From 6946bed8c3d5a893d18875532d84704a45fa2084 Mon Sep 17 00:00:00 2001
From: elliedev80 <elliedev80@proton.me>
Date: Wed, 26 Jun 2024 13:03:19 +0000
Subject: [PATCH]  add MINT_LND_REST_CERT_VERIFY env bool that when set to
 False allow to skip certificate validation for LND api call (#535)

* LND Backend
 - Add MINT_LND_REST_CERT_VERIFY bool variable that when set to False allows
   verify=False for httpx and ignore LND selfsigned certificate validation

 On branch main
 Your branch is up to date with 'origin/main'.

 Changes to be committed:
	modified:   .env.example
	modified:   cashu/core/settings.py
	modified:   cashu/lightning/lndrest.py

* Update .env.example

---------

Co-authored-by: callebtc <93376500+callebtc@users.noreply.github.com>
---
 .env.example               |  1 +
 cashu/core/settings.py     |  1 +
 cashu/lightning/lndrest.py | 12 ++++++++++++
 3 files changed, 14 insertions(+)

diff --git a/.env.example b/.env.example
index 96c68bd..a23d7cf 100644
--- a/.env.example
+++ b/.env.example
@@ -70,6 +70,7 @@ MINT_LNBITS_KEY=yourkeyasdasdasd
 MINT_LND_REST_ENDPOINT=https://127.0.0.1:8086
 MINT_LND_REST_CERT="/home/lnd/.lnd/tls.cert"
 MINT_LND_REST_MACAROON="/home/lnd/.lnd/data/chain/bitcoin/regtest/admin.macaroon"
+MINT_LND_REST_CERT_VERIFY=True
 
 # Use with CoreLightningRestWallet
 MINT_CORELIGHTNING_REST_URL=https://localhost:3001
diff --git a/cashu/core/settings.py b/cashu/core/settings.py
index aa96bc0..d4bca1f 100644
--- a/cashu/core/settings.py
+++ b/cashu/core/settings.py
@@ -186,6 +186,7 @@ class WalletSettings(CashuSettings):
 class LndRestFundingSource(MintSettings):
     mint_lnd_rest_endpoint: Optional[str] = Field(default=None)
     mint_lnd_rest_cert: Optional[str] = Field(default=None)
+    mint_lnd_rest_cert_verify: bool = Field(default=True)
     mint_lnd_rest_macaroon: Optional[str] = Field(default=None)
     mint_lnd_rest_admin_macaroon: Optional[str] = Field(default=None)
     mint_lnd_rest_invoice_macaroon: Optional[str] = Field(default=None)
diff --git a/cashu/lightning/lndrest.py b/cashu/lightning/lndrest.py
index e534f35..3b464d0 100644
--- a/cashu/lightning/lndrest.py
+++ b/cashu/lightning/lndrest.py
@@ -40,6 +40,7 @@ class LndRestWallet(LightningBackend):
         self.unit = unit
         endpoint = settings.mint_lnd_rest_endpoint
         cert = settings.mint_lnd_rest_cert
+        cert_verify = settings.mint_lnd_rest_cert_verify
 
         macaroon = (
             settings.mint_lnd_rest_macaroon
@@ -59,6 +60,12 @@ class LndRestWallet(LightningBackend):
                 " publicly issued certificate"
             )
 
+        if not cert_verify:
+            logger.warning(
+                "certificate validation will be disabled for lndrest"
+            )
+
+
         endpoint = endpoint[:-1] if endpoint.endswith("/") else endpoint
         endpoint = (
             f"https://{endpoint}" if not endpoint.startswith("http") else endpoint
@@ -71,6 +78,11 @@ class LndRestWallet(LightningBackend):
         # even on startup
         self.cert = cert or True
 
+        # disable cert verify if choosen
+        if not cert_verify:
+            self.cert = False
+
+
         self.auth = {"Grpc-Metadata-macaroon": self.macaroon}
         self.client = httpx.AsyncClient(
             base_url=self.endpoint, headers=self.auth, verify=self.cert