feat(ebe): hide recovery api under non recovery mode-ebe

Author: cpatino-intive

src/__tests__/api/enclaved/recoveryMultisigTransaction.test.ts

@@ -22,6 +22,7 @@ describe('UTXO recovery', () => {
     tlsMode: TlsMode.DISABLED,
     allowSelfSigned: true,
     kmsUrl: 'kms.example.com',
+    recoveryMode: true,
   };
 
   beforeEach(() => {

src/__tests__/api/enclaved/recoveryMusigEth.test.ts

@@ -40,6 +40,7 @@ describe('recoveryMultisigTransaction', () => {
       kmsUrl: kmsUrl,
       tlsMode: TlsMode.DISABLED,
       allowSelfSigned: true,
+      recoveryMode: true,
     };
 
     configStub = sinon.stub(configModule, 'initConfig').returns(cfg);

src/__tests__/api/enclaved/signMpcRecoveryTransaction.test.ts

@@ -18,6 +18,7 @@ describe('EdDSA Recovery Signing', () => {
     httpLoggerFile: '',
     tlsMode: TlsMode.DISABLED,
     allowSelfSigned: true,
+    recoveryMode: true,
   };
 
   const commonKeychain =

src/api/enclaved/handlers/recoveryMultisigTransaction.ts

@@ -6,7 +6,7 @@ import {
   TransactionRecipient,
 } from '@bitgo-beta/sdk-core';
 import { EnclavedApiSpecRouteRequest } from '../../../enclavedBitgoExpress/routers/enclavedApiSpec';
-import { EnvironmentName } from '../../../initConfig';
+import { EnclavedConfig, EnvironmentName } from '../../../initConfig';
 import logger from '../../../logger';
 import {
   isEthLikeCoin,
@@ -19,12 +19,14 @@ import {
   getReplayProtectionOptions,
 } from '../../../shared/recoveryUtils';
 import { SignedEthLikeRecoveryTx } from '../../../types/transaction';
-import { retrieveKmsPrvKey } from '../utils';
+import { checkRecoveryMode, retrieveKmsPrvKey } from '../utils';
 import coinFactory from '../../../shared/coinFactory';
 
 export async function recoveryMultisigTransaction(
   req: EnclavedApiSpecRouteRequest<'v1.multisig.recovery', 'post'>,
 ): Promise<any> {
+  checkRecoveryMode(req.config as EnclavedConfig);
+
   const { userPub, backupPub, bitgoPub, unsignedSweepPrebuildTx, walletContractAddress, coin } =
     req.decoded;
 

src/api/enclaved/handlers/signEddsaRecoveryTransaction.ts

@@ -10,7 +10,7 @@ import {
 import { Ed25519Bip32HdTree } from '@bitgo-beta/sdk-lib-mpc';
 import { CoinFamily, coins } from '@bitgo-beta/statics';
 import { type KeyPair as SolKeyPair } from '@bitgo-beta/sdk-coin-sol';
-import { retrieveKmsPrvKey } from '../utils';
+import { checkRecoveryMode, retrieveKmsPrvKey } from '../utils';
 import { EnclavedConfig } from '../../../shared/types';
 import logger from '../../../logger';
 
@@ -88,6 +88,8 @@ export async function signEddsaRecoveryTransaction({
   let publicKey = '';
   logger.info(`Received request ${JSON.stringify(request)}`);
 
+  checkRecoveryMode(cfg);
+
   const hdTree = await Ed25519Bip32HdTree.initialize();
   const MPC = await Eddsa.initialize(hdTree);
 

src/api/enclaved/utils.ts

@@ -116,3 +116,11 @@ export async function decryptDataKey({
     };
   }
 }
+
+export function checkRecoveryMode(config: EnclavedConfig) {
+  if (!config.recoveryMode) {
+    throw new Error(
+      'Recovery operations are not enabled. The server must be in recovery mode to perform this action.',
+    );
+  }
+}