diff --git a/.env.example b/.env.example index 095ebff9..0e149bba 100644 --- a/.env.example +++ b/.env.example @@ -8,8 +8,6 @@ MS_TO_TOKEN_EXPIRATION=4500000 SHOCK_ENCRYPTION_ECC=true CACHE_HEADERS_MANDATORY=true SHOCK_CACHE=true -# Use only if disabling LND encrypt phrase (security risk) -TRUSTED_KEYS=true # SSH Tunnel Provider LOCAL_TUNNEL_SERVER=https://tunnel.rip # Default content to your own seed server diff --git a/composers/windows-2network-alice/docker-compose.yml b/composers/windows-2network-alice/docker-compose.yml index 95c107df..d03ab95a 100644 --- a/composers/windows-2network-alice/docker-compose.yml +++ b/composers/windows-2network-alice/docker-compose.yml @@ -13,5 +13,4 @@ services: - 9835:9835 volumes: - C:\Users\boufn\.polar\networks\2\volumes\lnd\alice:/root/.lnd - environment: - TRUSTED_KEYS: 'false' \ No newline at end of file + \ No newline at end of file diff --git a/src/routes.js b/src/routes.js index f927801f..dc667e43 100644 --- a/src/routes.js +++ b/src/routes.js @@ -604,12 +604,9 @@ module.exports = async ( const walletInitialized = await walletExists() const { alias, password } = req.body const lndUp = health.LNDStatus.success - const trustedKeysEnabled = - process.env.TRUSTED_KEYS === 'true' || !process.env.TRUSTED_KEYS const walletUnlocked = health.LNDStatus.walletStatus === 'unlocked' const { authorization = '' } = req.headers const allowUnlockedLND = process.env.ALLOW_UNLOCKED_LND === 'true' - const trustedKeys = await Storage.get('trustedPKs') const { lightning } = LightningServices.services if (!lndUp) { @@ -632,30 +629,17 @@ module.exports = async ( throw new Error('Invalid alias/password combination') } - const [isKeyTrusted = !trustedKeysEnabled] = (trustedKeys || []).filter( - trustedKey => trustedKey === publicKey - ) - - if (!isKeyTrusted) { - logger.warn('Untrusted public key!') - } - if (!walletUnlocked) { await unlockWallet(password) } - if ( - walletUnlocked && - !authorization && - !isKeyTrusted && - !allowUnlockedLND - ) { + if (walletUnlocked && !authorization && !allowUnlockedLND) { throw new Error( 'Invalid alias/password combination (Untrusted Device)' ) } - if (walletUnlocked && !isKeyTrusted && !allowUnlockedLND) { + if (walletUnlocked && !allowUnlockedLND) { const validatedToken = await validateToken( authorization.replace('Bearer ', '') ) @@ -667,10 +651,6 @@ module.exports = async ( } } - if (!isKeyTrusted) { - await Storage.set('trustedPKs', [...(trustedKeys || []), publicKey]) - } - // Generate auth token and send it as a JSON response const token = await auth.generateToken() @@ -796,9 +776,6 @@ module.exports = async ( GunDB.mySEA ) - const trustedKeys = await Storage.get('trustedPKs') - await Storage.setItem('trustedPKs', [...(trustedKeys || []), publicKey]) - const [initWalletErr, initWalletResponse] = await new Promise(res => { walletUnlocker.initWallet( walletArgs, @@ -873,7 +850,6 @@ module.exports = async ( app.post('/api/lnd/wallet/existing', async (req, res) => { try { - const trustedKeys = await Storage.get('trustedPKs') const { password, alias } = req.body const healthResponse = await checkHealth() const exists = await walletExists() @@ -923,8 +899,6 @@ module.exports = async ( // Register user after verifying wallet password const publicKey = await GunDB.register(alias, password) - await Storage.setItem('trustedPKs', [...(trustedKeys || []), publicKey]) - // Generate Access Token const token = await auth.generateToken() setTimeout(() => {