Merge pull request #5550 from BitGo/revert-5545-BTC-0.revert-breaking-ln-changes

Move self custodial lightning logic to abstract-lightning

Author: ericli-bitgo

modules/abstract-lightning/package.json

@@ -6,6 +6,8 @@
   "types": "./dist/src/index.d.ts",
   "scripts": {
     "build": "yarn tsc --build --incremental --verbose .",
+    "test": "yarn unit-test",
+    "unit-test": "nyc -- mocha --recursive test",
     "fmt": "prettier --write .",
     "check-fmt": "prettier --check .",
     "clean": "rm -r ./dist",
@@ -38,7 +40,13 @@
   },
   "dependencies": {
     "@bitgo/sdk-core": "^28.25.0",
-    "@bitgo/utxo-lib": "^11.2.2"
+    "@bitgo/utxo-lib": "^11.2.2",
+    "@bitgo/statics": "^51.0.0",
+    "fp-ts": "^2.12.2",
+    "io-ts": "npm:@bitgo-forks/[email protected]",
+    "io-ts-types": "^0.5.16",
+    "bs58check": "^2.1.2",
+    "macaroon": "^3.0.4"
   },
   "gitHead": "18e460ddf02de2dbf13c2aa243478188fb539f0c"
 }

modules/abstract-lightning/src/index.ts

@@ -1 +1,3 @@
 export * from './abstractLightningCoin';
+export * from './wallet';
+export * from './lightning';

…s/sdk-core/src/bitgo/lightning/codecs.ts …stract-lightning/src/lightning/codecs.tsmodules/sdk-core/src/bitgo/lightning/codecs.ts renamed to modules/abstract-lightning/src/lightning/codecs.ts modules/sdk-core/src/bitgo/lightning/codecs.ts renamed to modules/abstract-lightning/src/lightning/codecs.ts

@@ -71,33 +71,21 @@ export const WatchOnly = t.type({
 
 export type WatchOnly = t.TypeOf<typeof WatchOnly>;
 
-export const LightningWalletCoinSpecific = getCodecPair(
-  t.partial({
-    encryptedSignerAdminMacaroon: t.string,
-    signerIP: IPAddress,
-    signerTlsCert: t.string,
-    encryptedSignerTlsKey: t.string,
-    watchOnly: WatchOnly,
-    encryptedSignerMacaroon: t.string,
-  })
-);
-
-export type LightningWalletCoinSpecific = t.TypeOf<typeof LightningWalletCoinSpecific>;
-
-export const UpdateLightningWallet = t.partial(
-  {
-    coinSpecific: LightningWalletCoinSpecific,
-    signature: t.string,
-  },
-  'UpdateLightningWallet'
-);
+export const UpdateLightningWalletSignedRequest = t.partial({
+  encryptedSignerMacaroon: t.string,
+  encryptedSignerAdminMacaroon: t.string,
+  signerIp: t.string,
+  encryptedSignerTlsKey: t.string,
+  signerTlsCert: t.string,
+  watchOnlyAccounts: WatchOnly,
+});
 
-export type UpdateLightningWallet = t.TypeOf<typeof UpdateLightningWallet>;
+export type UpdateLightningWalletSignedRequest = t.TypeOf<typeof UpdateLightningWalletSignedRequest>;
 
 export const LndAmount = t.strict(
   {
-    sat: t.string,
-    msat: t.string,
+    sat: BigIntFromString,
+    msat: BigIntFromString,
   },
   'LndAmount'
 );
@@ -127,11 +115,11 @@ export type ChannelBalance = t.TypeOf<typeof ChannelBalance>;
 export const LndWalletBalance = t.strict(
   {
     /** Total balance, confirmed and unconfirmed */
-    totalBalance: t.string,
-    confirmedBalance: t.string,
-    unconfirmedBalance: t.string,
-    lockedBalance: t.string,
-    reservedBalanceAnchorChan: t.string,
+    totalBalance: BigIntFromString,
+    confirmedBalance: BigIntFromString,
+    unconfirmedBalance: BigIntFromString,
+    lockedBalance: BigIntFromString,
+    reservedBalanceAnchorChan: BigIntFromString,
   },
   'LndWalletBalance'
 );
@@ -151,7 +139,7 @@ export const LndBalance = t.strict(
   {
     offchain: ChannelBalance,
     onchain: LndWalletBalance,
-    totalLimboBalance: t.string,
+    totalLimboBalance: BigIntFromString,
   },
   'LndBalance'
 );
@@ -160,16 +148,16 @@ export type LndBalance = t.TypeOf<typeof LndBalance>;
 
 export const LndGetBalancesResponse = t.strict(
   {
-    inboundBalance: t.string,
-    inboundPendingBalance: t.string,
-    inboundUnsettledBalance: t.string,
-    outboundBalance: t.string,
-    outboundPendingBalance: t.string,
-    outboundUnsettledBalance: t.string,
+    inboundBalance: BigIntFromString,
+    inboundPendingBalance: BigIntFromString,
+    inboundUnsettledBalance: BigIntFromString,
+    outboundBalance: BigIntFromString,
+    outboundPendingBalance: BigIntFromString,
+    outboundUnsettledBalance: BigIntFromString,
     // wallet balances, names forced by type in AbstractCoin
-    spendableBalanceString: t.string,
-    balanceString: t.string,
-    confirmedBalanceString: t.string,
+    spendableBalanceString: BigIntFromString,
+    balanceString: BigIntFromString,
+    confirmedBalanceString: BigIntFromString,
   },
   'LndGetBalancesResponse'
 );

…es/sdk-core/src/bitgo/lightning/index.ts …bstract-lightning/src/lightning/index.tsmodules/sdk-core/src/bitgo/lightning/index.ts renamed to modules/abstract-lightning/src/lightning/index.ts modules/sdk-core/src/bitgo/lightning/index.ts renamed to modules/abstract-lightning/src/lightning/index.ts

@@ -1,5 +1,4 @@
 export * from './signableJson';
 export * from './signature';
 export * from './lightningUtils';
-export * from './lightningWallet';
 export * from './codecs';

…re/src/bitgo/lightning/lightningUtils.ts …ightning/src/lightning/lightningUtils.tsmodules/sdk-core/src/bitgo/lightning/lightningUtils.ts renamed to modules/abstract-lightning/src/lightning/lightningUtils.ts modules/sdk-core/src/bitgo/lightning/lightningUtils.ts renamed to modules/abstract-lightning/src/lightning/lightningUtils.ts

@@ -3,7 +3,7 @@ import * as utxolib from '@bitgo/utxo-lib';
 import { importMacaroon, bytesToBase64 } from 'macaroon';
 import * as bs58check from 'bs58check';
 import { WatchOnly, WatchOnlyAccount } from './codecs';
-import { getSharedSecret } from '../ecdh';
+import * as sdkcore from '@bitgo/sdk-core';
 
 // https://github.com/lightningnetwork/lnd/blob/master/docs/remote-signing.md#the-signer-node
 export const signerMacaroonPermissions = [
@@ -204,5 +204,5 @@ export function createWatchOnly(signerRootKey: string, network: utxolib.Network)
 export function deriveLightningServiceSharedSecret(coinName: 'lnbtc' | 'tlnbtc', userAuthXprv: string): Buffer {
   const publicKey = Buffer.from(getStaticsLightningNetwork(coinName).lightningServicePubKey, 'hex');
   const userAuthHdNode = utxolib.bip32.fromBase58(userAuthXprv);
-  return getSharedSecret(userAuthHdNode, publicKey);
+  return sdkcore.getSharedSecret(userAuthHdNode, publicKey);
 }

…core/src/bitgo/lightning/signableJson.ts …-lightning/src/lightning/signableJson.tsmodules/sdk-core/src/bitgo/lightning/signableJson.ts renamed to modules/abstract-lightning/src/lightning/signableJson.ts modules/sdk-core/src/bitgo/lightning/signableJson.ts renamed to modules/abstract-lightning/src/lightning/signableJson.ts

@@ -1,6 +1,6 @@
 import * as utxolib from '@bitgo/utxo-lib';
+import * as sdkcore from '@bitgo/sdk-core';
 import { canonicalizeObject, Signable } from './signableJson';
-import { signMessage, verifyMessage } from '../bip32util';
 
 /**
  * Verifies a signature for a given message.
@@ -20,7 +20,7 @@ export function verifyMessageSignature(
   const messageString = JSON.stringify(canonicalizeObject(message));
   const pubKey = utxolib.bip32.fromBase58(pub, network).publicKey;
   const signatureBuffer = Buffer.from(signature, 'hex');
-  return verifyMessage(messageString, pubKey, signatureBuffer, network);
+  return sdkcore.verifyMessage(messageString, pubKey, signatureBuffer, network);
 }
 
 /**
@@ -33,10 +33,10 @@ export function verifyMessageSignature(
  */
 export function createMessageSignature(
   message: Signable,
-  prv: string,
+  xprv: string,
   network: utxolib.Network = utxolib.networks.bitcoin
 ): string {
   const requestString = JSON.stringify(canonicalizeObject(message));
-  const prvKey = utxolib.bip32.fromBase58(prv, network);
-  return signMessage(requestString, prvKey, network).toString('hex');
+  const prvKey = utxolib.bip32.fromBase58(xprv, network);
+  return sdkcore.signMessage(requestString, prvKey, network).toString('hex');
 }

…dk-core/src/bitgo/lightning/signature.ts …act-lightning/src/lightning/signature.tsmodules/sdk-core/src/bitgo/lightning/signature.ts renamed to modules/abstract-lightning/src/lightning/signature.ts modules/sdk-core/src/bitgo/lightning/signature.ts renamed to modules/abstract-lightning/src/lightning/signature.ts

@@ -0,0 +1,2 @@
+export * from './lightning';
+export * from './wallet';

modules/abstract-lightning/src/wallet/index.ts

@@ -0,0 +1,134 @@
+import * as sdkcore from '@bitgo/sdk-core';
+import {
+  createMessageSignature,
+  LightningAuthKeychain,
+  LightningKeychain,
+  unwrapLightningCoinSpecific,
+  UpdateLightningWalletSignedRequest,
+} from '../lightning';
+
+export interface ILightningWallet {
+  /**
+   * Creates a lightning invoice
+   * @param params Invoice parameters (to be defined)
+   */
+  createInvoice(params: unknown): Promise<unknown>;
+
+  /**
+   * Pay a lightning invoice
+   * @param params Payment parameters (to be defined)
+   */
+  payInvoice(params: unknown): Promise<unknown>;
+
+  /**
+   * Get the lightning keychain for the given wallet.
+   */
+  getLightningKeychain(): Promise<LightningKeychain>;
+
+  /**
+   * Get the lightning auth keychains for the given wallet.
+   */
+  getLightningAuthKeychains(): Promise<{ userAuthKey: LightningAuthKeychain; nodeAuthKey: LightningAuthKeychain }>;
+
+  /**
+   * Updates the coin-specific configuration for a Lightning Wallet.
+   *
+   * @param {UpdateLightningWalletSignedRequest} params - The parameters containing the updated wallet-specific details.
+   *   - `encryptedSignerMacaroon` (optional): This macaroon is used by the watch-only node to ask the signer node to sign transactions.
+   *     Encrypted with ECDH secret key from private key of wallet's user auth key and public key of lightning service.
+   *   - `encryptedSignerAdminMacaroon` (optional): Generated when initializing the wallet of the signer node.
+   *     Encrypted with client's wallet passphrase.
+   *   - `signerIp` (optional): The IP address of the Lightning signer node.
+   *   - `encryptedSignerTlsKey` (optional): The wallet passphrase encrypted TLS key of the signer.
+   *   - `signerTlsCert` (optional): The TLS certificate of the signer.
+   *   - `watchOnlyAccounts` (optional): These are the accounts used to initialize the watch-only wallet.
+   * @param {string} passphrase - wallet passphrase.
+   * @returns {Promise<unknown>} A promise resolving to the updated wallet response or throwing an error if the update fails.
+   */
+  updateWalletCoinSpecific(params: UpdateLightningWalletSignedRequest, passphrase: string): Promise<unknown>;
+}
+
+export class SelfCustodialLightningWallet implements ILightningWallet {
+  public wallet: sdkcore.IWallet;
+
+  constructor(wallet: sdkcore.IWallet) {
+    const coin = wallet.baseCoin;
+    if (coin.getFamily() !== 'lnbtc') {
+      throw new Error(`Invalid coin to update lightning wallet: ${coin.getFamily()}`);
+    }
+    this.wallet = wallet;
+  }
+
+  async createInvoice(params: unknown): Promise<unknown> {
+    throw new Error('Method not implemented.');
+  }
+
+  async payInvoice(params: unknown): Promise<unknown> {
+    throw new Error('Method not implemented.');
+  }
+
+  async getLightningKeychain(): Promise<LightningKeychain> {
+    const keyIds = this.wallet.keyIds();
+    if (keyIds.length !== 1) {
+      throw new Error(`Invalid number of key in lightning wallet: ${keyIds.length}`);
+    }
+    const keychain = await this.wallet.baseCoin.keychains().get({ id: keyIds[0] });
+    return sdkcore.decodeOrElse(LightningKeychain.name, LightningKeychain, keychain, (_) => {
+      // DON'T throw errors from decodeOrElse. It could leak sensitive information.
+      throw new Error(`Invalid user key`);
+    });
+  }
+
+  async getLightningAuthKeychains(): Promise<{
+    userAuthKey: LightningAuthKeychain;
+    nodeAuthKey: LightningAuthKeychain;
+  }> {
+    const authKeyIds = this.wallet.coinSpecific()?.keys;
+    if (authKeyIds?.length !== 2) {
+      throw new Error(`Invalid number of auth keys in lightning wallet: ${authKeyIds?.length}`);
+    }
+    const coin = this.wallet.baseCoin;
+    const keychains = await Promise.all(authKeyIds.map((id) => coin.keychains().get({ id })));
+    const authKeychains = keychains.map((keychain) => {
+      return sdkcore.decodeOrElse(LightningAuthKeychain.name, LightningAuthKeychain, keychain, (_) => {
+        // DON'T throw errors from decodeOrElse. It could leak sensitive information.
+        throw new Error(`Invalid lightning auth key: ${keychain?.id}`);
+      });
+    });
+    const [userAuthKey, nodeAuthKey] = (['userAuth', 'nodeAuth'] as const).map((purpose) => {
+      const keychain = authKeychains.find(
+        (k) => unwrapLightningCoinSpecific(k.coinSpecific, coin.getChain()).purpose === purpose
+      );
+      if (!keychain) {
+        throw new Error(`Missing ${purpose} key`);
+      }
+      return keychain;
+    });
+
+    return { userAuthKey, nodeAuthKey };
+  }
+
+  async updateWalletCoinSpecific(params: UpdateLightningWalletSignedRequest, passphrase: string): Promise<unknown> {
+    sdkcore.decodeOrElse(
+      UpdateLightningWalletSignedRequest.name,
+      UpdateLightningWalletSignedRequest,
+      params,
+      (errors) => {
+        // DON'T throw errors from decodeOrElse. It could leak sensitive information.
+        throw new Error(`Invalid params for lightning specific update wallet: ${errors}`);
+      }
+    );
+    const { userAuthKey } = await this.getLightningAuthKeychains();
+    const signature = createMessageSignature(
+      params,
+      this.wallet.bitgo.decrypt({ password: passphrase, input: userAuthKey.encryptedPrv })
+    );
+    const coinSpecific = {
+      [this.wallet.coin()]: {
+        signedRequest: params,
+        signature,
+      },
+    };
+    return await this.wallet.bitgo.put(this.wallet.url()).send({ coinSpecific }).result();
+  }
+}

modules/abstract-lightning/src/wallet/lightning.ts

@@ -0,0 +1,14 @@
+import * as sdkcore from '@bitgo/sdk-core';
+import { isLightningCoinName } from '../lightning';
+import { ILightningWallet, SelfCustodialLightningWallet } from './lightning';
+
+/**
+ * Return a lightwallet instance if the coin supports it
+ */
+
+export function getLightningWallet(wallet: sdkcore.IWallet): ILightningWallet {
+  if (!isLightningCoinName(wallet.baseCoin.getChain())) {
+    throw new Error(`Lightning not supported for ${wallet.coin()}`);
+  }
+  return new SelfCustodialLightningWallet(wallet);
+}