From 95e38fb8f9c5f83fe2911f6b9785ac663c6542b0 Mon Sep 17 00:00:00 2001 From: TaprootFreak <142087526+TaprootFreak@users.noreply.github.com> Date: Thu, 11 Jun 2026 20:15:29 +0200 Subject: [PATCH] fix(lightning): restore CA-validated https agent for LNbits requests The Agent reuse refactoring dropped the CA-validated httpsAgent from httpLnBitsConfig, so LNbits requests are verified against system CAs only. In production LNbits serves the self-signed LND certificate, which makes every LNbits call fail TLS verification. Reuse one shared CA-validated agent for both LND and LNbits requests. --- src/integration/lightning/lightning-client.ts | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/integration/lightning/lightning-client.ts b/src/integration/lightning/lightning-client.ts index 39a1a3b5e2..570132153d 100644 --- a/src/integration/lightning/lightning-client.ts +++ b/src/integration/lightning/lightning-client.ts @@ -27,10 +27,12 @@ import { CoinOnly } from 'src/integration/blockchain/shared/util/blockchain-clie import { LightningHelper } from './lightning-helper'; export class LightningClient implements CoinOnly { - private readonly lndAgent: Agent; + // LND and LNbits both serve the self-signed LND certificate (reached via + // private IP on PRD), so requests must be verified against this CA, not the system CAs + private readonly tlsAgent: Agent; constructor(private readonly http: HttpService) { - this.lndAgent = new Agent({ ca: Config.blockchain.lightning.certificate }); + this.tlsAgent = new Agent({ ca: Config.blockchain.lightning.certificate }); } // --- LND --- // @@ -363,13 +365,14 @@ export class LightningClient implements CoinOnly { private httpLnBitsConfig(params?: any): HttpRequestConfig { return { + httpsAgent: this.tlsAgent, params: { 'api-key': Config.blockchain.lightning.lnbits.apiKey, ...params }, }; } private httpLndConfig(): HttpRequestConfig { return { - httpsAgent: this.lndAgent, + httpsAgent: this.tlsAgent, headers: { 'Grpc-Metadata-macaroon': Config.blockchain.lightning.lnd.adminMacaroon }, }; }