updated ethereum api to allow signing and sending raw transactions with private keys;

ar-to · ar-to · commit 3b2189246b1b · 2018-05-18T17:10:31.000-07:00
diff --git a/README.md b/README.md
@@ -358,6 +358,20 @@ The following endpoints can be used to get information about blocks and even tra
 
 - `api/eth/block/2?showTx=true&useString=latest` : 1 is the blocknumber, the query `showTx` will show the transaction object in the output when set to true, and the query `useString` will overwrite the block number and use one of the strings used in the [getBlock api](http://web3js.readthedocs.io/en/1.0/web3-eth.html#getblock) such as `latest` to get the most recent block.
 
+### Create address
+
+GET request
+```
+http://localhost:3000/api/eth/create-account
+```
+
+### Get public address from private key
+
+GET request
+```
+http://localhost:3000/api/eth/get-account/{privatekey}
+```
+
 ### Get Transaction info
 
 
@@ -425,7 +439,7 @@ Note: you may notice that `nonce` is not a parameter accepted for changing becau
 
 ### Send Transaction
 
-Sending a transaction uses the `paramsUpdated` object and passes it to `web3.eth.sendTransaction(paramsUpdated)`
+Sending a transaction uses the `paramsUpdated` object and passes it to `web3.eth.sendTransaction(paramsUpdated)` and **requires a the from address to be an unlocked keystore address from inside the node**
 
 output 
 
@@ -444,6 +458,54 @@ output
 }
 ```
 
+### Sign and Send Manually
+
+To sign with a private key and send the raw transaction follow these instructions for constructing your request:
+
+#### Get Transaction Info
+
+`http://localhost:3000/api/eth/send-tx-info` POST request with the following json to see your data:
+
+```
+{
+  "from": "0xA8D26e47CD1CB6Fc0803cA7D64D395bb38bc33de",
+  "to": "0x87E426ff6Deb0dF15CD98CAae0F63cf027D711b3",
+  "value": "0.002"
+}
+```
+
+If you are sending transactions from the same `from` address consecutively, you will need to increase the nonce by one so add it to your request
+
+```
+  "nonce": 1
+```
+You will see the a change in the nonce. You want to pay attention to the `paramsToSign` parameter because it will be used to sign the transaction next.
+
+#### Sign transaction
+
+`http://localhost:3000/api/eth/sign-tx` and pass the POST request json:
+
+```
+{
+  "from": "0xA8D26e47CD1CB6Fc0803cA7D64D395bb38bc33de",
+  "to": "0x87E426ff6Deb0dF15CD98CAae0F63cf027D711b3",
+  "value": "0.002",
+  "privateKey": "0x7f74657374320000000000000000000000000000000000000000000000000057"
+}
+```
+See [web3 api](http://web3js.readthedocs.io/en/1.0/web3-eth-accounts.html#signtransaction) for details on the out put and grab the `rawTransaction` parameter hex encoded transaction
+
+
+#### Send Signed Transaction
+
+`http://localhost:3000/api/eth/send-signed-tx` POST request with json:
+
+```
+{
+	"rawTransaction": "0xf86b04850218711a008252089487e426ff6deb0df15cd98caae0f63cf027d711b387071afd498d00008029a063542de27e66ea4a92f1270cbef3cd6ed9ad0b8bafbdcd0cedfcc25e2d731da7a05a7fb9dec086a6b1e4c0c19410b1b2f10a76c9f6198351731e92096534b67624"
+}
+```
+
 ## Endpoints
 
 ```
@@ -587,6 +649,12 @@ output
             "GET"
         ]
     },
+    {
+        "path": "/api/eth/get-account/:privateKey",
+        "methods": [
+            "GET"
+        ]
+    },
     {
         "path": "/api/eth/accounts",
         "methods": [
@@ -599,6 +667,18 @@ output
             "POST"
         ]
     },
+    {
+        "path": "/api/eth/sign-tx",
+        "methods": [
+            "POST"
+        ]
+    },
+    {
+        "path": "/api/eth/send-signed-tx",
+        "methods": [
+            "POST"
+        ]
+    },
     {
         "path": "/api/eth/send-tx",
         "methods": [
diff --git a/package.json b/package.json
@@ -15,6 +15,7 @@
     "debug": "~2.6.9",
     "dotenv": "^5.0.1",
     "ejs": "~2.5.7",
+    "ethereumjs-tx": "^1.3.4",
     "express": "~4.16.0",
     "express-list-endpoints": "^3.0.1",
     "http-errors": "~1.6.2",
diff --git a/server/app/controllers/api-ethereum.js b/server/app/controllers/api-ethereum.js
@@ -53,6 +53,11 @@ module.exports = {
       return res.send(value)
     });
   },
+  privateKeyToAccount: function (req, res, next) {
+    ethereum.privateKeyToAccount(req.params.privateKey).then((value) => {
+      return res.send(value)
+    });
+  },
   getAccounts: function (req, res, next) {
     ethereum.getAccounts().then((value) => {
       return res.send(value)
@@ -66,6 +71,25 @@ module.exports = {
         });
       })
   },
+  signTransaction: async function (req, res, next) {
+    await validateBody(res, req.body)
+      .then((obj) => {
+        let validPrivateKey = ethereum.validatePrivateKey(obj.privateKey);
+        if (validPrivateKey) {
+          ethereum.signTransaction(obj).then((value) => {
+            return (value.error != null ? res.status(404).send(value).end() : res.send(value))
+          });
+        }
+        else {
+          return res.status(404).send(new Object({ error: "Missing or Invalid private Key" })).end()
+        }
+      })
+  },
+  sendSignedTransaction: async function (req, res, next) {
+    ethereum.sendSignedTransaction(req.body.rawTransaction).then((value) => {
+      return (value.error != null ? res.status(404).send(value).end() : res.send(value))
+    });
+  },
   sendTransaction: async function (req, res, next) {
     await validateBody(res, req.body)
       .then((obj) => {
@@ -80,6 +104,7 @@ async function validateBody(res, body) {
   return new Promise((resolve, reject) => {
     if (typeof body === 'object' && Object.keys(body).length != 0) {
       let obj = {};
+      obj.from = body.from != null ? body.from : null;
       obj.from = body.from != null && web3.utils.isAddress(body.from) ? body.from : obj.error = 'invalid address';
       obj.to = body.to != null && web3.utils.isAddress(body.to) ? body.to : obj.error = 'invalid address';
       obj.value = body.value != null && typeof body.value === 'string' ? body.value : obj.error = "value missing or is not a string number";
@@ -88,6 +113,8 @@ async function validateBody(res, body) {
       }
       obj.gas = body.gas != null ? body.gas : null;
       obj.gasPrice = body.gasPrice != null && typeof body.gasPrice === 'string' ? body.gasPrice : null;
+      obj.privateKey = body.privateKey != null ? body.privateKey : null;
+      obj.nonce = body.nonce != null ? body.nonce : null;
       if (obj.error) {
         res.status(404).send(obj).end();
       } else {
@@ -97,4 +124,4 @@ async function validateBody(res, body) {
       res.status(404).send('missing or invalid request json object').end();
     }
   })
-}
+}
diff --git a/server/app/helpers/ethereum.js b/server/app/helpers/ethereum.js
@@ -7,6 +7,27 @@ const gasAPI = "https://ethgasstation.info/json/ethgasAPI.json";
 var e; //await function
 
 Ethereum = {
+  /**
+   * validate private key by checking its public key is valid
+   * Can prob use a more standard way instead
+   * @param {string} privateKey is the string of the key passed
+   * @return {boolean} true is valid
+   */
+  validatePrivateKey: function (privateKey) {
+    if (privateKey != null) {
+      let accountObject = web3.eth.accounts.privateKeyToAccount(privateKey);
+      let publicAddress = accountObject.address;
+      if (web3.utils.isAddress(publicAddress)) {
+        return true;
+      }
+      return false;
+    }
+    return false;
+  },
+  /**
+   * syncing refers to the node being up to date with regards to the latest blockchain block number
+   * @return {(Object|boolean)} return true if up to date and object of current/highest block height otherwise
+   */
   isSyncing: async function () {
     let obj = {};
     return await web3.eth.isSyncing()
@@ -128,6 +149,18 @@ Ethereum = {
       resolve(e);
     }))
   },
+  /**
+   * Gets the public address from private key
+   * @param {(string|hex)} privateKey is a valid private key
+   */
+  privateKeyToAccount: async function (privateKey) {
+    return new Promise(((resolve, reject) => {
+      // e = web3.eth.accounts.privateKeyToAccount("0x137450319cc21f2d3130a1b54f5796f1534a5b6f4c2cdd57e692f06518fa9d9a");
+      e = web3.eth.accounts.privateKeyToAccount(privateKey);
+      // console.log('new', e);
+      resolve(e);
+    }))
+  },
   /**
    * Get all accounts generated and saved to node
    * @return {(Promise|Object.<Array>)} obj with array of all accounts
@@ -162,6 +195,52 @@ Ethereum = {
       });
     return e;
   },
+  /**
+   * Sign transaction with tx object and private key
+   * @param {Object} txObject is the transaction object
+   * @return {(Promise|Object)} signed object with rawTransaction data to be used for sending transaction
+   */
+  signTransaction: async function (txObject) {
+    let obj = {};
+    e = await processTxInfoData(txObject)
+      .then(function (result) {
+        return web3.eth.accounts.signTransaction(result.paramsToSign, txObject.privateKey)
+          .then(function (result) {
+            return result;
+          }).catch(function (err) {
+            // console.log('sign error', err.message);
+            obj.error = err.message;
+            return obj
+          });
+      }).catch(function (err) {
+        // console.log('tx info error', err.message);
+        obj.error = err.message
+        return obj;
+      });
+    return e;
+  },
+  /**
+   * Send signed transaction
+   * @param {string} signedTransactionData is the hex encoded data of the raw transaction to send
+   * @return {(Promise|Object)} 
+   */
+  sendSignedTransaction: async function (signedTransactionData) {
+    let obj = {};
+    return new Promise(((resolve, reject) => {
+      let e = web3.eth.sendSignedTransaction(signedTransactionData, (error, hash) => {
+        if (!error) {
+          // console.log('sent hash', hash);
+          obj.txHash = hash;
+          resolve(obj);
+        } else {
+          // console.log('sent error', error.message);
+          obj.error = error.message;
+          resolve(obj)
+        }
+      })
+      return e;
+    }));
+  },
   /**
    * Send a transaction with node accounts to avoid using private keys
    * The transaction object passed comes from the completed object 
@@ -229,12 +308,26 @@ async function processTxInfoData(txObject) {
     }
     // let gasPrice = gasPriceTypeCustom != null ? gasPrices[gasPriceTypeCustom] * 1000000000 : gasPriceDefault;
 
+    // get nonce
+    let nonce;
+    await web3.eth.getTransactionCount(txObject.from).then((result) => {
+      // add nonce to current nonce if passed to request else return current nonce
+      if (txObject.nonce) {
+        nonce = result + txObject.nonce;
+      } else {
+        nonce = result;
+      }
+    })
+      .catch((error) => {
+        reject(new Error('failed to get nonce'))
+      });
+
     // set tx object to calculate transaction gas
     let params = {
       "from": txObject.from,
       "to": txObject.to,
       "gasPrice": gasPrice,
-      // "nonce": nonce,
+      "nonce": nonce,
       "value": wei
     };
     // get transaction gas
@@ -260,9 +353,23 @@ async function processTxInfoData(txObject) {
       "to": txObject.to,
       "gas": gas,
       "gasPrice": gasPrice,
-      // "nonce": nonce,
+      "nonce": nonce,
+      "value": wei
+    };
+    let paramsToSign1 = {
+      "to": txObject.to,
+      "gas": gas,
+      "gasPrice": gasPrice,
+      "nonce": nonce,
       "value": wei
     };
+    let paramsToSign = {
+      "to": web3.utils.toHex(txObject.to),
+      "gas": web3.utils.toHex(gas),
+      "gasPrice": web3.utils.toHex(gasPrice),
+      "nonce": web3.utils.toHex(nonce),
+      "value": web3.utils.toHex(wei)
+    };
     obj.amountToSendEther = txObject.value;
     obj.amountToSendWei = wei;
     obj.gasPrices = gasPrices;
@@ -273,6 +380,8 @@ async function processTxInfoData(txObject) {
     obj.estimatedGas = estimatedGas;
     obj.gas = gas;
     obj.params = params;
+    obj.paramsToSign1 = paramsToSign1;
+    obj.paramsToSign = paramsToSign;
     obj.paramsUpdated = paramsUpdated;
     resolve(obj);
   })
diff --git a/server/app/routes/api-ethereum.js b/server/app/routes/api-ethereum.js
@@ -23,8 +23,13 @@ router.get('/block/:blockNumber', ethereumApi.getBlock);
 router.get('/tx/:transactionHash', ethereumApi.getTransaction);
 router.get('/tx-from-block/:hashStringOrNumber', ethereumApi.getTransactionFromBlock);
 router.get('/create-account', ethereumApi.createAccount);
+router.get('/get-account/:privateKey', ethereumApi.privateKeyToAccount);
 router.get('/accounts', ethereumApi.getAccounts);
 router.post('/send-tx-info', ethereumApi.sendTransactionInfo);
+router.post('/sign-tx',ethereumApi.signTransaction);//takes tx object and private key and creates rawData
+router.post('/send-signed-tx',ethereumApi.sendSignedTransaction);//send signed data
+// router.post('/sign-send-tx',ethereumApi.sendSignedTransaction);//signs and sends tx
+// these endpoints use the keystore addresses
 router.post('/send-tx', ethereumApi.sendTransaction);
 
 module.exports = router;
