Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Design] Automatically lock wallet due to inactivity #245

Closed
1 task
alexruzenhack opened this issue Oct 25, 2022 · 1 comment
Closed
1 task

[Design] Automatically lock wallet due to inactivity #245

alexruzenhack opened this issue Oct 25, 2022 · 1 comment
Assignees
@alexruzenhack
Labels
design Issue that describes a project in details

Comments

@alexruzenhack
Copy link
Contributor

alexruzenhack commented Oct 25, 2022
edited
Loading

Motivation

Add an extra level of security for the user by protecting the wallet in case of inactivity, avoiding a malicious agent to operate the wallet in the absence of its owner.

Introduction

What inactivity means for our purpose? A person can be using the computer but not using the wallet; a person can be out of the computer and left the wallet open; a person can have the wallet open as the primary window, but just looking the screen without interact with the wallet.

"Activity" presumes the action of interacting with the wallet, if the interaction ceasses then the wallet is not being used and it can be market as inactive. However, how many time we need to mark the wallet as inactive?

The time span of no interaction that characterize an inactivity in the wallet has inverse relation with the protection of the wallet. We can say the smaller the time span, more protected the wallet will be. On the other hand, the time span also has a direct relation with conveniency. The smaller the time span, the smaller is the convenience for the user.

The time span to lock the wallet should provide a new layer of protection for the user at their discretion of desired conveniency.

Proposed solution

Taking activity by interaction, we should monitor each interaction with the wallet: click, touch, roll, type, tab navigation; stablish an elapse time for the last interaction and verify periodically if the elapsed time has reached the time span threshold for inactivity, then lock the wallet if reached.

Guide-level explanation

Global interaction event listener

We can set a an event listener for each targeted interaction in the application element level, which means any event bubbling up will be captured if not halted by stopPropagation. Every time an event is processed the interaction time is updated.

Last interaction state

We should create a state called lastInteractionAt to hold the timestamp of the last interaction with the wallet in Redux.

Inactivity threshold state

We should create a state called inactivityThreshold to hold the time in seconds that characterizes the inactivity in the wallet. This state can be populated with a default value of 300 seconds (5min).

Inactivity checker

We should implement a function to check periodically the inactivity of the wallet by calculating the elapsed time from lastInteractionAt and checking is the elapsed seconds are greater or equal inactivityThreshold. The check frequency can be of 5 minutes. This way constraining the inactivityThreshold to be multiple of 5.

Jitter protection

To avoid flood the event processing a jitter must be placed in the event listeners. Or maybe not, to avoid over engineering.

Reference-level Explanation

Global interaction state

We can add an event listener in the Root element by the component reference and using the hook useEffect to add the listener and program its removal once the component is unmounted.

  • add code

Last interaction state

We can initialize the state lastInteractionAt in the initial state of Redux with the value of timestamp in UTC as new Date().getTime().

const initialState = {
	// last user interaction with the wallet
	lastInteractionAt: new Date().getTime(),
	...
}

Inactivity threshold state

We can initialize the state inactivityThreshold with a default value that can be a configured constant as DEFAULT_INACTIVITY_THRESHOLD with value of 300 seconds.

const initialState = {
	// last user interaction with the wallet
	inactivityThreshold: DEFAULT_INACTIVITY_THRESHOLD,
	...
}

Inactivity checker

We can implement the checker with setInterval, this way the function can stop to be wallet when the wallet is locked.

Alternative solutions

If the meaning for “inactivity“ is other then “interaction” we could think it as “visible activity” and use window information to handle inactivity.

Active window

Native solution through visibility of window

As documented in “Page visibility”, visibility property is not consistent, therefore it will be tricky to implement any feature relying on it. I think it is better to avoid.

image

Read at: BrowserWindow | Electron (electronjs.org)](https://www.electronjs.org/docs/latest/api/browser-window#page-visibility)

External solution through **electron-active-window package

The project https://github.com/nullxx/electron-active-window has few stars, downloads, and the last maintenance was 15 months ago. Despite these facts, there is a testimony very interesting about compatibility with macOS and privacy settings.

We should consider this path only if we intend to give maintenance to the package.

image

Read at: Comparison with active-win lib · Issue #3 · nullxx/electron-active-window (github.com)
@pedroferreira1 pedroferreira1 added the design Issue that describes a project in details label Oct 25, 2022
@alexruzenhack
Copy link
Contributor Author

Design open in the wrong place, see HathorNetwork/hathor-wallet#353

@alexruzenhack alexruzenhack closed this as not planned Won't fix, can't repro, duplicate, stale Oct 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexruzenhack alexruzenhack

Labels
design Issue that describes a project in details
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pedroferreira1 @alexruzenhack