use encrypted request for subscribe notifications

2025-12-20 23:34:22 +01:00 · 2023-11-06 15:30:38 +01:00
parent 4be6d8c6a4
commit 743e880d9c
6 changed files with 167 additions and 72 deletions
--- a/notifications/server.go
+++ b/notifications/server.go
@@ -7,7 +7,10 @@ import (
 	"fmt"
 	"log"

+	lspdrpc "github.com/breez/lspd/rpc"
 	"github.com/btcsuite/btcd/btcec/v2/ecdsa"
+	ecies "github.com/ecies/go/v2"
+	"github.com/golang/protobuf/proto"
 )

 var ErrInvalidSignature = fmt.Errorf("invalid signature")
@@ -26,8 +29,25 @@ func NewNotificationsServer(store Store) NotificationsServer {

 func (s *server) SubscribeNotifications(
 	ctx context.Context,
-	request *SubscribeNotificationsRequest,
+	in *EncryptedNotificationRequest,
 ) (*SubscribeNotificationsReply, error) {
+	node, _, err := lspdrpc.GetNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := ecies.Decrypt(node.EciesPrivateKey, in.Blob)
+	if err != nil {
+		return nil, fmt.Errorf("ecies.Decrypt(%x) error: %w", in.Blob, err)
+	}
+
+	var request SubscribeNotificationsRequest
+	err = proto.Unmarshal(data, &request)
+	if err != nil {
+		log.Printf("proto.Unmarshal(%x) error: %v", data, err)
+		return nil, fmt.Errorf("proto.Unmarshal(%x) error: %w", data, err)
+	}
+
 	first := sha256.Sum256([]byte(request.Url))
 	second := sha256.Sum256(first[:])
 	pubkey, wasCompressed, err := ecdsa.RecoverCompact(