feat: support floating icon #267
Conversation
概述遍历这个拉取请求引入了一系列与浮动按钮和安全性相关的变更。主要变化包括在 变更
序列图sequenceDiagram
participant User
participant Browser
participant OneKeyApp
participant FloatingButton
participant SecurityCheck
User->>Browser: 访问网站
Browser->>OneKeyApp: 注入 Web3 Provider
OneKeyApp->>FloatingButton: 初始化浮动按钮
FloatingButton->>SecurityCheck: 执行安全检查
SecurityCheck-->>FloatingButton: 返回安全信息
FloatingButton->>User: 显示安全状态和按钮
这个序列图展示了浮动按钮的初始化和安全检查流程,从用户访问网站到显示安全信息的过程。 Tip CodeRabbit's docstrings feature is now available as part of our Early Access Program! Simply use the command 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 18
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
⛔ Files ignored due to path filters (1)
packages/providers/inpage-providers-hub/yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (9)
.gitignore(1 hunks)packages/injected/src/injectedExtension.ts(1 hunks)packages/providers/inpage-providers-hub/package.json(1 hunks)packages/providers/inpage-providers-hub/src/floatingButton/images.tsx(1 hunks)packages/providers/inpage-providers-hub/src/floatingButton/index.tsx(1 hunks)packages/providers/inpage-providers-hub/src/floatingButton/type.ts(1 hunks)packages/providers/inpage-providers-hub/src/injectWeb3Provider.ts(3 hunks)packages/providers/inpage-providers-hub/tsconfig.cjs.json(1 hunks)packages/providers/inpage-providers-hub/tsconfig.json(1 hunks)
🧰 Additional context used
🪛 Biome (1.9.4)
packages/providers/inpage-providers-hub/src/floatingButton/index.tsx
[error] 115-123: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
[error] 126-136: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
[error] 167-190: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
[error] 197-209: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
[error] 210-216: Alternative text title element cannot be empty
For accessibility purposes, SVGs should have an alternative text, provided via title element. If the svg element has role="img", you should add the aria-label or aria-labelledby attribute.
(lint/a11y/noSvgWithoutTitle)
[error] 286-292: Alternative text title element cannot be empty
For accessibility purposes, SVGs should have an alternative text, provided via title element. If the svg element has role="img", you should add the aria-label or aria-labelledby attribute.
(lint/a11y/noSvgWithoutTitle)
[error] 325-331: Alternative text title element cannot be empty
For accessibility purposes, SVGs should have an alternative text, provided via title element. If the svg element has role="img", you should add the aria-label or aria-labelledby attribute.
(lint/a11y/noSvgWithoutTitle)
[error] 366-372: Alternative text title element cannot be empty
For accessibility purposes, SVGs should have an alternative text, provided via title element. If the svg element has role="img", you should add the aria-label or aria-labelledby attribute.
(lint/a11y/noSvgWithoutTitle)
[error] 466-474: Provide a text alternative through the alt, aria-label or aria-labelledby attribute
Meaningful alternative text on elements helps users relying on screen readers to understand content's purpose within a page.
If the content is decorative, redundant, or obscured, consider hiding it from assistive technologies with the aria-hidden attribute.
(lint/a11y/useAltText)
[error] 476-486: Alternative text title element cannot be empty
For accessibility purposes, SVGs should have an alternative text, provided via title element. If the svg element has role="img", you should add the aria-label or aria-labelledby attribute.
(lint/a11y/noSvgWithoutTitle)
[error] 505-517: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
[error] 518-524: Alternative text title element cannot be empty
For accessibility purposes, SVGs should have an alternative text, provided via title element. If the svg element has role="img", you should add the aria-label or aria-labelledby attribute.
(lint/a11y/noSvgWithoutTitle)
[error] 550-557: Provide a text alternative through the alt, aria-label or aria-labelledby attribute
Meaningful alternative text on elements helps users relying on screen readers to understand content's purpose within a page.
If the content is decorative, redundant, or obscured, consider hiding it from assistive technologies with the aria-hidden attribute.
(lint/a11y/useAltText)
[error] 551-557: Missing key property for this element in iterable.
The order of the items may change, and having a key can help React identify which item was moved.
Check the React documentation.
(lint/correctness/useJsxKeyInIterable)
🔇 Additional comments (6)
.gitignore (1)
14-15: 添加 .vscode 和 .history 忽略项。
此举能防止编辑器配置和历史文件被提交。没问题。
packages/providers/inpage-providers-hub/tsconfig.json (1)
6-7: 配置 JSX 支持 Preact。
对 Preact 开发很常见,这样就能启用 react-jsx 的新写法。
packages/providers/inpage-providers-hub/tsconfig.cjs.json (1)
6-7: 保持与主 tsconfig 配置一致。
同样添加 “jsx”: “react-jsx” 和 “jsxImportSource”: “preact” 没问题。
packages/injected/src/injectedExtension.ts (1)
16-16: 验证浮动按钮功能的集成
新增的浮动按钮功能需要确保:
- 在不同浏览器环境下的兼容性
- 按钮的显示/隐藏逻辑
- 用户交互体验
packages/providers/inpage-providers-hub/src/injectWeb3Provider.ts (2)
74-74: 函数参数更新合理
函数签名的更新符合开闭原则,默认值设置合理。
33-33: 导入浮动按钮模块
确保 floatingButton.ts 文件已正确实现并测试。
✅ Verification successful
浮动按钮模块已正确实现
floatingButton.ts 文件已完整实现,包含以下功能:
- 安全风险检测
- 国际化支持
- 用户界面交互
- 错误处理机制
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check if floatingButton.ts exists and exports required function
fd -e ts -x grep -l "export.*injectFloatingButton" {}
Length of output: 57
Script:
#!/bin/bash
# Let's try a different approach to find the floating button implementation
# First, let's find the exact file
fd "floatingButton.ts"
# Then let's examine its content if found
fd "floatingButton.ts" -x cat {}
# Also search for any references to injectFloatingButton
rg "injectFloatingButton" -A 2
Length of output: 1053
Script:
#!/bin/bash
# Let's examine the implementation of injectFloatingButton
cat packages/providers/inpage-providers-hub/src/floatingButton/index.tsx
# Also check if there are any tests
fd -e test -e spec -x grep -l "injectFloatingButton" {}
Length of output: 24804
| <div | ||
| style={{ | ||
| color: 'rgba(0, 0, 0, 1)', | ||
| fontSize: '12px', | ||
| fontWeight: '400', | ||
| cursor: 'pointer', | ||
| }} | ||
| onClick={handleHideOnSite} | ||
| > |
There was a problem hiding this comment.
🛠️ Refactor suggestion
请为点击事件添加键盘事件监听。
鼠标点击也需要提供 onKeyPress / onKeyUp / onKeyDown 等键盘支持。这样无鼠标用户能操作此控件。
🧰 Tools
🪛 Biome (1.9.4)
[error] 115-123: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
| <div | ||
| style={{ | ||
| marginTop: '4px', | ||
| marginBottom: '8px', | ||
| color: 'rgba(0, 0, 0, 1)', | ||
| fontSize: '12px', | ||
| fontWeight: '400', | ||
| cursor: 'pointer', | ||
| }} | ||
| onClick={handleDisable} | ||
| > |
There was a problem hiding this comment.
🛠️ Refactor suggestion
请为点击事件添加键盘事件监听。
同理,需要兼顾键盘可访问性。建议添加键盘监听支持。
🧰 Tools
🪛 Biome (1.9.4)
[error] 126-136: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
| <div | ||
| style={{ | ||
| display: 'flex', | ||
| alignItems: 'center', | ||
| width: '184px', | ||
| position: 'relative', | ||
| cursor: 'pointer', | ||
| padding: '8px', | ||
| }} | ||
| onMouseEnter={() => { | ||
| if (isExpanded || isShowCloseDialog) { | ||
| return; | ||
| } | ||
| setIsShowCloseButton(true); | ||
| }} | ||
| onMouseLeave={() => setIsShowCloseButton(false)} | ||
| onClick={() => { | ||
| if (isShowCloseDialog) { | ||
| return; | ||
| } | ||
| setIsShowCloseButton(false); | ||
| onClick(); | ||
| }} | ||
| > |
There was a problem hiding this comment.
🛠️ Refactor suggestion
为 onClick 回调加入键盘事件。
保证可凭键盘访问,避免对无鼠标用户不友好。
🧰 Tools
🪛 Biome (1.9.4)
[error] 167-190: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
| <div | ||
| style={{ | ||
| position: 'absolute', | ||
| left: '0px', | ||
| bottom: '-10px', | ||
| opacity: showCloseButton ? 1 : 0, | ||
| }} | ||
| onClick={(event) => { | ||
| event.stopPropagation(); | ||
| setIsShowCloseButton(false); | ||
| showCloseDialog(); | ||
| }} | ||
| > |
There was a problem hiding this comment.
🛠️ Refactor suggestion
请增添键盘交互。
在此 div 的 onClick 同时支持键盘事件,可增强可访问性。
🧰 Tools
🪛 Biome (1.9.4)
[error] 197-209: Enforce to have the onClick mouse event with the onKeyUp, the onKeyDown, or the onKeyPress keyboard event.
Actions triggered using mouse events should have corresponding keyboard events to account for keyboard-only navigation.
(lint/a11y/useKeyWithClickEvents)
| <svg | ||
| width="15" | ||
| height="15" | ||
| viewBox="0 0 15 15" | ||
| fill="none" | ||
| xmlns="http://www.w3.org/2000/svg" | ||
| > |
There was a problem hiding this comment.
🧹 Nitpick (assertive)
svg 缺少替代文本。
请为 SVG 提供 <title> 或 aria-label,方便读屏器识别。
🧰 Tools
🪛 Biome (1.9.4)
[error] 210-216: Alternative text title element cannot be empty
For accessibility purposes, SVGs should have an alternative text, provided via title element. If the svg element has role="img", you should add the aria-label or aria-labelledby attribute.
(lint/a11y/noSvgWithoutTitle)
| export interface IHostSecurity { | ||
| host: string; | ||
| level: EHostSecurityLevel; | ||
| attackTypes: IAttackType[]; | ||
| phishingSite: boolean; | ||
| checkSources: IHostSecurityCheckSources[]; | ||
| alert: string; | ||
| detail?: { | ||
| title: string; | ||
| content: string; | ||
| }; | ||
| projectName: string; | ||
| createdAt: string; | ||
| updatedAt?: string; | ||
| dapp?: { | ||
| name: string; | ||
| logo: string; | ||
| description: { | ||
| text: string; | ||
| }; | ||
| tags: { | ||
| name: { | ||
| text: string; | ||
| lokaliseKey: string; | ||
| deleted: boolean; | ||
| }; | ||
| tagId: string; | ||
| type: 'success' | 'info' | 'critical' | 'warning' | 'default' | undefined; | ||
| }[]; | ||
| origins: { | ||
| name: string; | ||
| logo: string; | ||
| }[]; | ||
| }; | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
优化接口字段定义
IHostSecurity 接口中的一些建议:
dapp字段的嵌套层级过深,建议拆分tags的类型定义可以独立出来- 缺少必要的字段注释
建议将 dapp 相关的类型单独定义:
interface IDappTag {
name: {
text: string;
lokaliseKey: string;
deleted: boolean;
};
tagId: string;
type: 'success' | 'info' | 'critical' | 'warning' | 'default' | undefined;
}
interface IDapp {
name: string;
logo: string;
description: {
text: string;
};
tags: IDappTag[];
origins: {
name: string;
logo: string;
}[];
}| export enum EHostSecurityLevel { | ||
| High = 'high', | ||
| Medium = 'medium', | ||
| Security = 'security', | ||
| Unknown = 'unknown', | ||
| } |
There was a problem hiding this comment.
🧹 Nitpick (assertive)
建议完善安全级别枚举定义
安全级别的枚举值需要更明确的定义:
- 建议添加每个级别的详细注释
- 考虑添加数值映射便于比较
export enum EHostSecurityLevel {
+ // 高风险级别
High = 'high',
+ // 中等风险级别
Medium = 'medium',
+ // 安全级别
Security = 'security',
+ // 未知级别
Unknown = 'unknown',
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| export enum EHostSecurityLevel { | |
| High = 'high', | |
| Medium = 'medium', | |
| Security = 'security', | |
| Unknown = 'unknown', | |
| } | |
| export enum EHostSecurityLevel { | |
| // 高风险级别 | |
| High = 'high', | |
| // 中等风险级别 | |
| Medium = 'medium', | |
| // 安全级别 | |
| Security = 'security', | |
| // 未知级别 | |
| Unknown = 'unknown', | |
| } |
| export const Logo = ({ style }: { style: any }) => ( | ||
| <img | ||
| alt="Logo" | ||
| style={style} | ||
| src="data:image/webp;base64,UklGRswEAABXRUJQVlA4WAoAAAAQAAAALwAALwAAQUxQSCgDAAABoGTbtuq6OdLTNzPbxXCJoehehJlKbkKYmZMGMDPUmZmZOWaM3tN9axXuvVKaEBETEPXhvIhYdOw5Nz35xld//wf//f3Vm0/edO6xiyJi3jBmHsxFLD7poZ/9H39+6KRFEXODGZphLL/iN9WubbvUo/Spa8ed6m9XrohhM9Uo4oKtmtqut47FvmuTbj0/YjTFXMx7StuEIrnUVVKrT82LucooVnxqmwQBpCpI0dT6yYoYFZqY94kHEAEpioW6HPCTedFExGAYT3nAgiAguRRFBA/4VAwHEXNxgS1SFdQMC1O2XhBzMYwV20wCgswuCAImt66I4by4ylYyQRAsZ4CCgK1XxbxY8rsJEBAQLFMUkGLy9yURp5goSXkaC5ILyVMiHrGVXFGclrKiKLY+Ekt+tSuoACI1MxVAtPPXJSdor1QFhApSFdReT7jQTgRBM5lB0Ayw84LbbAXQkhkVQEsKtt72bEFUBMGaIiqCYPbsu04EECqIZQChAk589zuTIAioIDURBFQQk99ttS8IIgKiKIAIIgLau3UsqqCAgoIqqqCABXAMKAKCIGKdXBDEDGRKEcBZQAQkHwvmILnToyC5II632otK2VmkqoC9W783SVnyAgg1KarJH953UhIUVMGMgqAg4MQPXrQTpCiWcovkAoidL91rK3WhJAJTCWDrPVvsNBNrkltERDDr3LJZ+kI9M6NUFexx89q/nAiCYE2sgiC5E/9aE8/ZSq4gUKgDChZan4u4yAmAgBSnAgEpJy+K2LTVVJJcmElySW7dFKO421YARXEqBFAUsfXuGA3jkL32ggogoohQUMnt3XtIDKOJS+ykLCgIYKko2HpJNBGDmPeKYwXNchFLgiKOfWVeDCKiiYN+cawlZUYtOPaXg6KJvIljfrXrRRAEFEVEBfvOX4+JJspNHPGmdj0ouQgKoNB3+uYR0US9ieXX79fUJTAHsdinLun+65dHE9M2ESfev0tl0k1S6rM+TSbdBHXXfSdGNDH9YBhx1MUv77CK9R0vX3x0xHAQMw8HEYuOPOO6x1778redLbQ7f/vytceuPeOoRRGDYdQBVlA4IH4BAACQCACdASowADAAPpE2lkiloqIhMdZqALASCWkABRXm1xMlLv4/sMpVEDsQhAZmdBuj/t2DLLfSj9jeN2h/33kRqlO8uEYD82VJykmZgAD++u9Yi1iq75P1V2sgP+qtpKI6W2w+S89zFwU6NocVAgS4Ahpa8cwJdBVEzwmXPHuS+Bkf1jepfuaBisZjtz5k66v9TsX4ZHJ5vxopXrXVhzZQUpWcle5eRr0hlxA/4qZCdCu7tBQ5hgNercW+3c8xj+8Y/zuF1X58pDYUF3k54O/II2gG8Dqeo/A55jNiCpze2OAuo27ogApJXra1b+faewFXX38yPcZcdAUmJbAX3uojPiByizCXOCi4wxWsVeiO7lp3pZm8f0ZyYUdSt4Zp0OC1vqmHm6T91y+5ksk6nQ1HLhk4+cITpVoLHyAFiOAJR65xrUvCXEZkm4vPDlcD+/++gTsKJ77gEkOU8XBObUsURriu7kcnYOLmxbgVkhgyFKQgHakg1e2tS8mJzSAA" | ||
| /> | ||
| ) |
There was a problem hiding this comment.
需要改进的几个关键点
style属性使用any类型不够严谨,建议使用React.CSSProperties- base64 图片建议提取到单独的资源文件中
- 缺少图片加载失败的处理
建议按如下方式修改:
- export const Logo = ({ style }: { style: any }) => (
+ import logoImage from './assets/logo.webp';
+
+ export const Logo = ({ style }: { style: React.CSSProperties }) => (
<img
alt="Logo"
style={style}
- src="data:image/webp;base64,UklGR..."
+ src={logoImage}
+ onError={(e) => {
+ e.currentTarget.style.display = 'none';
+ }}
/>
)Committable suggestion skipped: line range outside the PR's diff.
| "web3": "^1.7.3", | ||
| "preact": "^10.25.1" |
There was a problem hiding this comment.
🧹 Nitpick (assertive)
新增 preact 依赖
新增了 preact 依赖用于实现浮动图标功能,版本选择合适。建议在 README 中说明使用 preact 的原因。
| void detectWebsiteRiskLevel(); | ||
| void injectFloatingButton(); | ||
| void hackAllConnectButtons(); | ||
| void listenPageFocus(); | ||
| }, 1000); |
There was a problem hiding this comment.
🛠️ Refactor suggestion
浮动按钮注入时机需优化
- setTimeout 延迟 1000ms 可能导致用户体验不佳
- 建议添加错误处理机制
- 考虑将 showFloatingButton 参数传递给 injectFloatingButton 函数
建议修改为:
setTimeout(() => {
void detectWebsiteRiskLevel();
- void injectFloatingButton();
+ if (showFloatingButton) {
+ try {
+ void injectFloatingButton();
+ } catch (error) {
+ console.error('Failed to inject floating button:', error);
+ }
+ }
void hackAllConnectButtons();
void listenPageFocus();
- }, 1000);
+ }, 500);📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| void detectWebsiteRiskLevel(); | |
| void injectFloatingButton(); | |
| void hackAllConnectButtons(); | |
| void listenPageFocus(); | |
| }, 1000); | |
| setTimeout(() => { | |
| void detectWebsiteRiskLevel(); | |
| if (showFloatingButton) { | |
| try { | |
| void injectFloatingButton(); | |
| } catch (error) { | |
| console.error('Failed to inject floating button:', error); | |
| } | |
| } | |
| void hackAllConnectButtons(); | |
| void listenPageFocus(); | |
| }, 500); |
There was a problem hiding this comment.
Actionable comments posted: 2
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
packages/providers/inpage-providers-hub/src/injectWeb3Provider.ts(3 hunks)
🔇 Additional comments (1)
packages/providers/inpage-providers-hub/src/injectWeb3Provider.ts (1)
310-312: 浮动按钮注入逻辑需要优化
- 建议添加错误处理机制
- 延迟时间可以适当缩短
- 考虑在注入前检查是否已存在浮动按钮
setTimeout(() => {
void detectWebsiteRiskLevel();
if (showFloatingButton) {
+ try {
void injectFloatingButton();
+ } catch (error) {
+ console.error('注入浮动按钮失败:', error);
+ }
}
void hackAllConnectButtons();
void listenPageFocus();
- }, 1000);
+ }, 500);| @@ -70,7 +71,7 @@ export type IWindowOneKeyHub = { | |||
| }; | |||
| }; | |||
|
|
|||
| function injectWeb3Provider(): unknown { | |||
| function injectWeb3Provider({ showFloatingButton = false }: { showFloatingButton?: boolean } = {}): unknown { | |||
There was a problem hiding this comment.
🧹 Nitpick (assertive)
函数参数类型定义可以优化
建议将参数类型定义提取为独立的接口,以提高代码的可维护性和复用性。
+ interface InjectWeb3ProviderOptions {
+ showFloatingButton?: boolean;
+ }
- function injectWeb3Provider({ showFloatingButton = false }: { showFloatingButton?: boolean } = {}): unknown {
+ function injectWeb3Provider({ showFloatingButton = false }: InjectWeb3ProviderOptions = {}): unknown {📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| function injectWeb3Provider({ showFloatingButton = false }: { showFloatingButton?: boolean } = {}): unknown { | |
| interface InjectWeb3ProviderOptions { | |
| showFloatingButton?: boolean; | |
| } | |
| function injectWeb3Provider({ showFloatingButton = false }: InjectWeb3ProviderOptions = {}): unknown { |
| @@ -30,6 +30,7 @@ import { ProviderBtc, ProviderBtcWallet } from '@onekeyfe/onekey-btc-provider'; | |||
| import { ProviderAlgo } from '@onekeyfe/onekey-algo-provider'; | |||
| import { hackAllConnectButtons } from './connectButtonHack'; | |||
| import { detectWebsiteRiskLevel, listenPageFocus } from './detectRiskWebsite'; | |||
| import { injectFloatingButton } from './floatingButton'; | |||
There was a problem hiding this comment.
🧹 Nitpick (assertive)
导入语句位置需要调整
建议将 injectFloatingButton 的导入语句与其他 UI 相关的导入(如 hackAllConnectButtons)放在一起,以保持代码组织的一致性。
import { hackAllConnectButtons } from './connectButtonHack';
import { detectWebsiteRiskLevel, listenPageFocus } from './detectRiskWebsite';
+ import { injectFloatingButton } from './floatingButton';
import { WALLET_CONNECT_INFO } from './connectButtonHack/consts';
- import { injectFloatingButton } from './floatingButton';📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| import { injectFloatingButton } from './floatingButton'; | |
| import { hackAllConnectButtons } from './connectButtonHack'; | |
| import { detectWebsiteRiskLevel, listenPageFocus } from './detectRiskWebsite'; | |
| import { injectFloatingButton } from './floatingButton'; | |
| import { WALLET_CONNECT_INFO } from './connectButtonHack/consts'; |
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
packages/providers/inpage-providers-hub/src/floatingButton/images.tsx (1)
3-3:⚠️ Potential issue使用更严格的类型定义
使用
any类型会失去 TypeScript 的类型检查优势。- export const Logo = ({ style }: { style: any }) => ( + export const Logo = ({ style }: { style: React.CSSProperties }) => (
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
packages/providers/inpage-providers-hub/src/floatingButton/images.tsx(1 hunks)
🔇 Additional comments (2)
packages/providers/inpage-providers-hub/src/floatingButton/images.tsx (2)
4-8: 🧹 Nitpick (assertive)
优化图片处理方式
当前实现存在以下问题:
- base64 编码的图片增加了代码体积
- 缺少图片加载错误处理
- 缺少图片尺寸优化
建议改进:
+ import oneKeyLogo from './assets/onekey-logo.webp';
+
<img
alt="OneKey Logo"
style={style}
- src="data:image/webp;base64,UklGR..."
+ src={oneKeyLogo}
+ width={32}
+ height={32}
+ onError={(e) => {
+ console.error('Logo 加载失败');
+ e.currentTarget.style.display = 'none';
+ }}
/>另外建议:
- 将图片文件移至
assets目录 - 考虑添加图片加载状态处理
- 使用
next/image或类似工具优化图片加载
Likely invalid or redundant comment.
7-7: 验证图片格式和尺寸是否最优
需要确认当前 WebP 图片的配置是否最优。
| /* eslint-disable @typescript-eslint/no-unsafe-assignment */ | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
ESLint 规则禁用范围过大
建议只在必要的地方禁用特定规则,而不是完全禁用类型检查。这样可以保持更好的代码质量和类型安全性。
- /* eslint-disable @typescript-eslint/no-unsafe-assignment */
+ // 仅在确实需要的地方禁用特定规则Committable suggestion skipped: line range outside the PR's diff.
|
Report too large to display inline |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is protestware?This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function. Consider that consuming this package may come along with functionality unrelated to its primary purpose. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
There was a problem hiding this comment.
Actionable comments posted: 4
🔭 Outside diff range comments (1)
packages/providers/onekey-solana-provider/package.json (1)
Line range hint
4-7: 关键字拼写错误关键字中 "solona" 应该修改为 "solana"。
"keywords": [ "cross-inpage-provider", - "solona" + "solana" ],
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (33)
packages/core/package.json(2 hunks)packages/core/src/versionInfo.ts(1 hunks)packages/desktop/desktop-bridge-injected/package.json(2 hunks)packages/empty/package.json(1 hunks)packages/errors/package.json(1 hunks)packages/events/package.json(1 hunks)packages/example/package.json(2 hunks)packages/extension/extension-bridge-hosted/package.json(2 hunks)packages/extension/extension-bridge-injected/package.json(2 hunks)packages/injected/package.json(2 hunks)packages/native/native-bridge-injected/package.json(2 hunks)packages/providers/inpage-providers-hub/package.json(2 hunks)packages/providers/onekey-algo-provider/package.json(2 hunks)packages/providers/onekey-alph-provider/package.json(2 hunks)packages/providers/onekey-aptos-provider/package.json(2 hunks)packages/providers/onekey-bfc-provider/package.json(2 hunks)packages/providers/onekey-btc-provider/package.json(2 hunks)packages/providers/onekey-cardano-provider/package.json(2 hunks)packages/providers/onekey-conflux-provider/package.json(2 hunks)packages/providers/onekey-cosmos-provider/package.json(2 hunks)packages/providers/onekey-eth-provider/package.json(2 hunks)packages/providers/onekey-near-provider/package.json(2 hunks)packages/providers/onekey-nostr-provider/package.json(2 hunks)packages/providers/onekey-polkadot-provider/package.json(2 hunks)packages/providers/onekey-private-provider/package.json(2 hunks)packages/providers/onekey-scdo-provider/package.json(2 hunks)packages/providers/onekey-solana-provider/package.json(2 hunks)packages/providers/onekey-sui-provider/package.json(2 hunks)packages/providers/onekey-ton-provider/package.json(2 hunks)packages/providers/onekey-tron-provider/package.json(2 hunks)packages/providers/onekey-webln-provider/package.json(2 hunks)packages/types/package.json(1 hunks)packages/webview/package.json(2 hunks)
🔇 Additional comments (31)
packages/core/src/versionInfo.ts (1)
2-2: 版本号更新需要验证
版本从 2.1.21 升级到 2.2.0 表明添加了新功能。请确认:
- 此次更新是否包含破坏性改动
- 是否所有相关包都已同步更新版本号
✅ Verification successful
版本号已同步更新
通过检查所有 package.json 文件,确认主要包的版本号已统一更新至 2.2.0。其他版本号差异来自第三方依赖包,这是正常现象。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查所有 package.json 中的版本号是否一致
find . -name "package.json" -type f -exec grep -l "version" {} \; | xargs cat | grep "version"
Length of output: 23209
packages/events/package.json (1)
3-3: 版本号更新正确
版本号已正确更新至 2.2.0,与核心包保持一致。
packages/empty/package.json (1)
3-3: 版本更新正确!
版本号从 2.1.23 升级到 2.2.0 符合语义化版本规范,与新增浮动图标功能相匹配。
packages/errors/package.json (1)
3-3: 版本同步更新完成!
错误处理包版本更新与其他包保持一致,确保了整个项目的版本同步性。
packages/native/native-bridge-injected/package.json (1)
3-3: 依赖关系更新正确!
版本号和核心依赖包都已更新到 2.2.0,保持了一致性。让我们验证一下所有相关包的版本是否都已同步更新。
Also applies to: 31-32
✅ Verification successful
版本号和依赖项已完全同步!
经过验证,所有包的版本号和 @onekeyfe 依赖项都已统一更新到 2.2.0,保持了完全一致性。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查所有包的版本号是否一致
echo "检查所有 package.json 文件中的版本号..."
find . -name "package.json" -exec grep -H "\"version\":" {} \;
# 检查所有依赖项中的 @onekeyfe 包版本
echo "检查所有 @onekeyfe 依赖项的版本..."
find . -name "package.json" -exec grep -H "\"@onekeyfe/" {} \;
Length of output: 43872
packages/extension/extension-bridge-injected/package.json (1)
3-3: 版本更新检查
版本从 2.1.23 升级到 2.2.0 的更改符合语义化版本规范,新功能应使用次版本号递增。依赖项的版本更新保持一致性。
Also applies to: 31-32
✅ Verification successful
版本一致性验证通过
通过检查所有包的 package.json 文件,确认所有相关包都已统一更新到 2.2.0 版本,版本号保持一致。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 验证所有相关包的版本一致性
for pkg in $(fd -e json -x cat {} \; | jq -r 'select(.name | startswith("@onekeyfe")) | .name'); do
echo "检查包 $pkg 的版本..."
rg "\"version\": \"2\.2\.0\"" -l
done
Length of output: 32364
packages/extension/extension-bridge-hosted/package.json (1)
3-3: 依赖关系更新验证
版本更新保持一致,核心依赖项同步更新到 2.2.0。现有的 uuid 依赖保持不变,这是正确的做法。
Also applies to: 31-32
packages/desktop/desktop-bridge-injected/package.json (1)
3-3: 桌面端依赖配置确认
版本和依赖更新符合预期。electron 作为 peerDependency 的配置保持不变,这样的依赖管理策略是合适的。
Also applies to: 37-38
packages/providers/onekey-btc-provider/package.json (2)
3-3: 版本号更新符合语义化版本规范
从 2.1.23 升级到 2.2.0 的版本号变更与 PR 标题中的新功能(feat)相符。
31-34: 依赖包版本同步更新
内部依赖包版本统一更新到 2.2.0,保持版本一致性。建议验证这些依赖包的变更是否会影响现有功能。
✅ Verification successful
Let me try to gather more information about these package versions.
依赖包版本已完成统一更新
从代码库分析结果来看,所有相关的 @onekeyfe 依赖包(cross-inpage-provider-core、cross-inpage-provider-errors、cross-inpage-provider-types、extension-bridge-injected)已经统一更新到 2.2.0 版本。这些更新已在整个代码库中保持一致性。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查依赖包的变更记录
for pkg in cross-inpage-provider-core cross-inpage-provider-errors cross-inpage-provider-types extension-bridge-injected; do
echo "Checking $pkg changes..."
gh pr list --repo OneKeyHQ/cross-inpage-provider --search "base:main $pkg in:title"
done
Length of output: 1341
Script:
#!/bin/bash
# Check current package.json files for these dependencies
echo "Checking package dependencies across the codebase..."
rg -A1 -B1 '"@onekeyfe/(cross-inpage-provider-|extension-bridge-)'
# Check for any imports of these packages
echo -e "\nChecking imports from these packages..."
rg "from ['\"]\@onekeyfe/(cross-inpage-provider-|extension-bridge-)"
Length of output: 26953
packages/providers/onekey-scdo-provider/package.json (1)
3-3: 版本更新与 btc-provider 保持一致
版本号和依赖包的更新与 onekey-btc-provider 完全一致,这种同步更新有助于保持包之间的兼容性。
Also applies to: 31-34
packages/providers/onekey-nostr-provider/package.json (1)
3-3: 版本更新检查
版本从 2.1.23 升级到 2.2.0 表明这是一个新功能发布(根据 PR 标题是添加浮动图标功能)。依赖包版本更新保持一致性,符合最佳实践。
建议:
- 请补充 PR 描述,说明具体的功能变更
- 确认是否所有相关包都已更新到 2.2.0 版本
Also applies to: 31-34
✅ Verification successful
依赖包版本已完成统一更新
根据检查结果,所有相关的 @onekeyfe 依赖包都已统一更新到 2.2.0 版本,包括:
- @onekeyfe/cross-inpage-provider-core
- @onekeyfe/cross-inpage-provider-errors
- @onekeyfe/cross-inpage-provider-types
- @onekeyfe/extension-bridge-injected
建议仍需在 PR 描述中补充具体的功能变更说明。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查所有相关包的版本是否一致
fd -e json -x cat {} \; | jq 'select(.dependencies != null) | .dependencies | with_entries(select(.key | startswith("@onekeyfe"))) | to_entries[] | "\(.key): \(.value)"'
Length of output: 2939
packages/providers/onekey-webln-provider/package.json (1)
3-3: 版本一致性确认
webln provider 包的版本更新与其他包保持一致,从 2.1.23 升级到 2.2.0。
Also applies to: 31-34
packages/providers/onekey-conflux-provider/package.json (1)
3-3: 版本升级确认
conflux provider 包的版本更新符合预期,与其他包保持一致。
Also applies to: 31-34
packages/providers/onekey-private-provider/package.json (1)
3-3: 版本更新看起来很合理!
包版本和依赖版本都统一更新到了 2.2.0,保持了良好的一致性。
Also applies to: 31-34
packages/webview/package.json (1)
3-3: 依赖版本更新正确!
主版本和核心依赖包都更新到了 2.2.0,与其他包保持同步。
Also applies to: 39-40
packages/providers/onekey-cardano-provider/package.json (1)
3-3: 建议确认发布范围
版本和依赖更新符合预期。建议确认:
- 是否所有相关包都已更新到 2.2.0
- 是否需要更新 CHANGELOG
Also applies to: 32-35
✅ Verification successful
版本更新已完成且一致
所有包都已统一更新到 2.2.0 版本,包括:
- core
- providers (所有provider包)
- desktop/extension/native相关包
- 其他工具包
建议在根目录添加 CHANGELOG.md 文件记录此次版本更新的变更内容。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查所有包的版本是否统一更新到 2.2.0
fd -e package.json -x jq -r '. | select(.version != null) | .name + ": " + .version'
# 检查是否存在 CHANGELOG
fd -g "CHANGELOG*"
Length of output: 107
Script:
#!/bin/bash
# Check package versions in a more reliable way
find . -name "package.json" -type f -exec sh -c 'echo "=== $1 ==="; cat "$1" | jq -r ".version"' sh {} \;
# Check for changelog files with case-insensitive search
find . -type f -iname "changelog*" -o -iname "*.md" -exec grep -l -i "changelog" {} \;
Length of output: 21244
packages/providers/onekey-ton-provider/package.json (1)
3-3: 版本更新需要补充说明
包版本从 2.1.23 升级到 2.2.0,同时更新了以下依赖包的版本:
- @onekeyfe/cross-inpage-provider-core
- @onekeyfe/cross-inpage-provider-errors
- @onekeyfe/cross-inpage-provider-types
- @onekeyfe/extension-bridge-injected
根据语义化版本规范,从 2.1.23 升级到 2.2.0 表明添加了新功能。建议在 PR 描述中说明新增了哪些功能。
Also applies to: 31-34
packages/providers/onekey-sui-provider/package.json (1)
3-3: 版本号更新保持一致
版本号和依赖包更新与其他提供程序保持一致,这很好。
Also applies to: 32-35
packages/providers/onekey-cosmos-provider/package.json (1)
3-3: 版本号更新保持一致
版本号和依赖包更新与其他提供程序保持一致,这很好。
Also applies to: 32-35
packages/providers/onekey-eth-provider/package.json (1)
3-3: 版本更新检查
版本从 2.1.23 升级到 2.2.0 符合语义化版本规范,新增浮动图标功能属于特性更新。依赖包版本更新保持一致性。
Also applies to: 31-34
✅ Verification successful
版本一致性验证通过
所有依赖 @onekeyfe/cross-inpage-provider-core 的包都已更新到 2.2.0 版本,保持了良好的版本一致性。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 验证所有相关包的版本一致性
fd -e json package.json | xargs cat | jq -r 'select(.dependencies != null) | select(.dependencies["@onekeyfe/cross-inpage-provider-core"] != null) | .dependencies["@onekeyfe/cross-inpage-provider-core"]' | sort | uniq -c
Length of output: 236
packages/providers/onekey-tron-provider/package.json (1)
3-3: 版本更新一致性良好
与 eth provider 保持相同的版本更新策略,依赖包版本同步更新到 2.2.0。
Also applies to: 32-35
packages/providers/onekey-bfc-provider/package.json (1)
3-3: 版本更新看起来没问题!
版本号从 2.1.23 升级到 2.2.0 符合语义化版本规范,因为添加了浮动图标这个新功能。相关依赖包的版本也都同步更新了。
Also applies to: 32-35
packages/providers/onekey-polkadot-provider/package.json (1)
3-3: 请确认所有依赖包的兼容性
版本更新看起来符合规范,但建议:
- 验证新版本与 @polkadot/extension-inject 的兼容性
- 确保所有使用这些包的项目都已更新到新版本
Also applies to: 32-35
✅ Verification successful
版本更新已验证,无兼容性问题
检查结果显示:
- 所有相关包都已统一更新到 2.2.0 版本
- inpage-providers-hub 是唯一依赖此包的外部模块,且已同步更新
- 无遗留的旧版本依赖
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查是否有其他包依赖于旧版本
rg -l "\"@onekeyfe/(cross-inpage-provider-core|cross-inpage-provider-errors|cross-inpage-provider-types|extension-bridge-injected)\": \"2\.1\.23\""
Length of output: 145
Script:
#!/bin/bash
# 检查依赖版本
rg -l "@onekeyfe.*2\.2\.0"
# 检查 polkadot 相关依赖
rg "@polkadot/extension-inject.*\"version\"" packages/providers/onekey-polkadot-provider/package.json
# 检查其他包是否依赖于 onekey-polkadot-provider
rg -l "\"@onekeyfe/onekey-polkadot-provider\""
Length of output: 1700
packages/providers/onekey-near-provider/package.json (1)
3-3: 版本更新检查
版本号从 2.1.23 升级到 2.2.0 表明有新功能添加。所有内部依赖包都已同步更新到相同版本,这是个好的实践。
Also applies to: 38-41
✅ Verification successful
版本一致性确认完成
所有 @onekeyfe 相关包均已统一更新至 2.2.0 版本,保持了良好的版本同步性。
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查所有相关包的版本一致性
fd -e json -x jq -r '. | select(.name | startswith("@onekeyfe")) | .version' {} \;
Length of output: 7395
Script:
#!/bin/bash
# 只搜索 package.json 文件中的版本信息
fd package.json -x jq -r 'select(.name? | startswith("@onekeyfe")) | "\(.name): \(.version)"' {} \;
Length of output: 1403
packages/providers/onekey-solana-provider/package.json (1)
3-3: 版本更新已确认
版本更新与其他包保持一致,依赖关系更新正确。
Also applies to: 32-35
packages/providers/onekey-aptos-provider/package.json (1)
3-3: 版本更新完整性验证
版本号和依赖更新与其他包保持一致,没有发现问题。
Also applies to: 32-35
packages/injected/package.json (1)
3-3: 版本更新看起来不错!
版本号从 2.1.23 升级到 2.2.0,相关依赖包版本也同步更新,保持了版本一致性。
Also applies to: 45-50
packages/providers/inpage-providers-hub/package.json (2)
3-3: 版本更新协调一致!
所有包的版本都统一更新到 2.2.0,保持了良好的版本同步。
Also applies to: 33-52
53-53: 建议完善 preact 相关文档
新增了 preact 依赖用于实现浮动图标功能,版本选择合适。建议在 README 中说明使用 preact 的原因。
packages/example/package.json (1)
3-3: 示例项目版本同步更新完成!
示例项目和相关依赖包都更新到 2.2.0 版本,保持了版本一致性。
Also applies to: 31-41
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@onekeyfe/cross-inpage-provider-types", | |||
| "version": "2.1.23", | |||
| "version": "2.2.0", | |||
There was a problem hiding this comment.
🧹 Nitpick (assertive)
版本号更新正确,建议更新变更日志
版本号已正确更新至 2.2.0,与其他包保持一致。建议:
- 更新 CHANGELOG.md 文件
- 在 PR 描述中添加版本变更说明
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@onekeyfe/onekey-algo-provider", | |||
| "version": "2.1.23", | |||
| "version": "2.2.0", | |||
There was a problem hiding this comment.
💡 Codebase verification
需要增加 algo-provider 的测试覆盖
检查结果显示:
- 所有 provider 包确实统一更新到了 2.2.0 版本
- onekey-algo-provider 目前缺少测试文件,这与其他 provider 包的测试覆盖不一致
建议在发布前添加 algo-provider 的基础测试用例,以保持与其他 provider 包一致的质量标准。
🔗 Analysis chain
统一的版本更新策略
该包的版本更新与其他 provider 包保持一致,显示了良好的版本管理策略。建议在发布前确认所有 provider 包的测试覆盖率。
Also applies to: 31-34
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# 检查所有 provider 包的测试文件
echo "Checking test coverage..."
fd -e test.ts -e spec.ts . packages/providers/
Length of output: 801
Script:
#!/bin/bash
# Check if onekey-algo-provider has test files
echo "Checking algo provider test files..."
fd -e test.ts -e spec.ts . packages/providers/onekey-algo-provider/
# Check version numbers in all provider package.json files
echo -e "\nChecking provider versions..."
fd package.json packages/providers/ -x grep -H "\"version\""
Length of output: 1803
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@onekeyfe/onekey-alph-provider", | |||
| "version": "2.1.23", | |||
| "version": "2.2.0", | |||
There was a problem hiding this comment.
🧹 Nitpick (assertive)
建议完善 PR 描述
版本更新保持一致性,但建议补充 PR 描述,说明浮动图标功能的具体实现和影响范围。
Also applies to: 34-37
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@onekeyfe/cross-inpage-provider-core", | |||
| "version": "2.1.23", | |||
| "version": "2.2.0", | |||
There was a problem hiding this comment.
🧹 Nitpick (assertive)
核心包版本更新提醒
作为基础包,此次版本更新需要注意:
- 新功能是否会影响现有的集成方
- 是否需要更新文档来说明新的浮动图标功能
- 建议在 CHANGELOG 中说明此次更新的内容
需要我帮忙编写更新文档或 CHANGELOG 吗?
Also applies to: 32-34
Summary by CodeRabbit
Logo组件用于显示应用程序的标志。package.json中新增了preact依赖,并将多个依赖版本更新至2.2.0。injectWeb3Provider函数,允许显示浮动按钮。.gitignore文件,新增了.history和重新包含了.vscode。