XSWD Protocol

[Slixe]

Description

XSWD (X Secure WebSocket DApp) Protocol is a way to interact securely with any dApp from any website and remove the dependency of using current DERO RPC Bridge extension.

This protocol use WebSocket from which dApps will connect and authenticate by sending some informations for the user. The user basically have to give each time a permission for each action (accepting a new connection from a dApp and a request to access to data from wallet).

User can give one of few permissions:

• Deny: request will be canceled as user don't accept it
• Allow: request will be accepted one time
• AllowAlways: request will be always accepted until changed
• DenyAlways: request will be always rejected until changed

This wrap the current JSON-RPC functions under a "ask to access" WS protocol.

It will be easily integrated and managed through commands in CLI wallet to enable/disable XSWD Server and manage permissions of connected dApps.

XSWD also play the role of proxy for daemon requests. So it's a all-in one API for developers to easily integrate DERO in their services/dApp. When a request is done to the daemon, because there is no sensitive data as all data available are those from the chains only, the user is not requested to set a permission for them.

In future, XSWD will also be able to sign the ApplicationData which contains configured permissions by user for RPC methods if its accepted by the user when requested by the dApp. This will allow to maintains the configuration between two sessions of using the same dApp.

Type of change

Please select the right one.

• [ ] Bug fix (non-breaking change which fixes an issue)
• [X] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
• [X] This change requires a documentation update
• [ ] This will require a HardFork to be enabled

Which part is impacted ?

• [X] Wallet
• [ ] Daemon
• [ ] Miner
• [ ] Explorer
• [ ] Simulator
• [ ] Misc (documentation, comments, text...)

Checklist:

• [X] I have performed a self-review of my code
• [ ] I have commented my code, particularly in hard-to-understand areas
• [ ] My changes generate no new warnings

License

Im am contributing & releasing the code under DERO Research License (which can be found here).

[CaptainDero]

Good work, Reviewing it.

[Slixe]

XSWD has also a notification event system included (and its generic, so through code you can register listeners too)

[Slixe]

First message send to the WS is following:

{
    "id": "ed606a2f4c4f499618a78ff5f7c8e51cd2ca4d8bfa7e2b41a27754bb78b1df1f",
    "name": "DEROSwap",
    "description": "DEROSwap allows you to easily swap any token on chain",
    "url": "https://deroswap.io"
}

Then after you can do any traditionnal rpc method.

XSWD also has a support for custom RPC methods in case of extended wallets or features.

[Slixe]

JS/TS API to test XSWD protocol: https://www.npmjs.com/package/xswd-api

[Slixe]

XSWD is now available in simulator with --use-xswd option launch.

[Slixe]

Changed to dev