diff --git a/src/commonMain/kotlin/fr/acinq/lightning/bin/Api.kt b/src/commonMain/kotlin/fr/acinq/lightning/bin/Api.kt index 1a1e510..243c93c 100644 --- a/src/commonMain/kotlin/fr/acinq/lightning/bin/Api.kt +++ b/src/commonMain/kotlin/fr/acinq/lightning/bin/Api.kt @@ -26,6 +26,7 @@ import fr.acinq.lightning.utils.* import io.ktor.client.* import io.ktor.client.request.* import io.ktor.http.* +import io.ktor.http.content.* import io.ktor.serialization.kotlinx.* import io.ktor.serialization.kotlinx.json.* import io.ktor.server.application.* @@ -41,8 +42,9 @@ import io.ktor.server.websocket.* import kotlinx.coroutines.flow.SharedFlow import kotlinx.coroutines.launch import kotlinx.serialization.json.Json +import okio.ByteString.Companion.encodeUtf8 -class Api(private val nodeParams: NodeParams, private val peer: Peer, private val eventsFlow: SharedFlow, private val password: String, private val webhookUrl: Url?) { +class Api(private val nodeParams: NodeParams, private val peer: Peer, private val eventsFlow: SharedFlow, private val password: String, private val webhookUrl: Url?, private val webhookSecret: String) { fun Application.module() { @@ -199,6 +201,16 @@ class Api(private val nodeParams: NodeParams, private val peer: Peer, private va }) } } + client.sendPipeline.intercept(HttpSendPipeline.State) { + when (val body = context.body) { + is TextContent -> { + val bodyBytes = body.text.encodeUtf8() + val secretBytes = webhookSecret.encodeUtf8() + val sig = bodyBytes.hmacSha256(secretBytes) + context.headers.append("X-Phoenix-Signature", sig.hex()) + } + } + } launch { eventsFlow.collect { event -> client.post(url) { @@ -231,5 +243,3 @@ class Api(private val nodeParams: NodeParams, private val peer: Peer, private va private fun Parameters.getOptionalLong(argName: String): Long? = this[argName]?.let { it.toLongOrNull() ?: invalidType(argName, "integer") } } - - diff --git a/src/commonMain/kotlin/fr/acinq/lightning/bin/Main.kt b/src/commonMain/kotlin/fr/acinq/lightning/bin/Main.kt index 4716e5b..544614f 100644 --- a/src/commonMain/kotlin/fr/acinq/lightning/bin/Main.kt +++ b/src/commonMain/kotlin/fr/acinq/lightning/bin/Main.kt @@ -102,16 +102,26 @@ class Phoenixd : CliktCommand() { .default(10.minutes) private val httpBindIp by option("--http-bind-ip", help = "Bind ip for the http api").default("127.0.0.1") private val httpBindPort by option("--http-bind-port", help = "Bind port for the http api").int().default(9740) - private val httpPassword by option("--http-password", help = "Password for the http api").defaultLazy { - // the additionalValues map already contains values in phoenix.conf, so if we are here then there are no existing password - terminal.print(yellow("Generating default api password...")) - val value = randomBytes32().toHex() - FileSystem.SYSTEM.appendingSink(confFile, mustExist = false).buffer().use { it.writeUtf8("\nhttp-password=$value\n") } - terminal.println(white("done")) - value - } + private val httpPassword by option("--http-password", help = "Password for the http api") + .defaultLazy { + // if we are here then no value is defined in phoenix.conf + terminal.print(yellow("Generating default api password...")) + val value = randomBytes32().toHex() + FileSystem.SYSTEM.appendingSink(confFile, mustExist = false).buffer().use { it.writeUtf8("\nhttp-password=$value") } + terminal.println(white("done")) + value + } private val webHookUrl by option("--webhook", help = "Webhook http endpoint for push notifications (alternative to websocket)") .convert { Url(it) } + private val webHookSecret by option("--webhook-secret", help = "Secret used to authenticate webhook calls") + .defaultLazy { + // if we are here then no value is defined in phoenix.conf + terminal.print(yellow("Generating webhook secret...")) + val value = randomBytes32().toHex() + FileSystem.SYSTEM.appendingSink(confFile, mustExist = false).buffer().use { it.writeUtf8("\nwebhook-secret=$value") } + terminal.println(white("done")) + value + } class LiquidityOptions : OptionGroup(name = "Liquidity Options") { val autoLiquidity by option("--auto-liquidity", help = "Amount automatically requested when inbound liquidity is needed").choice( @@ -353,7 +363,7 @@ class Phoenixd : CliktCommand() { reuseAddress = true }, module = { - Api(nodeParams, peer, eventsFlow, httpPassword, webHookUrl).run { module() } + Api(nodeParams, peer, eventsFlow, httpPassword, webHookUrl, webHookSecret).run { module() } } ) val serverJob = scope.launch { diff --git a/src/commonMain/kotlin/fr/acinq/lightning/bin/json/JsonSerializers.kt b/src/commonMain/kotlin/fr/acinq/lightning/bin/json/JsonSerializers.kt index 4e187ab..628cfe6 100644 --- a/src/commonMain/kotlin/fr/acinq/lightning/bin/json/JsonSerializers.kt +++ b/src/commonMain/kotlin/fr/acinq/lightning/bin/json/JsonSerializers.kt @@ -25,6 +25,7 @@ import fr.acinq.lightning.channel.states.ChannelStateWithCommitments import fr.acinq.lightning.db.LightningOutgoingPayment import fr.acinq.lightning.json.JsonSerializers import fr.acinq.lightning.utils.UUID +import kotlinx.datetime.Clock import kotlinx.serialization.SerialName import kotlinx.serialization.Serializable import kotlinx.serialization.UseSerializers @@ -70,7 +71,9 @@ sealed class ApiType { data class GeneratedInvoice(@SerialName("amountSat") val amount: Satoshi?, val paymentHash: ByteVector32, val serialized: String) : ApiType() @Serializable - sealed class ApiEvent : ApiType() + sealed class ApiEvent : ApiType() { + val timestamp: Long = Clock.System.now().toEpochMilliseconds() + } @Serializable @SerialName("payment_received")