Merge pull request #27 from BitGo/WP-00000-fix-config-loading

chore: fix loading the certs repetetively

Author: pranavjain97

src/__tests__/config.test.ts

@@ -1,5 +1,5 @@
 import 'should';
-import { config, isEnclavedConfig, TlsMode } from '../config';
+import { initConfig, isEnclavedConfig, TlsMode } from '../initConfig';
 
 describe('Configuration', () => {
   const originalEnv = process.env;
@@ -17,14 +17,14 @@ describe('Configuration', () => {
   });
 
   it('should throw error when APP_MODE is not set', () => {
-    (() => config()).should.throw(
+    (() => initConfig()).should.throw(
       'APP_MODE environment variable is required. Set APP_MODE to either "enclaved" or "master-express"',
     );
   });
 
   it('should throw error when APP_MODE is invalid', () => {
     process.env.APP_MODE = 'invalid';
-    (() => config()).should.throw(
+    (() => initConfig()).should.throw(
       'Invalid APP_MODE: invalid. Must be either "enclaved" or "master-express"',
     );
   });
@@ -39,7 +39,7 @@ describe('Configuration', () => {
     });
 
     it('should use default configuration when no environment variables are set', () => {
-      const cfg = config();
+      const cfg = initConfig();
       isEnclavedConfig(cfg).should.be.true();
       if (isEnclavedConfig(cfg)) {
         cfg.port.should.equal(3080);
@@ -54,7 +54,7 @@ describe('Configuration', () => {
 
     it('should read port from environment variable', () => {
       process.env.ENCLAVED_EXPRESS_PORT = '4000';
-      const cfg = config();
+      const cfg = initConfig();
       isEnclavedConfig(cfg).should.be.true();
       if (isEnclavedConfig(cfg)) {
         cfg.port.should.equal(4000);
@@ -67,7 +67,7 @@ describe('Configuration', () => {
     it('should read TLS mode from environment variables', () => {
       // Test with TLS disabled
       process.env.TLS_MODE = 'disabled';
-      let cfg = config();
+      let cfg = initConfig();
       isEnclavedConfig(cfg).should.be.true();
       if (isEnclavedConfig(cfg)) {
         cfg.tlsMode.should.equal(TlsMode.DISABLED);
@@ -76,7 +76,7 @@ describe('Configuration', () => {
 
       // Test with mTLS explicitly enabled
       process.env.TLS_MODE = 'mtls';
-      cfg = config();
+      cfg = initConfig();
       isEnclavedConfig(cfg).should.be.true();
       if (isEnclavedConfig(cfg)) {
         cfg.tlsMode.should.equal(TlsMode.MTLS);
@@ -87,13 +87,13 @@ describe('Configuration', () => {
 
       // Test with invalid TLS mode
       process.env.TLS_MODE = 'invalid';
-      (() => config()).should.throw(
+      (() => initConfig()).should.throw(
         'Invalid TLS_MODE: invalid. Must be either "disabled" or "mtls"',
       );
 
       // Test with no TLS mode (should default to MTLS)
       delete process.env.TLS_MODE;
-      cfg = config();
+      cfg = initConfig();
       isEnclavedConfig(cfg).should.be.true();
       if (isEnclavedConfig(cfg)) {
         cfg.tlsMode.should.equal(TlsMode.MTLS);
@@ -108,7 +108,7 @@ describe('Configuration', () => {
       process.env.MTLS_REJECT_UNAUTHORIZED = 'true';
       process.env.MTLS_ALLOWED_CLIENT_FINGERPRINTS = 'ABC123,DEF456';
 
-      const cfg = config();
+      const cfg = initConfig();
       isEnclavedConfig(cfg).should.be.true();
       if (isEnclavedConfig(cfg)) {
         cfg.mtlsRequestCert!.should.be.true();

src/api/enclaved/postIndependentKey.ts

@@ -12,7 +12,7 @@ export async function postIndependentKey(
 
   // setup clients
   const bitgo: BitGo = req.bitgo;
-  const kms = new KmsClient();
+  const kms = new KmsClient(req.config);
 
   // create public and private key pairs on BitGo SDK
   const coin = bitgo.coin(req.params.coin);

src/api/enclaved/signMultisigTransaction.ts

@@ -19,7 +19,7 @@ export async function signMultisigTransaction(
   }
 
   const bitgo = req.bitgo;
-  const kms = new KmsClient();
+  const kms = new KmsClient(req.config);
 
   // Retrieve the private key from KMS
   let prv: string;

src/app.ts

@@ -1,4 +1,4 @@
-import { determineAppMode, AppMode } from './config';
+import { determineAppMode, AppMode } from './initConfig';
 import * as enclavedApp from './enclavedApp';
 import * as masterExpressApp from './masterExpressApp';
 import logger from './logger';

src/enclavedApp.ts

@@ -4,7 +4,7 @@ import http from 'http';
 import morgan from 'morgan';
 import { SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 } from 'constants';
 
-import { EnclavedConfig, config, TlsMode, isEnclavedConfig } from './config';
+import { EnclavedConfig, initConfig, TlsMode, isEnclavedConfig } from './initConfig';
 import { setupRoutes } from './routes/enclaved';
 import {
   setupLogging,
@@ -117,7 +117,7 @@ export function app(cfg: EnclavedConfig): express.Application {
 }
 
 export async function init(): Promise<void> {
-  const cfg = config();
+  const cfg = initConfig();
 
   // Type-safe validation that we're in enclaved mode
   if (!isEnclavedConfig(cfg)) {

src/config.ts src/initConfig.tssrc/config.ts renamed to src/initConfig.ts

@@ -214,8 +214,8 @@ function masterExpressEnvConfig(): Partial<MasterExpressConfig> {
     throw new Error('ENCLAVED_EXPRESS_URL environment variable is required and cannot be empty');
   }
 
-  if (!enclavedExpressCert) {
-    throw new Error('ENCLAVED_EXPRESS_CERT environment variable is required and cannot be empty');
+  if (tlsMode === TlsMode.MTLS && !enclavedExpressCert) {
+    throw new Error('ENCLAVED_EXPRESS_CERT environment variable is required for MTLS mode.');
   }
 
   // Debug mTLS environment variables
@@ -375,7 +375,7 @@ export function configureMasterExpressMode(): MasterExpressConfig {
 // MAIN CONFIG FUNCTION
 // ============================================================================
 
-export function config(): Config {
+export function initConfig(): Config {
   const appMode = determineAppMode();
 
   if (appMode === AppMode.ENCLAVED) {

src/kms/kmsClient.ts

@@ -1,6 +1,6 @@
 import debug from 'debug';
 import * as superagent from 'superagent';
-import { config, isMasterExpressConfig } from '../config';
+import { EnclavedConfig, isMasterExpressConfig } from '../initConfig';
 import { PostKeyKmsSchema, PostKeyParams, PostKeyResponse } from './types/postKey';
 import { GetKeyKmsSchema, GetKeyParams, GetKeyResponse } from './types/getKey';
 
@@ -9,8 +9,7 @@ const debugLogger = debug('bitgo:express:kmsClient');
 export class KmsClient {
   private readonly url: string;
 
-  constructor() {
-    const cfg = config();
+  constructor(cfg: EnclavedConfig) {
     if (isMasterExpressConfig(cfg)) {
       throw new Error('Configuration is not in enclaved express mode');
     }

src/masterBitgoExpress/handleSendMany.ts

@@ -2,7 +2,7 @@ import { RequestTracer, PrebuildTransactionOptions, Memo, KeyIndices } from '@bi
 import { createEnclavedExpressClient } from './enclavedExpressClient';
 import logger from '../logger';
 import { MasterApiSpecRouteRequest } from './routers/masterApiSpec';
-import { isMasterExpressConfig } from '../config';
+import { isMasterExpressConfig } from '../initConfig';
 
 /**
  * Defines the structure for a single recipient in a send-many transaction.

src/masterBitgoExpress/routers/enclavedExpressHealth.ts

@@ -4,7 +4,7 @@ import { createRouter, type WrappedRouter } from '@api-ts/typed-express-router';
 import { Response } from '@api-ts/response';
 import https from 'https';
 import superagent from 'superagent';
-import { MasterExpressConfig, TlsMode } from '../../config';
+import { MasterExpressConfig, TlsMode } from '../../initConfig';
 import logger from '../../logger';
 import { responseHandler } from '../../shared/middleware';
 

src/masterBitgoExpress/routers/masterApiSpec.ts

@@ -14,7 +14,7 @@ import {
 import { Response } from '@api-ts/response';
 import express from 'express';
 import { BitGoRequest } from '../../types/request';
-import { MasterExpressConfig } from '../../config';
+import { MasterExpressConfig } from '../../initConfig';
 import { handleGenerateWalletOnPrem } from '../generateWallet';
 import { prepareBitGo, responseHandler } from '../../shared/middleware';
 import { handleSendMany } from '../handleSendMany';