Closed dannydeezy closed 5 years ago
Looks ok to me from at a high level. Don't have time right now do to a thorough review however.
Most issues I found are relatively minor:
Larger issue is that a test is throwing an unhandled rejection error:
> key-recovery-service-v2@2.0.0 test /Users/tjl/src/key-recovery-service-v2
> ./node_modules/mocha/bin/_mocha --exit --timeout 20000 --recursive test/
Offline Admin Tool
Xpub validation
failure
mongoose init successful
(node:37081) DeprecationWarning: collection.ensureIndex is deprecated. Use createIndexes instead.
BIP32 xpub xpub1234567890 is not a valid extended public key.
✓ should fail if length is not 111
BIP32 xpub xprv9wHokC2KXdTSpEepFcu53hMDUHYfAtTaLEJEMyxBPAMf78hJg17WhL5FyeDUQH5KWmGjGgEb2j74gsZqgupWpPbZgP6uFmP8MYEy5BNbyET is not a valid extended public key.
✓ should fail if does not start with xpub
BIP32 xpub xpub0OIl0OIl6t7aLemM4KiBoLBYQ5j9G2SVpNTojw7Vki3j7wcM3NRPVmDjnjwQREzPcywEg793M89odNXWneRQkn1eWjptpukDwJQVgVLRHKV is not a valid extended public key.
✓ should fail if not base58 valid
success
✓ should succeed with a valid key
BIP32 child key derivation
failure
✓ should fail with an invalid xpub
✓ should fail with an invalid derivation path (62ms)
✓ should fail if trying to derive hardened index with xpub
success
✓ should find m/0 of test vector 2
Stellar key derivation
failure
✓ should fail with an invalid master seed
✓ should fail with an invalid derivation path
success
✓ should find m/44'/148'/0' of test vector 3
✓ should find m/44'/148'/6' of test vector 3
Verification
✓ should fail to retrieve verification info on a non-existent key
✓ should retrieve verification info on a key
Unhandled rejection Error: Unable to find wallet key: xpub6ARXqCvahM4dyWYDSPZMiii32yt3DTETyWCLDRZpQR4zpU9q6VmBKySA91hsLjofoUjdKdqPCcC54mbpJBmGNsNKM1szecH56p7Vk1byadR
at /Users/tjl/src/key-recovery-service-v2/app/admin.js:286:11
at next (native)
at tryCatcher (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/util.js:16:23)
at PromiseSpawn._promiseFulfilled (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/generators.js:97:49)
at Promise._settlePromise (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/promise.js:574:26)
at Promise._settlePromise0 (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/promise.js:614:10)
at Promise._settlePromises (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/promise.js:693:18)
at Async._drainQueue (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/async.js:133:16)
at Async._drainQueues (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/async.js:143:10)
at Immediate.Async.drainQueues (/Users/tjl/src/key-recovery-service-v2/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:672:20)
at tryOnImmediate (timers.js:645:5)
at processImmediate [as _immediateCallback] (timers.js:617:5)
Key: xpub6AHA9hZDN11k2ijHMeS5QqHx2KP9aMBRhTDqANMnwVtdyw2TDYRmF8PjpvwUFcL1Et8Hj59S3gTSMcUQ5gAqTz3Wd8EsMTmF3DChhqPQBnU
Master Key: undefined
User Email: tester@bitgo.com
Verification Info: verify user's identity by signed letter delivered by carrier pigeon
Application Server
GET /
::ffff:127.0.0.1 - - [30/Oct/2018:20:59:19 +0000] "GET / HTTP/1.1" 200 38 "-" "node-superagent/3.8.3"
✓ should return the name
Provision new key
::ffff:127.0.0.1 - - [30/Oct/2018:20:59:19 +0000] "POST /key HTTP/1.1" 400 14 "-" "node-superagent/3.8.3"
✓ no userEmail specified
::ffff:127.0.0.1 - - [30/Oct/2018:20:59:19 +0000] "POST /key HTTP/1.1" 400 30 "-" "node-superagent/3.8.3"
✓ no customer ID
::ffff:127.0.0.1 - - [30/Oct/2018:20:59:19 +0000] "POST /key HTTP/1.1" 400 18 "-" "node-superagent/3.8.3"
✓ no coin type
::ffff:127.0.0.1 - - [30/Oct/2018:20:59:19 +0000] "POST /key HTTP/1.1" 400 16 "-" "node-superagent/3.8.3"
✓ unsupported coin
✓ should return a new key
✓ should return a new XLM key
Offline Signing Tool
Sign Recovery Transaction
=========================
Backup Key: xpub661MyMwAqRbcGEvQVAL5R1tcZ4jXaPxZPCNnwG3zHZa4mtjco81aN92q2J27bazz8jyHKMT8CqLu81igkyFix5bsGQcVVEVYeMesxjXo9n1
Output Address: 2MtwU7dyTBh7Z9rWw3odEPLZdeZ2XBs3tEX
Output Amount: 0.00097008
Custom Message: None
=========================
Signing input 1 of 1 with tpubDF5oxBurRvm9wGJGktumDHaTu51WJRAGPH4iSQucGJwBBcWihDm7FBp2KtjWeK7wCzMgPLdokVcCt7Sp8gx5yy4Xy7bU3kXJvCiA8HBpLAF (0/0/0/0)
✓ cosigns a tbtc transaction (224ms)
Sign Recovery Transaction
=========================
Backup Key: xpub661MyMwAqRbcG6juNYXD4pKg5ipuAczCvafCQNDorGeQKniDCwQn2EdYquh1SCmjMfYs4haBjzjxTcBk1gvVb9TGPVcnj2P2DNurjbPmAtp
Output Address: MRDmNk3nQJV1ZLSGPuTL3rUBtDdDyxmkQX
Output Amount: 0.099626
Custom Message: None
=========================
Signing input 1 of 1 with Ltub2av3z6ZeY6HpofuorVwxMmr97pVfqTsqWWyzqBq8BuAkuP8x7BYurJg8rroySK5mQVRHjgiqt9FDN5tDe96cwN8Sb1HM9kVbfqrDr6xbmo3 (0/0/0/0)
✓ cosigns a tltc transaction (189ms)
Sign Recovery Transaction
=========================
Backup Key: xpub661MyMwAqRbcGQujYgrpSEqK4hggMdYoX32aFMvSoc4AjTe7kotinf4JLAft9AZDH1v6TU2PKcsKE39Uaf4tQB5atm1V7dA4qgi7zY6Ni9a
Output Address: 0xe62529532000e86caa241293e7900b56e7ab96c2
Output Amount: 0.01
Custom Message: None
=========================
✓ cosigns a teth transaction (133ms)
Sign Recovery Transaction
=========================
Backup Key: xpub661MyMwAqRbcGhUTDmU2jc7Yyh2wixJ8RjS3KvD9XQ8zEiaQyLbX6MQRaLq4xsC5sQv1ETuuMwwkvGizpesjEDp4K1EfGgcxzgR7mJ93sLd
Output Address: rGtvTBkz7WfaXP1J2csnE2EmqW4dqfbVVK
Output Amount: 4.9775
Custom Message: None
=========================
✓ cosigns a txrp transaction (244ms)
Sign Recovery Transaction
=========================
Backup Key: GCHW6NXNJWCBTWHBO57OIUBCKWKFZXTSYKBNP255CRUOKEATNDCLBRLQ
Output Address: GASW277S2ZOE7H7A5EQ5H5AKLP6UA6Z5AKOSWV6ARBEGTSIGMZMC7AIZ
Output Amount: 9989.99994
Custom Message: None
=========================
✓ cosigns a txlm transaction (39ms)
Sign Recovery Transaction
=========================
Backup Key: xpub661MyMwAqRbcEvM8SrtkWnXB9knYvwZP3FsSL8a5P1KPknFj4in2ne2arrzHAG3sUD7VxTDUfaxuPb78vnGVzaUBJMoo4pt2oYez6cgr46Y
Output Address: 0xe4373bda870a2fb794b4f7d7eaa1268810505feb
Output Amount: 1
Custom Message: None
=========================
✓ cosigns an erc20 transaction
27 passing (1s)
@tylerlevine It is confusing, but that error is supposed to be thrown for that test. The test is checking to make sure an error gets thrown when an invalid key is requested
@dannybitgo whats up with this? should we kill it? or re-review and rebase?
kill
No more private keys displayed on the command line unless the user really wants it. Generate and Sign now can take in an encrypted sharded key file as input, and will prompt the user for the passwords before executing.
In the process of adding this functionality I also reworked some of the command names, parameters, and internal functions.
XLM master seed is still stored in an unencrypted .json file, but at least it doesn't get displayed in the terminal.
Also removed the need for user to download and install bitgo-cli (although the bitgo npm module is still a dependency)
Also updated the README to align with the changes in commands. A sharded key file will be the default way to store the master private key.