@@ -77,7 +77,7 @@ use std::sync::atomic::AtomicBool;
7777use std:: sync:: { Arc , Mutex , RwLock } ;
7878use std:: time:: SystemTime ;
7979#[ cfg( any( vss, vss_test) ) ]
80- use vss_client:: headers:: { FixedHeaders , VssHeaderProvider } ;
80+ use vss_client:: headers:: { FixedHeaders , LnurlAuthToJwtProvider , VssHeaderProvider } ;
8181
8282#[ derive( Debug , Clone ) ]
8383enum ChainDataSourceConfig {
@@ -361,10 +361,66 @@ impl NodeBuilder {
361361 self . build_with_store ( kv_store)
362362 }
363363
364+ /// Builds a [`Node`] instance with a [VSS] backend and according to the options
365+ /// previously configured.
366+ ///
367+ /// Uses [LNURL-Auth] as default method for authentication/authorization.
368+ ///
369+ /// The LNURL with the challenge will be retrieved by making a request to the given `lnurl_auth_server_url`.
370+ /// The returned JWT token in response to the signed LNURL request, will be used for
371+ /// authentication/authorization of all the requests made to VSS.
372+ ///
373+ /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL Auth server.
374+ ///
375+ /// **Caution**: VSS support is in **alpha** and is considered experimental.
376+ /// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are
377+ /// unrecoverable, i.e., if they remain unresolved after internal retries are exhausted.
378+ ///
379+ /// [VSS]: https://github.com/lightningdevkit/vss-server/blob/main/README.md
380+ /// [LNURL-Auth]: https://github.com/lnurl/luds/blob/luds/04.md
381+ #[ cfg( any( vss, vss_test) ) ]
382+ pub fn build_with_vss_store (
383+ & self , vss_url : String , store_id : String , lnurl_auth_server_url : String ,
384+ fixed_headers : HashMap < String , String > ,
385+ ) -> Result < Node , BuildError > {
386+ use bitcoin:: key:: Secp256k1 ;
387+
388+ let logger = setup_logger ( & self . config ) ?;
389+
390+ let seed_bytes = seed_bytes_from_config (
391+ & self . config ,
392+ self . entropy_source_config . as_ref ( ) ,
393+ Arc :: clone ( & logger) ,
394+ ) ?;
395+
396+ let config = Arc :: new ( self . config . clone ( ) ) ;
397+
398+ let vss_xprv = derive_vss_xprv ( config, & seed_bytes, logger. clone ( ) ) ?;
399+
400+ let lnurl_auth_xprv = vss_xprv
401+ . derive_priv ( & Secp256k1 :: new ( ) , & [ ChildNumber :: Hardened { index : 138 } ] )
402+ . map_err ( |e| {
403+ log_error ! ( logger, "Failed to derive VSS secret: {}" , e) ;
404+ BuildError :: KVStoreSetupFailed
405+ } ) ?;
406+
407+ let lnurl_auth_jwt_provider =
408+ LnurlAuthToJwtProvider :: new ( lnurl_auth_xprv, lnurl_auth_server_url, fixed_headers)
409+ . map_err ( |e| {
410+ log_error ! ( logger, "Failed to create LnurlAuthToJwtProvider: {}" , e) ;
411+ BuildError :: KVStoreSetupFailed
412+ } ) ?;
413+
414+ let header_provider = Arc :: new ( lnurl_auth_jwt_provider) ;
415+
416+ self . build_with_vss_store_and_header_provider ( vss_url, store_id, header_provider)
417+ }
418+
364419 /// Builds a [`Node`] instance with a [VSS] backend and according to the options
365420/// previously configured.
366421///
367422/// Uses [`FixedHeaders`] as default method for authentication/authorization.
423+ ///
368424/// Given `fixed_headers` are included as it is in all the requests made to VSS.
369425///
370426/// **Caution**: VSS support is in **alpha** and is considered experimental.
0 commit comments