ada0b78dfc
This commit lets the watchtower automatically create hidden services by giving it a pointer to a TorController. The server was also slightly refactored so that it was not the sole owner of the TorController.
221 lines
6.2 KiB
Go
221 lines
6.2 KiB
Go
package watchtower
|
|
|
|
import (
|
|
"net"
|
|
"sync/atomic"
|
|
|
|
"github.com/btcsuite/btcd/btcec"
|
|
"github.com/lightningnetwork/lnd/brontide"
|
|
"github.com/lightningnetwork/lnd/tor"
|
|
"github.com/lightningnetwork/lnd/watchtower/lookout"
|
|
"github.com/lightningnetwork/lnd/watchtower/wtserver"
|
|
)
|
|
|
|
// Standalone encapsulates the server-side functionality required by watchtower
|
|
// clients. A Standalone couples the two primary subsystems such that, as a
|
|
// unit, this instance can negotiate sessions with clients, accept state updates
|
|
// for active sessions, monitor the chain for breaches matching known breach
|
|
// hints, publish reconstructed justice transactions on behalf of tower clients.
|
|
type Standalone struct {
|
|
started uint32 // to be used atomically
|
|
stopped uint32 // to be used atomically
|
|
|
|
cfg *Config
|
|
|
|
// listeners is a reference to the wtserver's listeners.
|
|
listeners []net.Listener
|
|
|
|
// server is the client endpoint, used for negotiating sessions and
|
|
// uploading state updates.
|
|
server wtserver.Interface
|
|
|
|
// lookout is a service that monitors the chain and inspects the
|
|
// transactions found in new blocks against the state updates received
|
|
// by the server.
|
|
lookout lookout.Service
|
|
}
|
|
|
|
// New validates the passed Config and returns a fresh Standalone instance if
|
|
// the tower's subsystems could be properly initialized.
|
|
func New(cfg *Config) (*Standalone, error) {
|
|
// The tower must have listening address in order to accept new updates
|
|
// from clients.
|
|
if len(cfg.ListenAddrs) == 0 {
|
|
return nil, ErrNoListeners
|
|
}
|
|
|
|
// Assign the default read timeout if none is provided.
|
|
if cfg.ReadTimeout == 0 {
|
|
cfg.ReadTimeout = DefaultReadTimeout
|
|
}
|
|
|
|
// Assign the default write timeout if none is provided.
|
|
if cfg.WriteTimeout == 0 {
|
|
cfg.WriteTimeout = DefaultWriteTimeout
|
|
}
|
|
|
|
punisher := lookout.NewBreachPunisher(&lookout.PunisherConfig{
|
|
PublishTx: cfg.PublishTx,
|
|
})
|
|
|
|
// Initialize the lookout service with its required resources.
|
|
lookout := lookout.New(&lookout.Config{
|
|
BlockFetcher: cfg.BlockFetcher,
|
|
DB: cfg.DB,
|
|
EpochRegistrar: cfg.EpochRegistrar,
|
|
Punisher: punisher,
|
|
})
|
|
|
|
// Create a brontide listener on each of the provided listening
|
|
// addresses. Client should be able to connect to any of open ports to
|
|
// communicate with this Standalone instance.
|
|
listeners := make([]net.Listener, 0, len(cfg.ListenAddrs))
|
|
for _, listenAddr := range cfg.ListenAddrs {
|
|
listener, err := brontide.NewListener(
|
|
cfg.NodePrivKey, listenAddr.String(),
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
listeners = append(listeners, listener)
|
|
}
|
|
|
|
// Initialize the server with its required resources.
|
|
server, err := wtserver.New(&wtserver.Config{
|
|
ChainHash: cfg.ChainHash,
|
|
DB: cfg.DB,
|
|
NodePrivKey: cfg.NodePrivKey,
|
|
Listeners: listeners,
|
|
ReadTimeout: cfg.ReadTimeout,
|
|
WriteTimeout: cfg.WriteTimeout,
|
|
NewAddress: cfg.NewAddress,
|
|
DisableReward: true,
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &Standalone{
|
|
cfg: cfg,
|
|
listeners: listeners,
|
|
server: server,
|
|
lookout: lookout,
|
|
}, nil
|
|
}
|
|
|
|
// Start idempotently starts the Standalone, an error is returned if the
|
|
// subsystems could not be initialized.
|
|
func (w *Standalone) Start() error {
|
|
if !atomic.CompareAndSwapUint32(&w.started, 0, 1) {
|
|
return nil
|
|
}
|
|
|
|
log.Infof("Starting watchtower")
|
|
|
|
// If a tor controller exists in the config, then automatically create a
|
|
// hidden service for the watchtower to accept inbound connections from.
|
|
if w.cfg.TorController != nil {
|
|
log.Infof("Creating watchtower hidden service")
|
|
if err := w.createNewHiddenService(); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if err := w.lookout.Start(); err != nil {
|
|
return err
|
|
}
|
|
if err := w.server.Start(); err != nil {
|
|
w.lookout.Stop()
|
|
return err
|
|
}
|
|
|
|
log.Infof("Watchtower started successfully")
|
|
|
|
return nil
|
|
}
|
|
|
|
// Stop idempotently stops the Standalone and blocks until the subsystems have
|
|
// completed their shutdown.
|
|
func (w *Standalone) Stop() error {
|
|
if !atomic.CompareAndSwapUint32(&w.stopped, 0, 1) {
|
|
return nil
|
|
}
|
|
|
|
log.Infof("Stopping watchtower")
|
|
|
|
w.server.Stop()
|
|
w.lookout.Stop()
|
|
|
|
log.Infof("Watchtower stopped successfully")
|
|
|
|
return nil
|
|
}
|
|
|
|
// createNewHiddenService automatically sets up a v2 or v3 onion service in
|
|
// order to listen for inbound connections over Tor.
|
|
func (w *Standalone) createNewHiddenService() error {
|
|
// Get all the ports the watchtower is listening on. These will be used to
|
|
// map the hidden service's virtual port.
|
|
listenPorts := make([]int, 0, len(w.listeners))
|
|
for _, listener := range w.listeners {
|
|
port := listener.Addr().(*net.TCPAddr).Port
|
|
listenPorts = append(listenPorts, port)
|
|
}
|
|
|
|
// Once we've created the port mapping, we can automatically create the
|
|
// hidden service. The service's private key will be saved on disk in order
|
|
// to persistently have access to this hidden service across restarts.
|
|
onionCfg := tor.AddOnionConfig{
|
|
VirtualPort: DefaultPeerPort,
|
|
TargetPorts: listenPorts,
|
|
Store: tor.NewOnionFile(w.cfg.WatchtowerKeyPath, 0600),
|
|
Type: w.cfg.Type,
|
|
}
|
|
|
|
addr, err := w.cfg.TorController.AddOnion(onionCfg)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Append this address to ExternalIPs so that it will be exposed in
|
|
// tower info calls.
|
|
w.cfg.ExternalIPs = append(w.cfg.ExternalIPs, addr)
|
|
|
|
return nil
|
|
}
|
|
|
|
// PubKey returns the public key for the watchtower used to authentication and
|
|
// encrypt traffic with clients.
|
|
//
|
|
// NOTE: Part of the watchtowerrpc.WatchtowerBackend interface.
|
|
func (w *Standalone) PubKey() *btcec.PublicKey {
|
|
return w.cfg.NodePrivKey.PubKey()
|
|
}
|
|
|
|
// ListeningAddrs returns the listening addresses where the watchtower server
|
|
// can accept client connections.
|
|
//
|
|
// NOTE: Part of the watchtowerrpc.WatchtowerBackend interface.
|
|
func (w *Standalone) ListeningAddrs() []net.Addr {
|
|
addrs := make([]net.Addr, 0, len(w.listeners))
|
|
for _, listener := range w.listeners {
|
|
addrs = append(addrs, listener.Addr())
|
|
}
|
|
|
|
return addrs
|
|
}
|
|
|
|
// ExternalIPs returns the addresses where the watchtower can be reached by
|
|
// clients externally.
|
|
//
|
|
// NOTE: Part of the watchtowerrpc.WatchtowerBackend interface.
|
|
func (w *Standalone) ExternalIPs() []net.Addr {
|
|
addrs := make([]net.Addr, 0, len(w.cfg.ExternalIPs))
|
|
for _, addr := range w.cfg.ExternalIPs {
|
|
addrs = append(addrs, addr)
|
|
}
|
|
|
|
return addrs
|
|
}
|