Use one wallet type and update wallet creation & import (#140)

* Upgrade wallet creation and importing

* Update create examples

* Remove wallets helpers

* Fix GCP import

Author: adam-maj

core/env.ts

@@ -2,6 +2,7 @@ import { createEnv } from "@t3-oss/env-core";
 import * as dotenv from "dotenv";
 import type { ZodError } from "zod";
 import { z } from "zod";
+import { WalletType } from "../src/schema/wallet";
 
 dotenv.config({
   debug: true,
@@ -23,17 +24,36 @@ export const env = createEnv({
     NODE_ENV: z
       .enum(["production", "development", "testing", "local"])
       .default("development"),
-    AWS_KMS_KEY_ID: z.string().min(1).optional(),
-    GOOGLE_KMS_KEY_ID: z.string().min(1).optional(),
-    AWS_ACCESS_KEY_ID: z.string().min(1).optional(),
-    AWS_SECRET_ACCESS_KEY: z.string().min(1).optional(),
-    AWS_REGION: z.string().min(1).optional(),
     THIRDWEB_API_SECRET_KEY: z.string().min(1),
     POSTGRES_CONNECTION_URL: z
       .string()
       .default(
         "postgresql://postgres:postgres@localhost:5432/postgres?sslmode=disable",
       ),
+    WALLET_CONFIGURATION: z.string().transform((config) =>
+      z
+        .union([
+          z.object({
+            type: z.literal(WalletType.local),
+          }),
+          z.object({
+            type: z.literal(WalletType.awsKms),
+            awsAccessKeyId: z.string().min(1),
+            awsSecretAccessKey: z.string().min(1),
+            awsRegion: z.string().min(1),
+          }),
+          z.object({
+            type: z.literal(WalletType.gcpKms),
+            gcpApplicationProjectId: z.string().min(1),
+            gcpKmsLocationId: z.string().min(1),
+            gcpKmsKeyRingId: z.string().min(1),
+            // TODO: Are these optional?
+            gcpApplicationCredentialEmail: z.string().min(1),
+            gcpApplicationCredentialPrivateKey: z.string().min(1),
+          }),
+        ])
+        .parse(JSON.parse(config)),
+    ),
     OPENAPI_BASE_ORIGIN: z.string().default("http://localhost:3005"),
     PORT: z.coerce.number().default(3005),
     HOST: z.string().default("0.0.0.0"),
@@ -44,11 +64,6 @@ export const env = createEnv({
     MINED_TX_CRON_ENABLED: boolSchema("true"),
     MINED_TX_CRON_SCHEDULE: z.string().default("*/5 * * * * *"),
     MIN_TX_TO_CHECK_FOR_MINED_STATUS: z.coerce.number().default(50),
-    GOOGLE_APPLICATION_PROJECT_ID: z.string().min(1).optional(),
-    GOOGLE_KMS_KEY_RING_ID: z.string().min(1).optional(),
-    GOOGLE_KMS_LOCATION_ID: z.string().min(1).optional(),
-    GOOGLE_APPLICATION_CREDENTIAL_EMAIL: z.string().min(1).optional(),
-    GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY: z.string().min(1).optional(),
     RETRY_TX_ENABLED: boolSchema("true"),
     MAX_FEE_PER_GAS_FOR_RETRY: z.string().default("55000000000"),
     MAX_PRIORITY_FEE_PER_GAS_FOR_RETRY: z.string().default("55000000000"),
@@ -62,13 +77,36 @@ export const env = createEnv({
   isServer: true,
   runtimeEnvStrict: {
     NODE_ENV: process.env.NODE_ENV,
-    AWS_KMS_KEY_ID: process.env.AWS_KMS_KEY_ID,
-    GOOGLE_KMS_KEY_ID: process.env.GOOGLE_KMS_KEY_ID,
-    AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,
-    AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY,
-    AWS_REGION: process.env.AWS_REGION,
     THIRDWEB_API_SECRET_KEY: process.env.THIRDWEB_API_SECRET_KEY,
     POSTGRES_CONNECTION_URL: process.env.POSTGRES_CONNECTION_URL,
+    WALLET_CONFIGURATION:
+      process.env.AWS_ACCESS_KEY_ID ||
+      process.env.AWS_SECRET_ACCESS_KEY ||
+      process.env.AWS_REGION
+        ? JSON.stringify({
+            type: WalletType.awsKms,
+            awsAccessKeyId: process.env.AWS_ACCESS_KEY_ID,
+            awsSecretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+            awsRegion: process.env.AWS_REGION,
+          })
+        : process.env.GOOGLE_APPLICATION_PROJECT_ID ||
+          process.env.GOOGLE_KMS_LOCATION_ID ||
+          process.env.GOOGLE_KMS_KEY_RING_ID ||
+          process.env.GOOGLE_APPLICATION_CREDENTIAL_EMAIL ||
+          process.env.GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY
+        ? JSON.stringify({
+            type: WalletType.gcpKms,
+            gcpApplicationProjectId: process.env.GOOGLE_APPLICATION_PROJECT_ID,
+            gcpKmsLocationId: process.env.GOOGLE_KMS_LOCATION_ID,
+            gcpKmsKeyRingId: process.env.GOOGLE_KMS_KEY_RING_ID,
+            gcpApplicationCredentialEmail:
+              process.env.GOOGLE_APPLICATION_CREDENTIAL_EMAIL,
+            gcpApplicationCredentialPrivateKey:
+              process.env.GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY,
+          })
+        : JSON.stringify({
+            type: WalletType.local,
+          }),
     PORT: process.env.PORT,
     HOST: process.env.HOST,
     OPENAPI_BASE_ORIGIN: process.env.OPENAPI_BASE_ORIGIN,
@@ -80,13 +118,6 @@ export const env = createEnv({
     MINED_TX_CRON_SCHEDULE: process.env.MINED_TX_CRON_SCHEDULE,
     MIN_TX_TO_CHECK_FOR_MINED_STATUS:
       process.env.MIN_TX_TO_CHECK_FOR_MINED_STATUS,
-    GOOGLE_APPLICATION_PROJECT_ID: process.env.GOOGLE_APPLICATION_PROJECT_ID,
-    GOOGLE_KMS_KEY_RING_ID: process.env.GOOGLE_KMS_KEY_RING_ID,
-    GOOGLE_KMS_LOCATION_ID: process.env.GOOGLE_KMS_LOCATION_ID,
-    GOOGLE_APPLICATION_CREDENTIAL_EMAIL:
-      process.env.GOOGLE_APPLICATION_CREDENTIAL_EMAIL,
-    GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY:
-      process.env.GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY,
     RETRY_TX_ENABLED: process.env.RETRY_TX_ENABLED,
     MAX_FEE_PER_GAS_FOR_RETRY: process.env.MAX_FEE_PER_GAS_FOR_RETRY,
     MAX_PRIORITY_FEE_PER_GAS_FOR_RETRY:

core/sdk/sdk.ts

@@ -6,12 +6,13 @@ import { AsyncStorage, LocalWallet } from "@thirdweb-dev/wallets";
 import { AwsKmsWallet } from "@thirdweb-dev/wallets/evm/wallets/aws-kms";
 import { GcpKmsSigner } from "ethers-gcp-kms-signer";
 import * as fs from "fs";
-import {
-  WalletConfigType,
-  walletTableSchema,
-} from "../../server/schemas/wallet";
+import { walletTableSchema } from "../../server/schemas/wallet";
+import { getAwsKmsWallet } from "../../server/utils/wallets/getAwsKmsWallet";
+import { getGcpKmsSigner } from "../../server/utils/wallets/getGcpKmsSigner";
+import { getLocalWallet } from "../../server/utils/wallets/getLocalWallet";
 import { getWalletDetails } from "../../src/db/wallets/getWalletDetails";
 import { PrismaTransaction } from "../../src/schema/prisma";
+import { WalletType } from "../../src/schema/wallet";
 import { env } from "../env";
 import { networkResponseSchema } from "../schema";
 
@@ -119,9 +120,6 @@ const getCachedWallet = async (
   return walletData;
 };
 
-const AWS_REGION = env.AWS_REGION;
-const AWS_ACCESS_KEY_ID = env.AWS_ACCESS_KEY_ID;
-const AWS_SECRET_ACCESS_KEY = env.AWS_SECRET_ACCESS_KEY;
 const THIRDWEB_API_SECRET_KEY = env.THIRDWEB_API_SECRET_KEY;
 
 export const getSDK = async (
@@ -175,85 +173,39 @@ export const getSDK = async (
   const gcpKmsKeyId = walletData.gcpKmsKeyId;
   const gcpKmsKeyVersionId = walletData.gcpKmsKeyVersionId;
 
-  if (walletType === WalletConfigType.aws_kms) {
-    if (!AWS_REGION || !AWS_ACCESS_KEY_ID || !AWS_SECRET_ACCESS_KEY) {
-      throw new Error(
-        "AWS_REGION, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY must be set in order to use AWS KMS.",
-      );
-    }
+  console.log(
+    `getSDK walletAddress: ${walletAddress}, walletType: ${walletType}, awsKmsKeyId: ${awsKmsKeyId}, gcpKmsKeyId: ${gcpKmsKeyId}, chainName: ${chainName}`,
+  );
+
+  if (walletType === WalletType.awsKms) {
     if (!awsKmsKeyId) {
-      throw new Error("AWS KMS Key ID must be set in order to use AWS KMS.");
+      throw new Error("Wallet does not specify awsKmsKeyId");
     }
 
-    wallet = new AwsKmsWallet({
-      region: AWS_REGION,
-      accessKeyId: AWS_ACCESS_KEY_ID,
-      secretAccessKey: AWS_SECRET_ACCESS_KEY,
-      keyId: awsKmsKeyId,
-    });
+    const wallet = getAwsKmsWallet({ awsKmsKeyId });
     sdk = await ThirdwebSDK.fromWallet(wallet, chain, {
       secretKey: THIRDWEB_API_SECRET_KEY,
       supportedChains: RPC_OVERRIDES,
     });
     walletAddress = await sdk.wallet.getAddress();
     cacheSdk(chain.name, sdk, walletAddress);
     return sdk;
-  } else if (walletType === WalletConfigType.gcp_kms) {
-    // Google Service A/C credentials Check
-    if (
-      !env.GOOGLE_APPLICATION_CREDENTIAL_EMAIL ||
-      !env.GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY
-    ) {
-      throw new Error(
-        `Please provide needed Google Service A/C credentials in order to use GCP KMS.
-        Check for GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY and GOOGLE_APPLICATION_CREDENTIAL_EMAIL in .env file`,
-      );
-    }
-
-    if (
-      !env.GOOGLE_KMS_KEY_RING_ID ||
-      !env.GOOGLE_KMS_LOCATION_ID ||
-      !env.GOOGLE_APPLICATION_PROJECT_ID
-    ) {
-      throw new Error(
-        "GOOGLE_APPLICATION_PROJECT_ID, GOOGLE_KMS_KEY_RING_ID, and GOOGLE_KMS_LOCATION_ID must be set in order to use GCP KMS.",
-      );
-    }
-
-    if (!gcpKmsKeyVersionId || !gcpKmsKeyId) {
+  } else if (walletType === WalletType.gcpKms) {
+    if (!(gcpKmsKeyId && gcpKmsKeyVersionId)) {
       throw new Error(
-        "GOOGLE_KMS_KEY_VERSION_ID and GOOGLE_KMS_KEY_ID must be set in order to use GCP KMS. Please check .env file",
+        "Wallet does not specify gcpKmsKeyId or gcpKmsKeyVersionId",
       );
     }
 
-    const kmsCredentials = {
-      projectId: env.GOOGLE_APPLICATION_PROJECT_ID,
-      locationId: env.GOOGLE_KMS_LOCATION_ID,
-      keyRingId: env.GOOGLE_KMS_KEY_RING_ID,
-      keyId: gcpKmsKeyId!,
-      keyVersion: gcpKmsKeyVersionId,
-    };
-
-    signer = new GcpKmsSigner(kmsCredentials);
+    const signer = getGcpKmsSigner({ gcpKmsKeyId, gcpKmsKeyVersionId });
     sdk = ThirdwebSDK.fromSigner(signer, chain, {
       secretKey: THIRDWEB_API_SECRET_KEY,
       supportedChains: RPC_OVERRIDES,
     });
     cacheSdk(chain.name, sdk, walletAddress);
     return sdk;
-  } else if (
-    walletType === WalletConfigType.ppk ||
-    walletType === WalletConfigType.local
-  ) {
-    //TODO get private key from encrypted file
-    wallet = new LocalWallet({
-      chain,
-    });
-    await wallet.load({
-      strategy: "encryptedJson",
-      password: THIRDWEB_API_SECRET_KEY,
-      storage: new LocalFileStorage(walletAddress),
-    });
+  } else if (walletType === WalletType.local) {
+    const wallet = await getLocalWallet({ walletAddress });
     sdk = await ThirdwebSDK.fromWallet(wallet, chain, {
       secretKey: THIRDWEB_API_SECRET_KEY,
       supportedChains: RPC_OVERRIDES,

server/api/index.ts

@@ -36,15 +36,15 @@ import { extractEvents } from "./contract/metadata/events";
 import { extractFunctions } from "./contract/metadata/functions";
 
 // Wallet
-import { addWallet } from "./wallet/addWallet";
-import { createEOAWallet } from "./wallet/createEOAWallet";
+import { createWallet } from "./wallet/create";
 import { getAll } from "./wallet/getAll";
 import { getBalance } from "./wallet/getBalance";
+import { importWallet } from "./wallet/import";
 
 export const apiRoutes = async (fastify: FastifyInstance) => {
   // Wallet
-  await fastify.register(createEOAWallet);
-  await fastify.register(addWallet);
+  await fastify.register(createWallet);
+  await fastify.register(importWallet);
   await fastify.register(getBalance);
   await fastify.register(getAll);