Skip to content

return address type for contractoptions #5874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 3, 2025

Conversation

dirtycajunrice
Copy link
Contributor

@dirtycajunrice dirtycajunrice commented Jan 2, 2025


title: "[SDK/Dashboard/Portal] Feature/Fix: Concise title for the changes"

If you did not copy the branch name from Linear, paste the issue tag here (format is TEAM-0000):

Notes for the reviewer

Anything important to call out? Be sure to also clarify these in your comments.

How to test

Unit tests, playground, etc.


PR-Codex overview

This PR primarily focuses on correcting a typo in the regex for validating Ethereum addresses and enhancing type definitions for contract options to include an address type.

Detailed summary

  • Renamed ADRESS_REGEX to ADDRESS_REGEX in packages/thirdweb/src/utils/address.ts.
  • Simplified the logic in isAddress function.
  • Updated ContractOptions type to include a generic address type.
  • Modified ThirdwebContract type to use the new address type.
  • Updated getContract function to return ThirdwebContract<abi, Address>.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Copy link

changeset-bot bot commented Jan 2, 2025

⚠️ No Changeset found

Latest commit: fb307e9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link

vercel bot commented Jan 2, 2025

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs-v2 ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 3, 2025 10:38pm
thirdweb_playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 3, 2025 10:38pm
thirdweb-www ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 3, 2025 10:38pm
wallet-ui ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 3, 2025 10:38pm

Copy link
Contributor Author


How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions github-actions bot added Dashboard Involves changes to the Dashboard. Playground Changes involving the Playground codebase. Portal Involves changes to the Portal (docs) codebase. packages Ecosystem Portal Involves changes to the Ecosystem Portal SDK Involves changes to the thirdweb SDK labels Jan 2, 2025
const validApiKey = (apiKeys.data || []).find(
(apiKey) =>
(apiKey.domains.includes("*") ||
apiKey.domains.includes("embed.ipfscdn.io") ||

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
embed.ipfscdn.io
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 5 months ago

To fix the problem, we need to ensure that the domain check is performed on the parsed host value of the URL rather than using a substring match. This involves parsing the URL and checking if the host matches the allowed domains explicitly.

  1. Parse the URL to extract the host value.
  2. Use an explicit whitelist of allowed hosts to perform the check.
  3. Update the relevant code to use this new approach.
Suggested changeset 1
apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx b/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx
--- a/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx
+++ b/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx
@@ -219,7 +219,10 @@
 
-  const validApiKey = (apiKeys.data || []).find(
-    (apiKey) =>
-      (apiKey.domains.includes("*") ||
-        apiKey.domains.includes("embed.ipfscdn.io") ||
-        apiKey.domains.includes("*.ipfscdn.io")) &&
+  const validApiKey = (apiKeys.data || []).find((apiKey) => {
+    const allowedHosts = ["embed.ipfscdn.io", "*.ipfscdn.io"];
+    const isValidDomain = apiKey.domains.some((domain) => {
+      const parsedUrl = new URL(domain);
+      return allowedHosts.includes(parsedUrl.host);
+    });
+    return (
+      (apiKey.domains.includes("*") || isValidDomain) &&
       (apiKey.services || [])
@@ -227,4 +230,5 @@
         ?.actions.includes("read") &&
-      !!(apiKey.services || []).find((service) => service.name === "rpc"),
-  );
+      !!(apiKey.services || []).find((service) => service.name === "rpc")
+    );
+  });
 
EOF
@@ -219,7 +219,10 @@

const validApiKey = (apiKeys.data || []).find(
(apiKey) =>
(apiKey.domains.includes("*") ||
apiKey.domains.includes("embed.ipfscdn.io") ||
apiKey.domains.includes("*.ipfscdn.io")) &&
const validApiKey = (apiKeys.data || []).find((apiKey) => {
const allowedHosts = ["embed.ipfscdn.io", "*.ipfscdn.io"];
const isValidDomain = apiKey.domains.some((domain) => {
const parsedUrl = new URL(domain);
return allowedHosts.includes(parsedUrl.host);
});
return (
(apiKey.domains.includes("*") || isValidDomain) &&
(apiKey.services || [])
@@ -227,4 +230,5 @@
?.actions.includes("read") &&
!!(apiKey.services || []).find((service) => service.name === "rpc"),
);
!!(apiKey.services || []).find((service) => service.name === "rpc")
);
});

Copilot is powered by AI and may make mistakes. Always verify output.
Copy link
Contributor

github-actions bot commented Jan 2, 2025

size-limit report 📦

Path Size Loading time (3g) Running time (snapdragon) Total time
thirdweb (esm) 45.01 KB (-0.17% 🔽) 901 ms (-0.17% 🔽) 491 ms (+37.57% 🔺) 1.4 s
thirdweb (cjs) 110.93 KB (+0.08% 🔺) 2.3 s (+0.08% 🔺) 780 ms (-17.71% 🔽) 3 s
thirdweb (minimal + tree-shaking) 5.58 KB (0%) 112 ms (0%) 41 ms (+17.18% 🔺) 152 ms
thirdweb/chains (tree-shaking) 506 B (0%) 10 ms (0%) 12 ms (+17.16% 🔺) 22 ms
thirdweb/react (minimal + tree-shaking) 19.1 KB (-0.08% 🔽) 383 ms (-0.08% 🔽) 170 ms (+83.05% 🔺) 552 ms

Signed-off-by: greg <gregfromstl@gmail.com>
Signed-off-by: greg <gregfromstl@gmail.com>
@gregfromstl gregfromstl added the merge-queue Adds the pull request to Graphite's merge queue. label Jan 3, 2025
@gregfromstl gregfromstl merged commit 5cb8e3b into main Jan 3, 2025
27 of 29 checks passed
@gregfromstl gregfromstl deleted the 01-02-return_address_type_for_contractoptions branch January 3, 2025 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Dashboard Involves changes to the Dashboard. Ecosystem Portal Involves changes to the Ecosystem Portal merge-queue Adds the pull request to Graphite's merge queue. packages Playground Changes involving the Playground codebase. Portal Involves changes to the Portal (docs) codebase. SDK Involves changes to the thirdweb SDK
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants