feat: typed mbe recovery endpoint req params

Author: mtexeira-simtlix

src/api/enclaved/recoveryMultisigTransaction.ts

@@ -1,25 +1,17 @@
 import { SignFinalOptions } from '@bitgo/abstract-eth';
-import { MethodNotImplementedError } from 'bitgo';
 import { EnclavedApiSpecRouteRequest } from '../../enclavedBitgoExpress/routers/enclavedApiSpec';
-import { KmsClient } from '../../kms/kmsClient';
 import logger from '../../logger';
-import { isEosCoin, isEthCoin, isStxCoin, isUtxoCoin, isXtzCoin } from '../../shared/coinUtils';
+import { isEthCoin } from '../../shared/coinUtils';
+import { retrieveKmsKey } from './utils';
 
 export async function recoveryMultisigTransaction(
   req: EnclavedApiSpecRouteRequest<'v1.multisig.recovery', 'post'>,
 ): Promise<any> {
-  const {
-    userPub,
-    backupPub,
-    walletContractAddress,
-    recoveryDestinationAddress,
-    recoveryParams,
-    apiKey,
-  } = req.body;
+  const { userPub, backupPub, unsignedSweepPrebuildTx, walletContractAddress } = req.body;
 
   //fetch prv and check that pub are valid
   const userPrv = await retrieveKmsKey({ pub: userPub, source: 'user' });
-  const backupPrv = await retrieveKmsKey({ pub: backupPub, source: 'user' });
+  const backupPrv = await retrieveKmsKey({ pub: backupPub, source: 'backup' });
 
   if (!userPrv || !backupPrv) {
     const errorMsg = `Error while recovery wallet, missing prv keys for user or backup on pub keys user=${userPub}, backup=${backupPub}`;
@@ -30,16 +22,6 @@ export async function recoveryMultisigTransaction(
   const bitgo = req.bitgo;
   const coin = bitgo.coin(req.params.coin);
 
-  //construct a common payload for the recovery that it's repeated in any kind of recovery
-  const commonRecoveryParams = {
-    userKey: userPub,
-    backupKey: backupPub,
-    walletContractAddress,
-    recoveryDestination: recoveryDestinationAddress,
-    // TODO: api key is not used so far because of a missconfig error on the bitgo obj
-    apiKey,
-  };
-
   // The signed transaction format depends on the coin type so we do this check as a guard
   // If you check the type of coin before and after the "if", you may see "BaseCoin" vs "AbstractEthLikeCoin"
   if (coin.isEVM()) {
@@ -48,16 +30,11 @@ export async function recoveryMultisigTransaction(
       // TODO: populate coinSpecificParams with things like replayProtectionOptions
       // coinSpecificParams type could be "recoverOptions"
       try {
-        const unsignedTx = await coin.recover({
-          ...commonRecoveryParams,
-          //TODO: it's needed for keycard debugging, the walletPassphrase
-          //walletPassphrase: passphrase,
-        });
-
         const halfSignedTx = await coin.signTransaction({
           isLastSignature: false,
           prv: userPrv,
-          txPrebuild: { ...unsignedTx } as unknown as SignFinalOptions,
+          txPrebuild: { ...unsignedSweepPrebuildTx } as unknown as SignFinalOptions,
+          walletContractAddress,
         });
 
         const { halfSigned } = halfSignedTx as any;
@@ -68,7 +45,9 @@ export async function recoveryMultisigTransaction(
             ...halfSignedTx,
             txHex: halfSigned.signatures,
             halfSigned,
-          },
+            recipients: halfSigned.recipients ?? [],
+          } as unknown as SignFinalOptions,
+          walletContractAddress,
           signingKeyNonce: halfSigned.signingKeyNonce ?? 0,
           backupKeyNonce: halfSigned.backupKeyNonce ?? 0,
           recipients: halfSigned.recipients ?? [],
@@ -85,135 +64,6 @@ export async function recoveryMultisigTransaction(
       throw new Error(errorMsg);
     }
   } else {
-    // TODO: from now on, this part isn't tested as we're lacking funds/apiKeys/etc
-    // TODO: WIP
-    // TODO (can't advance): XTZ throws a method not implemented on recover.
-    if (isXtzCoin(coin)) {
-      try {
-        const unsignedTx = await coin.recover({
-          ...commonRecoveryParams,
-        });
-
-        //TODO: fill this fields, check output from recover when recover implemented on sdk for xtz
-        const txHex = '';
-        const txInfo = 'txInfo' in unsignedTx ? unsignedTx.txInfo : undefined;
-        const addressInfo = 'addressInfo' in unsignedTx ? unsignedTx.addressInfo : undefined;
-        const feeInfo = 'feeInfo' in unsignedTx ? unsignedTx.feeInfo : undefined;
-        const source = '';
-        const dataToSign = '';
-
-        const halfSignedTx = await coin.signTransaction({
-          txPrebuild: {
-            txHex,
-            txInfo,
-            addressInfo,
-            feeInfo,
-            source,
-            dataToSign,
-          },
-          prv: userPrv,
-        });
-        //TODO: continue with full sign and return that
-        //      still needs to be tested in order to deduce min payload
-        return halfSignedTx;
-      } catch (err) {
-        console.log(err);
-        throw err;
-      }
-    } else if (isStxCoin(coin)) {
-      //TODO: (implementation untested): prioritize eth and btc instead of stc, when the other couple finished, go back to STX
-      try {
-        const unsignedTx = await coin.recover({
-          ...commonRecoveryParams,
-          rootAddress: walletContractAddress, // TODO: is a root address the same as wallet contract address? where does root address comes from if not?
-        });
-        //TODO: continue with half sign and return that
-        return unsignedTx;
-      } catch (err) {
-        console.log(err);
-        throw err;
-      }
-    } else if (isEosCoin(coin)) {
-      // TODO (implementation untested): we need some funds but faucets not working
-      try {
-        const unsignedTx = await coin.recover({
-          ...commonRecoveryParams,
-        });
-
-        //TODO: continue with half sign and return that
-        return unsignedTx;
-      } catch (err) {
-        console.log(err);
-        throw err;
-      }
-    } else if (isUtxoCoin(coin)) {
-      //TODO (implementation untested): we need an API key to complete/test btc flow
-      //TODO: do we need a special case for BTC or is another UTXO-based coin?
-
-      const { bitgoPub } = recoveryParams;
-      if (!bitgoPub) {
-        logger.error('Missing bitgoPub in recoveryParams for UTXO coin recovery');
-        throw new Error('Missing bitgoPub in recoveryParams for UTXO coin recovery');
-      }
-      try {
-        const unsignedTx = await coin.recover({
-          ...commonRecoveryParams,
-          bitgoKey: bitgoPub,
-          ignoreAddressTypes: recoveryParams.ignoreAddressTypes || [],
-        });
-
-        // some guards as the types have some imcompatibilities issues
-        const txInfo = 'txInfo' in unsignedTx ? unsignedTx.txInfo : undefined;
-        const txHex = 'txHex' in unsignedTx ? unsignedTx.txHex : '';
-
-        const halfSignedTx = await coin.signTransaction({
-          txPrebuild: {
-            txHex,
-            txInfo,
-          },
-          prv: userPrv,
-        });
-
-        const fullSignedTx = await coin.signTransaction({
-          //TODO: check the body of this based on halfSignedTx output
-          isLastSignature: true,
-          txPrebuild: {
-            txHex,
-            txInfo,
-          },
-          signingStep: 'cosignerNonce',
-        });
-
-        console.log(halfSignedTx);
-        throw new MethodNotImplementedError(
-          'Full signing for UTXO coins is not implemented in recovery yet. Please implement it.',
-        );
-
-        return fullSignedTx;
-      } catch (err) {
-        console.log(err);
-        throw err;
-      }
-    } else {
-      throw new Error('Unsupported coin type for recovery: ' + coin);
-    }
-  }
-}
-
-// TODO: this function is duplicated in multisigTransactioSign.ts but as hardcoded.
-//       move both to an utils file
-async function retrieveKmsKey({ pub, source }: { pub: string; source: string }): Promise<string> {
-  const kms = new KmsClient();
-  // Retrieve the private key from KMS
-  let prv: string;
-  try {
-    const res = await kms.getKey({ pub, source });
-    prv = res.prv;
-    return prv;
-  } catch (error: any) {
-    throw {
-      status: error.status || 500,
-      message: error.message || 'Failed to retrieve key from KMS',
-    };
+    throw new Error('Unsupported coin type for recovery: ' + coin);
   }
 }

src/api/enclaved/utils.ts

@@ -0,0 +1,23 @@
+// TODO: this function is duplicated in multisigTransactioSign.ts but as hardcoded. Replace that code later with this call (to avoid merge conflicts/duplication)
+import { KmsClient } from '../../kms/kmsClient';
+export async function retrieveKmsKey({
+  pub,
+  source,
+}: {
+  pub: string;
+  source: string;
+}): Promise<string> {
+  const kms = new KmsClient();
+  // Retrieve the private key from KMS
+  let prv: string;
+  try {
+    const res = await kms.getKey({ pub, source });
+    prv = res.prv;
+    return prv;
+  } catch (error: any) {
+    throw {
+      status: error.status || 500,
+      message: error.message || 'Failed to retrieve key from KMS',
+    };
+  }
+}

src/enclavedBitgoExpress/routers/enclavedApiSpec.ts

@@ -57,9 +57,16 @@ const SignMultisigResponse: HttpResponse = {
 const RecoveryMultisigRequest = {
   userPub: t.string,
   backupPub: t.string,
-  walletContractAddress: t.string,
-  recoveryDestinationAddress: t.string,
-  recoveryParams: t.any, // TODO: add more precise typing
+  apiKey: t.string,
+  // TODO: best typing for this, they come from sdk TS types
+  unsignedSweepPrebuildTx: t.any,
+  coinSpecificParams: t.union([
+    t.undefined,
+    t.partial({
+      bitgoPub: t.union([t.undefined, t.string]),
+      ignoreAddressTypes: t.union([t.undefined, t.array(t.string)]),
+    }),
+  ]),
 };
 
 // Response type for /multisig/recovery endpoint

src/masterBitgoExpress/enclavedExpressClient.ts

@@ -1,3 +1,4 @@
+import { OfflineVaultTxInfo, RecoveryInfo, UnsignedSweepTxMPCv2 } from '@bitgo/sdk-coin-eth';
 import { SignedTransaction, TransactionPrebuild } from '@bitgo/sdk-core';
 import debug from 'debug';
 import https from 'https';
@@ -31,13 +32,14 @@ interface SignMultisigOptions {
 interface RecoveryMultisigOptions {
   userPub: string;
   backupPub: string;
-  walletContractAddress: string;
-  recoveryDestinationAddress: string;
+  unsignedSweepPrebuildTx: RecoveryInfo | OfflineVaultTxInfo | UnsignedSweepTxMPCv2;
   apiKey: string;
-  recoveryParams?: {
+  walletContractAddress: string;
+  coinSpecificParams?: {
     bitgoPub?: string;
-    ignoreAddressTypes: string[];
+    ignoreAddressTypes?: string[];
   };
+  // recoveryDestinationAddress: string;
 }
 
 export class EnclavedExpressClient {

src/masterBitgoExpress/recoveryWallet.ts

@@ -1,11 +1,13 @@
 import assert from 'assert';
+import { isEthCoin } from '../shared/coinUtils';
 import { isMasterExpressConfig } from '../types';
 import { createEnclavedExpressClient } from './enclavedExpressClient';
 import { MasterApiSpecRouteRequest } from './routers/masterApiSpec';
 
 export async function handleRecoveryWalletOnPrem(
   req: MasterApiSpecRouteRequest<'v1.wallet.recovery', 'post'>,
 ) {
+  const bitgo = req.bitgo;
   const coin = req.params.coin;
   assert(
     isMasterExpressConfig(req.config),
@@ -23,23 +25,44 @@ export async function handleRecoveryWalletOnPrem(
     backupPub,
     walletContractAddress,
     recoveryDestinationAddress,
-    recoveryParams,
+    coinSpecificParams,
     apiKey,
   } = req.body;
 
-  try {
-    const fullSignedRecoveryTx = await enclavedExpressClient.recoveryMultisig({
-      userPub,
-      backupPub,
-      walletContractAddress,
-      recoveryDestinationAddress,
-      apiKey,
-      recoveryParams,
-    });
+  //construct a common payload for the recovery that it's repeated in any kind of recovery
+  const commonRecoveryParams = {
+    userKey: userPub,
+    backupKey: backupPub,
+    walletContractAddress,
+    recoveryDestination: recoveryDestinationAddress,
+    apiKey,
+  };
+
+  const sdkCoin = bitgo.coin(coin);
+
+  if (isEthCoin(sdkCoin)) {
+    try {
+      const unsignedSweepPrebuildTx = await sdkCoin.recover({
+        ...commonRecoveryParams,
+        //TODO: DELETE. it's needed for keycard debugging, the walletPassphrase
+        //walletPassphrase: passphrase,
+      });
+      const fullSignedRecoveryTx = await enclavedExpressClient.recoveryMultisig({
+        userPub,
+        backupPub,
+        apiKey,
+        unsignedSweepPrebuildTx,
+        coinSpecificParams,
+        walletContractAddress,
+        // recoveryDestinationAddress,
+      });
 
-    return fullSignedRecoveryTx;
-  } catch (err) {
-    //TODO: check other error handling for ref on mbe
-    throw err;
+      return fullSignedRecoveryTx;
+    } catch (err) {
+      //TODO: check other error handling for ref on mbe
+      throw err;
+    }
+  } else {
+    throw new Error('Recovery wallet is not supported for this coin: ' + coin);
   }
 }

src/masterBitgoExpress/routers/masterApiSpec.ts

@@ -79,7 +79,6 @@ export const SendManyRequest = {
 
 export const SendManyResponse: HttpResponse = {
   // TODO: Get type from public types repo / Wallet Platform
-
   200: t.any,
   500: t.type({
     error: t.string,
@@ -97,14 +96,20 @@ const RecoveryWalletResponse: HttpResponse = {
   }),
 };
 
-// Request type for /generate endpoint
+// Request type for /recovery endpoint
 const RecoveryWalletRequest = {
-  // TODO: complete the type
-  // label: t.string,
-  // multisigType: t.union([t.undefined, t.literal('onchain'), t.literal('tss')]),
-  // enterprise: t.string,
-  // disableTransactionNotifications: t.union([t.undefined, t.boolean]),
-  // isDistributedCustody: t.union([t.undefined, t.boolean]),
+  userPub: t.string,
+  backupPub: t.string,
+  walletContractAddress: t.string,
+  recoveryDestinationAddress: t.string,
+  apiKey: t.string,
+  coinSpecificParams: t.union([
+    t.undefined,
+    t.partial({
+      bitgoPub: t.union([t.undefined, t.string]),
+      ignoreAddressTypes: t.union([t.undefined, t.array(t.string)]),
+    }),
+  ]),
 };
 
 // API Specification