Skip to content

Commit

Permalink
Merge pull request #46 from RadarTech/cf-optional-ssl-pinning
Browse files Browse the repository at this point in the history
Optional SSL Pinning & v0.7.0-beta Update
  • Loading branch information
cavanmflynn authored Jul 12, 2019
2 parents 3bde0e7 + 92fe815 commit c45de55
Show file tree
Hide file tree
Showing 7 changed files with 54 additions and 14 deletions.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,12 @@ import createLnRpc, {

[All lnrpc methods documentation can be found here](http://api.lightning.community).

### Usage With BTCPayServer

By default lnrpc assumes SSl certificate pinning.
In order to use lnrpc with a service (like BTCPayServer) which manages your certification,
you'll have to opt to disable certificate pinning by passing `{ tls: false }` within your lnrpc configuration.

### Contributors

To develop on the project please run:
Expand Down
25 changes: 15 additions & 10 deletions lib/lnrpc.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ const DEFAULTS = {
grpcLoader: protoLoader,
server: 'localhost:10001',
macaroonPath: '',
certEncoding: 'utf8',
tls: /^darwin/.test(process.platform) // is macOS?
? `${HOME_DIR}/Library/Application Support/Lnd/tls.cert`
: `${HOME_DIR}/.lnd/tls.cert`,
Expand Down Expand Up @@ -55,20 +56,21 @@ module.exports = async function createLnRpc(config = {}) {
macaroonPath,
} = Object.assign({}, DEFAULTS, config);

/*
Generate grpc SSL credentials
*/
// Generate grpc SSL credentials
let credentials;

try {
// Use SSL cert string or fallback to file path
let cert = config.cert || (await readFile(tlsPath));
// Use any SSL cert
let {cert, certEncoding} = config;

/*
Convert `cert` string to Buffer
*/
if (!Buffer.isBuffer(cert)) {
cert = Buffer.from(cert);
// Fallback optional .tls file path
if (!cert && tlsPath) {
cert = await readFile(tlsPath);
}

// Convert `cert` string to Buffer
if (cert && !Buffer.isBuffer(cert)) {
cert = Buffer.from(cert, certEncoding);
}

/*
Expand All @@ -80,6 +82,9 @@ module.exports = async function createLnRpc(config = {}) {
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
}

// NOTE: cert may be undefined at this point
// which is desirable for when certificate pinning
// is not necessary (i.e. BTCPayServer connection)
credentials = grpc.credentials.createSsl(cert);
} catch (e) {
if (!e.code) e.code = 'INVALID_SSL_CERT';
Expand Down
7 changes: 5 additions & 2 deletions lnd/v0.7.0-beta-rc1/rpc.proto → lnd/v0.7.0-beta/rpc.proto
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ service Lightning {
/** lncli: `walletbalance`
WalletBalance returns total unspent outputs(confirmed and unconfirmed), all
confirmed unspent outputs and all unconfirmed unspent outputs under control
of the wallet.
of the wallet.
*/
rpc WalletBalance (WalletBalanceRequest) returns (WalletBalanceResponse) {
option (google.api.http) = {
Expand Down Expand Up @@ -398,7 +398,7 @@ service Lightning {
rpc SubscribeChannelEvents (ChannelEventSubscription) returns (stream ChannelEventUpdate);

/** lncli: `closedchannels`
ClosedChannels returns a description of all the closed channels that
ClosedChannels returns a description of all the closed channels that
this node was a participant in.
*/
rpc ClosedChannels (ClosedChannelsRequest) returns (ClosedChannelsResponse) {
Expand Down Expand Up @@ -1726,6 +1726,9 @@ message Route {
message NodeInfoRequest {
/// The 33-byte hex-encoded compressed public of the target node
string pub_key = 1;

/// If true, will include all known channels associated with the node.
bool include_channels = 2;
}

message NodeInfo {
Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"name": "@radar/lnrpc",
"version": "0.7.0-beta-rc1.0",
"version": "0.7.0-beta",
"description": "typed gRPC client for lightningnetwork/lnd",
"main": "index.js",
"types": "types/index.d.ts",
"config": {
"lnd-release-tag": "v0.7.0-beta-rc1",
"lnd-release-tag": "v0.7.0-beta",
"lnd-url": "https://raw.githubusercontent.com/lightningnetwork/lnd",
"protoc-version": "3.5.1"
},
Expand Down
21 changes: 21 additions & 0 deletions test/lnrpc.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,27 @@ describe('Lnrpc Factory', () => {
.catch(() => done());
});

it('should allow opting out of certificate pinning', (done) => {
createLnrpc({
tls: false, // opt out
grpc: grpcStub({
credentials: {
createSsl: (cert) => {
assert(
typeof cert === 'undefined',
'opted out of SSL cert pinning'
);
},
},
loadPackageDefinition: () => {
throw new Error('force error');
},
}),
})
.then(fail)
.catch(() => done());
});

it('should combine credentials when macaroon present', async () => {
let tests = 0;
const expSslCreds = {};
Expand Down
4 changes: 4 additions & 0 deletions types/generated/rpc_pb.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2435,6 +2435,9 @@ export class NodeInfoRequest extends jspb.Message {
getPubKey(): string;
setPubKey(value: string): void;

getIncludeChannels(): boolean;
setIncludeChannels(value: boolean): void;

serializeBinary(): Uint8Array;
toObject(includeInstance?: boolean): NodeInfoRequest.AsObject;
static toObject(includeInstance: boolean, msg: NodeInfoRequest): NodeInfoRequest.AsObject;
Expand All @@ -2448,6 +2451,7 @@ export class NodeInfoRequest extends jspb.Message {
export namespace NodeInfoRequest {
export type AsObject = {
pubKey: string,
includeChannels: boolean,
}
}

Expand Down
1 change: 1 addition & 0 deletions types/lnrpc.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -712,6 +712,7 @@ export interface ChannelEdge {

export interface NodeInfoRequest {
pubKey: string;
includeChannels?: boolean;
}

export interface NodeInfo {
Expand Down

0 comments on commit c45de55

Please sign in to comment.