-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A complete re-write of the ABNF parser. #200
base: main
Are you sure you want to change the base?
Conversation
…s and valid-url. Added many new unit tests for validating both the message URI and the resource URIs. Added a script to re-generate the ABNF grammar object whenever the ABNF grammar needs to be changed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR!
There are some lint errors (you can run npm run lint
at the root of the repo).
packages/siwe/lib/client.ts
Outdated
this.address | ||
); | ||
} | ||
// this test is done in siwe-parser, callback function "address" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If all the checks done in this function are done as part of the parsing, then I suggest no to modify this function but instead move its call in the constructor to only the case where it's initialised from an object.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand this correctly you still want to validate the EIP-55 address and the URI in the constructor block for the message object. The EIP-55 address will be simple enough, but I'll need to build a special validator that validates only the URI and not an entire message. The ABNF grammar object, siwe-grammar.ts
and the existing call back functions give me everything I need for that, but it will require having an option in the ParsedMessage
constructor to parse only the URI. How about the resource URIs? Will they need to be validated as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to write a new isUri()
function to use in the object block of the constructor. I just need to assemble it from existing pieces which won't be difficult. And, of course, do the unit testing. I'll need a few more days on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The latest commit should resolve this conversation. An isUri()
function has been added, unit tested and the message block of the SiweMessage
constructor updated to test the EIP-55 address, the URI and all of the resource URIs if any are present. However, see the additional question in the following conversation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You've extracted the URI and EIP55 validation out of the validation function, but remains:
- domain
- version
- nonce
- dates
These can (or already are) validated in the parser, so can't the validate function be left untouched and only called when constructing the message from an object?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I missed the proper flow of the validation in the message object case. In particular I missed the validateMessage()
function. All I really needed to do was replace the valid-url isUri() function with the new APG isUri() function there. All other validations will then remain the same. I can easily make that change. However, I notice there is no validation of the resources URIs. Do you have any need for that? It is easily added.
Here’s a better suggestion. Remove the validateMessage()
function altogether and replace it with
// this.validateMessage();
new ParsedMessage(this.prepareMessage());
I’ve tried it and it passes all of my objects unit tests. This will also validate all of the resources URIs. (NOTE: that perpareMessage() needs a fix for the “empty statement” case that #30 pointed out was allowed in the spec.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW all of the client.test.ts
unit tests pass with this fix also. But I have a question. When I run jest on client.test.ts
it prints out several screens of red error text and a lot of warnings that about validate() has been deprecated,
But then at the end it shows that all tests have passed. What's a person to make of this? Does something need to be fixed here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it prints out several screens of red error text and a lot of warnings
This PR will require a new major version and the deprecated function will be removed then, so that will remove those warnings.
Here’s a better suggestion. Remove the validateMessage() function altogether and replace it with
new ParsedMessage(this.prepareMessage());
I was worried we would lose the information provided by SiweErrorType
(e.g. if a nonce isn't long enough it would clearly state so), and we do a bit but it still points to the field (e.g. now it says something like "line 9: invalid nonce") so I'm ok with this change. But could you remove the variants from SiweErrorType
that aren't used anymore?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related, EIP55 validation should be optional #53 (comment)
… is the newly published version 4.4.0, 2)the script "apg" will generate a typescript grammar object from the ABNF grammar siwe-abnf.txt. Added an optional "doTrace" parameter to the constructor of ParsedMessage. The default is "false". If set to "true" apg-js will trace the parse tree of parsed message and write it to output/siwe-parser-trace.html. Consequently the output directory has been added to ".gitignore" and ".npmignore".
…PR conversations 1 and 2.
…mpty/missing) statement/resources.
…dded "packages/siwe-parser/lib/t-isUri.test.ts" for unit testing of the "isUri" function. Added tests in the object block of the “SiweMessage” constructor for testing the EIP-55 address, the URI and the resources URIs. Added “packages/siwe/lib/objects.test.ts” for unit testing of the object block.
I think I’m done here except for
|
… as the syntax of date times. Removed the SiweMessage private function validateMessage(). Replaced it in the message object block of the constructor by parsing the stringified message object. In this way both the message and the message object get exactly the same validation. Fixed a bug for the case of an empty statement in the function toMessage().
Trace: After looking at it, redesigning the trace module and publishing a new release of Date times: In the process of analyzing the validation of the message objects in validateMessage(): I’ve removed this function altogether and replaced it by parsing the “stringified” version of the message object. In this way, there is complete symmetry between the validation of a message and a message object. (Incidentally, I also fixed a small bug in the From the root |
…ct validation in SiweMessage.
My apologies for an oversight. I’m still getting myself up to speed with the different ways a message and message object are handled in the
So in this latest commit, I’ve moved the complete date-time validation into the parser’s callback functions and fixed the parsing/validation in the message/object blocks so that there is no redundancy. My intention here now is that all fields are both syntactically and semantically correct if the parser succeeds. BTW
should read
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
packages/siwe-parser/lib/t-chars.test.ts
Thanks. Missed the debugging code left in this test. |
Hi @sbihel. Anything else you need? From my end I'm done here unless there is something else required for a merge. I'm waiting on that before I begin working on converting the unit tests to your JSON file methodology. |
Thank you, it looks great. In addition to the clean-up of
Would you mind fixing it as part of this PR please?
Thank you for doing that, you can just move the tests from |
The fix to Converted I had already converted all of the I really don’t want to mess with the
|
I'm withdrawing this PR as it seems not to be a good fit. I've recently published a stand-alone siwe message parser here on npm and here on GitHub. You may possibly find it to be a more useful alternative. |
Hi there, actually I'm planning to merge it, was just doing some
adjustments to it. If you don't mind keeping it open.
…On Sun, Dec 15, 2024 at 6:31 PM Lowell D. Thomas ***@***.***> wrote:
I'm withdrawing this PR as it seems not to be a good fit. I've recently
published a stand-alone siwe message parser here on npm
<https://www.npmjs.com/package/parse-siwe> and here on GitHub
<https://github.com/ldthomas/parse-siwe>. You may possibly find it to be
a more useful alternative.
—
Reply to this email directly, view it on GitHub
<#200 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACBSTQEOJL7DDOAAF3I6V2T2FXYMDAVCNFSM6AAAAABG62PPUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBUGA3TMNZXHA>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
Delighted. It's just that after 7 months of silence I assumed it was dead in the water and moved on to a separate, stand-alone project. |
Sorry if that response came across as disrespectful. Didn't mean it that way. If you need any further help don't hesitate to ask. |
Thanks, no worries we are really glad for your contribution and actually
sorry if letting this stalled so long also bothered you.
…On Sun, Dec 15, 2024, 21:31 Lowell D. Thomas ***@***.***> wrote:
Sorry if that response came across as disrespectful. Didn't mean it that
way. If you need any further help don't hesitate to ask.
—
Reply to this email directly, view it on GitHub
<#200 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACBSTQFS4NMOFADV5W25OND2FYNP5AVCNFSM6AAAAABG62PPUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBUGIZTSMBVGI>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
This is a complete rewrite of the ABNF parser in
abnf.ts
. It uses a fixed, pre-generated ABNF grammar object instead of re-generating the object each time a message is parsed. It runs approximately twice as fast as the original parser, is more accurate in URI validation and removes the dependencies onuri-js
andvalid-url
.Notes:
packages/siwe/package.json
- removeduri-js
andvalid-url
dependencies.uri-js
was never used anywaypackages/siwe-parser/package.json
- removeduri-js
andvalid-url
dependencies. Added a script for re-generating the fixed ABNF grammar object,packages/siwe-parser/siwe-grammar.js
, from the ABNF grammar,packages/siwe-parser/siwe-abnf.txt
.npm run apg
needs to be run each time a change is made to the ABNF grammar.uri-js
andvalid-url
, thepackage-lock.json
files still contain dozens of references to them. Deleting thepackage-lock.json
files and re-generating them from scratch cleans them up considerably. However, I'm aware there may be unintended consequences from that maneuver. Just a suggestion if you want to clean them up.packages/siwe/client.ts
- contains a workaround for