hyperledger-labs · pawelstepien-da · Dec 3, 2025 · Nov 27, 2025 · Nov 27, 2025 · Nov 27, 2025
@@ -13,15 +13,24 @@ export const kernelInfoSchema = z.object({
         z.literal('mobile'),
         z.literal('remote'),
     ]),
-    url: z.string().url(),
-    userUrl: z.string().url(),
+})
+
+export const serverConfigSchema = z.object({
+    host: z.string(),
+    port: z.number(),
+    tls: z.boolean(),
+    dappPath: z.string().default('/api/v0/dapp'),
+    userPath: z.string().default('/api/v0/user'),
+    allowedOrigins: z.union([z.literal('*'), z.array(z.string())]).default('*'),
 })
 
 export const configSchema = z.object({
     kernel: kernelInfoSchema,
+    server: serverConfigSchema,
     store: storeConfigSchema,
     signingStore: signingStoreConfigSchema,
 })
 
 export type KernelInfo = z.infer<typeof kernelInfoSchema>
+export type ServerConfig = z.infer<typeof serverConfigSchema>
 export type Config = z.infer<typeof configSchema>
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { readFileSync, existsSync } from 'fs'
-import { Config, configSchema } from './Config.js'
+import { Config, configSchema, ServerConfig } from './Config.js'
 
 export class ConfigUtils {
     static loadConfigFile(filePath: string): Config {
@@ -104,3 +104,14 @@ function validateNetworkAuthMethods(
         }
     }
 }
+
+export const deriveKernelUrls = (
+    serverConfig: ServerConfig
+): { dappUrl: string; userUrl: string } => {
+    const protocol = serverConfig.tls ? 'https' : 'http'
+    const dappUrl = `${protocol}://${serverConfig.host}:${serverConfig.port}${serverConfig.dappPath}`
+    // userUrl is the base URL for the web frontend (no path)
+    const userUrl = `${protocol}://${serverConfig.host}:${serverConfig.port}`
+
+    return { dappUrl, userUrl }
+}
@@ -25,6 +25,8 @@ import { networkStatus } from '../utils.js'
 
 export const dappController = (
     kernelInfo: KernelInfoConfig,
+    dappUrl: string,
+    userUrl: string,
     store: Store,
     notificationService: NotificationService,
     _logger: Logger,
@@ -41,7 +43,7 @@ export const dappController = (
                         isConnected: false,
                         isNetworkConnected: false,
                         networkReason: 'Unauthenticated',
-                        userUrl: 'http://localhost:3030/login/', // TODO: pull user URL from config
+                        userUrl: `${userUrl}/login/`,
                     },
                 }
             }
@@ -61,7 +63,7 @@ export const dappController = (
                     isConnected: true,
                     isNetworkConnected: status.isConnected,
                     networkReason: status.reason ? status.reason : 'OK',
-                    userUrl: 'http://localhost:3030/login/', // TODO: pull user URL from config
+                    userUrl: `${userUrl}/login/`,
                 },
             }
         },
@@ -76,7 +78,7 @@ export const dappController = (
                     isConnected: false,
                     isNetworkConnected: false,
                     networkReason: 'Unauthenticated',
-                    userUrl: 'http://localhost:3030/login/', // TODO: pull user URL from config
+                    userUrl: `${userUrl}/login/`,
                 } as StatusEvent)
             }
 
@@ -164,8 +166,7 @@ export const dappController = (
             })
 
             return {
-                // TODO: pull user base URL / port from config
-                userUrl: `http://localhost:3030/approve/index.html?commandId=${commandId}`,
+                userUrl: `${userUrl}/approve/index.html?commandId=${commandId}`,
             }
         },
         prepareReturn: async (params: PrepareReturnParams) => {

@@ -9,7 +9,7 @@ import express from 'express'
 import { dapp } from './server.js'
 import { StoreInternal } from '@canton-network/core-wallet-store-inmemory'
 import { AuthService } from '@canton-network/core-wallet-auth'
-import { ConfigUtils } from '../config/ConfigUtils.js'
+import { ConfigUtils, deriveKernelUrls } from '../config/ConfigUtils.js'
 import { Notifier } from '../notification/NotificationService.js'
 import { pino } from 'pino'
 import { sink } from 'pino-test'
@@ -41,13 +41,17 @@ test('call connect rpc', async () => {
     app.use(cors())
     app.use(express.json())
     const server = createServer(app)
+    const { dappUrl, userUrl } = deriveKernelUrls(config.server)
     const response = await request(
         dapp(
             '/api/v0/dapp',
             app,
             pino(sink()),
             server,
             config.kernel,
+            dappUrl,
+            userUrl,
+            config.server,
             notificationService,
             authService,
             store
@@ -67,8 +71,6 @@ test('call connect rpc', async () => {
                 kernel: {
                     id: 'remote-da',
                     clientType: 'remote',
-                    url: 'http://localhost:3030/api/v0/dapp',
-                    userUrl: 'http://localhost:3030',
                 },
                 isConnected: false,
                 isNetworkConnected: false,

@@ -15,23 +15,32 @@ import {
     NotificationService,
     Notifier,
 } from '../notification/NotificationService.js'
-import { KernelInfo } from '../config/Config.js'
+import { KernelInfo, ServerConfig } from '../config/Config.js'
 
 export const dapp = (
     route: string,
     app: express.Express,
     logger: Logger,
     server: Server,
     kernelInfo: KernelInfo,
+    dappUrl: string,
+    userUrl: string,
+    serverConfig: ServerConfig,
     notificationService: NotificationService,
     authService: AuthService,
     store: Store & AuthAware<Store>
 ) => {
-    app.use(cors()) // TODO: read allowedOrigins from config
+    app.use(
+        cors({
+            origin: serverConfig.allowedOrigins,
+        })
+    )
     app.use(route, (req, res, next) =>
         jsonRpcHandler<Methods>({
             controller: dappController(
                 kernelInfo,
+                dappUrl,
+                userUrl,
                 store.withAuthContext(req.authContext),
                 notificationService,
                 logger,
@@ -43,7 +52,7 @@ export const dapp = (
 
     const io = new SocketIoServer(server, {
         cors: {
-            origin: '*', // TODO: read allowedOrigins from config
+            origin: serverConfig.allowedOrigins,
             methods: ['GET', 'POST'],
         },
     })

@@ -7,8 +7,14 @@ export default {
     kernel: {
         id: 'remote-da',
         clientType: 'remote',
-        url: 'http://localhost:3030/api/v0/dapp',
-        userUrl: 'http://localhost:3030',
+    },
+    server: {
+        host: 'localhost',
+        port: 3030,
+        tls: false,
+        dappPath: '/api/v0/dapp',
+        userPath: '/api/v0/user',
+        allowedOrigins: ['http://localhost:8080'],
     },
     signingStore: {
         connection: {

@@ -30,6 +30,7 @@ import { CliOptions } from './index.js'
 import { jwtAuth } from './middleware/jwtAuth.js'
 import { rpcRateLimit } from './middleware/rateLimit.js'
 import { Config } from './config/Config.js'
+import { deriveKernelUrls } from './config/ConfigUtils.js'
 import { existsSync, readFileSync } from 'fs'
 import path from 'path'
 
@@ -133,12 +134,17 @@ async function initializeSigningDatabase(
 }
 
 export async function initialize(opts: CliOptions, logger: Logger) {
-    const port = opts.port ? Number(opts.port) : 3030
+    const config = ConfigUtils.loadConfigFile(opts.config)
+
+    // Use CLI port override or config port
+    const port = opts.port ? Number(opts.port) : config.server.port
+    const host = config.server.host
+    const protocol = config.server.tls ? 'https' : 'http'
 
     const app = express()
-    const server = app.listen(port, () => {
+    const server = app.listen(port, host, () => {
         logger.info(
-            `Remote Wallet Gateway starting on http://localhost:${port}`
+            `Remote Wallet Gateway starting on ${protocol}://${host}:${port}`
         )
     })
 
@@ -153,8 +159,6 @@ export async function initialize(opts: CliOptions, logger: Logger) {
 
     const notificationService = new NotificationService(logger)
 
-    const config = ConfigUtils.loadConfigFile(opts.config)
-
     const store = await initializeDatabase(config, logger)
     const signingStore = await initializeSigningDatabase(config, logger)
     const authService = jwtAuthService(store, logger)
@@ -192,31 +196,44 @@ export async function initialize(opts: CliOptions, logger: Logger) {
     app.use('/api/*splat', rpcRateLimit)
     app.use('/api/*splat', jwtAuth(authService, logger))
 
+    // Override config port with CLI parameter port if provided, then derive URLs
+    const serverConfigWithOverride = {
+        ...config.server,
+        port, // Use the actual port we're listening on
+    }
+    const { dappUrl, userUrl } = deriveKernelUrls(serverConfigWithOverride)
+
+    const kernelInfo = config.kernel
+
     // register dapp API handlers
     dapp(
-        '/api/v0/dapp',
+        config.server.dappPath,
         app,
         logger,
         server,
-        config.kernel,
+        kernelInfo,
+        dappUrl,
+        userUrl,
+        config.server,
         notificationService,
         authService,
         store
     )
 
     // register user API handlers
     user(
-        '/api/v0/user',
+        config.server.userPath,
         app,
         logger,
-        config.kernel,
+        kernelInfo,
+        userUrl,
         notificationService,
         drivers,
         store
     )
 
     // register web handler
-    web(app, server)
+    web(app, server, config.server.userPath)
     isReady = true
 
     logger.info('Wallet Gateway initialization complete')

@@ -58,6 +58,7 @@ type AvailableSigningDrivers = Partial<
 
 export const userController = (
     kernelInfo: KernelInfo,
+    userUrl: string,
     store: Store,
     notificationService: NotificationService,
     authContext: AuthContext | undefined,
@@ -603,7 +604,7 @@ export const userController = (
                 isConnected: false,
                 isNetworkConnected: false,
                 networkReason: 'Unauthenticated',
-                userUrl: 'http://localhost:3030/login/', // TODO: pull user URL from config
+                userUrl: `${userUrl}/login/`,
             } as StatusEvent)
             return null
         },

@@ -9,7 +9,7 @@ import request from 'supertest'
 import { user } from './server.js'
 import { StoreInternal } from '@canton-network/core-wallet-store-inmemory'
 import { Network } from '@canton-network/core-wallet-store'
-import { ConfigUtils } from '../config/ConfigUtils.js'
+import { ConfigUtils, deriveKernelUrls } from '../config/ConfigUtils.js'
 import { Notifier } from '../notification/NotificationService.js'
 import { pino } from 'pino'
 import { sink } from 'pino-test'
@@ -33,12 +33,14 @@ test('call listNetworks rpc', async () => {
     app.use(cors())
     app.use(express.json())
 
+    const { userUrl } = deriveKernelUrls(config.server)
     const response = await request(
         user(
             '/api/v0/user',
             app,
             pino(sink()),
             config.kernel,
+            userUrl,
             notificationService,
             drivers,
             store

@@ -20,6 +20,7 @@ export const user = (
     app: express.Express,
     logger: Logger,
     kernelInfo: KernelInfo,
+    userUrl: string,
     notificationService: NotificationService,
     drivers: Partial<Record<SigningProvider, SigningDriverInterface>>,
     store: Store & AuthAware<Store>
@@ -28,6 +29,7 @@ export const user = (
         jsonRpcHandler<Methods>({
             controller: userController(
                 kernelInfo,
+                userUrl,
                 store.withAuthContext(req.authContext),
                 notificationService,
                 req.authContext,

@@ -168,7 +168,9 @@ export class ApproveUi extends LitElement {
     }
 
     private async updateState() {
-        const userClient = createUserClient(stateManager.accessToken.get())
+        const userClient = await createUserClient(
+            stateManager.accessToken.get()
+        )
         userClient
             .request('getTransaction', { commandId: this.commandId })
             .then((result) => {
@@ -201,7 +203,9 @@ export class ApproveUi extends LitElement {
                 preparedTransaction: this.tx,
             }
 
-            const userClient = createUserClient(stateManager.accessToken.get())
+            const userClient = await createUserClient(
+                stateManager.accessToken.get()
+            )
             const { signature, signedBy } = await userClient.request(
                 'sign',
                 signRequest

@@ -21,7 +21,9 @@ export class UserApp extends LitElement {
     private async handleLogout() {
         localStorage.clear()
 
-        const userClient = createUserClient(stateManager.accessToken.get())
+        const userClient = await createUserClient(
+            stateManager.accessToken.get()
+        )
         await userClient.request('removeSession')
 
         if (
@@ -106,7 +108,7 @@ export const authenticate = async (
     accessToken: string,
     networkId: string
 ): Promise<void> => {
-    const authenticatedUserClient = createUserClient(accessToken)
+    const authenticatedUserClient = await createUserClient(accessToken)
     await authenticatedUserClient.request('addSession', {
         networkId,
     })