Remove duplication signature (#132)

* renamed lib and divided tests

* moved test to lib dir

* removed duplication, signs viem keys

* removed alg import from shared

* lint

* alg import

* another alg import

* signing header + payload, improved tests

* fixed imports

* removed useless config change

* import in tests

* Alg import in integration test

apps/armory/src/data-feed/core/service/__test__/unit/historical-transfer-feed.service.spec.ts

@@ -1,4 +1,4 @@
-import { Alg } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { ConfigModule } from '@nestjs/config'
 import { Test, TestingModule } from '@nestjs/testing'
 import { MockProxy, mock } from 'jest-mock-extended'

apps/armory/src/data-feed/core/service/__test__/unit/price-feed.service.spec.ts

@@ -1,4 +1,5 @@
-import { Alg, Prices } from '@narval/policy-engine-shared'
+import { Prices } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { ConfigModule } from '@nestjs/config'
 import { Test, TestingModule } from '@nestjs/testing'
 import { MockProxy, mock } from 'jest-mock-extended'

apps/armory/src/data-feed/core/service/historical-transfer-feed.service.ts

@@ -1,4 +1,5 @@
-import { Alg, Feed, HistoricalTransfer, Signature, hashRequest } from '@narval/policy-engine-shared'
+import { Feed, HistoricalTransfer, Signature } from '@narval/policy-engine-shared'
+import { Alg, hashRequest } from '@narval/signature'
 import { Injectable } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
 import { mapValues, omit } from 'lodash/fp'

apps/armory/src/data-feed/core/service/price-feed.service.ts

@@ -1,4 +1,5 @@
-import { Action, Alg, AssetId, Feed, Signature, hashRequest } from '@narval/policy-engine-shared'
+import { Action, AssetId, Feed, Signature } from '@narval/policy-engine-shared'
+import { Alg, hashRequest } from '@narval/signature'
 import { InputType, Intents, safeDecode } from '@narval/transaction-request-intent'
 import { Injectable } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'

apps/armory/src/orchestration/__test__/e2e/authorization-request.spec.ts

@@ -1,4 +1,5 @@
-import { Action, Alg } from '@narval/policy-engine-shared'
+import { Action } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { getQueueToken } from '@nestjs/bull'
 import { HttpStatus, INestApplication } from '@nestjs/common'
 import { ConfigModule } from '@nestjs/config'

apps/armory/src/orchestration/core/service/__test__/unit/cluster.service.spec.ts

@@ -1,4 +1,5 @@
-import { Alg, Decision, EvaluationResponse, Feed, Prices, hashRequest } from '@narval/policy-engine-shared'
+import { Decision, EvaluationResponse, Feed, Prices } from '@narval/policy-engine-shared'
+import { Alg, hashRequest } from '@narval/signature'
 import { Test } from '@nestjs/testing'
 import { MockProxy, mock } from 'jest-mock-extended'
 import { PrivateKeyAccount, generatePrivateKey, privateKeyToAccount } from 'viem/accounts'

apps/armory/src/orchestration/core/service/cluster.service.ts

@@ -1,4 +1,5 @@
-import { Decision, EvaluationRequest, EvaluationResponse, hashRequest } from '@narval/policy-engine-shared'
+import { Decision, EvaluationRequest, EvaluationResponse } from '@narval/policy-engine-shared'
+import { hashRequest } from '@narval/signature'
 import { Injectable, Logger } from '@nestjs/common'
 import { zip } from 'lodash/fp'
 import { ClusterNotFoundException } from '../../core/exception/cluster-not-found.exception'

apps/armory/src/orchestration/http/rest/dto/signature.dto.ts

@@ -1,4 +1,4 @@
-import { Alg } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { ApiProperty } from '@nestjs/swagger'
 import { IsDefined, IsIn, IsOptional, IsString } from 'class-validator'
 

apps/armory/src/orchestration/persistence/repository/__test__/integration/authorization-request.repository.spec.ts

@@ -1,4 +1,5 @@
-import { Action, Alg, Signature } from '@narval/policy-engine-shared'
+import { Action, Signature } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { ConfigModule } from '@nestjs/config'
 import { Test, TestingModule } from '@nestjs/testing'
 import { AuthorizationRequestStatus, Organization } from '@prisma/client/armory'

apps/armory/src/orchestration/persistence/schema/signature.schema.ts

@@ -1,4 +1,4 @@
-import { Alg } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { z } from 'zod'
 
 export const algSchema = z.nativeEnum(Alg)

apps/armory/src/orchestration/queue/consumer/__test__/integration/authorization-request-processing.consumer.spec.ts

@@ -1,4 +1,5 @@
-import { Action, Alg, Signature } from '@narval/policy-engine-shared'
+import { Action, Signature } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { HttpModule } from '@nestjs/axios'
 import { BullModule, getQueueToken } from '@nestjs/bull'
 import { ConfigModule } from '@nestjs/config'

apps/armory/src/orchestration/queue/producer/__test__/integration/authorization-request-processing.producer.spec.ts

@@ -1,4 +1,5 @@
-import { Action, Alg, Signature } from '@narval/policy-engine-shared'
+import { Action, Signature } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { BullModule, getQueueToken } from '@nestjs/bull'
 import { ConfigModule } from '@nestjs/config'
 import { Test, TestingModule } from '@nestjs/testing'

apps/policy-engine/src/app/__test__/e2e/admin.spec.ts

@@ -1,4 +1,5 @@
-import { Action, Alg, EntityType, FIXTURE, Signature, UserRole, ValueOperators } from '@narval/policy-engine-shared'
+import { Action, EntityType, FIXTURE, Signature, UserRole, ValueOperators } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { Intents } from '@narval/transaction-request-intent'
 import { HttpStatus, INestApplication } from '@nestjs/common'
 import { ConfigModule } from '@nestjs/config'

apps/policy-engine/src/app/app.service.ts

@@ -1,15 +1,14 @@
 import {
   Action,
-  Alg,
   CredentialEntity,
   Decision,
   EvaluationRequest,
   EvaluationResponse,
   HistoricalTransfer,
   Request,
-  Signature,
-  hashRequest
+  Signature
 } from '@narval/policy-engine-shared'
+import { Alg, hashRequest } from '@narval/signature'
 import { safeDecode } from '@narval/transaction-request-intent'
 import {
   BadRequestException,

apps/policy-engine/src/app/persistence/repository/mock_data.ts

@@ -1,12 +1,5 @@
-import {
-  Action,
-  Alg,
-  EvaluationRequest,
-  FIXTURE,
-  Request,
-  TransactionRequest,
-  hashRequest
-} from '@narval/policy-engine-shared'
+import { Action, EvaluationRequest, FIXTURE, Request, TransactionRequest } from '@narval/policy-engine-shared'
+import { Alg, hashRequest } from '@narval/signature'
 import { toHex } from 'viem'
 
 export const ONE_ETH = BigInt('1000000000000000000')

apps/policy-engine/src/shared/types/policy.type.ts

@@ -2,7 +2,6 @@ import {
   AccountId,
   AccountType,
   Action,
-  Alg,
   AssetId,
   BaseAction,
   BaseAdminRequest,
@@ -17,6 +16,7 @@ import {
   UserRole,
   ValueOperators
 } from '@narval/policy-engine-shared'
+import { Alg } from '@narval/signature'
 import { Intents } from '@narval/transaction-request-intent'
 import { ApiExtraModels, ApiProperty, ApiPropertyOptional, getSchemaPath } from '@nestjs/swagger'
 import { Transform, Type, plainToInstance } from 'class-transformer'

doc/policy-engine-setup.md

@@ -40,7 +40,7 @@ sequenceDiagram
     Engine ->> DB: Write KEK (AES-256) encrypted MK
     Engine ->> DB: Write KEK (AES-256) encrypted AK
     Engine -->> Engineer: Return engine configuration JSON
-  else 
+  else
     Engine -->> Engineer: Prompt Yes/No to re-provision
     deactivate Engine
     Note over Engine: Re-provisioning will overwrite existing data to "factory default".
@@ -89,15 +89,15 @@ sequenceDiagram
   participant DB as Database
   participant DS as Data Storage
 
-  Engine ->> Engine: Read and validate engine's configuration 
+  Engine ->> Engine: Read and validate engine's configuration
   activate Engine
   alt if engine configuration is valid
     Engine ->> DB: Read tenants configuration
     loop For each tenant
       Engine ->> DS: Fetch tenant data
     end
-  else 
-    Engine ->> Engine: Abort the boot with invalid environment error message 
+  else
+    Engine ->> Engine: Abort the boot with invalid environment error message
     deactivate Engine
   end
 ```
@@ -115,12 +115,12 @@ sequenceDiagram
   participant DB as Database
   participant DS as Data Storage
 
-  Admin ->> Engine: Onboard tenant request 
+  Admin ->> Engine: Onboard tenant request
   activate Engine
   Engine ->> DB: Verify if admin API key exists
   Engine ->> Engine: Generate tenant signing key pair
   Engine ->> Engine: Generate tenant API key (TAK)
-  Engine ->> DB: Write CEK (AES-256) encrypted tenant configuration 
+  Engine ->> DB: Write CEK (AES-256) encrypted tenant configuration
   Engine ->> DS: Fetch tenant data
   Engine ->> DB: Write CEK (AES-256) tenant's data
   Note over DB: Does not fail the onboarding if fetching the tenant data failed
@@ -148,24 +148,24 @@ sequenceDiagram
 This section describes the encryption summary used to secure the Policy Engine.
 
 1. **Master Password to Key Encryption Key (KEK) via PBKDF2**: Using PBKDF2
-  (Password-Based Key Derivation Function 2) to derive a Key Encryption Key (KEK)
-  from an "encryptor master password" is a standard practice. PBKDF2 is designed
-  to make brute-force attacks difficult by using a salt and iterating the hashing
-  process many times, thus slowing down the attack attempts.
-    1. [node.js crypto built-in implementation](https://nodejs.org/api/crypto.html#cryptopbkdf2password-salt-iterations-keylen-digest-callback)
-    2. Master Password is an env secret
+   (Password-Based Key Derivation Function 2) to derive a Key Encryption Key (KEK)
+   from an "encryptor master password" is a standard practice. PBKDF2 is designed
+   to make brute-force attacks difficult by using a salt and iterating the hashing
+   process many times, thus slowing down the attack attempts.
+   1. [node.js crypto built-in implementation](https://nodejs.org/api/crypto.html#cryptopbkdf2password-salt-iterations-keylen-digest-callback)
+   2. Master Password is an env secret
 2. **Generating an AES-256 Master Key and Encrypting with KEK**: Generating a
-  strong AES-256 master key for encryption is a solid choice given AES-256's
-  widespread acceptance and strength. Encrypting this master key with the KEK for
-  storage is a common approach in hierarchical key management systems, ensuring
-  that the master key is not exposed in plaintext.
+   strong AES-256 master key for encryption is a solid choice given AES-256's
+   widespread acceptance and strength. Encrypting this master key with the KEK for
+   storage is a common approach in hierarchical key management systems, ensuring
+   that the master key is not exposed in plaintext.
 3. **Deriving a Content Encryption Key (CEK) from the Master Key using HKDF**:
-  HKDF (HMAC-based Key Derivation Function) is designed for deriving additional
-  keys from a single master key, which is a suitable method for generating Content
-  Encryption Keys (CEKs) from your master key. This step allows for different keys
-  to be used for different pieces of content or sessions, enhancing security by
-  limiting the scope of each key's usage.
-    1. [node.js crypto built-in implementation](https://nodejs.org/api/crypto.html#cryptohkdfdigest-ikm-salt-info-keylen-callback)
+   HKDF (HMAC-based Key Derivation Function) is designed for deriving additional
+   keys from a single master key, which is a suitable method for generating Content
+   Encryption Keys (CEKs) from your master key. This step allows for different keys
+   to be used for different pieces of content or sessions, enhancing security by
+   limiting the scope of each key's usage.
+   1. [node.js crypto built-in implementation](https://nodejs.org/api/crypto.html#cryptohkdfdigest-ikm-salt-info-keylen-callback)
 
 ### Notes
 

package.json

@@ -44,7 +44,7 @@
     "eslint": "~8.56.0",
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-import": "2.27.5",
-    "eslint-plugin-jest": "^27.8.0",
+    "eslint-plugin-jest": "^27.9.0",
     "eslint-plugin-jsx-a11y": "6.8.0",
     "eslint-plugin-playwright": "^0.22.2",
     "eslint-plugin-react": "7.32.2",

packages/policy-engine-shared/src/index.ts

@@ -14,6 +14,5 @@ export * from './lib/util/caip.util'
 export * as EntityUtil from './lib/util/entity.util'
 export * from './lib/util/enum.util'
 export * from './lib/util/evm.util'
-export * from './lib/util/hash-request.util'
 export * from './lib/util/json.util'
 export * from './lib/util/typeguards'

packages/policy-engine-shared/src/lib/dev.fixture.ts

@@ -1,6 +1,6 @@
+import { Alg } from '@narval/signature'
 import { PrivateKeyAccount, sha256 } from 'viem'
 import { privateKeyToAccount } from 'viem/accounts'
-import { Alg } from './type/action.type'
 import {
   AccountClassification,
   AccountType,

packages/policy-engine-shared/src/lib/dto/signature.dto.ts

@@ -1,6 +1,6 @@
+import { Alg } from '@narval/signature'
 import { ApiProperty } from '@nestjs/swagger'
 import { IsDefined, IsIn, IsString } from 'class-validator'
-import { Alg } from '../type/action.type'
 
 export class SignatureDto {
   @IsString()

packages/policy-engine-shared/src/lib/type/action.type.ts

@@ -1,3 +1,4 @@
+import { Alg } from '@narval/signature'
 import { Address, TransactionRequest } from './domain.type'
 import {
   AccountClassification,
@@ -54,16 +55,6 @@ export type Signature = {
   pubKey: string
 }
 
-// SIGNATURE LIB
-export const Alg = {
-  ES256K: 'ES256K', // secp256k1, an Ethereum EOA
-  ES256: 'ES256', // secp256r1, ecdsa but not ethereum
-  RS256: 'RS256'
-} as const
-
-// SIGNATURE LIB
-export type Alg = (typeof Alg)[keyof typeof Alg]
-
 /**
  * Action Types; these correspond to each Action
  */

packages/policy-engine-shared/src/lib/type/entity.type.ts

@@ -1,4 +1,4 @@
-import { Alg } from './action.type'
+import { Alg } from '@narval/signature'
 import { Address } from './domain.type'
 
 export const UserRole = {