e2757ebca8
It turns out that sending a non-200 HTTP status code was against the gRPC spec and the older versions of the `grpc` library just didn't validate that. The validation was added in v1.40.0, which is the version that we couldn't update to before. With this fix the error is still parsed correctly on the client side. But this requires a small change to the L402 spec because the status code is no longer 402.
L402 (Lightning HTTP 402) API Key proxy
Aperture is your portal to the Lightning-Native Web. Aperture is used in production today by Lightning Loop, a non-custodial on/off ramp for the Lightning Network.
Aperture is a HTTP 402 reverse proxy that supports proxying requests for gRPC (HTTP/2) and REST (HTTP/1 and HTTP/2) backends using the L402 Protocol Standard. L402 is short for: the Lightning HTTP 402 protocol. L402 combines HTTP 402, macaroons, and the Lightning Network to create a new standard for authentication and paid services on the web.
L402 is a new standard protocol for authentication and paid APIs developed by Lightning Labs. L402 API keys can serve both as authentication, as well as a payment mechanism (one can view it as a ticket) for paid APIs. In order to obtain a token, we require the user to pay us over Lightning in order to obtain a preimage, which itself is a cryptographic component of the final L402 token
The implementation of the authentication token is chosen to be macaroons, as they allow us to package attributes and capabilities along with the token. This system allows one to automate pricing on the fly and allows for a number of novel constructs such as automated tier upgrades. In another light, this can be viewed as a global HTTP 402 reverse proxy at the load balancing level for web services and APIs.
Installation / Setup
lnd
- Make sure
lndports are reachable.
aperture
- Compilation requires go
1.19.xor later. - To build
aperturein the current directory, runmake buildand then copy the file./aperturefrom the local directory to the server. - To build and install
aperturedirectly on the machine it will be used, run themake installcommand which will place the binary into your$GOPATH/binfolder. - Make sure port
8081is reachable from outside (or whatever port we choose, could also be 443 at some point) - Make sure there is a valid
tls.certandtls.keyfile located in the~/.aperturedirectory that is valid for the domain that aperture is running on. Aperture doesn't support creating its own certificate through Let's Encrypt yet. If there is notls.certandtls.keyfound, a self-signed pair will be created. - Make sure all required configuration items are set in
~/.aperture/aperture.yaml, compare withsample-conf.yaml. - Start aperture without any command line parameters (
./aperture), all configuration is done in the~/.aperture/aperture.yamlfile.