fix(wallet-key-share): Optimize createBulkWalletShare to Fetch Keychain Once and Prevent Rate Limiting #7849
Conversation
abk404
changed the title
| bulkCreateShareOptions.push({ | ||
| user: shareOption.userId, | ||
| permissions: shareOption.permissions, | ||
| keychain: sharedKeychain as BulkWalletShareKeychain, |
There was a problem hiding this comment.
Missing validation: The original code had explicit assertions for keychain fields. Consider keeping runtime validation instead of relying solely on type cast.
There was a problem hiding this comment.
makes sense, added the explicit assertions and removed the typecast completely.
| */ | ||
| async getDecryptedKeychainForSharing( | ||
| walletPassphrase: string | undefined | ||
| ): Promise<{ prv: string; pub: string } | undefined> { |
There was a problem hiding this comment.
Type improvement: Consider extracting { prv: string; pub: string } into a named interface for reusability.
| path: user.path, | ||
| }, | ||
| })), | ||
| }); |
There was a problem hiding this comment.
Expand test coverage: Also verify encryptPrvForUser is called once per user to ensure encryption happens for each recipient.
Marzooqa
requested review from
zahin-mohammad
and removed request for
pranavjain97
| export interface DecryptedKeychainData { | ||
| prv: string; | ||
| pub: string; | ||
| } |
There was a problem hiding this comment.
Are we sure we don't already have this type defined somewhere?
There was a problem hiding this comment.
No , we don't have this type defined somewhere else.
This was not required before because the prepareSharedKeychain was doing the operations in the same function.
Since, I broke down that function into 3 different function , we need this new interface for having the return typed for the new function.
There is a Keychain type defined which has these two fields(along with ton of other fields), but there also these fields are marked as optional .
i can do Required<Pick<Keychain, 'prv' | 'pub'>> but the current approcah of defining a new interface seems more readable and explicit.
This also follows the current pattern where a new type BulkWalletShareKeychain was created for the specific usecase instead of usign the Keychain type.
| // Only one of pub/commonPub/commonKeychain should be present in the keychain | ||
| let pub = keychain.pub ?? keychain.commonPub; | ||
| if (keychain.commonKeychain) { |
There was a problem hiding this comment.
| // Only one of pub/commonPub/commonKeychain should be present in the keychain | |
| let pub = keychain.pub ?? keychain.commonPub; | |
| if (keychain.commonKeychain) { | |
| // Only one of pub/commonKeychain should be present in the keychain | |
| let pub = keychain.pub; |
commonPub is deprecated field, we shouldn't have any active wallets that are using this field.
There was a problem hiding this comment.
The commonPub fallback was pre-existing code from the original bulk sharing implementation. This PR is a refactoring that moves this logic from prepareSharedKeychain() to getDecryptedKeychainForSharing() without changing any behaviour.
If it's a deprecated field , I can remove this, but just thinking if it will break some other flows in downstream services which calls the /key endpoint and still expect the commonPub field.
| pub = | ||
| this.baseCoin.getMPCAlgorithm() === 'eddsa' | ||
| ? EddsaUtils.getPublicKeyFromCommonKeychain(keychain.commonKeychain) | ||
| : EcdsaUtils.getPublicKeyFromCommonKeychain(keychain.commonKeychain); |
There was a problem hiding this comment.
Why is this necessary??
There was a problem hiding this comment.
Will ping on slack.
There was a problem hiding this comment.
This was also there before in the codebase I refactored the code to pull out this pub key creation logic into a separate function.
The /walletshare/{id} responses still include the pub , so I am a little skeptical if removing the field might break some other services consuming this endpoint. Also pub is used when accepting shares.
If we want to remove pub or simplify this extraction logic, I'd suggest doing it in a separate cleanup PR to avoid scope creep and ensure proper testing.
| const keychain: BulkWalletShareKeychain = { | ||
| pub, | ||
| encryptedPrv: newEncryptedPrv, | ||
| fromPubKey: eckey.publicKey.toString('hex'), | ||
| toPubKey: userPubkey, | ||
| path: path, | ||
| }; | ||
|
|
||
| assert(keychain.pub, 'pub must be defined for sharing'); |
There was a problem hiding this comment.
| const keychain: BulkWalletShareKeychain = { | |
| pub, | |
| encryptedPrv: newEncryptedPrv, | |
| fromPubKey: eckey.publicKey.toString('hex'), | |
| toPubKey: userPubkey, | |
| path: path, | |
| }; | |
| assert(keychain.pub, 'pub must be defined for sharing'); | |
| const keychain: BulkWalletShareKeychain = { | |
| encryptedPrv: newEncryptedPrv, | |
| fromPubKey: eckey.publicKey.toString('hex'), | |
| toPubKey: userPubkey, | |
| path: path, | |
| }; |
This shouldn't be necessary.
Ticket: CSI-1548
Type of change
Summary
Optimizes
createBulkWalletShareto fetch the wallet keychain only once instead of once per user, drastically reducing API calls and preventing rate limiting (HTTP 429) errors during bulk wallet sharing.Problem
When sharing a wallet with multiple users via
createBulkWalletShare, the SDK was fetching the wallet keychain (v2.key.get) for each user in the share list.For example, sharing 26 wallets with 15 users each resulted in 390 API calls (26 × 15), causing rate limiting errors and failures with the message: "Failed to process wallet shares after retrying with single requests."
Check the support ticket : CS-6701
Solution
Refactored the code to:
Extract common logic into two new helper methods:
getDecryptedKeychainForSharing()- Fetches and decrypts the keychain onceencryptPrvForUser()- Encrypts the private key for a specific user (no API calls)Optimize
createBulkWalletShare()to fetch the keychain once before the loop, then reuse it for all users