Da 2/integrate signing manager (#91)

* chore: 🤖 Bump SDK to 14.0.0-alpha.4 version

Bump the SDK version to include support for the signing manager
integration

* chore: 🤖 Use local signing manager with the SDK

* test: 💍 Add SigningService tests

* feat: 🎸 add support for vault signers

Allow signing keys to be stored in hashicorps vault

* feat: 🎸 Rename relayer env variables to local prefix

Renames RELAYER_DIDS and RELAYER_MNEMONICS to LOCAL_SIGNERS and
LOCAL_MNEMONICs to better reflect their usage

BREAKING CHANGE: 🧨 RELAYER_DIDS and RELAYER_MNEMONICS were renamed

* refactor: 💡 Cleanup syntax

* docs: ✏️ Fix casing

* chore: 🤖 Update hashicorp vault signing manager package

* feat: 🎸 log key-address pair when loaded into signing manager

* fix: 🐛 Resolve hidden merge conflict

Account merge was expecting the moved relayer service which is now
signer service

* refactor: 💡 Address PR comments

* feat: 🎸 Allow Vault signer to add keys without a restart

* feat: 🎸 Lookup key on every call with Vault Signer

Perform key lookup with every call to handle deleted keys correctly

* test: 💍 Refactor signer service test

* refactor: 💡 Make LocalSigner and VaultSigner classes

Use different signer classes depending on the type of signer to avoid
type switches in the implementation of methods

* test: 💍 Use mockSignerProvider to provide abstract service

* test: 💍 Refactor to avoid unnessesary overrides

* refactor: 💡 Address PR comments

Ranmes SignerService to SigningService to be more aligned with library
naming conventions

* refactor: 💡 Move setSigningManager call to base class

* chore: 🤖 Bump prettier version for override keyword support

Adding override to methods caused prettier to error. 2.3.1 adds support
for it

* fix: 🐛 Fix build after merge with old relayer

* feat: 🎸 Add validators for vault env variables

* refactor: 💡 Ensure either vault or local signer is configured

Co-authored-by: Victor Vicente <[email protected]>

Author: polymath-eric

.vscode/settings.json

@@ -24,5 +24,5 @@
     "/// TODO @\\w+/", // ignore github handles in TODOs
     "/0x.+/" // ignore hex values
   ],
-  "cSpell.words": ["Isin", "metatype", "POLYX"]
+  "cSpell.words": ["Hashicorp", "Isin", "metatype", "nand", "POLYX"]
 }

README.md

@@ -24,10 +24,21 @@ PORT=## port in which the server will listen. Defaults to 3000 ##
 POLYMESH_NODE_URL=## websocket URL for a Polymesh node ##
 POLYMESH_MIDDLEWARE_URL=## URL for an instance of the Polymesh GraphQL Middleware service ##
 POLYMESH_MIDDLEWARE_API_KEY=## API key for the Middleware GraphQL service ##
-RELAYER_DIDS=## list of comma separated DIDs for the relayer service ##
-RELAYER_MNEMONICS=## list of comma separated mnemonics for the relayer service (each mnemonic corresponds to a DID in RELAYER_DIDS) ##
+LOCAL_SIGNERS=## list of comma separated IDs to refer to the corresponding mnemonic ##
+LOCAL_MNEMONICS=## list of comma separated mnemonics for the signer service (each mnemonic corresponds to a signer in LOCAL_SIGNERS) ##
+VAULT_URL=## The URL of a Vault transit engine##
+VAULT_SECRET=## The access token for authorization with the Vault instance ##
 ```
 
+### Signing Transactions
+
+There are currently two configurations that the REST API maybe configured in to sign transactions. When Vault is configured it will override the local signers and those values will be ignored.
+
+1. Local Signing:
+   By using `LOCAL_SIGNERS` and `LOCAL_MNEMONICS` private keys will be initialized in memory. When making a transaction that requires a signer use the corresponding entry in `LOCAL_SIGNERS` (by array offset).
+1. Vault Signing:
+   By setting `VAULT_URL` and `VAULT_SECRET`an external [Vault](https://www.vaultproject.io/) instance will be used to sign transactions. The URL should point to a transit engine in Vault that has Ed25519 keys in it. To refer to a key when signing use the Vault name and version `${name}-${version}` e.g. `alice-1`
+
 ## Running the app
 
 ```bash
@@ -43,7 +54,7 @@ $ yarn start:prod
 
 ### With docker
 
-To pass in the env variables you can use `-e` to pass them indiviudally, or use a file with `--env-file`.
+To pass in the env variables you can use `-e` to pass them individually, or use a file with `--env-file`.
 For documentation you will need to expose a port that maps to `:3000` (or its `$PORT` if set) in the container.
 
 ```bash

package.json

@@ -29,7 +29,10 @@
     "@nestjs/core": "7.6.15",
     "@nestjs/platform-express": "7.6.15",
     "@nestjs/swagger": "4.8.0",
-    "@polymathnetwork/polymesh-sdk": "13.0.0-alpha.31",
+    "@polymathnetwork/hashicorp-vault-signing-manager": "^1.1.0",
+    "@polymathnetwork/local-signing-manager": "^1.0.5",
+    "@polymathnetwork/polymesh-sdk": "14.0.0-alpha.4",
+    "@polymathnetwork/signing-manager-types": "^1.0.3",
     "class-transformer": "0.4.0",
     "class-validator": "0.13.1",
     "joi": "17.4.0",
@@ -66,7 +69,7 @@
     "husky": "6.0.0",
     "jest": "26.6.3",
     "lint-staged": "11.0.0",
-    "prettier": "2.2.1",
+    "prettier": "2.3.1",
     "prettier-eslint": "12.0.0",
     "prettier-eslint-cli": "5.0.1",
     "supertest": "6.1.3",

src/accounts/accounts.module.ts

@@ -5,10 +5,10 @@ import { Module } from '@nestjs/common';
 import { AccountsController } from '~/accounts/accounts.controller';
 import { AccountsService } from '~/accounts/accounts.service';
 import { PolymeshModule } from '~/polymesh/polymesh.module';
-import { RelayerAccountsModule } from '~/relayer-accounts/relayer-accounts.module';
+import { SigningModule } from '~/signing/signing.module';
 
 @Module({
-  imports: [PolymeshModule, RelayerAccountsModule],
+  imports: [PolymeshModule, SigningModule],
   controllers: [AccountsController],
   providers: [AccountsService],
 })

src/accounts/accounts.service.spec.ts

@@ -12,10 +12,10 @@ import { TransactionType } from '~/common/types';
 import { POLYMESH_API } from '~/polymesh/polymesh.consts';
 import { PolymeshModule } from '~/polymesh/polymesh.module';
 import { PolymeshService } from '~/polymesh/polymesh.service';
-import { RelayerAccountsModule } from '~/relayer-accounts/relayer-accounts.module';
-import { RelayerAccountsService } from '~/relayer-accounts/relayer-accounts.service';
+import { mockSigningProvider } from '~/signing/signing.mock';
+import { SigningModule } from '~/signing/signing.module';
 import { MockPolymesh, MockTransactionQueue } from '~/test-utils/mocks';
-import { MockRelayerAccountsService } from '~/test-utils/service-mocks';
+import { MockSigningService } from '~/test-utils/service-mocks';
 import { ErrorCase } from '~/test-utils/types';
 
 jest.mock('@polymathnetwork/polymesh-sdk/utils', () => ({
@@ -28,20 +28,18 @@ describe('AccountsService', () => {
   let service: AccountsService;
   let polymeshService: PolymeshService;
   let mockPolymeshApi: MockPolymesh;
-  let mockRelayerAccountsService: MockRelayerAccountsService;
+  let mockSigningService: MockSigningService;
 
   beforeEach(async () => {
     mockPolymeshApi = new MockPolymesh();
-    mockRelayerAccountsService = new MockRelayerAccountsService();
+    mockSigningService = mockSigningProvider.useValue;
 
     const module: TestingModule = await Test.createTestingModule({
-      imports: [PolymeshModule, RelayerAccountsModule],
-      providers: [AccountsService],
+      imports: [PolymeshModule, SigningModule],
+      providers: [AccountsService, mockSigningProvider],
     })
       .overrideProvider(POLYMESH_API)
       .useValue(mockPolymeshApi)
-      .overrideProvider(RelayerAccountsService)
-      .useValue(mockRelayerAccountsService)
       .compile();
 
     service = module.get<AccountsService>(AccountsService);
@@ -113,8 +111,8 @@ describe('AccountsService', () => {
           memo: 'Sample memo',
         };
 
-        const address = 'address';
-        mockRelayerAccountsService.findAddressByDid.mockReturnValue(address);
+        const someKey = 'someKey';
+        mockSigningService.getAddressByHandle.mockReturnValue(someKey);
 
         mockPolymeshApi.network.transferPolyx.mockImplementation(() => {
           throw polymeshError;
@@ -154,8 +152,8 @@ describe('AccountsService', () => {
           memo: 'Sample memo',
         };
 
-        const address = 'address';
-        mockRelayerAccountsService.findAddressByDid.mockReturnValue(address);
+        const keyName = 'someKey';
+        mockSigningService.getAddressByHandle.mockReturnValue(keyName);
 
         const result = await service.transferPolyx(body);
         expect(result).toEqual({

src/accounts/accounts.service.ts

@@ -4,13 +4,13 @@ import { AccountBalance } from '@polymathnetwork/polymesh-sdk/types';
 import { TransferPolyxDto } from '~/accounts/dto/transfer-polyx.dto';
 import { processQueue, QueueResult } from '~/common/utils';
 import { PolymeshService } from '~/polymesh/polymesh.service';
-import { RelayerAccountsService } from '~/relayer-accounts/relayer-accounts.service';
+import { SigningService } from '~/signing/signing.service';
 
 @Injectable()
 export class AccountsService {
   constructor(
     private readonly polymeshService: PolymeshService,
-    private readonly relayerAccountsService: RelayerAccountsService
+    private readonly signingService: SigningService
   ) {}
 
   public async getAccountBalance(account: string): Promise<AccountBalance> {
@@ -22,12 +22,12 @@ export class AccountsService {
 
   public async transferPolyx(params: TransferPolyxDto): Promise<QueueResult<void>> {
     const { signer, ...rest } = params;
-    const { relayerAccountsService, polymeshService } = this;
+    const { signingService, polymeshService } = this;
 
-    const address = relayerAccountsService.findAddressByDid(signer);
+    const address = await signingService.getAddressByHandle(signer);
 
     const { transferPolyx } = polymeshService.polymeshApi.network;
 
-    return processQueue(transferPolyx, rest, { signer: address });
+    return processQueue(transferPolyx, rest, { signingAccount: address });
   }
 }

src/app.module.ts

@@ -15,8 +15,8 @@ import { IdentitiesModule } from '~/identities/identities.module';
 import { OfferingsModule } from '~/offerings/offerings.module';
 import { PolymeshModule } from '~/polymesh/polymesh.module';
 import { PortfoliosModule } from '~/portfolios/portfolios.module';
-import { RelayerAccountsModule } from '~/relayer-accounts/relayer-accounts.module';
 import { SettlementsModule } from '~/settlements/settlements.module';
+import { SigningModule } from '~/signing/signing.module';
 
 @Module({
   imports: [
@@ -26,13 +26,20 @@ import { SettlementsModule } from '~/settlements/settlements.module';
         POLYMESH_NODE_URL: Joi.required(),
         POLYMESH_MIDDLEWARE_URL: Joi.string(),
         POLYMESH_MIDDLEWARE_API_KEY: Joi.string(),
-      }).and('POLYMESH_MIDDLEWARE_URL', 'POLYMESH_MIDDLEWARE_API_KEY'),
+        LOCAL_SIGNERS: Joi.string(),
+        LOCAL_MNEMONICS: Joi.string(),
+        VAULT_TOKEN: Joi.string(),
+        VAULT_URL: Joi.string(),
+      })
+        .and('POLYMESH_MIDDLEWARE_URL', 'POLYMESH_MIDDLEWARE_API_KEY')
+        .and('LOCAL_SIGNERS', 'LOCAL_MNEMONICS')
+        .nand('LOCAL_SIGNERS', 'VAULT_TOKEN'),
     }),
     AssetsModule,
     PolymeshModule,
     IdentitiesModule,
     SettlementsModule,
-    RelayerAccountsModule,
+    SigningModule,
     AuthorizationsModule,
     PortfoliosModule,
     ClaimsModule,

src/assets/assets.controller.ts

@@ -89,11 +89,11 @@ export class AssetsController {
     @Param() { ticker }: TickerParamsDto,
     @Query() { size, start }: PaginatedParamsDto
   ): Promise<PaginatedResultsModel<IdentityBalanceModel>> {
-    const { data, count: total, next } = await this.assetsService.findHolders(
-      ticker,
-      size,
-      start?.toString()
-    );
+    const {
+      data,
+      count: total,
+      next,
+    } = await this.assetsService.findHolders(ticker, size, start?.toString());
 
     return new PaginatedResultsModel({
       results: data.map(
@@ -141,11 +141,11 @@ export class AssetsController {
     @Param() { ticker }: TickerParamsDto,
     @Query() { size, start }: PaginatedParamsDto
   ): Promise<PaginatedResultsModel<AssetDocumentModel>> {
-    const { data, count: total, next } = await this.assetsService.findDocuments(
-      ticker,
-      size,
-      start?.toString()
-    );
+    const {
+      data,
+      count: total,
+      next,
+    } = await this.assetsService.findDocuments(ticker, size, start?.toString());
 
     return new PaginatedResultsModel({
       results: data.map(

src/assets/assets.module.ts

@@ -6,10 +6,10 @@ import { AssetsController } from '~/assets/assets.controller';
 import { AssetsService } from '~/assets/assets.service';
 import { ComplianceModule } from '~/compliance/compliance.module';
 import { PolymeshModule } from '~/polymesh/polymesh.module';
-import { RelayerAccountsModule } from '~/relayer-accounts/relayer-accounts.module';
+import { SigningModule } from '~/signing/signing.module';
 
 @Module({
-  imports: [PolymeshModule, RelayerAccountsModule, forwardRef(() => ComplianceModule)],
+  imports: [PolymeshModule, SigningModule, forwardRef(() => ComplianceModule)],
   controllers: [AssetsController],
   providers: [AssetsService],
   exports: [AssetsService],

src/assets/assets.service.spec.ts

@@ -13,10 +13,9 @@ import { TransactionType } from '~/common/types';
 import { POLYMESH_API } from '~/polymesh/polymesh.consts';
 import { PolymeshModule } from '~/polymesh/polymesh.module';
 import { PolymeshService } from '~/polymesh/polymesh.service';
-import { RelayerAccountsModule } from '~/relayer-accounts/relayer-accounts.module';
-import { RelayerAccountsService } from '~/relayer-accounts/relayer-accounts.service';
+import { mockSigningProvider } from '~/signing/signing.mock';
 import { MockAsset, MockPolymesh, MockTransactionQueue } from '~/test-utils/mocks';
-import { MockRelayerAccountsService } from '~/test-utils/service-mocks';
+import { MockSigningService } from '~/test-utils/service-mocks';
 
 jest.mock('@polymathnetwork/polymesh-sdk/utils', () => ({
   ...jest.requireActual('@polymathnetwork/polymesh-sdk/utils'),
@@ -28,19 +27,17 @@ describe('AssetsService', () => {
   let service: AssetsService;
   let polymeshService: PolymeshService;
   let mockPolymeshApi: MockPolymesh;
-  let mockRelayerAccountsService: MockRelayerAccountsService;
+  let mockSigningService: MockSigningService;
 
   beforeEach(async () => {
     mockPolymeshApi = new MockPolymesh();
-    mockRelayerAccountsService = new MockRelayerAccountsService();
+    mockSigningService = new MockSigningService();
     const module: TestingModule = await Test.createTestingModule({
-      imports: [PolymeshModule, RelayerAccountsModule],
-      providers: [AssetsService],
+      imports: [PolymeshModule],
+      providers: [AssetsService, mockSigningProvider],
     })
       .overrideProvider(POLYMESH_API)
       .useValue(mockPolymeshApi)
-      .overrideProvider(RelayerAccountsService)
-      .useValue(mockRelayerAccountsService)
       .compile();
 
     service = module.get<AssetsService>(AssetsService);
@@ -333,7 +330,7 @@ describe('AssetsService', () => {
           throw expectedError;
         });
 
-        mockRelayerAccountsService.findAddressByDid.mockReturnValue('address');
+        mockSigningService.getAddressByHandle.mockReturnValue('address');
 
         let error;
         try {
@@ -361,7 +358,7 @@ describe('AssetsService', () => {
         mockPolymeshApi.assets.createAsset.mockResolvedValue(mockQueue);
 
         const address = 'address';
-        mockRelayerAccountsService.findAddressByDid.mockReturnValue(address);
+        mockSigningService.getAddressByHandle.mockReturnValue(address);
         const result = await service.createAsset(createBody);
         expect(result).toEqual({
           result: mockAsset,
@@ -403,7 +400,7 @@ describe('AssetsService', () => {
       findSpy.mockResolvedValue(mockAsset as any);
 
       const address = 'address';
-      mockRelayerAccountsService.findAddressByDid.mockReturnValue(address);
+      mockSigningService.getAddressByHandle.mockReturnValue(address);
       const result = await service.issue('TICKER', issueBody);
       expect(result).toEqual({
         result: undefined,
@@ -442,7 +439,7 @@ describe('AssetsService', () => {
         };
 
         const address = 'address';
-        mockRelayerAccountsService.findAddressByDid.mockReturnValue(address);
+        mockSigningService.getAddressByHandle.mockReturnValue(address);
         const result = await service.registerTicker(registerBody);
         expect(result).toEqual({
           result: undefined,

src/assets/assets.service.ts

@@ -15,13 +15,13 @@ import { IssueDto } from '~/assets/dto/issue.dto';
 import { ReserveTickerDto as RegisterTickerDto } from '~/assets/dto/reserve-ticker.dto';
 import { processQueue, QueueResult } from '~/common/utils';
 import { PolymeshService } from '~/polymesh/polymesh.service';
-import { RelayerAccountsService } from '~/relayer-accounts/relayer-accounts.service';
+import { SigningService } from '~/signing/signing.service';
 
 @Injectable()
 export class AssetsService {
   constructor(
     private readonly polymeshService: PolymeshService,
-    private readonly relayerAccountsService: RelayerAccountsService
+    private readonly signingService: SigningService
   ) {}
 
   public async findOne(ticker: string): Promise<Asset> {
@@ -75,23 +75,23 @@ export class AssetsService {
 
   public async registerTicker(params: RegisterTickerDto): Promise<QueueResult<TickerReservation>> {
     const { signer, ...rest } = params;
-    const address = this.relayerAccountsService.findAddressByDid(signer);
+    const address = await this.signingService.getAddressByHandle(signer);
     const reserveTicker = this.polymeshService.polymeshApi.assets.reserveTicker;
-    return processQueue(reserveTicker, rest, { signer: address });
+    return processQueue(reserveTicker, rest, { signingAccount: address });
   }
 
   public async createAsset(params: CreateAssetDto): Promise<QueueResult<Asset>> {
     const { signer, ...rest } = params;
-    const address = this.relayerAccountsService.findAddressByDid(signer);
+    const signingAccount = await this.signingService.getAddressByHandle(signer);
     const createAsset = this.polymeshService.polymeshApi.assets.createAsset;
-    return processQueue(createAsset, rest, { signer: address });
+    return processQueue(createAsset, rest, { signingAccount });
   }
 
   public async issue(ticker: string, params: IssueDto): Promise<QueueResult<Asset>> {
     const { signer, ...rest } = params;
     const asset = await this.findOne(ticker);
-    const address = this.relayerAccountsService.findAddressByDid(signer);
-    return processQueue(asset.issuance.issue, rest, { signer: address });
+    const address = await this.signingService.getAddressByHandle(signer);
+    return processQueue(asset.issuance.issue, rest, { signingAccount: address });
   }
 
   public async findTickerReservation(ticker: string): Promise<TickerReservation> {

src/assets/assets.util.ts

@@ -8,11 +8,8 @@ import { AssetDetailsModel } from '~/assets/models/asset-details.model';
  * Fetch and assemble data for an Asset
  */
 export async function createAssetDetailsModel(asset: Asset): Promise<AssetDetailsModel> {
-  const [
-    { owner, assetType, name, totalSupply, isDivisible },
-    securityIdentifiers,
-    fundingRound,
-  ] = await Promise.all([asset.details(), asset.getIdentifiers(), asset.currentFundingRound()]);
+  const [{ owner, assetType, name, totalSupply, isDivisible }, securityIdentifiers, fundingRound] =
+    await Promise.all([asset.details(), asset.getIdentifiers(), asset.currentFundingRound()]);
 
   return new AssetDetailsModel({
     owner,

src/authorizations/authorizations.module.ts

@@ -6,10 +6,10 @@ import { AuthorizationsController } from '~/authorizations/authorizations.contro
 import { AuthorizationsService } from '~/authorizations/authorizations.service';
 import { IdentitiesModule } from '~/identities/identities.module';
 import { PolymeshModule } from '~/polymesh/polymesh.module';
-import { RelayerAccountsModule } from '~/relayer-accounts/relayer-accounts.module';
+import { SigningModule } from '~/signing/signing.module';
 
 @Module({
-  imports: [PolymeshModule, RelayerAccountsModule, forwardRef(() => IdentitiesModule)],
+  imports: [PolymeshModule, SigningModule, forwardRef(() => IdentitiesModule)],
   providers: [AuthorizationsService],
   exports: [AuthorizationsService],
   controllers: [AuthorizationsController],