add CLN REST backend with support for Core Lightning nodes

Signed-off-by: Gustavo Chain <me@qustavo.cc>

Author: qustavo

cmd/l402proxy/main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"context"
 	"crypto/rand"
 	"encoding/hex"
 	"fmt"
@@ -37,6 +36,11 @@ func main() {
 				Usage: "Address to listen on",
 				Value: ":8080",
 			},
+			&cli.StringFlag{
+				Name:  "backend",
+				Usage: "Lightning backend to use (lnd or cln)",
+				Value: "lnd",
+			},
 			&cli.StringFlag{
 				Name:  "lnd-host",
 				Usage: "LND gRPC host:port",
@@ -52,6 +56,18 @@ func main() {
 				Usage: "Path to LND TLS cert",
 				Value: defaultCertPath(),
 			},
+			&cli.StringFlag{
+				Name:  "cln-url",
+				Usage: "CLN REST API base URL (e.g. https://localhost:3010)",
+			},
+			&cli.StringFlag{
+				Name:  "cln-rune",
+				Usage: "CLN rune (auth token)",
+			},
+			&cli.StringFlag{
+				Name:  "cln-cert",
+				Usage: "Path to CLN TLS cert (optional; empty = system CAs)",
+			},
 			&cli.StringFlag{
 				Name:  "service-name",
 				Usage: "Label used in invoice memos",
@@ -94,19 +110,44 @@ func run(c *cli.Context) error {
 		return err
 	}
 
-	backend, err := lightning.NewLNDBackend(lightning.LNDConfig{
-		Host:         c.String("lnd-host"),
-		CertPath:     c.String("lnd-cert"),
-		MacaroonPath: c.String("lnd-macaroon"),
-	})
-	if err != nil {
-		return fmt.Errorf("connecting to LND: %w", err)
+	var backend lightning.Backend
+	backendType := c.String("backend")
+
+	switch backendType {
+	case "lnd":
+		b, err := lightning.NewLNDBackend(lightning.LNDConfig{
+			Host:         c.String("lnd-host"),
+			CertPath:     c.String("lnd-cert"),
+			MacaroonPath: c.String("lnd-macaroon"),
+		})
+		if err != nil {
+			return fmt.Errorf("connecting to LND: %w", err)
+		}
+		backend = b
+	case "cln":
+		clnURL := c.String("cln-url")
+		clnRune := c.String("cln-rune")
+		if clnURL == "" || clnRune == "" {
+			return fmt.Errorf("--cln-url and --cln-rune are required when using CLN backend")
+		}
+		b, err := lightning.NewCLNBackend(lightning.CLNConfig{
+			BaseURL:  clnURL,
+			Rune:     clnRune,
+			CertPath: c.String("cln-cert"),
+		})
+		if err != nil {
+			return fmt.Errorf("connecting to CLN: %w", err)
+		}
+		backend = b
+	default:
+		return fmt.Errorf("unsupported backend: %q (must be 'lnd' or 'cln')", backendType)
 	}
-	log.Info("waiting for LND to be ready...")
-	if err := backend.Wait(context.Background()); err != nil {
-		return fmt.Errorf("LND not ready: %w", err)
+
+	log.Info("waiting for backend to be ready...", "backend", backendType)
+	if err := backend.Wait(c.Context); err != nil {
+		return fmt.Errorf("backend not ready: %w", err)
 	}
-	log.Info("LND ready")
+	log.Info("backend ready", "backend", backendType)
 
 	h := proxy.New(proxy.Config{
 		Upstream:    upstream,

pkg/lightning/cln.go

@@ -0,0 +1,197 @@
+package lightning
+
+import (
+	"bytes"
+	"context"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+	"os"
+	"time"
+)
+
+// CLNConfig holds connection parameters for a Core Lightning node.
+type CLNConfig struct {
+	BaseURL  string // e.g. "https://localhost:3010"
+	Rune     string // CLN auth token
+	CertPath string // optional; empty = system CAs
+}
+
+// CLNBackend implements Backend against a Core Lightning node via REST API.
+type CLNBackend struct {
+	baseURL string
+	rune    string
+	client  *http.Client
+}
+
+// NewCLNBackend connects to a CLN node and returns a ready Backend.
+func NewCLNBackend(cfg CLNConfig) (*CLNBackend, error) {
+	var tlsConfig *tls.Config
+
+	if cfg.CertPath != "" {
+		certBytes, err := os.ReadFile(cfg.CertPath)
+		if err != nil {
+			return nil, fmt.Errorf("reading TLS cert: %w", err)
+		}
+		pool := x509.NewCertPool()
+		if !pool.AppendCertsFromPEM(certBytes) {
+			return nil, fmt.Errorf("failed to add CLN cert to pool")
+		}
+		tlsConfig = &tls.Config{RootCAs: pool}
+	} else {
+		tlsConfig = &tls.Config{}
+	}
+
+	client := &http.Client{
+		Timeout: 10 * time.Second,
+		Transport: &http.Transport{
+			TLSClientConfig: tlsConfig,
+		},
+	}
+
+	return &CLNBackend{
+		baseURL: cfg.BaseURL,
+		rune:    cfg.Rune,
+		client:  client,
+	}, nil
+}
+
+// post performs a POST request to a CLN REST endpoint with auth headers and error handling.
+func (b *CLNBackend) post(ctx context.Context, path string, body any) (*http.Response, error) {
+	var reqBody io.Reader
+	if body != nil {
+		jsonBody, err := json.Marshal(body)
+		if err != nil {
+			return nil, fmt.Errorf("marshaling request body: %w", err)
+		}
+		reqBody = bytes.NewReader(jsonBody)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", b.baseURL+path, reqBody)
+	if err != nil {
+		return nil, fmt.Errorf("creating request: %w", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Rune", b.rune)
+
+	resp, err := b.client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("POST %s: %w", path, err)
+	}
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		defer resp.Body.Close()
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 512))
+		return nil, fmt.Errorf("POST %s: HTTP %d: %s", path, resp.StatusCode, string(body))
+	}
+
+	return resp, nil
+}
+
+// Wait blocks until the CLN node is fully synced to chain or ctx is cancelled.
+// It polls getinfo every 5 seconds and logs progress.
+func (b *CLNBackend) Wait(ctx context.Context) error {
+	for {
+		resp, err := b.post(ctx, "/v1/getinfo", nil)
+		if err != nil {
+			return fmt.Errorf("getinfo: %w", err)
+		}
+
+		var info struct {
+			WarningBitcoindSync   string `json:"warning_bitcoind_sync"`
+			WarningLightningdSync string `json:"warning_lightningd_sync"`
+			BlockHeight           int64  `json:"blockheight"`
+		}
+		if err := json.NewDecoder(resp.Body).Decode(&info); err != nil {
+			resp.Body.Close()
+			return fmt.Errorf("decoding getinfo: %w", err)
+		}
+		resp.Body.Close()
+
+		// Synced when both warnings are absent/empty
+		if info.WarningBitcoindSync == "" && info.WarningLightningdSync == "" {
+			return nil
+		}
+
+		slog.Info("waiting for CLN to sync to chain...",
+			"block_height", info.BlockHeight,
+		)
+
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-time.After(5 * time.Second):
+		}
+	}
+}
+
+// CreateInvoice asks CLN to create a new invoice and returns its details.
+func (b *CLNBackend) CreateInvoice(ctx context.Context, amountMsat int64, memo string) (*Invoice, error) {
+	// Generate unique label: 16 random bytes, hex-encoded
+	labelBytes := make([]byte, 16)
+	if _, err := rand.Read(labelBytes); err != nil {
+		return nil, fmt.Errorf("generating invoice label: %w", err)
+	}
+	label := hex.EncodeToString(labelBytes)
+
+	reqBody := map[string]any{
+		"amount_msat": amountMsat,
+		"label":       label,
+		"description": memo,
+	}
+
+	resp, err := b.post(ctx, "/v1/invoice", reqBody)
+	if err != nil {
+		return nil, fmt.Errorf("invoice: %w", err)
+	}
+	defer resp.Body.Close()
+
+	var invResp struct {
+		PaymentHash string `json:"payment_hash"`
+		Bolt11      string `json:"bolt11"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&invResp); err != nil {
+		return nil, fmt.Errorf("decoding invoice response: %w", err)
+	}
+
+	return &Invoice{
+		PaymentHash:    invResp.PaymentHash,
+		PaymentRequest: invResp.Bolt11,
+		AmountMsat:     amountMsat,
+	}, nil
+}
+
+// VerifyPayment returns true if the invoice identified by paymentHash has been settled.
+func (b *CLNBackend) VerifyPayment(ctx context.Context, paymentHash string) (bool, error) {
+	reqBody := map[string]string{
+		"payment_hash": paymentHash,
+	}
+
+	resp, err := b.post(ctx, "/v1/listinvoices", reqBody)
+	if err != nil {
+		return false, fmt.Errorf("listinvoices: %w", err)
+	}
+	defer resp.Body.Close()
+
+	var listResp struct {
+		Invoices []struct {
+			Status string `json:"status"`
+		} `json:"invoices"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&listResp); err != nil {
+		return false, fmt.Errorf("decoding listinvoices response: %w", err)
+	}
+
+	if len(listResp.Invoices) == 0 {
+		return false, nil
+	}
+
+	return listResp.Invoices[0].Status == "paid", nil
+}