MetaMask · jiexi · Jun 27, 2024 · Jun 3, 2024 · Jun 3, 2024 · Jun 5, 2024
@@ -0,0 +1,6 @@
+{
+  "externally_connectable": {
+    "matches": ["http://*/*", "https://*/*"],
+    "ids": ["*"]
+  }
+}
@@ -0,0 +1,6 @@
+{
+  "externally_connectable": {
+    "matches": ["http://*/*", "https://*/*"],
+    "ids": ["*"]
+  }
+}
@@ -178,7 +178,8 @@ const sendReadyMessageToTabs = async () => {
 
 // These are set after initialization
 let connectRemote;
-let connectExternal;
+let connectExternalLegacy;
+let connectExternalCaip;
 
 browser.runtime.onConnect.addListener(async (...args) => {
   // Queue up connection attempts here, waiting until after initialization
@@ -191,7 +192,13 @@ browser.runtime.onConnectExternal.addListener(async (...args) => {
   // Queue up connection attempts here, waiting until after initialization
   await isInitialized;
   // This is set in `setupController`, which is called as part of initialization
-  connectExternal(...args);
+  const port = args[0];
+
+  if (port.sender.tab?.id && process.env.BARAD_DUR) {
+    connectExternalCaip(...args);
+  } else {
+    connectExternalLegacy(...args);
+  }
 });
 
 function saveTimestamp() {
@@ -496,6 +503,47 @@ function emitDappViewedMetricEvent(
   }
 }
 
+/**
+ * Track dapp connection when loaded and permissioned
+ *
+ * @param {Port} remotePort - The port provided by a new context.
+ * @param {object} preferencesController - Preference Controller to get total created accounts
+ * @param {object} permissionController - Permission Controller to check if origin is permitted
+ */
+function trackDappView(
+  remotePort,
+  preferencesController,
+  permissionController,
+) {
+  if (!remotePort.sender || !remotePort.sender.tab || !remotePort.sender.url) {
+    return;
+  }
+  const tabId = remotePort.sender.tab.id;
+  const url = new URL(remotePort.sender.url);
+  const { origin } = url;
+
+  // store the orgin to corresponding tab so it can provide infor for onActivated listener
+  if (!Object.keys(tabOriginMapping).includes(tabId)) {
+    tabOriginMapping[tabId] = origin;
+  }
+  const connectSitePermissions = permissionController.state.subjects[origin];
+  // when the dapp is not connected, connectSitePermissions is undefined
+  const isConnectedToDapp = connectSitePermissions !== undefined;
+  // when open a new tab, this event will trigger twice, only 2nd time is with dapp loaded
+  const isTabLoaded = remotePort.sender.tab.title !== 'New Tab';
+
+  // *** Emit DappViewed metric event when ***
+  // - refresh the dapp
+  // - open dapp in a new tab
+  if (isConnectedToDapp && isTabLoaded) {
+    emitDappViewedMetricEvent(
+      origin,
+      connectSitePermissions,
+      preferencesController,
+    );
+  }
+}
+
 /**
  * Initializes the MetaMask Controller with any initial state and default language.
  * Configures platform-specific error reporting strategy.
@@ -693,27 +741,11 @@ export function setupController(
         const url = new URL(remotePort.sender.url);
         const { origin } = url;
 
-        // store the orgin to corresponding tab so it can provide infor for onActivated listener
-        if (!Object.keys(tabOriginMapping).includes(tabId)) {
-          tabOriginMapping[tabId] = origin;
-        }
-        const connectSitePermissions =
-          controller.permissionController.state.subjects[origin];
-        // when the dapp is not connected, connectSitePermissions is undefined
-        const isConnectedToDapp = connectSitePermissions !== undefined;
-        // when open a new tab, this event will trigger twice, only 2nd time is with dapp loaded
-        const isTabLoaded = remotePort.sender.tab.title !== 'New Tab';
-
-        // *** Emit DappViewed metric event when ***
-        // - refresh the dapp
-        // - open dapp in a new tab
-        if (isConnectedToDapp && isTabLoaded) {
-          emitDappViewedMetricEvent(
-            origin,
-            connectSitePermissions,
-            controller.preferencesController,
-          );
-        }
+        trackDappView(
+          remotePort,
+          controller.preferencesController,
+          controller.permissionController,
+        );
 
         remotePort.onMessage.addListener((msg) => {
           if (
@@ -724,22 +756,60 @@ export function setupController(
           }
         });
       }
-      connectExternal(remotePort);
+      connectExternalLegacy(remotePort);
     }
   };
 
   // communication with page or other extension
-  connectExternal = (remotePort) => {
+  connectExternalLegacy = (remotePort) => {
+    const portStream =
+      overrides?.getPortStream?.(remotePort) || new PortStream(remotePort);
+    controller.setupUntrustedCommunicationLegacy({
+      connectionStream: portStream,
+      sender: remotePort.sender,
+    });
+  };
+
+  connectExternalCaip = async (remotePort) => {
+    if (metamaskBlockedPorts.includes(remotePort.name)) {
+      return;
+    }
+
+    // this is triggered when a new tab is opened, or origin(url) is changed
+    if (remotePort.sender && remotePort.sender.tab && remotePort.sender.url) {
+      const tabId = remotePort.sender.tab.id;
+      const url = new URL(remotePort.sender.url);
+      const { origin } = url;
+
+      trackDappView(
+        remotePort,
+        controller.preferencesController,
+        controller.permissionController,
+      );
+
+      // TODO: remove this when we separate the legacy and multichain rpc pipelines
+      remotePort.onMessage.addListener((msg) => {
+        if (
+          msg.type === 'caip-x' &&
+          msg.data &&
+          msg.data.method === MESSAGE_TYPE.ETH_REQUEST_ACCOUNTS
+        ) {
+          requestAccountTabIds[origin] = tabId;
+        }
+      });
+    }
+
     const portStream =
       overrides?.getPortStream?.(remotePort) || new PortStream(remotePort);
-    controller.setupUntrustedCommunication({
+
+    controller.setupUntrustedCommunicationCaip({
       connectionStream: portStream,
       sender: remotePort.sender,
     });
   };
 
   if (overrides?.registerConnectListeners) {
-    overrides.registerConnectListeners(connectRemote, connectExternal);
+    overrides.registerConnectListeners(connectRemote, connectExternalLegacy);
   }
 
   //

@@ -214,6 +214,7 @@ import {
   getSmartTransactionsOptInStatus,
   getCurrentChainSupportsSmartTransactions,
 } from '../../shared/modules/selectors';
+import { createCaipStream } from '../../shared/modules/caip-stream';
 import {
   ///: BEGIN:ONLY_INCLUDE_IF(build-mmi)
   handleMMITransactionUpdate,
@@ -4783,7 +4784,7 @@ export default class MetamaskController extends EventEmitter {
    * @param {MessageSender | SnapSender} options.sender - The sender of the messages on this stream.
    * @param {string} [options.subjectType] - The type of the sender, i.e. subject.
    */
-  setupUntrustedCommunication({ connectionStream, sender, subjectType }) {
+  setupUntrustedCommunicationLegacy({ connectionStream, sender, subjectType }) {
     const { completedOnboarding } = this.onboardingController.store.getState();
     const { usePhishDetect } = this.preferencesController.store.getState();
 
@@ -4831,6 +4832,31 @@ export default class MetamaskController extends EventEmitter {
     }
   }
 
+  /**
+   * Used to create a CAIP stream for connecting to an untrusted context.
+   *
+   * @param options - Options bag.
+   * @param {ReadableStream} options.connectionStream - The Duplex stream to connect to.
+   * @param {MessageSender | SnapSender} options.sender - The sender of the messages on this stream.
+   * @param {string} [options.subjectType] - The type of the sender, i.e. subject.
+   */
+
+  setupUntrustedCommunicationCaip({ connectionStream, sender, subjectType }) {
+    let _subjectType;
+    if (subjectType) {
+      _subjectType = subjectType;
+    } else if (sender.id && sender.id !== this.extension.runtime.id) {
+      _subjectType = SubjectType.Extension;
+    } else {
+      _subjectType = SubjectType.Website;
+    }
+
+    const caipStream = createCaipStream(connectionStream);
+
+    // messages between subject and background
+    this.setupProviderConnection(caipStream, sender, _subjectType);
+  }
+
   /**
    * Used to create a multiplexed stream for connecting to a trusted context,
    * like our own user interfaces, which have the provider APIs, but also
@@ -5032,7 +5058,7 @@ export default class MetamaskController extends EventEmitter {
    * @param connectionStream
    */
   setupSnapProvider(snapId, connectionStream) {
-    this.setupUntrustedCommunication({
+    this.setupUntrustedCommunicationLegacy({
       connectionStream,
       sender: { snapId },
       subjectType: SubjectType.Snap,

@@ -270,6 +270,8 @@ env:
   - BLOCKAID_PUBLIC_KEY
   # Determines if feature flagged Multichain Transactions should be used
   - TRANSACTION_MULTICHAIN: ''
+  # Determines if Barad Dur features should be used
+  - BARAD_DUR: ''
   # Determines if feature flagged Chain permissions
   - CHAIN_PERMISSIONS: ''
   # Enables use of test gas fee flow to debug gas fee estimation

@@ -9,6 +9,9 @@ const IS_MV3_ENABLED =
 const baseManifest = IS_MV3_ENABLED
   ? require('../../app/manifest/v3/_base.json')
   : require('../../app/manifest/v2/_base.json');
+const baradDurManifest = IS_MV3_ENABLED
+  ? require('../../app/manifest/v3/_barad_dur.json')
+  : require('../../app/manifest/v2/_barad_dur.json');
 const { loadBuildTypesConfig } = require('../lib/build-type');
 
 const { TASKS, ENVIRONMENT } = require('./constants');
@@ -41,6 +44,7 @@ function createManifestTasks({
         );
         const result = mergeWith(
           cloneDeep(baseManifest),
+          process.env.BARAD_DUR ? cloneDeep(baradDurManifest) : {},
           platformModifications,
           browserVersionMap[platform],
           await getBuildModifications(buildType, platform),

@@ -0,0 +1,81 @@
+import { Duplex, PassThrough } from 'readable-stream';
+import { createDeferredPromise } from '@metamask/utils';
+import { createCaipStream } from './caip-stream';
+
+const writeToStream = async (stream: Duplex, message: unknown) => {
+  const { promise: isWritten, resolve: writeCallback } =
+    createDeferredPromise();
+
+  stream.write(message, () => writeCallback());
+  await isWritten;
+};
+
+export const readFromStream = (stream: Duplex): unknown[] => {
+  const chunks: unknown[] = [];
+  stream.on('data', (chunk: unknown) => {
+    chunks.push(chunk);
+  });
+
+  return chunks;
+};
+
+class MockStream extends Duplex {
+  chunks: unknown[] = [];
+
+  constructor() {
+    super({ objectMode: true });
+  }
+
+  _read() {
+    return undefined;
+  }
+
+  _write(
+    value: unknown,
+    _encoding: BufferEncoding,
+    callback: (error?: Error | null) => void,
+  ) {
+    this.chunks.push(value);
+    callback();
+  }
+}
+
+describe('CAIP Stream', () => {
+  describe('createCaipStream', () => {
+    it('pipes and unwraps a caip-x message from source stream to the substream', async () => {
+      const sourceStream = new PassThrough({ objectMode: true });
+      const sourceStreamChunks = readFromStream(sourceStream);
+
+      const providerStream = createCaipStream(sourceStream);
+      const providerStreamChunks = readFromStream(providerStream);
+
+      await writeToStream(sourceStream, {
+        type: 'caip-x',
+        data: { foo: 'bar' },
+      });
+
+      expect(sourceStreamChunks).toStrictEqual([
+        { type: 'caip-x', data: { foo: 'bar' } },
+      ]);
+      expect(providerStreamChunks).toStrictEqual([{ foo: 'bar' }]);
+    });
+
+    it('pipes and wraps a message from the substream to the source stream', async () => {
+      // using a fake stream here instead of PassThrough to prevent a loop
+      // when sourceStream gets written back to at the end of the CAIP pipeline
+      const sourceStream = new MockStream();
+
+      const providerStream = createCaipStream(sourceStream);
+
+      await writeToStream(providerStream, {
+        foo: 'bar',
+      });
+
+      // Note that it's not possible to verify the output side of the internal SplitStream
+      // instantiated inside createCaipStream as only the substream is actually exported
+      expect(sourceStream.chunks).toStrictEqual([
+        { type: 'caip-x', data: { foo: 'bar' } },
+      ]);
+    });
+  });
+});