feat: introduce ses in dev (#5759)

* chore: upgrade web3 * fix: lockfile * fix: type error * feat: introduce ses in dev * chore: patch immer * fix: gun * chore: patch @uniswap/v3-sdk * chore: injected-script with ses * -n -m chore: patch web3-core-method * fix: lock file * fix: patch ses * chore: add regenerator fixes * fix: regenerator again * chore: remove unused code * chore: remove unused code * chore: try lockdown whole world * fix: lockfile * fix: lockfile * fix: linter * fix: linter * chore: upgrade ses * chore: update lockfile * fix: lockfile * chore: cleanup
DimensionDev · Apr 13, 2022 · b0cef01 · b0cef01
1 parent 5a4852d
commit b0cef01
Show file tree

Hide file tree

Showing 17 changed files with 2,457 additions and 24 deletions.
diff --git a/package.json b/package.json
@@ -41,11 +41,13 @@
     "@types/react": "18.0.2",
     "@types/react-dom": "^18.0.0",
     "@types/web": "^0.0.61",
+    "immer": "9.0.12",
     "lodash": "^4.17.21",
     "lodash-es": "^4.17.21",
     "lodash-unified": "1.0.2",
     "react": "18.0.0",
     "react-dom": "18.0.0",
+    "ses": "0.15.12",
     "react-i18next": "^11.16.5",
     "ts-results": "3.3.0",
     "web3-core": "1.7.3",

diff --git a/packages/mask/.webpack/config.ts b/packages/mask/.webpack/config.ts
@@ -21,7 +21,7 @@ import './clean-hmr'
 
 export function createConfiguration(rawFlags: BuildFlags): Configuration {
     const normalizedFlags = normalizeBuildFlags(rawFlags)
-    const { sourceMapKind, supportWebAssembly } = computedBuildFlags(normalizedFlags)
+    const { sourceMapKind, supportWebAssembly, lockdown } = computedBuildFlags(normalizedFlags)
     const { hmr, mode, profiling, reactRefresh, readonlyCache, reproducibleBuild, runtime, outputPath } =
         normalizedFlags
 
@@ -65,6 +65,10 @@ export function createConfiguration(rawFlags: BuildFlags): Configuration {
                     // fake esm
                     '@uniswap/v3-sdk': require.resolve('@uniswap/v3-sdk/dist/index.js'),
                 }
+                if (lockdown) {
+                    // https://github.com/near/near-api-js/issues/833
+                    alias['error-polyfill'] = require.resolve('./package-overrides/null.js')
+                }
                 if (profiling) {
                     alias['scheduler/tracing'] = 'scheduler/tracing-profiling'
                 }
@@ -98,6 +102,13 @@ export function createConfiguration(rawFlags: BuildFlags): Configuration {
                           type: 'javascript/auto',
                       }
                     : undefined!,
+                // Patch regenerator-runtime
+                lockdown
+                    ? {
+                          test: /\..?js$/,
+                          loader: require.resolve('./fix-regenerator-runtime.ts'),
+                      }
+                    : undefined!,
                 // TypeScript
                 {
                     test: /\.tsx?$/,
@@ -178,6 +189,13 @@ export function createConfiguration(rawFlags: BuildFlags): Configuration {
                         to: polyfillFolder,
                     },
                     { from: require.resolve('webextension-polyfill/dist/browser-polyfill.js'), to: polyfillFolder },
+                    {
+                        from:
+                            mode === 'development'
+                                ? require.resolve('../../../node_modules/ses/dist/lockdown.umd.js')
+                                : require.resolve('../../../node_modules/ses/dist/lockdown.umd.min.js'),
+                        to: join(polyfillFolder, 'lockdown.js'),
+                    },
                 ],
             }),
             emitManifestFile(normalizedFlags),
@@ -246,14 +264,15 @@ export function createConfiguration(rawFlags: BuildFlags): Configuration {
         debug: normalizeEntryDescription(join(__dirname, '../src/extension/debug-page/index.tsx')),
     })
     baseConfig.plugins!.push(
-        addHTMLEntry({ chunks: ['dashboard'], filename: 'dashboard.html', sourceMap: !!sourceMapKind }),
-        addHTMLEntry({ chunks: ['popups'], filename: 'popups.html', sourceMap: !!sourceMapKind }),
+        addHTMLEntry({ chunks: ['dashboard'], filename: 'dashboard.html', sourceMap: !!sourceMapKind, lockdown }),
+        addHTMLEntry({ chunks: ['popups'], filename: 'popups.html', sourceMap: !!sourceMapKind, lockdown }),
         addHTMLEntry({
             chunks: ['contentScript'],
             filename: 'generated__content__script.html',
             sourceMap: !!sourceMapKind,
+            lockdown,
         }),
-        addHTMLEntry({ chunks: ['debug'], filename: 'debug.html', sourceMap: !!sourceMapKind }),
+        addHTMLEntry({ chunks: ['debug'], filename: 'debug.html', sourceMap: !!sourceMapKind, lockdown }),
     )
     // background
     if (runtime.manifest === 3) {
@@ -271,6 +290,7 @@ export function createConfiguration(rawFlags: BuildFlags): Configuration {
                 filename: 'background.html',
                 gun: true,
                 sourceMap: !!sourceMapKind,
+                lockdown,
             }),
         )
     }
@@ -298,6 +318,7 @@ function addHTMLEntry(
     options: HTMLPlugin.Options & {
         sourceMap: boolean
         gun?: boolean
+        lockdown: boolean
     },
 ) {
     let templateContent = readFileSync(join(__dirname, './template.html'), 'utf8')
@@ -310,6 +331,13 @@ function addHTMLEntry(
             `<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval'; require-trusted-types-for 'script'; trusted-types default webpack">`,
         )
     }
+    if (options.lockdown) {
+        templateContent = templateContent.replace(
+            `<!-- lockdown -->`,
+            `<script src="/polyfill/lockdown.js"></script>
+        <script src="/lockdown.js"></script>`,
+        )
+    }
     return new HTMLPlugin({
         templateContent,
         inject: 'body',

diff --git a/packages/mask/.webpack/fix-regenerator-runtime.ts b/packages/mask/.webpack/fix-regenerator-runtime.ts
@@ -0,0 +1,10 @@
+import type { LoaderContext } from 'webpack'
+
+const reg = /Gp\[iteratorSymbol\]\s*=\s*function\s*\(\)\s*{\n\s*return this;\n\s*};/
+export default function (this: LoaderContext<{}>, source: string) {
+    if (reg.test(source)) {
+        // this.emitWarning(new Error(' contains old version of regenerator runtime.'))
+        return source.replace(reg, 'define(Gp, iteratorSymbol, function () { return this });')
+    }
+    return source
+}
diff --git a/packages/mask/package.json b/packages/mask/package.json
@@ -88,7 +88,6 @@
     "https-browserify": "^1.0.0",
     "idb": "^7.0.1",
     "iframe-resizer-react": "^1.1.0",
-    "immer": "^9.0.12",
     "isomorphic-dompurify": "^0.18.0",
     "jsbi": "3.1.4",
     "json-stable-stringify": "^1.0.1",

diff --git a/packages/mask/public/lockdown.js b/packages/mask/public/lockdown.js
@@ -0,0 +1,12 @@
+/// <reference types="ses" />
+lockdown({
+    // In production, we have CSP enforced no eval
+    // In development, we use Trusted Types.
+    evalTaming: 'unsafeEval',
+    //
+    overrideTaming: 'severe',
+    consoleTaming: 'unsafe',
+    errorTaming: 'unsafe',
+})
+// completion value
+null
diff --git a/packages/mask/src/extension/service.ts b/packages/mask/src/extension/service.ts
@@ -16,10 +16,6 @@ import { serializer, getLocalImplementation } from '@masknet/shared-base'
 const SERVICE_HMR_EVENT = 'service-hmr'
 const message = new WebExtensionMessage<Record<string, any>>({ domain: 'services' })
 const log: AsyncCallOptions['log'] = {
-    beCalled: true,
-    localError: true,
-    remoteError: true,
-    sendLocalStack: true,
     type: 'pretty',
     requestReplay: process.env.NODE_ENV === 'development',
 }

diff --git a/packages/plugin-infra/src/utils/rpc.ts b/packages/plugin-infra/src/utils/rpc.ts
@@ -2,11 +2,7 @@ import { Environment, isEnvironment, MessageTarget, UnboundedRegistry } from '@d
 import { AsyncCall, AsyncCallLogLevel, AsyncGeneratorCall } from 'async-call-rpc/full'
 import { serializer, getLocalImplementation, getLocalImplementationExotic } from '@masknet/shared-base'
 const log: AsyncCallLogLevel = {
-    beCalled: true,
-    localError: true,
-    remoteError: true,
     requestReplay: true,
-    sendLocalStack: true,
     type: 'pretty',
 }
 export function createPluginRPC<T extends Record<string, (...args: any) => Promise<any>>>(

diff --git a/packages/polyfills/builder.mjs b/packages/polyfills/builder.mjs
@@ -39,6 +39,7 @@ await builder({
         comment: { size: false, modules: true },
     },
     filename: fileURLToPath(new URL('./dist/ecmascript.js', import.meta.url)),
+    blacklist: undefined,
 })
 
 process.chdir(fileURLToPath(new URL('./dist/', import.meta.url)))
@@ -52,6 +53,14 @@ for (const optionsObj of options) {
     await Promise.all(optionsObj.output.map(bundle.write))
 }
 
+{
+    const polyfill = fileURLToPath(new URL('./dist/ecmascript.js', import.meta.url))
+    const ecmascript = await readFile(polyfill, 'utf-8')
+    const regenerator = await readFile(fileURLToPath(new URL('./dist/regenerator.js', import.meta.url)), 'utf-8')
+
+    await writeFile(polyfill, `${ecmascript};${regenerator};`)
+}
+
 await normalize(new URL('./dist/dom.js', import.meta.url))
 await normalize(new URL('./dist/ecmascript.js', import.meta.url))
 await normalize(new URL('./dist/intl.js', import.meta.url))
@@ -67,7 +76,7 @@ await writeFile(versionFilePath, polyfillVersion)
  * By adding a ";null;" in the end to fix this problem.
  *
  * This function also wraps the polyfill in an IIFE to avoid variable leaking
- * @param {string} fileName
+ * @param {string | URL} fileName
  */
 async function normalize(fileName) {
     const file = await readFile(fileName, 'utf-8')

diff --git a/packages/polyfills/package.json b/packages/polyfills/package.json
@@ -9,6 +9,7 @@
     "@rollup/plugin-sucrase": "^4.0.2",
     "@types/node": "^17.0.23",
     "core-js-builder": "^3.21.1",
+    "regenerator-runtime": "^0.13.9",
     "rollup": "^2.70.1",
     "rollup-plugin-terser": "^7.0.2"
   },

diff --git a/packages/polyfills/regenerator.js b/packages/polyfills/regenerator.js
@@ -0,0 +1,21 @@
+/* cspell:disable-next-line */
+import { async, awrap, isGeneratorFunction, keys, mark, values, wrap } from 'regenerator-runtime'
+
+globalThis.regeneratorRuntime = new Proxy(
+    Object.freeze({
+        async,
+        /* cspell:disable-next-line */
+        awrap,
+        isGeneratorFunction,
+        keys,
+        mark,
+        values,
+        wrap,
+    }),
+    {
+        get(...args) {
+            console.debug('Try to access regeneratorRuntime')
+            return Reflect.get(...args)
+        },
+    },
+)
diff --git a/packages/polyfills/rollup.config.js b/packages/polyfills/rollup.config.js
@@ -30,6 +30,14 @@ export default [
         },
         plugins: plugins(),
     },
+    {
+        input: join(__dirname, './regenerator.js'),
+        output: {
+            file: 'regenerator.js',
+            format: 'iife',
+        },
+        plugins: plugins(),
+    },
 ]
 function plugins() {
     return [

diff --git a/packages/shared-base/package.json b/packages/shared-base/package.json
@@ -26,7 +26,6 @@
     "i18next": "^21.6.15",
     "i18next-browser-languagedetector": "^6.1.4",
     "idb": "^7.0.1",
-    "immer": "^9.0.12",
     "pvtsutils": "^1.2.2",
     "react": "link:..\\empty",
     "tiny-secp256k1": "^2.2.1",

diff --git a/packages/typed-message/package.json b/packages/typed-message/package.json
@@ -18,7 +18,6 @@
     "@msgpack/msgpack": "^2.7.2",
     "@mui/material": "link:..\\empty",
     "anchorme": "^2.1.2",
-    "immer": "^9.0.12",
     "z-schema": "^5.0.3"
   }
 }
diff --git a/patches/README.md b/patches/README.md
@@ -0,0 +1,6 @@
+# Upstream issue/PRs
+
+<https://github.com/vultix/ts-results/issues/37>
+<https://github.com/immerjs/immer/pull/914/>
+<https://github.com/ChainSafe/web3.js/pull/4918>
+<https://github.com/endojs/endo/issues/1139>