use patched authenticatedLndGrpc instead of privoxy to handle non onion grpc traffic

2024-10-26 20:06:22 +02:00 · 2024-10-26 20:06:22 +02:00 · 96e1f86bca
parent 4fb873b105
commit 96e1f86bca
8 changed files with 61 additions and 2858 deletions
--- a/.env.development
+++ b/.env.development
@ -158,8 +158,7 @@ SKIP_SSL_CERT_DOWNLOAD=1

 # tor proxy
 TOR_PROXY=http://tor:7050/
-# tor proxy that discriminates between onion and clearnet (http/grpc only)
-grpc_proxy=http://tor:7051/
+grpc_proxy=http://tor:7050/

 # lnbits
 LNBITS_WEB_PORT=5001
--- a/api/lnd/index.js
+++ b/api/lnd/index.js
@ -1,6 +1,7 @@
 import { cachedFetcher } from '@/lib/fetch'
 import { toPositiveNumber } from '@/lib/validate'
-import { authenticatedLndGrpc, getIdentity, getHeight, getWalletInfo, getNode } from 'ln-service'
+import { authenticatedLndGrpc } from '@/lib/lnd'
+import { getIdentity, getHeight, getWalletInfo, getNode } from 'ln-service'

 const lnd = global.lnd || authenticatedLndGrpc({
  cert: process.env.LND_CERT,
--- a/docker/tor/Dockerfile
+++ b/docker/tor/Dockerfile
@ -1,16 +1,15 @@
 FROM debian:bookworm

 RUN apt-get update -y \
-    && apt-get install -y tor bash openssl netcat-traditional privoxy \
+    && apt-get install -y tor bash openssl netcat-traditional \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

 ADD torrc /etc/tor/torrc.template
 ADD tor.sh /tor.sh
 ADD services.conf /services.conf
-ADD privoxy.conf  /etc/privoxy/config
 RUN mkdir -p /tordata && groupadd -g 1000 tor && useradd -u 1000 -g 1000 -m tor && chown -R tor:tor /tordata
-EXPOSE 9050 9051 7050 7051
+EXPOSE 9050 9051 7050
 VOLUME "/tordata"
 USER tor
 ENTRYPOINT [ "bash", "/tor.sh" ]
--- a/docker/tor/privoxy.conf
+++ b/docker/tor/privoxy.conf
--- a/docker/tor/tor.sh
+++ b/docker/tor/tor.sh
@ -64,6 +64,5 @@ else
    initialize
    mergeServices
    date +%s > /tordata/start.timestamp
-    privoxy --no-daemon /etc/privoxy/config&
    tor -f /tordata/torrc
 fi
--- a/lib/lnd.js
+++ b/lib/lnd.js
@ -0,0 +1,49 @@
+// fork of https://github.com/alexbosworth/lightning/blob/master/lnd_grpc/authenticated_lnd_grpc.js
+// that allows to enable or disable proxy
+
+import { join } from 'path'
+import apiForProto from 'lightning/lnd_grpc/api_for_proto'
+import { defaultSocket, grpcSslCipherSuites, packageTypes, protoFiles, protosDir, serviceTypes } from 'lightning/grpc/index'
+import grpcCredentials from 'lightning/lnd_grpc/grpc_credentials'
+
+const { GRPC_SSL_CIPHER_SUITES } = process.env
+const { keys } = Object
+
+export function authenticatedLndGrpc ({ cert, macaroon, path, socket }, withProxy) {
+  const lightningModulePath = require.resolve('lightning')
+  const pathForProto = proto => join(lightningModulePath, protosDir, proto)
+
+  const { credentials } = grpcCredentials({ cert, macaroon })
+  const lndSocket = socket || defaultSocket
+
+  if (!!cert && GRPC_SSL_CIPHER_SUITES !== grpcSslCipherSuites) {
+    process.env.GRPC_SSL_CIPHER_SUITES = grpcSslCipherSuites
+  }
+
+  const params = {
+    'grpc.max_receive_message_length': -1,
+    'grpc.max_send_message_length': -1,
+    'grpc.enable_http_proxy': withProxy ? 1 : 0
+  }
+
+  // Assemble different services from their proto files
+  return {
+    lnd: keys(serviceTypes).reduce((services, type) => {
+      const service = serviceTypes[type]
+
+      const file = protoFiles[service]
+
+      services[type] = apiForProto({
+        credentials,
+        params,
+        service,
+        path: path ? join(path, file) : pathForProto(file),
+        socket: lndSocket,
+        type: packageTypes[service]
+      })
+
+      return services
+    },
+    {})
+  }
+}
--- a/wallets/lnd/server.js
+++ b/wallets/lnd/server.js
@ -1,5 +1,7 @@
 import { datePivot } from '@/lib/time'
-import { authenticatedLndGrpc, createInvoice as lndCreateInvoice } from 'ln-service'
+import { authenticatedLndGrpc } from '@/lib/lnd'
+import { createInvoice as lndCreateInvoice } from 'ln-service'
+import { TOR_REGEXP } from '@/lib/url'

 export * from 'wallets/lnd'

@ -12,11 +14,13 @@ export const createInvoice = async (
  { cert, macaroon, socket }
 ) => {
  try {
+    const isOnion = TOR_REGEXP.test(socket)
+
    const { lnd } = await authenticatedLndGrpc({
      cert,
      macaroon,
      socket
-    })
+    }, isOnion)

    const invoice = await lndCreateInvoice({
      lnd,
--- a/worker/index.js
+++ b/worker/index.js
@ -16,7 +16,7 @@ import { timestampItem } from './ots.js'
 import { computeStreaks, checkStreak } from './streak.js'
 import { nip57 } from './nostr.js'
 import fetch from 'cross-fetch'
-import { authenticatedLndGrpc } from 'ln-service'
+import { authenticatedLndGrpc } from '@/lib/lnd'
 import { views, rankViews } from './views.js'
 import { imgproxy } from './imgproxy.js'
 import { deleteItem } from './ephemeralItems.js'