Deploying Solidity Smart Contract via Angular Frontend - blockchain

We have created an Admin to access all the Contract Methods, but now we also need one-click deployment from the Admin for different business scenarios. We need a remix Ide kind of interface in our Admin where an admin user can paste their smart contract and can deploy via the frontend itself using Metamask. Is there any way to achieve this?
I understand the backend would also be needed for Compilation and Bytecode generation that's not an issue but it should work without asking for the private key. From deployer.
It should work like this:
Login to Admin portal.
Go to Add Contract and paste the Contract.
Some validations/compilation from backend.
After clicking Deploy it should ask Metamask to deploy rather than deploying from backend with private key.

You can compile a contract on frontend as well, using the solc NPM package.
Note that the GitHub repo is called solc-js but the NPM package is just solc. There's another NPM package called solc-js which seems to be abandoned.
Contract deployment is nothing else than sending a transaction with specific params. Specifically, the to field is omitted, and the data field is the compiled bytecode.
You can request MetaMask to sign a transaction:
const params: [{
from: '0x<userAddress>',
data: '0x<contractBytecode>',
}];
const txHash = await ethereum.request({
method: 'eth_sendTransaction',
params,
})
To get their address, you need them first to connect MetaMask to your app.

Related

How to deal with "Only the owner of the contract can update the smart contract"

I am developing a smart contract that holds user information. The problem is that when I try to update the user information from the address that did not deployed the contract, the request is successful but there is no change in the user information. But when I change the user information from the address that deployed the contract it changes the user's information for all the users. Like the change is reflected on all the accounts regardless of the account being different.
function setUserName(string memory _userName) public {
users[msg.sender].userName = _userName;
}
This is my function that updates the user info. I believe that "msg.sender" is the one that is calling the contract and not the one that deployed the contract. I am using metamask and ganache for accounts. The first account is added to metamask in chrome browser and the second account is added to metamask in mozilla firefox.
Steps to reproduce username bug:
Open two different browsers
Start ganache server
In browser one add first address's private key to the metamask in
order to add ETH
In browser two add second address's private key to the metamask in
order to add ETH
Deploy the contracts with " truffle migrate --reset "
It will migrate the contracts with the first address in ganache
From the browser two try to update the username. You will se that
the update was successful but the username was not update (even
after refresh).
Now from browser one update the username by going to the settings
page. You will see that the username is updated and this change is
also reflected on the browser two, regardless of the address being
changed from the browser one's.
Same happens when we try to obtain points by exchanging tokens. From browser one the request is successful but from browser two it throws an error indicating that "ERC20: transfer amount exceeds balance". Even the user has token in their account.
The problem was the data was being saved correctly but when fetching the records solidity was assigning msg.sender to the creator of the contract not the one who sent the transaction. So, in order to deal with this I am sending the user address from frontend in the call function and receiving the address as a parameter in the respective functions. So instead of using the msg.sender I am using the address that I am receiving from frontend.

Separating user pools for JavaScript AWS Amplify SDK / AWS Cognito based authentication in React app

I have a React-native web application working with the authentication completely based on a user pool managed by AWS Cognito. All the authentication-related screens (login, registration, change password) are managed by AWS Amplify JavaScript SDK. There is almost no custom client code.
We face the following requirement: we need to separate the user pools between the development and the production: 2 flavors of the same application (same code) need to use different pools managed inside AWS Cognito.
What is needed to achieve such a configuiration?
Specifically, we have an auto-generated (long time ago) aws-exports.js file which looks like:
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.
const awsmobile = {
"aws_project_region": "us-east-1",
"aws_cognito_identity_pool_id": "us-east-1:[id]",
"aws_cognito_region": "us-east-1",
"aws_user_pools_id": "us-east-1_[id]",
"aws_user_pools_web_client_id": "[id]",
"oauth": {}
};
export default awsmobile;
The ID set for "aws_user_pools_id" is indeed the ID of the pool we manage in Cognito.
The source code loading this data looks like:
import Amplify, { Auth } from 'aws-amplify';
import awsconfig from '../aws-exports';
Amplify.configure(awsconfig);
Auth.configure(awsconfig);
What needs to be done? Seems like overriding the auto-generated file is not a good idea.
Should we just fix the "aws_user_pools_id" value, before calls to .configure()?
Do we need to have multiple "aws_cognito_identity_pool_id" and/or "aws_user_pools_web_client_id" (under this scenario), or we can share the values between the configurations?
If there is a good documentation on "how to", I will appreciate the reference.
Thanks in advance.
Max.
Assuming you are using the amplify cli you should use environments as shown here. The aws-exports.js file should not be committed to git. Instead it should be generated and kept up to date using amplify pull

How to integrate OAuth2 with back- and frontend

I'm learning OAuth2 to integrate a 3rd party provider like Facebook or Github. But I'm struggling with finding resources that describe how to integrate it when you're building an app with both a back- and frontend.
In this example, let's pretend a have frontend (myfrontend.com) running something like Vue.js. And a backend (mybackend.com) running something like Django. And a 3rd party provider like GitHub.
My idea is to use this flow:
Front end redirect's to providers Authorize url. example: https://github.com/login/oauth/authorize?client_id=<client_id>&redirect_uri=https://mybackend.com/callback?return-to=https://myfrontend.com/home.
If the user authorizes, backend receives code in /callback.
Backend sends authentication request (serverside) with code to get access_token to 3rd party provider.
Backend creates a user if it doesn't exist yet and saves access_token associated with that user.
Backend creates a new local token for the user (for authenticating to mybackend.com) (JWT or OAuth2).
Backend redirects to https://myfrontend.com/home (specified in first url) with token in body.
Frontend receives token and saves in in local storage.
When the frontend requires a resource from GitHub a behalf of the user, a request is sent to my backend which in turn uses the save access_token and requests the resource from GitHub.
My question is this:
Is this flow safe or should I reconsider?
in step 6, do I have to make sure that redirect-url is to my domain myfrontend.com. Feels like it would leave a security flaw if you check this in a bad way.

Authcode for Alexa BDD Tests using LWA

During Accountlinking, Alexa server initiates a Acceptgrant API with its Authcode so that it can be exchanged to Access Token. I want to test my API which accepts the Authcode
(postman or BDD Tests). How can we generate this ? It would be really helpful for automated tests.
I have tried LWA with AWS JS SDK. We need to whitelist the server in security profile. This basically opens a browser instance and appends a Authcode to the redirect_uri. Is there any other way than this? I read about CLI where we can get accesstoken but not authcode.
Also when we create a skill it generates a ClientId. Are there any security profiles for this ClientId ? How can I whitelist my server for this ClientId ? I didnt find a way to link this client ID to security profile.
Some more info:
I will elaborate a bit more. Basically Alexa sends a AcceptGrant directive during account linking when user enables the skill from alexa UI. AcceptGrant consists of Authcode so that User/bussiness(smart device manufacturer cloud) can get accesstoken using LWA. So now the bussiness has API exposed which accepts a Authcode. Now i am trying to test this API. Currently i dont find a way to generate this token.
If i generate authcode with LWA flow , this requires a redirect_uri. But if i use the code which is sent by Alexa (during accountlinking flow) , it doesn't require redirect_uri. From this page
https://developer.amazon.com/docs/login-with-amazon/authorization-code-grant.html#access-token-request
if i use AWS JS SDK it doesnt require a redirect_uri for access_token request. When i tried AWS JS to generate authcode, i get an secuirty error asking user to whitelist the domain. And i dont find a way to whitelist the client_id of Alexa to a security profile.
In skill linking, linking out from a skill to a 3p server, Alexa handles the auth code exchange and retrieves the access token for you. The auth code is never exposed to the skill because you don't need it.
It's only good once. After that, you use the refresh token returned when the auth code was used.
Maybe if you describe the use case you're trying to accomplish and why you believe you need the code, it'll be possible to give you more useful help.

Deploy Logic App to different tenant fails with LinkedAuthorizationFailed error

I would like to deploy a Logic App from VS 2017 into another tenants subscription. I am the owner of the target resource group but I am still getting the LinkedAuthorizationFailed error when using the deploy functionally within VS2017.
10:40:41 - "error": {
10:40:41 - "code": "LinkedAuthorizationFailed",
10:40:41 - "message": "The client has permission to perform action 'Microsoft.Web/sites/functions/listSecrets/action' on scope '/subscriptions/XXXX/resourcegroups/XXXX/providers/Microsoft.Logic/workflows/LogicappName', however the current tenant 'XXXX' is not authorized to access linked subscription 'XXXX'."
10:40:41 - }
I can create and manage logic apps via the web portal. But it should also be somehow possible to deploy via VS or?
I was a co admin before and I thing it worked than, but I can't expect the client to make me a co admin just to deploy Logic Apps.
This error is not related to the permissions to deploy a Logic App , but to get the keys of an Azure Function that is being called within the Logic App. You need to check that you have the correct permissions not only to deploy onto the resource group you want to, but also to get the keys from the Azure Function you are calling from the Logic App.
HTH
In my case I had a wrong azure function linked within the logic app.
After fixing the wrong subscription i linked there the error went away.