aiolabs/lightning-pub
2
0
Fork 0
Code Issues 9 Pull requests 4 Projects Releases Packages Wiki Activity Actions

Offline access secret for authenticating when tunneled

Browse source
This commit is contained in:
Daniel Lugo 2022-01-20 17:35:21 -04:00
parent 808959b845
commit 319f104acf
2 changed files with 22 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/routes.js
View file

@ -47,7 +47,7 @@ module.exports = async (
_app, _app,
config, config,
mySocketsEvents, mySocketsEvents,
{ serverPort, useTLS, CA, CA_KEY, runPrivateKey, runPublicKey } { serverPort, useTLS, CA, CA_KEY, runPrivateKey, runPublicKey, accessSecret }
) => { ) => {
/** /**
* @typedef {import('express').Application} Application * @typedef {import('express').Application} Application
@ -451,9 +451,14 @@ module.exports = async (
app.post('/api/encryption/exchange', async (req, res) => { app.post('/api/encryption/exchange', async (req, res) => {
try { try {
const { publicKey, deviceId } = req.body let { publicKey, deviceId } = req.body
if (!publicKey) { if (Buffer.isBuffer(accessSecret)) {
publicKey = await ECCrypto.decrypt(accessSecret, publicKey)
deviceId = await ECCrypto.decrypt(accessSecret, deviceId)
}
if (typeof publicKey !== 'string' || !publicKey) {
return res.status(400).json({ return res.status(400).json({
field: 'publicKey', field: 'publicKey',
message: 'Please provide a valid public key' message: 'Please provide a valid public key'

20
src/server.js
View file

@ -49,6 +49,13 @@ const server = program => {
nonEncryptedRoutes nonEncryptedRoutes
} = require('../utils/protectedRoutes') } = require('../utils/protectedRoutes')
/**
* An offline-only private key used for authenticating a client's key
* exchange. Neither the tunnel nor the WWW should see this private key, it
* should only be served through STDOUT (via QR or else).
*/
const accessSecret = program.tunnel ? ECCrypto.generatePrivate() : null
// load app default configuration data // load app default configuration data
const defaults = require('../config/defaults')(program.mainnet) const defaults = require('../config/defaults')(program.mainnet)
const rootFolder = program.rootPath || process.resourcesPath || __dirname const rootFolder = program.rootPath || process.resourcesPath || __dirname
@ -351,7 +358,8 @@ const server = program => {
CA, CA,
CA_KEY, CA_KEY,
runPrivateKey, runPrivateKey,
runPublicKey runPublicKey,
accessSecret
} }
) )
@ -389,12 +397,12 @@ const server = program => {
Storage.setItem('relay/url', noProtocolAddress) Storage.setItem('relay/url', noProtocolAddress)
]) ])
const dataToQr = JSON.stringify({ const dataToQr = JSON.stringify({
internalIP: `${params.relayId}@${noProtocolAddress}`, URI: `https://${params.relayId}@${noProtocolAddress}`,
walletPort: 443, // Null-check is just to please typescript
externalIP: `${params.relayId}@${noProtocolAddress}` accessSecret: accessSecret && accessSecret.toString('base64')
}) })
qrcode.generate(dataToQr, { small: true }) qrcode.generate(dataToQr, { small: false })
logger.info(`connect to ${params.relayId}@${noProtocolAddress}`) logger.info(`connect to ${params.relayId}@${noProtocolAddress}:443`)
} else { } else {
logger.error('!! Relay did not connect to server !!') logger.error('!! Relay did not connect to server !!')
} }