diff --git a/.env.development b/.env.development index 03aa6bb75..f7abac8b5 100644 --- a/.env.development +++ b/.env.development @@ -186,4 +186,7 @@ CPU_SHARES_LOW=256 NEXT_TELEMETRY_DISABLED=1 # LNCD -LNCD_URL=http://lncd:7167 \ No newline at end of file +LNCD_URL=https://lncd:7167 +# xxd -p -c0 docker/lncd/certs/cert.pem +LNCD_CERT=2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494944717a434341704f6741774942416749554a6872356137726671657867397737665a375930324e37686a5573774451594a4b6f5a496876634e4151454c0a425141775a54454c4d416b474131554542684d43534655784554415042674e564241674d43454a315a4746775a584e304d5245774477594456515148444168430a645752686347567a6444454e4d4173474131554543677745544535445244454e4d417347413155454377774554453544524445534d424147413155454177774a0a6247396a5957786f62334e304d423458445449304d54497a4d5449774d6a63314d566f58445449314d54497a4d5449774d6a63314d566f775a54454c4d416b470a4131554542684d43534655784554415042674e564241674d43454a315a4746775a584e304d524577447759445651514844416843645752686347567a6444454e0a4d4173474131554543677745544535445244454e4d417347413155454377774554453544524445534d424147413155454177774a6247396a5957786f62334e300a4d494942496a414e42676b71686b6947397730424151454641414f43415138414d49494243674b4341514541766c5763515935684a637a527a777877523741570a4c316d7839673143456c3631685255503443624555687a55592b70334334676b786a4f464c61666e3030445a6e56393537677632704d654e624449762f4935700a43753634715136362b3551664e5034485435475a737669317262346f56547775594932684a524f4272314c7a5875706d31446d43786d565944304761384a375a0a5239634f4a474471366f70316e6d643871764e6a32786a7741374e714e6c39642f69384d453236646e484a7a334e71704c61344b2f4550727a754478722b546a0a4e3658374a464157476a503833726e73714a7a73774f364b36664f766d31647550494961504e72316334675678556e773774496c4b6f44664a554651786854620a4c787a48466e4d6b454b4157485548346d4446745162316f4d435a4d704d6853413137483262506a7655784e66575342504f7635616c764e3871582f6e7641760a66774944415141426f314d775554416442674e56485134454667515553784d72386c36574a3049337469536b5755362f4948516b486b5177487759445652306a0a42426777466f415553784d72386c36574a3049337469536b5755362f4948516b486b517744775944565230544151482f42415577417745422f7a414e42676b710a686b6947397730424151734641414f434151454168445238766b75364a706c314a7a51744a62634e4a446c487056365368767053467a725231657858424b66330a324f414167535535577062354c75456b5a70765a4e684c4f6147576c6c6b676d5342712b796134475a3869584f6f4f4d4e31507650556e324e46486b525476650a3746642f476356684444754c51326547664a74532f673465626d6949505362645631627157536c4c6151487367314a30575043474a454b774e7032364e776a470a59436e315378594b496d3546316c504442394847735276634a5972476a785a446f68764e2f536d335a52416a792b637931567247557a3176316a6e73386b596b0a78644144754a4a6e30784966324734385361546f796e2f494335444b4f36567761716f315a4f684546336e3836695149396937306547773873626a41783843620a6152776165716b7362386874303962566e334c484d6e4c624542483433492b74645456755a57377436413d3d0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a +LNCD_AUTH_TOKEN="satoshi" diff --git a/docker-compose.yml b/docker-compose.yml index da06b26ff..7f7b767a2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -523,6 +523,7 @@ services: environment: - LNCD_DEBUG=true - LNCD_DEV_UNSAFE_LOG=true + - LNCD_AUTH_TOKEN=${LNCD_AUTH_TOKEN} healthcheck: <<: *healthcheck test: ["CMD", "curl", "-f", "http://localhost:7167/health"] diff --git a/docker/lncd/Dockerfile b/docker/lncd/Dockerfile index 83676d35b..288121782 100644 --- a/docker/lncd/Dockerfile +++ b/docker/lncd/Dockerfile @@ -1,12 +1,17 @@ FROM debian:bookworm-slim RUN useradd -u 1000 -m lncd -ARG VERSION=0.2.2 +ARG VERSION=0.3.1 ARG REPO=stackernews/lncd ARG DOWNLOAD_URL=https://github.com/$REPO/releases/download/$VERSION/lncd -RUN mkdir -p /home/lncd && \ -chown 1000:1000 -Rvf /home/lncd/ &&\ +RUN mkdir -p /home/lncd +ADD certs /home/lncd/certs + +ENV LNCD_TLS_CERT_PATH=/home/lncd/certs/cert.pem +ENV LNCD_TLS_KEY_PATH=/home/lncd/certs/key.pem + +RUN chown 1000:1000 -Rvf /home/lncd/ &&\ apt-get update && apt-get install -y curl &&\ apt-get clean && rm -rf /var/lib/apt/lists/* diff --git a/wallets/lnc/server.js b/wallets/lnc/server.js index 99b473b3e..509f1d891 100644 --- a/wallets/lnc/server.js +++ b/wallets/lnc/server.js @@ -1,4 +1,6 @@ import { assertContentTypeJson, assertResponseOk } from '@/lib/url' +import { fetch } from 'cross-fetch' +import https from 'https' export * from 'wallets/lnc' export async function testCreateInvoice (credentials, { signal }) { @@ -33,25 +35,41 @@ async function checkPerms (credentials, { signal }) { } async function rpcCall (credentials, method, payload, { signal }) { - const body = { - Connection: { - Mailbox: credentials.serverHostRecv || 'mailbox.terminal.lightning.today:443', - PairingPhrase: credentials.pairingPhraseRecv, - LocalKey: credentials.localKeyRecv, - RemoteKey: credentials.remoteKeyRecv - }, - Method: method, - Payload: JSON.stringify(payload) - } - - let res = await fetch(process.env.LNCD_URL + '/rpc', { + const fetchArgs = { method: 'POST', signal, headers: { 'Content-Type': 'application/json' }, - body: JSON.stringify(body) - }) + body: JSON.stringify({ + Connection: { + Mailbox: credentials.serverHostRecv || 'mailbox.terminal.lightning.today:443', + PairingPhrase: credentials.pairingPhraseRecv, + LocalKey: credentials.localKeyRecv, + RemoteKey: credentials.remoteKeyRecv + }, + Method: method, + Payload: JSON.stringify(payload) + }) + } + + // auth + if (process.env.LNCD_AUTH_TOKEN) { + fetchArgs.headers.Authorization = `Bearer ${process.env.LNCD_AUTH_TOKEN}` + } + + // self-signed cert support + if (process.env.LNCD_URL.startsWith('https://') && process.env.LNCD_CERT) { + const cert = Buffer.from(process.env.LNCD_CERT, 'hex').toString('utf-8') + const agent = new https.Agent({ + ca: cert, + cert, + rejectUnauthorized: false + }) + fetchArgs.agent = agent + } + + let res = await fetch(process.env.LNCD_URL + '/rpc', fetchArgs) assertResponseOk(res) assertContentTypeJson(res)