hirosystems
Make user’s networks available to the app
During the code injection, we should also make the network endpoints that are setup in the wallet available for the app to get.
Eg, we could retrieve the user's chosen endpoint for the 'mainnet' key through a function and return it as a URI to the app, eg 'https://stacks-node-api.mainnet.stacks.co'.
This is essential for decentralisation so apps prefers don't use their own hosted ones, but users use their ones locally.
@sub100ms is working on an superfast API for Stacks (codenamed Earth) that will be optimal for server-side rendered web apps. Data is fetched server-side from Earth rapidly and served to the user, then the user's browser validates the data with the user's local API node, enabling a very fast UX as well as maximum trust. We'll need this functionality to do this.
Perhaps relevant to Stacks Connect?
Thanks, I think is indeed most relevant to Connect so I've transferred the issue there.
@sub100ms do you have a general ETA for when you may be looking to release Earth? To help us with prioritizing this functionality on our end.
Is the idea here that the user would configure an alternative node manually in the wallet then the app would react by using it, assuming the app has no particular preference for Earth or a different network / API type?
Or should we be thinking of this the other way around, in that the app / app developer does have a preference for the user to "confirm" for usage with their wallet, and the app can use it independently without having to rely on the wallet's settings at all?
The former. We want to honour the user's decision and to encourage decentralisation.
We're aiming to have a sort of MVP for Earth out in maybe 6 months, I believe. We're working on an NFT API first, then this will be next I believe.
Is there a precedent for this feature? Metamask doesn't do it afaik.
This would introduce privacy concerns. What right does an app have to know what networks I have added? What if I have a personal development server added with an IP I'd rather keep private?
@kyranjamie the app would only be able to retrieve networks it knows about (eg, mainnet, testnet, regret). we could add a simple limit so it can only request 5 unique networks per app.
this means I could have a node with the key '9jjj64bs' that I use for private development and the app wouldn't be able to access it because it doesn't know the key and the extension limits the number of networks it knows about to 5.
ultimately, I think apps should use the user’s chosen node, rather than some hosted one.
I think this makes a lot of sense and is something I've brought up before, and if I remember correctly it is actually very common in Ethereum. It's unique in stacks that an app could be on a different network than what the user is in their extension.
Somewhat related: we want to ensure users give explicit permission before an app can change the actively selected network https://github.com/blockstack/stacks-wallet-web/issues/1281
IMO, the whole idea of a wallet is that it keeps your keys safe and handles transactions with your chosen node. The notion that an app can silently bypass a user's node choice breaks with conventions and user expectations.
For example, an app that uses Metamask, as far as I know, cannot choose a different network than the user's currently selected one.
What is the argument for apps being able to select networks in the first place?
If we want to hide the node's real location, could we add a proxy to the wallet so that the app can call functions without needing to know the node's address?