Add managed data store to armory app

apps/armory/.env.default

@@ -1,5 +1,7 @@
 NODE_ENV=development
 
+CORS="http://localhost:4200"
+
 PORT=3005
 
 ARMORY_DATABASE_URL="postgresql://postgres:postgres@localhost:5432/armory?schema=public"

apps/armory/src/admin/admin.module.ts

@@ -0,0 +1,43 @@
+import { HttpModule } from '@nestjs/axios'
+import { ClassSerializerInterceptor, Module, ValidationPipe } from '@nestjs/common'
+import { ConfigModule } from '@nestjs/config'
+import { APP_FILTER, APP_INTERCEPTOR, APP_PIPE } from '@nestjs/core'
+import { ZodValidationPipe } from 'nestjs-zod'
+import { ApplicationExceptionFilter } from '../shared/filter/application-exception.filter'
+import { ZodExceptionFilter } from '../shared/filter/zod-exception.filter'
+import { PersistenceModule } from '../shared/module/persistence/persistence.module'
+import { DataStoreService } from './core/service/data-store.service'
+import { DataStoreController } from './http/controller/data-store.controller'
+import { DataStoreRepository } from './persistence/repository/data-store.repository'
+
+@Module({
+  imports: [ConfigModule.forRoot(), HttpModule, PersistenceModule],
+  controllers: [DataStoreController],
+  providers: [
+    DataStoreService,
+    DataStoreRepository,
+    {
+      provide: APP_FILTER,
+      useClass: ApplicationExceptionFilter
+    },
+    {
+      provide: APP_FILTER,
+      useClass: ZodExceptionFilter
+    },
+    {
+      provide: APP_INTERCEPTOR,
+      useClass: ClassSerializerInterceptor
+    },
+    {
+      // DEPRECATE: Use Zod generated DTOs to validate request and responses.
+      provide: APP_PIPE,
+      useClass: ValidationPipe
+    },
+    {
+      provide: APP_PIPE,
+      useClass: ZodValidationPipe
+    }
+  ],
+  exports: []
+})
+export class AdminModule {}

apps/armory/src/admin/core/service/data-store.service.ts

@@ -0,0 +1,113 @@
+import { Entities, EntityStore, Policy, PolicyStore } from '@narval/policy-engine-shared'
+import {
+  Alg,
+  Payload,
+  SigningAlg,
+  buildSignerEip191,
+  hash,
+  privateKeyToJwk,
+  signJwt,
+  verifyJwt
+} from '@narval/signature'
+import { Injectable } from '@nestjs/common'
+import { ACCOUNT, UNSAFE_PRIVATE_KEY } from 'packages/policy-engine-shared/src/lib/dev.fixture'
+import { DataStoreRepository } from '../../persistence/repository/data-store.repository'
+
+@Injectable()
+export class DataStoreService {
+  constructor(private dataStoreRepository: DataStoreRepository) {}
+
+  async getEntities(orgId: string) {
+    const dataStore = await this.dataStoreRepository.getLatestDataStore(orgId)
+    return dataStore?.data.entity.data
+  }
+
+  async getPolicies(orgId: string) {
+    const dataStore = await this.dataStoreRepository.getLatestDataStore(orgId)
+    return dataStore?.data.policy.data
+  }
+
+  async setEntities(orgId: string, entities: Entities) {
+    const signature = await this.signDataPayload(entities)
+    const entity: EntityStore = {
+      data: entities,
+      signature
+    }
+    const dataStore = await this.dataStoreRepository.getLatestDataStore(orgId)
+
+    if (!dataStore) {
+      const policy: PolicyStore = {
+        data: [],
+        signature: ''
+      }
+
+      return this.dataStoreRepository.setDataStore({
+        orgId,
+        version: 1,
+        data: { entity, policy }
+      })
+    } else {
+      const { policy } = dataStore.data
+
+      return this.dataStoreRepository.setDataStore({
+        orgId,
+        version: dataStore.version + 1,
+        data: { entity, policy }
+      })
+    }
+  }
+
+  async setPolicies(orgId: string, policies: Policy[]) {
+    const signature = await this.signDataPayload(policies)
+    const policy: PolicyStore = {
+      data: policies,
+      signature
+    }
+    const dataStore = await this.dataStoreRepository.getLatestDataStore(orgId)
+
+    if (!dataStore) {
+      const entity: EntityStore = {
+        data: {} as Entities,
+        signature: ''
+      }
+
+      return this.dataStoreRepository.setDataStore({
+        orgId,
+        version: 1,
+        data: { entity, policy }
+      })
+    } else {
+      const { entity } = dataStore.data
+
+      return this.dataStoreRepository.setDataStore({
+        orgId,
+        version: dataStore.version + 1,
+        data: { entity, policy }
+      })
+    }
+  }
+
+  private async signDataPayload(data: Entities | Policy[]) {
+    const jwk = privateKeyToJwk(UNSAFE_PRIVATE_KEY.Root, Alg.ES256K)
+
+    const payload: Payload = {
+      data: hash(data),
+      sub: ACCOUNT.Root.address,
+      iss: 'https://armory.narval.xyz',
+      iat: Math.floor(Date.now() / 1000)
+    }
+
+    const signature = await signJwt(
+      payload,
+      jwk,
+      { alg: SigningAlg.EIP191 },
+      buildSignerEip191(UNSAFE_PRIVATE_KEY.Root)
+    )
+
+    const verify = await verifyJwt(signature, jwk)
+
+    console.log({ signature, verify })
+
+    return signature
+  }
+}

apps/armory/src/admin/http/controller/data-store.controller.ts

@@ -0,0 +1,31 @@
+import { Entities, Policy } from '@narval/policy-engine-shared'
+import { Body, Controller, Get, Post } from '@nestjs/common'
+import { ApiTags } from '@nestjs/swagger'
+import { OrgId } from '../../../shared/decorator/org-id.decorator'
+import { DataStoreService } from '../../core/service/data-store.service'
+
+@Controller('/data-store')
+@ApiTags('Data Store')
+export class DataStoreController {
+  constructor(private dataStoreService: DataStoreService) {}
+
+  @Get('/entities')
+  getEntities(@OrgId() orgId: string) {
+    return this.dataStoreService.getEntities(orgId)
+  }
+
+  @Get('/policies')
+  getPolicies(@OrgId() orgId: string) {
+    return this.dataStoreService.getPolicies(orgId)
+  }
+
+  @Post('/entities')
+  setEntities(@OrgId() orgId: string, @Body() body: Entities) {
+    return this.dataStoreService.setEntities(orgId, body)
+  }
+
+  @Post('/policies')
+  setPolicies(@OrgId() orgId: string, @Body() body: Policy[]) {
+    return this.dataStoreService.setPolicies(orgId, body)
+  }
+}

apps/armory/src/admin/persistence/repository/data-store.repository.ts

@@ -0,0 +1,39 @@
+import { EntityStore, PolicyStore } from '@narval/policy-engine-shared'
+import { Injectable } from '@nestjs/common'
+import { PrismaService } from '../../../shared/module/persistence/service/prisma.service'
+
+type DataStore = { entity: EntityStore; policy: PolicyStore }
+
+@Injectable()
+export class DataStoreRepository {
+  constructor(private prismaService: PrismaService) {}
+
+  setDataStore(data: { orgId: string; version: number; data: DataStore }) {
+    return this.prismaService.dataStore.create({ data })
+  }
+
+  async getLatestDataStore(orgId: string) {
+    const version = await this.getLatestVersion(orgId)
+
+    if (!version) return null
+
+    const dataStore = await this.prismaService.dataStore.findFirst({ where: { orgId, version } })
+
+    if (!dataStore) return null
+
+    return { ...dataStore, data: dataStore.data as DataStore }
+  }
+
+  private async getLatestVersion(orgId: string): Promise<number> {
+    const data = await this.prismaService.dataStore.aggregate({
+      where: {
+        orgId
+      },
+      _max: {
+        version: true
+      }
+    })
+
+    return data._max?.version || 0
+  }
+}

apps/armory/src/armory.config.ts

@@ -9,6 +9,7 @@ export enum Env {
 const configSchema = z.object({
   env: z.nativeEnum(Env),
   port: z.coerce.number(),
+  cors: z.array(z.string()).optional(),
   database: z.object({
     url: z.string().startsWith('postgresql://')
   }),
@@ -28,6 +29,7 @@ export const load = (): Config => {
   const result = configSchema.safeParse({
     env: process.env.NODE_ENV,
     port: process.env.PORT,
+    cors: process.env.CORS ? process.env.CORS.split(',') : [],
     database: {
       url: process.env.ARMORY_DATABASE_URL
     },

apps/armory/src/armory.module.ts

@@ -1,6 +1,7 @@
 import { ClassSerializerInterceptor, Module } from '@nestjs/common'
 import { ConfigModule } from '@nestjs/config'
 import { APP_INTERCEPTOR } from '@nestjs/core'
+import { AdminModule } from './admin/admin.module'
 import { load } from './armory.config'
 import { OrchestrationModule } from './orchestration/orchestration.module'
 import { QueueModule } from './shared/module/queue/queue.module'
@@ -14,7 +15,8 @@ import { TransferTrackingModule } from './transfer-tracking/transfer-tracking.mo
     }),
     QueueModule.forRoot(),
     OrchestrationModule,
-    TransferTrackingModule
+    TransferTrackingModule,
+    AdminModule
   ],
   providers: [
     {

apps/armory/src/main.ts

@@ -1,4 +1,4 @@
-import { withSwagger } from '@narval/nestjs-shared'
+import { withCors, withSwagger } from '@narval/nestjs-shared'
 import { ClassSerializerInterceptor, INestApplication, Logger, ValidationPipe } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
 import { NestFactory, Reflector } from '@nestjs/core'
@@ -76,6 +76,7 @@ async function bootstrap(): Promise<void> {
       map(withGlobalPipes),
       map(withGlobalInterceptors),
       map(withGlobalFilters(configService)),
+      map(withCors(configService.get('cors'))),
       switchMap((app) => app.listen(port))
     )
   )

apps/armory/src/shared/module/persistence/schema/migrations/20240417115049_create_data_store_table/migration.sql

@@ -0,0 +1,9 @@
+-- CreateTable
+CREATE TABLE "data_store" (
+    "id" VARCHAR(255) NOT NULL,
+    "org_id" TEXT NOT NULL,
+    "data" JSONB NOT NULL,
+    "version" INTEGER NOT NULL,
+
+    CONSTRAINT "data_store_pkey" PRIMARY KEY ("id")
+);

apps/armory/src/shared/module/persistence/schema/schema.prisma

@@ -115,3 +115,14 @@ model Feed {
 
   @@map("feed")
 }
+
+// Data Store
+
+model DataStore {
+  id      String @id @default(uuid()) @db.VarChar(255)
+  orgId   String @map("org_id")
+  data    Json
+  version Int
+
+  @@map("data_store")
+}

apps/devtool/src/app/_hooks/useAccountSignature.tsx

@@ -2,6 +2,7 @@ import {
   Curves,
   JwsdHeader,
   KeyTypes,
+  Payload,
   PublicKey,
   SigningAlg,
   hash,
@@ -36,7 +37,7 @@ const useAccountSignature = () => {
     return hexToBase64Url(signature)
   }
 
-  const signAccountJwt = async (payload: any) => {
+  const signAccountJwt = async (payload: Payload) => {
     if (!jwk) return ''
 
     const signature = await signJwt(payload, jwk, { alg: SigningAlg.EIP191 }, signer)