A javascript library for working with LSATs (Lightning Service Authentication Tokens)
This repository hosts public information about Tierion.
All approved links to Tierion assets.
Tierion's community guidelines which govern all Tierion communities.
Tierion's community rules which is a simplified version of the Community Guidelines
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
I recently created a demo showing the use of Aperture and a React web app. (I copied the connect-demo from the lnc-web repo to get me started.) At the very least, the use of Buffer on this line prevents me from using lsat-js in the browser. Would it be possible to make this library Node-independent and able to run in browsers?
The verification method on the macaroon class from js-macaroon accepts a third argument for discharges. Presumably this is for verification of 3rd party caveats. Currently the lsat-js library doesn't support this interface. There's not a clear need or use case for it at this point, but it's worth keeping in mind for future development.
discharges are used in the js-macaroon code here
Working with Lsat.fromToken the identifier doesn't get set correctly if it is not using utf8
I noticed when using Lsat.fromChallenge (specifically Line 414) after importing the macaroon the identifier is set based on .i or .i64.
In the code from Lsat.fromToken, it calls Lsat.fromMacaroon which then imports the macaroon only grabs the .i identifier.
const identifier = Macaroon.importMacaroon(macaroon)._exportAsJSONObjectV2().i
let id: Identifier
try {
if (identifier == undefined) {
throw new Error(
`macaroon identifier undefined`
)
}
id = Identifier.fromString(identifier)
} catch (e) {
throw new Error(
`Unexpected encoding for macaroon identifier: ${e.message}`
)
}To support both v1 macaroons and v2 macaroons I am proposing the following:
// identifier.ts
static fromBase64(str: string): Identifier {
return new this().fromBase64(str)
}
// lsat.ts
static getIdentifierFromMacaroon(macaroon: string): Identifier | null {
const { i, i64 } = Macaroon.importMacaroon(macaroon)._exportAsJSONObjectV2();
if (i) {
return Identifier.fromString(i)
}
if (i64) {
return Identifier.fromBase64(i64)
}
return null
}
static fromMacaroon(macaroon: string, invoice?: string): Lsat {
/* existing code */
let id;
try {
id = Lsat.getIdentifierFromMacaroon(macaroon);
if (!id) {
throw new Error(`macaroon identifier undefined`);
}
} catch (e) {
throw new Error(
`Unexpected encoding for macaroon identifier: ${e.message}`
)
}
/* existing code */
}
Unfortunately it looks like the verifiers broke in the migration to the new macaroon library. The previous library had support for "general verifiers" where a function could be passed in in order to handle custom verifier functions. boltwall took advantage of this for certain functionalities that seem to be broken when using the updated lsat-js library.
boltwall itself was still using the previous macaroon library (primarily expecting the macaroon class that it produced and the various serialization/deserialization methods). Since the update here didn't keep the same macaroon interface those broke. I'm updating those but in the process of doing that I found that the validators for the paywall route tests are failing as a result of this regression.
Here's the offending area. I'm seeing if I can find a quick-ish fix, but may have to get back to this later in the week.
fb025cf#diff-1be22c603288032bf7218ad66c681f9e52bdbed29b791c0c666c74082cf5a353L246
Most Base64 encoders use = as byte padding. However, parseChallengePart cannot process anymore than a single equal sign in an invoice or macaroon challenge part, which causes assert failures in cases where a challenger uses a Base64 encoder that pads.
Replication: Use LSAT macaroon="AgESMy4xMzYuMTc4LjE1OjM0MjM4AkIAAD2b0rX78LATiVo8bKgHuurefeF5OeX2H5ZuacBIK3+RAR1PKU1oZpfCZFib4zdDoj0pOpgPmhtuzNllU+y//D0AAAYgcWFs9FIteCzpCcEPSwmXKBpcx97hyL5Yt99cbLjRHzU=", invoice="lntb20n1psza5dwpp58kda9d0m7zcp8z2683k2spa6at08mcte88jlv8ukde5uqjpt07gsdzjfp85gnpqd9h8vmmfvdjjqurp09kk2mn5ypn8ymmdyppksctfdecx76twwssyxmmjv5sxcmny8gcnqvps8ycqzpgsp5m7xru8dlhrhmwjp8gynsj2l9mwan2jk52ah5xucrn9kc3p0pj5ns9qy9qsq7jjxypyyc7hvvs8srh6c3lvcp5l5wka94htnfxak99hd5qrx69sya9sj4zm3w5lncw0tksf944q73tduhlhs5apd63m9dte9dhva5dgqaceunx" on the LSAT playground or in a simple lsat-js script.
The solution (I think) would be to separate on the comma / whitespace first, then ensure that the first string split is macaroon or invoice.
It's also possible that my macaroon encoding is not supposed to require any padding, and that my LSAT implementation is wrong. But given that I'm adapting code from the Aperature project, I think this might be less likely.
LSAT spec was undetermined here, but the lsat golang implementation uses big endian.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.