chore(linea-ens-app): add more logs when calling Web3Signer (#349)

Author: alainncls

packages/linea-ens-app/README.md

@@ -62,7 +62,7 @@ In a third terminal, run:
 
 ```bash
 cd services/web3signer/
-cp ./keyFiles/examples/signer.yaml ./keyFiles/signer.yaml
+cp ./key-files/examples/signer.yaml ./key-files/signer.yaml
 make dev-docker
 ```
 
@@ -114,7 +114,7 @@ it [here] (https://poh.linea.build/).
     - Add this config:
 
   | Setting         | Value                 |
-    | --------------- | --------------------- |
+  | --------------- | --------------------- |
   | Network name    | Localhost 8545        |
   | New RPC URL     | http://127.0.0.1:8545 |
   | Chain ID        | 1337                  |

packages/poh-signer-api/.env.example

@@ -11,7 +11,7 @@ POH_API_URL=http://linea-poh-api-generic-app
 # Web3Signer
 WEB3SIGNER_BASE_URL=http://localhost:9000
 WEB3SIGNER_PUBLIC_KEY=0xba5734d8f7091719471e7f7ed6b9df170dc70cc661ca05e688601ad984f068b0d67351e5f06073092499336ab0839ef8a521afd334e53807205fa2f08eec74f4
-WEB3SIGNER_KEYSTORE_PATH=
-WEB3SIGNER_KEYSTORE_PASSPHRASE=
-WEB3SIGNER_TRUSTED_STORE_PATH=
-WEB3SIGNER_TRUSTED_STORE_PASSPHRASE=
+WEB3SIGNER_KEYSTORE_PATH=certs/poh-signer-client-keystore.p12
+WEB3SIGNER_KEYSTORE_PASSPHRASE=changeit
+WEB3SIGNER_TRUSTED_STORE_PATH=certs/web3signer-truststore.p12
+WEB3SIGNER_TRUSTED_STORE_PASSPHRASE=changeit

packages/poh-signer-api/certs/poh-signer-client-keystore.p12

@@ -0,0 +1,29 @@
+import { ArgumentsHost, Catch, ExceptionFilter, HttpException, HttpStatus, } from '@nestjs/common';
+import { Response } from 'express';
+
+@Catch()
+export class HttpExceptionFilter implements ExceptionFilter {
+  catch(exception: unknown, host: ArgumentsHost) {
+    const ctx = host.switchToHttp();
+    const response = ctx.getResponse<Response>();
+    const request = ctx.getRequest();
+
+    const status =
+      exception instanceof HttpException
+        ? exception.getStatus()
+        : HttpStatus.INTERNAL_SERVER_ERROR;
+
+    const message =
+      exception instanceof HttpException
+        ? exception.message
+        : 'Internal server error';
+
+    // Don't log here - logging is already done in services/controllers before throwing
+    response.status(status).json({
+      statusCode: status,
+      timestamp: new Date().toISOString(),
+      path: request.url,
+      message,
+    });
+  }
+}

packages/poh-signer-api/certs/web3signer-truststore.p12

@@ -6,13 +6,16 @@ import { WINSTON_MODULE_NEST_PROVIDER } from 'nest-winston';
 
 import { AppModule } from './app.module';
 import type { CorsConfig, SwaggerConfig } from 'src/config/config.interface';
+import { HttpExceptionFilter } from './filters/http-exception.filter';
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
 
   // Winston Logger
   app.useLogger(app.get(WINSTON_MODULE_NEST_PROVIDER));
 
+  app.useGlobalFilters(new HttpExceptionFilter());
+
   // Validation
   app.useGlobalPipes(new ValidationPipe());
 

packages/poh-signer-api/src/filters/http-exception.filter.ts

@@ -22,27 +22,23 @@ export class PohController {
   async signMessage(@Param('address') address: Address): Promise<string> {
     if (!isAddress(address)) {
       this.logger.warn(`Invalid Ethereum address received: ${address}`);
-      throw new HttpException('Invalid Ethereum address', HttpStatus.BAD_REQUEST);
-    }
-    try {
-      return await this.pohService.signMessage(address);
-    } catch (error) {
-      this.logger.error(error);
-      throw new HttpException(error.message, HttpStatus.BAD_REQUEST);
+      throw new HttpException(
+        'Invalid Ethereum address',
+        HttpStatus.BAD_REQUEST,
+      );
     }
+    return this.pohService.signMessage(address);
   }
 
   @Get('v2/:address')
   async signMessageV2(@Param('address') address: Address): Promise<string> {
     if (!isAddress(address)) {
       this.logger.warn(`Invalid Ethereum address received: ${address}`);
-      throw new HttpException('Invalid Ethereum address', HttpStatus.BAD_REQUEST);
-    }
-    try {
-      return await this.pohService.signMessage(address, true);
-    } catch (error) {
-      this.logger.error(error);
-      throw new HttpException(error.message, HttpStatus.BAD_REQUEST);
+      throw new HttpException(
+        'Invalid Ethereum address',
+        HttpStatus.BAD_REQUEST,
+      );
     }
+    return this.pohService.signMessage(address, true);
   }
 }

packages/poh-signer-api/src/main.ts

@@ -43,12 +43,14 @@ export class PohService {
       const message = {
         to: address,
       };
+
       const serializedData = ethers.TypedDataEncoder.encode(
         domain,
         types,
         message,
       );
-      return await this.signerService.signTypedData(serializedData);
+
+      return this.signerService.signTypedData(serializedData);
     } catch (error) {
       this.logger.error({ address, error });
       throw error;

packages/poh-signer-api/src/modules/poh/poh.controller.ts

@@ -12,7 +12,7 @@ import path from 'path';
 export class SignerService {
   private readonly logger = new Logger(SignerService.name);
   private readonly axiosInstance: AxiosInstance;
-  private httpsAgent: Agent | null = null;
+  private httpsAgent: Agent;
 
   constructor(private readonly configService: ConfigService) {
     this.axiosInstance = axios.create();
@@ -27,34 +27,50 @@ export class SignerService {
       web3signer.baseUrl,
     );
 
+    this.logger.debug({
+      message: 'Calling Web3Signer to sign typed data',
+      url: url.href,
+      publicKey: web3signer.publicKey,
+      dataLength: data.length,
+    });
+
     try {
+      const startTime = Date.now();
       const response = await this.axiosInstance.post(
         url.href,
         {
           data: data,
         },
         {
-          httpsAgent:
-            process.env.NODE_ENV !== 'development' ? this.httpsAgent : undefined,
+          httpsAgent: this.httpsAgent,
         },
       );
 
+      const duration = Date.now() - startTime;
+
+      this.logger.log({
+        message: 'Successfully signed typed data with Web3Signer',
+        url: url.href,
+        duration: `${duration}ms`,
+        signatureLength: response.data?.length || 0,
+      });
+
       return response.data;
     } catch (error) {
       this.logger.error({
         message: 'Failed to sign typed data',
-        url,
+        url: url.href,
         error: error.message,
         stack: error.stack,
+        statusCode: error.response?.status,
+        statusText: error.response?.statusText,
+        responseData: error.response?.data,
       });
       throw error;
     }
   }
 
-  convertToPem(
-    p12Der: string | forge.util.ByteStringBuffer,
-    password: string,
-  ) {
+  convertToPem(p12Der: string | forge.util.ByteStringBuffer, password: string) {
     const p12Asn1 = forge.asn1.fromDer(p12Der);
     const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, password);
 
@@ -69,13 +85,12 @@ export class SignerService {
       throw new Error('Certificate not found in P12');
     }
 
-    const pemCertificate = forge.pki.certificateToPem(certificate.cert);
-    return { pemCertificate };
+    return forge.pki.certificateToPem(certificate.cert);
   }
 
   private validateWeb3SignerConfig(): void {
     const web3signer = this.configService.get<Web3SignerConfig>('web3signer');
-    
+
     if (!web3signer) {
       throw new Error('Web3Signer configuration is missing');
     }
@@ -95,12 +110,6 @@ export class SignerService {
       }
     }
 
-    // Skip certificate validation in development mode
-    if (process.env.NODE_ENV === 'development') {
-      this.logger.log('Skipping certificate configuration validation in development mode');
-      return;
-    }
-
     // Validate certificate fields required in non-development environments
     const certificateRequiredFields: (keyof Web3SignerConfig)[] = [
       'keystorePath',
@@ -120,12 +129,6 @@ export class SignerService {
   }
 
   private initializeHttpsAgent(): void {
-    // Skip HTTPS agent initialization in development
-    if (process.env.NODE_ENV === 'development') {
-      this.logger.log('Skipping HTTPS agent initialization in development mode');
-      return;
-    }
-
     const web3signer = this.configService.get<Web3SignerConfig>('web3signer');
 
     try {
@@ -152,20 +155,29 @@ export class SignerService {
     trustedStorePath: string,
     trustedStorePassphrase: string,
   ): Agent {
-    const trustedStoreFile = readFileSync(
-      path.resolve(process.cwd(), trustedStorePath),
-      { encoding: 'binary' },
-    );
+    this.logger.log('Creating HTTPS agent with mTLS configuration');
+
+    // Load client certificate (pfx contains both cert and private key)
+    const keystoreFullPath = path.resolve(process.cwd(), keystorePath);
+    const clientPfx = readFileSync(keystoreFullPath);
+
+    // Load trusted CA certificate (server certificate)
+    const trustedStoreFullPath = path.resolve(process.cwd(), trustedStorePath);
+    const trustedStoreFile = readFileSync(trustedStoreFullPath, {
+      encoding: 'binary',
+    });
 
-    const { pemCertificate } = this.convertToPem(
+    const caCertPem = this.convertToPem(
       trustedStoreFile,
       trustedStorePassphrase,
     );
 
     return new Agent({
-      pfx: readFileSync(path.resolve(process.cwd(), keystorePath)),
+      pfx: clientPfx,
       passphrase: keystorePassphrase,
-      ca: pemCertificate,
+      ca: caCertPem,
+      rejectUnauthorized: true,
+      requestCert: true,
     });
   }
 }

packages/poh-signer-api/src/modules/poh/poh.service.ts

@@ -1,2 +1,2 @@
-# Ignore keyFiles
-keyFiles/*.yaml
+# Ignore key-files
+key-files/*.yaml