UNPKG

@argent/x-sessions

Version:

Manage sessions for Argent X wallets

github.com/argentlabs/x-sessions

argentlabs/x-sessions

242 lines (202 loc) 6.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
# Sessions Sessions can be used to send transactions from a dapp on behalf of a user without requiring their confirmation with a wallet. The user is guaranteed that the dapp can only execute transactions that comply to the policies of the session and until the session expires. ## Installation ```bash npm install @argent/x-sessions # or pnpm add @argent/x-sessions ``` ## Demo Dapp A demo dapp using both sessions and offchain sessions can be found here [https://github.com/argentlabs/session-keys-example-dapp](https://github.com/argentlabs/session-keys-example-dapp) # Session keys ## Creating an Argent session account First you need to have a deployed account. This is the account that will authorise the session and interact with the contracts of your dapp. To sign the session message the method needed is `createSession`. After the user sign the message, a session account can be created using `buildSessionAccount`. This example session will allow the dapp to execute an example endpoint on an example contract without asking the user to approve the transaction again. After signing the session the dapp can execute all transactions listed in `allowedMethods` whenever it wants and as many times as it wants. **The list of allowedMethods needs to be communicated with Argent, in order to be whitelisted.** ```typescript export interface AllowedMethod { "Contract Address": string selector: string } export type MetadataTxFee = { tokenAddress: string maxAmount: string } export type SessionMetadata = { projectID: string txFees: MetadataTxFee[] projectSignature?: Signature } type CreateSessionParams = { sessionKey?: Uint8Array // this is optional. This sdk generate a sessionKey using ec.starkCurve.utils.randomPrivateKey() if not provided allowedMethods: AllowedMethod[] expiry: bigint metaData: SessionMetadata } ``` The following snippet show how to create and use a session account ```typescript import { SignSessionError, CreateSessionParams, createSession, buildSessionAccount, bytesToHexString } from "@argent/x-sessions" import { ec } from "starknet" const privateKey = ec.starkCurve.utils.randomPrivateKey() const sessionKey: SessionKey = { privateKey: bytesToHexString(privateKey), publicKey: ec.starkCurve.getStarkKey(privateKey) } const sessionParams: CreateSessionParams = { sessionKey, allowedMethods: [ { "Contract Address": contractAddress, selector: "method_selector" } ], expiry: Math.floor( (Date.now() + 1000 * 60 * 60 * 24) / 1000 ) as any, // ie: 1 day sessionKey: ec.starkCurve.utils.randomPrivateKey(), metaData: { projectID: "test-dapp", txFees: [ { tokenAddress: ETHTokenAddress, maxAmount: parseUnits("0.1", 18).value.toString() } ] } } // create the session request to get the typed data to be signed const sessionRequest = createSessionRequest({ sessionParams, chainId }) // wallet is a StarknetWindowObject const authorisationSignature = await wallet.request({ type: "wallet_signTypedData", params: sessionRequest.sessionTypedData }) // open session and sign message const session = await createSession({ sessionRequest, // SessionRequest address, // Account address chainId, // StarknetChainId authorisationSignature // Signature }) const sessionAccount = await buildSessionAccount({ useCacheAuthorisation: false, // optional and defaulted to false, will be added in future developments session, sessionKey, provider: new RpcProvider({ nodeUrl: "https://starknet-sepolia.public.blastapi.io/rpc/v0_7", chainId: constants.StarknetChainId.SN_SEPOLIA }), argentSessionServiceBaseUrl: ARGENT_SESSION_SERVICE_BASE_URL // Optional: defaulted to mainnet url }) try { const tx = sessionAccount.execute({ // lets assume this is a erc20 contract contractAddress: "0x...", selector: "transfer", calldata: [ "0x..." // ... ] }) } catch (e) { console.error((e as SignSessionError).cause, e.message) } ``` ## Execute from outside Executing transactions “from outside” allows an account to submit transactions on behalf of a user account, as long as they have the relevant signatures. This package expose a method in order to get the Call required to perform an execution from outside. ```typescript const privateKey = ec.starkCurve.utils.randomPrivateKey() const sessionKey: SessionKey = { privateKey: bytesToHexString(privateKey), publicKey: ec.starkCurve.getStarkKey(privateKey) } const sessionParams: CreateSessionParams = { sessionKey, allowedMethods: [ { "Contract Address": contractAddress, selector: "method_selector" } ], expiry: Math.floor( (Date.now() + 1000 * 60 * 60 * 24) / 1000 ) as any, // ie: 1 day sessionKey: ec.starkCurve.utils.randomPrivateKey(), metaData: { projectID: "test-dapp", txFees: [ { tokenAddress: ETHTokenAddress, maxAmount: parseUnits("0.1", 18).value.toString() } ] } } // create the session request to get the typed data to be signed const sessionRequest = createSessionRequest({ sessionParams, chainId }) // wallet is a StarknetWindowObject const authorisationSignature = await wallet.request({ type: "wallet_signTypedData", params: sessionRequest.sessionTypedData }) // open session and sign message const session = await createSession({ sessionRequest, // SessionRequest address, // Account address chainId, // StarknetChainId authorisationSignature // Signature }) const sessionAccount = await buildSessionAccount({ useCacheAuthorisation: false, // optional and defaulted to false, will be added in future developments session, sessionKey, provider: new RpcProvider({ nodeUrl: "https://starknet-sepolia.public.blastapi.io/rpc/v0_7", chainId: constants.StarknetChainId.SN_SEPOLIA }), argentSessionServiceBaseUrl: ARGENT_SESSION_SERVICE_BASE_URL // Optional: defaulted to mainnet url }) // example for creating the calldata const erc20Contract = new Contract( Erc20Abi as Abi, ETHTokenAddress, sessionAccount ) const calldata = erc20Contract.populate("transfer", { recipient: address, amount: parseInputAmountToUint256(amount) }) // get execute from outside data const { contractAddress, entrypoint, calldata } = await createOutsideExecutionCall({ session, sessionKey, calls: [transferCallData], argentSessionServiceUrl: ARGENT_SESSION_SERVICE_BASE_URL network // values "mainnet" | "sepolia", default to "mainnet" }) const { signature, outsideExecutionTypedData } = await createOutsideExecutionTypedData({ session, sessionKey, calls: [transferCallData], argentSessionServiceUrl: ARGENT_SESSION_SERVICE_BASE_URL network // values "mainnet" | "sepolia", default to "mainnet" }) ```