test: musig recovery eth for mbe tests

mtexeira-simtlix · mtexeira-simtlix · commit c36ba043274c · 2025-06-27T10:45:49.000-03:00
diff --git a/src/__tests__/api/master/musigRecovery.test.ts b/src/__tests__/api/master/musigRecovery.test.ts
@@ -0,0 +1,149 @@
+import 'should';
+import sinon from 'sinon';
+
+import { AbstractEthLikeNewCoins } from '@bitgo/abstract-eth';
+import nock from 'nock';
+import * as request from 'supertest';
+import { app as expressApp } from '../../../masterExpressApp';
+import { AppMode, MasterExpressConfig, TlsMode } from '../../../shared/types';
+import { data as ethRecoveryData } from '../../mocks/ethRecoveryMusigMockData';
+
+describe('POST /api/:coin/wallet/recovery', () => {
+  let agent: request.SuperAgentTest;
+  const enclavedExpressUrl = 'http://enclaved.invalid';
+  const coin = 'hteth';
+  const accessToken = 'test-token';
+
+  before(() => {
+    nock.disableNetConnect();
+    nock.enableNetConnect('127.0.0.1');
+
+    const config: MasterExpressConfig = {
+      appMode: AppMode.MASTER_EXPRESS,
+      port: 0, // Let OS assign a free port
+      bind: 'localhost',
+      timeout: 60000,
+      logFile: '',
+      env: 'test',
+      disableEnvCheck: true,
+      authVersion: 2,
+      enclavedExpressUrl: enclavedExpressUrl,
+      enclavedExpressCert: 'dummy-cert',
+      tlsMode: TlsMode.DISABLED,
+      mtlsRequestCert: false,
+      allowSelfSigned: true,
+    };
+
+    const app = expressApp(config);
+    agent = request.agent(app);
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+    sinon.restore();
+  });
+
+  it('should get the tx hex for broadcasting from eve on musig recovery ', async () => {
+    // sdk call mock on mbe
+    const recoverStub = sinon
+      .stub(AbstractEthLikeNewCoins.prototype, 'recover')
+      .resolves(ethRecoveryData.unsignedSweepPrebuildTx);
+
+    // the call to eve.recoverWallet(...)
+    // that contains the calls to sdk.signTransaction
+    const eveRecoverWalletNock = nock(enclavedExpressUrl)
+      .post(`/api/${coin}/multisig/recovery`, {
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        unsignedSweepPrebuildTx: ethRecoveryData.unsignedSweepPrebuildTx,
+        coinSpecificParams: undefined,
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+      })
+      .reply(200, {
+        txHex: ethRecoveryData.txHexFullSigned,
+      });
+
+    // the call to our own master api express endpoint
+    const response = await agent
+      .post(`/api/${coin}/wallet/recovery`, (body) => {
+        console.log('Nock received body:', body);
+        return true;
+      })
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: ethRecoveryData.recoveryDestinationAddress,
+      });
+
+    response.status.should.equal(200);
+    response.body.should.have.property('txHex', ethRecoveryData.txHexFullSigned);
+    sinon.assert.calledOnce(recoverStub);
+    eveRecoverWalletNock.done();
+  });
+
+  it('should fail when walletContractAddress (origin) not provided', async () => {
+    const response = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: undefined,
+        recoveryDestinationAddress: ethRecoveryData.recoveryDestinationAddress,
+      });
+
+    response.status.should.equal(400);
+    response.body.should.have.property('error');
+    response.body.error.should.match(/walletContractAddress/i);
+  });
+  it('should fail when recoveryDestinationAddress (destiny) not provided', async () => {
+    const response = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: undefined,
+      });
+
+    response.status.should.equal(400);
+    response.body.should.have.property('error');
+    response.body.error.should.match(/recoveryDestinationAddress/i);
+  });
+  it('should fail when userPub or backupPub not provided', async () => {
+    const responseNoUserKey = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: undefined,
+      });
+
+    const responseNoBackupKey = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: undefined,
+      });
+
+    responseNoUserKey.status.should.equal(400);
+    responseNoUserKey.body.should.have.property('error');
+    responseNoUserKey.body.error.should.match(/userPub/i);
+
+    responseNoBackupKey.status.should.equal(400);
+    responseNoBackupKey.body.should.have.property('error');
+    responseNoBackupKey.body.error.should.match(/backupPub/i);
+  });
+});
diff --git a/src/__tests__/mocks/ethRecoveryMusigMockData.ts b/src/__tests__/mocks/ethRecoveryMusigMockData.ts
@@ -0,0 +1,38 @@
+const walletContractAddress = '0x223fe2adcc8f28d8a46f72f7f355117d2727554d';
+
+export const data = {
+  walletContractAddress,
+  userKey:
+    'xpub661MyMwAqRbcFigezGWEYSbCPVuaUmvnp1u7iEpH9YsKU6uYQtPANvudjgAo82QRHXsUieMqKeB1xEj89VUKU1ugtmyAZ3xzNEbHPexxgKK',
+  backupKey:
+    'xpub661MyMwAqRbcGbCirzmQsUJT2eidt9tFLw2m77w6FiKco6TKu49CP3GkHF88xGCpvqkP93SYMAarfyWAn8UWevQtNT6pDo8xH7xmf6GqK6e',
+  unsignedSweepPrebuildTx: {
+    tx: 'f9012b808504a817c8008307a12094223fe2adcc8f28d8a46f72f7f355117d2727554d80b9010439125215000000000000000000000000e7d07af8e3e7472ea8391a3372ab98d04ac4df200000000000000000000000000000000000000000000000000de0b6b3a764000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000006851a693000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000808080',
+    userKey:
+      'xpub661MyMwAqRbcFigezGWEYSbCPVuaUmvnp1u7iEpH9YsKU6uYQtPANvudjgAo82QRHXsUieMqKeB1xEj89VUKU1ugtmyAZ3xzNEbHPexxgKK',
+    backupKey:
+      'xpub661MyMwAqRbcGbCirzmQsUJT2eidt9tFLw2m77w6FiKco6TKu49CP3GkHF88xGCpvqkP93SYMAarfyWAn8UWevQtNT6pDo8xH7xmf6GqK6e',
+    coin: 'hteth',
+    gasPrice: 20000000000,
+    gasLimit: 500000,
+    recipients: [
+      {
+        address: '0xe7d07af8e3e7472ea8391a3372ab98d04ac4df20',
+        amount: '1000000000000000000',
+      },
+    ],
+    walletContractAddress,
+    amount: '1000000000000000000',
+    backupKeyNonce: 0,
+    recipient: {
+      address: '0xe7d07af8e3e7472ea8391a3372ab98d04ac4df20',
+      amount: '1000000000000000000',
+    },
+    expireTime: 1750181523,
+    contractSequenceId: '1',
+    nextContractSequenceId: '1',
+  },
+  txHexFullSigned:
+    'xpub661MyMwAqRbcGLBsaNVtc8bhB7dN8fzf3JTEKhviDUMDz11HkcHNXRSV6tk2jsqPhXnqLJPUHy8VMSjTr4hPFimRWdFk3eaLEM8VBUbZdQE',
+  recoveryDestinationAddress: '0x927324f364a6fd1bf4648310a445b58063f5bb64',
+};
