feat: new kms api example module branch

TICKET: WP-4379

Author: mtexeira-simtlix

.gitignore

@@ -17,3 +17,4 @@ modules/**/dist/
 modules/**/pack-scoped/
 coverage
 /.direnv/
+*.db

modules/express-kms-api-example/README.md

@@ -0,0 +1,5 @@
+# KMS API example (REST API)
+
+Based on TDD specification [On-Prem Wallets(https://docs.google.com/document/d/1ku2agwirV3tHCJF350VF_uaVx73D6vu7yUBaDp-cxL0/edit?tab=t.0#heading=h.165ukudv7ejt)]
+
+Made with ExpressJS, Typescript and sqlite3.

modules/express-kms-api-example/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "examplekmsapi",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "dev": "npx tsx --watch src/app.ts"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "body-parser": "^2.2.0",
+    "express": "^5.1.0",
+    "sqlite3": "^5.1.7"
+  },
+  "devDependencies": {
+    "@tsconfig/node22": "^22.0.1",
+    "@types/express": "^5.0.1",
+    "@types/node": "^22.15.17",
+    "tsx": "^4.19.4",
+    "typescript": "^5.8.3"
+  }
+}

modules/express-kms-api-example/scripts/create-tables.sql

@@ -0,0 +1,13 @@
+-- TODO: delete this comments! questions for Pranav/Mohammad
+-- Some fields with VARCHAR(X) not sure how many characters
+-- do we need for a coin.
+
+-- I took the fields from the TDD doc on page 3
+-- Not sure also about the prv and pub key length, should we limit them?
+CREATE TABLE PRIVATE_KEYS(
+    id TEXT PRIMARY KEY,
+    coin VARCHAR(30) NOT NULL,
+    source VARCHAR(15) CHECK(source IN ('user', 'backup')) NOT NULL,
+    type VARCHAR(15) CHECK(type IN ('independent', 'tss')) NOT NULL,
+    prv TEXT NOT NULL,
+    pub TEXT NOT NULL);

modules/express-kms-api-example/src/app.ts

@@ -0,0 +1,23 @@
+import bodyParser from 'body-parser';
+import express from 'express';
+import { GET as keyGET } from './controllers/key/GET';
+import { POST as keyPOST } from './controllers/key/POST';
+import { checkApiKeyMiddleware } from './middlewares/authApiKeys';
+
+// TODO: move to proper .env
+// Add note about the port to the README
+// Or hardcode it
+const PORT = '3000';
+
+const app = express();
+app.use(bodyParser.json());
+app.use(checkApiKeyMiddleware);
+
+// TODO: create router for keys controllers,
+//       I added the controllers calls directly here.
+app.post('key', keyPOST);
+app.get('/key/:pub', keyGET);
+
+app.listen(PORT, () => {
+  console.log(`KMS API example listening on port ${PORT}`);
+});

modules/express-kms-api-example/src/controllers/key/GET.ts

@@ -0,0 +1,20 @@
+import { Request, Response } from 'express';
+import db from '../../db';
+
+type GetParamsType = {
+  pub: string;
+};
+
+export function GET(req: Request<GetParamsType>, res: Response) {
+  const { pub } = req.params;
+  //TODO: what happens if source comes empty? should we return an error? an empty result?
+  const source = req.query.source;
+  const data = db.query('SELECT (prv, type) FROM PRIVATE_KEY WHERE pub = ? AND source = ?', [pub, source]);
+
+  // TODO: not sure how to type this
+  const { prv, type } = data;
+
+  // TODO: i know that we could chain res.status() with .json but what's the preferred way?
+  res.status(200);
+  return res.json({ prv, pub, source, type });
+}

modules/express-kms-api-example/src/controllers/key/POST.ts

@@ -0,0 +1,48 @@
+import { NextFunction, Request, Response } from 'express';
+import db from '../../db';
+import { ZodPostKeySchema } from './schemas';
+
+export function POST(req: Request, res: Response, next: NextFunction) {
+  try {
+    ZodPostKeySchema.parse(req.body);
+  } catch (e) {
+    res.status(400);
+    res.send({ message: 'Invalid data provided from client' });
+  }
+
+  const { prv, pub, coin, source, type } = req.body;
+
+  // TODO:
+  // check duplicated using the prv/pub key?
+  // exploitable if we show an error?
+  const keyObject = db.query('SELECT * from PRIVATE_KEYS WHERE prv = ? AND pub = ?', [prv, pub]);
+
+  // priv + pub should be unique so we raise an error
+  if (keyObject) {
+    res.status(409); // It could be also 403 but 409 is specific for dupplicates.
+    // TODO: I could return the prv and pub in the error but seems exploitable as hell
+    res.send({ message: `Error: Duplicated Key` });
+    return;
+  }
+
+  // From what i got on the TDD, as store you mean create a new entry right?
+  // not sure about the note that says "for MPC pub would be the commonKeyChain
+  // does "pub" comes empty at some point?
+  try {
+    // TODO: check how to type the queries???
+    const data = db.query('INSERT INTO PRIVATE_KEYS(prv, pub, coin, source, type) values (?, ?, ?, ?, ?)', [
+      prv,
+      pub,
+      coin,
+      source,
+      type,
+    ]);
+    const { id: keyId } = data;
+    res.status(200);
+    return res.json({ keyId, coin, source, type, pub });
+  } catch (e) {
+    res.status(500);
+    res.send({ message: 'Internal server error' }); // some unexpected error on DB, needs better login tho
+    return;
+  }
+}

modules/express-kms-api-example/src/controllers/key/schemas.ts

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+import { KeySource, KeyType, MultiSigCoins } from './types';
+
+export const ZodPostKeySchema = z.object({
+  prv: z.string(), // TODO: min/max length?
+  pub: z.string(), // TODO: min/max length?
+  coin: z.enum(MultiSigCoins),
+  source: z.enum(KeySource),
+  type: z.enum(KeyType),
+});

modules/express-kms-api-example/src/controllers/key/types.ts

@@ -0,0 +1,8 @@
+// TODO: add the full list of supported coins
+export const MultiSigCoins = ['btc', 'heth'] as const;
+export const KeySource = ['user', 'backup'] as const;
+export const KeyType = ['independent', 'tss'] as const;
+
+export type MultiSigCoinsType = (typeof MultiSigCoins)[number];
+export type KeySourceType = (typeof KeySource)[number];
+export type KeyTypeType = (typeof KeyType)[number];

modules/express-kms-api-example/src/db.ts

@@ -0,0 +1,15 @@
+import sqlite3 from 'sqlite3';
+
+// TODO: better error handling
+const db = new sqlite3.Database('database.db', (err) => {
+  if (err) console.error(err.message);
+});
+
+// TODO: return type missing, params untyped
+function query(sql: string, params: any[]) {
+  return db.prepare(sql).all(params);
+}
+
+export default {
+  query,
+};

modules/express-kms-api-example/src/middlewares/authApiKeys.ts

@@ -0,0 +1,23 @@
+import { NextFunction, Request, Response } from 'express';
+//TODO: move the list of API keys to a safer place like an env file
+const API_KEYS_EXTERNALS = ['abc', 'def'];
+
+export function checkApiKeyMiddleware(req: Request, res: Response, next: NextFunction): void {
+  const apiKey = req.headers['x-api-key'];
+  let invalidKey = false;
+  if (!apiKey) {
+    invalidKey = true;
+  } else if (typeof apiKey === 'string') {
+    invalidKey = !API_KEYS_EXTERNALS.includes(apiKey);
+  } else if (Array.isArray(apiKey)) {
+    // Added the forced cast 'as' because for some reason typescript doesn't infers that
+    // apiKey is an array at this point despite the check on L14
+    invalidKey = !(apiKey as string[]).some((key) => API_KEYS_EXTERNALS.includes(key));
+  }
+
+  if (invalidKey) {
+    res.status(401).send({ message: 'Unauthorized' });
+    return;
+  }
+  next();
+}

modules/express-kms-api-example/tsconfig.json

@@ -0,0 +1,116 @@
+{
+  "compilerOptions": {
+    /* Visit https://aka.ms/tsconfig to read more about this file */
+
+    /* Projects */
+    // "incremental": true,                              /* Save .tsbuildinfo files to allow for incremental compilation of projects. */
+    // "composite": true,                                /* Enable constraints that allow a TypeScript project to be used with project references. */
+    // "tsBuildInfoFile": "./.tsbuildinfo",              /* Specify the path to .tsbuildinfo incremental compilation file. */
+    // "disableSourceOfProjectReferenceRedirect": true,  /* Disable preferring source files instead of declaration files when referencing composite projects. */
+    // "disableSolutionSearching": true,                 /* Opt a project out of multi-project reference checking when editing. */
+    // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
+
+    /* Language and Environment */
+    "target": "es2016",                                  /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
+    // "lib": [],                                        /* Specify a set of bundled library declaration files that describe the target runtime environment. */
+    // "jsx": "preserve",                                /* Specify what JSX code is generated. */
+    // "libReplacement": true,                           /* Enable lib replacement. */
+    // "experimentalDecorators": true,                   /* Enable experimental support for legacy experimental decorators. */
+    // "emitDecoratorMetadata": true,                    /* Emit design-type metadata for decorated declarations in source files. */
+    // "jsxFactory": "",                                 /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h'. */
+    // "jsxFragmentFactory": "",                         /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
+    // "jsxImportSource": "",                            /* Specify module specifier used to import the JSX factory functions when using 'jsx: react-jsx*'. */
+    // "reactNamespace": "",                             /* Specify the object invoked for 'createElement'. This only applies when targeting 'react' JSX emit. */
+    // "noLib": true,                                    /* Disable including any library files, including the default lib.d.ts. */
+    // "useDefineForClassFields": true,                  /* Emit ECMAScript-standard-compliant class fields. */
+    // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
+
+    /* Modules */
+    "module": "commonjs",                                /* Specify what module code is generated. */
+    // "rootDir": "./",                                  /* Specify the root folder within your source files. */
+    // "moduleResolution": "node10",                     /* Specify how TypeScript looks up a file from a given module specifier. */
+    // "baseUrl": "./",                                  /* Specify the base directory to resolve non-relative module names. */
+    // "paths": {},                                      /* Specify a set of entries that re-map imports to additional lookup locations. */
+    // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
+    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
+    // "types": [],                                      /* Specify type package names to be included without being referenced in a source file. */
+    // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
+    // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
+    // "allowImportingTsExtensions": true,               /* Allow imports to include TypeScript file extensions. Requires '--moduleResolution bundler' and either '--noEmit' or '--emitDeclarationOnly' to be set. */
+    // "rewriteRelativeImportExtensions": true,          /* Rewrite '.ts', '.tsx', '.mts', and '.cts' file extensions in relative import paths to their JavaScript equivalent in output files. */
+    // "resolvePackageJsonExports": true,                /* Use the package.json 'exports' field when resolving package imports. */
+    // "resolvePackageJsonImports": true,                /* Use the package.json 'imports' field when resolving imports. */
+    // "customConditions": [],                           /* Conditions to set in addition to the resolver-specific defaults when resolving imports. */
+    // "noUncheckedSideEffectImports": true,             /* Check side effect imports. */
+    // "resolveJsonModule": true,                        /* Enable importing .json files. */
+    // "allowArbitraryExtensions": true,                 /* Enable importing files with any extension, provided a declaration file is present. */
+    // "noResolve": true,                                /* Disallow 'import's, 'require's or '<reference>'s from expanding the number of files TypeScript should add to a project. */
+
+    /* JavaScript Support */
+    // "allowJs": true,                                  /* Allow JavaScript files to be a part of your program. Use the 'checkJS' option to get errors from these files. */
+    // "checkJs": true,                                  /* Enable error reporting in type-checked JavaScript files. */
+    // "maxNodeModuleJsDepth": 1,                        /* Specify the maximum folder depth used for checking JavaScript files from 'node_modules'. Only applicable with 'allowJs'. */
+
+    /* Emit */
+    // "declaration": true,                              /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
+    // "declarationMap": true,                           /* Create sourcemaps for d.ts files. */
+    // "emitDeclarationOnly": true,                      /* Only output d.ts files and not JavaScript files. */
+    // "sourceMap": true,                                /* Create source map files for emitted JavaScript files. */
+    // "inlineSourceMap": true,                          /* Include sourcemap files inside the emitted JavaScript. */
+    // "noEmit": true,                                   /* Disable emitting files from a compilation. */
+    // "outFile": "./",                                  /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
+    "outDir": "./dist",                                   /* Specify an output folder for all emitted files. */
+    "rootDir": "./",
+    // "removeComments": true,                           /* Disable emitting comments. */
+    // "importHelpers": true,                            /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
+    // "downlevelIteration": true,                       /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
+    // "sourceRoot": "",                                 /* Specify the root path for debuggers to find the reference source code. */
+    // "mapRoot": "",                                    /* Specify the location where debugger should locate map files instead of generated locations. */
+    // "inlineSources": true,                            /* Include source code in the sourcemaps inside the emitted JavaScript. */
+    // "emitBOM": true,                                  /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
+    // "newLine": "crlf",                                /* Set the newline character for emitting files. */
+    // "stripInternal": true,                            /* Disable emitting declarations that have '@internal' in their JSDoc comments. */
+    // "noEmitHelpers": true,                            /* Disable generating custom helper functions like '__extends' in compiled output. */
+    // "noEmitOnError": true,                            /* Disable emitting files if any type checking errors are reported. */
+    // "preserveConstEnums": true,                       /* Disable erasing 'const enum' declarations in generated code. */
+    // "declarationDir": "./",                           /* Specify the output directory for generated declaration files. */
+
+    /* Interop Constraints */
+    // "isolatedModules": true,                          /* Ensure that each file can be safely transpiled without relying on other imports. */
+    // "verbatimModuleSyntax": true,                     /* Do not transform or elide any imports or exports not marked as type-only, ensuring they are written in the output file's format based on the 'module' setting. */
+    // "isolatedDeclarations": true,                     /* Require sufficient annotation on exports so other tools can trivially generate declaration files. */
+    // "erasableSyntaxOnly": true,                       /* Do not allow runtime constructs that are not part of ECMAScript. */
+    // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
+    "esModuleInterop": true,                             /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
+    // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
+    "forceConsistentCasingInFileNames": true,            /* Ensure that casing is correct in imports. */
+
+    /* Type Checking */
+    "strict": true,                                      /* Enable all strict type-checking options. */
+    // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
+    // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
+    // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
+    // "strictBindCallApply": true,                      /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */
+    // "strictPropertyInitialization": true,             /* Check for class properties that are declared but not set in the constructor. */
+    // "strictBuiltinIteratorReturn": true,              /* Built-in iterators are instantiated with a 'TReturn' type of 'undefined' instead of 'any'. */
+    // "noImplicitThis": true,                           /* Enable error reporting when 'this' is given the type 'any'. */
+    // "useUnknownInCatchVariables": true,               /* Default catch clause variables as 'unknown' instead of 'any'. */
+    // "alwaysStrict": true,                             /* Ensure 'use strict' is always emitted. */
+    // "noUnusedLocals": true,                           /* Enable error reporting when local variables aren't read. */
+    // "noUnusedParameters": true,                       /* Raise an error when a function parameter isn't read. */
+    // "exactOptionalPropertyTypes": true,               /* Interpret optional property types as written, rather than adding 'undefined'. */
+    // "noImplicitReturns": true,                        /* Enable error reporting for codepaths that do not explicitly return in a function. */
+    // "noFallthroughCasesInSwitch": true,               /* Enable error reporting for fallthrough cases in switch statements. */
+    // "noUncheckedIndexedAccess": true,                 /* Add 'undefined' to a type when accessed using an index. */
+    // "noImplicitOverride": true,                       /* Ensure overriding members in derived classes are marked with an override modifier. */
+    // "noPropertyAccessFromIndexSignature": true,       /* Enforces using indexed accessors for keys declared using an indexed type. */
+    // "allowUnusedLabels": true,                        /* Disable error reporting for unused labels. */
+    // "allowUnreachableCode": true,                     /* Disable error reporting for unreachable code. */
+
+    /* Completeness */
+    // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
+    "skipLibCheck": true                                 /* Skip type checking all .d.ts files. */
+  },
+  "include": ["**/*.ts"],
+  "exclude": ["dist"]
+}