CLI: Sign with wallet selector in Laboratory

[willemneal]

What problem does your feature solve?

To transactions created in the CLI, allow users to connect to a wallet not stored by the CLI. This is being explicitly asked by developer

What would you like to see?

• Wallet kit - land user in Lab with wallet kit - https://github.com/Creit-Tech/Stellar-Wallets-Kit

This issue includes pass the xdr to the sign page on Lab and pass back the signed xdr to the CLI.

What alternatives are there?

[janewang]

@willemneal @fnando I'm thinking of breaking out the signing with macOS keychain into a separate ticket, what do you think?

[janewang]

For signing with system keychain, it is moved to a separate issue: #1481

[janewang]

It sounds like from @quietbits and @jeesunikim that this work requires adding a top level account

[Ifropc]

Currently blocked by #1406

[Ifropc]

This will add a new --sign-with-lab flag for (currently WIP) tx sign command. The flow is:

1. Prompt user to confirm opening browser (unless --yes is passed)
2. Start http server on any open port
3. Open browser with constructed url: https://beta-laboratory.stellar.org/transaction/cli-sign?importXdr=<xdr>&passphrase=<network-passphrase>&redirect-url=localhost:port/callback (more below)
4. cli: wait for callback to be called
5. laboratory: show sign view, when user click on sign, redirect to localhost:port/callback?signed=<xdr>
6. http server: listen to callback, when called save xdr into var
7. http server: redirect from /callback lab's success page (https://beta-laboratory.stellar.org/transaction/cli-success)
8. pass xdr back to cli main thread and kill server
9. print result signed xdr

We could reuse existing /sign endpoint, but I think it's more flexible to add 2 new endpoints:

1. /sign-cli that accepts necessary query parameters listed above:

• importXdr: XDR to sign
• passphrase: network passphrase (default to lab selected passphrase if not specified)
• redirect-url: URL user will be redirected to when transaction is successfully signed
  it can also have a different UI from a regular /sign, if we would want so in the future without the need of changing the cli (e.g. I think it could be useful to be able to see decoded XDR that user is signing) -> for now it can be the same as /sign , or even redirect to /sign.
  Previously it was discussed that we should add top level account, but IMO it's not necessary. We can keep current flow where user can either sign with provided secret key account (NOT an intended flow, as they can just use other cli commands for the same result. So we can technically remove signing with secret key from /sign-cli ), OR connect wallet and sign with it.

2. cli-success just a static page that says "transaction signed you can now close this page"

To sum up user flow (numbered):
cli:

1. call sign command
2. prompt to confirm action
   Browser:
3. open laboratory/sign-cli
4. user connects wallet and signs
5. redirect localhost/callback (with signed XDR)
6. redirect laboratory/success
   cli:
7. print signed XDR

cc @quietbits @jeesunikim

[janewang]

Close in favor of #674

[willemneal]

@janewang You linked this same issue