import { JsonRpcEngine as IJsonRpcEngine, JsonRpcEngineNextCallback, JsonRpcEngineEndCallback, JsonRpcRequest, JsonRpcResponse, JsonRpcEngine } from 'json-rpc-engine'; import { BaseController } from '@metamask/controllers'; import { RpcCapInterface, CapabilitiesConfig, CapabilitiesState, IOriginMetadata, IPermissionsRequest, IRequestedPermissions, RpcCapDomainEntry, RpcCapDomainRegistry, IOriginString, PermittedJsonRpcMiddleware } from './src/@types'; export declare type AnnotatedJsonRpcEngine = { domain?: IOriginString; } & JsonRpcEngine; import { IOcapLdCapability, IOcapLdCaveat } from './src/@types/ocap-ld'; declare const JsonRpcEngine: any; export declare class CapabilitiesController extends BaseController implements RpcCapInterface { private safeMethods; private restrictedMethods; private requestUserApproval; private internalMethods; private caveats; private methodPrefix; private engine; constructor(config: CapabilitiesConfig, state?: Partial); serialize(): any; /** * Returns a capabilities middleware function bound to its parent * CapabilitiesController object with the given domain as its * first argument. * @param {string} domain the domain to bind the middleware to */ createBoundMiddleware(domain: string): PermittedJsonRpcMiddleware; /** * Returns a JsonRpcEngine with a single, bound capabilities middleware with * the given domain as its first argument. * See createBoundMiddleware for more information. * @param {string} domain the domain to bind the middleware to */ createPermissionedEngine(domain: string): IJsonRpcEngine; /** * Returns a nearly json-rpc-engine compatible method. * The one difference being the first argument should be * a unique string identifying the requesting agent/entity, * referred to as `domain` in the code. This allows the function * to be curried and converted into a normal json-rpc-middleware function. */ providerMiddlewareFunction(domain: IOriginMetadata, req: JsonRpcRequest, res: JsonRpcResponse, next: JsonRpcEngineNextCallback, end: JsonRpcEngineEndCallback): void; /** * Used for retrieving the key that manages the restricted method * associated with the current RPC `method` key. * * Used to support our namespaced method feature, which allows blocks * of methods to be hidden behind a restricted method with a trailing `_` character. * * @param method string - The requested rpc method. * @returns methodKey string */ getMethodKeyFor(method: string): string; executeMethod(domain: IOriginMetadata, req: JsonRpcRequest, res: JsonRpcResponse, next: JsonRpcEngineNextCallback, end: JsonRpcEngineEndCallback): void; createVirtualEngineFor(domain: IOriginMetadata): AnnotatedJsonRpcEngine; /** * Checks the permissions for the given domain, or an empty array. * * @param domain - The domain whose permissions to retrieve. * @returns The permissions for the domain. */ getPermissionsForDomain(domain: string): IOcapLdCapability[]; /** * Get the parent-most permission granting the requested domain's method permission. * Follows the delegation chain of the first matching permission found. * * @param {string} domain - The domain whose permission to retrieve. * @param {string} method - The method of the permission to retrieve. */ getPermission(domain: string, method: string): IOcapLdCapability | undefined; /** * Checks whether the given domain has permissions. * * @param domain - The domain to check. * @returns Whether the given domain has any permissions. */ hasPermissions(domain: string): boolean; /** * Checks whether the given domain has the given permission. * * @param domain - The domain to check. * @param method - The method of the permission to check for. * @returns Whether the given domain has the given permission. */ hasPermission(domain: string, method: string): boolean; /** * Gets current permissions request objects. * Useful for displaying information for user consent. */ getPermissionsRequests(): IPermissionsRequest[]; /** * Used for removing a permissions request from the permissions request array. * * @param requestId The id of the pending permissions request that no longer * requires user attention. */ removePermissionsRequest(requestId: string): void; setPermissionsRequests(permissionsRequests: IPermissionsRequest[]): void; /** * Used for granting a new set of permissions, * after the user has approved it. * * @param {string} domain - The domain receiving new permissions. * @param {IRequestedPermissions} approvedPermissions - An object of objects describing the granted permissions. * @param {JsonRpcResponse} res - The response. * @param {JsonRpcEngineEndCallback} end - The end function. */ grantNewPermissions(domain: string, approved: IRequestedPermissions, res: JsonRpcResponse, end: JsonRpcEngineEndCallback): void; getDomains(): RpcCapDomainRegistry; setDomains(domains: RpcCapDomainRegistry): void; /** * Gets the domain settings for the given IOriginString. * Returns a template RpcCapDomainEntry if no entry exists, but does NOT * store the settings. That is left to the consumer. * * @param {IOriginString} domain - The origin string of the domain. * @returns {RpcCapDomainEntry} - The settings for the domain. */ getOrCreateDomainSettings(domain: IOriginString): RpcCapDomainEntry; /** * Gets the domain settings for the given IOriginString, or undefined if * none exist. * * @param {IOriginString} domain - The origin string of the domain. * @returns {RpcCapDomainEntry | undefined} - The settings for the domain, * or undefined if none exist. */ getDomainSettings(domain: IOriginString): RpcCapDomainEntry | undefined; /** * Sets the domain identified by the given IOriginString. * If the domain has no permissions, its key will be deleted from the * controller's domains. * * @param {IOriginString} domain - The origin string of the domain. * @param {RpcCapDomainEntry} domainSettings - The associated domain settings. */ setDomain(domain: IOriginString, domainSettings: RpcCapDomainEntry): void; /** * Adds permissions to the given domain. Overwrites existing identical * permissions (same domain, and method). Other existing permissions * remain unaffected. * * @param {string} domainName - The grantee domain. * @param {Array} newPermissions - The unique, new permissions for the grantee domain. */ addPermissionsFor(domainName: string, newPermissions: { [methodName: string]: IOcapLdCapability; }): void; /** * Validates the given caveats (of a single permission). * If the caveats have names, they must be unique. * Returns true if valid, false otherwise. * * @param {IOcapLdCaveat[]} - The caveats to validate. */ validateCaveats(caveats: IOcapLdCaveat[]): boolean; /** * Validates the given caveat. Returns true if valid, false otherwise. * * @param {IOcapLdCaveat} - The caveat to validate. */ validateCaveat(caveat: IOcapLdCaveat): boolean; /** * Gets all caveats for the permission corresponding to the given domain and * method, or undefined if the permission or its caveats does not exist. * * @param {string} domainName - The grantee domain. * @param {string} methodName - The name of the method identifying the permission. */ getCaveats(domainName: string, methodName: string): IOcapLdCaveat[] | void; /** * Gets the caveat with the given name for the permission corresponding to the * given domain and method, or undefined if the permission or the target * caveat does not exist. * * @param {string} domainName - The grantee domain. * @param {string} methodName - The name of the method identifying the permission. * @param {string} caveatName - The name of the caveat to retrieve. */ getCaveat(domainName: string, methodName: string, caveatName: string): IOcapLdCaveat | void; /** * Adds the given caveat to the permission corresponding to the given domain * and method. Throws if the domain or method are unrecognized, or in case of * a caveat name collision. * * @param {string} domainName - The grantee domain. * @param {string} methodName - The name of the method identifying the permission. * @param {IOcapLdCaveat} caveat - The caveat to add. */ addCaveatFor(domainName: string, methodName: string, caveat: IOcapLdCaveat): void; /** * Updates the value of the caveat with the given name for the permission * corresponding to the given domain and method. Throws if the domain * or method are unrecognized, or if a caveat with the given name doesn't * exist. * * @param {string} domainName - The grantee domain. * @param {string} methodName - The name of the method identifying the permission. * @param {string} caveatName - The name of the caveat. * @param {any} caveatValue - The new value for the caveat. */ updateCaveatFor(domainName: string, methodName: string, caveatName: string, caveatValue: any): void; /** * Internal function used in addCaveatFor and updateCaveatFor. */ private _getPermissionForCaveat; /** * Internal function used in addCaveatFor and updateCaveatFor. */ private _validateAndUpdateCaveats; /** * Removes the specified permissions from the given domain. * * @param {string} domainName - The domain name whose permissions to remove. * @param {Array} permissionsToRemove - Objects identifying the permissions to remove. */ removePermissionsFor(domainName: string, permissionsToRemove: IOcapLdCapability[]): void; /** * Clear all domains (and thereby remove all permissions). */ clearDomains(): void; /** * Check if a request to requestPermissionsMiddleware is valid. */ validatePermissionsRequest(req: JsonRpcRequest): void; /** * The capabilities middleware function used for getting permissions for a * specific domain. */ getPermissionsMiddleware(domain: IOriginMetadata, _req: JsonRpcRequest, res: JsonRpcResponse, _next: JsonRpcEngineNextCallback, end: JsonRpcEngineEndCallback): void; /** * The capabilities middleware function used for requesting additional permissions from the user. */ requestPermissionsMiddleware(domain: IOriginMetadata, req: JsonRpcRequest, res: JsonRpcResponse, _next: JsonRpcEngineNextCallback, end: JsonRpcEngineEndCallback): void; } export {};