feat(connector): forbid SignAccepted/Rejected methods on untrusted connections

[friofry]

WebSocket clients may have access to sensitive the methods registered in connector/api.go.

The suggested solution is to protect client-facing methods with an 'isUntrustedConnection' check. Or register CommandRegistry in a separate api.

func (api *API) SignAccepted(ctx context.Context,args commands.SignAcceptedArgs) error {
  if IsUntrustedConnection(ctx) {
	return ...
   }
   return api.c.SignAccepted(args)
}

https://github.com/status-im/status-go/blob/develop/services/connector/api.go#L103

[friofry]

As discussed with @igor-sirotin in DM, we should only expose commands registered in the CommandRegistry to the public web socket API. It would be a cleaner separation.

However, this will require the release of a new version of the browser extension that sends requests without the connector_callRPC wrapper

[igor-sirotin]

However, this will require the release of a new version of the browser extension that sends requests without the connector_callRPC wrapper

Actually, we can just simply provide a CallRPC wrapper. We'll just have 2 CallRPC methods — one in API facing c-bindings, and one specifically for websockets, which would be a temporal solution only for backwards compatibility.