32ad40a4cc
|
||
|---|---|---|
| cmd | ||
| docs | ||
| frontend | ||
| parser | ||
| storage | ||
| testdata | ||
| vendor | ||
| walletrpc | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| go.mod | ||
| go.sum | ||
README.md
Overview
lightwalletd is a backend service that provides a bandwidth-efficient interface to the Zcash blockchain. Currently, lightwalletd supports the Sapling protocol version as its primary concern. The intended purpose of lightwalletd is to support the development of mobile-friendly shielded light wallets.
lightwalletd consists of three loosely coupled components: an "ingester", a "frontend", and an arbitrary storage layer (such as a SQL database) that connects the two. The ingester receives raw block data, parses out the transactions and block metadata, then stores them in a format convenient for the frontend to serve to clients. Thus, these components can operate and scale independently of each other and are connected only by a shared storage convention.
Lightwalletd has not yet undergone audits or been subject to rigorous testing. It lacks some affordances necessary for production-level reliability. We do not recommend using it to handle customer funds at this time (October 2019).
To view status of CI pipeline
To view detailed Codecov report
Local/Developer Usage
First, ensure Go >= 1.11 is installed. Once your go environment is setup correctly, you can build/run the below components.
To build ingest and server, run make.
This will build the ingest and server binaries, where you can use the below commands to configure how they run.
To run INGESTER
Assuming you used make to build INGESTER
./ingest --conf-file /home/zcash/.zcash/zcash.conf --db-path /db/sql.db --log-file /logs/ingest.log
To run SERVER
Assuming you used make to build SERVER:
./server --very-insecure=true --conf-file /home/zcash/.zcash/zcash.conf --db-path /db/sql.db --log-file /logs/server.log --bind-addr 127.0.0.1:18232
Production Usage
Ensure Go >= 1.11 is installed.
x509 Certificates You will need to supply an x509 certificate that connecting clients will have good reason to trust (hint: do not use a self-signed one, our SDK will reject those unless you distribute them to the client out-of-band). We suggest that you be sure to buy a reputable one from a supplier that uses a modern hashing algorithm (NOT md5 or sha1) and that uses Certificate Transparency (OID 1.3.6.1.4.1.11129.2.4.2 will be present in the certificate).
To check a given certificate's (cert.pem) hashing algorithm:
openssl x509 -text -in certificate.crt | grep "Signature Algorithm"
To check if a given certificate (cert.pem) contains a Certificate Transparency OID:
echo "1.3.6.1.4.1.11129.2.4.2 certTransparency Certificate Transparency" > oid.txt
openssl asn1parse -in cert.pem -oid ./oid.txt | grep 'Certificate Transparency'
To use Let's Encrypt to generate a free certificate for your frontend, one method is to:
- Install certbot
- Open port 80 to your host
- Point some forward dns to that host (some.forward.dns.com)
- Run
certbot certonly --standalone --preferred-challenges http -d some.forward.dns.com
- Pass the resulting certificate and key to frontend using the -tls-cert and -tls-key options.
To run production INGESTER
Example using ingest binary built from Makefile:
./ingest --conf-file /home/zcash/.zcash/zcash.conf --db-path /db/sql.db --log-file /logs/ingest.log
To run production SERVER
Example using server binary built from Makefile:
./server --tls-cert cert.pem --tls-key key.pem --conf-file /home/zcash/.zcash/zcash.conf --db-path /db/sql.db --log-file /logs/server.log --bind-addr 127.0.0.1:18232