2020-04-12 18:27:01 +02:00
|
|
|
import { authenticatedLndGrpc } from 'ln-service';
|
2020-04-14 08:25:58 +02:00
|
|
|
import getConfig from 'next/config';
|
2020-05-19 07:50:16 +02:00
|
|
|
import {
|
|
|
|
|
SSO_ACCOUNT,
|
|
|
|
|
SERVER_ACCOUNT,
|
|
|
|
|
AuthType,
|
|
|
|
|
CLIENT_ACCOUNT,
|
|
|
|
|
} from 'src/context/AccountContext';
|
2020-05-31 10:23:26 +02:00
|
|
|
import { ContextType } from 'server/types/apiTypes';
|
2020-05-26 07:03:33 +02:00
|
|
|
import AES from 'crypto-js/aes';
|
|
|
|
|
import CryptoJS from 'crypto-js';
|
2020-05-23 14:46:47 +02:00
|
|
|
import { logger } from './logger';
|
2020-04-14 08:25:58 +02:00
|
|
|
|
2020-06-13 11:46:20 +02:00
|
|
|
const { serverRuntimeConfig, publicRuntimeConfig } = getConfig() || {};
|
|
|
|
|
const { nodeEnv } = serverRuntimeConfig || {};
|
|
|
|
|
const { noClient } = publicRuntimeConfig || {};
|
2020-04-12 18:27:01 +02:00
|
|
|
|
2020-05-19 07:50:16 +02:00
|
|
|
type LndAuthType = {
|
|
|
|
|
cert: string;
|
|
|
|
|
macaroon: string;
|
|
|
|
|
host: string;
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-12 18:27:01 +02:00
|
|
|
export const getIp = (req: any) => {
|
|
|
|
|
if (!req || !req.headers) {
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
const forwarded = req.headers['x-forwarded-for'];
|
|
|
|
|
const before = forwarded
|
|
|
|
|
? forwarded.split(/, /)[0]
|
|
|
|
|
: req.connection.remoteAddress;
|
2020-04-14 08:25:58 +02:00
|
|
|
const ip = nodeEnv === 'development' ? '1.2.3.4' : before;
|
2020-04-12 18:27:01 +02:00
|
|
|
return ip;
|
|
|
|
|
};
|
|
|
|
|
|
2020-05-19 07:50:16 +02:00
|
|
|
export const getCorrectAuth = (
|
|
|
|
|
auth: AuthType,
|
|
|
|
|
context: ContextType
|
|
|
|
|
): LndAuthType => {
|
2020-06-13 11:46:20 +02:00
|
|
|
if (auth.type === 'test' && nodeEnv !== 'production') {
|
2020-06-05 18:50:10 +02:00
|
|
|
return {
|
|
|
|
|
host: process.env.TEST_HOST,
|
|
|
|
|
macaroon: process.env.TEST_MACAROON,
|
|
|
|
|
cert: process.env.TEST_CERT,
|
|
|
|
|
};
|
|
|
|
|
}
|
2020-05-19 07:50:16 +02:00
|
|
|
if (auth.type === SERVER_ACCOUNT) {
|
2020-05-26 07:03:33 +02:00
|
|
|
const { account, accounts } = context;
|
2020-05-23 14:46:47 +02:00
|
|
|
if (!account) {
|
|
|
|
|
logger.debug('Account not available in request');
|
|
|
|
|
throw new Error('AccountNotAuthenticated');
|
|
|
|
|
}
|
|
|
|
|
if (account.id !== auth.id) {
|
|
|
|
|
logger.debug(
|
|
|
|
|
`Account (${account.id}) in cookie different to requested account (${auth.id})`
|
|
|
|
|
);
|
|
|
|
|
throw new Error('AccountNotAuthenticated');
|
|
|
|
|
}
|
2020-05-19 07:50:16 +02:00
|
|
|
|
2020-05-26 07:03:33 +02:00
|
|
|
const verifiedAccount = accounts.find(a => a.id === account.id) || null;
|
|
|
|
|
|
|
|
|
|
if (!verifiedAccount) {
|
|
|
|
|
logger.debug('Account not found in config file');
|
|
|
|
|
throw new Error('AccountNotAuthenticated');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let macaroon = null;
|
|
|
|
|
try {
|
|
|
|
|
const bytes = AES.decrypt(verifiedAccount.macaroon, account.password);
|
|
|
|
|
macaroon = bytes.toString(CryptoJS.enc.Utf8);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.warn('Account macaroon verification failed');
|
2020-06-16 18:56:10 +02:00
|
|
|
throw new Error('AccountAuthenticationFailed');
|
2020-05-26 07:03:33 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return { host: verifiedAccount.host, macaroon, cert: verifiedAccount.cert };
|
2020-05-19 07:50:16 +02:00
|
|
|
}
|
|
|
|
|
if (auth.type === SSO_ACCOUNT) {
|
2020-05-23 14:46:47 +02:00
|
|
|
if (!context.ssoVerified) {
|
|
|
|
|
logger.debug('SSO Account is not verified');
|
|
|
|
|
throw new Error('AccountNotAuthenticated');
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-19 07:50:16 +02:00
|
|
|
return { ...context.sso };
|
|
|
|
|
}
|
2020-06-09 21:43:04 +02:00
|
|
|
if (auth.type === CLIENT_ACCOUNT && !noClient) {
|
2020-05-19 07:50:16 +02:00
|
|
|
const { host, macaroon, cert } = auth;
|
|
|
|
|
return { host, macaroon, cert };
|
|
|
|
|
}
|
2020-06-09 21:43:04 +02:00
|
|
|
if (auth.type === CLIENT_ACCOUNT && noClient) {
|
|
|
|
|
logger.info(`Client accounts are disabled from the server.`);
|
|
|
|
|
throw new Error('AccountTypeDoesNotExist');
|
|
|
|
|
}
|
|
|
|
|
logger.info(`No authentication for account type '${auth.type}' found`);
|
2020-05-23 14:46:47 +02:00
|
|
|
throw new Error('AccountTypeDoesNotExist');
|
2020-05-19 07:50:16 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export const getAuthLnd = (auth: LndAuthType) => {
|
2020-05-03 10:03:36 +02:00
|
|
|
const cert = auth.cert || '';
|
|
|
|
|
const macaroon = auth.macaroon || '';
|
2020-04-12 18:27:01 +02:00
|
|
|
const socket = auth.host || '';
|
|
|
|
|
|
|
|
|
|
const params = {
|
|
|
|
|
macaroon,
|
|
|
|
|
socket,
|
2020-05-03 10:03:36 +02:00
|
|
|
...(cert !== '' ? { cert } : {}),
|
2020-04-12 18:27:01 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const { lnd } = authenticatedLndGrpc(params);
|
|
|
|
|
|
|
|
|
|
return lnd;
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-06 18:04:19 +02:00
|
|
|
export const getLnd = (auth: AuthType, context: ContextType) =>
|
|
|
|
|
getAuthLnd(getCorrectAuth(auth, context));
|
|
|
|
|
|
2020-05-01 14:08:30 +02:00
|
|
|
export const getErrorMsg = (error: any[] | string): string => {
|
|
|
|
|
if (typeof error === 'string') {
|
|
|
|
|
return error;
|
2020-04-12 18:27:01 +02:00
|
|
|
}
|
2020-05-01 14:08:30 +02:00
|
|
|
if (error.length >= 2) {
|
|
|
|
|
return error[1];
|
|
|
|
|
}
|
|
|
|
|
// if (error.length > 2) {
|
|
|
|
|
// return error[2].err?.message || 'Error';
|
|
|
|
|
// }
|
2020-04-12 18:27:01 +02:00
|
|
|
|
2020-05-01 14:08:30 +02:00
|
|
|
return 'Error';
|
2020-04-12 18:27:01 +02:00
|
|
|
};
|
