remove admin methods

indigofeather · indigofeather · commit 3167ed1d9344 · 2025-09-03T13:04:50.000+08:00
diff --git a/src/index.tsx b/src/index.tsx
@@ -23,13 +23,11 @@ import {
   validate,
 } from './types';
 import {
-  assertAdminOrigin,
   buildTransactionBlock,
   calcTotalGasFeesDec,
   getFullnodeUrlForChain,
   getStoredState,
   updateState,
-  validateFullnodeUrl,
 } from './util';
 import { signPersonalMessage, signTxBlock, getAccountInfo, signAndExecuteTransaction } from './keypair-ops';
 import { genBalanceChangesSection, genOperationsSection } from './iota-utils';
@@ -212,55 +210,6 @@ export const onRpcRequest: OnRpcRequestHandler = async ({ origin, request }) =>
       return ret;
     }
 
-    case 'admin_getStoredState': {
-      assertAdminOrigin(origin);
-      const ret = await getStoredState();
-      return ret;
-    }
-
-    case 'admin_setFullnodeUrl': {
-      assertAdminOrigin(origin);
-      const [validationError, params] = validate(request.params, SerializedAdminSetFullnodeUrl);
-      if (validationError !== undefined) {
-        throw InvalidParamsError.asSimpleError(validationError.message);
-      }
-      try {
-        validateFullnodeUrl(params.url);
-      } catch (error) {
-        throw InvalidParamsError.asSimpleError(`Invalid fullnode URL: ${(error as Error).message}`);
-      }
-      const response = await snap.request({
-        method: 'snap_dialog',
-        params: {
-          type: 'confirmation',
-          content: (
-            <Box>
-              <Heading>⚠️ Change Network Node URL</Heading>
-              <Text>**{origin}** is requesting to change the **{params.network}** network node URL.</Text>
-              <Divider />
-              <Text>**New URL:** {params.url}</Text>
-              <Divider />
-              <Text>⚠️ **Warning**: Changing the node URL can affect your wallet's view of the blockchain. Only approve if you trust this source and the new URL.</Text>
-              <Text>Malicious nodes could show incorrect balances or transaction data.</Text>
-            </Box>
-          ),
-        },
-      });
-      if (response !== true) {
-        throw UserRejectionError.asSimpleError();
-      }
-      const state = await getStoredState();
-      switch (params.network) {
-        case 'mainnet': state.mainnetUrl = params.url; break;
-        case 'testnet': state.testnetUrl = params.url; break;
-        case 'devnet': state.devnetUrl = params.url; break;
-        case 'localnet': state.localnetUrl = params.url; break;
-        default: break;
-      }
-      await updateState(state);
-      return { success: true };
-    }
-
     default:
       throw InvalidRequestMethodError.asSimpleError(request.method);
   }
diff --git a/src/util.ts b/src/util.ts
@@ -40,44 +40,6 @@ const DEFAULT_TESTNET_URL = getFullnodeUrl('testnet');
 const DEFAULT_DEVNET_URL = getFullnodeUrl('devnet');
 const DEFAULT_LOCALNET_URL = getFullnodeUrl('localnet');
 
-export function assertAdminOrigin(origin: string): void {
-  if (origin !== 'http://localhost:8000') {
-    throw new Error('Unauthorized: Admin-only method');
-  }
-}
-
-export function validateFullnodeUrl(url: string): void {
-  try {
-    const parsedUrl = new URL(url);
-    if (!['https:', 'http:'].includes(parsedUrl.protocol)) {
-      throw new Error('Invalid protocol: Only HTTP and HTTPS are allowed');
-    }
-    const hostname = parsedUrl.hostname.toLowerCase();
-    if (hostname.length === 0) throw new Error('Invalid hostname');
-    if (hostname === 'localhost') return;
-    const isPrivateIP =
-      hostname === '127.0.0.1' ||
-      hostname.startsWith('192.168.') ||
-      hostname.startsWith('10.') ||
-      isPrivate172Range(hostname);
-    if (isPrivateIP) throw new Error('Private IP addresses are not allowed for fullnode URLs');
-  } catch (error) {
-    if (error instanceof TypeError) {
-      throw new Error('Invalid URL format');
-    }
-    throw error;
-  }
-}
-
-function isPrivate172Range(hostname: string): boolean {
-  const parts = hostname.split('.');
-  if (parts.length !== 4 || parts[0] !== '172') return false
-  const secondOctet = parts[1];
-  if (!secondOctet) return false;
-  const octetNum = parseInt(secondOctet, 10);
-  return !isNaN(octetNum) && octetNum >= 16 && octetNum <= 31;
-}
-
 export async function getFullnodeUrlForChain(chain: string): Promise<string> {
   const state = await getStoredState();
   switch (chain) {
