Merge branch '371-pass-trustkey-to-tss-api' into 'dev'

Resolve "Pass trustKey to tss-api" Closes #371 See merge request ergo/rosen-bridge/guard-service!336
rosen-bridge · Apr 20, 2024 · 965fe19 · 965fe19
2 parents d6273f1 + 5bf48af
commit 965fe19
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/.changeset/olive-guests-sin.md b/.changeset/olive-guests-sin.md
@@ -0,0 +1,5 @@
+---
+'guard-service': minor
+---
+
+add trust key to Tss
diff --git a/src/api/tss.ts b/src/api/tss.ts
@@ -15,6 +15,7 @@ const signRoute = (server: FastifySeverInstance) => {
     error: Type.Optional(Type.String()),
     message: Type.String(),
     signature: Type.Optional(Type.String()),
+    trustKey: Type.String(),
   });
   server.post(
     '/tss/sign',
@@ -29,7 +30,13 @@ const signRoute = (server: FastifySeverInstance) => {
     },
     async (request, reply) => {
       try {
-        const { status, error, message, signature } = request.body;
+        const { status, error, message, signature, trustKey } = request.body;
+        if (trustKey !== Tss.getTrustKey()) {
+          logger.warn(
+            `Received message on Tss tx sign callback with wrong trust key`
+          );
+          reply.status(400).send({ message: 'Trust key is wrong' });
+        }
         await Tss.getInstance().handleSignData(
           status,
           error,

diff --git a/src/guard/Tss.ts b/src/guard/Tss.ts
@@ -5,6 +5,7 @@ import {
   TssSigner,
 } from '@rosen-bridge/tss';
 import axios from 'axios';
+import * as crypto from 'crypto';
 import CommunicationConfig from '../communication/CommunicationConfig';
 import Dialer from '../communication/Dialer';
 import Configs from '../configs/Configs';
@@ -20,6 +21,7 @@ class Tss {
   protected static dialer: Dialer;
   protected static guardDetection: GuardDetection;
   protected static tssSigner: TssSigner;
+  protected static trustKey: string;
 
   protected constructor() {
     // do nothing.
@@ -34,17 +36,25 @@ class Tss {
     return Tss.instance;
   };
 
+  /**
+   * @returns the trust key
+   */
+  static getTrustKey = (): string => Tss.trustKey;
+
   /**
    * runs tss binary file
    */
   protected static runBinary = (): void => {
+    Tss.trustKey = crypto.randomUUID();
     const args = [
       '-configFile',
       Configs.tssConfigPath,
       '-guardUrl',
       `http://${Configs.apiHost}:${Configs.apiPort}`,
       '-host',
       `${Configs.tssUrl}:${Configs.tssPort}`,
+      '-trustKey',
+      Tss.trustKey,
     ];
     spawn(Configs.tssExecutionPath, args, {
       detached: false,