feat: add README to test it with master express

pranavjain97 · pranavjain97 · commit 442c3ce52ef3 · 2025-05-21T14:50:32.000-04:00
Ticket: WP-4352
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
-dist/
+dist/
+node_modules/
diff --git a/LICENSE b/LICENSE
diff --git a/README.md b/README.md
@@ -1,2 +1,120 @@
-# enclaved-bitgo-express
-Enclaved BitGo Express for Advanced Key Management
+# Enclaved Express
+
+Enclaved Express is a secure signer implementation for cryptocurrency operations. It's designed to run in a secure enclave environment with flexible security options.
+
+## Overview
+
+This module provides a lightweight, dedicated signing server with these features:
+
+- Focused on signing operations only - no BitGo API dependencies
+- Optional TLS security for secure connections
+- Client certificate validation when operating in mTLS mode
+- Simple configuration and deployment
+
+## Supported Operations
+
+Currently, the following operations are supported:
+
+- `/ping` - Health check endpoint
+
+## Configuration
+
+Configuration is done via environment variables:
+
+### Network Settings
+
+- `PORT` - Port to listen on (default: 3080)
+- `BIND` - Address to bind to (default: localhost)
+- `TIMEOUT` - Request timeout in milliseconds (default: 305000)
+
+### TLS Settings
+
+- `MASTER_BITGO_EXPRESS_KEYPATH` - Path to server key file (required for TLS)
+- `MASTER_BITGO_EXPRESS_CRTPATH` - Path to server certificate file (required for TLS)
+- `MTLS_ENABLED` - Enable mTLS mode (default: false)
+- `MTLS_REQUEST_CERT` - Whether to request client certificates (default: false)
+- `MTLS_REJECT_UNAUTHORIZED` - Whether to reject unauthorized connections (default: false)
+- `MTLS_ALLOWED_CLIENT_FINGERPRINTS` - Comma-separated list of allowed client certificate fingerprints (optional)
+
+### Other Settings
+
+- `LOGFILE` - Path to log file (optional)
+- `DEBUG` - Debug namespaces to enable (e.g., 'enclaved:*')
+
+## Running Enclaved Express
+
+### Basic Setup (HTTP only)
+
+```bash
+yarn start --port 3080
+```
+
+### TLS Setup (with mTLS)
+
+For testing purposes, you can use self-signed certificates with relaxed verification:
+
+```bash
+MASTER_BITGO_EXPRESS_KEYPATH=./test-ssl-key.pem \
+MASTER_BITGO_EXPRESS_CRTPATH=./test-ssl-cert.pem \
+MTLS_ENABLED=true \
+MTLS_REQUEST_CERT=true \
+MTLS_REJECT_UNAUTHORIZED=false \
+yarn start --port 3080
+```
+
+### Connecting from Regular Express
+
+To connect to Enclaved Express from the regular Express server:
+
+```bash
+yarn start --port 4000 \
+  --enclavedExpressUrl='https://localhost:3080' \
+  --enclavedExpressSSLCert='./test-ssl-cert.pem' \
+  --disableproxy \
+  --debug
+```
+
+## Understanding mTLS Configuration
+
+### Server Side (Enclaved Express)
+- Uses both certificate and key files
+- The key file (`test-ssl-key.pem`) is used to prove the server's identity
+- The certificate file (`test-ssl-cert.pem`) is what the server presents to clients
+
+### Client Side (Regular Express)
+- For testing, only needs the server's certificate
+- `rejectUnauthorized: false` allows testing without strict certificate verification
+- In production, proper client certificates should be used
+
+## Security Considerations
+
+- The testing configuration (`MTLS_REJECT_UNAUTHORIZED=false`) should only be used in development
+- In production:
+  - Use proper CA-signed certificates
+  - Enable strict certificate verification
+  - Use client certificate allowlisting
+  - Keep private keys secure
+  - Regularly rotate certificates
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Certificate Errors**
+   - Ensure paths to certificate files are correct
+   - Check file permissions on certificate files
+   - Verify certificate format is correct
+
+2. **Connection Issues**
+   - Verify ports are not in use
+   - Check firewall settings
+   - Ensure URLs are correct (including https:// prefix)
+
+3. **mTLS Errors**
+   - Verify mTLS is enabled on both sides
+   - Check certificate configuration
+   - Ensure client certificate is trusted by server
+
+## License
+
+MIT 
diff --git a/test-ssl-cert.pem b/test-ssl-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfGgAwIBAgIUYN0EUBLwq7uoLwDuTx7gDW0HS2UwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MDUxNDIxMTUzMVoXDTI2MDUx
+NDIxMTUzMVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAmxdCF7xCJcE6yyG+wrdhHMwRiQxbhDLW/hiKQcO/nn7z
+QMM9LAV04+WG5LCmm0ygocbfXXhfWn5D6SSSESKTb8dbSj6AJbLSmYjA5vDSzh9R
+rO9GzNTDCDne+epo+rN4BOjGh7K83naLei/bEfmklMp7x+TyoBC8Ps/3Eq4HOJfd
+UzgV2L3oC/4dCbAnkgK2zanL8KEaH6aM0HytIaqMFYLBs2t8s7HHHcSEadHfjlJu
+GwTmTS0nVhJBWYJvF6Pv/SwLFuSo93TJybaMMUSF3oJK35NEYXg6EtibJLUC9RvX
+FVLytRA5z+x7FBnGBdi4ctMseecokV4u15ePCB3MXwIDAQABo1MwUTAdBgNVHQ4E
+FgQUxHrQZFFBfTfuXeOOoXmHZQ8E6rswHwYDVR0jBBgwFoAUxHrQZFFBfTfuXeOO
+oXmHZQ8E6rswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj0hy
+bwWh2B26cR0ADhuDC0MtGPBH0BrHypJEZ96nUPTY4oxRrjZusgdq60ooqsNyIW6k
+cZHkajC/O0V6hnV4yMhLE8ZwA+31iyQakonpT5N1OON4Ddv9Bfvx8xOn75x/+RP+
+GlAa31XxivryIi/5y7MEI0PwU34T/6bbMWdBaFRQtbuIXJ/90AZ0fBwIV0vJWjaO
+1DriZAJe7hl63ZUw6CsfutpoyKkanF5GQB2CpolR3t1oeHwuDbZ550p1g2XFB6UI
+9W+zlggQFeAnthzMoi3erO4sQ3j2b15QLZbk1HXHZcn3+89QcvdUcpG0u51bZdFW
+SJ+bnT3TZ9H+szoa1w==
+-----END CERTIFICATE-----
diff --git a/test-ssl-key.pem b/test-ssl-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbF0IXvEIlwTrL
+Ib7Ct2EczBGJDFuEMtb+GIpBw7+efvNAwz0sBXTj5YbksKabTKChxt9deF9afkPp
+JJIRIpNvx1tKPoAlstKZiMDm8NLOH1Gs70bM1MMIOd756mj6s3gE6MaHsrzedot6
+L9sR+aSUynvH5PKgELw+z/cSrgc4l91TOBXYvegL/h0JsCeSArbNqcvwoRofpozQ
+fK0hqowVgsGza3yzsccdxIRp0d+OUm4bBOZNLSdWEkFZgm8Xo+/9LAsW5Kj3dMnJ
+towxRIXegkrfk0RheDoS2JsktQL1G9cVUvK1EDnP7HsUGcYF2Lhy0yx55yiRXi7X
+l48IHcxfAgMBAAECggEAAft4dHXgi+ZTX7iiXTobe1MUakxbzcMZ7QzX6jfxTA+o
+APeTNuvURFFxDvKUaT8VJ9wzNgOi3F+UHffCB4a0nGTPmDxXm6O/KLKPHKSOso8Y
+ln2cdGPHy7l0TdIe3g113EI0FL9GcLrSf5D7Bi4gWhKDJdlETKLKH9dn+2IkD3zE
+VM+7pwqYV6XZu2GuZ1om1JE+Hx2D5YLIuRCON0RKpzCLikmM7VErA7sjy7LsCSh9
+ty5n1s9GoNtF+YuOD9WeMWGDonMyJdYWTsmFYoT+LF7W+GHoEwvYm9595QuNnxVx
+KQ4P5oKm/EfcSiBhCC8BdCIGch9tQPT7c/syVhHG4QKBgQDTdUVW7rJNnLtHgWF2
+ubjh9b3ZfxPuTEu6ueKON5XXvSgfsMBNgCxwkemefGJ6xIjDu+swud+2H33Tqj23
+GMMTZ1JEzNYINO1m/laSAK+DcL81q4sLLlJTbBhYeE6FBeEO1hAmU2IiYrgU6zbO
+eyo4ysXtFJdnHSR9PHjZpt/cMQKBgQC7wmxw2UNPlmwTzl6l7z5DqYxizIfezb9l
+pIYrmcD92asxZKPi1soz8PcOn30gGmjtZn/7FkXFHSRsNknUmqJOEbZrvNCcKndz
+O+RbKGs8FAKlyog8k3CTToAng4PutsYrAuK/kx84P9FPCgTxdhejRMkfkSebCJQH
+fmXRnlRdjwKBgQCm2Drz0rcBIg9q5hz+zp+gOoOnnusc9TozhQPLbvReGzQTfSTe
+gamO0LJiiIYzk+rNdfKmqaJoUwS3A/ZaB8G0B6wT+QNPymMfBsNLxBq4PTfBoy68
+jboLdJjpBVP/BZqEWEa51sTxmK7iYo0F8oxn7yaoX7zucUIfRp2cLl0noQKBgB+K
+RG8cgAshiJw3IX0cWEhDdfquwvAxfcJURdmTJXE/HFvavREA5cyd4NKLBhjbdt7S
+RhNmpWe8Qn8PC430P+l/XjZw7FYfaBtqZyzM+F6KOfuhrwsF9XY5TJvWotX5zAYz
+oOVvkGIBjmaJl1T8cnIRvvtXheCsKzmrCO2SfDePAoGAM1ToKwXSeZEm2Kyf/PV9
+74lvBKYP5LP+pSmrcTq9jUbPQy3KmlhBi+kyhVK+2Awmh0J9tzu83C8lWR25L4mc
+/Uwjhv2KwmvJKyZ4/5t/oMZ+BsZERSHj39juLNW+UL82M2heM5tv5/MI779SAmzl
+VJMN4N1x+L7408dEGu0j2ds=
+-----END PRIVATE KEY-----
