From 1fccc06e784eada8e8d8ee724b1d34fe2b726d3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Kvasnic=CC=8Ca=CC=81k?=
 <michal.kvasnicak@gmail.com>
Date: Thu, 19 Dec 2024 15:48:29 +0100
Subject: [PATCH] chore: do not store signer key

---
 .../frame-app-debugger-notifications.tsx      |  2 +-
 .../app/notifications/[namespaceId]/route.ts  | 22 +++++++++++++------
 packages/debugger/app/notifications/route.ts  |  4 +---
 .../debugger/app/notifications/storage.ts     |  3 ---
 .../FrameAppNotificationsManagerProvider.tsx  |  5 ++++-
 5 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/packages/debugger/app/components/frame-app-debugger-notifications.tsx b/packages/debugger/app/components/frame-app-debugger-notifications.tsx
index 273266336..1fa8fea78 100644
--- a/packages/debugger/app/components/frame-app-debugger-notifications.tsx
+++ b/packages/debugger/app/components/frame-app-debugger-notifications.tsx
@@ -9,7 +9,7 @@ import { useFrameAppNotificationsManagerContext } from "../providers/FrameAppNot
 import type { GETEventsResponseBody } from "../notifications/[namespaceId]/events/route";
 import { Button } from "@/components/ui/button";
 import { WithTooltip } from "./with-tooltip";
-import { UseFrameAppInIframeReturn } from "@frames.js/render/src/frame-app/iframe";
+import type { UseFrameAppInIframeReturn } from "@frames.js/render/frame-app/iframe";
 
 type FrameAppDebuggerNotificationsProps = {
   frameApp: Extract<UseFrameAppInIframeReturn, { status: "success" }>;
diff --git a/packages/debugger/app/notifications/[namespaceId]/route.ts b/packages/debugger/app/notifications/[namespaceId]/route.ts
index a1bfd6022..ca40488ac 100644
--- a/packages/debugger/app/notifications/[namespaceId]/route.ts
+++ b/packages/debugger/app/notifications/[namespaceId]/route.ts
@@ -19,22 +19,32 @@ export type NotificationUrl = {
 
 export type Notification = Omit<SendNotificationRequest, "tokens">;
 
+const privateKeyParser = z
+  .string()
+  .min(1)
+  .startsWith("0x")
+  .transform((val) => hexToBytes(val as Hex));
+
 const postRequestBodySchema = z.discriminatedUnion("action", [
   z.object({
     action: z.literal("add_frame"),
+    privateKey: privateKeyParser,
   }),
   z.object({
     action: z.literal("remove_frame"),
+    privateKey: privateKeyParser,
   }),
   z.object({
     action: z.literal("enable_notifications"),
+    privateKey: privateKeyParser,
   }),
   z.object({
     action: z.literal("disable_notifications"),
+    privateKey: privateKeyParser,
   }),
 ]);
 
-export type POSTNotificationsDetailRequestBody = z.infer<
+export type POSTNotificationsDetailRequestBody = z.input<
   typeof postRequestBodySchema
 >;
 
@@ -80,8 +90,6 @@ export async function POST(
     return Response.json({ message: "Not found" }, { status: 404 });
   }
 
-  const privateKey = hexToBytes(namespace.signerPrivateKey as Hex);
-
   switch (requestBody.data.action) {
     case "add_frame": {
       const notificationDetails = await storage.addFrame(namespace);
@@ -102,7 +110,7 @@ export async function POST(
       };
 
       sendEvent(event, {
-        privateKey,
+        privateKey: requestBody.data.privateKey,
         fid: namespace.fid,
         webhookUrl: namespace.webhookUrl,
       })
@@ -156,7 +164,7 @@ export async function POST(
 
       sendEvent(event, {
         fid: namespace.fid,
-        privateKey,
+        privateKey: requestBody.data.privateKey,
         webhookUrl: namespace.webhookUrl,
       })
         .then(() => {
@@ -212,7 +220,7 @@ export async function POST(
 
       sendEvent(event, {
         fid: namespace.fid,
-        privateKey,
+        privateKey: requestBody.data.privateKey,
         webhookUrl: namespace.webhookUrl,
       })
         .then(() => {
@@ -267,7 +275,7 @@ export async function POST(
 
       sendEvent(event, {
         fid: namespace.fid,
-        privateKey,
+        privateKey: requestBody.data.privateKey,
         webhookUrl: namespace.webhookUrl,
       })
         .then(() => {
diff --git a/packages/debugger/app/notifications/route.ts b/packages/debugger/app/notifications/route.ts
index 632306479..e31c8d0e3 100644
--- a/packages/debugger/app/notifications/route.ts
+++ b/packages/debugger/app/notifications/route.ts
@@ -10,7 +10,6 @@ import {
 const postRequestBodySchema = z.object({
   fid: z.coerce.number().int().positive(),
   frameAppUrl: z.string().url(),
-  signerPrivateKey: z.string().min(1),
   webhookUrl: z.string().url(),
 });
 
@@ -35,7 +34,7 @@ export async function POST(req: NextRequest) {
   }
 
   const redis = createRedis();
-  const { fid, frameAppUrl, signerPrivateKey, webhookUrl } = body.data;
+  const { fid, frameAppUrl, webhookUrl } = body.data;
   const storage = new RedisNotificationsStorage(redis, req.nextUrl.href);
 
   // Create new namespace
@@ -44,7 +43,6 @@ export async function POST(req: NextRequest) {
   const namespace = await storage.registerNamespace(namespaceId, {
     fid,
     frameAppUrl,
-    signerPrivateKey,
     webhookUrl,
   });
 
diff --git a/packages/debugger/app/notifications/storage.ts b/packages/debugger/app/notifications/storage.ts
index 1800e20b5..58ef22d52 100644
--- a/packages/debugger/app/notifications/storage.ts
+++ b/packages/debugger/app/notifications/storage.ts
@@ -8,7 +8,6 @@ type NotificationsNamespace = {
   id: string;
   fid: number;
   frameAppUrl: string;
-  signerPrivateKey: string;
   namespaceUrl: string;
   webhookUrl: string;
   frame:
@@ -32,7 +31,6 @@ export class RedisNotificationsStorage {
     params: {
       fid: number;
       frameAppUrl: string;
-      signerPrivateKey: string;
       webhookUrl: string;
     }
   ) {
@@ -40,7 +38,6 @@ export class RedisNotificationsStorage {
       id,
       fid: params.fid,
       frameAppUrl: params.frameAppUrl,
-      signerPrivateKey: params.signerPrivateKey,
       namespaceUrl: new URL(`/notifications/${id}`, this.serverUrl).toString(),
       webhookUrl: params.webhookUrl,
       frame: {
diff --git a/packages/debugger/app/providers/FrameAppNotificationsManagerProvider.tsx b/packages/debugger/app/providers/FrameAppNotificationsManagerProvider.tsx
index a0f61cca6..5a58d1184 100644
--- a/packages/debugger/app/providers/FrameAppNotificationsManagerProvider.tsx
+++ b/packages/debugger/app/providers/FrameAppNotificationsManagerProvider.tsx
@@ -127,7 +127,6 @@ export function useFrameAppNotificationsManager({
           body: JSON.stringify({
             fid: signer.fid,
             frameAppUrl: frameUrl,
-            signerPrivateKey: signer.privateKey,
             webhookUrl,
           } satisfies POSTNotificationsRequestBody),
         });
@@ -162,6 +161,7 @@ export function useFrameAppNotificationsManager({
           async addFrame() {
             const result = await sendEvent.mutateAsync({
               action: "add_frame",
+              privateKey: signer.privateKey,
             });
 
             if (result.type !== "frame_added") {
@@ -178,6 +178,7 @@ export function useFrameAppNotificationsManager({
           async removeFrame() {
             await sendEvent.mutateAsync({
               action: "remove_frame",
+              privateKey: signer.privateKey,
             });
 
             // refetch notification settings
@@ -188,6 +189,7 @@ export function useFrameAppNotificationsManager({
           async enableNotifications() {
             const result = await sendEvent.mutateAsync({
               action: "enable_notifications",
+              privateKey: signer.privateKey,
             });
 
             // refetch notification settings
@@ -204,6 +206,7 @@ export function useFrameAppNotificationsManager({
           async disableNotifications() {
             await sendEvent.mutateAsync({
               action: "disable_notifications",
+              privateKey: signer.privateKey,
             });
 
             // refetch notification settings