feat(express): migrated ofcSignPayload to typed routes

danielzhao122 · danielzhao122 · commit cbf3084f1d48 · 2025-09-24T16:32:14.000-04:00
TICKET: WP-5443
diff --git a/modules/express/src/clientRoutes.ts b/modules/express/src/clientRoutes.ts
@@ -62,7 +62,6 @@ import { handleLightningWithdraw } from './lightning/lightningWithdrawRoutes';
 import createExpressRouter from './typedRoutes';
 import { ExpressApiRouteRequest } from './typedRoutes/api';
 import { TypedRequestHandler, WrappedRequest, WrappedResponse } from '@api-ts/typed-express-router';
-import { isJsonString } from './utils';
 
 const { version } = require('bitgo/package.json');
 const pjson = require('../package.json');
@@ -590,10 +589,10 @@ export async function handleV2OFCSignPayloadInExtSigningMode(
   }
 }
 
-export async function handleV2OFCSignPayload(req: express.Request): Promise<{ payload: string; signature: string }> {
-  const walletId = req.body.walletId;
-  const payload = req.body.payload;
-  const bodyWalletPassphrase = req.body.walletPassphrase;
+export async function handleV2OFCSignPayload(
+  req: ExpressApiRouteRequest<'express.ofc.signPayload', 'post'>
+): Promise<{ payload: string; signature: string }> {
+  const { walletId, payload, walletPassphrase: bodyWalletPassphrase } = req.decoded;
   const ofcCoinName = 'ofc';
 
   // If the externalSignerUrl is set, forward the request to the express server hosted on the externalSignerUrl
@@ -612,14 +611,6 @@ export async function handleV2OFCSignPayload(req: express.Request): Promise<{ pa
     return payloadWithSignature;
   }
 
-  if (!payload) {
-    throw new ApiResponseError('Missing required field: payload', 400);
-  }
-
-  if (!walletId) {
-    throw new ApiResponseError('Missing required field: walletId', 400);
-  }
-
   const bitgo = req.bitgo;
 
   // This is to set us up for multiple trading accounts per enterprise
@@ -631,7 +622,7 @@ export async function handleV2OFCSignPayload(req: express.Request): Promise<{ pa
 
   const walletPassphrase = bodyWalletPassphrase || getWalletPwFromEnv(wallet.id());
   const tradingAccount = wallet.toTradingAccount();
-  const stringifiedPayload = isJsonString(req.body.payload) ? req.body.payload : JSON.stringify(req.body.payload);
+  const stringifiedPayload = JSON.stringify(payload);
   const signature = await tradingAccount.signPayload({
     payload: stringifiedPayload,
     walletPassphrase,
@@ -1637,7 +1628,7 @@ export function setupAPIRoutes(app: express.Application, config: Config): void {
   );
 
   // sign arbitrary payloads w/ trading account key
-  app.post(`/api/v2/ofc/signPayload`, parseBody, prepareBitGo(config), promiseWrapper(handleV2OFCSignPayload));
+  router.post('express.ofc.signPayload', [prepareBitGo(config), typedPromiseWrapper(handleV2OFCSignPayload)]);
 
   // sign transaction
   app.post('/api/v2/:coin/signtx', parseBody, prepareBitGo(config), promiseWrapper(handleV2SignTx));
diff --git a/modules/express/src/typedRoutes/api/index.ts b/modules/express/src/typedRoutes/api/index.ts
@@ -16,6 +16,7 @@ import { PostSignTransaction } from './v1/signTransaction';
 import { PostKeychainLocal } from './v2/keychainLocal';
 import { PostLightningInitWallet } from './v2/lightningInitWallet';
 import { PostVerifyCoinAddress } from './v2/verifyAddress';
+import { PostOfcSignPayload } from './v2/ofcSignPayload';
 
 export const ExpressApi = apiSpec({
   'express.ping': {
@@ -60,6 +61,9 @@ export const ExpressApi = apiSpec({
   'express.calculateminerfeeinfo': {
     post: PostCalculateMinerFeeInfo,
   },
+  'express.ofc.signPayload': {
+    post: PostOfcSignPayload,
+  },
 });
 
 export type ExpressApi = typeof ExpressApi;
diff --git a/modules/express/src/typedRoutes/api/v2/ofcSignPayload.ts b/modules/express/src/typedRoutes/api/v2/ofcSignPayload.ts
@@ -0,0 +1,45 @@
+import * as t from 'io-ts';
+import { Json, NonEmptyString, JsonFromString } from 'io-ts-types';
+import { httpRoute, httpRequest, optional } from '@api-ts/io-ts-http';
+import { BitgoExpressError } from '../../schemas/error';
+
+/**
+ * Sign an arbitrary payload using an OFC trading account key.
+ */
+export const OfcSignPayloadBody = {
+  /** The ID of the OFC wallet to sign the payload with. */
+  walletId: NonEmptyString,
+  /** The payload to sign. Will always decode into a JSON object. */
+  payload: t.union([Json, t.string.pipe(JsonFromString)]),
+  /** The passphrase to decrypt the user key. */
+  walletPassphrase: optional(t.string),
+};
+
+export const OfcSignPayloadResponse200 = t.type({
+  /** The string form of the JSON payload that was signed. */
+  payload: t.string,
+  /** Hex-encoded signature generated by the trading account key. */
+  signature: t.string,
+});
+
+/**
+ * Response for signing an arbitrary payload with an OFC wallet key.
+ */
+export const OfcSignPayloadResponse = {
+  /** Signed payload and signature */
+  200: OfcSignPayloadResponse200,
+  /** BitGo Express error payload. */
+  400: BitgoExpressError,
+} as const;
+
+/**
+ * Request body for signing an arbitrary payload with an OFC wallet key.
+ *
+ * @operationId express.ofc.signPayload
+ */
+export const PostOfcSignPayload = httpRoute({
+  path: '/api/v2/ofc/signPayload',
+  method: 'POST',
+  request: httpRequest({ body: OfcSignPayloadBody }),
+  response: OfcSignPayloadResponse,
+});
diff --git a/modules/express/test/unit/clientRoutes/signPayload.ts b/modules/express/test/unit/clientRoutes/signPayload.ts
@@ -5,9 +5,11 @@ import 'should';
 import * as fs from 'fs';
 import { Request } from 'express';
 import { BitGo, Coin, BaseCoin, Wallet, Wallets } from 'bitgo';
-
 import '../../lib/asserts';
 import { handleV2OFCSignPayload, handleV2OFCSignPayloadInExtSigningMode } from '../../../src/clientRoutes';
+import { ExpressApiRouteRequest } from '../../../src/typedRoutes/api';
+import { OfcSignPayloadResponse } from '../../../src/typedRoutes/api/v2/ofcSignPayload';
+import { decodeOrElse } from '@bitgo/sdk-core';
 
 describe('Sign an arbitrary payload with trading account key', function () {
   const coin = 'ofc';
@@ -53,8 +55,12 @@ describe('Sign an arbitrary payload with trading account key', function () {
         payload,
         walletId,
       },
+      decoded: {
+        walletId,
+        payload,
+      },
       query: {},
-    } as unknown as Request;
+    } as unknown as ExpressApiRouteRequest<'express.ofc.signPayload', 'post'>;
     await handleV2OFCSignPayload(req).should.be.resolvedWith(expectedResponse);
   });
   it('should return a signed payload with type as json string', async function () {
@@ -68,10 +74,38 @@ describe('Sign an arbitrary payload with trading account key', function () {
         payload: stringifiedPayload,
         walletId,
       },
+      decoded: {
+        walletId,
+        payload,
+      },
       query: {},
-    } as unknown as Request;
+    } as unknown as ExpressApiRouteRequest<'express.ofc.signPayload', 'post'>;
     await handleV2OFCSignPayload(req).should.be.resolvedWith(expectedResponse);
   });
+  it('should decode handler response with OfcSignPayloadResponse codec', async function () {
+    const expected = {
+      payload: JSON.stringify(payload),
+      signature,
+    };
+    const req = {
+      bitgo: bitGoStub,
+      body: {
+        walletId,
+        payload,
+      },
+      decoded: {
+        walletId,
+        payload,
+      },
+    } as unknown as ExpressApiRouteRequest<'express.ofc.signPayload', 'post'>;
+
+    const result = await handleV2OFCSignPayload(req);
+    decodeOrElse('OfcSignPayloadResponse200', OfcSignPayloadResponse[200], result, (_) => {
+      throw new Error(`Response did not match expected codec`);
+    });
+    result.should.eql(expected);
+    OfcSignPayloadResponse[200].is(result).should.be.true();
+  });
 });
 
 describe('With the handler to sign an arbitrary payload in external signing mode', () => {
diff --git a/modules/express/test/unit/typedRoutes/decode.ts b/modules/express/test/unit/typedRoutes/decode.ts
@@ -11,6 +11,7 @@ import {
   LightningInitWalletBody,
   LightningInitWalletParams,
 } from '../../../src/typedRoutes/api/v2/lightningInitWallet';
+import { OfcSignPayloadBody } from '../../../src/typedRoutes/api/v2/ofcSignPayload';
 
 export function assertDecode<T>(codec: t.Type<T, unknown>, input: unknown): T {
   const result = codec.decode(input);
@@ -174,4 +175,36 @@ describe('io-ts decode tests', function () {
     // valid with expressHost
     assertDecode(t.type(LightningInitWalletBody), { passphrase: 'p', expressHost: 'host.example' });
   });
+  it('express.ofc.signPayload', function () {
+    // missing walletId
+    assert.throws(() =>
+      assertDecode(t.type(OfcSignPayloadBody), {
+        payload: { a: 1 },
+      })
+    );
+    // empty walletId
+    assert.throws(() =>
+      assertDecode(t.type(OfcSignPayloadBody), {
+        walletId: '',
+        payload: { a: 1 },
+      })
+    );
+    // missing payload
+    assert.throws(() =>
+      assertDecode(t.type(OfcSignPayloadBody), {
+        walletId: 'w1',
+      })
+    );
+    // valid minimal
+    assertDecode(t.type(OfcSignPayloadBody), {
+      walletId: 'w1',
+      payload: { a: 1 },
+    });
+    // valid with nested and optional passphrase
+    assertDecode(t.type(OfcSignPayloadBody), {
+      walletId: 'w1',
+      payload: { nested: ['x', { y: true }] },
+      walletPassphrase: 'secret',
+    });
+  });
 });
