Merge pull request #6724 from BitGo/WP-5410-Migrate-pendingapprovals-express-to-typed-routes

feat(express): typed-router for pendingApprovals

Author: rahulhegde-bitgo

modules/express/src/clientRoutes.ts

@@ -239,7 +239,7 @@ function handleAcceptShare(req: ExpressApiRouteRequest<'express.v1.wallet.accept
  * @deprecated
  * @param req
  */
-function handleApproveTransaction(req: express.Request) {
+function handleApproveTransaction(req: ExpressApiRouteRequest<'express.v1.pendingapprovals', 'put'>) {
   const params = req.body || {};
   return req.bitgo
     .pendingApprovals()
@@ -1598,12 +1598,8 @@ export function setupAPIRoutes(app: express.Application, config: Config): void {
   app.post('/api/v1/wallet/:id/simpleshare', parseBody, prepareBitGo(config), promiseWrapper(handleShareWallet));
   router.post('express.v1.wallet.acceptShare', [prepareBitGo(config), typedPromiseWrapper(handleAcceptShare)]);
 
-  app.put(
-    '/api/v1/pendingapprovals/:id/express',
-    parseBody,
-    prepareBitGo(config),
-    promiseWrapper(handleApproveTransaction)
-  );
+  router.put('express.v1.pendingapprovals', [prepareBitGo(config), typedPromiseWrapper(handleApproveTransaction)]);
+
   app.put(
     '/api/v1/pendingapprovals/:id/constructTx',
     parseBody,

modules/express/src/typedRoutes/api/index.ts

@@ -9,7 +9,7 @@ import { PostDecrypt } from './common/decrypt';
 import { PostVerifyAddress } from './common/verifyAddress';
 import { PostAcceptShare } from './common/acceptShare';
 import { PostSimpleCreate } from './v1/simpleCreate';
-
+import { PutPendingApproval } from './v1/pendingApproval';
 export const ExpressApi = apiSpec({
   'express.ping': {
     get: GetPing,
@@ -32,6 +32,9 @@ export const ExpressApi = apiSpec({
   'express.v1.wallet.simplecreate': {
     post: PostSimpleCreate,
   },
+  'express.v1.pendingapprovals': {
+    put: PutPendingApproval,
+  },
 });
 
 export type ExpressApi = typeof ExpressApi;

modules/express/src/typedRoutes/api/v1/pendingApproval.ts

@@ -0,0 +1,35 @@
+import * as t from 'io-ts';
+import { httpRoute, httpRequest, optional } from '@api-ts/io-ts-http';
+import { BitgoExpressError } from '../../schemas/error';
+
+export const pendingApprovalRequestParams = {
+  id: t.string,
+};
+
+export const pendingApprovalRequestBody = {
+  walletPassphrase: optional(t.string),
+  otp: optional(t.string),
+  tx: optional(t.string),
+  xprv: optional(t.string),
+  previewPendingTxs: optional(t.boolean),
+  pendingApprovalId: optional(t.string),
+};
+
+/**
+ * Pending approval request
+ *
+ * @operationId express.v1.pendingapprovals
+ */
+
+export const PutPendingApproval = httpRoute({
+  path: '/api/v1/pendingapprovals/:id/express',
+  method: 'PUT',
+  request: httpRequest({
+    params: pendingApprovalRequestParams,
+    body: pendingApprovalRequestBody,
+  }),
+  response: {
+    200: t.UnknownRecord,
+    400: BitgoExpressError,
+  },
+});

modules/express/test/unit/typedRoutes/common.ts

@@ -0,0 +1,11 @@
+import * as assert from 'assert';
+import * as t from 'io-ts';
+
+export function assertDecode<T>(codec: t.Type<T, unknown>, input: unknown): T {
+  const result = codec.decode(input);
+  if (result._tag === 'Left') {
+    const errors = JSON.stringify(result.left, null, 2);
+    assert.fail(`Decode failed with errors:\n${errors}`);
+  }
+  return result.right;
+}

modules/express/test/unit/typedRoutes/pendingApproval.ts

@@ -0,0 +1,207 @@
+import * as assert from 'assert';
+import * as t from 'io-ts';
+import {
+  pendingApprovalRequestParams,
+  pendingApprovalRequestBody,
+  PutPendingApproval,
+} from '../../../src/typedRoutes/api/v1/pendingApproval';
+import { assertDecode } from './common';
+/**
+ * Helper function to test io-ts codec decoding
+ */
+
+describe('PendingApproval codec tests', function () {
+  describe('pendingApprovalRequestParams', function () {
+    it('should validate valid params', function () {
+      const validParams = {
+        id: '123456789abcdef',
+      };
+
+      const decoded = assertDecode(t.type(pendingApprovalRequestParams), validParams);
+      assert.strictEqual(decoded.id, validParams.id);
+    });
+
+    it('should reject params with missing id', function () {
+      const invalidParams = {};
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestParams), invalidParams);
+      });
+    });
+
+    it('should reject params with non-string id', function () {
+      const invalidParams = {
+        id: 12345, // number instead of string
+      };
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestParams), invalidParams);
+      });
+    });
+  });
+
+  describe('pendingApprovalRequestBody', function () {
+    it('should validate body with all fields', function () {
+      const validBody = {
+        walletPassphrase: 'mySecurePassword',
+        otp: '123456',
+        tx: 'transactionHexString',
+        xprv: 'xprvString',
+        previewPendingTxs: true,
+        pendingApprovalId: 'pendingApproval123',
+      };
+
+      const decoded = assertDecode(t.type(pendingApprovalRequestBody), validBody);
+      assert.strictEqual(decoded.walletPassphrase, validBody.walletPassphrase);
+      assert.strictEqual(decoded.otp, validBody.otp);
+      assert.strictEqual(decoded.tx, validBody.tx);
+      assert.strictEqual(decoded.xprv, validBody.xprv);
+      assert.strictEqual(decoded.previewPendingTxs, validBody.previewPendingTxs);
+      assert.strictEqual(decoded.pendingApprovalId, validBody.pendingApprovalId);
+    });
+
+    it('should validate body with no fields (all optional)', function () {
+      const validBody = {};
+
+      const decoded = assertDecode(t.type(pendingApprovalRequestBody), validBody);
+      assert.strictEqual(decoded.walletPassphrase, undefined);
+      assert.strictEqual(decoded.otp, undefined);
+      assert.strictEqual(decoded.tx, undefined);
+      assert.strictEqual(decoded.xprv, undefined);
+      assert.strictEqual(decoded.previewPendingTxs, undefined);
+      assert.strictEqual(decoded.pendingApprovalId, undefined);
+    });
+
+    it('should validate body with some fields', function () {
+      const validBody = {
+        walletPassphrase: 'mySecurePassword',
+        otp: '123456',
+      };
+
+      const decoded = assertDecode(t.type(pendingApprovalRequestBody), validBody);
+      assert.strictEqual(decoded.walletPassphrase, validBody.walletPassphrase);
+      assert.strictEqual(decoded.otp, validBody.otp);
+      assert.strictEqual(decoded.tx, undefined);
+      assert.strictEqual(decoded.xprv, undefined);
+      assert.strictEqual(decoded.previewPendingTxs, undefined);
+      assert.strictEqual(decoded.pendingApprovalId, undefined);
+    });
+
+    it('should reject body with non-string walletPassphrase', function () {
+      const invalidBody = {
+        walletPassphrase: 12345, // number instead of string
+      };
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestBody), invalidBody);
+      });
+    });
+
+    it('should reject body with non-string otp', function () {
+      const invalidBody = {
+        otp: 123456, // number instead of string
+      };
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestBody), invalidBody);
+      });
+    });
+
+    it('should reject body with non-string tx', function () {
+      const invalidBody = {
+        tx: 12345, // number instead of string
+      };
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestBody), invalidBody);
+      });
+    });
+
+    it('should reject body with non-string xprv', function () {
+      const invalidBody = {
+        xprv: 12345, // number instead of string
+      };
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestBody), invalidBody);
+      });
+    });
+
+    it('should reject body with non-boolean previewPendingTxs', function () {
+      const invalidBody = {
+        previewPendingTxs: 'true', // string instead of boolean
+      };
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestBody), invalidBody);
+      });
+    });
+
+    it('should reject body with non-string pendingApprovalId', function () {
+      const invalidBody = {
+        pendingApprovalId: 12345, // number instead of string
+      };
+
+      assert.throws(() => {
+        assertDecode(t.type(pendingApprovalRequestBody), invalidBody);
+      });
+    });
+  });
+
+  describe('Edge cases', function () {
+    it('should handle empty strings for string fields', function () {
+      const body = {
+        walletPassphrase: '',
+        otp: '',
+        tx: '',
+        xprv: '',
+        pendingApprovalId: '',
+      };
+
+      const decoded = assertDecode(t.type(pendingApprovalRequestBody), body);
+      assert.strictEqual(decoded.walletPassphrase, '');
+      assert.strictEqual(decoded.otp, '');
+      assert.strictEqual(decoded.tx, '');
+      assert.strictEqual(decoded.xprv, '');
+      assert.strictEqual(decoded.pendingApprovalId, '');
+    });
+
+    it('should handle additional unknown properties', function () {
+      const body = {
+        walletPassphrase: 'mySecurePassword',
+        unknownProperty: 'some value',
+      };
+
+      // io-ts with t.exact() strips out additional properties
+      const decoded = assertDecode(t.exact(t.type(pendingApprovalRequestBody)), body);
+      assert.strictEqual(decoded.walletPassphrase, 'mySecurePassword');
+      // @ts-expect-error - unknownProperty doesn't exist on the type
+      assert.strictEqual(decoded.unknownProperty, undefined);
+    });
+  });
+
+  describe('PutPendingApproval route definition', function () {
+    it('should have the correct path', function () {
+      assert.strictEqual(PutPendingApproval.path, '/api/v1/pendingapprovals/:id/express');
+    });
+
+    it('should have the correct HTTP method', function () {
+      assert.strictEqual(PutPendingApproval.method, 'PUT');
+    });
+
+    it('should have the correct request configuration', function () {
+      // Verify the route is configured with a request property
+      assert.ok(PutPendingApproval.request);
+
+      // The request is created using httpRequest which takes params and body
+      // We can't directly access these properties in the test, but we can verify
+      // the request exists
+    });
+
+    it('should have the correct response types', function () {
+      // Check that the response object has the expected status codes
+      assert.ok(PutPendingApproval.response[200]);
+      assert.ok(PutPendingApproval.response[400]);
+    });
+  });
+});