feat(wallet): Use Wallet WebUI for Send & Swap on iOS

[StephenHeaps]

• Adds support for using desktop/android wallet WebUI for Send & Swap in native iOS wallet. The send & swap UI will replace the existing native iOS UI when user taps Send / Swap in Portfolio or via tray in Wallet Panel.
• NFTs are displayed the same as in desktop/android using an iframe to isolate them with chrome-untrusted://nft-display.
• Creating transactions will continue to dismiss the send & swap modal presented over the native iOS wallet and present the native iOS transaction confirmation panel.

Resolves brave/brave-browser#36968

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

1. Open native Brave Wallet and verify Send & Swap both still use the existing native views when feature flag is disabled (default).
2. Open brave://flags and find Enable WebUI for Brave Wallet iOS feature flag. Enable it & restart the app.
3. Open native Brave Wallet and verify Send & Swap both use the WebUI seen on desktop (panel) and android.
4. Test using WebUI on iOS.
   • Creating Send transactions should work the same as on desktop/android. The exact same accounts & networks shown in native iOS wallet should be available for creating transactions.
     • Some assets (including NFTs) marked hidden may be shown in WebUI send if user has balance until [Wallet/iOS] Migrate user assets back to WalletService brave-browser#39098
   • Creating Swap transactions should work the same as on desktop/android. The exact same accounts & networks shown in native iOS wallet should be available in swap

Send.WebUI.Demo.MP4

Swap.WebUI.Demo.MP4

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[josheleonard]

Approved with nits

[josheleonard]

nit: missing EOF new-line

[StephenHeaps]

Fixed in 603c091

[josheleonard]

nit: missing EOF new line

[StephenHeaps]

Fixed in 603c091

[mkarolin]

grd++

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[nuo-xu]

it was very difficult to save Slippage tolerance (or im not sure its saved or not)
sending and swapping work pretty well.
I'm not sure it's my device. it once became pretty hot after I was trying to make tx on webui.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[yrliou]

wallet core LGTM (non-iOS code)

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[supermassive]

nit: is_panel

[supermassive]

Also no const in return type, just std::string. Same for GetWalletFrameSrcCSP

[supermassive]

nit: brave_wallet::

[github-actions]

[puLL-Merge] - brave/brave-core@24328

Description

This PR implements WebUI support for the Brave Wallet on iOS, specifically for the Send and Swap functionality. It adds new files, modifies existing ones, and integrates the Brave Wallet UI into the iOS app architecture.

Changes

Changes

1. browser/ui/webui/brave_wallet/:

   • Added new files for handling Brave Wallet WebUI on iOS, including brave_wallet_page_ui.h/mm, nft_ui.h/mm, wallet_common_ui.h/mm, wallet_handler.h/mm, and wallet_page_handler.h/mm.
   • These files set up the necessary infrastructure for the Brave Wallet WebUI on iOS.

2. browser/ui/webui/:

   • Modified brave_web_ui_controller_factory.mm to include the new Brave Wallet WebUI controllers.
   • Added brave_webui_data_source.h/mm to handle WebUI data sources for Brave on iOS.

3. components/brave_wallet/browser/brave_wallet_constants.cc/h:

   • Added new functions GetWalletFrameSrcCSP() and GetWalletImgSrcCSP() to handle Content Security Policy for the Wallet UI.

4. components/brave_wallet_ui/:

   • Modified several files to support iOS-specific functionality and adjust imports.

5. ios/brave-ios/Sources/BraveWallet/:

   • Added new Swift files for the WebUI implementation of Send and Swap functionality.

6. ios/browser/:

   • Added and modified files to support Brave Wallet features on iOS, including new feature flags.

7. chromium_src/:

   • Added and modified several files to integrate Brave Wallet functionality into the Chromium base on iOS.

Possible Issues

1. The implementation adds new untrusted schemes and modifies Content Security Policies, which could potentially introduce security risks if not properly configured.
2. The changes to the build system (GN files) might affect the build process for other platforms or configurations.

Security Hotspots

1. The addition of chrome-untrusted scheme in ios/chrome/browser/shared/model/browser_state/chrome_browser_state.mm could potentially be a security risk if not properly restricted.
2. Modifications to Content Security Policies in various files (e.g., brave_wallet_constants.cc, brave_webui_data_source.mm) should be carefully reviewed to ensure they don't introduce vulnerabilities.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[bridiver]

it looks like a lot of this stuff is copied from URLDataSource which we should not be doing because it's very fragile.

[bridiver]

why are we creating our own implementation in the base class instead of URLDataSourceIOSImpl?

[bridiver]

I have serious concerns with this approach of copying code from content WebUIDataSource to ios. We can discuss options in slack.

[bridiver]

why are these in constants? There are some other methods already in here that don't make sense in a constants.h file, but I would put these in some kind of helper specific to the relevant webui.

[bridiver]

why are we creating constants in brave wallet for generic CSP directives?

[bridiver]

same as above, a constant for chrome://resources does not belong in brave_wallet_constants

[bridiver]

doesn't this enable mojo bindings? https://source.chromium.org/chromium/chromium/src/+/main:ios/web/webui/web_ui_messaging_java_script_feature.mm;l=47