In this commit, we add a new CLI argument that allows a user to control
if we use strict verification or not. Strict verification relies on
checking the actual invoice state against lnd, and requires more state
for the Aperture server.
When strict verification isn't on, we rely only on the preimage payment
hash relationship. Namely that the only way a user can obtain the
preimage is to pay the invoice, and as we check the HMAC on the
macaroon, we know that we created it with an invoice obtained from lnd.
In this commit, we fix a subtle bug in the parsing of the yaml config.
With the way the library works, the attribute name needs to match the
config attribute name. Otherwise, parsing just doesn't work.
In this commit, we start a timer if a mailbox stream is completely
un-occupied (neither read or write stream is occupied). The timer
stopped if either of the streams are occupied and is reset if both
streams are unoccupied.
Our yaml parsing is unaffected, but this change allows us to specify
these groups one param at a time. We do not update services because they
require special grouping, so we leave that as a json parameter.
To make it easier to use aperture in a setup where we only need its
proxy functionality but not its LSAT capabilities, we add the option to
disable the authenticator. This makes it possible to run aperture
without needing to connect it to an lnd node.
In this commit, we integrate Tor onion services into the proxy. Clients
can now make their requests through Tor's encrypted network. To make
this possible, there were a few quirks, the most important being that
clients were unable to establish encrypted HTTP/2 connections due to
TLS certificates not being able to verify onion services. To work around
this, we now spin up an additional HTTP/2 server _without TLS_ that's
not exposed to the outside world and can only be accessed through the
onion services, which already provide encryption.
Once the onion services are created, we store their private keys within
etcd to ensure we can recover them later on as the proxy is intended to
be long-lived.
Allows the ability for the proxy to connect to an etcd cluster for any
reliable data storage purposes. No data is being stored yet as of this
commit, but we'll be storing LSAT secrets at a later commit.
One key component in this commit is that we introduce a new top level
key that will serve to hold all LSAT proxy-related data. Any nested keys
should be prefixed with said top level key.
Co-authored-by: Oliver Gugger <gugger@gmail.com>
