feat: added partial typing - eve calls from mbe

mtexeira-simtlix · mtexeira-simtlix · commit acc36e2c2802 · 2025-06-12T10:17:15.000-03:00
diff --git a/src/api/enclaved/recoveryMultisigTransaction.ts b/src/api/enclaved/recoveryMultisigTransaction.ts
@@ -0,0 +1,223 @@
+// TODO: based on the original signMultisigTransaction.ts file.
+// Added this one because things like verify transaction doesn't seems to be present during recovery (in my limited experience)
+// But I want to commit something that could be fused later on with the normal signing
+
+import { SignFinalOptions } from '@bitgo/abstract-eth';
+import { MethodNotImplementedError } from 'bitgo';
+import { EnclavedApiSpecRouteRequest } from '../../enclavedBitgoExpress/routers/enclavedApiSpec';
+import { KmsClient } from '../../kms/kmsClient';
+import logger from '../../logger';
+import { isEosCoin, isEthCoin, isStxCoin, isUtxoCoin, isXtzCoin } from '../../shared/coinUtils';
+
+export async function recoveryMultisigTransaction(
+  req: EnclavedApiSpecRouteRequest<'v1.multisig.recovery', 'post'>,
+): Promise<any> {
+  const {
+    userPub,
+    backupPub,
+    walletContractAddress,
+    recoveryDestinationAddress,
+    recoveryParams,
+    apiKey,
+  } = req.body;
+
+  //fetch prv and check that pub are valid
+  const userPrv = await retrieveKmsKey({ pub: userPub, source: 'user' });
+  const backupPrv = await retrieveKmsKey({ pub: backupPub, source: 'user' });
+
+  if (!userPrv || !backupPrv) {
+    const errorMsg = `Error while recovery wallet, missing prv keys for user or backup on pub keys user=${userPub}, backup=${backupPub}`;
+    logger.error(errorMsg);
+    throw new Error(errorMsg);
+  }
+
+  const bitgo = req.bitgo;
+  const coin = bitgo.coin(req.params.coin);
+
+  //construct a common payload for the recovery that it's repeated in any kind of recovery
+  const commonRecoveryParams = {
+    userKey: userPub,
+    backupKey: backupPub,
+    walletContractAddress,
+    recoveryDestination: recoveryDestinationAddress,
+    // TODO: api key is not used so far because of a missconfig error on the bitgo obj
+    apiKey,
+  };
+
+  // The signed transaction format depends on the coin type so we do this check as a guard
+  // If you check the type of coin before and after the "if", you may see "BaseCoin" vs "AbstractEthLikeCoin"
+  if (coin.isEVM()) {
+    // Every recovery method on every coin family varies one from another so we need to ensure with a guard.
+    if (isEthCoin(coin)) {
+      // TODO: populate coinSpecificParams with things like replayProtectionOptions
+      // coinSpecificParams type could be "recoverOptions"
+      try {
+        const unsignedTx = await coin.recover({
+          ...commonRecoveryParams,
+          //TODO: it's needed for keycard debugging, the walletPassphrase
+          //walletPassphrase: passphrase,
+        });
+
+        const halfSignedTx = await coin.signTransaction({
+          isLastSignature: false,
+          prv: userPrv,
+          txPrebuild: { ...unsignedTx } as unknown as SignFinalOptions,
+        });
+
+        const { halfSigned } = halfSignedTx as any;
+        const fullSignedTx = await coin.signTransaction({
+          isLastSignature: true,
+          prv: backupPrv,
+          txPrebuild: {
+            ...halfSignedTx,
+            txHex: halfSigned.signatures,
+            halfSigned,
+          },
+          signingKeyNonce: halfSigned.signingKeyNonce ?? 0,
+          backupKeyNonce: halfSigned.backupKeyNonce ?? 0,
+          recipients: halfSigned.recipients ?? [],
+        });
+
+        return fullSignedTx;
+      } catch (error) {
+        logger.error('error while recovering wallet transaction:', error);
+        throw error;
+      }
+    } else {
+      const errorMsg = 'Unsupported coin type for recovery: ' + req.params.coin;
+      logger.error(errorMsg);
+      throw new Error(errorMsg);
+    }
+  } else {
+    // TODO: from now on, this part isn't tested as we're lacking funds/apiKeys/etc
+    // TODO: WIP
+    // TODO (can't advance): XTZ throws a method not implemented on recover.
+    if (isXtzCoin(coin)) {
+      try {
+        const unsignedTx = await coin.recover({
+          ...commonRecoveryParams,
+        });
+
+        //TODO: fill this fields, check output from recover when recover implemented on sdk for xtz
+        const txHex = '';
+        const txInfo = 'txInfo' in unsignedTx ? unsignedTx.txInfo : undefined;
+        const addressInfo = 'addressInfo' in unsignedTx ? unsignedTx.addressInfo : undefined;
+        const feeInfo = 'feeInfo' in unsignedTx ? unsignedTx.feeInfo : undefined;
+        const source = '';
+        const dataToSign = '';
+
+        const halfSignedTx = await coin.signTransaction({
+          txPrebuild: {
+            txHex,
+            txInfo,
+            addressInfo,
+            feeInfo,
+            source,
+            dataToSign,
+          },
+          prv: userPrv,
+        });
+        //TODO: continue with full sign and return that
+        //      still needs to be tested in order to deduce min payload
+        return halfSignedTx;
+      } catch (err) {
+        console.log(err);
+        throw err;
+      }
+    } else if (isStxCoin(coin)) {
+      //TODO: (implementation untested): prioritize eth and btc instead of stc, when the other couple finished, go back to STX
+      try {
+        const unsignedTx = await coin.recover({
+          ...commonRecoveryParams,
+          rootAddress: walletContractAddress, // TODO: is a root address the same as wallet contract address? where does root address comes from if not?
+        });
+        //TODO: continue with half sign and return that
+        return unsignedTx;
+      } catch (err) {
+        console.log(err);
+        throw err;
+      }
+    } else if (isEosCoin(coin)) {
+      // TODO (implementation untested): we need some funds but faucets not working
+      try {
+        const unsignedTx = await coin.recover({
+          ...commonRecoveryParams,
+        });
+
+        //TODO: continue with half sign and return that
+        return unsignedTx;
+      } catch (err) {
+        console.log(err);
+        throw err;
+      }
+    } else if (isUtxoCoin(coin)) {
+      //TODO (implementation untested): we need an API key to complete/test btc flow
+      //TODO: do we need a special case for BTC or is another UTXO-based coin?
+
+      const { bitgoPub } = recoveryParams;
+      if (!bitgoPub) {
+        logger.error('Missing bitgoPub in recoveryParams for UTXO coin recovery');
+        throw new Error('Missing bitgoPub in recoveryParams for UTXO coin recovery');
+      }
+      try {
+        const unsignedTx = await coin.recover({
+          ...commonRecoveryParams,
+          bitgoKey: bitgoPub,
+          ignoreAddressTypes: recoveryParams.ignoreAddressTypes || [],
+        });
+
+        // some guards as the types have some imcompatibilities issues
+        const txInfo = 'txInfo' in unsignedTx ? unsignedTx.txInfo : undefined;
+        const txHex = 'txHex' in unsignedTx ? unsignedTx.txHex : '';
+
+        const halfSignedTx = await coin.signTransaction({
+          txPrebuild: {
+            txHex,
+            txInfo,
+          },
+          prv: userPrv,
+        });
+
+        const fullSignedTx = await coin.signTransaction({
+          //TODO: check the body of this based on halfSignedTx output
+          isLastSignature: true,
+          txPrebuild: {
+            txHex,
+            txInfo,
+          },
+          signingStep: 'cosignerNonce',
+        });
+
+        console.log(halfSignedTx);
+        throw new MethodNotImplementedError(
+          'Full signing for UTXO coins is not implemented in recovery yet. Please implement it.',
+        );
+
+        return fullSignedTx;
+      } catch (err) {
+        console.log(err);
+        throw err;
+      }
+    } else {
+      throw new Error('Unsupported coin type for recovery: ' + coin);
+    }
+  }
+}
+
+// TODO: this function is duplicated in multisigTransactioSign.ts but as hardcoded.
+//       move both to an utils file
+async function retrieveKmsKey({ pub, source }: { pub: string; source: string }): Promise<string> {
+  const kms = new KmsClient();
+  // Retrieve the private key from KMS
+  let prv: string;
+  try {
+    const res = await kms.getKey({ pub, source });
+    prv = res.prv;
+    return prv;
+  } catch (error: any) {
+    throw {
+      status: error.status || 500,
+      message: error.message || 'Failed to retrieve key from KMS',
+    };
+  }
+}
diff --git a/src/enclavedBitgoExpress/routers/enclavedApiSpec.ts b/src/enclavedBitgoExpress/routers/enclavedApiSpec.ts
@@ -1,23 +1,24 @@
-import * as t from 'io-ts';
 import {
   apiSpec,
-  httpRoute,
+  Method as HttpMethod,
   httpRequest,
   HttpResponse,
-  Method as HttpMethod,
+  httpRoute,
 } from '@api-ts/io-ts-http';
+import { Response } from '@api-ts/response';
 import {
   createRouter,
-  type WrappedRouter,
   TypedRequestHandler,
+  type WrappedRouter,
 } from '@api-ts/typed-express-router';
-import { Response } from '@api-ts/response';
 import express from 'express';
-import { BitGoRequest } from '../../types/request';
-import { EnclavedConfig } from '../../types';
+import * as t from 'io-ts';
 import { postIndependentKey } from '../../api/enclaved/postIndependentKey';
+import { recoveryMultisigTransaction } from '../../api/enclaved/recoveryMultisigTransaction';
 import { signMultisigTransaction } from '../../api/enclaved/signMultisigTransaction';
 import { prepareBitGo, responseHandler } from '../../shared/middleware';
+import { EnclavedConfig } from '../../types';
+import { BitGoRequest } from '../../types/request';
 
 // Request type for /key/independent endpoint
 const IndependentKeyRequest = {
@@ -39,7 +40,7 @@ const IndependentKeyResponse: HttpResponse = {
 const SignMultisigRequest = {
   source: t.string,
   pub: t.string,
-  txPrebuild: t.any, // TransactionPrebuild type from BitGo
+  txPrebuild: t.any,
 };
 
 // Response type for /multisig/sign endpoint
@@ -52,6 +53,25 @@ const SignMultisigResponse: HttpResponse = {
   }),
 };
 
+// Request type for /multisig/recovery endpoint
+const RecoveryMultisigRequest = {
+  userPub: t.string,
+  backupPub: t.string,
+  walletContractAddress: t.string,
+  recoveryDestinationAddress: t.string,
+  recoveryParams: t.any, // TODO: add more precise typing
+};
+
+// Response type for /multisig/recovery endpoint
+const RecoveryMultisigResponse: HttpResponse = {
+  // TODO: Define proper response type for recovery multisig transaction
+  200: t.any, // the full signed tx
+  500: t.type({
+    error: t.string,
+    details: t.string,
+  }),
+};
+
 // API Specification
 export const EnclavedAPiSpec = apiSpec({
   'v1.multisig.sign': {
@@ -68,6 +88,20 @@ export const EnclavedAPiSpec = apiSpec({
       description: 'Sign a multisig transaction',
     }),
   },
+  'v1.multisig.recovery': {
+    post: httpRoute({
+      method: 'POST',
+      path: '/{coin}/multisig/recovery',
+      request: httpRequest({
+        params: {
+          coin: t.string,
+        },
+        body: RecoveryMultisigRequest,
+      }),
+      response: RecoveryMultisigResponse,
+      description: 'Recover a multisig transaction',
+    }),
+  },
   'v1.key.independent': {
     post: httpRoute({
       method: 'POST',
@@ -121,5 +155,13 @@ export function createKeyGenRouter(config: EnclavedConfig): WrappedRouter<typeof
     }),
   ]);
 
+  router.post('v1.multisig.recovery', [
+    responseHandler<EnclavedConfig>(async (req) => {
+      const typedReq = req as EnclavedApiSpecRouteRequest<'v1.multisig.recovery', 'post'>;
+      const result = await recoveryMultisigTransaction(typedReq);
+      return Response.ok(result);
+    }),
+  ]);
+
   return router;
 }
diff --git a/src/masterBitgoExpress/recoveryWallet.ts b/src/masterBitgoExpress/recoveryWallet.ts
