aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-19 23:24:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

update new documentation and move to doc/

Browse Source
This commit is contained in:
Adi Shankara
2023-07-14 11:43:59 +04:00
committed by Rusty Russell
parent 5151020224
commit b2caa56c27
44 changed files with 323 additions and 442 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
doc/developers-guide/app-development/commando.md Normal file
View File

@@ -0,0 +1,28 @@
---
title: "Commando"
slug: "commando"
hidden: false
createdAt: "2023-02-08T09:54:01.784Z"
updatedAt: "2023-02-21T13:55:16.224Z"
---
> 📘
>
> Used for applications that want to connect to a CLN node over the lightning network in a secure manner.
Commando is a direct-to-node plugin that ships natively with Core Lightning. It lets you set _runes_ to create fine-grained access controls to a CLN node's RPC , and provides access to those same RPCs via Lightning-native network connections.
The commando plugin adds two new RPC methods: `commando` and `commando-rune`.
- `commando` allows you to send a directly connected peer an RPC request, who, in turn, will run and send the result to you. This uses the secure connections that Lightning nodes establish with each other on connect. As arbitrary RPC executions by any connected node can be dangerous, generally, the peer will only allow you to execute the command if you've also provided a `rune`.
- `commando-rune` is the RPC command that allows you to construct a base64 encoded permissions string, which can be handed to peers to allow them to use commando to query or ask your node for things remotely. runes have restrictions added to them, meaning no one can remove a restriction from a rune you've generated and handed them. These restrictions allow you to carefully craft the RPC commands a caller is allowed to access, the number of times that they can do so, the length of time the rune is valid for, and more.
For more details on using runes, read through the docs for [commando](ref:lightning-commando) and [commando-rune](ref:lightning-commando-rune).
Check out [this](https://www.youtube.com/watch?v=LZLRCPNn7vA) video of William Casarin (@jb55) walking through how to create runes and connect to a Lightning node via [lnsocket](https://github.com/jb55/lnsocket).
> 📘 Pro-tip
>
> - **[lnsocket](https://github.com/jb55/lnsocket)** allows you to build a web or mobile app that talks directly to a CLN node over commando with runes. Check out [LNLink](https://lnlink.app/) - a mobile app that allows you to control a Core Lightning node over the lightning network itself!
> - **[lnmessage](https://github.com/aaronbarnardsound/lnmessage)** allows you to talk to Core Lightning nodes from the browser via a Websocket connection and control it using commando.

131
doc/developers-guide/app-development/grpc.md Normal file
View File

@@ -0,0 +1,131 @@
---
title: "gRPC APIs"
slug: "grpc"
hidden: false
createdAt: "2023-02-07T12:52:39.665Z"
updatedAt: "2023-02-08T09:56:41.158Z"
---
> 📘
>
> Used for applications that want to connect to CLN over the network in a secure manner.
Since v0.11.0, Core Lightning provides a new interface: `cln-grpc`, a Rust-based plugin that provides a standardized API that apps, plugins, and other tools could use to interact with Core Lightning securely.
We always had a JSON-RPC, with a very exhaustive API, but it was exposed only locally over a Unix-domain socket. Some plugins chose to re-expose the API over a variety of protocols, ranging from REST to gRPC, but it was additional work to install them. The gRPC API is automatically generated from our existing JSON-RPC API, so it has the same low-level and high-level access that app devs are accustomed to but uses a more efficient binary encoding where possible and is secured via mutual TLS authentication.
To use it, just add the `--grpc-port` option, and itll automatically start alongside Core Lightning and generate the appropriate mTLS certificates. It will listen on the configured port, authenticate clients using mTLS certificates, and will forward any request to the JSON-RPC interface, performing translations from protobuf to JSON and back.
## Tutorial
### Generating the certificates
The plugin only runs when `lightningd` is configured with the option `--grpc-port`. Upon starting, the plugin generates a number of files, if they don't already exist:
- `ca.pem` and `ca-key.pem`: These are the certificate and private key for your own certificate authority. The plugin will only accept incoming connections using certificates that are signed by this CA.
- `server.pem` and `server-key.pem`: this is the identity (certificate and private key) used by the plugin to authenticate itself. It is signed by the CA, and the client will verify its identity.
- `client.pem` and `client-key.pem`: this is an example identity that can be used by a client to connect to the plugin, and issue requests. It is also signed by the CA.
These files are generated with sane defaults, however you can generate custom certificates should you require some changes (see [below](doc:app-development#generating-custom-certificates) for details).
The client needs a valid mTLS identity in order to connect to the plugin, so copy over the `ca.pem`, `client.pem` and `client-key.pem` files from the node to your project directory.
### Generating language-specific bindings
The gRPC interface is described in the [protobuf file](https://github.com/ElementsProject/lightning/blob/master/cln-grpc/proto/node.proto), and we'll first need to generate language specific bindings.
In this tutorial, we walk through the steps for Python, however they are mostly the same for other languages. For instance, if you're developing in Rust, use [`tonic-build`](https://docs.rs/tonic-build/latest/tonic_build/) to generate the bindings. For other languages, see the official [gRPC docs](https://grpc.io/docs/languages/) on how to generate gRPC client library for your specific language using the protobuf file.
We start by downloading the dependencies and `protoc` compiler:
```shell
pip install grpcio-tools
```
Next we generate the bindings in the current directory:
```bash
python -m grpc_tools.protoc \
-I path/to/cln-grpc/proto \
path/to/cln-grpc/proto/node.proto \
--python_out=. \
--grpc_python_out=. \
--experimental_allow_proto3_optional
```
This will generate two files in the current directory:
- `node_pb2.py`: the description of the protobuf messages we'll be exchanging with the server.
- `node_pb2_grpc.py`: the service and method stubs representing the server-side methods as local objects and associated methods.
### Connecting to the node
Finally we can use the generated stubs and mTLS identity to connect to the node:
```python
from pathlib import Path
from node_pb2_grpc import NodeStub
import node_pb2
p = Path(".")
cert_path = p / "client.pem"
key_path = p / "client-key.pem"
ca_cert_path = p / "ca.pem"
creds = grpc.ssl_channel_credentials(
root_certificates=ca_cert_path.open('rb').read(),
private_key=key_path.open('rb').read(),
certificate_chain=cert_path.open('rb').read()
)
channel = grpc.secure_channel(
f"localhost:{grpc_port}",
creds,
options=(('grpc.ssl_target_name_override', 'cln'),)
)
stub = NodeStub(channel)
print(stub.Getinfo(node_pb2.GetinfoRequest()))
```
In this example, we first load the client identity as well as the CA certificate so we can verify the server's identity against it. We then create a `creds` instance using those details. Next we open a secure channel, i.e., a channel over TLS with verification of identities.
Notice that we override the expected SSL name with `cln`. This is required because the plugin does not know the domain under which it will be reachable, and will therefore use `cln` as a standin. See [custom certificate generation](doc:app-development#generating-custom-certificates) for how this could be changed.
We then use the channel to instantiate the `NodeStub` representing the service and its methods, so we can finally call the `Getinfo` method with default arguments.
### Generating custom certificates (optional)
The automatically generated mTLS certificate will not know about potential domains that it'll be served under, and will chose a number of other parameters by default. If you'd like to generate a server certificate with a custom domain, you can use the following:
```shell
openssl genrsa -out server-key.pem 2048
```
This generates the private key. Next we create a Certificate Signature Request (CSR) that we can then process using our CA identity:
```shell
openssl req -key server-key.pem -new -out server.csr
```
You will be asked a number of questions, the most important of which is the _Common Name_, which you should set to the domain name you'll be serving the interface under. Next we can generate the actual certificate by processing the request with the CA identity:
```shell
openssl x509 -req -CA ca.pem -CAkey ca-key.pem \
-in server.csr \
-out server.pem \
-days 365 -CAcreateserial
```
This will finally create the `server.pem` file, signed by the CA, allowing you to access the node through its real domain name. You can now move `server.pem` and `server-key.pem` into the lightning directory, and they should be picked up during the start.

112
doc/developers-guide/app-development/json-rpc.md Normal file
View File

@@ -0,0 +1,112 @@
---
title: "JSON-RPC commands"
slug: "json-rpc"
hidden: false
createdAt: "2023-02-07T12:53:11.917Z"
updatedAt: "2023-02-21T13:50:10.086Z"
---
> 📘
>
> Used for applications running on the same system as CLN.
## Using `lightning-cli`
Core Lightning exposes a [JSON-RPC 2.0](https://www.jsonrpc.org/specification) interface over a Unix Domain socket; the [`lightning-cli`](ref:lightning-cli) tool can be used to access it, or there is a [python client library](???).
You can use `[lightning-cli](ref:lightning-cli) help` to print a table of RPC methods; `[lightning-cli](lightning-cli) help <command>` will offer specific information on that command.
Useful commands:
- [lightning-newaddr](ref:lightning-newaddr): get a bitcoin address to deposit funds into your lightning node.
- [lightning-listfunds](ref:lightning-listfunds): see where your funds are.
- [lightning-connect](ref:lightning-connect): connect to another lightning node.
- [lightning-fundchannel](ref:lightning-fundchannel): create a channel to another connected node.
- [lightning-invoice](ref:lightning-invoice): create an invoice to get paid by another node.
- [lightning-pay](ref:lightning-pay): pay someone else's invoice.
- [lightning-plugin](ref:lightning-plugin): commands to control extensions.
A complete list of all JSON-RPC commands is available at [API Reference](doc:api-reference).
## Using Python
[pyln-client](https://github.com/ElementsProject/lightning/tree/master/contrib/pyln-client) is a python client library for lightningd, that implements the Unix socket based JSON-RPC protocol. It can be used to call arbitrary functions on the RPC interface, and serves as a basis for applications or plugins written in python.
### Installation
`pyln-client` is available on `pip`:
```shell
pip install pyln-client
```
Alternatively you can also install the development version to get access to currently unreleased features by checking out the Core Lightning source code and installing into your python3 environment:
```shell
git clone https://github.com/ElementsProject/lightning.git
cd lightning/contrib/pyln-client
poetry install
```
This will add links to the library into your environment so changing the checked out source code will also result in the environment picking up these changes. Notice however that unreleased versions may change API without warning, so test thoroughly with the released version.
### Tutorials
Check out the following recipes to learn how to use pyln-client in your applications.
[block:tutorial-tile]
{
"backgroundColor": "#dfb316",
"emoji": "🦉",
"id": "63dbbcd59880f6000e329079",
"link": "https://docs.corelightning.org/v1.0/recipes/write-a-program-in-python-to-interact-with-lightningd",
"slug": "write-a-program-in-python-to-interact-with-lightningd",
"title": "Write a program in Python to interact with lightningd"
}
[/block]
[block:tutorial-tile]
{
"backgroundColor": "#dfb316",
"emoji": "🦉",
"id": "63dbd6993ef79b07b8f399be",
"link": "https://docs.corelightning.org/v1.0/recipes/write-a-hello-world-plugin-in-python",
"slug": "write-a-hello-world-plugin-in-python",
"title": "Write a hello-world plugin in Python"
}
[/block]
## Using Rust
[cln-rpc](https://crates.io/crates/cln-rpc) is a Rust-based crate for lightningd, that implements the Unix socket based JSON-RPC protocol. It can be used to call arbitrary functions on the RPC interface, and serves as a basis for applications or plugins written in Rust.
### Installation
Run the following Cargo command in your project directory:
```shell
cargo add cln-rpc
```
Or add the following line to your Cargo.toml:
```Text Cargo.toml
cln-rpc = "0.1.2"
```
Documentation for the `cln-rpc` crate is available at <https://docs.rs/cln-rpc/>.

22
doc/developers-guide/app-development/third-party-libraries.md Normal file
View File

@@ -0,0 +1,22 @@
---
title: "Third-party libraries"
slug: "third-party-libraries"
hidden: false
createdAt: "2023-02-07T12:55:33.547Z"
updatedAt: "2023-02-21T13:55:39.216Z"
---
## REST
[C-lightning-REST](https://github.com/Ride-The-Lightning/c-lightning-REST) is a _third party_ REST API interface for Core Lightning written in Node.js.
> 📘
>
> Official support for REST APIs in Core Lightning is coming soon!
## GraphQL
[c-lightning-graphql](https://github.com/nettijoe96/c-lightning-graphql) exposes the Core Lightning API over GraphQL.
## JSON over HTTPS
[Sparko](https://github.com/fiatjaf/sparko) offers a full-blown JSON-RPC over HTTP bridge to a CLN node with fine-grained permissions, SSE and spark-wallet support that can be used to develop apps.