Skip to content

Refactor: expose only signBytes for implementation #1589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Refactor: expose only signBytes for implementation #1589

wants to merge 13 commits into from

Conversation

AlexKushnir1
Copy link
Contributor

@AlexKushnir1 AlexKushnir1 commented Jun 19, 2025
edited
Loading

Pre-flight checklist

  • I have read the Contributing Guidelines on pull requests.
  • Commit messages follow the conventional commits spec
  • If this is a code change: I have written unit tests.
  • If this changes code in a published package: I have run pnpm changeset to create a changeset JSON document appropriate for this change.
  • If this is a new API or substantial change: the PR has an accompanying issue (closes #0000) and the maintainers have approved on my working plan.

Motivation

Provide abstract class Signer that has only two methods to implement signBytes and getPublickKey, while implementing many signature methods. That way, the flow stays consistent, and users only focus on the actual signing step

Test Plan

Added unit tests to verify the correctness of the NEP-413 payload hash generation and signature logic:

  • Hash Generation Test
  • Signature Verification Test

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 19, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 773491e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 15 packages
Name Type
@near-js/signers Major
@near-js/cookbook Major
@near-js/accounts Major
@near-js/biometric-ed25519 Major
@near-js/client Major
@near-js/crypto Major
@near-js/iframe-rpc Major
@near-js/keystores-browser Major
@near-js/keystores-node Major
@near-js/keystores Major
@near-js/providers Major
@near-js/tokens Major
@near-js/transactions Major
@near-js/types Major
@near-js/utils Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-project-automation github-project-automation bot moved this to NEW❗ in DevTools Jun 19, 2025
@denbite
Copy link
Contributor

denbite commented Aug 3, 2025

@AlexKushnir1 I agree with the idea that end users shouldn't handle signature verification themselves, yet the current approach still leaves room for mistakes, like forgetting to call getPayloadHashForNEP413 inside signNep413Message

one alternative could be to move all the logic into the abstract Signer class and expose just a protected signMessagePayload(bytes: Uint8Array) method for end users to implement - that way, the flow stays consistent, and users only focus on the actual signing step

fix: ensure user only focus on the signing step
f2d84af 
Users should not handle the logic for preparing the message payload.
@AlexKushnir1
Copy link
Contributor Author

Hey @denbite! Thanks for pointing out that inaccuracy — it's been fixed. I hope this is the kind of solution you had in mind!

AlexKushnir1
AlexKushnir1 commented Aug 5, 2025
View reviewed changes
packages/signers/src/signer.ts
accountId: accountId,
publicKey: await this.getPublicKey(),
signature: signature,
state: params.callbackUrl,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@denbite I add state as param.callBackUrl, is that expected logic?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

according to the NEP doc, a browser wallet should pass the state parameter as a query parameter in the callbackUrl, so we need to parse it out of callbackUrl and return it to a user if present

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO it works as it should now.
Previosly the state was just ignored:

return {
    accountId: accountId,
    publicKey: pk,
    signature: signature,
};

denbite
denbite requested changes Aug 20, 2025
View reviewed changes
packages/signers/src/signer.ts
accountId: accountId,
publicKey: await this.getPublicKey(),
signature: signature,
state: params.callbackUrl,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

according to the NEP doc, a browser wallet should pass the state parameter as a query parameter in the callbackUrl, so we need to parse it out of callbackUrl and return it to a user if present

@AlexKushnir1 AlexKushnir1 requested a review from denbite August 20, 2025 08:51
@AlexKushnir1 AlexKushnir1 changed the title Separate NEP-413 payload hash logic into a utility function Refactor: expose only signBytes for implementation Aug 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denbite denbite Awaiting requested review from denbite

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
DevTools
Status: NEW❗
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlexKushnir1 @denbite