I’ve been following cryptocurrency-related subjects such as Bitcoin for a few months now and I’m very fascinated with everything that has been going on.<\/p>\n
As a web application developer, one topic that I’ve been particularly interested in learning more about is around cryptocurrency exchanges and how to make them. From the front, these applications seem to be tools for managing accounts, converting Bitcoin to a fiat currency like USD and back, and transferring Bitcoin to other people, but are they more?<\/p>\n
We’re going to look at some examples with Node.js and the NoSQL database, Couchbase<\/a>, that covers topics modeled around cryptocurrency exchanges.<\/p>\n Updates on related topics:<\/b><\/p>\n <\/p>\n Disclaimer:<\/strong> I am not a cryptocurrency expert, nor have I taken part in any development around financial services or exchanges. I am an enthusiast of the subject material and anything obtained from this article should be properly tested and used at your own risk.<\/p>\n There are a few things that you will and won’t get from this particular article. For example, let’s start with the things you won’t get out of this article:<\/p>\n That said, here are some things you can look forward to learning about in this article:<\/p>\n There are many things that we’ll see in this article that can be done way better. If you found something that could be improved, definitely share it in the comments. Like I said, I’m not an expert on the topic, just a fan.<\/p>\n There are a few requirements that must be met to be successful with this project:<\/p>\n The main point is that I won’t be going through how to get Couchbase up and running. It isn’t a difficult process, but you’ll need a Bucket set up with an application account and an index for querying with N1QL.<\/p>\n We’re going to create a new Node.js application and download the dependencies before we start adding any logic. Create a project directory somewhere on your computer and execute the following commands from a CLI within that directory:<\/p>\n I know I could have done all of the dependency installations in a single line, but I wanted to make them clear to read. So what are we doing in the above commands?<\/p>\n First, we’re initializing a new Node.js project by creating a\u00a0package.json<\/strong> file. Then we’re downloading our dependencies and adding them to the\u00a0package.json<\/strong> file via the For this example we’ll be using Express Framework. The Now we probably want to better structure our project. Add the following directories and files within your project directory if they do not already exist:<\/p>\n All of our API endpoints will be split into categories and placed in each appropriate routing file. We don’t have to do this, but it makes our project just a little bit cleaner. To remove a ton of Bitcoin and database logic out of our routes, we’ll be adding everything that isn’t data validation into our\u00a0classes\/helper.js<\/strong> file. The\u00a0config.json<\/strong> file will have all of our database information as well as our mnemonic seed. In a realistic scenario, this file should be treated like gold and receive as much protection as it could possibly receive. The\u00a0app.js<\/strong> file will have all of our configuration and bootstrapping logic towards connecting our routes, connecting to the database, etc.<\/p>\n As a convenience, we’re going to add one more dependency to our project and set it up:<\/p>\n The Open the\u00a0package.json<\/strong> file and add the following script to make it happen:<\/p>\n We can start the development process of our application at this point.<\/p>\n When it comes to developing our application, before we start worrying about API endpoints, we want to create our database and Bitcoin related logic.<\/p>\n We’re going to be spending our time in the project’s\u00a0classes\/helper.js<\/strong> file. Open it and include the following:<\/p>\n We’re going to be passing this class around as a singleton for our application. In the Let’s knock out the Bitcoin logic before the database logic.<\/p>\n If you’re not familiar with HD wallets, they are essentially a wallet derived of a single seed. Using the seed you can derive children and those children can have children, and so on and so forth.<\/p>\n The Similarly, we have a When we start creating accounts, they will start at one, leaving zero for the exchange or the web application, or whatever you want to call it. We are also allocating 10 possible addresses to this account. These addresses will do two possible things. The first is that they will hold Bitcoin to transfer to other accounts and the second is that they will receive remainder payments, otherwise known as the change. Remember, in a Bitcoin transaction, all unspent transaction output (UTXO) must be spent, even if it is less than the desired amount. This means that the desired amount gets sent to the destination and the remainder gets sent back into one of these 10 addresses.<\/p>\n Are there other ways or better ways to do this? Absolutely, but this one will work for the example.<\/p>\n To get a balance for any address we use or generate using the HD seed, we can use a public Bitcoin explorer:<\/p>\n The above function will take an address and get the balance in decimal format as well as satoshis. Going forward, the satoshi value is the only relevant value to us. If we have X number of addresses for a given account, we can get the total balance using a function like this:<\/p>\n In the above It takes a little more than just an address balance to be able to transfer cryptocurrency. Instead we need to know the unspent transaction output (UTXO) for a given address. This can be found using the same API from BitPay:<\/p>\n If there is no unspent transaction output, it means there is nothing we can transfer and we should throw an error instead. Having enough to transfer is a different story.<\/p>\n For example, we could do something like this:<\/p>\n In the above function, we are taking a list of addresses and checking to see which one holds an amount greater than the threshold that we provide. If none of them have enough balance, we should probably relay that message.<\/p>\n The final utility related function, is something we’ve kind of already seen:<\/p>\n The above function will get us all master keys, which will be useful for signing and checking value.<\/p>\n Just to reiterate, I’m using a finite value to how many keys are generated. You may or may not want to do the same, it is up to you.<\/p>\n Now let’s dive into some NoSQL logic for storing our application data.<\/p>\n As of right now there is no data in our database. The first logic step might be to create some data. While it isn’t particularly difficult standalone, we can create a function like this:<\/p>\n Essentially, we’re accepting an object and an id to be used as a document key. If a document key isn’t provided, we’ll automatically generate it. When all said and done, we’ll return what was created including the id in the response.<\/p>\n So let’s say we want to create a user account. We can do the following:<\/p>\n Remember, accounts are driven by an auto incrementing numeric value for this example. We can create incrementing values by using a After we get our counter value, we add it to the object that was passed and call our insert function, which in this case generates a unique id for us.<\/p>\n We haven’t seen it yet because we don’t have any endpoints, but lets assume that when we create an account, it has no address information, only an account identifier. We might want to add an address for the user:<\/p>\n When adding an address, we first get the user by the document id. When the document is retrieved, we get the numeric account value and create a fresh keypair of our 10,000 options. Using a sub-document<\/a> operation, we can add the keypair to the user document without ever having to download the document or manipulating it.<\/p>\n Something very serious to note about what we’ve just done.<\/p>\n I am storing the unencrypted private key and public address in the user document. This is a big no-no for production. Remember all those stories you read about where people got their keys stolen? In reality, we’d want to encrypt the data before inserting it. We can do that by using the Node.js crypto library, or if we’re using Couchbase Server 5.5, the Node.js SDK for Couchbase offers encryption. We won’t explore it here though.<\/p>\n Okay, we’ve got account data and addresses in the database now. Let’s query for that data:<\/p>\n The above Something to note in our query.<\/p>\n We’re storing our addresses in an array in the user documents. Using an Now let’s say we have an address and we want to get the corresponding private key. We might do the following:<\/p>\n Given a particular account, we create a query similar to what we saw previously. This time, after we We’re going to change gears a bit here. Up until now we’ve done account oriented operations in our NoSQL database. Another important aspect is transactions. For example, maybe user X deposits some USD currency for BTC and user Y does a withdrawal. We need to store and query for that transaction information.<\/p>\n The API endpoint functions will save the transaction data, but we can still query for it.<\/p>\n Given an account, we want to get an account balance for a particular user.<\/p>\n Wait a second, let’s take a step back because didn’t we already create some account balance functions? Technically we did, but those functions were for checking the wallet balance, not the account balance.<\/p>\n This is where some of my experience turns into gray area. Every time you transfer Bitcoin, there is a fee involved, and sometimes it is quite expensive. When you make a deposit, it isn’t cost effective to transfer money into your wallet because it would be charged a miner fee. Then you would be charged to withdraw and even transfer again. You’ve already lost most of your Bitcoin at that point.<\/p>\n Instead, I believe exchanges have a holding account similar to a stock exchange money market account. There is record of the money that you should have in your account, but it isn’t technically in a wallet. When you want transfer, you’re transferring from the application address, not your user address. When you withdraw, it is just being subtracted.<\/p>\n Again, I don’t know if that is truly how it works, but that is how I’d do it in order to avoid fees everywhere.<\/p>\n Going back to our Given the little that we know about account balances, we can try to create a transaction from our wallet:<\/p>\n If provided a source address, destination address, and amount, we can create and sign a transaction to be later broadcasted on the Bitcoin network.<\/p>\n First we get the balance for the source address in question. We need to make sure it has enough UTXO to meet the send amount expectation. Note that in this example, we’re doing single address transactions. If you wanted to get complicated, you could send from multiple addresses in a single transaction. We’re not going to do that here. If our single address has enough funds, we get the private key for it and the UTXO data. With the UTXO data we can create a Bitcoin transaction, apply the destination address and a change address, then sign the transaction using our private key. The response can be broadcasted.<\/p>\n Similarly let’s say we wanted to transfer Bitcoin from our holding account:<\/p>\n We’re assuming that our exchange addresses have been loaded with an insane amount of Bitcoin to meet demand.<\/p>\n The first step is to make sure we have funding in our holding account. We can execute that query that sums up each of our transactions to get a valid number. If we have enough, we can get all 10 of our master key pairs and the addresses. We need to check which address has enough funds to send. Remember, single address transactions here, when there could be more.<\/p>\n If an address has enough funds, we get the UTXO data and start making a transaction. This time instead of our wallet as the source address, we use the wallet of the exchange. After we get a signed transaction, we want to create a transaction in our database to subtract the value that we’re transferring.<\/p>\n Before we move onto the API endpoints, I want to re-iterate a few things:<\/p>\n Now let’s focus on our API endpoints, the simple part.<\/p>\n Remember, as we configured in the beginning, our endpoints will be split across three files which act as groupings. We’ll start with the smallest and simplest group of endpoints, which are more for utility than anything else.<\/p>\n Open the project’s\u00a0routes\/utility.js<\/strong> file and include the following:<\/p>\n Here we have two endpoints, one for generating mnemonic seeds and the other for getting the fiat value of a Bitcoin balance. Neither are truly necessary, but on first launch, it might be nice to generate a seed value to later save in our config file.<\/p>\n Now open the project’s\u00a0routes\/account.js<\/strong> file so we can handle account information:<\/p>\n Notice that we’re pulling the helper class from the\u00a0app.js<\/strong> file that we haven’t started yet. Just go with it for now and it will make sense later, although it isn’t anything special.<\/p>\n When it comes to creating accounts, we have the following:<\/p>\n Using Joi we can validate the request body and throw errors if it isn’t correct. Assuming the request body is correct, we can call our With an account created, we can add some addresses:<\/p>\n Using the account id that was passed, we can call our Not so bad right?<\/p>\n To get all addresses for a particular account, we might have something like the following:<\/p>\n Alternatively, if we don’t provide an id, we can get all addresses from all accounts using the following endpoint function:<\/p>\n Now for probably the trickiest endpoint function. Let’s say we want to get the balance of our account, which includes the holding account as well as each of our wallet addresses. We can do the following:<\/p>\n The above will call both of our functions for obtaining balance, and add the results together to get one massive balance.<\/p>\n The account endpoints weren’t particularly interesting. Creating transactions is a bit more exciting.<\/p>\n Open the project’s\u00a0routes\/transaction.js<\/strong> file and include the following:<\/p>\n We have three different types of transaction. We can deposit fiat currency for Bitcoin, withdraw Bitcoin for fiat currency, and transfer Bitcoin to new wallet addresses.<\/p>\n Let’s take a look at the deposit endpoint:<\/p>\n After we validate the input, we check the current value of Bitcoin in USD with CoinMarketCap. Using the data in the response, we can calculate how many Bitcoin we should get based on the USD amount deposited.<\/p>\n After creating a database transaction, we can save it and since it is a positive number, it will come back as positive balance when querying.<\/p>\n Now let’s say we want to withdraw money from our Bitcoin:<\/p>\n Similar events are happening here. After validating the request body, we get our account balance and make sure the amount we’re withdrawing is less than or equal to our balance. If it is, we can do another conversion based on the current price from CoinMarketCap. We’ll create a transaction using a negative value and save it to the database.<\/p>\n In both these instances we are relying on CoinMarketCap which has had negative controversy in the past. You may want to pick a different resource for conversions.<\/p>\n Finally we have transfers:<\/p>\n If the request contains a source address, we are going to transfer from our own wallet, otherwise we are going to transfer from the wallet the exchange manages.<\/p>\n All of this is based on functions that we had previously created.<\/p>\n With the endpoints out of the way, we can focus on bootstrapping our application and come to a conclusion.<\/p>\n Right now we have two files that remain untouched by the example. We haven’t added a configuration or driving logic to bootstrap our endpoints.<\/p>\n Open the project’s\u00a0config.json<\/strong> file and include something like the following:<\/p>\n Remember this file is incredibly sensitive. Consider locking it down or even using a different approach. If the seed is exposed, every private key for all user accounts and the exchange account can be obtained with zero effort.<\/p>\n Now open the project’s\u00a0app.js<\/strong> file and include the following:<\/p>\n What we’re doing is initializing Express, loading the configuration information, and linking up our routes. The You just saw how to get started with building your own cryptocurrency exchange using Node.js<\/a> and Couchbase<\/a> as the NoSQL database. We covered a lot, from generating HD wallets to creating endpoints with complex database logic.<\/p>\n I cannot stress this enough though. I am a cryptocurrency enthusiast and have no true experience in the financial space. The things I shared should work, but can be done a whole lot better. Don’t forget to encrypt your keys and keep your seed safe. Test your work and know what you’re getting yourself into.<\/p>\n If you’d like to download this project, check it out on GitHub<\/a>. If you’d like to share insight, experience, ect., on the topic, please share it in the comments. The community can work towards creating something great!<\/p>\n\n
The Take-Away<\/h2>\n
\n
\n
The Project Requirements<\/h2>\n
\n
Creating a Node.js Application with Dependencies<\/h2>\n
npm init -y\r\nnpm install couchbase --save\r\nnpm install express --save\r\nnpm install body-parser --save\r\nnpm install joi --save\r\nnpm install request request-promise --save\r\nnpm install uuid --save\r\nnpm install bitcore-lib --save\r\nnpm install bitcore-mnemonic --save<\/pre>\n
--save<\/code> flag.<\/p>\nexpress<\/code>, body-parser<\/code>, and joi<\/code> packages are all relevant towards accepting and validating request data. Because we’ll be communicating with public Bitcoin nodes, we will be using the request<\/code> and request-promise<\/code> promise wrapping package. The very popular bitcore-lib<\/code> package will allow us to create wallets and sign transactions while the bitcore-mnemonic<\/code> package will allow us to generate a seed that can be used for our HD wallet keys. Finally, couchbase<\/code> and uuid<\/code> will be used for working with our database.<\/p>\npackage.json\r\nconfig.json\r\napp.js\r\nroutes\r\n account.js\r\n transaction.js\r\n utility.js\r\nclasses\r\n helper.js<\/pre>\n
npm install nodemon --save-dev<\/pre>\n
nodemon<\/code> package will allow us to hot-reload our project every time we change a file. It is not a requirement, but can save us some time as we’re building.<\/p>\n...\r\n\"scripts\": {\r\n \"test\": \"echo \\\"Error: no test specified\\\" && exit 1\",\r\n \"start\": \".\/node_modules\/nodemon\/bin\/nodemon.js app.js\"\r\n},\r\n...<\/pre>\nDeveloping the Database and Bitcoin Logic<\/h2>\n
const Couchbase = require(\"couchbase\");\r\nconst Request = require(\"request-promise\");\r\nconst UUID = require(\"uuid\");\r\nconst Bitcore = require(\"bitcore-lib\");\r\n\r\nclass Helper {\r\n\r\n constructor(host, bucket, username, password, seed) {\r\n this.cluster = new Couchbase.Cluster(\"couchbase:\/\/\" + host);\r\n this.cluster.authenticate(username, password);\r\n this.bucket = this.cluster.openBucket(bucket);\r\n this.master = seed;\r\n }\r\n\r\n createKeyPair(account) { }\r\n\r\n getWalletBalance(addresses) { }\r\n\r\n getAddressBalance(address) { }\r\n\r\n getAddressUtxo(address) { }\r\n\r\n insert(data, id = UUID.v4()) { }\r\n\r\n createAccount(data) { }\r\n\r\n addAddress(account) { }\r\n\r\n getAccountBalance(account) { }\r\n\r\n getMasterAddresses() { }\r\n\r\n getMasterKeyPairs() { }\r\n\r\n getMasterAddressWithMinimum(addresses, amount) { }\r\n\r\n getMasterChangeAddress() { }\r\n\r\n getAddresses(account) { }\r\n\r\n getPrivateKeyFromAddress(account, address) { }\r\n\r\n createTransactionFromAccount(account, source, destination, amount) { }\r\n\r\n createTransactionFromMaster(account, destination, amount) { }\r\n\r\n}\r\n\r\nmodule.exports = Helper;<\/pre>\nconstructor<\/code> method, we are establishing a connection to our database cluster, opening a Bucket, and authenticating. The open Bucket will be used throughout this helper class.<\/p>\ncreateKeyPair(account) {\r\n var account = this.master.deriveChild(account);\r\n var key = account.deriveChild(Math.random() * 10000 + 1);\r\n return { \"secret\": key.privateKey.toWIF().toString(), \"address\": key.privateKey.toAddress().toString() }\r\n}<\/pre>\nmaster<\/code> variable in the createKeyPair<\/code> function represents the top level seed key. Each user account will be a direct child of that key, hence we are deriving a child based on an account<\/code> value. The account<\/code> value is a person number and every account created will get an incremental number. However, we’re not going to generate account keys and call it a day. Instead, each account key will have 10,000 possible private and public keys in case they don’t want to use the same key more than once. Once we’ve generated a key at random, we return it.<\/p>\ngetMasterChangeAddress<\/code> function like the following:<\/p>\ngetMasterChangeAddress() {\r\n var account = this.master.deriveChild(0);\r\n var key = account.deriveChild(Math.random() * 10 + 1);\r\n return { \"secret\": key.privateKey.toWIF().toString(), \"address\": key.privateKey.toAddress().toString() }\r\n}<\/pre>\ngetAddressBalance(address) {\r\n return Request(\"https:\/\/insight.bitpay.com\/api\/addr\/\" + address);\r\n}<\/pre>\ngetWalletBalance(addresses) {\r\n var promises = [];\r\n for(var i = 0; i < addresses.length; i++) {\r\n promises.push(Request(\"https:\/\/insight.bitpay.com\/api\/addr\/\" + addresses[i]));\r\n }\r\n return Promise.all(promises).then(result => {\r\n var balance = result.reduce((a, b) => a + JSON.parse(b).balanceSat, 0);\r\n return new Promise((resolve, reject) => {\r\n resolve({ \"balance\": balance });\r\n });\r\n });\r\n}<\/pre>\ngetWalletBalance<\/code> function we are making a request for each address and when they’ve all completed, we can add the balances and return them.<\/p>\ngetAddressUtxo(address) {\r\n return Request(\"https:\/\/insight.bitpay.com\/api\/addr\/\" + address + \"\/utxo\").then(utxo => {\r\n return new Promise((resolve, reject) => {\r\n if(JSON.parse(utxo).length == 0) {\r\n reject({ \"message\": \"There are no unspent transactions available.\" });\r\n }\r\n resolve(JSON.parse(utxo));\r\n });\r\n });\r\n}<\/pre>\ngetMasterAddressWithMinimum(addresses, amount) {\r\n var promises = [];\r\n for(var i = 0; i < addresses.length; i++) {\r\n promises.push(Request(\"https:\/\/insight.bitpay.com\/api\/addr\/\" + addresses[i]));\r\n }\r\n return Promise.all(promises).then(result => {\r\n for(var i = 0; i < result.length; i++) {\r\n if(result[i].balanceSat >= amount) {\r\n return resolve({ \"address\": result[i].addrStr });\r\n }\r\n }\r\n reject({ \"message\": \"Not enough funds in exchange\" });\r\n });\r\n}<\/pre>\ngetMasterKeyPairs() {\r\n var keypairs = [];\r\n var key;\r\n var account = this.master.deriveChild(0);\r\n for(var i = 1; i <= 10; i++) {\r\n key = account.deriveChild(i);\r\n keypairs.push({ \"secret\": key.privateKey.toWIF().toString(), \"address\": key.privateKey.toAddress().toString() });\r\n }\r\n return keypairs;\r\n}<\/pre>\ninsert(data, id = UUID.v4()) {\r\n return new Promise((resolve, reject) => {\r\n this.bucket.insert(id, data, (error, result) => {\r\n if(error) {\r\n reject({ \"code\": error.code, \"message\": error.message });\r\n }\r\n data.id = id;\r\n resolve(data);\r\n });\r\n });\r\n}<\/pre>\ncreateAccount(data) {\r\n return new Promise((resolve, reject) => {\r\n this.bucket.counter(\"accounts::total\", 1, { \"initial\": 1 }, (error, result) => {\r\n if(error) {\r\n reject({ \"code\": error.code, \"message\": error.message });\r\n }\r\n data.account = result.value;\r\n this.insert(data).then(result => {\r\n resolve(result);\r\n }, error => {\r\n reject(error);\r\n });\r\n });\r\n });\r\n}<\/pre>\ncounter<\/code> in Couchbase. If the counter doesn’t exist, we’ll initialize it at 1 and increment it every next call. Remember, 0 is reserved for application keys.<\/p>\naddAddress(account) {\r\n return new Promise((resolve, reject) => {\r\n this.bucket.get(account, (error, result) => {\r\n if(error) {\r\n reject({ \"code\": error.code, \"message\": error.message });\r\n }\r\n var keypair = this.createKeyPair(result.value.account);\r\n this.bucket.mutateIn(account).arrayAppend(\"addresses\", keypair, true).execute((error, result) => {\r\n if(error) {\r\n reject({ \"code\": error.code, \"message\": error.message });\r\n }\r\n resolve({ \"address\": keypair.address });\r\n });\r\n });\r\n });\r\n}<\/pre>\ngetAddresses(account) {\r\n var statement, params;\r\n if(account) {\r\n statement = \"SELECT VALUE addresses.address FROM \" + this.bucket._name + \" AS account USE KEYS $id UNNEST account.addresses as addresses\";\r\n params = { \"id\": account };\r\n } else {\r\n statement = \"SELECT VALUE addresses.address FROM \" + this.bucket._name + \" AS account UNNEST account.addresses as addresses WHERE account.type = 'account'\";\r\n }\r\n var query = Couchbase.N1qlQuery.fromString(statement);\r\n return new Promise((resolve, reject) => {\r\n this.bucket.query(query, params, (error, result) => {\r\n if(error) {\r\n reject({ \"code\": error.code, \"message\": error.message });\r\n }\r\n resolve(result);\r\n });\r\n });\r\n}<\/pre>\ngetAddresses<\/code> function can do one of two things. If an account was provided, we’ll use a N1QL query to get all addresses for that particular account. If no account was provided, we’ll get all addresses for every account in the database. In both scenarios, we’re only getting public addresses, nothing sensitive. Using a parameterized N1QL query, we can return the database results back to the client.<\/p>\nUNNEST<\/code> operator, we can flatten those addresses and make the response more attractive.<\/p>\ngetPrivateKeyFromAddress(account, address) {\r\n var statement = \"SELECT VALUE keypairs.secret FROM \" + this.bucket._name + \" AS account USE KEYS $account UNNEST account.addresses AS keypairs WHERE keypairs.address = $address\";\r\n var query = Couchbase.N1qlQuery.fromString(statement);\r\n return new Promise((resolve, reject) => {\r\n this.bucket.query(query, { \"account\": account, \"address\": address }, (error, result) => {\r\n if(error) {\r\n reject({ \"code\": error.code, \"message\": error.message });\r\n }\r\n resolve({ \"secret\": result[0] });\r\n });\r\n });\r\n}<\/pre>\nUNNEST<\/code>, we do a WHERE<\/code> condition to give us results only for the matching address. If we wanted to we could have done an array operation instead. With Couchbase and N1QL, there are numerous ways to solve a problem.<\/p>\ngetAccountBalance(account) {\r\n var statement = \"SELECT SUM(tx.satoshis) AS balance FROM \" + this.bucket._name + \" AS tx WHERE tx.type = 'transaction' AND tx.account = $account\";\r\n var query = Couchbase.N1qlQuery.fromString(statement);\r\n return new Promise((resolve, reject) => {\r\n this.bucket.query(query, { \"account\": account }, (error, result) => {\r\n if(error) {\r\n reject({ \"code\": error.code, \"message\": error.message });\r\n }\r\n resolve({ \"balance\": result[0].balance });\r\n });\r\n });\r\n}<\/pre>\ngetAccountBalance<\/code> function. We’re taking a sum of every transaction. Deposits have a positive value while transfers and withdrawals have a negative value. Aggregating this information together should give you an accurate number, excluding your wallet balance. Later we’ll be getting an account with wallet balance.<\/p>\ncreateTransactionFromAccount(account, source, destination, amount) {\r\n return new Promise((resolve, reject) => {\r\n this.getAddressBalance(source).then(sourceAddress => {\r\n if(sourceAddress.balanceSat < amount) {\r\n return reject({ \"message\": \"Not enough funds in account.\" });\r\n }\r\n this.getPrivateKeyFromAddress(account, source).then(keypair => {\r\n this.getAddressUtxo(source).then(utxo => {\r\n var transaction = new Bitcore.Transaction();\r\n for(var i = 0; i < utxo.length; i++) {\r\n transaction.from(utxo[i]);\r\n }\r\n transaction.to(destination, amount);\r\n this.addAddress(account).then(change => {\r\n transaction.change(change.address);\r\n transaction.sign(keypair.secret);\r\n resolve(transaction);\r\n }, error => reject(error));\r\n }, error => reject(error));\r\n }, error => reject(error));\r\n }, error => reject(error));\r\n });\r\n}<\/pre>\ncreateTransactionFromMaster(account, destination, amount) {\r\n return new Promise((resolve, reject) => {\r\n this.getAccountBalance(account).then(accountBalance => {\r\n if(accountBalance.balance < amount) {\r\n reject({ \"message\": \"Not enough funds in account.\" });\r\n }\r\n var mKeyPairs = this.getMasterKeyPairs();\r\n var masterAddresses = mKeyPairs.map(a => a.address);\r\n this.getMasterAddressWithMinimum(masterAddresses, amount).then(funds => {\r\n this.getAddressUtxo(funds.address).then(utxo => {\r\n var transaction = new Bitcore.Transaction();\r\n for(var i = 0; i < utxo.length; i++) {\r\n transaction.from(utxo[i]);\r\n }\r\n transaction.to(destination, amount);\r\n var change = helper.getMasterChangeAddress();\r\n transaction.change(change.address);\r\n for(var j = 0; j < mKeyPairs.length; j ++) {\r\n if(mKeyPairs[j].address == funds.address) {\r\n transaction.sign(mKeyPairs[j].secret);\r\n }\r\n }\r\n var tx = {\r\n account: account,\r\n satoshis: (amount * -1),\r\n timestamp: (new Date()).getTime(),\r\n status: \"transfer\",\r\n type: \"transaction\"\r\n };\r\n this.insert(tx).then(result => {\r\n resolve(transaction);\r\n }, error => reject(error));\r\n }, error => reject(error));\r\n }, error => reject(error));\r\n }, error => reject(error));\r\n });\r\n}<\/pre>\n\n
Designing RESTful API Endpoints with Express Framework<\/h2>\n
const Bitcore = require(\"bitcore-lib\");\r\nconst Mnemonic = require(\"bitcore-mnemonic\");\r\n\r\nmodule.exports = (app) => {\r\n\r\n app.get(\"\/mnemonic\", (request, response) => {\r\n response.send({\r\n \"mnemonic\": (new Mnemonic(Mnemonic.Words.ENGLISH)).toString()\r\n });\r\n });\r\n\r\n app.get(\"\/balance\/value\", (request, response) => {\r\n Request(\"https:\/\/api.coinmarketcap.com\/v1\/ticker\/bitcoin\/\").then(market => {\r\n response.send({ \"value\": \"$\" + (JSON.parse(market)[0].price_usd * request.query.balance).toFixed(2) });\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n });\r\n\r\n}<\/pre>\nconst Request = require(\"request-promise\");\r\nconst Joi = require(\"joi\");\r\nconst helper = require(\"..\/app\").helper;\r\n\r\nmodule.exports = (app) => {\r\n\r\n app.post(\"\/account\", (request, response) => { });\r\n\r\n app.put(\"\/account\/address\/:id\", (request, response) => { });\r\n\r\n app.get(\"\/account\/addresses\/:id\", (request, response) => { });\r\n\r\n app.get(\"\/addresses\", (request, response) => { });\r\n\r\n app.get(\"\/account\/balance\/:id\", (request, response) => { });\r\n\r\n app.get(\"\/address\/balance\/:id\", (request, response) => { });\r\n\r\n}<\/pre>\napp.post(\"\/account\", (request, response) => {\r\n var model = Joi.object().keys({\r\n firstname: Joi.string().required(),\r\n lastname: Joi.string().required(),\r\n type: Joi.string().forbidden().default(\"account\")\r\n });\r\n Joi.validate(request.body, model, { stripUnknown: true }, (error, value) => {\r\n if(error) {\r\n return response.status(500).send(error);\r\n }\r\n helper.createAccount(value).then(result => {\r\n response.send(value);\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n });\r\n});<\/pre>\ncreateAccount<\/code> function to save a new account in the database.<\/p>\napp.put(\"\/account\/address\/:id\", (request, response) => {\r\n helper.addAddress(request.params.id).then(result => {\r\n response.send(result);\r\n }, error => {\r\n return response.status(500).send(error);\r\n });\r\n});<\/pre>\naddAddress<\/code> function to use a subdocument operation on our document.<\/p>\napp.get(\"\/account\/addresses\/:id\", (request, response) => {\r\n helper.getAddresses(request.params.id).then(result => {\r\n response.send(result);\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n});<\/pre>\napp.get(\"\/addresses\", (request, response) => {\r\n helper.getAddresses().then(result => {\r\n response.send(result);\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n});<\/pre>\napp.get(\"\/account\/balance\/:id\", (request, response) => {\r\n helper.getAddresses(request.params.id).then(addresses => helper.getWalletBalance(addresses)).then(balance => {\r\n helper.getAccountBalance(request.params.id).then(result => {\r\n response.send({ \"balance\": balance.balance + result.balance });\r\n }, error => {\r\n response.status(500).send({ \"code\": error.code, \"message\": error.message });\r\n });\r\n }, error => {\r\n response.status(500).send({ \"code\": error.code, \"message\": error.message });\r\n });\r\n});<\/pre>\nconst Request = require(\"request-promise\");\r\nconst Joi = require(\"joi\");\r\nconst Bitcore = require(\"bitcore-lib\");\r\nconst helper = require(\"..\/app\").helper;\r\n\r\nmodule.exports = (app) => {\r\n\r\n app.post(\"\/withdraw\", (request, response) => { });\r\n\r\n app.post(\"\/deposit\", (request, response) => { });\r\n\r\n app.post(\"\/transfer\", (request, response) => { });\r\n\r\n}<\/pre>\napp.post(\"\/deposit\", (request, response) => {\r\n var model = Joi.object().keys({\r\n usd: Joi.number().required(),\r\n id: Joi.string().required()\r\n });\r\n Joi.validate(request.body, model, { stripUnknown: true }, (error, value) => {\r\n if(error) {\r\n return response.status(500).send(error);\r\n }\r\n Request(\"https:\/\/api.coinmarketcap.com\/v1\/ticker\/bitcoin\/\").then(market => {\r\n var btc = value.usd \/ JSON.parse(market)[0].price_usd;\r\n var transaction = {\r\n account: value.id,\r\n usd: value.usd,\r\n satoshis: Bitcore.Unit.fromBTC(btc).toSatoshis(),\r\n timestamp: (new Date()).getTime(),\r\n status: \"deposit\",\r\n type: \"transaction\"\r\n };\r\n helper.insert(transaction).then(result => {\r\n response.send(result);\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n });\r\n});<\/pre>\napp.post(\"\/withdraw\", (request, response) => {\r\n var model = Joi.object().keys({\r\n satoshis: Joi.number().required(),\r\n id: Joi.string().required()\r\n });\r\n Joi.validate(request.body, model, { stripUnknown: true }, (error, value) => {\r\n if(error) {\r\n return response.status(500).send(error);\r\n }\r\n helper.getAccountBalance(value.id).then(result => {\r\n if(result.balance == null || (result.balance - value.satoshis) < 0) {\r\n return response.status(500).send({ \"message\": \"There are not `\" + value.satoshis + \"` satoshis available for withdrawal\" });\r\n }\r\n Request(\"https:\/\/api.coinmarketcap.com\/v1\/ticker\/bitcoin\/\").then(market => {\r\n var usd = (Bitcore.Unit.fromSatoshis(value.satoshis).toBTC() * JSON.parse(market)[0].price_usd).toFixed(2);\r\n var transaction = {\r\n account: value.id,\r\n satoshis: (value.satoshis * -1),\r\n usd: parseFloat(usd),\r\n timestamp: (new Date()).getTime(),\r\n status: \"withdrawal\",\r\n type: \"transaction\"\r\n };\r\n helper.insert(transaction).then(result => {\r\n response.send(result);\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n }, error => {\r\n return response.status(500).send(error);\r\n });\r\n });\r\n});<\/pre>\napp.post(\"\/transfer\", (request, response) => {\r\n var model = Joi.object().keys({\r\n amount: Joi.number().required(),\r\n sourceaddress: Joi.string().optional(),\r\n destinationaddress: Joi.string().required(),\r\n id: Joi.string().required()\r\n });\r\n Joi.validate(request.body, model, { stripUnknown: true }, (error, value) => {\r\n if(error) {\r\n return response.status(500).send(error);\r\n }\r\n if(value.sourceaddress) {\r\n helper.createTransactionFromAccount(value.id, value.sourceaddress, value.destinationaddress, value.amount).then(result => {\r\n response.send(result);\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n } else {\r\n helper.createTransactionFromMaster(value.id, value.destinationaddress, value.amount).then(result => {\r\n response.send(result);\r\n }, error => {\r\n response.status(500).send(error);\r\n });\r\n }\r\n });\r\n});<\/pre>\nBootstrapping the Express Framework Application<\/h2>\n
{\r\n \"mnemonic\": \"manage inspire agent october potato thought hospital trim shoulder round tired kangaroo\",\r\n \"host\": \"localhost\",\r\n \"bucket\": \"bitbase\",\r\n \"username\": \"bitbase\",\r\n \"password\": \"123456\"\r\n}<\/pre>\nconst Express = require(\"express\");\r\nconst BodyParser = require(\"body-parser\");\r\nconst Bitcore = require(\"bitcore-lib\");\r\nconst Mnemonic = require(\"bitcore-mnemonic\");\r\nconst Config = require(\".\/config\");\r\nconst Helper = require(\".\/classes\/helper\");\r\n\r\nvar app = Express();\r\n\r\napp.use(BodyParser.json());\r\napp.use(BodyParser.urlencoded({ extended: true }));\r\n\r\nvar mnemonic = new Mnemonic(Config.mnemonic);\r\nvar master = new Bitcore.HDPrivateKey(mnemonic.toHDPrivateKey());\r\n\r\nmodule.exports.helper = new Helper(Config.host, Config.bucket, Config.username, Config.password, master);\r\n\r\nrequire(\".\/routes\/account.js\")(app);\r\nrequire(\".\/routes\/transaction.js\")(app);\r\nrequire(\".\/routes\/utility.js\")(app);\r\n\r\nvar server = app.listen(3000, () => {\r\n console.log(\"Listening at :\" + server.address().port + \"...\");\r\n});<\/pre>\nmodule.exports.helper<\/code> variable is our singleton that will be used in every other JavaScript file.<\/p>\nConclusion<\/h2>\n