✨ (signer-eth) [DSDK-1017]: Add blind signing detection and reporting to sign device actions (#1398)

Author: aussedatlo

.changeset/calm-ducks-love.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/signer-utils": minor
+---
+
+Add generateSignatureId utility for blind signing reports

.changeset/dirty-weeks-fly.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/context-module": minor
+---
+
+Add source configuration to ContextModuleBuilder for blind signing reports

.changeset/tidy-onions-flow.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/device-signer-kit-ethereum": minor
+---
+
+Add blind signing detection and reporting to sign transaction and sign typed data device actions

apps/sample/src/providers/SignerEthProvider/index.tsx

@@ -62,6 +62,7 @@ export const SignerEthProvider: React.FC<PropsWithChildren> = ({
       .setWeb3ChecksConfig(web3ChecksConfig)
       .setMetadataServiceConfig(metadataServiceConfig)
       .setDatasourceConfig(datasourceConfig)
+      .setAppSource("device-management-kit-playground")
       .build();
     const newSigner = new SignerEthBuilder({
       dmk,

packages/signer/context-module/README.md

@@ -74,6 +74,16 @@ const contextModule = new ContextModuleBuilder({
   .build();
 ```
 
+You can set a source identifier that will be included in blind signing reports. This helps distinguish which integration triggered a blind signing event. The default value is `"third-party"`.
+
+```ts
+const contextModule = new ContextModuleBuilder({
+  originToken: "origin-token", // replace with your origin token
+})
+  .setAppSource("my-app-name")
+  .build();
+```
+
 It is also possible to instantiate the context module without the default loaders.
 
 ```ts

packages/signer/context-module/src/ContextModuleBuilder.ts

@@ -25,7 +25,7 @@ import { DefaultContextModule } from "./DefaultContextModule";
 const DEFAULT_CAL_URL = "https://crypto-assets-service.api.ledger.com/v1";
 const DEFAULT_WEB3_CHECKS_URL = "https://web3checks-backend.api.ledger.com/v3";
 const DEFAULT_METADATA_SERVICE_DOMAIN = "https://nft.api.live.ledger.com";
-const DEFAULT_REPORTER_URL = "https://blind-signing-reporting.api.ledger.com";
+const DEFAULT_REPORTER_URL = "https://ingest.aws.stg.ldg-tech.com/ingest/v1";
 
 /**
  * Default configuration for the context module
@@ -49,6 +49,7 @@ export const DEFAULT_CONFIG: Readonly<ContextModuleConfig> = Object.freeze({
     url: DEFAULT_REPORTER_URL,
   }),
   datasource: Object.freeze({ proxy: "default" }),
+  appSource: "third-party",
 });
 
 /**
@@ -181,6 +182,17 @@ export class ContextModuleBuilder {
     return this;
   }
 
+  /**
+   * Set the app source identifier included in blind signing reports
+   *
+   * @param appSource
+   * @returns this
+   */
+  setAppSource(appSource: string) {
+    this.config.appSource = appSource;
+    return this;
+  }
+
   /**
    * Set a custom blind signing reporter
    *

packages/signer/context-module/src/DefaultContextModule.test.ts

@@ -62,6 +62,7 @@ describe("DefaultContextModule", () => {
     datasource: {
       proxy: "default",
     },
+    appSource: "third-party",
     originToken: "originToken",
     loggerFactory: mockLoggerFactory,
   };

packages/signer/context-module/src/config/model/ContextModuleConfig.ts

@@ -38,6 +38,7 @@ export type ContextModuleConfig = {
   metadataServiceDomain: ContextModuleMetadataServiceConfig;
   reporter: ContextModuleReporterConfig;
   datasource: ContextModuleDatasourceConfig;
+  appSource: string;
 };
 
 export type ContextModuleServiceConfig = ContextModuleConfig & {

packages/signer/context-module/src/reporter/data/BlindSigningReporterDatasource.ts

@@ -1,8 +1,29 @@
 import { type Either } from "purify-ts";
 
-import { type BlindSigningEventDto } from "./dto/BlindSigningEventDto";
+import {
+  type BlindSigningMethod,
+  type BlindSignReason,
+  type ClearSigningType,
+} from "@/reporter/model/BlindSigningEvent";
+import { type BlindSigningModelId } from "@/reporter/model/BlindSigningModelId";
 
-export type BlindSigningReportParams = BlindSigningEventDto;
+export type BlindSigningReportEthContext = {
+  clearSigningType: ClearSigningType;
+  partialContextErrors: number;
+};
+
+export type BlindSigningReportParams = {
+  signatureId: string;
+  signingMethod: BlindSigningMethod;
+  isBlindSign: boolean;
+  chainId: number | null;
+  targetAddress: string | null;
+  blindSignReason: BlindSignReason | null;
+  modelId: BlindSigningModelId;
+  signerAppVersion: string;
+  deviceVersion: string | null;
+  ethContext: BlindSigningReportEthContext | null;
+};
 
 export interface BlindSigningReporterDatasource {
   report(params: BlindSigningReportParams): Promise<Either<Error, void>>;

packages/signer/context-module/src/reporter/data/HttpBlindSigningReporterDatasource.test.ts

@@ -24,12 +24,12 @@ describe("HttpBlindSigningReporterDatasource", () => {
       url: "https://reporter.test",
     },
     originToken: "originToken",
+    appSource: "third-party",
   } as ContextModuleServiceConfig;
 
   const params: BlindSigningReportParams = {
     signatureId: "a3f8Kb-1738850400000",
     signingMethod: BlindSigningMethod.ETH_SIGN_TRANSACTION,
-    source: "ledger_wallet",
     isBlindSign: true,
     chainId: 1,
     targetAddress: "0xdAC17F958D2ee523a2206206994597C13D831ec7",
@@ -92,7 +92,7 @@ describe("HttpBlindSigningReporterDatasource", () => {
       expect(axios.request).toHaveBeenCalledWith(
         expect.objectContaining({
           method: "POST",
-          url: `${config.reporter!.url}/v1/blind-signing-events`,
+          url: `${config.reporter!.url}/blind-signing-events`,
         }),
       );
     });
@@ -116,7 +116,7 @@ describe("HttpBlindSigningReporterDatasource", () => {
       );
     });
 
-    it("should call axios with the event payload as data", async () => {
+    it("should call axios with the event payload and injected source as data", async () => {
       // GIVEN
       vi.spyOn(axios, "request").mockResolvedValueOnce({ data: {} });
 
@@ -127,7 +127,7 @@ describe("HttpBlindSigningReporterDatasource", () => {
       // THEN
       expect(axios.request).toHaveBeenCalledWith(
         expect.objectContaining({
-          data: params,
+          data: { ...params, source: config.appSource },
         }),
       );
     });