Skip to content

Sessionkey dafuga #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aaroncox merged 15 commits into from
Dec 20, 2025
Merged

Sessionkey dafuga #101

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
76a3318
fix: making sessionkey wallet optional
dafuga Dec 11, 2025
2608c61
fix: making placeholder authorizations work with session keys
dafuga Dec 11, 2025
061e05f
fix: applying same fix to rewriteAuthIfMatches
dafuga Dec 11, 2025
7fa4738
fix: making session persist even when wallet is disabled
dafuga Dec 13, 2025
aa0f0c3
cleanup: code cleanup
dafuga Dec 13, 2025
6e3920a
enhancement: logging session key setup error
dafuga Dec 13, 2025
a85708f
refactor: light refactoring
dafuga Dec 13, 2025
2b035f7
style: linted
dafuga Dec 13, 2025
e9bddf5
fix: proper way to hide session key from list of wallet plugin options
dafuga Dec 16, 2025
3f9a9e6
cleanup: removing automatic session key setup and using login plugin …
dafuga Dec 16, 2025
bc5682b
debug: added some logs
dafuga Dec 16, 2025
f2801f9
revert: putting actionMatchesPermission changes back in
dafuga Dec 16, 2025
ed4f124
style: linted
dafuga Dec 16, 2025
cc02d1b
Always hide session key wallet
aaroncox Dec 20, 2025
b3c84e0
Update utils.ts
aaroncox Dec 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 18 additions & 6 deletions src/kit.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,12 +170,15 @@ export class SessionKit {
// Initialize session key support if configured
if (options.sessionKey) {
this.sessionKeyManager = new SessionKeyManager(options.sessionKey, this.ui)
this.walletPlugins = [
...this.walletPlugins,
new SessionKeyWalletPlugin({
walletPlugins: this.walletPlugins,
}),
]
// Only add SessionKeyWalletPlugin to wallet picker if not disabled
if (!options.sessionKey.disableWalletPlugin) {
this.walletPlugins = [
...this.walletPlugins,
new SessionKeyWalletPlugin({
walletPlugins: this.walletPlugins,
}),
]
}
Copy link
Copy Markdown
Member

@aaroncox aaroncox Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I know what you're trying to solve for here (the wallet showing up in selectable wallets), but I don't think this is the solution. The solution is probably just hiding it somewhere else, rather than excluding it.

Doesn't this break the restore function?

Copy link
Copy Markdown
Contributor Author

@dafuga dafuga Dec 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I added this so you could have a way to use the session kit without it showing up as an option in the wallet plugin picker. You're absolutely right that it breaks the restore function though so I'm gonna try something different.

}
}

Expand Down Expand Up @@ -502,6 +505,15 @@ export class SessionKit {
// Call the `afterLogin` hooks that were registered by the LoginPlugins
for (const hook of context.hooks.afterLogin) await hook(context)

// Offer session key setup if configured and session does not have one yet
if (this.sessionKeyManager && !session.hasSessionKey()) {
try {
await session.setupSessionKey()
Copy link
Copy Markdown
Member

@aaroncox aaroncox Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this for? There's a login plugin already to set one up.

We don't want this to trigger on transact otherwise.

Copy link
Copy Markdown
Contributor Author

@dafuga dafuga Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TBH, I had completely missed the login plugin that you added 😂 But since we're making session keys a core feature, wouldn't it be better if the session key setup worked out of the box (without needing to include the login plugin)?

Copy link
Copy Markdown
Contributor Author

@dafuga dafuga Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I gave it some thought and I actually like the idea of this being setup through a login plugin 👍 Please disregard my last comment 😄

} catch (e) {
// User cancelled or setup failed - continue with regular session
// This is not a fatal error, the session is still valid
}
}
// Save the session to storage if it has a storage instance.
this.persistSession(session, options?.setAsDefault)

Expand Down
2 changes: 2 additions & 0 deletions src/sessionkey/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ export interface SessionKeyConfig {
) => Promise<API.v1.AccountPermission | undefined>
/** Skip showing consent UI to user during setup. Default is false. */
skipConsent?: boolean
/** Disable SessionKeyWalletPlugin from appearing in the wallet picker. Default is false. */
disableWalletPlugin?: boolean
}

/**
Expand Down
12 changes: 8 additions & 4 deletions src/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import {
Transaction,
} from '@wharfkit/antelope'
import type {Fetch, LocaleDefinitions} from '@wharfkit/common'
import {SigningRequest} from '@wharfkit/signing-request'
import {PlaceholderAuth, SigningRequest} from '@wharfkit/signing-request'
import {TransactArgs, TransactPlugin} from './transact'
import {WalletPlugin} from './wallet'

Expand Down Expand Up @@ -139,6 +139,8 @@ export function extractActions(args: TransactArgs): AnyAction[] {

/**
* Check if an action has an authorization matching a given permission level.
* Also matches PlaceholderAuth (actor: '............1', permission: '............2')
* since placeholders will be resolved to the actual permission level.
*
* @param action AnyAction
* @param permissionLevel PermissionLevel
Expand All @@ -148,17 +150,19 @@ export function actionMatchesPermission(
action: AnyAction,
permissionLevel: PermissionLevel
): boolean {
return action.authorization.some((auth: PermissionLevelType) => permissionLevel.equals(auth))
return action.authorization.some(
(auth: PermissionLevelType) => permissionLevel.equals(auth) || PlaceholderAuth.equals(auth)
)
Copy link
Copy Markdown
Member

@aaroncox aaroncox Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't the placeholder resolve to the proper permission?

If it doesn't, then the fix I believe is to make sure the session key permission is in place before the signing request gets resolved. That might be the bug (if you ran into one here)

Copy link
Copy Markdown
Contributor Author

@dafuga dafuga Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem is that the placeholder needs to get resolved afterwards since the way that it gets resolved depends on whether or not we are using a session key. We could I guess resolve the signing request twice, but this is a cleaner way to do it IMO.

}

function rewriteAuthIfMatches(
auth: PermissionLevelType,
permissionLevel: PermissionLevel,
newPermission: Name
): PermissionLevelType {
if (permissionLevel.equals(auth)) {
if (permissionLevel.equals(auth) || PlaceholderAuth.equals(auth)) {
return PermissionLevel.from({
actor: auth.actor,
actor: permissionLevel.actor,
permission: newPermission,
})
}
Expand Down