feat(express): decouple signer node data update from init wallet

saravanan7mani · saravanan7mani · commit a99c3091ae7f · 2025-02-26T01:57:18.000+05:30
few more Ticket: BTC-1866
diff --git a/modules/express/src/lightning/codecs.ts b/modules/express/src/lightning/codecs.ts
@@ -36,11 +36,8 @@ export const InitLightningWalletRequest = t.intersection(
   [
     t.strict({
       passphrase: t.string,
-      signerHost: t.string,
-      signerTlsCert: t.string,
     }),
     t.partial({
-      signerTlsKey: t.string,
       expressHost: t.string,
     }),
   ],
@@ -49,11 +46,15 @@ export const InitLightningWalletRequest = t.intersection(
 
 export type InitLightningWalletRequest = t.TypeOf<typeof InitLightningWalletRequest>;
 
-export const CreateSignerMacaroonRequest = t.strict(
-  {
-    passphrase: t.string,
-    watchOnlyIp: t.string,
-  },
+export const CreateSignerMacaroonRequest = t.intersection(
+  [
+    t.strict({
+      passphrase: t.string,
+    }),
+    t.partial({
+      watchOnlyIp: t.string,
+    }),
+  ],
   'CreateSignerMacaroonRequest'
 );
 
diff --git a/modules/express/src/lightning/lightningSignerRoutes.ts b/modules/express/src/lightning/lightningSignerRoutes.ts
@@ -25,13 +25,15 @@ import { ApiResponseError } from '../errors';
 type Decrypt = (params: { input: string; password: string }) => string;
 
 async function createSignerMacaroon(
-  watchOnlyIp: string,
+  lndSignerClient: LndSignerClient,
   header: { adminMacaroonHex: string },
-  lndSignerClient: LndSignerClient
-) {
+  watchOnlyIp?: string
+): Promise<string> {
   const { macaroon } = await lndSignerClient.bakeMacaroon({ permissions: signerMacaroonPermissions }, header);
-  const macaroonBase64 = addIPCaveatToMacaroon(Buffer.from(macaroon, 'hex').toString('base64'), watchOnlyIp);
-  return Buffer.from(macaroonBase64, 'base64').toString('hex');
+  const macaroonBase64 = watchOnlyIp
+    ? addIPCaveatToMacaroon(Buffer.from(macaroon, 'hex').toString('base64'), watchOnlyIp)
+    : undefined;
+  return macaroonBase64 ? Buffer.from(macaroonBase64, 'base64').toString('hex') : macaroon;
 }
 
 function getSignerRootKey(
@@ -71,7 +73,7 @@ export async function handleInitLightningWallet(req: express.Request): Promise<u
     throw new ApiResponseError(`Invalid wallet id: ${walletId}`, 400);
   }
 
-  const { passphrase, signerTlsKey, signerTlsCert, signerHost, expressHost } = decodeOrElse(
+  const { passphrase, expressHost } = decodeOrElse(
     InitLightningWalletRequest.name,
     InitLightningWalletRequest,
     req.body,
@@ -104,15 +106,11 @@ export async function handleInitLightningWallet(req: express.Request): Promise<u
     input: expressHost && !!isIP(expressHost) ? addIPCaveatToMacaroon(adminMacaroon, expressHost) : adminMacaroon,
   });
   const watchOnlyAccounts = createWatchOnly(signerRootKey, network);
-  const encryptedSignerTlsKey = signerTlsKey ? bitgo.encrypt({ password: passphrase, input: signerTlsKey }) : undefined;
 
   return await lightningWallet.updateWalletCoinSpecific(
     {
       encryptedSignerAdminMacaroon,
-      signerHost,
-      signerTlsCert,
       watchOnlyAccounts,
-      ...(encryptedSignerTlsKey && { encryptedSignerTlsKey }),
     },
     passphrase
   );
@@ -143,7 +141,7 @@ export async function handleCreateSignerMacaroon(req: express.Request): Promise<
     }
   );
 
-  if (!isIP(watchOnlyIp)) {
+  if (watchOnlyIp !== undefined && !isIP(watchOnlyIp)) {
     throw new ApiResponseError(`Invalid IP address: ${watchOnlyIp}`, 400);
   }
 
@@ -164,9 +162,9 @@ export async function handleCreateSignerMacaroon(req: express.Request): Promise<
   const { userAuthKey } = await lightningWallet.getLightningAuthKeychains();
 
   const signerMacaroon = await createSignerMacaroon(
-    watchOnlyIp,
+    lndSignerClient,
     { adminMacaroonHex: Buffer.from(adminMacaroon, 'base64').toString('hex') },
-    lndSignerClient
+    watchOnlyIp
   );
 
   const userAuthXprv = bitgo.decrypt({
diff --git a/modules/express/test/unit/clientRoutes/lightning/lightningSignerFixture.ts b/modules/express/test/unit/clientRoutes/lightning/lightningSignerFixture.ts
@@ -2,11 +2,6 @@ export const apiData = {
   initWalletRequestBody: {
     passphrase: 'password123',
     expressHost: '127.0.0.1',
-    signerHost: '127.0.0.1',
-    signerTlsCert:
-      'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNQRENDQWVLZ0F3SUJBZ0lSQU02TEFoaGxOMGo4ZlhxV2dLTWdENmN3Q2dZSUtvWkl6ajBFQXdJd09ERWYKTUIwR0ExVUVDaE1XYkc1a0lHRjFkRzluWlc1bGNtRjBaV1FnWTJWeWRERVZNQk1HQTFVRUF4TU1aV1UxTVdZeApOREV4TUdVMk1CNFhEVEkwTURneE9ERXlNVE14TWxvWERUSTFNVEF4TXpFeU1UTXhNbG93T0RFZk1CMEdBMVVFCkNoTVdiRzVrSUdGMWRHOW5aVzVsY21GMFpXUWdZMlZ5ZERFVk1CTUdBMVVFQXhNTVpXVTFNV1l4TkRFeE1HVTIKTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFclA0d2NXWFEwUWFFazhsVFNVTXBCa1d3ditFbQpxNTNyOWVSeVJUOTRkZGdVR0tTMFlRK0liZzFseVBRU3hiN0dXYloyWG9GUFdiK1VOM0lFMVlMQ2thT0J6RENCCnlUQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0V3WURWUjBsQkF3d0NnWUlLd1lCQlFVSEF3RXdEd1lEVlIwVEFRSC8KQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVb3JmUkNVQytmaUNjZlE4cEhEUTFWaE1uMXBBd2NnWURWUjBSQkdzdwphWUlNWldVMU1XWXhOREV4TUdVMmdnbHNiMk5oYkdodmMzU0NDbk5wWjI1bGNtNXZaR1dDQ1d4dlkyRnNhRzl6CmRJSUVkVzVwZUlJS2RXNXBlSEJoWTJ0bGRJSUhZblZtWTI5dWJvY0Vmd0FBQVljUUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFZY0VyQlFBQWpBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlFQXJuQ0xRTlgzeDZ1NjhIM2xCOG9wOUFKaApBd2RrUjhXOXNSaUZnZDJKM2tZQ0lHczFOVGM0T0toRzByNzVHUWpXb2x0SkJyOUtjWWVyR1V3aklCaCtvZ1h0Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K',
-    signerTlsKey:
-      'LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUFFamQ0Qng3M3VPYllGSW42VlZpZTJmeG9lbXVYZFBob2FkS2JscHpnaTBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFclA0d2NXWFEwUWFFazhsVFNVTXBCa1d3ditFbXE1M3I5ZVJ5UlQ5NGRkZ1VHS1MwWVErSQpiZzFseVBRU3hiN0dXYloyWG9GUFdiK1VOM0lFMVlMQ2tRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=',
   },
   signerMacaroonRequestBody: {
     passphrase: 'password123',
diff --git a/modules/express/test/unit/clientRoutes/lightning/lightningSignerRoutes.ts b/modules/express/test/unit/clientRoutes/lightning/lightningSignerRoutes.ts
@@ -63,7 +63,7 @@ describe('Lightning signer routes', () => {
         bitgo: bitgo,
         body: includingOptionalFields
           ? apiData.initWalletRequestBody
-          : { ...apiData.initWalletRequestBody, signerTlsKey: undefined },
+          : { ...apiData.initWalletRequestBody, expressHost: undefined },
         params: {
           coin: 'tlnbtc',
           id: 'fakeid',
@@ -84,6 +84,49 @@ describe('Lightning signer routes', () => {
     });
   }
 
+  for (const includingOptionalFields of [true, false]) {
+    it(`should create signer macaroon ${includingOptionalFields ? 'with' : 'without'} optional fields`, async () => {
+      const readFileStub = sinon.stub(fs.promises, 'readFile').resolves(JSON.stringify(lightningSignerConfigs));
+      const wpWalletnock = nock(bgUrl).get(`/api/v2/tlnbtc/wallet/${apiData.wallet.id}`).reply(200, apiData.wallet);
+
+      const wpKeychainNocks = [
+        nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.userAuthKey.id}`).reply(200, apiData.userAuthKey),
+        nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.nodeAuthKey.id}`).reply(200, apiData.nodeAuthKey),
+        nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.userAuthKey.id}`).reply(200, apiData.userAuthKey),
+        nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.nodeAuthKey.id}`).reply(200, apiData.nodeAuthKey),
+      ];
+
+      const signerMacaroon = nock(lightningSignerConfigs.fakeid.url)
+        .post(`/v1/macaroon`)
+        .reply(200, signerApiData.bakeMacaroon);
+
+      const wpWalletUpdateNock = nock(bgUrl).put(`/api/v2/tlnbtc/wallet/${apiData.wallet.id}`).reply(200);
+
+      const req = {
+        bitgo: bitgo,
+        body: includingOptionalFields
+          ? apiData.signerMacaroonRequestBody
+          : { ...apiData.signerMacaroonRequestBody, watchOnlyIp: undefined },
+        params: {
+          coin: 'tlnbtc',
+          id: 'fakeid',
+        },
+        config: {
+          lightningSignerFileSystemPath: 'lightningSignerFileSystemPath',
+        },
+      } as unknown as express.Request;
+
+      await handleCreateSignerMacaroon(req);
+
+      wpWalletUpdateNock.done();
+      signerMacaroon.done();
+      wpKeychainNocks.forEach((s) => s.done());
+      wpWalletnock.done();
+      readFileStub.calledOnceWith('lightningSignerFileSystemPath').should.be.true();
+      readFileStub.restore();
+    });
+  }
+
   it('should get signer wallet state', async () => {
     const readFileStub = sinon.stub(fs.promises, 'readFile').resolves(JSON.stringify(lightningSignerConfigs));
     const walletStateNock = nock(lightningSignerConfigs.fakeid.url)
@@ -92,7 +135,6 @@ describe('Lightning signer routes', () => {
 
     const req = {
       bitgo: bitgo,
-      body: apiData.signerMacaroonRequestBody,
       params: {
         coin: 'tlnbtc',
         id: apiData.wallet.id,
@@ -109,45 +151,6 @@ describe('Lightning signer routes', () => {
     readFileStub.restore();
   });
 
-  it('should create signer macaroon', async () => {
-    const readFileStub = sinon.stub(fs.promises, 'readFile').resolves(JSON.stringify(lightningSignerConfigs));
-    const wpWalletnock = nock(bgUrl).get(`/api/v2/tlnbtc/wallet/${apiData.wallet.id}`).reply(200, apiData.wallet);
-
-    const wpKeychainNocks = [
-      nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.userAuthKey.id}`).reply(200, apiData.userAuthKey),
-      nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.nodeAuthKey.id}`).reply(200, apiData.nodeAuthKey),
-      nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.userAuthKey.id}`).reply(200, apiData.userAuthKey),
-      nock(bgUrl).get(`/api/v2/tlnbtc/key/${apiData.nodeAuthKey.id}`).reply(200, apiData.nodeAuthKey),
-    ];
-
-    const signerMacaroon = nock(lightningSignerConfigs.fakeid.url)
-      .post(`/v1/macaroon`)
-      .reply(200, signerApiData.bakeMacaroon);
-
-    const wpWalletUpdateNock = nock(bgUrl).put(`/api/v2/tlnbtc/wallet/${apiData.wallet.id}`).reply(200);
-
-    const req = {
-      bitgo: bitgo,
-      body: apiData.signerMacaroonRequestBody,
-      params: {
-        coin: 'tlnbtc',
-        id: 'fakeid',
-      },
-      config: {
-        lightningSignerFileSystemPath: 'lightningSignerFileSystemPath',
-      },
-    } as unknown as express.Request;
-
-    await handleCreateSignerMacaroon(req);
-
-    wpWalletUpdateNock.done();
-    signerMacaroon.done();
-    wpKeychainNocks.forEach((s) => s.done());
-    wpWalletnock.done();
-    readFileStub.calledOnceWith('lightningSignerFileSystemPath').should.be.true();
-    readFileStub.restore();
-  });
-
   it('should unlock lightning wallet', async () => {
     const readFileStub = sinon.stub(fs.promises, 'readFile').resolves(JSON.stringify(lightningSignerConfigs));
 
