ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use patched authenticatedLndGrpc instead of privoxy to handle non onion grpc traffic

Browse Source
This commit is contained in:
Riccardo Balbo 2024-10-26 20:06:22 +02:00
parent 4fb873b105
commit 96e1f86bca
8 changed files with 61 additions and 2858 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.env.development
View File

@ -158,8 +158,7 @@ SKIP_SSL_CERT_DOWNLOAD=1
# tor proxy # tor proxy
TOR_PROXY=http://tor:7050/ TOR_PROXY=http://tor:7050/
# tor proxy that discriminates between onion and clearnet (http/grpc only) grpc_proxy=http://tor:7050/
grpc_proxy=http://tor:7051/
# lnbits # lnbits
LNBITS_WEB_PORT=5001 LNBITS_WEB_PORT=5001

3
api/lnd/index.js
View File

@ -1,6 +1,7 @@
import { cachedFetcher } from '@/lib/fetch' import { cachedFetcher } from '@/lib/fetch'
import { toPositiveNumber } from '@/lib/validate' import { toPositiveNumber } from '@/lib/validate'
import { authenticatedLndGrpc, getIdentity, getHeight, getWalletInfo, getNode } from 'ln-service' import { authenticatedLndGrpc } from '@/lib/lnd'
import { getIdentity, getHeight, getWalletInfo, getNode } from 'ln-service'
const lnd = global.lnd || authenticatedLndGrpc({ const lnd = global.lnd || authenticatedLndGrpc({
cert: process.env.LND_CERT, cert: process.env.LND_CERT,

5
docker/tor/Dockerfile
View File

@ -1,16 +1,15 @@
FROM debian:bookworm FROM debian:bookworm
RUN apt-get update -y \ RUN apt-get update -y \
&& apt-get install -y tor bash openssl netcat-traditional privoxy \ && apt-get install -y tor bash openssl netcat-traditional \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ADD torrc /etc/tor/torrc.template ADD torrc /etc/tor/torrc.template
ADD tor.sh /tor.sh ADD tor.sh /tor.sh
ADD services.conf /services.conf ADD services.conf /services.conf
ADD privoxy.conf /etc/privoxy/config
RUN mkdir -p /tordata && groupadd -g 1000 tor && useradd -u 1000 -g 1000 -m tor && chown -R tor:tor /tordata RUN mkdir -p /tordata && groupadd -g 1000 tor && useradd -u 1000 -g 1000 -m tor && chown -R tor:tor /tordata
EXPOSE 9050 9051 7050 7051 EXPOSE 9050 9051 7050
VOLUME "/tordata" VOLUME "/tordata"
USER tor USER tor
ENTRYPOINT [ "bash", "/tor.sh" ] ENTRYPOINT [ "bash", "/tor.sh" ]

2848
docker/tor/privoxy.conf
View File

File diff suppressed because it is too large Load Diff

1
docker/tor/tor.sh
View File

@ -64,6 +64,5 @@ else
initialize initialize
mergeServices mergeServices
date +%s > /tordata/start.timestamp date +%s > /tordata/start.timestamp
privoxy --no-daemon /etc/privoxy/config&
tor -f /tordata/torrc tor -f /tordata/torrc
fi fi

49
lib/lnd.js Normal file
View File

@ -0,0 +1,49 @@
// fork of https://github.com/alexbosworth/lightning/blob/master/lnd_grpc/authenticated_lnd_grpc.js
// that allows to enable or disable proxy
import { join } from 'path'
import apiForProto from 'lightning/lnd_grpc/api_for_proto'
import { defaultSocket, grpcSslCipherSuites, packageTypes, protoFiles, protosDir, serviceTypes } from 'lightning/grpc/index'
import grpcCredentials from 'lightning/lnd_grpc/grpc_credentials'
const { GRPC_SSL_CIPHER_SUITES } = process.env
const { keys } = Object
export function authenticatedLndGrpc ({ cert, macaroon, path, socket }, withProxy) {
const lightningModulePath = require.resolve('lightning')
const pathForProto = proto => join(lightningModulePath, protosDir, proto)
const { credentials } = grpcCredentials({ cert, macaroon })
const lndSocket = socket || defaultSocket
if (!!cert && GRPC_SSL_CIPHER_SUITES !== grpcSslCipherSuites) {
process.env.GRPC_SSL_CIPHER_SUITES = grpcSslCipherSuites
}
const params = {
'grpc.max_receive_message_length': -1,
'grpc.max_send_message_length': -1,
'grpc.enable_http_proxy': withProxy ? 1 : 0
}
// Assemble different services from their proto files
return {
lnd: keys(serviceTypes).reduce((services, type) => {
const service = serviceTypes[type]
const file = protoFiles[service]
services[type] = apiForProto({
credentials,
params,
service,
path: path ? join(path, file) : pathForProto(file),
socket: lndSocket,
type: packageTypes[service]
})
return services
},
{})
}
}

8
wallets/lnd/server.js
View File

@ -1,5 +1,7 @@
import { datePivot } from '@/lib/time' import { datePivot } from '@/lib/time'
import { authenticatedLndGrpc, createInvoice as lndCreateInvoice } from 'ln-service' import { authenticatedLndGrpc } from '@/lib/lnd'
import { createInvoice as lndCreateInvoice } from 'ln-service'
import { TOR_REGEXP } from '@/lib/url'
export * from 'wallets/lnd' export * from 'wallets/lnd'
@ -12,11 +14,13 @@ export const createInvoice = async (
{ cert, macaroon, socket } { cert, macaroon, socket }
) => { ) => {
try { try {
const isOnion = TOR_REGEXP.test(socket)
const { lnd } = await authenticatedLndGrpc({ const { lnd } = await authenticatedLndGrpc({
cert, cert,
macaroon, macaroon,
socket socket
}) }, isOnion)
const invoice = await lndCreateInvoice({ const invoice = await lndCreateInvoice({
lnd, lnd,

2
worker/index.js
View File

@ -16,7 +16,7 @@ import { timestampItem } from './ots.js'
import { computeStreaks, checkStreak } from './streak.js' import { computeStreaks, checkStreak } from './streak.js'
import { nip57 } from './nostr.js' import { nip57 } from './nostr.js'
import fetch from 'cross-fetch' import fetch from 'cross-fetch'
import { authenticatedLndGrpc } from 'ln-service' import { authenticatedLndGrpc } from '@/lib/lnd'
import { views, rankViews } from './views.js' import { views, rankViews } from './views.js'
import { imgproxy } from './imgproxy.js' import { imgproxy } from './imgproxy.js'
import { deleteItem } from './ephemeralItems.js' import { deleteItem } from './ephemeralItems.js'