fix: Cleanup endowment handling of maxRequestTime

packages/snaps-rpc-methods/jest.config.js

@@ -10,10 +10,10 @@ module.exports = deepmerge(baseConfig, {
   ],
   coverageThreshold: {
     global: {
-      branches: 95.71,
-      functions: 98.78,
-      lines: 99,
-      statements: 98.71,
+      branches: 96.54,
+      functions: 99.2,
+      lines: 99.06,
+      statements: 98.77,
     },
   },
 });

packages/snaps-rpc-methods/src/endowments/assets.test.ts

@@ -12,7 +12,10 @@ describe('endowment:assets', () => {
         permissionType: PermissionType.Endowment,
         targetName: SnapEndowments.Assets,
         endowmentGetter: expect.any(Function),
-        allowedCaveats: [SnapCaveatType.ChainIds],
+        allowedCaveats: [
+          SnapCaveatType.ChainIds,
+          SnapCaveatType.MaxRequestTime,
+        ],
         subjectTypes: [SubjectType.Snap],
         validator: expect.any(Function),
       });

packages/snaps-rpc-methods/src/endowments/assets.ts

@@ -35,7 +35,7 @@ const specificationBuilder: PermissionSpecificationBuilder<
   return {
     permissionType: PermissionType.Endowment,
     targetName: permissionName,
-    allowedCaveats: [SnapCaveatType.ChainIds],
+    allowedCaveats: [SnapCaveatType.ChainIds, SnapCaveatType.MaxRequestTime],
     endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,
     subjectTypes: [SubjectType.Snap],
     validator: createGenericPermissionValidator([

packages/snaps-rpc-methods/src/endowments/cronjob.test.ts

@@ -23,7 +23,10 @@ describe('endowment:cronjob', () => {
         permissionType: PermissionType.Endowment,
         targetName: SnapEndowments.Cronjob,
         endowmentGetter: expect.any(Function),
-        allowedCaveats: [SnapCaveatType.SnapCronjob],
+        allowedCaveats: [
+          SnapCaveatType.SnapCronjob,
+          SnapCaveatType.MaxRequestTime,
+        ],
         subjectTypes: [SubjectType.Snap],
         validator: expect.any(Function),
       });
@@ -125,7 +128,7 @@ describe('getCronjobCaveatJobs', () => {
     expect(getCronjobCaveatJobs(permission)).toBeNull();
   });
 
-  it('throws if there is more than one caveat', () => {
+  it('returns the jobs when multiple caveats exist', () => {
     const permission: PermissionConstraint = {
       date: 0,
       parentCapability: 'foo',
@@ -147,26 +150,24 @@ describe('getCronjobCaveatJobs', () => {
           },
         },
         {
-          type: SnapCaveatType.SnapCronjob,
-          value: {
-            jobs: [
-              {
-                expression: '* * * * *',
-                request: {
-                  method: 'exampleMethodOne',
-                  params: ['p1'],
-                },
-              },
-            ],
-          },
+          type: SnapCaveatType.MaxRequestTime,
+          value: 1000,
         },
       ],
     };
 
-    expect(() => getCronjobCaveatJobs(permission)).toThrow('Assertion failed.');
+    expect(getCronjobCaveatJobs(permission)).toStrictEqual([
+      {
+        expression: '* * * * *',
+        request: {
+          method: 'exampleMethodOne',
+          params: ['p1'],
+        },
+      },
+    ]);
   });
 
-  it('throws if the caveat type is wrong', () => {
+  it('returns null if there is no "snapCronjob" caveat', () => {
     const permission: PermissionConstraint = {
       date: 0,
       parentCapability: 'foo',
@@ -175,22 +176,12 @@ describe('getCronjobCaveatJobs', () => {
       caveats: [
         {
           type: SnapCaveatType.ChainIds,
-          value: {
-            jobs: [
-              {
-                expression: '* * * * *',
-                request: {
-                  method: 'exampleMethodOne',
-                  params: ['p1'],
-                },
-              },
-            ],
-          },
+          value: ['eip155:1'],
         },
       ],
     };
 
-    expect(() => getCronjobCaveatJobs(permission)).toThrow('Assertion failed.');
+    expect(getCronjobCaveatJobs(permission)).toBeNull();
   });
 });
 

packages/snaps-rpc-methods/src/endowments/cronjob.ts

@@ -14,7 +14,7 @@ import {
   isCronjobSpecificationArray,
 } from '@metamask/snaps-utils';
 import type { Json, NonEmptyArray } from '@metamask/utils';
-import { assert, hasProperty, isObject, isPlainObject } from '@metamask/utils';
+import { hasProperty, isObject, isPlainObject } from '@metamask/utils';
 
 import { createGenericPermissionValidator } from './caveats';
 import { SnapEndowments } from './enum';
@@ -42,7 +42,7 @@ const specificationBuilder: PermissionSpecificationBuilder<
   return {
     permissionType: PermissionType.Endowment,
     targetName: permissionName,
-    allowedCaveats: [SnapCaveatType.SnapCronjob],
+    allowedCaveats: [SnapCaveatType.SnapCronjob, SnapCaveatType.MaxRequestTime],
     endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,
     subjectTypes: [SubjectType.Snap],
     validator: createGenericPermissionValidator([
@@ -96,16 +96,11 @@ export function getCronjobCaveatMapper(
 export function getCronjobCaveatJobs(
   permission?: PermissionConstraint,
 ): CronjobSpecification[] | null {
-  if (!permission?.caveats) {
-    return null;
-  }
-
-  assert(permission.caveats.length === 1);
-  assert(permission.caveats[0].type === SnapCaveatType.SnapCronjob);
-
-  const caveat = permission.caveats[0] as Caveat<string, { jobs: Json[] }>;
+  const caveat = permission?.caveats?.find(
+    (permCaveat) => permCaveat.type === SnapCaveatType.SnapCronjob,
+  ) as Caveat<string, { jobs: Json[] }> | undefined;
 
-  return (caveat.value?.jobs as CronjobSpecification[]) ?? null;
+  return (caveat?.value?.jobs as CronjobSpecification[]) ?? null;
 }
 
 /**

packages/snaps-rpc-methods/src/endowments/home-page.test.ts

@@ -1,4 +1,5 @@
 import { PermissionType, SubjectType } from '@metamask/permission-controller';
+import { SnapCaveatType } from '@metamask/snaps-utils';
 
 import { SnapEndowments } from './enum';
 import { homePageEndowmentBuilder } from './home-page';
@@ -10,8 +11,9 @@ describe('endowment:page-home', () => {
       permissionType: PermissionType.Endowment,
       targetName: SnapEndowments.HomePage,
       endowmentGetter: expect.any(Function),
-      allowedCaveats: null,
+      allowedCaveats: [SnapCaveatType.MaxRequestTime],
       subjectTypes: [SubjectType.Snap],
+      validator: expect.any(Function),
     });
 
     expect(specification.endowmentGetter()).toBeNull();

packages/snaps-rpc-methods/src/endowments/home-page.ts

@@ -2,10 +2,13 @@ import type {
   PermissionSpecificationBuilder,
   EndowmentGetterParams,
   ValidPermissionSpecification,
+  PermissionValidatorConstraint,
 } from '@metamask/permission-controller';
 import { PermissionType, SubjectType } from '@metamask/permission-controller';
+import { SnapCaveatType } from '@metamask/snaps-utils';
 import type { NonEmptyArray } from '@metamask/utils';
 
+import { createGenericPermissionValidator } from './caveats';
 import { SnapEndowments } from './enum';
 
 const permissionName = SnapEndowments.HomePage;
@@ -15,6 +18,7 @@ type HomePageEndowmentSpecification = ValidPermissionSpecification<{
   targetName: typeof permissionName;
   endowmentGetter: (_options?: EndowmentGetterParams) => null;
   allowedCaveats: Readonly<NonEmptyArray<string>> | null;
+  validator: PermissionValidatorConstraint;
 }>;
 
 /**
@@ -33,9 +37,12 @@ const specificationBuilder: PermissionSpecificationBuilder<
   return {
     permissionType: PermissionType.Endowment,
     targetName: permissionName,
-    allowedCaveats: null,
+    allowedCaveats: [SnapCaveatType.MaxRequestTime],
     endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,
     subjectTypes: [SubjectType.Snap],
+    validator: createGenericPermissionValidator([
+      { type: SnapCaveatType.MaxRequestTime, optional: true },
+    ]),
   };
 };
 

packages/snaps-rpc-methods/src/endowments/keyring.test.ts

@@ -90,21 +90,29 @@ describe('getKeyringCaveatOrigins', () => {
     ).toStrictEqual({ allowedOrigins: ['foo.com'] });
   });
 
-  it('throws if the caveat is not a single "rpcOrigin"', () => {
-    expect(() =>
+  it('returns the origins when multiple caveats exist', () => {
+    expect(
       // @ts-expect-error Missing other required permission types.
       getKeyringCaveatOrigins({
-        caveats: [{ type: 'foo', value: 'bar' }],
+        caveats: [
+          {
+            type: SnapCaveatType.KeyringOrigin,
+            value: { allowedOrigins: ['foo.com'] },
+          },
+          {
+            type: SnapCaveatType.MaxRequestTime,
+            value: 1000,
+          },
+        ],
       }),
-    ).toThrow('Assertion failed.');
+    ).toStrictEqual({ allowedOrigins: ['foo.com'] });
+  });
 
+  it('throws if there is no "keyringOrigin" caveat', () => {
     expect(() =>
       // @ts-expect-error Missing other required permission types.
       getKeyringCaveatOrigins({
-        caveats: [
-          { type: 'keyringOrigin', value: { allowedOrigins: ['foo.com'] } },
-          { type: 'keyringOrigin', value: { allowedOrigins: ['foo.com'] } },
-        ],
+        caveats: [{ type: 'foo', value: 'bar' }],
       }),
     ).toThrow('Assertion failed.');
   });

packages/snaps-rpc-methods/src/endowments/keyring.ts

@@ -111,12 +111,12 @@ export function getKeyringCaveatMapper(
  */
 export function getKeyringCaveatOrigins(
   permission?: PermissionConstraint,
-): KeyringOrigins | null {
-  assert(permission?.caveats);
-  assert(permission.caveats.length === 1);
-  assert(permission.caveats[0].type === SnapCaveatType.KeyringOrigin);
+): KeyringOrigins {
+  const caveat = permission?.caveats?.find(
+    (permCaveat) => permCaveat.type === SnapCaveatType.KeyringOrigin,
+  ) as Caveat<string, KeyringOrigins> | undefined;
 
-  const caveat = permission.caveats[0] as Caveat<string, KeyringOrigins>;
+  assert(caveat);
   return caveat.value;
 }
 

packages/snaps-rpc-methods/src/endowments/lifecycle-hooks.test.ts

@@ -0,0 +1,23 @@
+import { PermissionType, SubjectType } from '@metamask/permission-controller';
+import { SnapCaveatType } from '@metamask/snaps-utils';
+
+import { SnapEndowments } from './enum';
+import { lifecycleHooksEndowmentBuilder } from './lifecycle-hooks';
+
+describe('endowment:lifecycle-hooks', () => {
+  it('builds the expected permission specification', () => {
+    const specification = lifecycleHooksEndowmentBuilder.specificationBuilder(
+      {},
+    );
+    expect(specification).toStrictEqual({
+      permissionType: PermissionType.Endowment,
+      targetName: SnapEndowments.LifecycleHooks,
+      endowmentGetter: expect.any(Function),
+      allowedCaveats: [SnapCaveatType.MaxRequestTime],
+      subjectTypes: [SubjectType.Snap],
+      validator: expect.any(Function),
+    });
+
+    expect(specification.endowmentGetter()).toBeNull();
+  });
+});

packages/snaps-rpc-methods/src/endowments/lifecycle-hooks.ts

@@ -2,10 +2,13 @@ import type {
   PermissionSpecificationBuilder,
   EndowmentGetterParams,
   ValidPermissionSpecification,
+  PermissionValidatorConstraint,
 } from '@metamask/permission-controller';
 import { PermissionType, SubjectType } from '@metamask/permission-controller';
+import { SnapCaveatType } from '@metamask/snaps-utils';
 import type { NonEmptyArray } from '@metamask/utils';
 
+import { createGenericPermissionValidator } from './caveats';
 import { SnapEndowments } from './enum';
 
 const permissionName = SnapEndowments.LifecycleHooks;
@@ -15,6 +18,7 @@ type LifecycleHooksEndowmentSpecification = ValidPermissionSpecification<{
   targetName: typeof permissionName;
   endowmentGetter: (_options?: EndowmentGetterParams) => null;
   allowedCaveats: Readonly<NonEmptyArray<string>> | null;
+  validator: PermissionValidatorConstraint;
 }>;
 
 /**
@@ -33,9 +37,12 @@ const specificationBuilder: PermissionSpecificationBuilder<
   return {
     permissionType: PermissionType.Endowment,
     targetName: permissionName,
-    allowedCaveats: null,
+    allowedCaveats: [SnapCaveatType.MaxRequestTime],
     endowmentGetter: (_getterOptions?: EndowmentGetterParams) => null,
     subjectTypes: [SubjectType.Snap],
+    validator: createGenericPermissionValidator([
+      { type: SnapCaveatType.MaxRequestTime, optional: true },
+    ]),
   };
 };
 

packages/snaps-rpc-methods/src/endowments/rpc.test.ts

@@ -85,21 +85,29 @@ describe('getRpcCaveatOrigins', () => {
     ).toStrictEqual({ snaps: true, dapps: false });
   });
 
-  it('throws if the caveat is not a single "rpcOrigin"', () => {
-    expect(() =>
+  it('returns the origins when multiple caveats exist', () => {
+    expect(
       // @ts-expect-error Missing other required permission types.
       getRpcCaveatOrigins({
-        caveats: [{ type: 'foo', value: 'bar' }],
+        caveats: [
+          {
+            type: SnapCaveatType.RpcOrigin,
+            value: { snaps: true, dapps: false },
+          },
+          {
+            type: SnapCaveatType.MaxRequestTime,
+            value: 1000,
+          },
+        ],
       }),
-    ).toThrow('Assertion failed.');
+    ).toStrictEqual({ snaps: true, dapps: false });
+  });
 
+  it('throws if there is no "rpcOrigin" caveat', () => {
     expect(() =>
       // @ts-expect-error Missing other required permission types.
       getRpcCaveatOrigins({
-        caveats: [
-          { type: 'rpcOrigin', value: { snaps: true, dapps: false } },
-          { type: 'rpcOrigin', value: { snaps: true, dapps: false } },
-        ],
+        caveats: [{ type: 'foo', value: 'bar' }],
       }),
     ).toThrow('Assertion failed.');
   });

packages/snaps-rpc-methods/src/endowments/rpc.ts

@@ -112,14 +112,12 @@ export function getRpcCaveatMapper(
  */
 export function getRpcCaveatOrigins(
   permission?: PermissionConstraint,
-): RpcOrigins | null {
-  const caveats = permission?.caveats?.filter(
-    (caveat) => caveat.type === SnapCaveatType.RpcOrigin,
-  );
-  assert(caveats);
-  assert(caveats.length === 1);
+): RpcOrigins {
+  const caveat = permission?.caveats?.find(
+    (permCaveat) => permCaveat.type === SnapCaveatType.RpcOrigin,
+  ) as Caveat<string, RpcOrigins> | undefined;
 
-  const caveat = caveats[0] as Caveat<string, RpcOrigins>;
+  assert(caveat);
   return caveat.value;
 }