lightninglabs · ellemouton · Apr 26, 2022
diff --git a/aperture.go b/aperture.go
@@ -158,7 +158,7 @@ type Aperture struct {
 	cfg *Config
 
 	etcdClient    *clientv3.Client
-	challenger    *LndChallenger
+	challenger    mint.Challenger
 	httpsServer   *http.Server
 	torHTTPServer *http.Server
 	proxy         *proxy.Proxy
@@ -205,22 +205,38 @@ func (a *Aperture) Start(errChan chan error) error {
 		}, nil
 	}
 
+	var checker auth.InvoiceChecker
 	if !a.cfg.Authenticator.Disable {
-		a.challenger, err = NewLndChallenger(
-			a.cfg.Authenticator, genInvoiceReq, errChan,
-		)
-		if err != nil {
-			return err
-		}
-		err = a.challenger.Start()
-		if err != nil {
-			return err
+		if a.cfg.Authenticator.LNURL != "" {
+			a.challenger, err = NewLNURLChallenger(
+				a.cfg.Authenticator.LNURL,
+				a.cfg.Authenticator.Network,
+			)
+			if err != nil {
+				return err
+			}
+
+		} else {
+			lndChallenger, err := NewLndChallenger(
+				a.cfg.Authenticator, genInvoiceReq, errChan,
+			)
+			if err != nil {
+				return err
+			}
+
+			err = lndChallenger.Start()
+			if err != nil {
+				return err
+			}
+
+			a.challenger = lndChallenger
+			checker = lndChallenger
 		}
 	}
 
 	// Create the proxy and connect it to lnd.
 	a.proxy, a.proxyCleanup, err = createProxy(
-		a.cfg, a.challenger, a.etcdClient,
+		a.cfg, a.challenger, checker, a.etcdClient,
 	)
 	if err != nil {
 		return err
@@ -319,7 +335,10 @@ func (a *Aperture) Stop() error {
 	var returnErr error
 
 	if a.challenger != nil {
-		a.challenger.Stop()
+		ch, ok := a.challenger.(*LndChallenger)
+		if ok {
+			ch.Stop()
+		}
 	}
 
 	// Stop everything that was started alongside the proxy, for example the
@@ -624,15 +643,16 @@ func initTorListener(cfg *Config, etcd *clientv3.Client) (*tor.Controller, error
 }
 
 // createProxy creates the proxy with all the services it needs.
-func createProxy(cfg *Config, challenger *LndChallenger,
-	etcdClient *clientv3.Client) (*proxy.Proxy, func(), error) {
+func createProxy(cfg *Config, challenger mint.Challenger,
+	checker auth.InvoiceChecker, etcdClient *clientv3.Client) (*proxy.Proxy,
+	func(), error) {
 
 	minter := mint.New(&mint.Config{
 		Challenger:     challenger,
 		Secrets:        newSecretStore(etcdClient),
 		ServiceLimiter: newStaticServiceLimiter(cfg.Services),
 	})
-	authenticator := auth.NewLsatAuthenticator(minter, challenger)
+	authenticator := auth.NewLsatAuthenticator(minter, checker)
 
 	// By default the static file server only returns 404 answers for
 	// security reasons. Serving files from the staticRoot directory has to

diff --git a/config.go b/config.go
@@ -27,16 +27,19 @@ type EtcdConfig struct {
 }
 
 type AuthConfig struct {
+	Disable bool `long:"disable" description:"Whether to disable any auth."`
+
+	Network string `long:"network" description:"The network the authenticator is using." choice:"regtest" choice:"simnet" choice:"testnet" choice:"mainnet"`
+
 	// LndHost is the hostname of the LND instance to connect to.
 	LndHost string `long:"lndhost" description:"Hostname of the LND instance to connect to"`
 
 	TLSPath string `long:"tlspath" description:"Path to LND instance's tls certificate"`
 
 	MacDir string `long:"macdir" description:"Directory containing LND instance's macaroons"`
 
-	Network string `long:"network" description:"The network LND is connected to." choice:"regtest" choice:"simnet" choice:"testnet" choice:"mainnet"`
-
-	Disable bool `long:"disable" description:"Whether to disable LND auth."`
+	// LNURL is the lnurl that will be used to fetch invoices from.
+	LNURL string `long:"lnurl" description:"The LNURL to be used to query for invoices. If this is specified then the LND config should not be"`
 }
 
 func (a *AuthConfig) validate() error {
@@ -45,6 +48,15 @@ func (a *AuthConfig) validate() error {
 		return nil
 	}
 
+	if a.LNURL != "" && a.LndHost != "" {
+		return errors.New("must use either LND or LNURL for " +
+			"authentication, not both")
+	}
+
+	if a.LNURL != "" {
+		return nil
+	}
+
 	if a.LndHost == "" {
 		return errors.New("lnd host required")
 	}

diff --git a/go.mod b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/btcsuite/btcd/btcec/v2 v2.1.0
 	github.com/btcsuite/btcd/btcutil v1.1.0
 	github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f
+	github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d
 	github.com/btcsuite/btcwallet/wtxmgr v1.5.0
 	github.com/fortytw2/leaktest v1.3.0
 	github.com/golang/protobuf v1.5.2

diff --git a/go.sum b/go.sum
@@ -86,6 +86,7 @@ github.com/btcsuite/btcd/btcutil/psbt v1.1.0 h1:1LxDjz2ar4L2mrviBdxrzxesMMcAtj4n
 github.com/btcsuite/btcd/btcutil/psbt v1.1.0/go.mod h1:xMuACsIKDzcE3kWMxqK+aLrAWZ8bMdn7YjYEwNs5q8k=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f h1:bAs4lUbRJpnnkd9VhRV3jjAVU7DJVjMaK+IsvSeZvFo=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
+github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d h1:yJzD/yFppdVCf6ApMkVy8cUxV0XrxdP9rVf6D87/Mng=
 github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
 github.com/btcsuite/btcwallet v0.14.0 h1:+Nwf0GkRUwDjd/F3i9HgrRhDp8RHZFbBZ3kQaZr6zD0=
 github.com/btcsuite/btcwallet v0.14.0/go.mod h1:KFR1x3ZH7c31i4qA34XIvcsnhrEBLK1SHli52lN8E54=