feat: http endpoints + deploy guide

DEPLOY.md

@@ -0,0 +1,36 @@
+# Manually Deploying mpc-recovery to GCP
+
+GCP Project ID: pagoda-discovery-platform-dev
+Service account: mpc-recovery@pagoda-discovery-platform-dev.iam.gserviceaccount.com
+
+First, if you don't have credentials, go to [here](https://console.cloud.google.com/iam-admin/serviceaccounts/details/106859519072057593233;edit=true/keys?project=pagoda-discovery-platform-dev) and generate a new one for yourself.
+
+Now, assuming you saved it as `mpc-recovery-creds.json` in the current working directory:
+
+```bash
+$ cat pagoda-discovery-platform-dev-92b300563d36.json | docker login -u _json_key --password-stdin https://us-east1-docker.pkg.dev
+```
+
+This will log you into the GCP Artifact Repository.
+
+Build the mpc-recovery docker image like you usually would, but tag it with this image name:
+
+```bash
+$ docker build . -t us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-tmp/mpc-recovery
+```
+
+Push the image to GCP Artifact Registry:
+
+```bash
+$ docker push us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery-tmp/mpc-recovery
+```
+
+ You can check that the image has been successfully uploaded [here](https://console.cloud.google.com/artifacts/docker/pagoda-discovery-platform-dev/us-east1/mpc-recovery-tmp?project=pagoda-discovery-platform-dev).
+
+ Now reset the VM instance:
+
+ ```bash
+ $ gcloud compute instances reset mpc-recovery-tmp-0
+ ```
+
+ The API should be available shortly on `http://34.139.85.130:3000`.

integration-tests/Cargo.toml

@@ -7,6 +7,7 @@ publish = false
 [dev-dependencies]
 anyhow = "1.0"
 bollard = "0.14"
+ed25519-dalek = "1"
 futures = "0.3"
 hex = "0.4"
 hyper = { version = "0.14", features = ["full"] }

integration-tests/tests/lib.rs

@@ -2,6 +2,7 @@ use bollard::container::{AttachContainerOptions, AttachContainerResults, Config}
 use bollard::network::CreateNetworkOptions;
 use bollard::service::{HostConfig, Ipam, PortBinding};
 use bollard::Docker;
+use ed25519_dalek::SecretKey;
 use futures::StreamExt;
 use hyper::{Body, Client, Method, Request};
 use mpc_recovery::msg::LeaderResponse;
@@ -110,6 +111,7 @@ async fn start_mpc_leader_node(
     pk_set: &PublicKeySet,
     sk_share: &SecretKeyShare,
     sign_nodes: Vec<String>,
+    root_secret_key: &SecretKey,
 ) -> anyhow::Result<String> {
     let web_port = portpicker::pick_unused_port().expect("no free ports");
 
@@ -123,6 +125,8 @@ async fn start_mpc_leader_node(
         serde_json::to_string(&SerdeSecret(sk_share))?,
         "--web-port".to_string(),
         web_port.to_string(),
+        "--root-secret-key".to_string(),
+        hex::encode(root_secret_key),
     ];
     for sign_node in sign_nodes {
         cmd.push("--sign-nodes".to_string());
@@ -194,14 +198,22 @@ async fn test_trio() -> anyhow::Result<()> {
 
     // This test creates 4 sk shares with a threshold of 2 (i.e. minimum 3 required to sign),
     // but only instantiates 3 nodes.
-    let (pk_set, sk_shares) = mpc_recovery::generate(4, 3)?;
+    let (pk_set, sk_shares, root_secret_key) = mpc_recovery::generate(4, 3)?;
 
     let mut sign_nodes = Vec::new();
     for i in 2..=3 {
         let addr = start_mpc_sign_node(&docker, i as u64, &pk_set, &sk_shares[i - 1]).await?;
         sign_nodes.push(addr);
     }
-    let leader_node = start_mpc_leader_node(&docker, 1, &pk_set, &sk_shares[0], sign_nodes).await?;
+    let leader_node = start_mpc_leader_node(
+        &docker,
+        1,
+        &pk_set,
+        &sk_shares[0],
+        sign_nodes,
+        &root_secret_key,
+    )
+    .await?;
 
     // Wait until all nodes initialize
     tokio::time::sleep(Duration::from_millis(2000)).await;

mpc-recovery/Cargo.toml

@@ -23,6 +23,7 @@ async-trait = "0.1"
 axum = "0.6"
 chrono = "0.4.24"
 clap = { version = "4.2", features = ["derive", "env"] }
+ed25519-dalek = "1"
 futures = "0.3"
 hex = "0.4"
 hyper = { version = "0.14", features = ["full"] }