getumbrel / umbrel-lightning

The official Lightning Node app for Umbrel, powered by LND.
https://umbrel.com
Other
17 stars 8 forks source link

admin.macaroon in hex format #27

Open pseudozach opened 3 years ago

pseudozach commented 3 years ago

Can you please add another entry in connect wallet page to expose admin.macaroon in hex format?

This would be useful for many integrations including https://github.com/getAlby/lightning-browser-extension which expects the macaroon in hex format. Not sure if this is available in any way in umbrel but I had to log into to the lnd docker container and use xxd to get it.

lukechilds commented 3 years ago

Woah, Alby looks awesome!

Yeah we should be able to add that. We currently have the admin macaroon base64 encoded as part of the lndconnect URL but nowhere in hex.

Out of interest how did you pair with Alby? I just installed it to test and am entering https://umbrel-mainnet.local:8080 as the "Address" and my hex ancoded admin macaroon but I just get Connection Error: An unexpected error occurred every time.

pseudozach commented 3 years ago

This is what I did to pair: https://github.com/getAlby/lightning-browser-extension/issues/252#issuecomment-934632283

I suppose we can talk to @bumi so alby supports lndconnect but I figured other projects might need hex encoded macaroon as well.

lukechilds commented 3 years ago

Thanks!

Yeah I'd suggest lndconnect support since it's just a single string/QR with everything the user needs in one go.

But if there's some reason you don't want to support that in Alby and specifically want a hex string then happy to add support for that in Umbrel.

lukechilds commented 3 years ago

Also FWIW you can use the LNDHub app on Umbrel to pair with Alby and you'll then also get an isolated allowance just for Alby outside of your main LND wallet. So if the browser extensions was compromised, your main LND wallet funds would be safe.

bumi commented 3 years ago

yeah, Alby should for sure add support for lndconnect URLs. Sadly I did not test umbrel, yet... is umbrel using a link to lndconnect:... or would the user need to copy&paste the lndconnect string?

regarding https URLs: we still have the problem that the browser does not easily support self-signed certificates. Do you have any idea how to make it easier for umbrel users? For now we would suggest @pseudozach's solution.

Having a self-hosted LNDHub is also a great idea to connect and have an isolated allowance. I hope this will also come to lnd directly at some point...I read some related PRs on this. This would be great to use a macaroon with more limited permissions. Until then LNDHub might even be a recommended way for Umbrel users? (with the emphasize that it is self-hosted).

Either way ideally I would like to have a one-click setup for Umbrel users.

pseudozach commented 3 years ago

To provide some background, I started by using lnbits on my umbrel which provides the same experience as LNDHub (a separate accounting system with access to limited funds) and it worked great. I only wanted to test direct LND connection for a separate reason (lnbits creates invoices with 10 min expiry) and then I ran into this issue.

From your discussion, best path forward is to support lndconnect in Alby. thanks.

lukechilds commented 3 years ago

Sadly I did not test umbrel, yet... is umbrel using a link to lndconnect:... or would the user need to copy&paste the lndconnect string?

Currently our wallet connect UI lists lots of popular wallet with detailed instructions, plus we have generic connection options at the bottom (Bitcoin Core RPC/P2P/lndconnect/electrum/etc).

See example here:

Screenshot 2021-10-06 at 17 40 10 Screenshot 2021-10-06 at 17 40 41 Screenshot 2021-10-06 at 17 41 09

It would be simple to add a new entry for Alby using @pseudozach steps.

You can see an example PR here for adding a new wallet to connect wallet UI: https://github.com/getumbrel/umbrel-dashboard/pull/331

regarding https URLs: we still have the problem that the browser does not easily support self-signed certificates. Do you have any idea how to make it easier for umbrel users? For now we would suggest @pseudozach's solution.

It's a real pain, we have siialr issues on Umbrel, it's why we (currently) use HTTP for all local communication.

FWIW I didn't have to export and import the cert on my OS, I was able to just visit https://umbrel.local:8080 in the browser, allow the cert when faced with the error, and then it would automatically add the cert to my browser and I could connect in the extension.

Either way ideally I would like to have a one-click setup for Umbrel users.

This would be great, unfortunately you can't really get around the SSL issue on the local network due to browser limitations (unless there's a way for a browser extension to bypass this?). I feel like there might potentially be a clever solution some how using WebRTC over the local network for Alby <> Umbrel communication.

bumi commented 3 years ago

ok, that's cool.

unfortunately you can't really get around the SSL issue on the local network due to browser limitations... no, currently I have no idea how to automatically get around that. The user has to do something there. (either add the cert, configure something on the node or install another local proxy app) Is umbrel also using something like ip2tor as raspiblitz does?

Do you think it is best to connect through the local domain (umbrel.local) or though tor?

If lndhub/lnbits is always installed this could be also directly offered as a possibility. What do you think is best for umbrel users?

though this is off topic from this issue. I will create a new issue where we can discuss this.

Independent of Alby I think it would be helpful to easily get the macaroon as hex. I think it is common that the macaroon is needed to configure LND connections.

lukechilds commented 3 years ago

Do you think it is best to connect through the local domain (umbrel.local) or though tor?

Can you do Tor connections from a browser extension? If there's some way to embed a Tor daemon then that would be awesome!

umbrel.local is faster but will stop working if the user moves to a different network that their Umbrel isn't connected to which would probably not be obvious to them.

Independent of Alby I think it would be helpful to easily get the macaroon as hex. I think it is common that the macaroon is needed to configure LND connections.

Yeah, I agree.