feat: add bitgo api intergration to MBE

Ticket: WP-4593

Author: pranavjain97

package.json

@@ -17,13 +17,17 @@
     "generate-test-ssl": "openssl req -x509 -newkey rsa:2048 -keyout test-ssl-key.pem -out test-ssl-cert.pem -days 365 -nodes -subj '/CN=localhost'"
   },
   "dependencies": {
+    "bitgo": "^44.2.0",
+    "@bitgo/sdk-core": "^33.2.0",
     "body-parser": "^1.20.3",
     "connect-timeout": "^1.9.0",
     "debug": "^3.1.0",
     "express": "4.17.3",
     "lodash": "^4.17.20",
     "morgan": "^1.9.1",
-    "superagent": "^8.0.9"
+    "superagent": "^8.0.9",
+    "proxy-agent": "6.4.0",
+    "proxyquire": "^2.1.3"
   },
   "devDependencies": {
     "@types/body-parser": "^1.17.0",
@@ -54,6 +58,6 @@
     "typescript": "^4.2.4"
   },
   "engines": {
-    "node": ">=14"
+    "node": ">=20.18.0"
   }
 }

src/masterBitgoExpress/enclavedExpressClient.ts

@@ -0,0 +1,98 @@
+import * as superagent from 'superagent';
+import debug from 'debug';
+import { config } from '../config';
+import { isMasterExpressConfig } from '../types';
+
+const debugLogger = debug('bitgo:express:enclavedExpressClient');
+
+interface CreateIndependentKeychainParams {
+  source: 'user' | 'backup';
+  coin?: string;
+  type: 'independent';
+  seed?: string;
+}
+
+export interface IndependentKeychainResponse {
+  id: string;
+  pub: string;
+  encryptedPrv?: string;
+  type: 'independent';
+  source: 'user' | 'backup' | 'bitgo';
+  coin: string;
+}
+
+export class EnclavedExpressClient {
+  private readonly url: string;
+  private readonly sslCert: string;
+  private readonly coin?: string;
+
+  constructor(coin?: string) {
+    const cfg = config();
+    if (!isMasterExpressConfig(cfg)) {
+      throw new Error('Configuration is not in master express mode');
+    }
+
+    if (!cfg.enclavedExpressUrl || !cfg.enclavedExpressSSLCert) {
+      throw new Error(
+        'Enclaved Express URL not configured. Please set BITGO_ENCLAVED_EXPRESS_URL and BITGO_ENCLAVED_EXPRESS_SSL_CERT in your environment.',
+      );
+    }
+
+    this.url = cfg.enclavedExpressUrl;
+    this.sslCert = cfg.enclavedExpressSSLCert;
+    this.coin = coin;
+    debugLogger('EnclavedExpressClient initialized with URL: %s', this.url);
+  }
+
+  async ping(): Promise<void> {
+    try {
+      debugLogger('Pinging enclaved express at %s', this.url);
+      await superagent.get(`${this.url}/ping`).ca(this.sslCert).send();
+    } catch (error) {
+      const err = error as Error;
+      debugLogger('Failed to ping enclaved express: %s', err.message);
+      throw new Error(`Failed to ping enclaved express: ${err.message}`);
+    }
+  }
+
+  /**
+   * Create an independent multisig key for a given source and coin
+   */
+  async createIndependentKeychain(
+    params: CreateIndependentKeychainParams,
+  ): Promise<IndependentKeychainResponse> {
+    if (!this.coin) {
+      throw new Error('Coin not configured');
+    }
+    try {
+      debugLogger('Creating independent keychain for coin: %s', this.coin);
+      const { body: keychain } = await superagent
+        .post(`${this.url}/api/${this.coin}/key/independent`)
+        .ca(this.sslCert)
+        .type('json')
+        .send(params);
+      return keychain;
+    } catch (error) {
+      const err = error as Error;
+      debugLogger('Failed to create independent keychain: %s', err.message);
+      throw new Error(`Failed to create independent keychain: ${err.message}`);
+    }
+  }
+}
+
+/**
+ * Create an enclaved express client if the configuration is present
+ */
+export function createEnclavedExpressClient(coin?: string): EnclavedExpressClient | undefined {
+  try {
+    return new EnclavedExpressClient(coin);
+  } catch (error) {
+    const err = error as Error;
+    // If URL isn't configured, return undefined instead of throwing
+    if (err.message.includes('URL not configured')) {
+      debugLogger('Enclaved express URL not configured, returning undefined');
+      return undefined;
+    }
+    throw err;
+  }
+}

src/masterExpressApp.ts

@@ -6,6 +6,7 @@ import debug from 'debug';
 import https from 'https';
 import http from 'http';
 import superagent from 'superagent';
+import { BitGo, BitGoOptions } from 'bitgo';
 
 import { MasterExpressConfig, config, isMasterExpressConfig } from './config';
 import {
@@ -19,8 +20,22 @@ import {
   readCertificates,
   setupHealthCheckRoutes,
 } from './shared/appUtils';
+import { ApiResponseError } from './errors';
+import bodyParser from 'body-parser';
+import { ProxyAgent } from 'proxy-agent';
+import { promiseWrapper } from './routes';
+import pjson from '../package.json';
+import { createEnclavedExpressClient } from './masterBitgoExpress/enclavedExpressClient';
 
 const debugLogger = debug('master-express:express');
+const { version } = require('bitgo/package.json');
+const BITGOEXPRESS_USER_AGENT = `BitGoExpress/${pjson.version} BitGoJS/${version}`;
+
+// Add this interface before the startup function
+interface BitGoRequest extends express.Request {
+  bitgo: BitGo;
+  config: MasterExpressConfig;
+}
 
 /**
  * Create a startup function which will be run upon server initialization
@@ -43,6 +58,75 @@ function isSSL(config: MasterExpressConfig): boolean {
   return Boolean((keyPath && crtPath) || (sslKey && sslCert));
 }
 
+/**
+ *
+ * @param status
+ * @param result
+ * @param message
+ */
+function apiResponse(status: number, result: any, message: string): ApiResponseError {
+  return new ApiResponseError(message, status, result);
+}
+
+const expressJSONParser = bodyParser.json({ limit: '20mb' });
+
+/**
+ * Perform body parsing here only on routes we want
+ */
+function parseBody(req: express.Request, res: express.Response, next: express.NextFunction) {
+  // Set the default Content-Type, in case the client doesn't set it.  If
+  // Content-Type isn't specified, Express silently refuses to parse the
+  // request body.
+  req.headers['content-type'] = req.headers['content-type'] || 'application/json';
+  return expressJSONParser(req, res, next);
+}
+
+/**
+ * Create the bitgo object in the request
+ * @param config
+ */
+function prepareBitGo(config: MasterExpressConfig) {
+  const { env, customRootUri } = config;
+
+  return function prepBitGo(
+    req: express.Request,
+    res: express.Response,
+    next: express.NextFunction,
+  ) {
+    // Get access token
+    let accessToken;
+    if (req.headers.authorization) {
+      const authSplit = req.headers.authorization.split(' ');
+      if (authSplit.length === 2 && authSplit[0].toLowerCase() === 'bearer') {
+        accessToken = authSplit[1];
+      }
+    }
+    const userAgent = req.headers['user-agent']
+      ? BITGOEXPRESS_USER_AGENT + ' ' + req.headers['user-agent']
+      : BITGOEXPRESS_USER_AGENT;
+
+    const useProxyUrl = process.env.BITGO_USE_PROXY;
+    const bitgoConstructorParams: BitGoOptions = {
+      env,
+      customRootURI: customRootUri,
+      accessToken,
+      userAgent,
+      ...(useProxyUrl
+        ? {
+            customProxyAgent: new ProxyAgent({
+              getProxyForUrl: () => useProxyUrl,
+            }),
+          }
+        : {}),
+    };
+
+    (req as BitGoRequest).bitgo = new BitGo(bitgoConstructorParams);
+    (req as BitGoRequest).config = config;
+
+    next();
+  };
+}
+
 async function createHttpsServer(
   app: express.Application,
   config: MasterExpressConfig,
@@ -98,7 +182,6 @@ function setupMasterExpressRoutes(app: express.Application): void {
   // Add enclaved express ping route
   app.get('/ping/enclavedExpress', async (req, res) => {
     const cfg = config() as MasterExpressConfig;
-
     try {
       console.log('Pinging enclaved express');
       console.log('SSL Enabled:', cfg.enableSSL);

src/routes.ts

@@ -66,7 +66,7 @@ export function setupRoutes(app: express.Application): void {
 // promiseWrapper implementation
 export function promiseWrapper(promiseRequestHandler: any) {
   return async function promWrapper(req: any, res: any, next: any) {
-    debug(`handle: ${req.method} ${req.originalUrl}`);
+    debugLogger(`handle: ${req.method} ${req.originalUrl}`);
     try {
       const result = await promiseRequestHandler(req, res, next);
       if (typeof result === 'object' && result !== null && 'body' in result && 'status' in result) {

src/types.ts

@@ -64,3 +64,13 @@ export interface MasterExpressConfig extends BaseConfig {
 
 // Union type for the configuration
 export type Config = EnclavedConfig | MasterExpressConfig;
+
+// Type guard for MasterExpressConfig
+export function isMasterExpressConfig(config: Config): config is MasterExpressConfig {
+  return config.appMode === AppMode.MASTER_EXPRESS;
+}
+
+// Type guard for EnclavedConfig
+export function isEnclavedConfig(config: Config): config is EnclavedConfig {
+  return config.appMode === AppMode.ENCLAVED;
+}