Skip to content

Commit

Permalink
auth and tls
Browse files Browse the repository at this point in the history
  • Loading branch information
@riccardobl
riccardobl committed Jan 1, 2025
1 parent 5f8d596 commit e6b846b
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 18 deletions.
5 changes: 4 additions & 1 deletion .env.development
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,4 +186,7 @@ CPU_SHARES_LOW=256
NEXT_TELEMETRY_DISABLED=1

# LNCD
LNCD_URL=http://lncd:7167
LNCD_URL=https://lncd:7167
# xxd -p -c0 docker/lncd/certs/cert.pem
LNCD_CERT=2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494944717a434341704f6741774942416749554a6872356137726671657867397737665a375930324e37686a5573774451594a4b6f5a496876634e4151454c0a425141775a54454c4d416b474131554542684d43534655784554415042674e564241674d43454a315a4746775a584e304d5245774477594456515148444168430a645752686347567a6444454e4d4173474131554543677745544535445244454e4d417347413155454377774554453544524445534d424147413155454177774a0a6247396a5957786f62334e304d423458445449304d54497a4d5449774d6a63314d566f58445449314d54497a4d5449774d6a63314d566f775a54454c4d416b470a4131554542684d43534655784554415042674e564241674d43454a315a4746775a584e304d524577447759445651514844416843645752686347567a6444454e0a4d4173474131554543677745544535445244454e4d417347413155454377774554453544524445534d424147413155454177774a6247396a5957786f62334e300a4d494942496a414e42676b71686b6947397730424151454641414f43415138414d49494243674b4341514541766c5763515935684a637a527a777877523741570a4c316d7839673143456c3631685255503443624555687a55592b70334334676b786a4f464c61666e3030445a6e56393537677632704d654e624449762f4935700a43753634715136362b3551664e5034485435475a737669317262346f56547775594932684a524f4272314c7a5875706d31446d43786d565944304761384a375a0a5239634f4a474471366f70316e6d643871764e6a32786a7741374e714e6c39642f69384d453236646e484a7a334e71704c61344b2f4550727a754478722b546a0a4e3658374a464157476a503833726e73714a7a73774f364b36664f766d31647550494961504e72316334675678556e773774496c4b6f44664a554651786854620a4c787a48466e4d6b454b4157485548346d4446745162316f4d435a4d704d6853413137483262506a7655784e66575342504f7635616c764e3871582f6e7641760a66774944415141426f314d775554416442674e56485134454667515553784d72386c36574a3049337469536b5755362f4948516b486b5177487759445652306a0a42426777466f415553784d72386c36574a3049337469536b5755362f4948516b486b517744775944565230544151482f42415577417745422f7a414e42676b710a686b6947397730424151734641414f434151454168445238766b75364a706c314a7a51744a62634e4a446c487056365368767053467a725231657858424b66330a324f414167535535577062354c75456b5a70765a4e684c4f6147576c6c6b676d5342712b796134475a3869584f6f4f4d4e31507650556e324e46486b525476650a3746642f476356684444754c51326547664a74532f673465626d6949505362645631627157536c4c6151487367314a30575043474a454b774e7032364e776a470a59436e315378594b496d3546316c504442394847735276634a5972476a785a446f68764e2f536d335a52416a792b637931567247557a3176316a6e73386b596b0a78644144754a4a6e30784966324734385361546f796e2f494335444b4f36567761716f315a4f684546336e3836695149396937306547773873626a41783843620a6152776165716b7362386874303962566e334c484d6e4c624542483433492b74645456755a57377436413d3d0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a
LNCD_AUTH_TOKEN="satoshi"
1 change: 1 addition & 0 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -523,6 +523,7 @@ services:
environment:
- LNCD_DEBUG=true
- LNCD_DEV_UNSAFE_LOG=true
- LNCD_AUTH_TOKEN=${LNCD_AUTH_TOKEN}
healthcheck:
<<: *healthcheck
test: ["CMD", "curl", "-f", "http://localhost:7167/health"]
Expand Down
11 changes: 8 additions & 3 deletions docker/lncd/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
FROM debian:bookworm-slim
RUN useradd -u 1000 -m lncd

ARG VERSION=0.2.2
ARG VERSION=0.3.1
ARG REPO=stackernews/lncd
ARG DOWNLOAD_URL=https://github.com/$REPO/releases/download/$VERSION/lncd

RUN mkdir -p /home/lncd && \
chown 1000:1000 -Rvf /home/lncd/ &&\
RUN mkdir -p /home/lncd
ADD certs /home/lncd/certs

ENV LNCD_TLS_CERT_PATH=/home/lncd/certs/cert.pem
ENV LNCD_TLS_KEY_PATH=/home/lncd/certs/key.pem

RUN chown 1000:1000 -Rvf /home/lncd/ &&\
apt-get update && apt-get install -y curl &&\
apt-get clean && rm -rf /var/lib/apt/lists/*

Expand Down
46 changes: 32 additions & 14 deletions wallets/lnc/server.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import { assertContentTypeJson, assertResponseOk } from '@/lib/url'
import { fetch } from 'cross-fetch'
import https from 'https'
export * from 'wallets/lnc'

export async function testCreateInvoice (credentials, { signal }) {
Expand Down Expand Up @@ -33,25 +35,41 @@ async function checkPerms (credentials, { signal }) {
}

async function rpcCall (credentials, method, payload, { signal }) {
const body = {
Connection: {
Mailbox: credentials.serverHostRecv || 'mailbox.terminal.lightning.today:443',
PairingPhrase: credentials.pairingPhraseRecv,
LocalKey: credentials.localKeyRecv,
RemoteKey: credentials.remoteKeyRecv
},
Method: method,
Payload: JSON.stringify(payload)
}

let res = await fetch(process.env.LNCD_URL + '/rpc', {
const fetchArgs = {
method: 'POST',
signal,
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(body)
})
body: JSON.stringify({
Connection: {
Mailbox: credentials.serverHostRecv || 'mailbox.terminal.lightning.today:443',
PairingPhrase: credentials.pairingPhraseRecv,
LocalKey: credentials.localKeyRecv,
RemoteKey: credentials.remoteKeyRecv
},
Method: method,
Payload: JSON.stringify(payload)
})
}

// auth
if (process.env.LNCD_AUTH_TOKEN) {
fetchArgs.headers.Authorization = `Bearer ${process.env.LNCD_AUTH_TOKEN}`
}

// self-signed cert support
if (process.env.LNCD_URL.startsWith('https://') && process.env.LNCD_CERT) {
const cert = Buffer.from(process.env.LNCD_CERT, 'hex').toString('utf-8')
const agent = new https.Agent({
ca: cert,
cert,
rejectUnauthorized: false
})
fetchArgs.agent = agent
}

let res = await fetch(process.env.LNCD_URL + '/rpc', fetchArgs)

assertResponseOk(res)
assertContentTypeJson(res)
Expand Down

0 comments on commit e6b846b

Please sign in to comment.