75ca574790
With this commit we introduce the concept of RPC middleware: A mechanism similar to the existing channel or HTLC interceptors but this time for gRPC messages themselves. An RPC middleware can register itself to the main RPC server to get notified each time a new gRPC request comes in, a gRPC response is sent back or a streaming RPC is connected. The middleware can validate/inspect incoming requests and modify/overwrite outgoing responses. Since this also opens the door for malicious software to interfere with lnd in a negative way, we bind everything to macaroons with custom caveat conditions: A middleware declares upon registration which custom caveat name it can handle. Only client requests that send a macaroon with that custom caveat will then be given to the middleware for inspection. The only exception is if the middleware instead registers to use the read-only mode. In that mode it will be able to intercept all requests/responses, even those not made with a special encumbered macaroon. But the middleware won't be able to alter responses in the read-only mode. Therefore requests with the default, unencumbered macaroons can never be modified by any middleware. |
||
|---|---|---|
| .github | ||
| aezeed | ||
| amp | ||
| autopilot | ||
| batch | ||
| blockcache | ||
| brontide | ||
| buffer | ||
| build | ||
| cert | ||
| chainntnfs | ||
| chainreg | ||
| chanacceptor | ||
| chanbackup | ||
| chanfitness | ||
| channeldb | ||
| channelnotifier | ||
| clock | ||
| cluster | ||
| cmd | ||
| contractcourt | ||
| contrib | ||
| discovery | ||
| docker | ||
| docs | ||
| feature | ||
| funding | ||
| fuzz | ||
| healthcheck | ||
| htlcswitch | ||
| input | ||
| invoices | ||
| keychain | ||
| kvdb | ||
| labels | ||
| lncfg | ||
| lnpeer | ||
| lnrpc | ||
| lntest | ||
| lntypes | ||
| lnwallet | ||
| lnwire | ||
| macaroons | ||
| make | ||
| mobile | ||
| monitoring | ||
| multimutex | ||
| nat | ||
| netann | ||
| peer | ||
| peernotifier | ||
| pool | ||
| queue | ||
| record | ||
| routing | ||
| rpcperms | ||
| scripts | ||
| shachain | ||
| signal | ||
| subscribe | ||
| sweep | ||
| ticker | ||
| tlv | ||
| tor | ||
| walletunlocker | ||
| watchtower | ||
| zpay32 | ||
| .gitignore | ||
| .golangci.yml | ||
| .travis.yml | ||
| breacharbiter_test.go | ||
| breacharbiter.go | ||
| channel_notifier.go | ||
| chanrestore.go | ||
| config.go | ||
| dev.Dockerfile | ||
| doc.go | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| lnd.go | ||
| log.go | ||
| logo.png | ||
| Makefile | ||
| nursery_store_test.go | ||
| nursery_store.go | ||
| pilot.go | ||
| README.md | ||
| rpcserver.go | ||
| sample-lnd.conf | ||
| server_test.go | ||
| server.go | ||
| subrpcserver_config.go | ||
| tools.go | ||
| utxonursery_test.go | ||
| utxonursery.go | ||
| witness_beacon.go | ||
Lightning Network Daemon
The Lightning Network Daemon (lnd) - is a complete implementation of a
Lightning Network node. lnd has several pluggable back-end
chain services including btcd (a
full-node), bitcoind, and
neutrino (a new experimental light client). The project's codebase uses the
btcsuite set of Bitcoin libraries, and also
exports a large set of isolated re-usable Lightning Network related libraries
within it. In the current state lnd is capable of:
- Creating channels.
- Closing channels.
- Completely managing all channel states (including the exceptional ones!).
- Maintaining a fully authenticated+validated channel graph.
- Performing path finding within the network, passively forwarding incoming payments.
- Sending outgoing onion-encrypted payments through the network.
- Updating advertised fee schedules.
- Automatic channel management (
autopilot).
Lightning Network Specification Compliance
lnd fully conforms to the Lightning Network specification
(BOLTs). BOLT stands for:
Basis of Lightning Technology. The specifications are currently being drafted
by several groups of implementers based around the world including the
developers of lnd. The set of specification documents as well as our
implementation of the specification are still a work-in-progress. With that
said, the current status of lnd's BOLT compliance is:
- BOLT 1: Base Protocol
- BOLT 2: Peer Protocol for Channel Management
- BOLT 3: Bitcoin Transaction and Script Formats
- BOLT 4: Onion Routing Protocol
- BOLT 5: Recommendations for On-chain Transaction Handling
- BOLT 7: P2P Node and Channel Discovery
- BOLT 8: Encrypted and Authenticated Transport
- BOLT 9: Assigned Feature Flags
- BOLT 10: DNS Bootstrap and Assisted Node Location
- BOLT 11: Invoice Protocol for Lightning Payments
Developer Resources
The daemon has been designed to be as developer friendly as possible in order
to facilitate application development on top of lnd. Two primary RPC
interfaces are exported: an HTTP REST API, and a gRPC
service. The exported API's are not yet stable, so be warned: they may change
drastically in the near future.
An automatically generated set of documentation for the RPC APIs can be found at api.lightning.community. A set of developer resources including guides, articles, example applications and community resources can be found at: docs.lightning.engineering.
Finally, we also have an active
Slack where protocol developers, application developers, testers and users gather to
discuss various aspects of lnd and also Lightning in general.
Installation
In order to build from source, please see the installation instructions.
Docker
To run lnd from Docker, please see the main Docker instructions
IRC
- irc.libera.chat
- channel #lnd
- webchat
Safety
When operating a mainnet lnd node, please refer to our operational safety
guidelines. It is important to note that lnd is still
beta software and that ignoring these operational guidelines can lead to
loss of funds.
Security
The developers of lnd take security very seriously. The disclosure of
security vulnerabilities helps us secure the health of lnd, privacy of our
users, and also the health of the Lightning Network as a whole. If you find
any issues regarding security or privacy, please disclose the information
responsibly by sending an email to security at lightning dot engineering,
preferably encrypted using our designated PGP key
(91FE464CD75101DA6B6BAB60555C6465E5BCB3AF) which can be found
here.