116 lines
4.6 KiB
Markdown
116 lines
4.6 KiB
Markdown
|
|
[![pipeline status](https://gitlab.com/zcash/lightwalletd/badges/master/pipeline.svg)](https://gitlab.com/zcash/lightwalletd/commits/master)
|
|
[![coverage report](https://gitlab.com/zcash/lightwalletd/badges/master/coverage.svg)](https://gitlab.com/zcash/lightwalletd/commits/master)
|
|
|
|
# Disclaimer
|
|
This is an alpha build and is currently under active development. Please be advised of the following:
|
|
|
|
- This code currently is not audited by an external security auditor, use it at your own risk
|
|
- The code **has not been subjected to thorough review** by engineers at the Electric Coin Company
|
|
- We **are actively changing** the codebase and adding features where/when needed
|
|
|
|
🔒 Security Warnings
|
|
|
|
The Lightwalletd Server is experimental and a work in progress. Use it at your own risk.
|
|
|
|
---
|
|
|
|
# Overview
|
|
|
|
[lightwalletd](https://github.com/zcash/lightwalletd) is a backend service that provides a bandwidth-efficient interface to the Zcash blockchain. Currently, lightwalletd supports the Sapling protocol version as its primary concern. The intended purpose of lightwalletd is to support the development of mobile-friendly shielded light wallets.
|
|
|
|
lightwalletd is a backend service that provides a bandwidth-efficient interface to the Zcash blockchain for mobile and other wallets, such as [Zecwallet](https://github.com/adityapk00/zecwallet-lite-lib).
|
|
|
|
Lightwalletd has not yet undergone audits or been subject to rigorous testing. It lacks some affordances necessary for production-level reliability. We do not recommend using it to handle customer funds at this time (October 2019).
|
|
|
|
To view status of [CI pipeline](https://gitlab.com/mdr0id/lightwalletd/pipelines)
|
|
|
|
To view detailed [Codecov](https://codecov.io/gh/zcash/lightwalletd) report
|
|
|
|
# Local/Developer docker-compose Usage
|
|
|
|
[docs/docker-compose-setup.md](./docs/docker-compose-setup.md)
|
|
|
|
# Local/Developer Usage
|
|
|
|
First, ensure [Go >= 1.11](https://golang.org/dl/#stable) is installed. Once your go environment is setup correctly, you can build/run the below components.
|
|
|
|
To build the server, run `make`.
|
|
|
|
This will build the server binary, where you can use the below commands to configure how it runs.
|
|
|
|
## To run SERVER
|
|
|
|
Assuming you used `make` to build SERVER:
|
|
|
|
```
|
|
./server --no-tls-very-insecure=true --conf-file /home/zcash/.zcash/zcash.conf --log-file /logs/server.log --bind-addr 127.0.0.1:18232
|
|
```
|
|
|
|
# Production Usage
|
|
|
|
Ensure [Go >= 1.11](https://golang.org/dl/#stable) is installed.
|
|
|
|
**x509 Certificates**
|
|
You will need to supply an x509 certificate that connecting clients will have good reason to trust (hint: do not use a self-signed one, our SDK will reject those unless you distribute them to the client out-of-band). We suggest that you be sure to buy a reputable one from a supplier that uses a modern hashing algorithm (NOT md5 or sha1) and that uses Certificate Transparency (OID 1.3.6.1.4.1.11129.2.4.2 will be present in the certificate).
|
|
|
|
To check a given certificate's (cert.pem) hashing algorithm:
|
|
```
|
|
openssl x509 -text -in certificate.crt | grep "Signature Algorithm"
|
|
```
|
|
|
|
To check if a given certificate (cert.pem) contains a Certificate Transparency OID:
|
|
```
|
|
echo "1.3.6.1.4.1.11129.2.4.2 certTransparency Certificate Transparency" > oid.txt
|
|
openssl asn1parse -in cert.pem -oid ./oid.txt | grep 'Certificate Transparency'
|
|
```
|
|
|
|
To use Let's Encrypt to generate a free certificate for your frontend, one method is to:
|
|
1) Install certbot
|
|
2) Open port 80 to your host
|
|
3) Point some forward dns to that host (some.forward.dns.com)
|
|
4) Run
|
|
```
|
|
certbot certonly --standalone --preferred-challenges http -d some.forward.dns.com
|
|
```
|
|
5) Pass the resulting certificate and key to frontend using the -tls-cert and -tls-key options.
|
|
|
|
## To run production SERVER
|
|
|
|
Example using server binary built from Makefile:
|
|
|
|
```
|
|
./server --tls-cert cert.pem --tls-key key.pem --conf-file /home/zcash/.zcash/zcash.conf --log-file /logs/server.log --bind-addr 127.0.0.1:18232
|
|
```
|
|
|
|
# Pull Requests
|
|
|
|
We welcome pull requests! We like to keep our Go code neatly formatted in a standard way,
|
|
which the standard tool [gofmt](https://golang.org/cmd/gofmt/) can do. Please consider
|
|
adding the following to the file `.git/hooks/pre-commit` in your clone:
|
|
|
|
```
|
|
#!/bin/sh
|
|
|
|
modified_go_files=$(git diff --cached --name-only -- '*.go')
|
|
if test "$modified_go_files"
|
|
then
|
|
need_formatting=$(gofmt -l $modified_go_files)
|
|
if test "$need_formatting"
|
|
then
|
|
echo files need formatting:
|
|
echo gofmt -w $need_formatting
|
|
exit 1
|
|
fi
|
|
fi
|
|
```
|
|
|
|
You'll also need to make this file executable:
|
|
|
|
```
|
|
$ chmod +x .git/hooks/pre-commit
|
|
```
|
|
|
|
Doing this will prevent commits that break the standard formatting. Simply run the
|
|
`gofmt` command as indicated and rerun the `git commit` command.
|