feat: tx sign --sign-with-lab

Cargo.toml

@@ -93,7 +93,7 @@ termcolor = "1.1.3"
 termcolor_output = "1.0.1"
 ed25519-dalek = ">= 2.1.1"
 
-# networking 
+# networking
 http = "1.0.0"
 jsonrpsee-http-client = "0.20.1"
 jsonrpsee-core = "0.20.1"

FULL_HELP_DOCS.md

@@ -1338,6 +1338,7 @@ Sign a transaction envelope appending the signature to the envelope
 
 * `--sign-with-key <SIGN_WITH_KEY>` — Sign with a local key. Can be an identity (--sign-with-key alice), a secret key (--sign-with-key SC36…), or a seed phrase (--sign-with-key "kite urban…"). If using seed phrase, `--hd-path` defaults to the `0` path
 * `--hd-path <HD_PATH>` — If using a seed phrase to sign, sets which hierarchical deterministic path to use, e.g. `m/44'/148'/{hd_path}`. Example: `--hd-path 1`. Default: `0`
+* `--sign-with-lab` — Sign with <https://lab.stellar.org>
 * `--rpc-url <RPC_URL>` — RPC server endpoint
 * `--network-passphrase <NETWORK_PASSPHRASE>` — Network passphrase to sign the transaction sent to the rpc server
 * `--network <NETWORK>` — Name of network to use from config

cmd/crates/soroban-test/tests/it/integration/tx.rs

@@ -1,8 +1,7 @@
-use soroban_rpc::GetTransactionResponse;
 use soroban_sdk::xdr::{Limits, ReadXdr, TransactionEnvelope, WriteXdr};
 use soroban_test::{AssertExt, TestEnv};
 
-use crate::integration::util::{deploy_contract, deploy_hello, DeployKind, HELLO_WORLD};
+use crate::integration::util::{deploy_contract, DeployKind, HELLO_WORLD};
 
 #[tokio::test]
 async fn simulate() {

cmd/soroban-cli/Cargo.toml

@@ -123,6 +123,8 @@ humantime = "2.1.0"
 phf = { version = "0.11.2", features = ["macros"] }
 semver = "1.0.0"
 glob = "0.3.1"
+open = "5.3.0"
+url = "2.5.2"
 
 # For hyper-tls
 [target.'cfg(unix)'.dependencies]

cmd/soroban-cli/src/commands/tx/sign.rs

@@ -34,7 +34,7 @@ impl Cmd {
     pub async fn run(&self, global_args: &global::Args) -> Result<(), Error> {
         let tx_env = super::xdr::tx_envelope_from_stdin()?;
         let tx_env_signed = self.sign_with.sign_tx_env(
-            tx_env,
+            &tx_env,
             &self.locator,
             &self.network.get(&self.locator)?,
             global_args.quiet,

cmd/soroban-cli/src/config/mod.rs

@@ -70,7 +70,7 @@ impl Args {
         let network = &self.get_network()?;
         let signer = Signer {
             kind: SignerKind::Local(LocalKey { key }),
-            printer: Print::new(false),
+            print: Print::new(false),
         };
         Ok(signer.sign_tx(tx, network)?)
     }

cmd/soroban-cli/src/config/secret.rs

@@ -3,8 +3,8 @@ use serde::{Deserialize, Serialize};
 use std::{io::Write, str::FromStr};
 use stellar_strkey::ed25519::{PrivateKey, PublicKey};
 
-use crate::print::Print;
 use crate::{
+    print::Print,
     signer::{self, LocalKey, Signer, SignerKind},
     utils,
 };
@@ -126,17 +126,14 @@ impl Secret {
         )?)
     }
 
-    pub fn signer(&self, index: Option<usize>, quiet: bool) -> Result<Signer, Error> {
+    pub fn signer(&self, index: Option<usize>, print: Print) -> Result<Signer, Error> {
         let kind = match self {
             Secret::SecretKey { .. } | Secret::SeedPhrase { .. } => {
                 let key = self.key_pair(index)?;
                 SignerKind::Local(LocalKey { key })
             }
         };
-        Ok(Signer {
-            kind,
-            printer: Print::new(quiet),
-        })
+        Ok(Signer { kind, print })
     }
 
     pub fn key_pair(&self, index: Option<usize>) -> Result<ed25519_dalek::SigningKey, Error> {

cmd/soroban-cli/src/config/sign_with.rs

@@ -1,4 +1,8 @@
-use crate::{signer, xdr::TransactionEnvelope};
+use crate::{
+    print::Print,
+    signer::{self, Signer, SignerKind},
+    xdr::{self, TransactionEnvelope},
+};
 use clap::arg;
 
 use super::{
@@ -23,6 +27,8 @@ pub enum Error {
     NoSignWithKey,
     #[error(transparent)]
     StrKey(#[from] stellar_strkey::DecodeError),
+    #[error(transparent)]
+    Xdr(#[from] xdr::Error),
 }
 
 #[derive(Debug, clap::Args, Clone, Default)]
@@ -35,19 +41,31 @@ pub struct Args {
     #[arg(long, requires = "sign_with_key")]
     /// If using a seed phrase to sign, sets which hierarchical deterministic path to use, e.g. `m/44'/148'/{hd_path}`. Example: `--hd-path 1`. Default: `0`
     pub hd_path: Option<usize>,
+
+    /// Sign with <https://lab.stellar.org>
+    #[arg(long, conflicts_with = "sign_with_key", env = "STELLAR_SIGN_WITH_LAB")]
+    pub sign_with_lab: bool,
 }
 
 impl Args {
     pub fn sign_tx_env(
         &self,
-        tx: TransactionEnvelope,
+        tx: &TransactionEnvelope,
         locator: &locator::Args,
         network: &Network,
         quiet: bool,
     ) -> Result<TransactionEnvelope, Error> {
-        let key_or_name = self.sign_with_key.as_deref().ok_or(Error::NoSignWithKey)?;
-        let secret = locator.key(key_or_name)?;
-        let signer = secret.signer(self.hd_path, quiet)?;
+        let print = Print::new(quiet);
+        let signer = if self.sign_with_lab {
+            Signer {
+                kind: SignerKind::Lab,
+                print,
+            }
+        } else {
+            let key_or_name = self.sign_with_key.as_deref().ok_or(Error::NoSignWithKey)?;
+            let secret = locator.key(key_or_name)?;
+            secret.signer(self.hd_path, print)?
+        };
         Ok(signer.sign_tx_env(tx, network)?)
     }
 }

cmd/soroban-cli/src/signer.rs

@@ -27,6 +27,12 @@ pub enum Error {
     Xdr(#[from] xdr::Error),
     #[error("Only Transaction envelope V1 type is supported")]
     UnsupportedTransactionEnvelopeType,
+    #[error(transparent)]
+    Url(#[from] url::ParseError),
+    #[error(transparent)]
+    Open(#[from] std::io::Error),
+    #[error("Returning a signature from Lab is not yet supported; Transaction can be found and submitted in lab")]
+    ReturningSignatureFromLab,
 }
 
 fn requires_auth(txn: &Transaction) -> Option<xdr::Operation> {
@@ -194,12 +200,13 @@ fn sign_soroban_authorization_entry(
 
 pub struct Signer {
     pub kind: SignerKind,
-    pub printer: Print,
+    pub print: Print,
 }
 
-#[allow(clippy::module_name_repetitions)]
+#[allow(clippy::module_name_repetitions, clippy::large_enum_variant)]
 pub enum SignerKind {
     Local(LocalKey),
+    Lab,
 }
 
 impl Signer {
@@ -212,26 +219,27 @@ impl Signer {
             tx,
             signatures: VecM::default(),
         });
-        self.sign_tx_env(tx_env, network)
+        self.sign_tx_env(&tx_env, network)
     }
 
     pub fn sign_tx_env(
         &self,
-        tx_env: TransactionEnvelope,
+        tx_env: &TransactionEnvelope,
         network: &Network,
     ) -> Result<TransactionEnvelope, Error> {
-        match tx_env {
+        match &tx_env {
             TransactionEnvelope::Tx(TransactionV1Envelope { tx, signatures }) => {
-                let tx_hash = transaction_hash(&tx, &network.network_passphrase)?;
-                self.printer
+                let tx_hash = transaction_hash(tx, &network.network_passphrase)?;
+                self.print
                     .infoln(format!("Signing transaction: {}", hex::encode(tx_hash),));
                 let decorated_signature = match &self.kind {
                     SignerKind::Local(key) => key.sign_tx_hash(tx_hash)?,
+                    SignerKind::Lab => Lab::sign_tx_env(tx_env, network, &self.print)?,
                 };
-                let mut sigs = signatures.into_vec();
+                let mut sigs = signatures.clone().into_vec();
                 sigs.push(decorated_signature);
                 Ok(TransactionEnvelope::Tx(TransactionV1Envelope {
-                    tx,
+                    tx: tx.clone(),
                     signatures: sigs.try_into()?,
                 }))
             }
@@ -251,3 +259,28 @@ impl LocalKey {
         Ok(DecoratedSignature { hint, signature })
     }
 }
+
+pub struct Lab;
+
+impl Lab {
+    const URL: &str = "https://lab.stellar.org/transaction/cli-sign";
+
+    pub fn sign_tx_env(
+        tx_env: &TransactionEnvelope,
+        network: &Network,
+        printer: &Print,
+    ) -> Result<DecoratedSignature, Error> {
+        let xdr = tx_env.to_xdr_base64(Limits::none())?;
+
+        let mut url = url::Url::parse(Self::URL)?;
+        url.query_pairs_mut()
+            .append_pair("networkPassphrase", &network.network_passphrase)
+            .append_pair("xdr", &xdr);
+        let url = url.to_string();
+
+        printer.globeln(format!("Opening lab to sign transaction: {url}"));
+        open::that(url)?;
+
+        Err(Error::ReturningSignatureFromLab)
+    }
+}