diff --git a/modules/express/src/args.ts b/modules/express/src/args.ts index 641a31c39b..a4181343b5 100644 --- a/modules/express/src/args.ts +++ b/modules/express/src/args.ts @@ -96,14 +96,6 @@ parser.addArgument(['--externalSignerUrl'], { help: 'URL which specifies the external signing API.', }); -parser.addArgument(['--enclavedExpressUrl'], { - help: 'URL to an Express instance in a secure environment.', -}); - -parser.addArgument(['--enclavedExpressSSLCert'], { - help: 'Path to the SSL certificate file for communicating with enclavedExpressUrl.', -}); - parser.addArgument(['--signerMode'], { action: 'storeConst', constant: true, diff --git a/modules/express/src/clientRoutes.ts b/modules/express/src/clientRoutes.ts index 20ce281cce..26de6311db 100755 --- a/modules/express/src/clientRoutes.ts +++ b/modules/express/src/clientRoutes.ts @@ -38,7 +38,6 @@ import type { ParamsDictionary } from 'express-serve-static-core'; import * as _ from 'lodash'; import * as url from 'url'; import * as superagent from 'superagent'; -import { handlePingEnclavedExpress } from './enclavedExpressRoutes'; // RequestTracer should be extracted into a separate npm package (along with // the rest of the BitGoJS HTTP request machinery) @@ -1752,11 +1751,6 @@ export function setupSigningRoutes(app: express.Application, config: Config): vo ); } -export function setupEnclavedExpressRoutes(app: express.Application, config: Config): void { - // Keep the ping endpoint for health checks - app.get('/ping/enclavedExpress', parseBody, prepareBitGo(config), promiseWrapper(handlePingEnclavedExpress)); -} - export function setupLightningSignerNodeRoutes(app: express.Application, config: Config): void { app.post( '/api/v2/:coin/wallet/:id/signermacaroon', diff --git a/modules/express/src/config.ts b/modules/express/src/config.ts index 22931c769f..05977f2e44 100644 --- a/modules/express/src/config.ts +++ b/modules/express/src/config.ts @@ -1,6 +1,5 @@ import { EnvironmentName, V1Network } from 'bitgo'; import { isNil, isNumber } from 'lodash'; -import { readFileSync, existsSync } from 'fs'; import 'dotenv/config'; import { args } from './args'; @@ -39,8 +38,6 @@ export interface Config { customBitcoinNetwork?: V1Network; authVersion: number; externalSignerUrl?: string; - enclavedExpressUrl?: string; - enclavedExpressSSLCert?: string; signerMode?: boolean; signerFileSystemPath?: string; lightningSignerFileSystemPath?: string; @@ -67,8 +64,6 @@ export const ArgConfig = (args): Partial => ({ customBitcoinNetwork: args.custombitcoinnetwork, authVersion: args.authVersion, externalSignerUrl: args.externalSignerUrl, - enclavedExpressUrl: args.enclavedExpressUrl, - enclavedExpressSSLCert: args.enclavedExpressSSLCert, signerMode: args.signerMode, signerFileSystemPath: args.signerFileSystemPath, lightningSignerFileSystemPath: args.lightningSignerFileSystemPath, @@ -95,8 +90,6 @@ export const EnvConfig = (): Partial => ({ customBitcoinNetwork: readEnvVar('BITGO_CUSTOM_BITCOIN_NETWORK') as V1Network, authVersion: Number(readEnvVar('BITGO_AUTH_VERSION')), externalSignerUrl: readEnvVar('BITGO_EXTERNAL_SIGNER_URL'), - enclavedExpressUrl: readEnvVar('BITGO_ENCLAVED_EXPRESS_URL'), - enclavedExpressSSLCert: readEnvVar('BITGO_ENCLAVED_EXPRESS_SSL_CERT'), signerMode: readEnvVar('BITGO_SIGNER_MODE') ? true : undefined, signerFileSystemPath: readEnvVar('BITGO_SIGNER_FILE_SYSTEM_PATH'), lightningSignerFileSystemPath: readEnvVar('BITGO_LIGHTNING_SIGNER_FILE_SYSTEM_PATH'), @@ -117,8 +110,6 @@ export const DefaultConfig: Config = { disableEnvCheck: true, timeout: 305 * 1000, authVersion: 2, - enclavedExpressUrl: undefined, - enclavedExpressSSLCert: undefined, }; /** @@ -156,8 +147,6 @@ function mergeConfigs(...configs: Partial[]): Config { const disableSSL = get('disableSSL') || false; let customRootUri = get('customRootUri'); let externalSignerUrl = get('externalSignerUrl'); - let enclavedExpressUrl = get('enclavedExpressUrl'); - let enclavedExpressSSLCert: string | undefined; if (disableSSL !== true) { if (customRootUri) { @@ -166,24 +155,6 @@ function mergeConfigs(...configs: Partial[]): Config { if (externalSignerUrl) { externalSignerUrl = forceSecureUrl(externalSignerUrl); } - if (enclavedExpressUrl) { - enclavedExpressUrl = forceSecureUrl(enclavedExpressUrl); - console.log('Using secure enclaved express URL:', enclavedExpressUrl); - } - const enclavedExpressSSLCertValue = get('enclavedExpressSSLCert'); - if (enclavedExpressSSLCertValue) { - try { - // First try to read it as a file path - enclavedExpressSSLCert = existsSync(enclavedExpressSSLCertValue) - ? readFileSync(enclavedExpressSSLCertValue, { encoding: 'utf8' }) - : enclavedExpressSSLCertValue; // If not a file, use the value directly - if (existsSync(enclavedExpressSSLCertValue)) { - console.log('Successfully loaded SSL cert from:', enclavedExpressSSLCertValue); - } - } catch (e) { - console.error(`Failed to process enclaved express SSL cert: ${enclavedExpressSSLCertValue}`, e); - } - } } return { @@ -205,8 +176,6 @@ function mergeConfigs(...configs: Partial[]): Config { customBitcoinNetwork: get('customBitcoinNetwork'), authVersion: get('authVersion'), externalSignerUrl, - enclavedExpressUrl, - enclavedExpressSSLCert, signerMode: get('signerMode'), signerFileSystemPath: get('signerFileSystemPath'), lightningSignerFileSystemPath: get('lightningSignerFileSystemPath'), @@ -215,8 +184,8 @@ function mergeConfigs(...configs: Partial[]): Config { }; } -export function config(): Config { +export const config = () => { const arg = ArgConfig(args()); const env = EnvConfig(); return mergeConfigs(env, arg); -} +}; diff --git a/modules/express/src/enclavedExpressRoutes/enclavedExpressRoutes.ts b/modules/express/src/enclavedExpressRoutes/enclavedExpressRoutes.ts deleted file mode 100644 index e79bb22b9e..0000000000 --- a/modules/express/src/enclavedExpressRoutes/enclavedExpressRoutes.ts +++ /dev/null @@ -1,18 +0,0 @@ -import * as superagent from 'superagent'; -import debug from 'debug'; -import * as express from 'express'; -import { retryPromise } from '../retryPromise'; - -export async function handlePingEnclavedExpress(req: express.Request) { - console.log('Making enclaved express request with SSL cert to:', req.config?.enclavedExpressUrl); - return await retryPromise( - () => - superagent - .get(`${req.config?.enclavedExpressUrl}/ping`) - .ca(req.config?.enclavedExpressSSLCert as string) - .send(), - (err, tryCount) => { - debug(`Failed to ping enclavedExpress: ${err.message}`); - } - ); -} diff --git a/modules/express/src/enclavedExpressRoutes/index.ts b/modules/express/src/enclavedExpressRoutes/index.ts deleted file mode 100644 index 1e144dfeb1..0000000000 --- a/modules/express/src/enclavedExpressRoutes/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './enclavedExpressRoutes'; diff --git a/modules/express/src/expressApp.ts b/modules/express/src/expressApp.ts index 2914626f24..1dbc97f30b 100644 --- a/modules/express/src/expressApp.ts +++ b/modules/express/src/expressApp.ts @@ -117,16 +117,7 @@ function createHttpServer(app: express.Application): http.Server { */ export function startup(config: Config, baseUri: string): () => void { return function () { - const { - env, - ipc, - customRootUri, - customBitcoinNetwork, - signerMode, - lightningSignerFileSystemPath, - enclavedExpressUrl, - enclavedExpressSSLCert, - } = config; + const { env, ipc, customRootUri, customBitcoinNetwork, signerMode, lightningSignerFileSystemPath } = config; /* eslint-disable no-console */ console.log('BitGo-Express running'); console.log(`Environment: ${env}`); @@ -147,12 +138,6 @@ export function startup(config: Config, baseUri: string): () => void { if (lightningSignerFileSystemPath) { console.log(`Lightning signer file system path: ${lightningSignerFileSystemPath}`); } - if (enclavedExpressUrl) { - console.log(`Enclaved Express URL: ${enclavedExpressUrl}`); - if (enclavedExpressSSLCert) { - console.log('Enclaved Express SSL certificate configured'); - } - } /* eslint-enable no-console */ }; } @@ -287,8 +272,6 @@ function checkPreconditions(config: Config) { export function setupRoutes(app: express.Application, config: Config): void { if (config.signerMode) { clientRoutes.setupSigningRoutes(app, config); - } else if (config.enclavedExpressUrl && config.enclavedExpressSSLCert) { - clientRoutes.setupEnclavedExpressRoutes(app, config); } else { if (config.lightningSignerFileSystemPath) { clientRoutes.setupLightningSignerNodeRoutes(app, config); diff --git a/modules/express/test/unit/config.ts b/modules/express/test/unit/config.ts index 70fa45ffdb..5eba08d31c 100644 --- a/modules/express/test/unit/config.ts +++ b/modules/express/test/unit/config.ts @@ -123,8 +123,6 @@ describe('Config:', () => { BITGO_CUSTOM_ROOT_URI: 'envcustomRootUri', BITGO_CUSTOM_BITCOIN_NETWORK: 'envcustomBitcoinNetwork', BITGO_EXTERNAL_SIGNER_URL: 'envexternalSignerUrl', - BITGO_ENCLAVED_EXPRESS_URL: 'envenclavedExpressUrl', - BITGO_ENCLAVED_EXPRESS_SSL_CERT: 'envenclavedExpressSSLCert', BITGO_SIGNER_MODE: 'envsignerMode', BITGO_SIGNER_FILE_SYSTEM_PATH: 'envsignerFileSystemPath', BITGO_LIGHTNING_SIGNER_FILE_SYSTEM_PATH: 'envlightningSignerFileSystemPath', @@ -181,8 +179,6 @@ describe('Config:', () => { customBitcoinNetwork: 'argcustomBitcoinNetwork', authVersion: 2, externalSignerUrl: 'https://argexternalSignerUrl', - enclavedExpressUrl: 'https://argenclavedExpressUrl', - enclavedExpressSSLCert: 'argenclavedExpressSSLCert', signerMode: 'argsignerMode', signerFileSystemPath: 'argsignerFileSystemPath', lightningSignerFileSystemPath: 'arglightningSignerFileSystemPath',