lnc receiver

Author: riccardobl

.env.development

@@ -183,4 +183,7 @@ CPU_SHARES_IMPORTANT=1024
 CPU_SHARES_MODERATE=512
 CPU_SHARES_LOW=256
 
-NEXT_TELEMETRY_DISABLED=1
+NEXT_TELEMETRY_DISABLED=1
+
+# LNCD 
+LNCD_URL=http://lncd:7167

docker-compose.yml

@@ -513,6 +513,24 @@ services:
       CLI: "litcli"
       CLI_ARGS: "-n regtest --rpcserver localhost:8444"
     cpu_shares: "${CPU_SHARES_MODERATE}"
+  lncd:
+    container_name: lncd
+    build:
+      context: ./docker/lncd
+    profiles:
+      - wallets
+    restart: unless-stopped
+    environment:
+      - LNCD_DEBUG=true
+      - LNCD_DEV_UNSAFE_LOG=true
+    healthcheck:
+      <<: *healthcheck
+      test: ["CMD", "curl", "-f", "http://localhost:7167/health"]
+    depends_on:
+      litd:
+        condition: service_healthy
+        restart: true
+    cpu_shares: "${CPU_SHARES_MODERATE}"
   cln:
     build:
       context: ./docker/cln

docker/lncd/Dockerfile

@@ -0,0 +1,18 @@
+FROM debian:bookworm-slim
+RUN useradd -u 1000 -m lncd
+
+ARG VERSION=0.2.2
+ARG REPO=riccardobl/lncd
+ARG DOWNLOAD_URL=https://github.com/$REPO/releases/download/$VERSION/lncd
+
+RUN mkdir -p /home/lncd && \
+chown 1000:1000 -Rvf /home/lncd/ &&\
+apt-get update && apt-get install -y curl &&\
+apt-get clean && rm -rf /var/lib/apt/lists/*
+
+USER lncd
+RUN curl --proto '=https' --tlsv1.2 -LsSf $DOWNLOAD_URL -o /home/lncd/lncd && chmod +x /home/lncd/lncd
+WORKDIR /home/lncd
+EXPOSE 7167
+
+CMD ["./lncd"]

fragments/wallet.js

@@ -169,6 +169,12 @@ export const WALLET_FIELDS = gql`
         apiKeyRecv
         currencyRecv
       }
+      ... on WalletLnc {
+        pairingPhraseRecv
+        localKeyRecv
+        remoteKeyRecv
+        serverHostRecv
+      }
     }
   }
 `

prisma/migrations/20241223232401_lnc_recv/migration.sql

@@ -0,0 +1,22 @@
+-- CreateTable
+CREATE TABLE "WalletLNC" (
+    "id" SERIAL NOT NULL,
+    "walletId" INTEGER NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "pairingPhraseRecv" TEXT NOT NULL,
+    "localKeyRecv" TEXT,
+    "remoteKeyRecv" TEXT,
+    "serverHostRecv" TEXT,
+    CONSTRAINT "WalletLNC_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "WalletLNC_walletId_key" ON "WalletLNC"("walletId");
+
+-- AddForeignKey
+ALTER TABLE "WalletLNC" ADD CONSTRAINT "WalletLNC_walletId_fkey" FOREIGN KEY ("walletId") REFERENCES "Wallet"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
+CREATE TRIGGER wallet_lnc_as_jsonb
+AFTER INSERT OR UPDATE ON "WalletLNC"
+FOR EACH ROW EXECUTE PROCEDURE wallet_wallet_type_as_jsonb();

prisma/schema.prisma

@@ -216,6 +216,7 @@ model Wallet {
   walletNWC              WalletNWC?
   walletPhoenixd         WalletPhoenixd?
   walletBlink            WalletBlink?
+  walletLNC              WalletLNC?
 
   vaultEntries   VaultEntry[]     @relation("VaultEntries")
   withdrawals    Withdrawl[]
@@ -315,6 +316,18 @@ model WalletBlink {
   currencyRecv String?
 }
 
+model WalletLNC {
+  id                Int      @id @default(autoincrement())
+  walletId          Int      @unique
+  wallet            Wallet   @relation(fields: [walletId], references: [id], onDelete: Cascade)
+  createdAt         DateTime @default(now()) @map("created_at")
+  updatedAt         DateTime @default(now()) @updatedAt @map("updated_at")
+  pairingPhraseRecv String
+  localKeyRecv      String?
+  remoteKeyRecv     String?
+  serverHostRecv    String?
+}
+
 model WalletPhoenixd {
   id                Int      @id @default(autoincrement())
   walletId          Int      @unique

wallets/lnc/ATTACH.md

@@ -3,20 +3,33 @@ For testing litd as an attached receiving wallet, you'll need a pairing phrase:
 This can be done one of two ways:
 
 # cli
-
-We only need permissions for the uri `/lnrpc.Lightning/SendPaymentSync`
+Create an account
 
 ```bash
 $ sndev cli litd accounts create --balance <budget>
 ```
 
 Grab the `account.id` from the output and use it here:
+
+### send attachment 
+The sender attachment only needs permissions for the uri `/lnrpc.Lightning/SendPaymentSync`
+
 ```bash
 $ sndev cli litd sessions add --type custom --label <your label> --account_id <account_id> --uri /lnrpc.Lightning/SendPaymentSync
 ```
 
 Grab the `pairing_secret_mnemonic` from the output and that's your pairing phrase.
 
+### receive attachment
+The receive attachment only needs permissions for the uri `/lnrpc.Lightning/AddInvoice`
+
+
+```bash
+$ sndev cli litd sessions add --type custom --label <your label> --account_id <account_id> --uri /lnrpc.Lightning/AddInvoice
+```
+
+Grab the `pairing_secret_mnemonic` from the output and that's your pairing phrase.
+
 # gui
 
 To open the gui, run:

wallets/lnc/index.js

@@ -5,32 +5,37 @@ export const name = 'lnc'
 export const walletType = 'LNC'
 export const walletField = 'walletLNC'
 
+const pairingPhraseSchema = string()
+  .test((value, context) => {
+    const words = value ? value.trim().split(/[\s]+/) : []
+    for (const w of words) {
+      try {
+        string().oneOf(bip39Words).validateSync(w)
+      } catch {
+        return context.createError({ message: `'${w}' is not a valid pairing phrase word` })
+      }
+    }
+    if (words.length < 2) {
+      return context.createError({ message: 'needs at least two words' })
+    }
+    if (words.length > 10) {
+      return context.createError({ message: 'max 10 words' })
+    }
+    return true
+  })
+
 export const fields = [
   {
     name: 'pairingPhrase',
     label: 'pairing phrase',
     type: 'password',
+    optional: 'for sending',
     help: 'We only need permissions for the uri `/lnrpc.Lightning/SendPaymentSync`\n\nCreate a budgeted account with narrow permissions:\n\n```$ litcli accounts create --balance <budget>```\n\n```$ litcli sessions add --type custom --label <your label> --account_id <account_id> --uri /lnrpc.Lightning/SendPaymentSync```\n\nGrab the `pairing_secret_mnemonic` from the output and paste it here.',
     editable: false,
     clientOnly: true,
-    validate: string()
-      .test(async (value, context) => {
-        const words = value ? value.trim().split(/[\s]+/) : []
-        for (const w of words) {
-          try {
-            await string().oneOf(bip39Words).validate(w)
-          } catch {
-            return context.createError({ message: `'${w}' is not a valid pairing phrase word` })
-          }
-        }
-        if (words.length < 2) {
-          return context.createError({ message: 'needs at least two words' })
-        }
-        if (words.length > 10) {
-          return context.createError({ message: 'max 10 words' })
-        }
-        return true
-      })
+    validate: pairingPhraseSchema,
+    requiredWithout: 'pairingPhraseRecv'
+
   },
   {
     name: 'localKey',
@@ -55,6 +60,41 @@ export const fields = [
     clientOnly: true,
     generated: true,
     validate: string()
+  },
+  {
+    name: 'pairingPhraseRecv',
+    label: 'pairing phrase',
+    type: 'password',
+    optional: 'for receiving',
+    help: 'We only need permissions for the uri `/lnrpc.Lightning/AddInvoice`\n\nCreate an account with narrow permissions:\n\n```$ litcli accounts create```\n\n```$ litcli sessions add --type custom --label <your label> --account_id <account_id> --uri /lnrpc.Lightning/AddInvoice```\n\nGrab the `pairing_secret_mnemonic` from the output and paste it here.',
+    editable: false,
+    serverOnly: true,
+    validate: pairingPhraseSchema,
+    requiredWithout: 'pairingPhrase'
+  },
+  {
+    name: 'localKeyRecv',
+    type: 'text',
+    hidden: true,
+    serverOnly: true,
+    generated: true,
+    validate: string()
+  },
+  {
+    name: 'remoteKeyRecv',
+    type: 'text',
+    hidden: true,
+    serverOnly: true,
+    generated: true,
+    validate: string()
+  },
+  {
+    name: 'serverHostRecv',
+    type: 'text',
+    hidden: true,
+    serverOnly: true,
+    generated: true,
+    validate: string()
   }
 ]
 

wallets/lnc/server.js

@@ -0,0 +1,68 @@
+import { assertContentTypeJson, assertResponseOk } from '@/lib/url'
+export * from 'wallets/lnc'
+
+export async function testCreateInvoice (credentials, { signal }) {
+  await checkPerms(credentials, { signal })
+  return await createInvoice({ msats: 1000, expiry: 1 }, credentials, { signal })
+}
+
+export async function createInvoice ({ msats, description, expiry }, credentials, { signal }) {
+  const result = await rpcCall(credentials, 'lnrpc.Lightning.AddInvoice', { memo: description, valueMsat: msats, expiry }, { signal })
+  return result.payment_request
+}
+
+async function checkPerms (credentials, { signal }) {
+  const enforcePerms = [
+    { 'lnrpc.Lightning.SendPaymentSync': false },
+    { 'lnrpc.Lightning.AddInvoice': true },
+    { 'lnrpc.Wallet.SendCoins': false }
+  ]
+
+  const results = await rpcCall(credentials, 'checkPerms', enforcePerms.map(perm => Object.keys(perm)[0]), { signal })
+  for (let i = 0; i < enforcePerms.length; i++) {
+    const [key, expected] = Object.entries(enforcePerms[i])[0]
+    const result = results[i]
+    if (result !== expected) {
+      if (expected) {
+        throw new Error(`missing permission: ${key}`)
+      } else {
+        throw new Error(`too broad permission: ${key}`)
+      }
+    }
+  }
+}
+
+async function rpcCall (credentials, method, payload, { signal }) {
+  const body = {
+    Connection: {
+      Mailbox: credentials.serverHostRecv || 'mailbox.terminal.lightning.today:443',
+      PairingPhrase: credentials.pairingPhraseRecv,
+      LocalKey: credentials.localKeyRecv,
+      RemoteKey: credentials.remoteKeyRecv
+    },
+    Method: method,
+    Payload: JSON.stringify(payload)
+  }
+
+  let res = await fetch(process.env.LNCD_URL + '/rpc', {
+    method: 'POST',
+    signal,
+    headers: {
+      'Content-Type': 'application/json'
+    },
+    body: JSON.stringify(body)
+  })
+
+  assertResponseOk(res)
+  assertContentTypeJson(res)
+
+  res = await res.json()
+
+  // cache auth credentials
+  credentials.localKeyRecv = res.Connection.LocalKey
+  credentials.remoteKeyRecv = res.Connection.RemoteKey
+  credentials.serverHostRecv = res.Connection.Mailbox
+
+  const result = JSON.parse(res.Result)
+  return result
+}

wallets/server.js

@@ -6,9 +6,9 @@ import * as lnbits from '@/wallets/lnbits/server'
 import * as nwc from '@/wallets/nwc/server'
 import * as phoenixd from '@/wallets/phoenixd/server'
 import * as blink from '@/wallets/blink/server'
+import * as lnc from '@/wallets/lnc/server'
 
 // we import only the metadata of client side wallets
-import * as lnc from '@/wallets/lnc'
 import * as webln from '@/wallets/webln'
 
 import { walletLogger } from '@/api/resolvers/wallet'