-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add window.ipfs.enable(opts) (Bulk Permission Prompt) #619
Conversation
This simply changes the flow and API for getting IPFS proxy instance, does not implement UX nor decrease the size of injected content script.
f755c5e
to
4e6f65d
Compare
This change adds async `enable` function that takes optional list of commands to grant access to via user prompt. The goal is to move away from synchronous way of accessing API instance and provide UX incentive to use `window.ipfs.enable` instead. When called without any arguments, command will just return API instance equal to the old `window.ipfs` or throw an error if IPFS Proxy is disabled in Preferences. When called with options object `{ commands: ['id','peers'] }` access rights for specified commands will be validated: - if any of the commands is denied or blocked, function will throw - if any of the commands require user approval, user will be presented with a single prompt dialog that lists all requested permissions and URL that requests them - if user approves, ACLs are saved and future calls will not trigger prompt - if user denies, ACLs are saved and an error is thrown for current and all future executions (unless user removed scope from blacklist) TODO (to be addressed in future commits) - add deprecation warning to API calls executed on `window.ipfs` - improve UX of permission dialog - add ability to return `ipfsx` version fo the API - disable `window.ipfs` injection via manifest in Chromium - stop exposing methods on `window.ipfs` - minimize the size of content script responsible for `window.ipfs` - lazy-init IPFS Proxy client on first call to `window.ipfs.enable()`
8c700c0
to
8b08439
Compare
- also switch to terser-webpack-plugin
8b08439
to
fb27d28
Compare
acl and api looked too similar and made code hard to follow, ipfs api core uses 'command' term to identify each endpoint so we follow that practice here
To avoid breaking changes we should deprecate old error codes first. This commit: - restores `permission` attribute and adds a deprecation warning when it is accessed. - adds error `code` to simplify error handling and alight convention with js-ipfs - updates docs
This adds an opt-in ipfsx experiment. In short, if `experiments:{ipfsx:true}` is passed `window.ipfs.enable` will return IPFS API instance wrapped in ipfsx prototype from https://github.com/ipfs-shipyard/ipfsx ``` let ipfs = await window.ipfs.enable({ commands: ['add','files.addPullStream'], experiments: { ipfsx: true } }) ```
b464b9f
to
b633eb4
Compare
await require('postmsg-rpc').call('proxy.enable', opts) | ||
// Additional client-side features | ||
if (opts && opts.experiments) { | ||
if (opts.experiments.ipfsx) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea is to enable opt-in experiments such as ipfsx which is used as an example:
let ipfsx = await window.ipfs.enable({
commands: ['add','files.addPullStream'],
experiments: { ipfsx: true }
})
I go for "deprecate old use for 3 months and then remove support for old ways" and use something like https://www.npmjs.com/package/deprecate to help communicate it to developers. Perhaps we could search github for projects using it and open an issue for them?
What would be the reason for this change? |
Good points for keeping
My thinking was around enabling "privacy by default", where dapps have no access to IPFS node unless user granted access. Rationale:
|
Presumably you'd need permission to add something first to become a provider for that content? ...I appreciate that isn't the point and that there will be other ways to exploit things like this that we haven't considered. I also think this will encourage people to swtich to using |
This change means no command can be run without explicit approval from the user. Rationale can be found in #619 (comment)
This change means no command can be run without explicit approval from the user. Rationale can be found in #619 (comment)
18c98b7
to
756b177
Compare
Thanks, I've added deprecation warning to Does the text look ok?
Yeah, someone else could pre-generate unique CIDs and just request them and see who is the second provider. Anyway, I removed ACL whitelist and updated docs in 756b177. I'd like to ship it to Beta this week to start the clock ticking and continue in separate PR – any final feedback before we merge this? |
Continued in #589 |
This PR adds
await window.ipfs.enable(opts)
as the new way of obtaining IPFS API Proxy object. When provided with a list of commands it will request access rights in bulk and return a promise with IPFS API instance or throw an error (details below).The goal is to move away from synchronous way of accessing API instance and provide UX incentive for developers to use
window.ipfs.enable
instead of old API.This change is backward compatible, old API remains to be exposed on
window.ipfs
for the time being.ACL Management
When called without any arguments, command will just return API instance equal to the old
window.ipfs
or throw an error if IPFS Proxy is disabled in Preferences.When called with options object (eg.
{ commands: ['id','peers'] }
) ACLs for specified commands will be validated:with a single prompt dialog that lists all requested permissions and URL
that requests them
prompt
and all future executions (unless user removed scope from blacklist)
To keep change set small I'd like to merge this as-is and work on "Future TODOs" (below) in separate PRs.
Tasks
window.ipfs.enable
.enable()
(no parms) and keep no-dialog for things likeipfs.cat
or display no initial dialog but prompt every api insteadwindow.ipfs.enable({commands: ['id','version'] })
experiments
await window.ipfs.enable({ experiments: { ipfsx: true } })
will returnipfsx
version of the APIwindow.ipfs
Open Questions
window.ipfsProxy.enable
? (to avoid breaking websites that manually detectwindow.ipfs
and executewindow.ipfs.<command>
) or is it enough to deprecate old use for 3 months and then remove support for old ways?window.ipfs.enable
should we require permission from user for all commands? (remove acl-whitelist for things likedag.get
?)Future TODOs (separate PRs)
window.ipfs
injection via manifest in Chromiumwindow.ipfs.enable
we should revisitwindow.ipfs
injection via manifest in Chromiumwindow.ipfs.enable
we should revisitwindow.ipfs
window.ipfs
window.ipfs.enable()