narval-xyz · mattschoch · Mar 27, 2024 · Mar 27, 2024
diff --git a/apps/vault/src/shared/filter/zod-exception.filter.ts b/apps/vault/src/shared/filter/zod-exception.filter.ts
@@ -1,38 +1,42 @@
 import { ArgumentsHost, Catch, ExceptionFilter, HttpStatus, Logger } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
 import { Response } from 'express'
+import { ZodValidationException } from 'nestjs-zod'
 import { ZodError } from 'zod'
 import { Config, Env } from '../../main.config'
 
-@Catch(ZodError)
+// Catch both types, because the zodToDto function will throw a wrapped ZodValidationError that otherwise isn't picked up here
+@Catch(ZodError, ZodValidationException)
 export class ZodExceptionFilter implements ExceptionFilter {
   private logger = new Logger(ZodExceptionFilter.name)
 
   constructor(private configService: ConfigService<Config, true>) {}
 
-  catch(exception: ZodError, host: ArgumentsHost) {
+  catch(exception: ZodError | ZodValidationException, host: ArgumentsHost) {
     const ctx = host.switchToHttp()
     const response = ctx.getResponse<Response>()
     const status = HttpStatus.UNPROCESSABLE_ENTITY
     const isProduction = this.configService.get('env') === Env.PRODUCTION
 
+    const zodError = exception instanceof ZodValidationException ? exception.getZodError() : exception
+
     // Log as error level because Zod issues should be handled by the caller.
     this.logger.error('Uncaught ZodError', {
-      exception
+      exception: zodError
     })
 
     response.status(status).json(
       isProduction
         ? {
             statusCode: status,
             message: 'Internal validation error',
-            context: exception.errors
+            context: zodError.flatten()
           }
         : {
             statusCode: status,
             message: 'Internal validation error',
-            context: exception.errors,
-            stacktrace: exception.stack
+            context: zodError.flatten(),
+            stacktrace: zodError.stack
           }
     )
   }

diff --git a/apps/vault/src/vault/__test__/e2e/sign.spec.ts b/apps/vault/src/vault/__test__/e2e/sign.spec.ts
@@ -169,13 +169,14 @@ describe('Sign', () => {
         .set('authorization', `GNAP ${accessToken}`)
         .send(payload)
 
-      expect(status).toEqual(HttpStatus.BAD_REQUEST)
-
-      expect(body).toEqual({
-        error: 'Bad Request',
-        message: ['request.transactionRequest.to must be an Ethereum address'],
-        statusCode: HttpStatus.BAD_REQUEST
-      })
+      expect(body).toEqual(
+        expect.objectContaining({
+          context: expect.any(Object),
+          message: 'Internal validation error',
+          statusCode: HttpStatus.UNPROCESSABLE_ENTITY
+        })
+      )
+      expect(status).toEqual(HttpStatus.UNPROCESSABLE_ENTITY)
     })
 
     it('signs', async () => {

diff --git a/apps/vault/src/vault/http/rest/controller/sign.controller.ts b/apps/vault/src/vault/http/rest/controller/sign.controller.ts
@@ -1,10 +1,21 @@
 import { Request } from '@narval/policy-engine-shared'
 import { Body, Controller, Post, UseGuards } from '@nestjs/common'
+import { createZodDto } from 'nestjs-zod'
+import {
+  SignMessageActionSchema,
+  SignTransactionActionSchema,
+  SignTypedDataActionSchema
+} from 'packages/policy-engine-shared/src/lib/schema/action.schema'
+import { z } from 'zod'
 import { ClientId } from '../../../../shared/decorator/client-id.decorator'
 import { AuthorizationGuard } from '../../../../shared/guard/authorization.guard'
 import { SigningService } from '../../../core/service/signing.service'
-import { SignRequestDto } from '../dto/sign-request.dto'
 
+const SignRequestSchema = z.object({
+  request: z.union([SignTransactionActionSchema, SignMessageActionSchema, SignTypedDataActionSchema])
+})
+
+class SignRequestDto extends createZodDto(SignRequestSchema) {}
 @Controller('/sign')
 @UseGuards(AuthorizationGuard)
 export class SignController {

diff --git a/apps/vault/src/vault/http/rest/dto/sign-request.dto.ts b/apps/vault/src/vault/http/rest/dto/sign-request.dto.ts
@@ -1,3 +1,4 @@
+export * from './lib/schema/action.schema'
 export * from './lib/schema/address.schema'
 export * from './lib/schema/data-store.schema'
 export * from './lib/schema/domain.schema'

@@ -0,0 +1,74 @@
+import { z } from 'zod'
+import { Action } from '../type/action.type'
+import { addressSchema } from './address.schema'
+import { hexSchema } from './hex.schema'
+
+export const AccessListSchema = z.array(
+  z.object({
+    address: addressSchema,
+    storageKeys: z.array(hexSchema)
+  })
+)
+// export type AccessList = z.infer<typeof AccessList>
+
+export const ActionSchema = z.nativeEnum(Action)
+
+export const BaseActionSchema = z.object({
+  action: ActionSchema,
+  nonce: z.string()
+})
+// export type BaseActionSchema = z.infer<typeof BaseActionSchema>
+
+export const TransactionRequestSchema = z.object({
+  chainId: z.number(),
+  from: addressSchema,
+  nonce: z.number().optional(),
+  accessList: AccessListSchema.optional(),
+  data: hexSchema.optional(),
+  gas: z.coerce.bigint().optional(),
+  maxFeePerGas: z.coerce.bigint().optional(),
+  maxPriorityFeePerGas: z.coerce.bigint().optional(),
+  to: addressSchema.nullable().optional(),
+  type: z.literal('2').optional(),
+  value: hexSchema.optional()
+})
+// export type TransactionRequest = z.infer<typeof TransactionRequest>
+
+export const SignTransactionActionSchema = z.intersection(
+  BaseActionSchema,
+  z.object({
+    action: z.literal(Action.SIGN_TRANSACTION),
+    resourceId: z.string(),
+    transactionRequest: TransactionRequestSchema
+  })
+)
+// export type SignTransactionAction = z.infer<typeof SignTransactionAction>
+
+// Matching viem's SignableMessage options https://viem.sh/docs/actions/wallet/signMessage#message
+export const SignableMessageSchema = z.union([
+  z.string(),
+  z.object({
+    raw: hexSchema
+  })
+])
+// export type SignableMessage = z.infer<typeof SignableMessage>
+
+export const SignMessageActionSchema = z.intersection(
+  BaseActionSchema,
+  z.object({
+    action: z.literal(Action.SIGN_MESSAGE),
+    resourceId: z.string(),
+    message: SignableMessageSchema
+  })
+)
+// export type SignMessageAction = z.infer<typeof SignMessageAction>
+
+export const SignTypedDataActionSchema = z.intersection(
+  BaseActionSchema,
+  z.object({
+    action: z.literal(Action.SIGN_TYPED_DATA),
+    resourceId: z.string(),
+    typedData: z.string()
+  })
+)
+// export type SignTypedDataAction = z.infer<typeof SignTypedDataAction>
@@ -30,6 +30,10 @@ describe('evm', () => {
       expect(isAddress('foo')).toEqual(false)
       expect(isAddress(address.toUpperCase())).toEqual(false)
     })
+
+    it('requires 0x prefix', () => {
+      expect(isAddress(address.slice(2))).toEqual(false)
+    })
   })
 
   describe('getAddress', () => {

@@ -10,9 +10,9 @@ import { Address } from '../type/domain.type'
  * returns false.
  */
 export const isAddress = (address: string): boolean => {
-  if (!/^(0x)?[0-9a-fA-F]{40}$/.test(address)) {
+  if (!/^0x[0-9a-fA-F]{40}$/.test(address)) {
     return false
-  } else if (/^(0x)?[0-9a-f]{40}$/.test(address) || /^(0x)?[0-9A-F]{40}$/.test(address)) {
+  } else if (/^0x[0-9a-f]{40}$/.test(address) || /^0x[0-9A-F]{40}$/.test(address)) {
     return true
   } else {
     return viemIsAddress(address)