSS",
saltLength: 32,
})
console.log('SIGNING WITH THIS SIGNATURE', signature)
return Buffer.from(signature) // This line will fail as signature is not a string as expected
}
This is running in a browser environment (Brave Version 1.34.81 Chromium: 97.0.4692.99 (Official Build) (64-bit))
Buffer
is provided by a dependency in the arbundles
package and implements Uint8Array
The return line in the above method will error with the following:
TypeError: First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.
Any pointers or advice? Thanks!
arconnect v1.0.5 window.arweaveWallet undefined and the arweaveWalletLoaded event nerver emit
Whenever there's an interaction with a wallet, a ton of error messages
is being logged in the console.
Instead of the 'arweave' "confetti" effect - a confetti of "broken image" icons is displayed.
ArConnect version 0.5.1 (tried reinstalling - did not help)
Chrome: Version 106.0.5249.119 (Official Build) (arm64)
Application is running locally.
Hi guys, ArConnect really amazing product, congratulations on your success!
When creating a wallet, I found that when the user finishes creating the wallet, clicking on an area other than the Modal will cause the popup window to close. Once the user accidentally closes the Modal, they have to wait again for a while to generate a new wallet.
After going through the code I think the code that affects this behavior is here: Welcome/App.tsx#L462, Perhaps we can improve the user experience by adding a props(disableBackdropClick
) to the Modal:
<Modal {...loadWalletsModal.bindings} disableBackdropClick>
...
</Modal>
Thank you for your work and for making me enjoy the convenience of Arweave even more!
Accessing permissions works fine, but an error get thrown:
Unchecked runtime.lastError: The message port closed before a response was received
And therefore, this error cause error in transaction's signing : Uncaught (in promise) Error signing transaction
I thought it may be due to end-user syntax error, however it seems a mishandled async response to runtime.sendMessage
as i checked another dapp using ArConnect as the main and only login option (found on Arweave discord: https://arweave.net/AEn40YjdI2FEeK66pZfBljkHYgmGTD8ONWNhIqbAk3U ) and it has similar logged errors.
Assuming a configured ArConnect (chrome store or yarn build from source) with wallet+AR Funding + chrome extensions permissions granted
If you start from here:
https://github.com/th8ta/arconnect-examples/blob/master/js/main.js#L68
and use
await window.arweaveWallet.sign(tx);
Then the tx object will not have the signature.
Instead if you use
let stx = await window.arweaveWallet.sign(tx);
Then eventually stx will have the signature, but for whatever reason it is missing the 'chucks' key/value object.
It seems to have something to do with with copying of the object during signing:
background/api/transaction.ts
decodeTransaction =
arweave.transactions.fromRaw({
...message.transaction,
owner: keyfile.n
});
// some code removed
await arweave.transactions.sign(
decodeTransaction,
keyfile,
message.signatureOptions
);
Where somehow the incoming tx as message.transaction doesn't seem to keep chunks going into decodeTransaction... or.....
somehow this sign function (not sure) drops the chunks.
resolve(await sign());
This has an effect later because the format 2 upload loop fails.
let uploader = await arweave.transactions.getUploader(stx);
with the error
injected.js:12 Uncaught (in promise) Error: Transaction chunks not prepared
manually copying the chunks object fixes the issue:
let stx = await window.arweaveWallet.sign(tx);
stx.chunks = {...tx.chunks};
But then we run into the next problem where the current arweave-js for whatever reason fails to upload the chunks after the initial tx post.
based on:
while (!uploader.isComplete) {
await uploader.uploadChunk();
console.log(`${uploader.pctComplete}% complete, ${uploader.uploadedChunks}/${uploader.totalChunks}`);
}
You would expect to see 0% complete as the first debug message as it forces a post first due to:
"src/common/lib/transaction-uploader.ts"
if (!this.txPosted) {
await this.postTransaction();
return;
}
But in reality, for whatever reason, the first debug message prints as 100% complete.
Yes we do get the HTTP POST /tx
However never HTTP POST /chunk, which seems completely impossible since the "return" should have prevented "this.chunkIndex++;". So maybe somewhere an old version of arweave-js is getting pulled in, but I could not find any such sign.
So of course Arweave never gets the actual chunk data.
It seems that without using ArConnect, that the signed tx retains both the tx.data and tx.chunks{} object. But the upload loop equally strangely "fails" and only posts. However since the data is retained in the tx object, then it posts along with the initial POST /tx, and therefore succeeds (based on the short 88 byte demo data in the arconnect-examples repo).
Looks like arweave-js "src/common/lib/transaction-uploader.ts" shoves the data into the first POST /tx if it's small enough based on
// POST to /tx
private async postTransaction(): Promise<void> {
const uploadInBody = this.totalChunks <= MAX_CHUNKS_IN_BODY;
So it may just be an issue of copying data as well.
Yes indeed this works
let stx = await window.arweaveWallet.sign(tx);
stx.data = tx.data;
stx.chunks = {...tx.chunks};
But I'm not sure why data and chunks don't carry to the signed tx in the first place
Not sure if this is a known issue or not, but just sharing what I found.
ArConnect @ SHA 28cfd3a
arconnect-examples @ SHA f8072bd (current master)
arweave@^1.10.0, arweave@^1.10.11, arweave@^1.10.13, arweave@^1.10.14, arweave@^1.10.15, arweave@^1.9.1:
version "1.10.16"
resolved "https://registry.yarnpkg.com/arweave/-/arweave-1.10.16.tgz#b968590cb413242636196d2339562dd106840bb9"
integrity sha512-j2UM7C/2MHO7Mv7wbzhihgVs8uN2+QltA+3cYaM82dNNEBBJylIClJUHHMqsK/2ejCnziQm4FofiUFbsQDdQDg==
dependencies:
arconnect "^0.2.8"
asn1.js "^5.4.1"
axios "^0.21.1"
base64-js "^1.3.1"
bignumber.js "^9.0.1"
Currently, if an ardrive-enabled wallet has a private drive, it will break the list of available drives for the Web Page Archiver.
Steps to replicate:
ArConnect should only load available public drives. When performing the GQL query to list users drives, the Drive-Privacy: "public"
tag can be used to only return public drives from the user.
Hello,
ArConnect traps this error without getting it back to the application:
Uncaught (in promise) Error: ArConnect does not currently support dispatching transactions with data greater than 120000 bytes.
Here is a minimal code that demonstrate the issue. The catch section is never entered.
Thank you.
Hi๏ผ I encountered some errors when I build the arconnect
"https://registry.yarnpkg.com/ccxt/-/ccxt-1.58.70.tgz: Request failed \"404 Not Found\"
Can someone know how to solve the problem?
Hi,
Is there anyay to get this to work with the TestWeave in a public facing DAPP?
When you migrate from the previous version, it still shows you a seed entry box. This is optional, but it was confusing at first as it makes it seem like it's asking for the old seed. If you continue, you get your wallet. If you re-add, you still get your single account added.
Understandably, the ability for a page to to access all addresses in ArConnect should be behind a permission. However, there's no way for the page to detect if the wallet was switched at all, even if it doesn't have permission to view the new address.
Would it be possible to fire the event anyway but not provide the new address? This way, the page could revert to an un-authenticated state.
Alternatively, this could be solved by adding a walletDisconnected
event, fired when a wallet is switched but the new address isn't connected to the page or the page doesn't have ACCESS_ALL_ADDRESSES
permission.
The "Read and change all your data on all websites" looks kinda invasive :-)
Though I see that other wallets (like the Cardano's Yoroi) have a similar "feature"
Emurgo/yoroi-frontend#2655
I pinned the ArConnect extension in the Chrome extensions manager, so that its icon is visible on the browser UI. When I click the icon, I see what appears to be the bottom of an extension's window near the top of Chrome, but only a small portion of such a window, with no content at all.
ArConnect version v1.0.9
ever if there have ACCESS_ADDRESS and ACCESS_ALL_ADDRESSES permisions
Hi,
I am trying to use this along with Arweave js Library in an angular 11 project.
i added the typings npm package and i am referencing the types. But i keep getting this error.
Error: node_modules/arweave/node/transactions.d.ts:78:9 - error TS2717: Subsequent property declarations must have the same type. Property 'arweaveWallet' must be of type '{ connect(permissions: PermissionType[], appInfo?: AppInfo): Promise<void>; disconnect(): Promise<void>; getActiveAddress(): Promise<string>; ... 6 more ...; getArweaveConfig(): Promise<...>; }', but here has type '{ getPermissions(): Promise<PermissionType[]>; sign(transaction: Transaction, options?: SignatureOptions): Promise<Transaction>; connect(permissions: PermissionType[]): Promise<...>; }'.
78 arweaveWallet: {
~~~~~~~~~~~~~
node_modules/arconnect/index.d.ts:9:5
9 arweaveWallet: {
~~~~~~~~~~~~~
'arweaveWallet' was also declared here.
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR! react@"18.2.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer react@"~16" from [email protected]
Hi,
just came across this and wanted to integrate it with my site.
However I am using arbundles
and they require each dataItem
to sign with an ArweaveSigner
.
How would this translate, if possible, with ArConnect?
When requesting that a user connects it's wallet,if the user cancels the operation in the pop-up, the arconnect overlay does not get removed.
Connection code:
const asyncConnectWallet = async (dispatch: Dispatch<WalletAction>) => {
try {
const currentPermissions = await window.arweaveWallet.getPermissions();
if (!_.isEqual(currentPermissions, DEFAULT_PERMISSSIONS)) {
await window.arweaveWallet.connect(DEFAULT_PERMISSSIONS);
}
const addr = await window.arweaveWallet.getActiveAddress();
dispatch({ type: 'wallet_connected', address: addr });
const winstonBalance = await arweave.wallets.getBalance(addr);
dispatch({
type: 'wallet_balance_updated',
balance: parseFloat(arweave.ar.winstonToAr(winstonBalance)),
});
} catch (error) {
console.log(error);
}
};
I can catch the error but i dont know how to handle to remove the overlay.
https://www.npmjs.com/package/@types/arconnect
is missing the DISPATCH
permission type causing strict type checkers to ๐คฎ
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.