feat(mbe): create sendMany API signing with ebe

Ticket: 4689

Author: pranavjain97

src/masterBitgoExpress/enclavedExpressClient.ts

@@ -3,6 +3,8 @@ import https from 'https';
 import debug from 'debug';
 import { MasterExpressConfig } from '../types';
 import { TlsMode } from '../types';
+import { SignMultisigOptions } from '../types/masterApiTypes';
+import { SignedTransaction } from '@bitgo/sdk-core';
 
 const debugLogger = debug('bitgo:express:enclavedExpressClient');
 
@@ -62,15 +64,20 @@ export class EnclavedExpressClient {
     });
   }
 
+  /**
+   * Configure the request to use the appropriate TLS mode
+   */
+  private configureRequest(request: superagent.SuperAgentRequest): superagent.SuperAgentRequest {
+    if (this.tlsMode === TlsMode.MTLS) {
+      return request.agent(this.createHttpsAgent());
+    }
+    return request;
+  }
+
   async ping(): Promise<void> {
     try {
       debugLogger('Pinging enclaved express at %s', this.baseUrl);
-      if (this.tlsMode === TlsMode.MTLS) {
-        await superagent.get(`${this.baseUrl}/ping`).agent(this.createHttpsAgent()).send();
-      } else {
-        // When TLS is disabled, use plain HTTP without any TLS configuration
-        await superagent.get(`${this.baseUrl}/ping`).send();
-      }
+      await this.configureRequest(superagent.get(`${this.baseUrl}/ping`)).send();
     } catch (error) {
       const err = error as Error;
       debugLogger('Failed to ping enclaved express: %s', err.message);
@@ -90,20 +97,9 @@ export class EnclavedExpressClient {
 
     try {
       debugLogger('Creating independent keychain for coin: %s', this.coin);
-      let response;
-      if (this.tlsMode === TlsMode.MTLS) {
-        response = await superagent
-          .post(`${this.baseUrl}/api/${this.coin}/key/independent`)
-          .agent(this.createHttpsAgent())
-          .type('json')
-          .send(params);
-      } else {
-        // When TLS is disabled, use plain HTTP without any TLS configuration
-        response = await superagent
-          .post(`${this.baseUrl}/api/${this.coin}/key/independent`)
-          .type('json')
-          .send(params);
-      }
+      const response = await this.configureRequest(
+        superagent.post(`${this.baseUrl}/api/${this.coin}/key/independent`).type('json'),
+      ).send(params);
 
       return response.body;
     } catch (error) {
@@ -112,6 +108,27 @@ export class EnclavedExpressClient {
       throw err;
     }
   }
+
+  /**
+   * Sign a multisig transaction
+   */
+  async signMultisig(params: SignMultisigOptions): Promise<SignedTransaction> {
+    if (!this.coin) {
+      throw new Error('Coin must be specified to sign a multisig');
+    }
+
+    try {
+      const res = await this.configureRequest(
+        superagent.post(`${this.baseUrl}/api/${this.coin}/signMultisig`).type('json'),
+      ).send(params);
+
+      return res.body;
+    } catch (error) {
+      const err = error as Error;
+      debugLogger('Failed to sign multisig: %s', err.message);
+      throw err;
+    }
+  }
 }
 
 /**

src/masterBitgoExpress/handleSendMany.ts

@@ -0,0 +1,77 @@
+import { RequestTracer, PrebuildTransactionOptions, Memo } from '@bitgo/sdk-core';
+import { BitGoRequest } from '../types/request';
+import { createEnclavedExpressClient } from './enclavedExpressClient';
+import logger from '../logger';
+import { SendManyRequest } from './routers/masterApiSpec';
+import { TypeOf } from 'io-ts';
+
+export async function handleSendMany(req: BitGoRequest) {
+  const enclavedExpressClient = createEnclavedExpressClient(req.config, req.params.coin);
+  if (!enclavedExpressClient) {
+    throw new Error('Please configure enclaved express configs to sign the transactions.');
+  }
+  const reqId = new RequestTracer();
+  const bitgo = req.bitgo;
+  const baseCoin = bitgo.coin(req.params.coin);
+
+  const params = req.body as TypeOf<typeof SendManyRequest>;
+  const walletId = req.params.walletId;
+  const wallet = await baseCoin.wallets().get({ id: walletId, reqId });
+  if (!wallet) {
+    throw new Error(`Wallet ${walletId} not found`);
+  }
+
+  if (wallet.type() !== 'cold' || wallet.subType() !== 'onPrem') {
+    throw new Error('Wallet is not an on-prem wallet');
+  }
+
+  // Get the signing keychains
+  const signingKeychains = await baseCoin.keychains().getKeysForSigning({
+    wallet,
+    reqId,
+  });
+
+  // Find the user keychain for signing
+  const signingKeychain = signingKeychains.find((k) => k.source === params.source);
+  if (!signingKeychain) {
+    throw new Error(`Signing keychain for ${params.source} not found`);
+  }
+
+  try {
+    const prebuildParams: PrebuildTransactionOptions = {
+      ...params,
+      // Convert memo string to Memo object if present
+      memo: params.memo ? ({ type: 'text', value: params.memo } as Memo) : undefined,
+    };
+
+    // First build the transaction
+    const txPrebuild = await wallet.prebuildTransaction({
+      ...prebuildParams,
+      reqId,
+    });
+
+    // Then sign it using the enclaved express client
+    const signedTx = await enclavedExpressClient.signMultisig({
+      txPrebuild,
+      source: params.source,
+      pub: signingKeychain.pub,
+    });
+
+    // Get extra prebuild parameters
+    const extraParams = await baseCoin.getExtraPrebuildParams({
+      ...params,
+      wallet,
+    });
+
+    // Combine the signed transaction with extra parameters
+    const finalTxParams = { ...signedTx, ...extraParams };
+
+    // Submit the half signed transaction
+    const result = (await wallet.submitTransaction(finalTxParams, reqId)) as any;
+    return result;
+  } catch (error) {
+    const err = error as Error;
+    logger.error('Failed to send many: %s', err.message);
+    throw err;
+  }
+}

src/masterBitgoExpress/routers/masterApiSpec.ts

@@ -8,6 +8,7 @@ import { BitGoRequest, isBitGoRequest } from '../../types/request';
 import { MasterExpressConfig } from '../../config';
 import { handleGenerateWalletOnPrem } from '../generateWallet';
 import { withResponseHandler } from '../../shared/responseHandler';
+import { handleSendMany } from '../handleSendMany';
 
 // Middleware functions
 export function parseBody(req: express.Request, res: express.Response, next: express.NextFunction) {
@@ -68,6 +69,60 @@ const GenerateWalletRequest = {
   isDistributedCustody: t.union([t.undefined, t.boolean]),
 };
 
+export const SendManyRequest = t.intersection([
+  t.type({
+    pubkey: t.string,
+    source: t.union([t.literal('user'), t.literal('backup')]),
+    recipients: t.array(
+      t.type({
+        address: t.string,
+        amount: t.union([t.string, t.number]),
+        feeLimit: t.union([t.undefined, t.string]),
+        data: t.union([t.undefined, t.string]),
+        tokenName: t.union([t.undefined, t.string]),
+        tokenData: t.union([t.undefined, t.any]),
+      }),
+    ),
+  }),
+  t.partial({
+    numBlocks: t.number,
+    feeRate: t.number,
+    feeMultiplier: t.number,
+    maxFeeRate: t.number,
+    minConfirms: t.number,
+    enforceMinConfirmsForChange: t.boolean,
+    targetWalletUnspents: t.number,
+    message: t.string,
+    minValue: t.union([t.number, t.string]),
+    maxValue: t.union([t.number, t.string]),
+    sequenceId: t.string,
+    lastLedgerSequence: t.number,
+    ledgerSequenceDelta: t.number,
+    gasPrice: t.number,
+    noSplitChange: t.boolean,
+    unspents: t.array(t.string),
+    comment: t.string,
+    otp: t.string,
+    changeAddress: t.string,
+    allowExternalChangeAddress: t.boolean,
+    instant: t.boolean,
+    memo: t.string,
+    transferId: t.number,
+    eip1559: t.any,
+    gasLimit: t.number,
+    custodianTransactionId: t.string,
+  }),
+]);
+
+export const SendManyResponse: HttpResponse = {
+  // TODO: Get type from public types repo / Wallet Platform
+  200: t.any,
+  500: t.type({
+    error: t.string,
+    details: t.string,
+  }),
+};
+
 // API Specification
 export const MasterApiSpec = apiSpec({
   'v1.wallet.generate': {
@@ -84,6 +139,21 @@ export const MasterApiSpec = apiSpec({
       description: 'Generate a new wallet',
     }),
   },
+  'v1.wallet.sendMany': {
+    post: httpRoute({
+      method: 'POST',
+      path: '/{coin}/wallet/{walletId}/sendMany',
+      request: httpRequest({
+        params: {
+          walletId: t.string,
+          coin: t.string,
+        },
+        body: SendManyRequest,
+      }),
+      response: SendManyResponse,
+      description: 'Send many transactions',
+    }),
+  },
 });
 
 // Create router with handlers
@@ -107,5 +177,15 @@ export function createMasterApiRouter(
     }),
   ]);
 
+  router.post('v1.wallet.sendMany', [
+    withResponseHandler(async (req: BitGoRequest | Request) => {
+      if (!isBitGoRequest(req)) {
+        throw new Error('Invalid request type');
+      }
+      const result = await handleSendMany(req);
+      return Response.ok(result);
+    }),
+  ]);
+
   return router;
 }