Merge pull request ElementsProject#85 from ShahanaFarooqui/fix-grpc-certs-info

Fix grpc certs info

Author: ShahanaFarooqui

README.md

@@ -40,36 +40,38 @@
       ```
 
   - ### Dependency Installation
-      ```
-      cd cln-application-0.0.1
-      npm install --omit=dev
-      ```
+
+    ```
+    cd cln-application-0.0.1
+    npm install --force --omit=dev
+    ```
 
   - ### Environment Variables
       This application accepts & depends upon these variables to be passed through environment:
 
       ```
-      - APP_CORE_LIGHTNING_IP: IP address of this application (cln-application) container (required)
-      - APP_CORE_LIGHTNING_PORT: Port on which this application should be served (required)
-      - APP_CORE_LIGHTNING_DAEMON_IP: IP address of Core lightning node container (required)
-      - COMMANDO_CONFIG: Full Path including file name for commando auth with PUBKEY & RUNE (required)
-      - APP_CORE_LIGHTNING_WEBSOCKET_PORT: Core lightning's websocket port (required; from cln's config.json; starting with `bind-addr=ws:`)
-      - APP_CONFIG_DIR: Path for cln-application's configuration file (required; config.json)
-      - DEVICE_DOMAIN_NAME: Device name/IP for lnmessage connect url feature (optional; for connect wallet screen)
+      - SINGLE_SIGN_ON: Flag to bypass application level authentication (valid values: true/false, default: false)
       - LOCAL_HOST: Device url for connect url links (optional; for connect wallet screen)
+      - DEVICE_DOMAIN_NAME: Device name/IP for lnmessage connect url feature (optional; for connect wallet screen)
+      - BITCOIN_NODE_IP: IP address of bitcoin node container (required)
+      - BITCOIN_NETWORK: Bitcoin network type (optional; for entrypoint.sh; valid values: bitcoin/signet/testnet/regtest)
+      - APP_CONFIG_DIR: Path for cln-application's configuration file (required; config.json)
       - APP_MODE: Mode for logging and other settings (valid values: production/development/testing, default: production)
-      - SINGLE_SIGN_ON: Flag to bypass application level authentication (valid values: true/false, default: false)
-      - APP_PROTOCOL: Protocol on which the application will be served (valid values: http/https, default: http)
-      - CORE_LIGHTNING_PATH: Path for core lightning (optional; required for entrypoint.sh)
-      - APP_BITCOIN_NODE_IP: IP address of bitcoin node container (required)
-      - APP_CORE_LIGHTNING_BITCOIN_NETWORK: Bitcoin network type (optional; for entrypoint.sh; valid values: bitcoin/signet/testnet/regtest)
       - APP_CONNECT: Choose how to connect to CLN (valid values: COMMANDO/REST/GRPC, default: COMMANDO)
-      - APP_CORE_LIGHTNING_REST_PROTOCOL: Protocol on which REST is served (valid values: http/https, default: https)
-      - APP_CORE_LIGHTNING_REST_PORT: REST server port (optional; for connect wallet screen)
-      - APP_CORE_LIGHTNING_REST_CERT_DIR: Path for certificates (optional; required if APP_CORE_LIGHTNING_REST_PROTOCOL is https)
-      - APP_CORE_LIGHTNING_REST_HIDDEN_SERVICE: REST hidden service url (optional; for connect wallet screen; Used for Tor Domain also)
-      - APP_CORE_LIGHTNING_DAEMON_GRPC_PROTOCOL: Core lightning's GRPC protocol (valid values: http/https, default: http)
-      - APP_CORE_LIGHTNING_DAEMON_GRPC_PORT: Core lightning's GRPC port (optional; future proofing for connect wallet screen)
+      - APP_PROTOCOL: Protocol on which the application will be served (valid values: http/https, default: http)
+      - APP_IP: IP address of this application (cln-application) container (required)
+      - APP_PORT: Port on which this application should be served (required)
+      - LIGHTNING_IP: IP address of Core lightning node container (required)
+      - LIGHTNING_PATH: Path for core lightning (optional; required for entrypoint.sh)
+      - HIDDEN_SERVICE_URL: REST hidden service url (optional; for connect wallet screen; Used for Tor Domain also)
+      - LIGHTNING_NODE_TYPE: Choose Core lightning node type (valid values: CLN/GREENLIGHT, default: CLN)
+      - COMMANDO_CONFIG: Full Path including file name for commando auth with PUBKEY & RUNE (required)
+      - LIGHTNING_WEBSOCKET_PORT: Core lightning's websocket port (required; from cln's config.json; starting with `bind-addr=ws:`)
+      - LIGHTNING_REST_PROTOCOL: Protocol on which REST is served (valid values: http/https, default: https)
+      - LIGHTNING_REST_PORT: REST server port (required if APP_CONNECT is REST)
+      - LIGHTNING_CERTS_DIR: Path for core lightning certificates (Required if APP_CONNECT is REST/GRPC with PROTOCOL 'https')
+      - LIGHTNING_GRPC_PROTOCOL: Core lightning's GRPC protocol (valid values: http/https, default: http)
+      - LIGHTNING_GRPC_PORT: Core lightning's GRPC port (Required if APP_CONNECT is GRPC)
       ```
 
       Set these variables either via terminal OR by env.sh script OR by explicitly loading variables from .env files.
@@ -106,7 +108,7 @@
 
   - ### Start The Application
       - Setup environment variables either via terminal OR by env.sh script OR by explicitly loading variables from .env files.
-      - Run `start` script for starting your application's server at port `APP_CORE_LIGHTNING_PORT`
+      - Run `start` script for starting your application's server at port `APP_PORT`
 
       ```
         npm run start

apps/backend/dist/controllers/auth.js

@@ -41,17 +41,17 @@ class AuthController {
             const isValid = req.body.isValid;
             const currPassword = req.body.currPassword;
             const newPassword = req.body.newPassword;
-            if (fs.existsSync(APP_CONSTANTS.CONFIG_LOCATION)) {
+            if (fs.existsSync(APP_CONSTANTS.APP_CONFIG_FILE)) {
                 try {
-                    const config = JSON.parse(fs.readFileSync(APP_CONSTANTS.CONFIG_LOCATION, 'utf-8'));
+                    const config = JSON.parse(fs.readFileSync(APP_CONSTANTS.APP_CONFIG_FILE, 'utf-8'));
                     if (config.password === currPassword || !isValid) {
                         try {
                             if (typeof config.singleSignOn === 'undefined') {
                                 config.singleSignOn = process.env.SINGLE_SIGN_ON || false;
                             }
                             config.password = newPassword;
                             try {
-                                fs.writeFileSync(APP_CONSTANTS.CONFIG_LOCATION, JSON.stringify(config, null, 2), 'utf-8');
+                                fs.writeFileSync(APP_CONSTANTS.APP_CONFIG_FILE, JSON.stringify(config, null, 2), 'utf-8');
                                 const token = jwt.sign({ userID: SECRET_KEY }, SECRET_KEY);
                                 res.cookie('token', token, { httpOnly: true, maxAge: 3600 * 24 * 7 });
                                 res.status(201).json({ isAuthenticated: true, isValidPassword: isValidPassword() });

apps/backend/dist/controllers/shared.js

@@ -1,21 +1,19 @@
 import axios from 'axios';
 import * as fs from 'fs';
-import { join } from 'path';
 import { APP_CONSTANTS, DEFAULT_CONFIG, FIAT_RATE_API, FIAT_VENUES, HttpStatusCode, } from '../shared/consts.js';
 import { logger } from '../shared/logger.js';
 import handleError from '../shared/error-handler.js';
 import { APIError } from '../models/errors.js';
-import { setSharedApplicationConfig, overrideSettingsWithEnvVariables } from '../shared/utils.js';
-import { sep } from 'path';
+import { setSharedApplicationConfig, overrideSettingsWithEnvVariables, refreshEnvVariables, } from '../shared/utils.js';
 import { CLNService } from '../service/lightning.service.js';
 class SharedController {
     getApplicationSettings(req, res, next) {
         try {
-            logger.info('Getting Application Settings from ' + APP_CONSTANTS.CONFIG_LOCATION);
-            if (!fs.existsSync(APP_CONSTANTS.CONFIG_LOCATION)) {
-                fs.writeFileSync(APP_CONSTANTS.CONFIG_LOCATION, JSON.stringify(DEFAULT_CONFIG, null, 2), 'utf-8');
+            logger.info('Getting Application Settings from ' + APP_CONSTANTS.APP_CONFIG_FILE);
+            if (!fs.existsSync(APP_CONSTANTS.APP_CONFIG_FILE)) {
+                fs.writeFileSync(APP_CONSTANTS.APP_CONFIG_FILE, JSON.stringify(DEFAULT_CONFIG, null, 2), 'utf-8');
             }
-            let config = JSON.parse(fs.readFileSync(APP_CONSTANTS.CONFIG_LOCATION, 'utf-8'));
+            let config = JSON.parse(fs.readFileSync(APP_CONSTANTS.APP_CONFIG_FILE, 'utf-8'));
             config = overrideSettingsWithEnvVariables(config);
             setSharedApplicationConfig(config);
             delete config.password;
@@ -28,9 +26,9 @@ class SharedController {
     setApplicationSettings(req, res, next) {
         try {
             logger.info('Updating Application Settings: ' + JSON.stringify(req.body));
-            const config = JSON.parse(fs.readFileSync(APP_CONSTANTS.CONFIG_LOCATION, 'utf-8'));
+            const config = JSON.parse(fs.readFileSync(APP_CONSTANTS.APP_CONFIG_FILE, 'utf-8'));
             req.body.password = config.password; // Before saving, add password in the config received from frontend
-            fs.writeFileSync(APP_CONSTANTS.CONFIG_LOCATION, JSON.stringify(req.body, null, 2), 'utf-8');
+            fs.writeFileSync(APP_CONSTANTS.APP_CONFIG_FILE, JSON.stringify(req.body, null, 2), 'utf-8');
             res.status(201).json({ message: 'Application Settings Updated Successfully' });
         }
         catch (error) {
@@ -40,60 +38,8 @@ class SharedController {
     getWalletConnectSettings(req, res, next) {
         try {
             logger.info('Getting Connection Settings');
-            const CERTS_PATH = process.env.CORE_LIGHTNING_PATH + sep + process.env.APP_BITCOIN_NETWORK + sep;
-            let macaroon = '';
-            let clientKey = '';
-            let clientCert = '';
-            let caCert = '';
-            let packageData = '{ version: "0.0.4" }';
-            let macaroonFile = join(APP_CONSTANTS.CERT_PATH || '.', 'access.macaroon');
-            if (fs.existsSync(macaroonFile)) {
-                logger.info('Getting REST Access Macaroon from ' + APP_CONSTANTS.CERT_PATH);
-                macaroon = Buffer.from(fs.readFileSync(macaroonFile)).toString('hex');
-            }
-            if (fs.existsSync('package.json')) {
-                packageData = Buffer.from(fs.readFileSync('package.json')).toString();
-            }
-            if (fs.existsSync(CERTS_PATH + 'client-key.pem')) {
-                clientKey = fs.readFileSync(CERTS_PATH + 'client-key.pem').toString();
-                clientKey = clientKey
-                    .replace(/(\r\n|\n|\r)/gm, '')
-                    .replace('-----BEGIN PRIVATE KEY-----', '')
-                    .replace('-----END PRIVATE KEY-----', '');
-            }
-            if (fs.existsSync(CERTS_PATH + 'client.pem')) {
-                clientCert = fs.readFileSync(CERTS_PATH + 'client.pem').toString();
-                clientCert = clientCert
-                    .replace(/(\r\n|\n|\r)/gm, '')
-                    .replace('-----BEGIN CERTIFICATE-----', '')
-                    .replace('-----END CERTIFICATE-----', '');
-            }
-            if (fs.existsSync(CERTS_PATH + 'ca.pem')) {
-                caCert = fs.readFileSync(CERTS_PATH + 'ca.pem').toString();
-                caCert = caCert
-                    .replace(/(\r\n|\n|\r)/gm, '')
-                    .replace('-----BEGIN CERTIFICATE-----', '')
-                    .replace('-----END CERTIFICATE-----', '');
-            }
-            CLNService.refreshEnvVariables();
-            const CONNECT_WALLET_SETTINGS = {
-                LOCAL_HOST: process.env.LOCAL_HOST || '',
-                DEVICE_DOMAIN_NAME: process.env.DEVICE_DOMAIN_NAME || '',
-                TOR_HOST: process.env.APP_CORE_LIGHTNING_REST_HIDDEN_SERVICE || '',
-                WS_PORT: process.env.APP_CORE_LIGHTNING_WEBSOCKET_PORT || '',
-                GRPC_PORT: process.env.APP_CORE_LIGHTNING_DAEMON_GRPC_PORT || '',
-                CLIENT_KEY: clientKey,
-                CLIENT_CERT: clientCert,
-                CA_CERT: caCert,
-                REST_PORT: process.env.APP_CORE_LIGHTNING_REST_PORT || '',
-                REST_MACAROON: macaroon,
-                CLN_NODE_IP: process.env.APP_CORE_LIGHTNING_DAEMON_IP || '',
-                NODE_PUBKEY: process.env.LIGHTNING_PUBKEY || '',
-                COMMANDO_RUNE: process.env.COMMANDO_RUNE,
-                APP_VERSION: JSON.parse(packageData).version || '',
-                INVOICE_RUNE: process.env.INVOICE_RUNE || '',
-            };
-            res.status(200).json(CONNECT_WALLET_SETTINGS);
+            refreshEnvVariables();
+            res.status(200).json(APP_CONSTANTS);
         }
         catch (error) {
             handleError(error, req, res, next);
@@ -130,9 +76,9 @@ class SharedController {
             const showRunes = await CLNService.call('showrunes', []);
             const invoiceRune = showRunes.runes.find(rune => rune.restrictions.some(restriction => restriction.alternatives.some(alternative => alternative.value === 'invoice')) &&
                 rune.restrictions.some(restriction => restriction.alternatives.some(alternative => alternative.value === 'listinvoices')));
-            if (invoiceRune && fs.existsSync(APP_CONSTANTS.COMMANDO_ENV_LOCATION)) {
+            if (invoiceRune && fs.existsSync(APP_CONSTANTS.COMMANDO_CONFIG)) {
                 const invoiceRuneString = `INVOICE_RUNE="${invoiceRune.rune}"\n`;
-                fs.appendFileSync(APP_CONSTANTS.COMMANDO_ENV_LOCATION, invoiceRuneString, 'utf-8');
+                fs.appendFileSync(APP_CONSTANTS.COMMANDO_CONFIG, invoiceRuneString, 'utf-8');
                 res.status(201).send();
             }
             else {

apps/backend/dist/server.js

@@ -18,8 +18,8 @@ let directoryName = dirname(fileURLToPath(import.meta.url));
 let routes = [];
 const app = express();
 const server = http.createServer(app);
-const LIGHTNING_PORT = normalizePort(process.env.APP_CORE_LIGHTNING_PORT || '2103');
-const APP_CORE_LIGHTNING_IP = process.env.APP_CORE_LIGHTNING_IP || 'localhost';
+const LIGHTNING_PORT = normalizePort(process.env.APP_PORT || '2103');
+const APP_IP = process.env.APP_IP || 'localhost';
 const APP_PROTOCOL = process.env.APP_PROTOCOL || 'http';
 function normalizePort(val) {
     var port = parseInt(val, 10);
@@ -44,7 +44,7 @@ app.use((req, res, next) => {
 const corsOptions = {
     methods: 'GET, POST, PATCH, PUT, DELETE, OPTIONS',
     origin: APP_CONSTANTS.APP_MODE === Environment.PRODUCTION
-        ? APP_PROTOCOL + '://' + APP_CORE_LIGHTNING_IP + ':' + LIGHTNING_PORT
+        ? APP_PROTOCOL + '://' + APP_IP + ':' + LIGHTNING_PORT
         : APP_PROTOCOL + '://localhost:4300',
     credentials: true,
     allowedHeaders: 'Content-Type, X-XSRF-TOKEN, XSRF-TOKEN',
@@ -67,14 +67,9 @@ const throwApiError = (err) => {
     logger.error('Server error: ' + err);
     switch (err.code) {
         case 'EACCES':
-            return new APIError(HttpStatusCode.ACCESS_DENIED, APP_PROTOCOL +
-                '://' +
-                APP_CORE_LIGHTNING_IP +
-                ':' +
-                LIGHTNING_PORT +
-                ' requires elevated privileges');
+            return new APIError(HttpStatusCode.ACCESS_DENIED, APP_PROTOCOL + '://' + APP_IP + ':' + LIGHTNING_PORT + ' requires elevated privileges');
         case 'EADDRINUSE':
-            return new APIError(HttpStatusCode.ADDR_IN_USE, APP_PROTOCOL + '://' + APP_CORE_LIGHTNING_IP + ':' + LIGHTNING_PORT + ' is already in use');
+            return new APIError(HttpStatusCode.ADDR_IN_USE, APP_PROTOCOL + '://' + APP_IP + ':' + LIGHTNING_PORT + ' is already in use');
         case 'ECONNREFUSED':
             return new APIError(HttpStatusCode.UNAUTHORIZED, 'Server is down/locked');
         case 'EBADCSRFTOKEN':
@@ -84,5 +79,5 @@ const throwApiError = (err) => {
     }
 };
 server.on('error', throwApiError);
-server.on('listening', () => logger.warn('Server running at ' + APP_PROTOCOL + '://' + APP_CORE_LIGHTNING_IP + ':' + LIGHTNING_PORT));
-server.listen({ port: LIGHTNING_PORT, host: APP_CORE_LIGHTNING_IP });
+server.on('listening', () => logger.warn('Server running at ' + APP_PROTOCOL + '://' + APP_IP + ':' + LIGHTNING_PORT));
+server.listen({ port: LIGHTNING_PORT, host: APP_IP });

apps/backend/dist/service/grpc.service.js

@@ -32,9 +32,9 @@ export class GRPCService {
         };
         if (APP_CONSTANTS.LIGHTNING_GRPC_PROTOCOL === 'https') {
             const httpsAgent = new https.Agent({
-                cert: fs.readFileSync(path.join(APP_CONSTANTS.CERT_PATH || '.', 'client.pem')),
-                key: fs.readFileSync(path.join(APP_CONSTANTS.CERT_PATH || '.', 'client-key.pem')),
-                ca: fs.readFileSync(path.join(APP_CONSTANTS.CERT_PATH || '.', 'ca.pem')),
+                cert: fs.readFileSync(path.join(APP_CONSTANTS.LIGHTNING_CERTS_PATH || '.', 'client.pem')),
+                key: fs.readFileSync(path.join(APP_CONSTANTS.LIGHTNING_CERTS_PATH || '.', 'client-key.pem')),
+                ca: fs.readFileSync(path.join(APP_CONSTANTS.LIGHTNING_CERTS_PATH || '.', 'ca.pem')),
             });
             this.axiosConfig.httpsAgent = httpsAgent;
         }

apps/backend/dist/service/lightning.service.js

@@ -8,14 +8,14 @@ import { LightningError } from '../models/errors.js';
 import { GRPCService } from './grpc.service.js';
 import { HttpStatusCode, APP_CONSTANTS, AppConnect, LN_MESSAGE_CONFIG, REST_CONFIG, GRPC_CONFIG, } from '../shared/consts.js';
 import { logger } from '../shared/logger.js';
-import { readFileSync } from 'fs';
+import { refreshEnvVariables } from '../shared/utils.js';
 export class LightningService {
     clnService = null;
     constructor() {
         try {
             logger.info('Getting Commando Rune');
-            if (fs.existsSync(APP_CONSTANTS.COMMANDO_ENV_LOCATION)) {
-                this.refreshEnvVariables();
+            if (fs.existsSync(APP_CONSTANTS.COMMANDO_CONFIG)) {
+                refreshEnvVariables();
                 switch (APP_CONSTANTS.APP_CONNECT) {
                     case AppConnect.REST:
                         logger.info('REST connecting with config: ' + JSON.stringify(REST_CONFIG));
@@ -50,7 +50,7 @@ export class LightningService {
                     headers,
                 };
                 if (APP_CONSTANTS.LIGHTNING_REST_PROTOCOL === 'https') {
-                    const caCert = fs.readFileSync(join(APP_CONSTANTS.CERT_PATH || '.', 'ca.pem'));
+                    const caCert = fs.readFileSync(join(APP_CONSTANTS.LIGHTNING_CERTS_PATH || '.', 'ca.pem'));
                     const httpsAgent = new https.Agent({
                         ca: caCert,
                     });
@@ -110,34 +110,5 @@ export class LightningService {
                 });
         }
     };
-    refreshEnvVariables() {
-        const envVars = this.parseEnvFile(APP_CONSTANTS.COMMANDO_ENV_LOCATION);
-        process.env.LIGHTNING_PUBKEY = envVars.LIGHTNING_PUBKEY;
-        process.env.COMMANDO_RUNE = envVars.LIGHTNING_RUNE;
-        process.env.INVOICE_RUNE = envVars.INVOICE_RUNE !== undefined ? envVars.INVOICE_RUNE : '';
-        APP_CONSTANTS.COMMANDO_RUNE = process.env.COMMANDO_RUNE;
-        APP_CONSTANTS.NODE_PUBKEY = process.env.LIGHTNING_PUBKEY;
-        LN_MESSAGE_CONFIG.remoteNodePublicKey = process.env.LIGHTNING_PUBKEY;
-        GRPC_CONFIG.pubkey = process.env.LIGHTNING_PUBKEY;
-    }
-    parseEnvFile(filePath) {
-        try {
-            const content = readFileSync(filePath, 'utf8');
-            const lines = content.split('\n');
-            const envVars = {};
-            for (let line of lines) {
-                line = line.trim();
-                if (line && line.indexOf('=') !== -1 && !line.startsWith('#')) {
-                    const [key, ...value] = line.split('=');
-                    envVars[key] = value.join('=').replace(/(^"|"$)/g, '');
-                }
-            }
-            return envVars;
-        }
-        catch (err) {
-            logger.error('Error reading .commando-env file:', err);
-            return {};
-        }
-    }
 }
 export const CLNService = new LightningService();