Go to file
Marshall Gaucher 6dd409abf3
Update compose for new LWD config params
2020-06-05 14:15:06 -07:00
.github Merge branch 'master' into lindanlee-templates-2 2020-06-01 15:04:56 -05:00
cmd add --darkside-timeout option to override 30-minute default shutdown 2020-05-21 11:48:03 -06:00
common Improve error checking, README improvements (#278) 2020-06-03 19:18:04 -06:00
docker revert unintended docker/zcash.conf change 2020-04-09 10:27:08 -06:00
docs Improve error checking, README improvements (#278) 2020-06-03 19:18:04 -06:00
frontend add error check to StageBlocksStream 2020-05-29 10:36:34 -06:00
parser increase the 252 per-block transaction limit (#273) 2020-06-03 18:58:26 -06:00
tekton Added tekton for Docker image build 2020-03-23 15:01:04 -04:00
testclient add a gRPC test client for performance measurement and stress testing 2020-03-19 21:10:47 -06:00
testdata New "staging" api (StageBlocks, StageTransactions, ApplyStaged) 2020-05-21 11:48:03 -06:00
testtools increase the 252 per-block transaction limit (#273) 2020-06-03 18:58:26 -06:00
utils update submitblocks.sh, return an error if GetBlock height is too low, instead of crashing 2020-05-21 11:48:03 -06:00
vendor add darkside SetMetaState, SetBlocksURL for reorg testing 2020-05-21 11:48:03 -06:00
walletrpc increase the 252 per-block transaction limit (#273) 2020-06-03 18:58:26 -06:00
.codecov.yml Update .codecov.yml 2019-10-29 16:21:39 -07:00
.env.template Moved HTTP endpoint startup to a fucntion 2020-04-09 10:27:08 -06:00
.gitignore increase the 252 per-block transaction limit (#273) 2020-06-03 18:58:26 -06:00
.gitlab-ci.yml Updated Makefile for new build options 2020-03-18 08:56:29 -06:00
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md 2019-09-19 19:26:16 -07:00
CONTRIBUTING.md test improvements, and minor cleanups 2020-01-31 16:36:31 -07:00
COPYING add COPYING and copyright lines 2020-03-12 12:02:55 -06:00
Dockerfile Fix Dockerfile args and added lightwalled volume 2020-04-13 14:34:54 -04:00
LICENSE Create LICENSE 2019-09-19 19:21:48 -07:00
Makefile New "staging" api (StageBlocks, StageTransactions, ApplyStaged) 2020-05-21 11:48:03 -06:00
README.md Merge branch 'master' into update-codecov-badge 2020-05-28 10:37:22 -07:00
buildenv.sh Added per-instance password by moving to an environment build script. 2019-12-20 14:15:45 -08:00
docgen.sh add documentation for lightwalletd APIs and data types 2020-03-02 17:21:41 -07:00
docker-compose.yml Update compose for new LWD config params 2020-06-05 14:15:06 -07:00
go.mod implement staging, not well tested 2020-05-21 11:48:03 -06:00
go.sum New "staging" api (StageBlocks, StageTransactions, ApplyStaged) 2020-05-21 11:48:03 -06:00
lightwalletd-example.yml Example usage of cobra and viper for configuration 2020-03-18 08:56:29 -06:00
main.go rebase PR 175 - Use cobra and viper for configuration 2020-03-18 12:13:30 -06:00

README.md

pipeline status codecov

Disclaimer

This is an alpha build and is currently under active development. Please be advised of the following:

  • This code currently is not audited by an external security auditor, use it at your own risk
  • The code has not been subjected to thorough review by engineers at the Electric Coin Company
  • We are actively changing the codebase and adding features where/when needed

🔒 Security Warnings

The Lightwalletd Server is experimental and a work in progress. Use it at your own risk. Developers should familiarize themselves with the wallet app threat model, since it contains important information about the security and privacy limitations of light wallets that use Lightwalletd.


Overview

lightwalletd is a backend service that provides a bandwidth-efficient interface to the Zcash blockchain. Currently, lightwalletd supports the Sapling protocol version and beyond as its primary concern. The intended purpose of lightwalletd is to support the development and operation of mobile-friendly shielded light wallets.

lightwalletd is a backend service that provides a bandwidth-efficient interface to the Zcash blockchain for mobile and other wallets, such as Zecwallet.

Lightwalletd has not yet undergone audits or been subject to rigorous testing. It lacks some affordances necessary for production-level reliability. We do not recommend using it to handle customer funds at this time (April 2020).

To view status of CI pipeline

To view detailed Codecov report

Documentation for lightwalletd clients (the gRPC interface) is in docs/rtd/index.html. The current version of this file corresponds to the two .proto files; if you change these files, please regenerate the documentation by running make doc, which requires docker to be installed.

Local/Developer docker-compose Usage

docs/docker-compose-setup.md

Local/Developer Usage

Zcashd

You must start a local instance of zcashd, and its .zcash/zcash.conf file must include the following entries (set the user and password strings accordingly):

txindex=1
insightexplorer=1
experimentalfeatures=1
rpcuser=xxxxx
rpcpassword=xxxxx

The zcashd can be configured to run mainnet or testnet (or regtest). If you stop zcashd and restart it on a different network (switch from testnet to mainnet, for example), you must also stop and restart lightwalletd.

It's necessary to run zcashd --reindex one time for these options to take effect. This typically takes several hours, and requires more space in the .zcash data directory.

Lightwalletd uses the following zcashd RPCs:

  • getblockchaininfo
  • getblock
  • getrawtransaction
  • getaddresstxids
  • sendrawtransaction

Lightwalletd

First, install Go version 1.11 or later. You can see your current version by running go version.

Clone the current repository into a local directory that is not within any component of your $GOPATH ($HOME/go by default), then build the lightwalletd server binary by running make.

To run SERVER

Assuming you used make to build the server, here's a typical developer invocation:

./lightwalletd --no-tls-very-insecure --zcash-conf-path ~/.zcash/zcash.conf --data-dir . --log-file /dev/stdout

Type ./lightwalletd help to see the full list of options and arguments.

Production Usage

Run a local instance of zcashd (see above), except do not specify --no-tls-very-insecure. Ensure Go version 1.11 or later is installed.

x509 Certificates You will need to supply an x509 certificate that connecting clients will have good reason to trust (hint: do not use a self-signed one, our SDK will reject those unless you distribute them to the client out-of-band). We suggest that you be sure to buy a reputable one from a supplier that uses a modern hashing algorithm (NOT md5 or sha1) and that uses Certificate Transparency (OID 1.3.6.1.4.1.11129.2.4.2 will be present in the certificate).

To check a given certificate's (cert.pem) hashing algorithm:

openssl x509 -text -in certificate.crt | grep "Signature Algorithm"

To check if a given certificate (cert.pem) contains a Certificate Transparency OID:

echo "1.3.6.1.4.1.11129.2.4.2 certTransparency Certificate Transparency" > oid.txt
openssl asn1parse -in cert.pem -oid ./oid.txt | grep 'Certificate Transparency'

To use Let's Encrypt to generate a free certificate for your frontend, one method is to:

  1. Install certbot
  2. Open port 80 to your host
  3. Point some forward dns to that host (some.forward.dns.com)
  4. Run
certbot certonly --standalone --preferred-challenges http -d some.forward.dns.com
  1. Pass the resulting certificate and key to frontend using the -tls-cert and -tls-key options.

To run production SERVER

Example using server binary built from Makefile:

./lightwalletd --tls-cert cert.pem --tls-key key.pem --zcash-conf-path /home/zcash/.zcash/zcash.conf --log-file /logs/server.log

Block cache

Lightwalletd caches all blocks from Sapling activation up to the most recent block, which takes about an hour the first time you run lightwalletd. During this syncing, lightwalletd is fully available, but block fetches are slower until the download completes.

After syncing, lightwalletd will start almost immediately, because the blocks are cached in local files (by default, within /var/lib/lightwalletd/db; you can specify a different location using the --data-dir command-line option).

Lightwalletd checks the consistency of these files at startup and during operation as these files may be damaged by, for example, an unclean shutdown. If the server detects corruption, it will automatically re-downloading blocks from zcashd from that height, requiring up to an hour again (no manual intervention is required). But this should occur rarely.

If lightwalletd detects corruption in these cache files, it will log a message containing the string CORRUPTION and also indicate the nature of the corruption.

Darksidewalletd & Testing

Lightwalletd now supports a mode that enables integration testing of itself and wallets that connect to it. See the darksidewalletd docs for more information.

Pull Requests

We welcome pull requests! We like to keep our Go code neatly formatted in a standard way, which the standard tool gofmt can do. Please consider adding the following to the file .git/hooks/pre-commit in your clone:

#!/bin/sh

modified_go_files=$(git diff --cached --name-only -- '*.go')
if test "$modified_go_files"
then
    need_formatting=$(gofmt -l $modified_go_files)
    if test "$need_formatting"
    then
        echo files need formatting (then don't forget to git add):
        echo gofmt -w $need_formatting
        exit 1
    fi
fi

You'll also need to make this file executable:

$ chmod +x .git/hooks/pre-commit

Doing this will prevent commits that break the standard formatting. Simply run the gofmt command as indicated and rerun the git add and git commit commands.