Skip to content

Commit

Permalink
chore: backup documentation
Browse files Browse the repository at this point in the history
chore: removed default backup server details

fix: removed slashauth
  • Loading branch information
Jasonvdb committed Oct 2, 2023
1 parent d3136e9 commit aa40b74
Show file tree
Hide file tree
Showing 8 changed files with 80 additions and 193 deletions.
5 changes: 5 additions & 0 deletions backup-server/.env.template
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
HOST=0.0.0.0
PORT=3003
# npm run create-keypair
SECRET_KEY=
PUBLIC_KEY=
46 changes: 46 additions & 0 deletions backup-server/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# react-native-ldk backup server

This a server allows apps using the react-native-ldk to persist all node state remotely and can be restored only using the seed.

## Running the server
``` bash
npm i

cp .env.template .env

npm run create-keypair

#Paste new key pair in .env

npm start
```
** Remember to update wallet env with new backup server pub key

## Clients
[Swift](https://github.com/synonymdev/react-native-ldk/blob/master/lib/ios/Classes/BackupClient.swift)
[Kotlin](https://github.com/synonymdev/react-native-ldk/blob/master/lib/android/src/main/java/com/reactnativeldk/classes/BackupClient.kt)
[NodeJS](https://github.com/synonymdev/react-native-ldk/blob/master/backup-server/src/test.js)

## Persiting
All message signing/verifying is done using [LDK's node signing](https://docs.rs/lightning/latest/lightning/util/message_signing/fn.sign.html) on the client and [ln-verifymessagejs](https://github.com/SeverinAlexB/ln-verifymessagejs) on the server.

1. Payload is encrypted using using standard AES/GCM encryption with the encryption key being the node secret.
2. Client creates a hash of encrypted backup and signs it.
3. Client creates unique challenge in this format: `sha256_hash(pubkey+timestamp)`
4. Client uploads encrypted bytes along with node pubkey, signed hash and challenge in request header.
5. Server hashes received payload and validates client's signed hash was actually signed by provided pubkey.
6. Server stores encrypted bytes to disk.
7. Server signs client's challenge and returns signature in response.
8. Client validate that the bytes were stored by the correct server by checking the signature in the response was signed by the server pubkey hard coded in the client.

## Retrieving
Retieving or querying a backup requires a bearer token first done by a fairly standard challenge/response using the same node signing.

1. Client fetches challenge from server by posting timestamp (nonce) and signed (signed timestamp) in body with pubkey in the header.
2. Server validates signature and returns challenge (32 bytes hex string).
3. Client signs challenge.
4. Client posts signed challenge with pubkey in the header.
5. Server validates signature.
6. On success server returns bearer token with 5min expiry. A long expiry isn't needed as token is only used briefly to perform a restore.
7. Client uses bearer token to pull list of backed up files.
8. Client iterates through list and downloads each file and persists to disk.
4 changes: 4 additions & 0 deletions example/Dev.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -635,6 +635,10 @@ const Dev = (): ReactElement => {
<Button
title={'Restore backup from server'}
onPress={async (): Promise<void> => {
if (!backupServerDetails) {
return setMessage('Set backupServerDetails in constants.ts');
}

setMessage('Stopping LDK...');
await ldk.stop();

Expand Down
1 change: 0 additions & 1 deletion example/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
"dependencies": {
"@react-native-async-storage/async-storage": "1.17.10",
"@react-native-clipboard/clipboard": "1.11.1",
"@slashtags/slashauth-client": "github:slashtags/slashauth-client",
"@synonymdev/react-native-ldk": "../lib",
"assert": "1.5.0",
"b4a": "^1.6.4",
Expand Down
12 changes: 7 additions & 5 deletions example/utils/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,10 @@ export const customPeers = {
bitcoinSignet: [],
};

export const backupServerDetails: TBackupServerDetails = {
host: 'https://jaybird-logical-sadly.ngrok-free.app',
serverPubKey:
'0343a6c1b7700840ac7b76372617a6e9a05cf4c9716efdc847def65360b238f243',
};
//Once local server is setup, add server details below to enable backups
export const backupServerDetails: TBackupServerDetails | undefined = undefined;
// {
// host: 'https://jaybird-logical-sadly.ngrok-free.app',
// serverPubKey:
// '0343a6c1b7700840ac7b76372617a6e9a05cf4c9716efdc847def65360b238f243',
// };
169 changes: 1 addition & 168 deletions example/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -1427,25 +1427,11 @@
dependencies:
"@sinonjs/commons" "^1.7.0"

"@slashtags/slashauth-client@github:slashtags/slashauth-client":
version "0.0.1"
resolved "https://codeload.github.com/slashtags/slashauth-client/tar.gz/8d23dfaedbb4e30d0ead85080e08e9043c6172e2"
dependencies:
slashtags-request "github:slashtags/rpc-request"

"@synonymdev/react-native-ldk@../lib":
version "0.0.109"
dependencies:
bitcoinjs-lib "^6.0.2"

"@synonymdev/slashtags-url@^1.0.0-alpha.4":
version "1.0.0-alpha.4"
resolved "https://registry.yarnpkg.com/@synonymdev/slashtags-url/-/slashtags-url-1.0.0-alpha.4.tgz#f9f47a59dc57aa5efbb2e9ad0cb2a33399fdca67"
integrity sha512-6+ac8h2MqF0H+h4km4dqmyhomvDvyXB7ny1QsvwwwPNPmyVbSyatjsnGLmEkzpNTVO7PHVCkEbDWGrZmdUVksQ==
dependencies:
b4a "^1.6.0"
z32 "^1.0.0"

"@types/babel__core@^7.0.0", "@types/babel__core@^7.1.14", "@types/babel__core@^7.1.7":
version "7.1.20"
resolved "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.20.tgz"
Expand Down Expand Up @@ -1974,7 +1960,7 @@ axios@^0.21.1:
dependencies:
follow-redirects "^1.14.0"

b4a@^1.0.1, b4a@^1.1.0, b4a@^1.5.3, b4a@^1.6.0, b4a@^1.6.4:
b4a@^1.6.4:
version "1.6.4"
resolved "https://registry.yarnpkg.com/b4a/-/b4a-1.6.4.tgz#ef1c1422cae5ce6535ec191baeed7567443f36c9"
integrity sha512-fpWrvyVHEKyeEvbKZTVOeZF3VSKKWtJxFIxX/jaVPf+cLbGUSitjb49pHLqPV2BUNNZ0LcoeEGfE/YCpyDYHIw==
Expand Down Expand Up @@ -2253,22 +2239,6 @@ bl@^4.1.0:
inherits "^2.0.4"
readable-stream "^3.4.0"

blake2b-wasm@^2.4.0:
version "2.4.0"
resolved "https://registry.yarnpkg.com/blake2b-wasm/-/blake2b-wasm-2.4.0.tgz#9115649111edbbd87eb24ce7c04b427e4e2be5be"
integrity sha512-S1kwmW2ZhZFFFOghcx73+ZajEfKBqhP82JMssxtLVMxlaPea1p9uoLiUZ5WYyHn0KddwbLc+0vh4wR0KBNoT5w==
dependencies:
b4a "^1.0.1"
nanoassert "^2.0.0"

blake2b@^2.1.1:
version "2.1.4"
resolved "https://registry.yarnpkg.com/blake2b/-/blake2b-2.1.4.tgz#817d278526ddb4cd673bfb1af16d1ad61e393ba3"
integrity sha512-AyBuuJNI64gIvwx13qiICz6H6hpmjvYS5DGkG6jbXMOT8Z3WUJ3V1X0FlhIoT1b/5JtHE3ki+xjtMvu1nn+t9A==
dependencies:
blake2b-wasm "^2.4.0"
nanoassert "^2.0.0"

bluebird@^3.5.4:
version "3.7.2"
resolved "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz"
Expand Down Expand Up @@ -2547,13 +2517,6 @@ capture-exit@^2.0.0:
dependencies:
rsvp "^4.8.4"

chacha20-universal@^1.0.4:
version "1.0.4"
resolved "https://registry.yarnpkg.com/chacha20-universal/-/chacha20-universal-1.0.4.tgz#e8a33a386500b1ce5361b811ec5e81f1797883f5"
integrity sha512-/IOxdWWNa7nRabfe7+oF+jVkGjlr2xUL4J8l/OvzZhj+c9RpMqoo3Dq+5nU1j/BflRV4BKnaQ4+4oH1yBpQG1Q==
dependencies:
nanoassert "^2.0.0"

chai-as-promised@^7.1.1:
version "7.1.1"
resolved "https://registry.yarnpkg.com/chai-as-promised/-/chai-as-promised-7.1.1.tgz#08645d825deb8696ee61725dbf590c012eb00ca0"
Expand Down Expand Up @@ -6026,11 +5989,6 @@ nan@^2.13.2, nan@^2.14.0:
resolved "https://registry.yarnpkg.com/nan/-/nan-2.17.0.tgz#c0150a2368a182f033e9aa5195ec76ea41a199cb"
integrity sha512-2ZTgtl0nJsO0KQCjEpxcIr5D+Yv90plTitZt9JBfQvVJDS5seMl3FOvsh3+9CoYWXf/1l5OaZzzF6nDm4cagaQ==

nanoassert@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/nanoassert/-/nanoassert-2.0.0.tgz#a05f86de6c7a51618038a620f88878ed1e490c09"
integrity sha512-7vO7n28+aYO4J+8w96AzhmU8G+Y/xpPDJz/se19ICsqj/momRbb9mh9ZUtkoJ5X3nTnPdhEJyc0qnM6yAsHBaA==

[email protected]:
version "3.3.3"
resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.3.tgz#fd8e8b7aa761fe807dba2d1b98fb7241bb724a25"
Expand Down Expand Up @@ -6107,18 +6065,6 @@ node-fetch@^2.2.0, node-fetch@^2.6.0:
dependencies:
whatwg-url "^5.0.0"

node-fetch@^2.7.0:
version "2.7.0"
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d"
integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
dependencies:
whatwg-url "^5.0.0"

node-gyp-build@^4.6.0:
version "4.6.1"
resolved "https://registry.yarnpkg.com/node-gyp-build/-/node-gyp-build-4.6.1.tgz#24b6d075e5e391b8d5539d98c7fc5c210cac8a3e"
integrity sha512-24vnklJmyRS8ViBNI8KbtK/r/DmXQMRiOMXTNz2nrTnAYUwjmEEbnnpB/+kt+yWRv73bPsSPRFddrcIbAxSiMQ==

node-int64@^0.4.0:
version "0.4.0"
resolved "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz"
Expand Down Expand Up @@ -6148,24 +6094,6 @@ node-version@^1.0.0:
resolved "https://registry.npmjs.org/node-version/-/node-version-1.2.0.tgz"
integrity sha512-ma6oU4Sk0qOoKEAymVoTvk8EdXEobdS7m/mAGhDJ8Rouugho48crHBORAmy5BoOcv8wraPM6xumapQp5hl4iIQ==

noise-curve-ed@^2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/noise-curve-ed/-/noise-curve-ed-2.0.1.tgz#c07adb2dde8dfaffb90aa95be9a522f5ed661e6d"
integrity sha512-8HMZ40Wmarg8RQjVemLrjB49JSL6eGeOD+tlzaQW5/p+hNPfHFEMC3UZZ57zUqUprMuz6GN+gsPExpz2DWL+iA==
dependencies:
b4a "^1.1.0"
nanoassert "^2.0.0"
sodium-universal "^4.0.0"

noise-handshake@^3.0.3:
version "3.0.3"
resolved "https://registry.yarnpkg.com/noise-handshake/-/noise-handshake-3.0.3.tgz#70595e376f5e1a5ef19e46d007b5712761b22c2a"
integrity sha512-fRhxQLW7uZmLS059VXA79j8eMxoYPBg7gMGBKqLbuipagTmvUT6xW46DeMsf3Y7LA4fmB9n24s6Vv/a1Q+y8UQ==
dependencies:
b4a "^1.1.0"
nanoassert "^2.0.0"
sodium-universal "^4.0.0"

normalize-path@^2.1.1:
version "2.1.1"
resolved "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz"
Expand Down Expand Up @@ -7327,38 +7255,6 @@ sha.js@^2.4.0, sha.js@^2.4.8:
inherits "^2.0.1"
safe-buffer "^5.0.1"

sha256-universal@^1.1.0:
version "1.2.1"
resolved "https://registry.yarnpkg.com/sha256-universal/-/sha256-universal-1.2.1.tgz#051d92decce280cd6137d42d496eac88da942c0e"
integrity sha512-ghn3muhdn1ailCQqqceNxRgkOeZSVfSE13RQWEg6njB+itsFzGVSJv+O//2hvNXZuxVIRyNzrgsZ37SPDdGJJw==
dependencies:
b4a "^1.0.1"
sha256-wasm "^2.2.1"

sha256-wasm@^2.2.1:
version "2.2.2"
resolved "https://registry.yarnpkg.com/sha256-wasm/-/sha256-wasm-2.2.2.tgz#4940b6c9ba28f3f08b700efce587ef36d4d516d4"
integrity sha512-qKSGARvao+JQlFiA+sjJZhJ/61gmW/3aNLblB2rsgIxDlDxsJPHo8a1seXj12oKtuHVgJSJJ7QEGBUYQN741lQ==
dependencies:
b4a "^1.0.1"
nanoassert "^2.0.0"

sha512-universal@^1.1.0:
version "1.2.1"
resolved "https://registry.yarnpkg.com/sha512-universal/-/sha512-universal-1.2.1.tgz#829505a7586530515cc1a10b78815c99722c4df0"
integrity sha512-kehYuigMoRkIngCv7rhgruLJNNHDnitGTBdkcYbCbooL8Cidj/bS78MDxByIjcc69M915WxcQTgZetZ1JbeQTQ==
dependencies:
b4a "^1.0.1"
sha512-wasm "^2.3.1"

sha512-wasm@^2.3.1:
version "2.3.4"
resolved "https://registry.yarnpkg.com/sha512-wasm/-/sha512-wasm-2.3.4.tgz#b86b37112ff6d1fc3740f2484a6855f17a6e1300"
integrity sha512-akWoxJPGCB3aZCrZ+fm6VIFhJ/p8idBv7AWGFng/CZIrQo51oQNsvDbTSRXWAzIiZJvpy16oIDiCCPqTe21sKg==
dependencies:
b4a "^1.0.1"
nanoassert "^2.0.0"

shallow-clone@^3.0.0:
version "3.0.1"
resolved "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz"
Expand Down Expand Up @@ -7414,13 +7310,6 @@ signal-exit@^3.0.0, signal-exit@^3.0.2, signal-exit@^3.0.3, signal-exit@^3.0.7:
resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz"
integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==

siphash24@^1.0.1:
version "1.3.1"
resolved "https://registry.yarnpkg.com/siphash24/-/siphash24-1.3.1.tgz#7f87fd2c5db88d8d46335a68f780f281641c8b22"
integrity sha512-moemC3ZKiTzH29nbFo3Iw8fbemWWod4vNs/WgKbQ54oEs6mE6XVlguxvinYjB+UmaE0PThgyED9fUkWvirT8hA==
dependencies:
nanoassert "^2.0.0"

sisteransi@^1.0.5:
version "1.0.5"
resolved "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz"
Expand All @@ -7436,15 +7325,6 @@ slash@^3.0.0:
resolved "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz"
integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==

"slashtags-request@github:slashtags/rpc-request":
version "1.0.0"
resolved "git+ssh://[email protected]/slashtags/rpc-request.git#2b827943ab1f0f2534d7922c325a11363829a59e"
dependencies:
"@synonymdev/slashtags-url" "^1.0.0-alpha.4"
node-fetch "^2.7.0"
noise-curve-ed "^2.0.1"
noise-handshake "^3.0.3"

slice-ansi@^2.0.0:
version "2.1.0"
resolved "https://registry.npmjs.org/slice-ansi/-/slice-ansi-2.1.0.tgz"
Expand Down Expand Up @@ -7484,41 +7364,6 @@ snapdragon@^0.8.1:
source-map-resolve "^0.5.0"
use "^3.1.0"

sodium-javascript@~0.8.0:
version "0.8.0"
resolved "https://registry.yarnpkg.com/sodium-javascript/-/sodium-javascript-0.8.0.tgz#0a94d7bb58ab17be82255f3949259af59778fdbc"
integrity sha512-rEBzR5mPxPES+UjyMDvKPIXy9ImF17KOJ32nJNi9uIquWpS/nfj+h6m05J5yLJaGXjgM72LmQoUbWZVxh/rmGg==
dependencies:
blake2b "^2.1.1"
chacha20-universal "^1.0.4"
nanoassert "^2.0.0"
sha256-universal "^1.1.0"
sha512-universal "^1.1.0"
siphash24 "^1.0.1"
xsalsa20 "^1.0.0"

sodium-native@^4.0.0:
version "4.0.4"
resolved "https://registry.yarnpkg.com/sodium-native/-/sodium-native-4.0.4.tgz#561b7c39c97789f8202d6fd224845fe2e8cd6879"
integrity sha512-faqOKw4WQKK7r/ybn6Lqo1F9+L5T6NlBJJYvpxbZPetpWylUVqz449mvlwIBKBqxEHbWakWuOlUt8J3Qpc4sWw==
dependencies:
node-gyp-build "^4.6.0"

sodium-universal@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/sodium-universal/-/sodium-universal-4.0.0.tgz#0d7c81aee7a013e8a950f7bea8d8cfff369c2424"
integrity sha512-iKHl8XnBV96k1c75gwwzANFdephw/MDWSjQAjPmBE+du0y3P23Q8uf7AcdcfFsYAMwLg7WVBfSAIBtV/JvRsjA==
dependencies:
blake2b "^2.1.1"
chacha20-universal "^1.0.4"
nanoassert "^2.0.0"
sha256-universal "^1.1.0"
sha512-universal "^1.1.0"
siphash24 "^1.0.1"
sodium-javascript "~0.8.0"
sodium-native "^4.0.0"
xsalsa20 "^1.0.0"

source-map-resolve@^0.5.0:
version "0.5.3"
resolved "https://registry.npmjs.org/source-map-resolve/-/source-map-resolve-0.5.3.tgz"
Expand Down Expand Up @@ -8304,11 +8149,6 @@ ws@^8.4.2:
resolved "https://registry.yarnpkg.com/ws/-/ws-8.13.0.tgz#9a9fb92f93cf41512a0735c8f4dd09b8a1211cd0"
integrity sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==

xsalsa20@^1.0.0:
version "1.2.0"
resolved "https://registry.yarnpkg.com/xsalsa20/-/xsalsa20-1.2.0.tgz#e5a05cb26f8cef723f94a559102ed50c1b44c25c"
integrity sha512-FIr/DEeoHfj7ftfylnoFt3rAIRoWXpx2AoDfrT2qD2wtp7Dp+COajvs/Icb7uHqRW9m60f5iXZwdsJJO3kvb7w==

xtend@^4.0.0, xtend@~4.0.1:
version "4.0.2"
resolved "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz"
Expand Down Expand Up @@ -8427,10 +8267,3 @@ yocto-queue@^0.1.0:
version "0.1.0"
resolved "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz"
integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==

z32@^1.0.0:
version "1.0.1"
resolved "https://registry.yarnpkg.com/z32/-/z32-1.0.1.tgz#074b37ddd61d58b746bfb50b31cf0895700d3685"
integrity sha512-Uytfqf6VEVchHKZDw0NRdCViOARHP84uzvOw0CXCMLOwhgHZUL9XibpEPLLQN10mCVLxOlGCQWbkV7km7yNYcw==
dependencies:
b4a "^1.5.3"
Original file line number Diff line number Diff line change
Expand Up @@ -152,20 +152,25 @@ class BackupClient {
return hash.joinToString("") { String.format("%02x", it) }
}

@Throws(BackupError::class)
private fun decrypt(blob: ByteArray): ByteArray {
if (encryptionKey == null) {
throw BackupError.requiresSetup
try {
if (encryptionKey == null) {
throw BackupError.requiresSetup
}

val nonce = blob.take(12).toByteArray()
val encrypted = blob.copyOfRange(12, blob.size)

val cipher = Cipher.getInstance("AES/GCM/NoPadding")
val gcmSpec = GCMParameterSpec(128, nonce)

cipher.init(Cipher.DECRYPT_MODE, encryptionKey, gcmSpec)
val decryptedBytes = cipher.doFinal(encrypted)
return decryptedBytes
} catch (e: Exception) {
throw DecryptFailed(e.message ?: "")
}

val nonce = blob.take(12).toByteArray()
val encrypted = blob.copyOfRange(12, blob.size)

val cipher = Cipher.getInstance("AES/GCM/NoPadding")
val gcmSpec = GCMParameterSpec(128, nonce)

cipher.init(Cipher.DECRYPT_MODE, encryptionKey, gcmSpec)
val decryptedBytes = cipher.doFinal(encrypted)
return decryptedBytes
}

@Throws(BackupError::class)
Expand Down
Loading

0 comments on commit aa40b74

Please sign in to comment.