LaconicNetwork/laconic-wallet-web
27
0
Fork 2
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 13 Wiki Activity

Check for allowed URLs in get or create accounts

Browse Source
This commit is contained in:
Shreerang Kale 2025-04-25 11:58:08 +05:30
parent 7205a1cf76
commit 50a87ca230
4 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@ -5,4 +5,5 @@ REACT_APP_DEFAULT_GAS_PRICE=0.025
REACT_APP_GAS_ADJUSTMENT=2
REACT_APP_LACONICD_RPC_URL=https://laconicd-sapo.laconic.com
# Example: https://example-url-1.com,https://example-url-2.com
REACT_APP_ALLOWED_URLS=

1
src/App.tsx
View File

@ -395,7 +395,6 @@ const App = (): React.JSX.Element => {
name="sign-request-embed"
component={SignMessageEmbed}
options={{
// eslint-disable-next-line react/no-unstable-nested-components
header: () => <Header title="Wallet" />,
}}
/>

18
src/hooks/useGetOrCreateAccounts.ts
View File

@ -6,6 +6,8 @@ import useAccountsData from "./useAccountsData";
import { useNetworks } from "../context/NetworksContext";
import { useAccounts } from "../context/AccountsContext";
const REACT_APP_ALLOWED_URLS = process.env.REACT_APP_ALLOWED_URLS
const useGetOrCreateAccounts = () => {
const { networksData } = useNetworks();
const { getAccountsData } = useAccountsData();
@ -31,6 +33,18 @@ const useGetOrCreateAccounts = () => {
const handleCreateAccounts = async (event: MessageEvent) => {
if (event.data.type !== 'REQUEST_CREATE_OR_GET_ACCOUNTS') return;
if (!REACT_APP_ALLOWED_URLS) {
console.log('allowed URLs are not set.');
return;
}
const allowedUrls = REACT_APP_ALLOWED_URLS.split(',').map(url => url.trim());
if (!allowedUrls.includes(event.origin)) {
console.log('Unauthorized app.');
return;
}
const accountsData = await getOrCreateAccountsForChain(event.data.chainId);
sendMessage(
@ -42,7 +56,7 @@ const useGetOrCreateAccounts = () => {
const autoCreateAccounts = async () => {
const defaultChainId = networksData[0]?.chainId;
if (!defaultChainId) {
console.log('useGetOrCreateAccounts: No default chainId found');
return;
@ -60,7 +74,7 @@ const useGetOrCreateAccounts = () => {
window.addEventListener('message', handleCreateAccounts);
const isAndroidWebView = !!(window.Android);
if (isAndroidWebView) {
autoCreateAccounts();
}

11
src/screens/AutoSignIn.tsx
View File

@ -7,6 +7,8 @@ import { sendMessage } from '../utils/misc';
import useAccountsData from '../hooks/useAccountsData';
import useGetOrCreateAccounts from '../hooks/useGetOrCreateAccounts';
const REACT_APP_ALLOWED_URLS = process.env.REACT_APP_ALLOWED_URLS
export const AutoSignIn = () => {
const { networksData } = useNetworks();
@ -16,9 +18,14 @@ export const AutoSignIn = () => {
const handleSignIn = async (event: MessageEvent) => {
if (event.data.type !== 'AUTO_SIGN_IN') return;
const allowedUrls = process.env.REACT_APP_ALLOWED_URLS?.split(',').map(url => url.trim());
if (!REACT_APP_ALLOWED_URLS) {
console.log('allowed URLs are not set.');
return;
}
if (!allowedUrls?.includes(event.origin)) {
const allowedUrls = REACT_APP_ALLOWED_URLS.split(',').map(url => url.trim());
if (!allowedUrls.includes(event.origin)) {
console.log('Unauthorized app.');
return;
}