Update dapps list #2003
Merged
Update dapps list #2003
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frederikrothenberger
approved these changes
Nov 2, 2023
nmattia
added a commit
that referenced
this pull request
Nov 6, 2023
* Fix temp keys clashing on equal public keys (#1976) * Fix temp keys clashing on equal public keys This PR fixes a bug that surfaced in the context of the dev build where the dummy auth public key is static for all anchors: The temp keys were kept by device public key only, which lead to subsequent registrations evicting the temp key of the previous dummy auth device. Additionally, expirations are only cleaned up lazily and also were only checking the device public key. This lead to the behaviour where a newly registered temp key was not considered valid, because it matched the expiration of a previous registration. None of the issues above are observed in production, because WebAuthn generates new public keys for each registration, even if the same hardware is used. The fix moves the anchor into the temp key identifier, making it different for different anchors. This addresses both of the issues outlined above. * Refactor expiration struct This makes it clearer that both the device_key and anchor are required to reference the temp key. It also removes one of the calls to `clone()`. * Preload loader (#1969) This ensures the loader (astronaut) is loaded as soon as the app itself loads. The asset is fairly heavy and can take a couple seconds to load from the IC. By loading it eagerly we ensures that when it is needed, the astronaut is ready. * Add CI step to check Cargo.lock (#1979) * Add CI step to check Cargo.lock This PR adds a small job to check whether the Cargo.lock is up to date. * Add comment to the lockfile check Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * formatting --------- Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * Remove CSP meta tag (#1980) * Remove CSP meta tag This removes the `<meta>` tag used for CSP. We originally included the CSP in the HTML because the HTTP headers could not be certified. HTTP headers are now certified so the `Content-Security-Policy` header _should_ be enough. Additionally, the `<meta>` tag hasn't been replaced correctly for some time leading to an irrelevant HTML tag. * Inline CSP meta * Update commit of IC artefacts (#1988) Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> * Fix docker-build script (#1989) The docker build is layered with a dependencies layer to cache already compiled dependencies. To not cache the non-dependency code, the last modified timestamp of the `lib.rs` files has to be updated. If a new `lib.rs` file is introduced, its timestamp needs to be updated as well. This was overlooked when introducing the `canister_sig_utils` crate. This PR makes the dockerfile more robust to touch _all_ the relevant `lib.rs` files rather than specific ones. * Update test app dfinity libraries (#1983) The test app is still using libraries that have the sha256 bug. This PR updates it to no longer be affected. * Refactor readCanisterId to allow reading the test_app id as well (#1985) * Refactor readCanisterId to allow reading the test_app id as well This PR is in preparation for the migration of the selnium tests out of docker. After the migration, vite needs to know about the test_app canister id too. This refactoring allows using the existing helper for that. * Name parameters of * Update screenshots chrome to version 116 (#1990) Update scrennshots chrome to version 116 This update chrome used for the screenshots job to version 116. The version is updated because the future switch to non-dockerized selenium tests requires a chromedriver and the chromedriver package for the version 106 seems to be broken. * Fix asset URL paths (#1987) * Fix asset URL paths This updates the logic for serving assets from the canister. The logic previously did not cover all paths where an asset may be found. For instance, an asset `/foo/index.html` may have returned 200 on `/foo/` but 404 on `/foo`. Moreover the `/faq` endpoint is fixed to actually return the expected redirect to the FAQ. In practice the canister has extra logic for handling `/faq`, but this fixes the HTML-redirect fallback. This ensures that `/faq/` & `/faq/index.html` also redirect (which the canister does not currently check for). * Don't clone exp vector * Don't update dapps without logo (#1991) This updates the dapps update script to skip dapps that do not have a logo. If the dapp doesn't have a logo, then we don't have much to display. This also adds some comments to the jq filter used to parse the dapps list for clarity. * Update dapps list (#1993) Update dapps Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> * Add several utils for handling canister sigs. (#1984) * Add several utils for handling canister sigs. * Update Cargo.lock. * Fix Docker build. * +=clippy * Refactor to remove serial tests. * Address feedback, remove code for verifying canister sigs. * +=clippy * Reuse constant. * Update dapps list (#2003) Update dapps Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> * Move LABEL_SIG constant to a crate, so that it can be re-used. (#2006) * Port components to Astro (#1997) * Port components to Astro This ports all components shown in the showcase to Astro components. This means we now have proper routing for displaying those components. The components are wrapped in native/web components so that Astro can import them properly; the alternative of creating an arbitrary div with `id="pageContent"` like we do elsewhere is problematic because Astro bundles all javascript scripts together when e.g. using `Astro.glob`, meaning all scripts would trigger on any page importing the components (like the index) and all would fight for the same `#pageContent`. The approach of creating new elements is a bit more robust, though also a bit more verbose. Another benefit of this approach is that we can e.g. embed/showcase all components in the index page. * Restructure showcase components * Upgrade webdriverio to latest version (#1996) This upgrades webdriverio to the latest version in preparation for the change to non-dockerized selenium tests. The new version now is also able to download chrome and chromedriver on its own, which is why the `download-chrome.ts` script can be removed. The testing chrome needs to run with `/dev/shm` disabled because otherwise it will randomly crash on the GitHub action runners. --------- Co-authored-by: Frederik Rothenberger <frederik.rothenberger@dfinity.org> Co-authored-by: gix-bot <107688624+gix-bot@users.noreply.github.com> Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> Co-authored-by: przydatek <przydatek@users.noreply.github.com>
nmattia
added a commit
that referenced
this pull request
Nov 10, 2023
* Fix temp keys clashing on equal public keys (#1976) * Fix temp keys clashing on equal public keys This PR fixes a bug that surfaced in the context of the dev build where the dummy auth public key is static for all anchors: The temp keys were kept by device public key only, which lead to subsequent registrations evicting the temp key of the previous dummy auth device. Additionally, expirations are only cleaned up lazily and also were only checking the device public key. This lead to the behaviour where a newly registered temp key was not considered valid, because it matched the expiration of a previous registration. None of the issues above are observed in production, because WebAuthn generates new public keys for each registration, even if the same hardware is used. The fix moves the anchor into the temp key identifier, making it different for different anchors. This addresses both of the issues outlined above. * Refactor expiration struct This makes it clearer that both the device_key and anchor are required to reference the temp key. It also removes one of the calls to `clone()`. * Preload loader (#1969) This ensures the loader (astronaut) is loaded as soon as the app itself loads. The asset is fairly heavy and can take a couple seconds to load from the IC. By loading it eagerly we ensures that when it is needed, the astronaut is ready. * Add CI step to check Cargo.lock (#1979) * Add CI step to check Cargo.lock This PR adds a small job to check whether the Cargo.lock is up to date. * Add comment to the lockfile check Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * formatting --------- Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * Remove CSP meta tag (#1980) * Remove CSP meta tag This removes the `<meta>` tag used for CSP. We originally included the CSP in the HTML because the HTTP headers could not be certified. HTTP headers are now certified so the `Content-Security-Policy` header _should_ be enough. Additionally, the `<meta>` tag hasn't been replaced correctly for some time leading to an irrelevant HTML tag. * Inline CSP meta * Update commit of IC artefacts (#1988) Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> * Fix docker-build script (#1989) The docker build is layered with a dependencies layer to cache already compiled dependencies. To not cache the non-dependency code, the last modified timestamp of the `lib.rs` files has to be updated. If a new `lib.rs` file is introduced, its timestamp needs to be updated as well. This was overlooked when introducing the `canister_sig_utils` crate. This PR makes the dockerfile more robust to touch _all_ the relevant `lib.rs` files rather than specific ones. * Update test app dfinity libraries (#1983) The test app is still using libraries that have the sha256 bug. This PR updates it to no longer be affected. * Refactor readCanisterId to allow reading the test_app id as well (#1985) * Refactor readCanisterId to allow reading the test_app id as well This PR is in preparation for the migration of the selnium tests out of docker. After the migration, vite needs to know about the test_app canister id too. This refactoring allows using the existing helper for that. * Name parameters of * Update screenshots chrome to version 116 (#1990) Update scrennshots chrome to version 116 This update chrome used for the screenshots job to version 116. The version is updated because the future switch to non-dockerized selenium tests requires a chromedriver and the chromedriver package for the version 106 seems to be broken. * Fix asset URL paths (#1987) * Fix asset URL paths This updates the logic for serving assets from the canister. The logic previously did not cover all paths where an asset may be found. For instance, an asset `/foo/index.html` may have returned 200 on `/foo/` but 404 on `/foo`. Moreover the `/faq` endpoint is fixed to actually return the expected redirect to the FAQ. In practice the canister has extra logic for handling `/faq`, but this fixes the HTML-redirect fallback. This ensures that `/faq/` & `/faq/index.html` also redirect (which the canister does not currently check for). * Don't clone exp vector * Don't update dapps without logo (#1991) This updates the dapps update script to skip dapps that do not have a logo. If the dapp doesn't have a logo, then we don't have much to display. This also adds some comments to the jq filter used to parse the dapps list for clarity. * Update dapps list (#1993) Update dapps Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> * Add several utils for handling canister sigs. (#1984) * Add several utils for handling canister sigs. * Update Cargo.lock. * Fix Docker build. * +=clippy * Refactor to remove serial tests. * Address feedback, remove code for verifying canister sigs. * +=clippy * Reuse constant. * Update dapps list (#2003) Update dapps Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> * Move LABEL_SIG constant to a crate, so that it can be re-used. (#2006) * Port components to Astro (#1997) * Port components to Astro This ports all components shown in the showcase to Astro components. This means we now have proper routing for displaying those components. The components are wrapped in native/web components so that Astro can import them properly; the alternative of creating an arbitrary div with `id="pageContent"` like we do elsewhere is problematic because Astro bundles all javascript scripts together when e.g. using `Astro.glob`, meaning all scripts would trigger on any page importing the components (like the index) and all would fight for the same `#pageContent`. The approach of creating new elements is a bit more robust, though also a bit more verbose. Another benefit of this approach is that we can e.g. embed/showcase all components in the index page. * Restructure showcase components * Upgrade webdriverio to latest version (#1996) This upgrades webdriverio to the latest version in preparation for the change to non-dockerized selenium tests. The new version now is also able to download chrome and chromedriver on its own, which is why the `download-chrome.ts` script can be removed. The testing chrome needs to run with `/dev/shm` disabled because otherwise it will randomly crash on the GitHub action runners. * Run e2e tests sequentially (#2012) This instructs vitest to run all e2e tests sequentially. Without this, vitest may run several spec files at the same time, which seems to cause issues with the virtual authenticator, leading to flakiness. * Update candid to latest version (#2013) This updates the candid dependency to the latest version. * Make chromedriver log to stdout (#2015) This PR removes the file based log collection of chromedriver for the following reasons: * Most of the logs _still_ go to stdout, even with the `outputDir` set. The log files only contain a few lines (which are also okay to appear in stdout): ``` Starting ChromeDriver 119.0.6045.105 (38c72552c5e15ba9b3117c0967a0fd105072d7c6-refs/branch-heads/6045@{#1103}) on port 55890 Remote connections are allowed by an allowlist (0.0.0.0). Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe. ChromeDriver was started successfully. ``` * wdio now creates a logfile per test, because chrome driver is started new for each test. This results in an awful lot of tiny files that are hard to match to the actual tests, because the filename only contains an opaque session id. I think having all the e2e test infrastructure output in stdout makes analyzing test failures easier. Note that the `test-failures` folder is still created as previously, that contains the HTML file, screenshot and browser console logs of the test at the point of failure. * Port localstorage parsing to zod (#2014) * Port localstorage parsing to zod This ports the reading/parsing of localstorage-stored anchors/identity data to Zod, which makes it simpler and easier. This is preparation work for extending the data stored in localstorage. * Address review comments * Wait for principals to not be anonymous after sign-in (#2016) * Wait for principals to not be anonymous after sign-in The switch to non-dockerized selenium tests exposed some flakyness in the way principals are collected from the test app after sign-in. This PR introduces a check to wait for the principal to update. * Add waitForAuthenticated method to the DemoAppView * Run selenium tests without docker (#1995) * Run selenium tests without docker This PR removes the docker compose based setup of running selenium test and replaces it with infrastructure based on native chromium and chromedriver. The new setup uses chromium with options to override DNS resolution so that all request are hitting the vite dev server. This dev server is reconfigured to terminate TLS and forward request to the replica (or, if hot reloading is enabled, serve assets directly). Two new config env variables are introduced for the `npm run dev` command: * TLS_DEV_SERVER: when set to 1, the dev server will handle https instead of http. * NO_HOT_RELOAD: when set to 1, all requests are forwarded to the replica. Assets are not hot reloaded. There are some changes to the test: * the copy / paste of the seed phrase has been replaced by reading the phrase from the DOM directly, because chromium now runs in headless mode (as non-headless is not supported on github action runners natively), which makes chromium behave differently with regards to the clipboard. * The check that the raw URL is inaccessible now returns a slightly different error message, so the assert on the message was changed. Still to do (in a separate PR): * Documentation * Disable /dev/shm usage * Fix chrome version * Fix chrome options * Apply suggestions from code review Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * Add comment about host resolver rules * Simplify browser logs indexing Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * Simplify getting recovery phrase from DOM * TS ignore code executed in browser * Fix formatting * Fix seed phrase simplification * Simplify replica forwarding plugin * Remove obsolete env variable * Name parameters of replica forward plugin * Remove file output for chromedriver logs * Revert migration to lockfile version v3 * Don't apply forwarding rule on nullish host * Replace @ts-ignore with cast * Deny access to all hosts that include a .raw subdomain * Remove cast * Remove outdated comment Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * Run formatter * Update comments regarding accessing raw URLs --------- Co-authored-by: Nicolas Mattia <nicolas.mattia@dfinity.org> * Update e2e test instructions (#2017) This PR removes the reference to the no longer existing docker infrastructure readme and replaces it with up-to-date steps to setup the e2e environment. * Run tests with clean IndexedDB (#2021) This updates our test setup to use a fresh IndexedDB before each test. This ensures that data from one test doesn't pollute other tests. The `createStore` calls a turned into function to ensure `idb-keyval` doesn't try to access the global `indexeddb` object upon module import, but only once the stores are actually needed. * Split storage ops from serialization (#2023) * Split storage ops from serialization This rearranges the storage (was: `userNumber`) module to improve maintainability. In particular, the localStorage-specific operations are extracted into dedicated localStorage functions, and the actual pruning/migrating/updating is also split out. This gives three layers: localStorage, pruning/migrating/updating, and top-level functions (like `getAnchors`) used by the rest of the codebase. The storage (was: `userNumber`) test suite is also updated to clarify that the test data is related to localStorage. * Add migration test * Update dapps list (#2025) Update dapps Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> --------- Co-authored-by: Frederik Rothenberger <frederik.rothenberger@dfinity.org> Co-authored-by: gix-bot <107688624+gix-bot@users.noreply.github.com> Co-authored-by: gix-bot <gix-bot@users.noreply.github.com> Co-authored-by: przydatek <przydatek@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automated changes by create-pull-request GitHub action