github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-04-27 03:01:15 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,360 Commits 77 Branches 0 Tags
dee6eba5ff81d548de883bcce78b5a70875769ef
Commit Graph

6 Commits

Author SHA1 Message Date
Justin Hernandez
f29130587b Harden WebView bridge and asset serving across native shells (#1924) 
* security fix

* more security fixes

* fixes

* pr feedback

* Restore remote URL loading in native-shell-ios and native-shell-android

Remove bundled-asset-only loading and SHA-256 integrity checks from both
native shell packages. WebViews now load directly from the remote URL
(default: https://self-app-alpha.vercel.app) over HTTPS, matching the
pattern already implemented in kmp-sdk and self-sdk-swift.

Also fixes ObjC selector mismatch in self-sdk-swift WebViewProviderImpl
for configureRemoteLoading.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Restore remote URL loading in kmp-sdk and self-sdk-swift

Remove bundled-asset-only loading from kmp-sdk AndroidWebViewHost and
self-sdk-swift WebViewProviderImpl. Both now load directly from the
remote URL (default: https://self-app-alpha.vercel.app) over HTTPS.

Adds remoteWebAppBaseUrl to SelfSdkConfig and pipes it through
IosWebViewHost via the new configureRemoteLoading protocol method.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* coderabbit comments

* lint

* coderabbit comments

---------

Co-authored-by: seshanthS <seshanth@protonmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-07 22:39:27 +05:30
Justin Hernandez
9b8e081435 Add remote webview integrity checks (#1907) 
* Add remote webview integrity checks

* fixes

* feedback

* update tests; fix pipelines

* fix ci

* feat(webview): add subresource integrity (SRI) to build output

The SHA-256 remote integrity check only covers the entry HTML document.
Sub-resources (JS, CSS) loaded by that HTML were fetched without
integrity verification, allowing a compromised CDN to swap bundles.

Add a custom Vite plugin that injects SRI sha384 hashes into all
script and link tags in the built index.html. The browser natively
enforces these hashes, blocking any tampered sub-resources.

Includes tests verifying integrity attributes are present and that
hashes match the actual file contents on disk.

---------

Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
 2026-04-04 13:55:31 +10:00
Seshanth.S
37b8f0ca71 Scope KMP SDK to 3-domain parity (KR-01, KR-02, KR-03) (#1915) 
* KR-01: Scope KMP Android to 3-domain parity with provider delegation

Move SecureStorageProvider, CryptoProvider, and CryptoBridgeHandler to
commonMain so both platforms share the same contract. Add default Android
providers (EncryptedSharedPreferencesProvider, AndroidKeystoreCryptoProvider)
that consumers can replace via SdkProviderRegistry.

- Rewrite Android SecureStorageBridgeHandler to delegate to provider and
  fix get() response shape to return { value: string | null }
- Register only 3 handlers (secureStorage, crypto, lifecycle) in Activity
- Add WebChromeClient with permission and file upload handling
- Add query param support to WebView URL loading
- Add bridge protocol version validation to MessageRouter
- Remove NFC/camera/biometric dependencies from build.gradle.kts
- Remove out-of-scope permissions from AndroidManifest.xml
- Create IosProviderRegistry for iOS-specific provider fields

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* KR-02: Scope KMP iOS to 3-domain parity with query param support

Move SecureStorageBridgeHandler to commonMain (fixes iOS get() response
shape to return { value: string | null } matching the bridge adapter).
Both Android and iOS now share the same handler via commonMain.

- Register only 3 handlers on iOS (secureStorage, crypto, lifecycle)
- Add queryParams parameter to WebViewProvider interface
- Update IosWebViewHost to forward query params from VerificationRequest
- Update WebViewProviderImpl.swift to append query params to URL
- Relax isConfigured check to only require secureStorage + crypto + webView
- Remove unused handler imports from SelfSdk.ios.kt

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* KR-03: Simplify test app to 3-domain smoke harness

Gut the MRZ/NFC-first flow from the test app and replace with a focused
3-domain smoke test screen that validates secureStorage (set/get/remove
round-trip), crypto (generateKey/getPublicKey/sign/deleteKey), and
lifecycle (validated via SDK launch flow).

- Add DomainSmokeScreen with pass/fail output per domain
- Remove MRZ/NFC navigation routes and expect/actual screen declarations
- Remove NFC/CAMERA permissions from Android manifest
- Remove camera dependency from build.gradle.kts
- Scope iOS test app to register only required providers (secureStorage,
  crypto, webView)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Fix issues - test app

* coderabbit comments

* fix ci

* klint

* coderabbit review comments

* Enhance permission handling in AndroidWebViewHost

* fix registry

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Justin Hernandez <justin.hernandez@self.xyz>
 2026-04-03 11:45:07 -07:00
Seshanth.S
c5e3b03e42 Stitch tunnel flow screens with proving machine and recovery (#1896) 
* stitch tunnelflow screens

* save wip formatting

* add failure flow

* stub account recovery

* add tests

* add spec wv-17

* prep for review

* serialize

* fixes

* fix bug

* fix dev building

* fix: close Didit modal on completion, show KycPendingScreen while waiting (#1900)

- Close Didit SDK modal immediately when onComplete fires
- Show Euclid KycPendingScreen with animation while Socket.IO waits for TEE attestation
- Replaces generic spinner for the 'In Review' waiting state

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* navigate to disclose step on restore

* skip disclose confirmation screen

* Update Recovery flow

* Navigate to account recovery if TEE rejects it as already registered

* Navigate to disclose directly if the selected document is registered

* SELF-2348: Load webapp from url

* update sdk-test-app

* fix result from sdk

* fixes?

* fix build issue

* fix install pipeline

* carry pr feedback. fix formatting

---------

Co-authored-by: Justin Hernandez <justin.hernandez@self.xyz>
Co-authored-by: Nesopie <87437291+Nesopie@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-01 14:14:52 -07:00
Nesopie
2f2ec3abe6 Feat/didit webapp (#1882) 
* feat: replace Sumsub with Didit JS SDK in webview-app

- Add @didit-protocol/sdk-web, remove @sumsub/websdk
- Create diditProvider.ts with session creation + SDK launch
- Update ProviderLaunchScreen to use Didit embedded mode
- Delete sumsubProvider.ts and sumsub-websdk.d.ts

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: add Socket.IO attestation flow to webview KYC

After Didit JS SDK completes, connect Socket.IO to the TEE,
subscribe by sessionId, and wait for signed KYC data (attestation).
Emit ack_success for session cleanup. Attach attestation to the
provider result before navigating to the result screen.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: update TEE URL to kyc.self.xyz, update SDK test app README for Didit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: only route KYC (Other IDs) to Didit provider, others to Coming Soon

Passport, ID card, and Aadhaar require NFC/MRZ scanning which isn't
available in the WebView. Only "Other IDs" goes through the Didit
JS SDK flow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: Didit SDK full-width rendering and KYC routing

- Wire onNotListedPress to launch Didit for "View other supported IDs"
- Remove verificationId gate from ProviderLaunchScreen
- Switch to modal mode with CSS overrides for full-screen on mobile
- Force .shadow-card to 100% width/height in WebView context

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: add camera permissions and file upload to Android WebView

Add WebChromeClient to AndroidWebViewHost:
- onPermissionRequest: auto-grants camera for Didit SDK
- onShowFileChooser: opens system file picker for document upload
- SelfVerificationActivity handles file chooser result callback

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: gitignore Gradle build artifacts for native-shell-android

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: add runtime camera permission and CAMERA manifest declaration

- Add CAMERA permission to sdk-test-app AndroidManifest.xml
- Request runtime camera permission in onPermissionRequest before granting
- Handle permission result in SelfVerificationActivity
- Store pending PermissionRequest for async grant/deny after user response

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix ios camera

* fix: address CodeRabbit review findings

- Replace ngrok URL with kyc.self.xyz in Android and iOS test apps
- Fix file chooser hang when context is not an Activity
- Move NSCameraUsageDescription to project.yml (survives xcodegen regen)
- Delete manual Info.plist that would be overwritten

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: replace ngrok URL with kyc.self.xyz in diditProvider and diditAttestation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: explicitly disable Didit SDK debug logging

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: webview lint

* fix: validate origin and handle audio permission in WebView permission grants

- Deny permission requests from untrusted origins
- Deny instead of grant when context is not an Activity
- Handle RECORD_AUDIO alongside CAMERA for liveness checks
- Add RECORD_AUDIO to AndroidManifest.xml

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: seshanthS <seshanth@protonmail.com>
 2026-03-30 15:53:14 +05:30
Seshanth.S
60de8d6c1e Feat/webview sdk (#1856) 
* feat: add iOS native shell package (NSL-02)

Plain Swift implementation of the WebView host with bridge handlers
for secure storage (Keychain), crypto (EC P-256), and lifecycle.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: add Android native shell package (NSL-01)

Plain Kotlin implementation of the WebView host with bridge handlers
for secure storage (EncryptedSharedPreferences), crypto (Android Keystore
EC P-256), and lifecycle.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: integrate Sumsub Web SDK into ProviderLaunchScreen (WV-05)

Rewrites ProviderLaunchScreen to launch Sumsub Web SDK, adds KYC
provider types, result normalization, and a ProviderResultScreen
for displaying verification outcomes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs: update spec status for NSL-01, NSL-02, WV-05 to in-progress

All three items are code-complete but need integration testing
before marking done.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs: add build-pipeline workstream specs, update NSL-03 and BP-01 status

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: add WebView bundle build pipeline (BP-01)

Build script copies webview-app dist into both native shell asset
directories. Gradle preBuild validation fails fast when bundle is
missing. Root package.json gets build:sdk-* scripts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: add SDK test apps for Android and iOS (NSL-03)

Minimal test apps to exercise native shells end-to-end:
- Android: Jetpack Compose app using SelfSdk.launch() via composite build
- iOS: SwiftUI app using SelfSdk.createViewController() via local SPM dep

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* update lockfile

* fix: address CodeRabbit PR review findings for native shells

- Fix iOS double callback: add hasEmittedResult flag to LifecycleHandler
  so dismiss() won't fire onCancelled after onResult already emitted
- Fix Android error result codes: use RESULT_FIRST_USER for failed
  verifications instead of always RESULT_OK; add dedicated handler in
  SelfSdk.handleResult
- Fix iOS production query params: append params to file URL via
  URLComponents so WebView receives teeUrl/verificationId/userId
- Fix build:sdk-ios false-green: chain swift build after bundle script
- Add expectedRequestCode param to handleResult for flexibility
- Upgrade security-crypto 1.1.0-alpha06 → 1.1.0 stable
- Improve callback type safety: onSuccess takes raw JSON string,
  onFailure takes SelfSdkException instead of generic Exception
- Add requireBiometric intent comments to both SecureStorageHandlers

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address remaining CodeRabbit PR review findings (round 2)

- iOS BridgeResponse: add requestId/success fields, rename result→data to match JS bridge contract
- iOS test app: fix callback deallocation with Coordinator pattern
- ProviderLaunchScreen: fail closed on missing verificationId, fix retry via retryCount state
- ProviderResultScreen: guard unknown status with fallback to error config
- build-webview-bundle.sh: validate index.html before deleting targets
- Package.swift: fix SPM resource path with target path/sources

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-24 02:26:40 +05:30