planetarium · shkangr · Aug 2, 2024 · Jul 24, 2024 · Jul 24, 2024 · Jul 24, 2024
diff --git a/.github/workflows/build-bridge.yaml b/.github/workflows/build-bridge.yaml
@@ -22,11 +22,11 @@ jobs:
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-node-
-      - run: yarn install
+      - run: npm install
         working-directory: ./bridge
       - run: yarn prettier --check src test
         working-directory: ./bridge
-      - run: yarn tsc
+      - run: npm run build
         working-directory: ./bridge
-      - run: yarn run coverage
+      - run: npm run coverage
         working-directory: ./bridge
diff --git a/bridge/Dockerfile b/bridge/Dockerfile
@@ -2,7 +2,7 @@ FROM node:20.4 AS build-env
 
 COPY . /build
 WORKDIR /build
-RUN yarn
+RUN npm install
 RUN yarn tsc --project tsconfig.production.json
 RUN wget https://github.com/TryGhost/node-sqlite3/releases/download/v5.1.2/napi-v6-linux-musl-x64.tar.gz && tar -xvzf napi-v6-linux-musl-x64.tar.gz
 RUN mv ./napi-v6-linux-musl-x64 /build/node_modules/sqlite3/lib/binding

diff --git a/bridge/package.json b/bridge/package.json
@@ -46,6 +46,7 @@
     "@types/elliptic": "^6.4.13",
     "@types/ethereum-protocol": "^1.0.1",
     "@types/jest": "^26.0.23",
+    "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "^15.6.1",
     "@types/web3-provider-engine": "^14.0.1",
     "@typescript-eslint/eslint-plugin": "^4.22.0",
@@ -94,6 +95,7 @@
     "ethers": "^5.7.2",
     "ethers-aws-kms-signer": "^1.3.2",
     "googleapis": "^126.0.0",
+    "jsonwebtoken": "^9.0.2",
     "read-bigint": "^0.1.6",
     "sqlite3": "^5.1.1",
     "tsx": "^3.12.7",

diff --git a/bridge/scripts/transfer-script.ts b/bridge/scripts/transfer-script.ts
@@ -94,11 +94,13 @@ async function transferNcg(
   const KMS_PROVIDER_AWS_ACCESSKEY = process.env.KMS_PROVIDER_AWS_ACCESSKEY!;
   const KMS_PROVIDER_AWS_SECRETKEY = process.env.KMS_PROVIDER_AWS_SECRETKEY!;
   const KMS_PROVIDER_PUBLIC_KEY = process.env.KMS_PROVIDER_PUBLIC_KEY!;
+  const JWT_SECRET_KEY = process.env.JWT_SECRET_KEY!;
 
   const GRAPHQL_REQUEST_RETRY = 5;
   const headlessGraphQLCLient = new HeadlessGraphQLClient(
     GRAPHQL_API_ENDPOINT,
-    GRAPHQL_REQUEST_RETRY
+    GRAPHQL_REQUEST_RETRY,
+    JWT_SECRET_KEY
   );
 
   const kmsProvider = new KmsProvider(KMS_PROVIDER_URL, {

diff --git a/bridge/src/activate-account.ts b/bridge/src/activate-account.ts
@@ -2,12 +2,12 @@ import { KmsSigner } from "@planetarium/aws-kms-provider";
 import { Configuration } from "./configuration";
 import { HeadlessGraphQLClient } from "./headless-graphql-client";
 import { KMSNCGSigner } from "./kms-ncg-signer";
-import crypto from "crypto";
 
 const ACTION = "ACTIVATE_ACCOUNT_PLAIN_VALUE";
 const headlessGraphQLClient = new HeadlessGraphQLClient(
   Configuration.get("GRAPHQL_API_ENDPOINT"),
-  5
+  5,
+  Configuration.get("JWT_SECRET_KEY")
 );
 
 const kmsSigner = new KmsSigner(

diff --git a/bridge/src/headless-graphql-client.ts b/bridge/src/headless-graphql-client.ts
@@ -3,6 +3,7 @@ import { IHeadlessGraphQLClient } from "./interfaces/headless-graphql-client";
 import { NCGTransferredEvent } from "./types/ncg-transferred-event";
 import { BlockHash } from "./types/block-hash";
 import { TxId } from "./types/txid";
+import jwt from "jsonwebtoken";
 
 function delay(ms: number): Promise<void> {
   return new Promise((resolve) => {
@@ -21,10 +22,21 @@ interface GraphQLRequestBody {
 export class HeadlessGraphQLClient implements IHeadlessGraphQLClient {
   private readonly _apiEndpoint: string;
   private readonly _maxRetry: number;
+  private readonly _jwtToken: string;
 
-  constructor(apiEndpoint: string, maxRetry: number) {
+  constructor(apiEndpoint: string, maxRetry: number, secretKey: string) {
     this._apiEndpoint = apiEndpoint;
     this._maxRetry = maxRetry;
+    this._jwtToken = this.createJwtToken(secretKey);
+  }
+
+  private createJwtToken(secretKey: string) {
+    const payload = {
+      iss: "planetariumhq.com",
+      exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 365,
+    };
+
+    return jwt.sign(payload, secretKey);
   }
 
   get endpoint(): string {
@@ -189,6 +201,7 @@ export class HeadlessGraphQLClient implements IHeadlessGraphQLClient {
       const response = await axios.post(this._apiEndpoint, body, {
         headers: {
           "Content-Type": "application/json",
+          Authorization: `Bearer ${this._jwtToken}`,
         },
         timeout: 10 * 1000,
       });

diff --git a/bridge/src/index.ts b/bridge/src/index.ts
@@ -245,12 +245,15 @@ process.on("uncaughtException", console.error);
   );
 
   const GRAPHQL_REQUEST_RETRY = 5;
+  const JWT_SECRET_KEY = Configuration.get("JWT_SECRET_KEY");
   const headlessGraphQLCLient = new HeadlessGraphQLClient(
     GRAPHQL_API_ENDPOINT,
-    GRAPHQL_REQUEST_RETRY
+    GRAPHQL_REQUEST_RETRY,
+    JWT_SECRET_KEY
   );
   const stageGraphQLClients = STAGE_HEADLESSES.map(
-    (endpoint) => new HeadlessGraphQLClient(endpoint, GRAPHQL_REQUEST_RETRY)
+    (endpoint) =>
+      new HeadlessGraphQLClient(endpoint, GRAPHQL_REQUEST_RETRY, JWT_SECRET_KEY)
   );
   const integration: Integration = new PagerDutyIntegration(
     PAGERDUTY_ROUTING_KEY

diff --git a/bridge/test/aws-dependent/ncg-kms-transfer.aws.spec.ts b/bridge/test/aws-dependent/ncg-kms-transfer.aws.spec.ts
@@ -30,7 +30,8 @@ describe(NCGKMSTransfer.name, () => {
   });
   const headlessGraphQLCLient = new HeadlessGraphQLClient(
     Configuration.get("TEST_GRAPHQL_API_ENDPOINT"),
-    5
+    5,
+    "jwt_secret_key_for_test"
   );
   const ncgKmsTransfer = new NCGKMSTransfer(
     [headlessGraphQLCLient],