feat(mmbe): recovery consolidation

Author: cpatino-intive

src/__tests__/api/master/recoveryConsolidationsWallet.test.ts

@@ -0,0 +1,109 @@
+import 'should';
+import sinon from 'sinon';
+import * as request from 'supertest';
+import nock from 'nock';
+import { app as expressApp } from '../../../masterExpressApp';
+import { AppMode, MasterExpressConfig, TlsMode } from '../../../shared/types';
+import { Trx } from '@bitgo/sdk-coin-trx';
+import { Sol } from '@bitgo/sdk-coin-sol';
+import { EnclavedExpressClient } from '../../../api/master/clients/enclavedExpressClient';
+
+describe('POST /api/:coin/wallet/recoveryConsolidations', () => {
+  let agent: request.SuperAgentTest;
+  const enclavedExpressUrl = 'http://enclaved.invalid';
+  const accessToken = 'test-token';
+
+  before(() => {
+    nock.disableNetConnect();
+    nock.enableNetConnect('127.0.0.1');
+    const config: MasterExpressConfig = {
+      appMode: AppMode.MASTER_EXPRESS,
+      port: 0,
+      bind: 'localhost',
+      timeout: 60000,
+      logFile: '',
+      env: 'test',
+      disableEnvCheck: true,
+      authVersion: 2,
+      enclavedExpressUrl,
+      enclavedExpressCert: 'dummy-cert',
+      tlsMode: TlsMode.DISABLED,
+      mtlsRequestCert: false,
+      allowSelfSigned: true,
+    };
+    const app = expressApp(config);
+    agent = request.agent(app);
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+    sinon.restore();
+  });
+
+  it('should handle TRON consolidation recovery', async () => {
+    const mockTransactions = [{ txHex: 'unsigned-tx-1', serializedTx: 'serialized-unsigned-tx-1' }];
+
+    const recoverConsolidationsStub = sinon.stub(Trx.prototype, 'recoverConsolidations').resolves({
+      transactions: mockTransactions,
+    });
+
+    const recoveryMultisigStub = sinon
+      .stub(EnclavedExpressClient.prototype, 'recoveryMultisig')
+      .resolves({ txHex: 'signed-tx' });
+
+    const response = await agent
+      .post(`/api/trx/wallet/recoveryConsolidations`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: 'user-xpub',
+        backupPub: 'backup-xpub',
+        bitgoKey: 'bitgo-xpub',
+        tokenContractAddress: 'tron-token',
+        startingScanIndex: 1,
+        endingScanIndex: 3,
+      });
+
+    response.status.should.equal(200);
+    response.body.should.have.property('signedTxs');
+    sinon.assert.calledOnce(recoverConsolidationsStub);
+    sinon.assert.calledOnce(recoveryMultisigStub);
+    const callArgs = recoverConsolidationsStub.firstCall.args[0];
+    callArgs.tokenContractAddress!.should.equal('tron-token');
+    callArgs.userKey.should.equal('user-xpub');
+    callArgs.backupKey.should.equal('backup-xpub');
+    callArgs.bitgoKey.should.equal('bitgo-xpub');
+  });
+
+  it('should handle Solana consolidation recovery', async () => {
+    const mockTransactions = [{ txHex: 'unsigned-tx-1', serializedTx: 'serialized-unsigned-tx-1' }];
+
+    const recoverConsolidationsStub = sinon.stub(Sol.prototype, 'recoverConsolidations').resolves({
+      transactions: mockTransactions,
+    });
+
+    const recoveryMultisigStub = sinon
+      .stub(EnclavedExpressClient.prototype, 'recoveryMultisig')
+      .resolves({ txHex: 'signed-tx' });
+
+    const response = await agent
+      .post(`/api/sol/wallet/recoveryConsolidations`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: 'user-xpub',
+        backupPub: 'backup-xpub',
+        bitgoKey: 'bitgo-xpub',
+        durableNonces: {
+          publicKeys: ['sol-pubkey-1', 'sol-pubkey-2'],
+          secretKey: 'sol-secret',
+        },
+      });
+
+    response.status.should.equal(200);
+    response.body.should.have.property('signedTxs');
+    sinon.assert.calledOnce(recoverConsolidationsStub);
+    sinon.assert.calledOnce(recoveryMultisigStub);
+    const callArgs = recoverConsolidationsStub.firstCall.args[0];
+    callArgs.durableNonces.should.have.property('publicKeys').which.is.an.Array();
+    callArgs.durableNonces.should.have.property('secretKey', 'sol-secret');
+  });
+});

src/api/master/clients/enclavedExpressClient.ts

@@ -13,10 +13,9 @@ import {
   GShare,
   Keychain,
   ApiKeyShare,
-  MPCSweepTxs,
   MPCTx,
-  MPCTxs,
 } from '@bitgo/sdk-core';
+import { RecoveryTransaction } from '@bitgo/sdk-coin-trx';
 import { superagentRequestFactory, buildApiClient, ApiClient } from '@api-ts/superagent-wrapper';
 import { OfflineVaultTxInfo, RecoveryInfo, UnsignedSweepTxMPCv2 } from '@bitgo/sdk-coin-eth';
 
@@ -87,7 +86,9 @@ interface RecoveryMultisigOptions {
     | RecoveryInfo
     | OfflineVaultTxInfo
     | UnsignedSweepTxMPCv2
-    | FormattedOfflineVaultTxInfo;
+    | FormattedOfflineVaultTxInfo
+    | MPCTx
+    | RecoveryTransaction;
   walletContractAddress: string;
 }
 

src/api/master/handlers/recoveryConsolidationsWallet.ts

@@ -0,0 +1,65 @@
+import { MasterApiSpecRouteRequest } from '../routers/masterApiSpec';
+import logger from '../../../logger';
+import { isSolCoin } from '../../../shared/coinUtils';
+import { MPCTx } from 'bitgo';
+import { RecoveryTransaction } from '@bitgo/sdk-coin-trx';
+
+// Handler for recovery from receive addresses (consolidation sweeps)
+export async function handleRecoveryConsolidationsOnPrem(
+  req: MasterApiSpecRouteRequest<'v1.wallet.recoveryConsolidations', 'post'>,
+) {
+  const bitgo = req.bitgo;
+  const coin = req.decoded.coin;
+  const enclavedExpressClient = req.enclavedExpressClient;
+
+  const { userPub, backupPub, bitgoKey } = req.decoded;
+
+  const sdkCoin = bitgo.coin(coin);
+  let txs: MPCTx[] | RecoveryTransaction[] = [];
+  // 1. Build unsigned consolidations
+  if (isSolCoin(sdkCoin) && !req.decoded.durableNonces) {
+    throw new Error('durableNonces is required for Solana consolidation recovery');
+  }
+
+  if (typeof (sdkCoin as any).recoverConsolidations !== 'function') {
+    throw new Error(`recoverConsolidations is not supported for coin: ${coin}`);
+  }
+
+  // Use type assertion to access recoverConsolidations
+  const result = await (sdkCoin as any).recoverConsolidations({
+    ...req.decoded,
+    userKey: userPub,
+    backupKey: backupPub,
+    bitgoKey,
+    durableNonces: req.decoded.durableNonces,
+  });
+
+  if ('transactions' in result) {
+    txs = result.transactions;
+  } else if ('txRequests' in result) {
+    txs = result.txRequests;
+  } else {
+    throw new Error('recoverConsolidations did not return expected transactions');
+  }
+
+  logger.debug(`Found ${txs.length} unsigned consolidation transactions`);
+
+  // 2. For each unsigned sweep, get it signed by EBE (using recoveryMultisig)
+  const signedTxs = [];
+  try {
+    for (const tx of txs) {
+      const signedTx = await enclavedExpressClient.recoveryMultisig({
+        userPub,
+        backupPub,
+        unsignedSweepPrebuildTx: tx,
+        walletContractAddress: '',
+      });
+      signedTxs.push(signedTx);
+    }
+
+    return { signedTxs };
+  } catch (err) {
+    logger.error('Error during consolidation recovery:', err);
+    throw err;
+  }
+}

src/shared/coinUtils.ts

@@ -2,11 +2,7 @@ import { AbstractEthLikeNewCoins } from '@bitgo/abstract-eth';
 import { BackupKeyRecoveryTransansaction, FormattedOfflineVaultTxInfo } from '@bitgo/abstract-utxo';
 import { CoinFamily } from '@bitgo/statics';
 import { BaseCoin } from 'bitgo';
-import { AbstractUtxoCoin, Eos, Sol, Stx, Xtz } from 'bitgo/dist/types/src/v2/coins';
-
-export function isSolCoin(coin: BaseCoin): coin is Sol {
-  return isFamily(coin, CoinFamily.SOL);
-}
+import { AbstractUtxoCoin, Eos, Stx, Xtz, Sol, Trx } from 'bitgo/dist/types/src/v2/coins';
 
 export function isEthLikeCoin(coin: BaseCoin): coin is AbstractEthLikeNewCoins {
   const isEthPure = isFamily(coin, CoinFamily.ETH);
@@ -56,6 +52,14 @@ export function isXtzCoin(coin: BaseCoin): coin is Xtz {
   return isFamily(coin, CoinFamily.XTZ);
 }
 
+export function isSolCoin(coin: BaseCoin): coin is Sol {
+  return isFamily(coin, CoinFamily.SOL);
+}
+
+export function isTrxCoin(coin: BaseCoin): coin is Trx {
+  return isFamily(coin, CoinFamily.TRX);
+}
+
 function isFamily(coin: BaseCoin, family: CoinFamily) {
   return Boolean(coin && coin.getFamily() === family);
 }