From 17edbb2ce8c2eeab770dd085544dce7c26e6692c Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Fri, 25 Jun 2021 23:09:17 +0100
Subject: [PATCH] sparko: add info and connect menu with own cert

https://github.com/rootzoll/raspiblitz/issues/2295
---
 .../config.scripts/cln-plugin.sparko.sh       | 106 +++++++++++++++---
 1 file changed, 91 insertions(+), 15 deletions(-)

diff --git a/home.admin/config.scripts/cln-plugin.sparko.sh b/home.admin/config.scripts/cln-plugin.sparko.sh
index 6406a1954..30a03d0c6 100644
--- a/home.admin/config.scripts/cln-plugin.sparko.sh
+++ b/home.admin/config.scripts/cln-plugin.sparko.sh
@@ -35,11 +35,63 @@ elif [ ${CHAIN} = mainnet ];then
   portprefix=""
 fi
 
+# show info menu
+if [ "$1" = "menu" ]; then
+
+  # get network info
+  localip=$(ip addr | grep 'state UP' -A2 | egrep -v 'docker0|veth' | grep 'eth0\|wlan0\|enp0' | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
+  toraddress=$(sudo cat /mnt/hdd/tor/${netprefix}sparko/hostname)
+  toraddresstext="Hidden Service address for the Tor Browser (QRcode on LCD):\n$toraddress"
+  if [ ${#toraddress} -eq 0 ];then
+    toraddresstext="Activate Tor to access the web interface from outside of the local network."
+  else
+    /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
+  fi
+  fingerprint=$(openssl x509 -in /home/bitcoin/.lightning/sparko-tls/cert.pem -fingerprint -noout | cut -d"=" -f2)
+
+  whiptail --title "\
+Sparko - $CHAIN" --msgbox "Open in your local web browser:
+https://${localip}:${portprefix}9000\n
+username: blitz
+password: 'your Password B'\n
+Accept the self-signed SSL certificate with the fingerprint:
+${fingerprint}\n
+${toraddresstext}
+" 17 67
+  
+  /home/admin/config.scripts/blitz.display.sh hide
+
+  echo "please wait ..."
+  exit 0
+fi
+
 # add default value to raspi config if needed
 if ! grep -Eq "^${netprefix}sparko=" /mnt/hdd/raspiblitz.conf; then
   echo "${netprefix}sparko=off" >> /mnt/hdd/raspiblitz.conf
 fi
 
+if [ $1 = connect ];then
+  localip=$(ip addr | grep 'state UP' -A2 | egrep -v 'docker0|veth' | grep 'eth0\|wlan0\|enp0' | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
+  toraddress=$(sudo cat /mnt/hdd/tor/${netprefix}sparko/hostname)
+  accesskey=$(sudo cat /home/bitcoin/.lightning/${netprefix}config | grep "^sparko-keys=" | cut -d= -f2 | cut -d';' -f1) 
+  url="https://${localip}:${portprefix}9000/"
+  string="${url}?access-key=${accesskey}"
+
+  /home/admin/config.scripts/blitz.display.sh qr "$string"
+  clear
+  echo "connection string (shown as a QRcode on the top and on the LCD):"
+  echo "$string"
+  qrencode -t ANSIUTF8 "${string}"
+  echo
+  echo "Tor address (shown as a QRcode below):"
+  echo "${toraddress}"
+  qrencode -t ANSIUTF8 "${toraddress}"
+  echo
+  echo "# Press enter to hide the QRcode from the LCD"
+  read key
+  /home/admin/config.scripts/blitz.display.sh hide
+fi
+
 if [ $1 = on ];then
   echo "# Detect CPU architecture ..."
   isARM=$(uname -m | grep -c 'arm')
@@ -54,28 +106,43 @@ if [ $1 = on ];then
     DISTRO="linux_amd64"
   fi
   
+  sudo -u bitcoin mkdir /home/bitcoin/cln-plugins-enabled
   # download binary
-  sudo wget https://github.com/fiatjaf/sparko/releases/download/${SPARKOVERSION}/sparko_${DISTRO}\
-   -O /home/bitcoin/cln-plugins-enabled/sparko
+  sudo -u bitcoin wget https://github.com/fiatjaf/sparko/releases/download/${SPARKOVERSION}/sparko_${DISTRO}\
+   -O /home/bitcoin/cln-plugins-enabled/sparko || exit 1
   # make executable
   sudo chmod +x /home/bitcoin/cln-plugins-enabled/sparko
-  
-  echo "# Editing /home/bitcoin/.lightning/${netprefix}config"
-  echo "# See: https://github.com/fiatjaf/sparko#how-to-use"
-  PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
-  masterkeythatcandoeverything=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c20)
-  secretaccesskeythatcanreadstuff=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c20)
-  verysecretkeythatcanpayinvoices=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c20)
-  keythatcanlistentoallevents=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c20)
+
+  if [ ! -f /home/bitcoin/.lightning/sparko-tls/key.pem ];then
+    # create a self signed cert https://github.com/fiatjaf/sparko#how-to-use
+    /home/admin/config.scripts/internet.selfsignedcert.sh   
+    # sparko looks for specific filenames
+    sudo -u bitcoin mkdir /home/bitcoin/.lightning/sparko-tls
+    sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.key \
+        /home/bitcoin/.lightning/sparko-tls/key.pem
+    sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.cert \
+        /home/bitcoin/.lightning/sparko-tls/cert.pem
+  fi
+
+  if ! grep -Eq "^sparko" /home/bitcoin/.lightning/${netprefix}config;then
+    echo "# Editing /home/bitcoin/.lightning/${netprefix}config"
+    echo "# See: https://github.com/fiatjaf/sparko#how-to-use"
+    PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
+    # Spark wallet only allows alphanumeric characters
+    masterkeythatcandoeverything=$(< /dev/urandom tr -dc a-zA-Z0-9 | head -c20)
+    secretaccesskeythatcanreadstuff=$(< /dev/urandom tr -dc a-zA-Z0-9 | head -c20)
+    verysecretkeythatcanpayinvoices=$(< /dev/urandom tr -dc a-zA-Z0-9 | head -c20)
+    keythatcanlistentoallevents=$(< /dev/urandom tr -dc a-zA-Z0-9 | head -c20)
   echo "
 sparko-host=0.0.0.0
 sparko-port=${portprefix}9000
-#sparko-tls-path=
+sparko-tls-path=/home/bitcoin/.lightning/sparko-tls
 sparko-login=blitz:$PASSWORD_B
 sparko-keys=${masterkeythatcandoeverything}; ${secretaccesskeythatcanreadstuff}: getinfo, listchannels, listnodes; ${verysecretkeythatcanpayinvoices}: pay; ${keythatcanlistentoallevents}: stream
 " | sudo tee -a /home/bitcoin/.lightning/${netprefix}config
-
-  #TODO self signed cert https://github.com/fiatjaf/sparko#how-to-use
+  else
+    echo "# Sparko is already configured in the /home/bitcoin/.lightning/${netprefix}config"
+  fi
 
   echo "# Editing /etc/systemd/system/${netprefix}lightningd.service"
   sudo sed -i "s#^ExecStart=.*#ExecStart=/usr/local/bin/lightningd\
@@ -92,16 +159,22 @@ sparko-keys=${masterkeythatcandoeverything}; ${secretaccesskeythatcanreadstuff}:
   echo "# Allowing port ${portprefix}9000 through the firewall"
   sudo ufw allow "${portprefix}9000" comment "${netprefix}sparko"
 
+  # hidden service to https://xx.onion
+  /home/admin/config.scripts/internet.hiddenservice.sh ${netprefix}sparko 443 ${portprefix}9000
+
   # setting value in raspi blitz config
   sudo sed -i "s/^${netprefix}sparko=.*/${netprefix}sparko=on/g" /mnt/hdd/raspiblitz.conf
 
   sleep 5
-  sudo cat /home/bitcoin/.lightning/${clnetwork}/cl.log | grep sparko
+  # show some logs
+  sudo tail -n100 /home/bitcoin/.lightning/${clnetwork}/cl.log | grep sparko 
   netstat -tulpn | grep "${portprefix}9000"
 
   echo "# Sparko was installed"
   echo "# Monitor with:"
-  echo "sudo tail -n 100 -f /home/bitcoin/.lightning/${clnetwork}/cl.log"
+  echo "sudo journalctl | grep sparko | tail -n5"
+  echo "sudo tail -n 100 -f /home/bitcoin/.lightning/${clnetwork}/cl.log | grep sparko"
+  
 fi
 
 if [ $1 = off ];then
@@ -119,6 +192,9 @@ if [ $1 = off ];then
   fi
   echo "# Deny port ${portprefix}9000 through the firewall"
   sudo ufw deny "${portprefix}9000"
+  
+  /home/admin/config.scripts/internet.hiddenservice.sh off ${netprefix}sparko
+  
   # purge
   if [ "$(echo "$@" | grep -c purge)" -gt 0 ];then
     echo "# Delete plugin"