labmachine-notes/docker-compose-demo.yaml at main · Account-Link/labmachine-notes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
services:
  app:
    init: true
    build:
      context: .
      dockerfile_inline: |
        FROM node:22-slim
        WORKDIR /app
        RUN npm init -y && npm install @phala/dstack-sdk viem
        RUN cat > index.mjs <<'SCRIPT'
        import { DstackClient } from "@phala/dstack-sdk"
        import { createServer } from "http"
        import { privateKeyToAccount } from "viem/accounts"
        import { keccak256, toHex, hexToBytes } from "viem"
        import { secp256k1 } from "@noble/curves/secp256k1"
        import { hostname } from "os"

        const client = new DstackClient()
        const toHexStr = (x) => typeof x === 'string' ? x : '0x' + Buffer.from(x).toString('hex')

        async function deriveKey() {
          const result = await client.getKey("/shared-demo", "ethereum")
          const privateKey = "0x" + Buffer.from(result.key).toString("hex").slice(0, 64)
          const account = privateKeyToAccount(privateKey)
          const derivedPrivBytes = hexToBytes(privateKey)
          const derivedPubkey = secp256k1.getPublicKey(derivedPrivBytes.slice(0, 32), true)
          return {
            account,
            derivedPubkey: toHex(derivedPubkey),
            appSignature: toHexStr(result.signature_chain[0]),
            kmsSignature: toHexStr(result.signature_chain[1])
          }
        }

        const key = await deriveKey()
        const info = await client.info()
        console.log("Signer:", key.account.address)
        console.log("App ID:", info.app_id)

        createServer(async (req, res) => {
          res.writeHead(200, { "Content-Type": "application/json" })
          const url = new URL(req.url, "http://localhost")

          if (url.pathname === "/sign") {
            const msg = url.searchParams.get("msg") || "hello"
            const msgHash = keccak256(toHex(new TextEncoder().encode(msg)))
            const signature = await key.account.signMessage({ message: { raw: msgHash } })
            res.end(JSON.stringify({
              msg, msgHash, signature,
              signerAddress: key.account.address,
              signatureChain: {
                derivedPubkey: key.derivedPubkey,
                appSignature: key.appSignature,
                kmsSignature: key.kmsSignature
              }
            }, null, 2))
          } else {
            res.end(JSON.stringify({
              hostname: hostname(),
              appId: info.app_id,
              instanceId: info.instance_id,
              signerAddress: key.account.address,
              derivedPubkey: key.derivedPubkey,
              endpoints: ["/", "/sign?msg=hello"]
            }, null, 2))
          }
        }).listen(8080, () => console.log("Shared-key demo at http://localhost:8080"))
        SCRIPT
        CMD ["node", "index.mjs"]
    ports:
      - "8080:8080"
    volumes:
      - /var/run/dstack.sock:/var/run/dstack.sock