Feat/multiple function access keys #156
Conversation
petersalomonsen
changed the title
|
@petersalomonsen I don't understand what is the intended flow here. I don't see "don't ask me again" checkbox, when I tried to "like" on DevHub, there was a popup prompt that redirected me to the wallet (MNW) with some unparsable transaction confirmation (it tried to display it as a function call confirmation but there was no function call). Please, record a screencast as otherwise I don't even understand how you see it can work. |
|
Sorry @frol I must have missed something when I published the first version. Unfortunately what you experienced was that you were not redirected to the wallet for the Here's a demonstration video as requested: https://youtu.be/0oG9_-KEi0Q?si=BEeUYz5E7wQApWNm |
|
@petersalomonsen This is a nice proof of concept, and I believe we should push it forward. Yet, there are a number of UX tweaks that need to be implemented:
I would expect to see:
3. Avoid refreshing the page after sending the transaction (once the access key is already there) - similarly to how it is done for SocialDB interactions (like on the NEAR Social feed does not refresh the page)
|
|
Thanks @frol , good to hear that we can move forward on this. I agree to all of your 3 points, and I've started working on the UX experience ( not using a browser prompt ). As you can see in the screenshot below, from my local dev environment, there's a checkbox to toggle if you want to create a function access key ( we can consider naming this "Don't ask me again", as you propose ): 
When you check that toggle, I'm now trying to include the function access key transaction, so that you don't loose the like or post you are about to confirm. So as you can see in the screenshot below, when checked, another transaction, the "addKey" is also showing. 
Not sure yet how to fix it so that the wallet says that "an application is requesting limited access to your account", but I'll try to figure that out. Also totally agree that we should not reload the page, but right now I think this involves work on the DevHub code to handle transaction feedback. Everything we have right now is based on the fact that the page is reloading ( after a completed transaction ). I'll see what I can do there, but it might have to be a separate issue for DevHUB after this feature for creating function access keys is merged to the VM codebase. Let me know what you think |
|
@frol @evgenykuzyakov I've done some UX tweaks now so that the adding of a new access key is part of the regular VM confirmation popup. Just as in the screenshots from the previous comment. Note that you only should tick the checkbox once, for the next calls you already have an access key stored, so you don't need to create it again. This might be confusing, so I will figure out how to make this more clear in the UI. "Don't ask again" might also be confusing since it could be misunderstood as you would not get the VM confirmation popup either. |
|
UX is improving bit by bit, so if you already have an access key stored, the popup will open with the checkbox checked, and also indicating which key that will be attempted for signing the transaction: 
|
@petersalomonsen That is how SocialDB interactions are done - they allow “don’t ask again” for the specific component interacting with SocialDB. From UX perspective, I believe it makes sense. Obviously, you don’t want to allow any component to interact with a contract on behalf of the user just because there is already an access key, but it doesn’t make a lot of sense to confirm every like with the popup either. Take inspiration from Social.set implementation |
Thanks @frol , that's a good point. I'll look into how Social.set is solved, and try avoiding the VM confirmation popup as well. |
|
Looks great! I would also suggest to have this checked by default: And I have a question when it's run out of function call key allowance, what will happen? |
|
@petersalomonsen On a general note, please, put yourself in the shoes of a regular user, they don't know about "access key" and why they would want to create one. |
|
yes @frol . I'm moving forward in the direction you proposed with "Don't ask again", and not even showing the confirmation popup in the VM. @ailisp When the key runs out of allowance, we should detect that and pop up the confirmation dialogs again. It might be good to provide some optional detailed information for the user to explain what is happening behind the scenes. |
|
@frol @ailisp See the updated progress. Now it's using the regular wallet login, it's executing the "pending" transaction after login. After that there is no need to confirm when posting or liking. Just for now I've added a small popup ( just for information ), that shows that there is a transaction going on ( not sure how we want to solve this yet ). Also see the new demo video of the flow: https://youtu.be/CuwWv1zAKf4?si=lBUi9kXxRrhVjv-s The preview URL also contains the latest version. What's remaining, as I see is:
|
|
Now the page does not reload after the transaction. |
src/lib/data/near.js
Outdated
| @@ -111,33 +172,42 @@ async function accountState(near, accountId) { | |||
| } | |||
|
|
|||
| async function sendTransactions(near, functionCalls) { | |||
| if (functionCalls.length == 1) { | |||
| const { contractName, methodName, args, gas, deposit } = functionCalls[0]; | |||
| //if (deposit == Big(0)) { | |||
There was a problem hiding this comment.
This check needs to be in place before merging, and also include the gas from the original transaction
src/lib/data/near.js
Outdated
| if ( | ||
| transactions[transactions.length - 1]?.receiverId !== contractName || | ||
| newTotalGas.gt(MaxGasPerTransaction) | ||
| ) { | ||
| transactions.push({ | ||
| receiverId: contractName, | ||
| actions: [], | ||
| actions: actions ?? [], |
There was a problem hiding this comment.
actions is not used. should be removed
src/lib/data/near.js
Outdated
| }); | ||
| currentTotalGas = gas; | ||
| } else { | ||
| currentTotalGas = newTotalGas; | ||
| } | ||
| transactions[transactions.length - 1].actions.push(action); | ||
| if (!actions) { |
There was a problem hiding this comment.
there will not be actions here.
src/lib/data/near.js
Outdated
| contractId: contractName, | ||
| methodName, | ||
| args, | ||
| //gas |
There was a problem hiding this comment.
need to include gas from the original transaction
|
These are remaining, but could maybe be separate issues?
|
Well, given that Social.set also lacks any indication on Pending transaction, indeed, we can address it across the board in a separate issue.
|
I hope it only whitelists interaction with the contract only for the given BOS component. We don't want random components on BOS to be able to interact with devhub contract without user's acknowledgement. Again, see 
(Also, let's use the same UI layout and message in both dialogs if possible)
Let's follow |
That's a good point. I did not think of that. So that's a remaining issue then before this can be merged, but I will look into it. |
|
Now I've fixed so that only interaction for the given BOS component is whitelisted, and you also only whitelist calling a specific method on the smart contract: 
Given all the changes, I do feel the need for setting up a testing framework for this now. Are there any automatic tests of the VM anywhere? |
|
@petersalomonsen I see it is moving in the right direction and we are close to completion. Please, review your PR yourself, see if you can re-use any parts from Social.set implementation, and mark it as ready for review |
|
Yes, the only thing I would like to see resolved before moving to ready for review is to remove deposit and set a lower gas amount in the devhub widgets as described here: NEAR-DevHub/neardevhub-bos#549 Then I will be able to remove the overriding of deposit / gas that I had to do for demo purposes as you can see here: I will also go over the code a few more times and look for reusing of existing code. |
petersalomonsen
force-pushed
the
feat/multiple-funciton-access-keys
branch
from
ea1823f
to
ede36f7
Compare
|
Overall, it's the right direction. Not sure about 2 things:
|
|
@petersalomonsen Thanks for the thorough testing.
Well, Sender has a different operation model and it breaks UX even for SocialDB interactions requiring explicit confirmation of every single transaction, so we cannot do anything here.
This is unexpected given that MeteorWallet is a browser wallet.
I expected all the wallets (except Sender) to support the most standard login flow :-( This rabbit hole is too deep. Please, create an issue on the Wallet Selector repo first and share it in the "NEAR Wallet Builder Group" |
|
@evgenykuzyakov I think this current state already brings reasonable improvements to UX even if with some UX glitches on some of the wallets, so I suggest finishing the review and merging it as it is now and improving iteratively. |
|
@frol Thanks for the feedback
That is done now: near/wallet-selector#1045 |
|
Just discussed with @Megha-Dev-19 that Near.call does not return anything today. This is already an issue with the wallets that does not redirect, but either open a separate window or extension for confirming the transaction. A widget does not have any way to know when a transaction is finished, or the result of it. With this PR, the cache will be invalidated when the transaction is finished. This helps a lot, since it will trigger re-rendering. It would be even better though, if Should I add a promise result to |
|
thanks @petersalomonsen for adding this, it helped me fixed other issues as well, now I can initiate an action after the user approves/reject the txn since the cache is invalidated. |
I think we should mimic Social.set behavior with the |
Thanks for reminding me, I had completely forgotten that I wrote that. There is already a PR for that also. |
There was a problem hiding this comment.
Looks good to me.
@evgenykuzyakov please, review once again
| async function createWalletConnectionForContract(near, contractId) { | ||
| const keyStore = getKeyStoreForContract(contractId); |
There was a problem hiding this comment.
We should probably check somewhere that the contractId doesn't match social.near (for the current network) to avoid some random issues.
There was a problem hiding this comment.
There is already such a check on functionCall ( see https://github.com/NearSocial/VM/pull/156/files#diff-cc75698545c1506b569386ec69e64f50d829fc759a7fb175b256b88630782859R179 )
There was a problem hiding this comment.
Do we check for this in the ConfirmTransaction?
There was a problem hiding this comment.
No. And I believe if call a function on social.near, you might be offered don't ask again. This could be solved by also adding this check to eligibleForDontAskAgain.
Do we want to not offer the don't ask again feature for calls to near.social?
There was a problem hiding this comment.
Yeah, let's not give this option for social.near.
|
In the latest commit, there's also a try/catch when sending the pending transaction, so that if the transaction fails, the page will still be loaded ( without this, the page would just be blank, and reloading would not help ). |
|
Please rebase to |
petersalomonsen
force-pushed
the
feat/multiple-funciton-access-keys
branch
from
39a70ed
to
24d3521
Compare
Rebased to |
|
Let's remove don't ask again for |
when sending transactions, offer to not ask for confirmation later for transactions calling the same contract and method
petersalomonsen
force-pushed
the
feat/multiple-funciton-access-keys
branch
from
24d3521
to
895a294
Compare
OK this is now implemented in the latest push, and can be tested here, where you see that calling 
|
Preview URL:
https://psalomobos.near.page/devhub.near/widget/app
Or see a demonstration video here:
https://youtu.be/CuwWv1zAKf4?si=lBUi9kXxRrhVjv-s
resolves #148 and NEAR-DevHub/neardevhub-bos#137