feat(ramps): Add TransakService for native deposit flow integration#7922
Open
georgeweiler wants to merge 16 commits intomainfrom
Open
feat(ramps): Add TransakService for native deposit flow integration#7922georgeweiler wants to merge 16 commits intomainfrom
georgeweiler wants to merge 16 commits intomainfrom
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
georgeweiler
changed the title
Contributor
Author
|
@metamaskbot publish-preview |
Contributor
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
| this.transakSetAuthenticated(false); | ||
| this.update((state) => { | ||
| state.nativeProviders.transak.userDetails.data = null; | ||
| }); |
There was a problem hiding this comment.
Logout leaves token and state inconsistent
Medium Severity
transakLogout() always sets nativeProviders.transak.isAuthenticated to false in finally, but it never calls TransakService:clearAccessToken when TransakService:logout fails. This can leave a valid service token while controller state says logged out, causing auth state drift and inconsistent behavior across subsequent Transak calls.
| this.update((state) => { | ||
| state.nativeProviders.transak = | ||
| getDefaultRampsControllerState().nativeProviders.transak; | ||
| }); |
There was a problem hiding this comment.
Reset does not clear service token
Medium Severity
transakResetState() only resets state.nativeProviders.transak and never calls TransakService:clearAccessToken. After reset, isAuthenticated becomes false while TransakService can still hold a valid token, so authenticated Transak requests may continue despite a reset state.
| } catch (error) { | ||
| if (error instanceof HttpError && error.httpStatus === 409) { | ||
| await this.cancelAllActiveOrders(); | ||
| await new Promise((resolve) => |
There was a problem hiding this comment.
Order retry triggers on all conflicts
Medium Severity
createOrder() retries after cancelling active orders for any HttpError with status 409. The logic does not verify the Transak error code (for example 4005 “Order exists”), so unrelated conflict responses can still cancel active orders and trigger an unintended retry path.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explanation
Introduces a new
TransakServiceclass that provides a direct integration with the Transak API for native buy/deposit flows within the ramps-controller package. This enables a "V2" native flow where MetaMask communicates directly with Transak's APIs for authentication, KYC, quoting, and order management -- rather than routing everything through the aggregator widget.What changed
New files:
TransakService.ts-- API client wrapping Transak's REST endpoints. Handles authentication (OTP login/verify), buy quotes, KYC requirements, order creation/cancellation, user management, payment confirmation, and a translation layer that maps generic ramps identifiers to Transak-specific ones. Uses the messenger pattern withregisterMethodActionHandlersto expose 23 methods as callable actions.TransakService-method-action-types.ts-- TypeScript action type definitions for each exposed messenger method.TransakService.test.ts-- Comprehensive test suite usingnockfor HTTP mocking. Covers all public methods, error paths, authentication guards, environment switching (staging/production), order ID transformations, and retry logic.Modified files:
RampsController.ts-- AddsnativeProviders.transakstate (authentication status, user details, buy quote, KYC requirement) with loading/error tracking viaResourceState. Adds ~25transak*methods that delegate to the TransakService via messenger calls, with stateful methods (transakGetUserDetails,transakGetBuyQuote,transakGetKycRequirement) managing loading and error state. ChangesstartQuotePollingto return early instead of throwing when no provider is selected.RampsController.test.ts-- Adds tests for all new transak methods on the controller, including state management, error handling, and fallback error messages. Updates existing snapshot assertions to include the newnativeProvidersstate shape.RampsService.ts-- Minor change (debug logging).index.ts-- Exports all new types, classes (TransakService,TransakEnvironment,TransakOrderIdTransformer), and action types from the package.Key design decisions
TransakServiceregisters its methods as messenger actions, andRampsControllercalls them viathis.messenger.call(...). This keeps the service decoupled from the controller and allows other consumers to call TransakService directly.getTranslationendpoint maps generic ramps identifiers (chain IDs, asset IDs, payment method paths) to Transak-native identifiers before calling Transak APIs. This keeps the controller's interface provider-agnostic.TransakOrderIdTransformerconverts between Transak's raw order IDs and the deposit-format IDs used by the ramps orders API (/providers/transak-native/orders/{id}).nativeProviders.transakto support future native provider integrations under the same pattern. State is not persisted (persist: false) since it contains session-specific data.Test plan
TransakService.test.ts-- all new service-level tests pass (auth flows, API calls, error handling, order ID transforms)RampsController.test.ts-- all new controller-level tests pass (messenger delegation, state updates, error state management)RampsControllertests continue to pass with updated snapshotsReferences
Checklist
Note
Medium Risk
Adds a new external-API integration (Transak) with authentication, quoting, KYC, and order lifecycle plus new controller state; mistakes could break deposit flows or leak error handling assumptions, but changes are isolated to the ramps controller/service layer with extensive tests.
Overview
Enables a native Transak deposit (buy) flow in
@metamask/ramps-controllerby introducing a newTransakService(OTP auth, KYC checks, quoting, order create/fetch/cancel, limits, OTT + payment widget URL generation, and identifier translation via the ramps orders API).RampsControlleris extended with a new non-persistednativeProviders.transakstate slice (auth flag +userDetails/buyQuote/kycRequirementresource states) and a set oftransak*convenience methods that delegate toTransakServiceand manage loading/error state where applicable. Quote polling behavior is tightened:startQuotePollingnow throws when no payment method is selected (instead of returning early), and widget URL fetching no longer logs on failure.Exports are updated to surface the new service/types/action types,
PaymentMethodgainsisManualBankTransfer?, and tests/snapshots are expanded substantially (including a comprehensiveTransakServicenock-based suite and controller coverage for the new Transak methods).Written by Cursor Bugbot for commit 48b74cb. This will update automatically on new commits. Configure here.