Merge pull request #48 from Impa10r/v1.4.8

v1.4.8
Impa10r · May 27, 2024 · 3c5c986 · 3c5c986
2 parents e0d1a01 + 63e0f27
commit 3c5c986
Show file tree

Hide file tree

Showing 18 changed files with 716 additions and 65 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Versions
 
+## 1.4.8
+
+- Add HTTPS connection with mandatory TLS certificates
+- Add swap statistics (Total amount, cost, PPM)
+
 ## 1.4.7
 
 - Remove resthost from peerswap.conf

diff --git a/README.md b/README.md
@@ -202,10 +202,10 @@ To convert some BTC on your node into L-BTC you don't need any third party (but
 
 Taken from [here](https://help.blockstream.com/hc/en-us/articles/900000632703-How-do-I-peg-in-BTC-to-the-Liquid-Network-). 
 
-*Hint for Umbrel guys:* To save keystrokes, add these aliases to ~/.profile, then ```source .profile```
+*Hint for Umbrel:* To save keystrokes, add these aliases to ~/.profile, then ```source .profile```
 ```
-alias lncli="/home/umbrel/umbrel/scripts/app compose lightning exec -T lnd lncli"
-alias bcli="/home/umbrel/umbrel/scripts/app compose bitcoin exec bitcoind bitcoin-cli"
+alias lncli="docker exec -it lightning_lnd_1 lncli" `(Umbrel 0.5 only)`
+alias bcli="docker exec -it bitcoin_bitcoind_1 bitcoin-cli" `(Umbrel 0.5 only)`
 alias ecli="docker exec -it elements_node_1 elements-cli -rpcuser=elements -rpcpassword=<your elements password>"
 ```
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,10 +1,6 @@
-# Security Disclosure
+# Security Protocol
 
-**Assuming the local network is secure**
-
-PeerSwap Web UI is currently a beta-grade software that makes the assumption that the local network is secure. This means local network communication is unencrypted using plain text HTTP. 
-
-Bootstrapping a secure connection over an insecure network and avoiding MITM attacks without being able to rely on certificate authorities is not an easy problem to solve.
+PeerSwap Web UI HTTP server offers secure communication with the clients via TLS. When HTTPS option is enabled, a self-signed root Certificate Authority certificate CA.crt is created first. It is then used to sign two certificates: server.crt and client.crt. Both CA.crt and client.crt need to be installed on the client's devices, to bootstrap a secure connection with the server. The server.crt certificate is used during the TLS handshake to authenticate the server to the client. Our communication channel is now encrypted and no third party can eavesdrop or connect to the server.
 
 ## Privacy Disclosure
 

diff --git a/cmd/psweb/config/cln.go b/cmd/psweb/config/cln.go
@@ -165,6 +165,10 @@ func setPeerswapVariable(section, variableName, defaultValue, newValue, envKey s
 		v = s
 	}
 
+	if v == "" {
+		return "" // no value was set in peerswap.conf
+	}
+
 	if isString {
 		v = "\"" + v + "\""
 	}

diff --git a/cmd/psweb/config/common.go b/cmd/psweb/config/common.go
@@ -46,6 +46,10 @@ type Configuration struct {
 	AutoSwapThresholdAmount uint64
 	AutoSwapThresholdPPM    uint64
 	AutoSwapTargetPct       uint64
+	SecureConnection        bool
+	ServerIPs               string
+	SerialNumber            int64 // for CA-signed server certificates
+	SecurePort              string
 }
 
 var Config Configuration
@@ -79,6 +83,8 @@ func Load(dataDir string) {
 	Config.AutoSwapThresholdAmount = 2000000
 	Config.AutoSwapThresholdPPM = 300
 	Config.AutoSwapTargetPct = 50
+	Config.SecureConnection = false
+	Config.SecurePort = "1985"
 
 	if os.Getenv("NETWORK") == "testnet" {
 		Config.Chain = "testnet"

diff --git a/cmd/psweb/config/lnd.go b/cmd/psweb/config/lnd.go
@@ -76,19 +76,40 @@ func LoadPS() {
 
 	// get bitcoin RPC from LND config
 	host = getLndConfSetting("bitcoind.rpchost")
+	user := getLndConfSetting("bitcoind.rpcuser")
+	pass := getLndConfSetting("bitcoind.rpcpass")
 
-	if host == "" {
+	port = "8332"
+	if Config.Chain == "testnet" {
+		port = "18332"
+	}
+
+	// env variables take priority
+	if os.Getenv("BITCOIN_HOST") != "" {
+		host = os.Getenv("BITCOIN_HOST")
+	}
+
+	if os.Getenv("BITCOIN_PORT") != "" {
+		port = os.Getenv("BITCOIN_PORT")
+	}
+
+	if os.Getenv("BITCOIN_USER") != "" {
+		user = os.Getenv("BITCOIN_USER")
+	}
+
+	if os.Getenv("BITCOIN_PASS") != "" {
+		pass = os.Getenv("BITCOIN_PASS")
+	}
+
+	if host == "" || user == "" || pass == "" {
+		// fallback
 		Config.BitcoinHost = GetBlockIoHost()
 		Config.BitcoinUser = ""
 		Config.BitcoinPass = ""
 	} else {
-		port := "8332"
-		if Config.Chain == "testnet" {
-			port = "18332"
-		}
 		Config.BitcoinHost = "http://" + host + ":" + port
-		Config.BitcoinUser = getLndConfSetting("bitcoind.rpcuser")
-		Config.BitcoinPass = getLndConfSetting("bitcoind.rpcpass")
+		Config.BitcoinUser = user
+		Config.BitcoinPass = pass
 	}
 }
 
@@ -101,6 +122,7 @@ func SavePS() {
 
 	//key, default, new value, env key
 	t += setPeerswapdVariable("host", "localhost:42069", Config.RpcHost, "")
+	t += setPeerswapdVariable("rpchost", "", "", "") // will keep the same if set
 	// remove resthost
 	// t += setPeerswapdVariable("resthost", "localhost:42070", "", "")
 	t += setPeerswapdVariable("lnd.host", "localhost:10009", "", "LND_HOST")
@@ -163,7 +185,11 @@ func setPeerswapdVariable(variableName, defaultValue, newValue, envKey string) s
 	} else if s := GetPeerswapLNDSetting(variableName); s != "" {
 		v = s
 	}
-	return variableName + "=" + v + "\n"
+	if v == "" {
+		return "" // no value was set in peerswap.conf
+	} else {
+		return variableName + "=" + v + "\n"
+	}
 }
 
 func GetPeerswapLNDSetting(searchVariable string) string {