• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

lightningnetwork / lnd / 18016273007

25 Sep 2025 05:55PM UTC coverage: 54.653% (-12.0%) from 66.622%
18016273007

Pull #10248

github

web-flow
Merge 128443298 into b09b20c69
Pull Request #10248: Enforce TLV when creating a Route

25 of 30 new or added lines in 4 files covered. (83.33%)

23906 existing lines in 281 files now uncovered.

109536 of 200421 relevant lines covered (54.65%)

21816.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

34.32
/lnrpc/invoicesrpc/addinvoice.go
1
package invoicesrpc
2

3
import (
4
        "bytes"
5
        "context"
6
        "crypto/rand"
7
        "errors"
8
        "fmt"
9
        "math"
10
        mathRand "math/rand"
11
        "sort"
12
        "time"
13

14
        "github.com/btcsuite/btcd/btcec/v2"
15
        "github.com/btcsuite/btcd/btcec/v2/ecdsa"
16
        "github.com/btcsuite/btcd/btcutil"
17
        "github.com/btcsuite/btcd/chaincfg"
18
        "github.com/btcsuite/btcd/chaincfg/chainhash"
19
        "github.com/btcsuite/btcd/wire"
20
        "github.com/lightningnetwork/lnd/channeldb"
21
        "github.com/lightningnetwork/lnd/graph/db/models"
22
        "github.com/lightningnetwork/lnd/invoices"
23
        "github.com/lightningnetwork/lnd/lntypes"
24
        "github.com/lightningnetwork/lnd/lnutils"
25
        "github.com/lightningnetwork/lnd/lnwire"
26
        "github.com/lightningnetwork/lnd/netann"
27
        "github.com/lightningnetwork/lnd/routing"
28
        "github.com/lightningnetwork/lnd/routing/blindedpath"
29
        "github.com/lightningnetwork/lnd/routing/route"
30
        "github.com/lightningnetwork/lnd/zpay32"
31
)
32

33
const (
34
        // DefaultInvoiceExpiry is the default invoice expiry for new MPP
35
        // invoices.
36
        DefaultInvoiceExpiry = 24 * time.Hour
37

38
        // DefaultAMPInvoiceExpiry is the default invoice expiry for new AMP
39
        // invoices.
40
        DefaultAMPInvoiceExpiry = 30 * 24 * time.Hour
41

42
        // hopHintFactor is factor by which we scale the total amount of
43
        // inbound capacity we want our hop hints to represent, allowing us to
44
        // have some leeway if peers go offline.
45
        hopHintFactor = 2
46

47
        // maxHopHints is the maximum number of hint paths that will be included
48
        // in an invoice.
49
        maxHopHints = 20
50
)
51

52
// AddInvoiceConfig contains dependencies for invoice creation.
53
type AddInvoiceConfig struct {
54
        // AddInvoice is called to add the invoice to the registry.
55
        AddInvoice func(ctx context.Context, invoice *invoices.Invoice,
56
                paymentHash lntypes.Hash) (uint64, error)
57

58
        // IsChannelActive is used to generate valid hop hints.
59
        IsChannelActive func(chanID lnwire.ChannelID) bool
60

61
        // ChainParams are required to properly decode invoice payment requests
62
        // that are marshalled over rpc.
63
        ChainParams *chaincfg.Params
64

65
        // NodeSigner is an implementation of the MessageSigner implementation
66
        // that's backed by the identity private key of the running lnd node.
67
        NodeSigner *netann.NodeSigner
68

69
        // DefaultCLTVExpiry is the default invoice expiry if no values is
70
        // specified.
71
        DefaultCLTVExpiry uint32
72

73
        // ChanDB is a global boltdb instance which is needed to access the
74
        // channel graph.
75
        ChanDB *channeldb.ChannelStateDB
76

77
        // Graph gives the invoice server access to various graph related
78
        // queries.
79
        Graph GraphSource
80

81
        // GenInvoiceFeatures returns a feature containing feature bits that
82
        // should be advertised on freshly generated invoices.
83
        GenInvoiceFeatures func() *lnwire.FeatureVector
84

85
        // GenAmpInvoiceFeatures returns a feature containing feature bits that
86
        // should be advertised on freshly generated AMP invoices.
87
        GenAmpInvoiceFeatures func() *lnwire.FeatureVector
88

89
        // GetAlias allows the peer's alias SCID to be retrieved for private
90
        // option_scid_alias channels.
91
        GetAlias func(lnwire.ChannelID) (lnwire.ShortChannelID, error)
92

93
        // BestHeight returns the current best block height that this node is
94
        // aware of.
95
        BestHeight func() (uint32, error)
96

97
        // QueryBlindedRoutes can be used to generate a few routes to this node
98
        // that can then be used in the construction of a blinded payment path.
99
        QueryBlindedRoutes func(lnwire.MilliSatoshi) ([]*route.Route, error)
100
}
101

102
// AddInvoiceData contains the required data to create a new invoice.
103
type AddInvoiceData struct {
104
        // An optional memo to attach along with the invoice. Used for record
105
        // keeping purposes for the invoice's creator, and will also be set in
106
        // the description field of the encoded payment request if the
107
        // description_hash field is not being used.
108
        Memo string
109

110
        // The preimage which will allow settling an incoming HTLC payable to
111
        // this preimage. If Preimage is set, Hash should be nil. If both
112
        // Preimage and Hash are nil, a random preimage is generated.
113
        Preimage *lntypes.Preimage
114

115
        // The hash of the preimage. If Hash is set, Preimage should be nil.
116
        // This condition indicates that we have a 'hold invoice' for which the
117
        // htlc will be accepted and held until the preimage becomes known.
118
        Hash *lntypes.Hash
119

120
        // The value of this invoice in millisatoshis.
121
        Value lnwire.MilliSatoshi
122

123
        // Hash (SHA-256) of a description of the payment. Used if the
124
        // description of payment (memo) is too long to naturally fit within the
125
        // description field of an encoded payment request.
126
        DescriptionHash []byte
127

128
        // Payment request expiry time in seconds. Default is 3600 (1 hour).
129
        Expiry int64
130

131
        // Fallback on-chain address.
132
        FallbackAddr string
133

134
        // Delta to use for the time-lock of the CLTV extended to the final hop.
135
        CltvExpiry uint64
136

137
        // Whether this invoice should include routing hints for private
138
        // channels.
139
        Private bool
140

141
        // HodlInvoice signals that this invoice shouldn't be settled
142
        // immediately upon receiving the payment.
143
        HodlInvoice bool
144

145
        // Amp signals whether or not to create an AMP invoice.
146
        //
147
        // NOTE: Preimage should always be set to nil when this value is true.
148
        Amp bool
149

150
        // BlindedPathCfg holds the config values to use when constructing
151
        // blinded paths to add to the invoice. A non-nil BlindedPathCfg signals
152
        // that this invoice should disguise the location of the recipient by
153
        // adding blinded payment paths to the invoice instead of revealing the
154
        // destination node's real pub key.
155
        BlindedPathCfg *BlindedPathConfig
156

157
        // RouteHints are optional route hints that can each be individually
158
        // used to assist in reaching the invoice's destination.
159
        RouteHints [][]zpay32.HopHint
160
}
161

162
// BlindedPathConfig holds the configuration values required for blinded path
163
// generation for invoices.
164
type BlindedPathConfig struct {
165
        // RoutePolicyIncrMultiplier is the amount by which policy values for
166
        // hops in a blinded route will be bumped to avoid easy probing. For
167
        // example, a multiplier of 1.1 will bump all appropriate the values
168
        // (base fee, fee rate, CLTV delta and min HLTC) by 10%.
169
        RoutePolicyIncrMultiplier float64
170

171
        // RoutePolicyDecrMultiplier is the amount by which appropriate policy
172
        // values for hops in a blinded route will be decreased to avoid easy
173
        // probing. For example, a multiplier of 0.9 will reduce appropriate
174
        // values (like maximum HTLC) by 10%.
175
        RoutePolicyDecrMultiplier float64
176

177
        // MinNumPathHops is the minimum number of hops that a blinded path
178
        // should be. Dummy hops will be used to pad any route with a length
179
        // less than this.
180
        MinNumPathHops uint8
181

182
        // DefaultDummyHopPolicy holds the default policy values to use for
183
        // dummy hops in a blinded path in the case where they cant be derived
184
        // through other means.
185
        DefaultDummyHopPolicy *blindedpath.BlindedHopPolicy
186
}
187

188
// paymentHashAndPreimage returns the payment hash and preimage for this invoice
189
// depending on the configuration.
190
//
191
// For AMP invoices (when Amp flag is true), this method always returns a nil
192
// preimage. The hash value can be set externally by the user using the Hash
193
// field, or one will be generated randomly. The payment hash here only serves
194
// as a unique identifier for insertion into the invoice index, as there is
195
// no universal preimage for an AMP payment.
196
//
197
// For MPP invoices (when Amp flag is false), this method may return nil
198
// preimage when create a hodl invoice, but otherwise will always return a
199
// non-nil preimage and the corresponding payment hash. The valid combinations
200
// are parsed as follows:
201
//   - Preimage == nil && Hash == nil -> (random preimage, H(random preimage))
202
//   - Preimage != nil && Hash == nil -> (Preimage, H(Preimage))
203
//   - Preimage == nil && Hash != nil -> (nil, Hash)
204
func (d *AddInvoiceData) paymentHashAndPreimage() (
UNCOV
205
        *lntypes.Preimage, lntypes.Hash, error) {
×
UNCOV
206

×
UNCOV
207
        if d.Amp {
×
UNCOV
208
                return d.ampPaymentHashAndPreimage()
×
UNCOV
209
        }
×
210

UNCOV
211
        return d.mppPaymentHashAndPreimage()
×
212
}
213

214
// ampPaymentHashAndPreimage returns the payment hash to use for an AMP invoice.
215
// The preimage will always be nil.
216
func (d *AddInvoiceData) ampPaymentHashAndPreimage() (*lntypes.Preimage,
UNCOV
217
        lntypes.Hash, error) {
×
UNCOV
218

×
UNCOV
219
        switch {
×
220
        // Preimages cannot be set on AMP invoice.
221
        case d.Preimage != nil:
×
222
                return nil, lntypes.Hash{},
×
223
                        errors.New("preimage set on AMP invoice")
×
224

225
        // If a specific hash was requested, use that.
226
        case d.Hash != nil:
×
227
                return nil, *d.Hash, nil
×
228

229
        // Otherwise generate a random hash value, just needs to be unique to be
230
        // added to the invoice index.
UNCOV
231
        default:
×
UNCOV
232
                var paymentHash lntypes.Hash
×
UNCOV
233
                if _, err := rand.Read(paymentHash[:]); err != nil {
×
234
                        return nil, lntypes.Hash{}, err
×
235
                }
×
236

UNCOV
237
                return nil, paymentHash, nil
×
238
        }
239
}
240

241
// mppPaymentHashAndPreimage returns the payment hash and preimage to use for an
242
// MPP invoice.
243
func (d *AddInvoiceData) mppPaymentHashAndPreimage() (*lntypes.Preimage,
UNCOV
244
        lntypes.Hash, error) {
×
UNCOV
245

×
UNCOV
246
        var (
×
UNCOV
247
                paymentPreimage *lntypes.Preimage
×
UNCOV
248
                paymentHash     lntypes.Hash
×
UNCOV
249
        )
×
UNCOV
250

×
UNCOV
251
        switch {
×
252

253
        // Only either preimage or hash can be set.
254
        case d.Preimage != nil && d.Hash != nil:
×
255
                return nil, lntypes.Hash{},
×
256
                        errors.New("preimage and hash both set")
×
257

258
        // If no hash or preimage is given, generate a random preimage.
UNCOV
259
        case d.Preimage == nil && d.Hash == nil:
×
UNCOV
260
                paymentPreimage = &lntypes.Preimage{}
×
UNCOV
261
                if _, err := rand.Read(paymentPreimage[:]); err != nil {
×
262
                        return nil, lntypes.Hash{}, err
×
263
                }
×
UNCOV
264
                paymentHash = paymentPreimage.Hash()
×
265

266
        // If just a hash is given, we create a hold invoice by setting the
267
        // preimage to unknown.
UNCOV
268
        case d.Preimage == nil && d.Hash != nil:
×
UNCOV
269
                paymentHash = *d.Hash
×
270

271
        // A specific preimage was supplied. Use that for the invoice.
UNCOV
272
        case d.Preimage != nil && d.Hash == nil:
×
UNCOV
273
                preimage := *d.Preimage
×
UNCOV
274
                paymentPreimage = &preimage
×
UNCOV
275
                paymentHash = d.Preimage.Hash()
×
276
        }
277

UNCOV
278
        return paymentPreimage, paymentHash, nil
×
279
}
280

281
// AddInvoice attempts to add a new invoice to the invoice database. Any
282
// duplicated invoices are rejected, therefore all invoices *must* have a
283
// unique payment preimage.
284
func AddInvoice(ctx context.Context, cfg *AddInvoiceConfig,
UNCOV
285
        invoice *AddInvoiceData) (*lntypes.Hash, *invoices.Invoice, error) {
×
UNCOV
286

×
UNCOV
287
        blind := invoice.BlindedPathCfg != nil
×
UNCOV
288

×
UNCOV
289
        if invoice.Amp && blind {
×
290
                return nil, nil, fmt.Errorf("AMP invoices with blinded paths " +
×
291
                        "are not yet supported")
×
292
        }
×
293

UNCOV
294
        paymentPreimage, paymentHash, err := invoice.paymentHashAndPreimage()
×
UNCOV
295
        if err != nil {
×
296
                return nil, nil, err
×
297
        }
×
298

299
        // The size of the memo, receipt and description hash attached must not
300
        // exceed the maximum values for either of the fields.
UNCOV
301
        if len(invoice.Memo) > invoices.MaxMemoSize {
×
302
                return nil, nil, fmt.Errorf("memo too large: %v bytes "+
×
303
                        "(maxsize=%v)", len(invoice.Memo),
×
304
                        invoices.MaxMemoSize)
×
305
        }
×
UNCOV
306
        if len(invoice.DescriptionHash) > 0 &&
×
UNCOV
307
                len(invoice.DescriptionHash) != 32 {
×
308

×
309
                return nil, nil, fmt.Errorf("description hash is %v bytes, "+
×
310
                        "must be 32", len(invoice.DescriptionHash))
×
311
        }
×
312

313
        // We set the max invoice amount to 100k BTC, which itself is several
314
        // multiples off the current block reward.
UNCOV
315
        maxInvoiceAmt := btcutil.Amount(btcutil.SatoshiPerBitcoin * 100000)
×
UNCOV
316

×
UNCOV
317
        switch {
×
318
        // The value of the invoice must not be negative.
319
        case int64(invoice.Value) < 0:
×
320
                return nil, nil, fmt.Errorf("payments of negative value "+
×
321
                        "are not allowed, value is %v", int64(invoice.Value))
×
322

323
        // Also ensure that the invoice is actually realistic, while preventing
324
        // any issues due to underflow.
325
        case invoice.Value.ToSatoshis() > maxInvoiceAmt:
×
326
                return nil, nil, fmt.Errorf("invoice amount %v is "+
×
327
                        "too large, max is %v", invoice.Value.ToSatoshis(),
×
328
                        maxInvoiceAmt)
×
329
        }
330

UNCOV
331
        amtMSat := invoice.Value
×
UNCOV
332

×
UNCOV
333
        // We also create an encoded payment request which allows the
×
UNCOV
334
        // caller to compactly send the invoice to the payer. We'll create a
×
UNCOV
335
        // list of options to be added to the encoded payment request. For now
×
UNCOV
336
        // we only support the required fields description/description_hash,
×
UNCOV
337
        // expiry, fallback address, and the amount field.
×
UNCOV
338
        var options []func(*zpay32.Invoice)
×
UNCOV
339

×
UNCOV
340
        // We only include the amount in the invoice if it is greater than 0.
×
UNCOV
341
        // By not including the amount, we enable the creation of invoices that
×
UNCOV
342
        // allow the payer to specify the amount of satoshis they wish to send.
×
UNCOV
343
        if amtMSat > 0 {
×
UNCOV
344
                options = append(options, zpay32.Amount(amtMSat))
×
UNCOV
345
        }
×
346

347
        // If specified, add a fallback address to the payment request.
UNCOV
348
        if len(invoice.FallbackAddr) > 0 {
×
349
                addr, err := btcutil.DecodeAddress(
×
350
                        invoice.FallbackAddr, cfg.ChainParams,
×
351
                )
×
352
                if err != nil {
×
353
                        return nil, nil, fmt.Errorf("invalid fallback "+
×
354
                                "address: %v", err)
×
355
                }
×
356

357
                if !addr.IsForNet(cfg.ChainParams) {
×
358
                        return nil, nil, fmt.Errorf("fallback address is not "+
×
359
                                "for %s", cfg.ChainParams.Name)
×
360
                }
×
361

362
                options = append(options, zpay32.FallbackAddr(addr))
×
363
        }
364

UNCOV
365
        var expiry time.Duration
×
UNCOV
366
        switch {
×
367
        // An invoice expiry has been provided by the caller.
368
        case invoice.Expiry > 0:
×
369

×
370
                // We'll ensure that the specified expiry is restricted to sane
×
371
                // number of seconds. As a result, we'll reject an invoice with
×
372
                // an expiry greater than 1 year.
×
373
                maxExpiry := time.Hour * 24 * 365
×
374
                expSeconds := invoice.Expiry
×
375

×
376
                if float64(expSeconds) > maxExpiry.Seconds() {
×
377
                        return nil, nil, fmt.Errorf("expiry of %v seconds "+
×
378
                                "greater than max expiry of %v seconds",
×
379
                                float64(expSeconds), maxExpiry.Seconds())
×
380
                }
×
381

382
                expiry = time.Duration(invoice.Expiry) * time.Second
×
383

384
        // If no custom expiry is provided, use the default MPP expiry.
UNCOV
385
        case !invoice.Amp:
×
UNCOV
386
                expiry = DefaultInvoiceExpiry
×
387

388
        // Otherwise, use the default AMP expiry.
UNCOV
389
        default:
×
UNCOV
390
                expiry = DefaultAMPInvoiceExpiry
×
391
        }
392

UNCOV
393
        options = append(options, zpay32.Expiry(expiry))
×
UNCOV
394

×
UNCOV
395
        // If the description hash is set, then we add it do the list of
×
UNCOV
396
        // options. If not, use the memo field as the payment request
×
UNCOV
397
        // description.
×
UNCOV
398
        if len(invoice.DescriptionHash) > 0 {
×
399
                var descHash [32]byte
×
400
                copy(descHash[:], invoice.DescriptionHash[:])
×
401
                options = append(options, zpay32.DescriptionHash(descHash))
×
UNCOV
402
        } else {
×
UNCOV
403
                // Use the memo field as the description. If this is not set
×
UNCOV
404
                // this will just be an empty string.
×
UNCOV
405
                options = append(options, zpay32.Description(invoice.Memo))
×
UNCOV
406
        }
×
407

UNCOV
408
        if invoice.CltvExpiry > routing.MaxCLTVDelta {
×
409
                return nil, nil, fmt.Errorf("CLTV delta of %v is too large, "+
×
410
                        "max accepted is: %v", invoice.CltvExpiry,
×
411
                        math.MaxUint16)
×
412
        }
×
413

414
        // We'll use our current default CLTV value unless one was specified as
415
        // an option on the command line when creating an invoice.
UNCOV
416
        cltvExpiryDelta := uint64(cfg.DefaultCLTVExpiry)
×
UNCOV
417
        if invoice.CltvExpiry != 0 {
×
UNCOV
418
                // Disallow user-chosen final CLTV deltas below the required
×
UNCOV
419
                // minimum.
×
UNCOV
420
                if invoice.CltvExpiry < routing.MinCLTVDelta {
×
421
                        return nil, nil, fmt.Errorf("CLTV delta of %v must be "+
×
422
                                "greater than minimum of %v",
×
423
                                invoice.CltvExpiry, routing.MinCLTVDelta)
×
424
                }
×
425

UNCOV
426
                cltvExpiryDelta = invoice.CltvExpiry
×
427
        }
428

429
        // Only include a final CLTV expiry delta if this is not a blinded
430
        // invoice. In a blinded invoice, this value will be added to the total
431
        // blinded route CLTV delta value
UNCOV
432
        if !blind {
×
UNCOV
433
                options = append(options, zpay32.CLTVExpiry(cltvExpiryDelta))
×
UNCOV
434
        }
×
435

436
        // We make sure that the given invoice routing hints number is within
437
        // the valid range
UNCOV
438
        if len(invoice.RouteHints) > maxHopHints {
×
439
                return nil, nil, fmt.Errorf("number of routing hints must "+
×
440
                        "not exceed maximum of %v", maxHopHints)
×
441
        }
×
442

443
        // Include route hints if needed.
UNCOV
444
        if len(invoice.RouteHints) > 0 || invoice.Private {
×
UNCOV
445
                if blind {
×
446
                        return nil, nil, fmt.Errorf("can't set both hop " +
×
447
                                "hints and add blinded payment paths")
×
448
                }
×
449

450
                // Validate provided hop hints.
UNCOV
451
                for _, hint := range invoice.RouteHints {
×
UNCOV
452
                        if len(hint) == 0 {
×
453
                                return nil, nil, fmt.Errorf("number of hop " +
×
454
                                        "hint within a route must be positive")
×
455
                        }
×
456
                }
457

UNCOV
458
                totalHopHints := len(invoice.RouteHints)
×
UNCOV
459
                if invoice.Private {
×
UNCOV
460
                        totalHopHints = maxHopHints
×
UNCOV
461
                }
×
462

UNCOV
463
                hopHintsCfg := newSelectHopHintsCfg(cfg, totalHopHints)
×
UNCOV
464
                hopHints, err := PopulateHopHints(
×
UNCOV
465
                        hopHintsCfg, amtMSat, invoice.RouteHints,
×
UNCOV
466
                )
×
UNCOV
467
                if err != nil {
×
468
                        return nil, nil, fmt.Errorf("unable to populate hop "+
×
469
                                "hints: %v", err)
×
470
                }
×
471

472
                // Convert our set of selected hop hints into route
473
                // hints and add to our invoice options.
UNCOV
474
                for _, hopHint := range hopHints {
×
UNCOV
475
                        routeHint := zpay32.RouteHint(hopHint)
×
UNCOV
476

×
UNCOV
477
                        options = append(
×
UNCOV
478
                                options, routeHint,
×
UNCOV
479
                        )
×
UNCOV
480
                }
×
481
        }
482

483
        // Set our desired invoice features and add them to our list of options.
UNCOV
484
        var invoiceFeatures *lnwire.FeatureVector
×
UNCOV
485
        if invoice.Amp {
×
UNCOV
486
                invoiceFeatures = cfg.GenAmpInvoiceFeatures()
×
UNCOV
487
        } else {
×
UNCOV
488
                invoiceFeatures = cfg.GenInvoiceFeatures()
×
UNCOV
489
        }
×
UNCOV
490
        options = append(options, zpay32.Features(invoiceFeatures))
×
UNCOV
491

×
UNCOV
492
        // Generate and set a random payment address for this payment. If the
×
UNCOV
493
        // sender understands payment addresses, this can be used to avoid
×
UNCOV
494
        // intermediaries probing the receiver. If the invoice does not have
×
UNCOV
495
        // blinded paths, then this will be encoded in the invoice itself.
×
UNCOV
496
        // Otherwise, it will instead be embedded in the encrypted recipient
×
UNCOV
497
        // data of blinded paths. In the blinded path case, this will be used
×
UNCOV
498
        // for the PathID.
×
UNCOV
499
        var paymentAddr [32]byte
×
UNCOV
500
        if _, err := rand.Read(paymentAddr[:]); err != nil {
×
501
                return nil, nil, err
×
502
        }
×
503

UNCOV
504
        if blind {
×
UNCOV
505
                blindCfg := invoice.BlindedPathCfg
×
UNCOV
506

×
UNCOV
507
                // Use the 10-min-per-block assumption to get a rough estimate
×
UNCOV
508
                // of the number of blocks until the invoice expires. We want
×
UNCOV
509
                // to make sure that the blinded path definitely does not expire
×
UNCOV
510
                // before the invoice does, and so we add a healthy buffer.
×
UNCOV
511
                invoiceExpiry := uint32(expiry.Minutes() / 10)
×
UNCOV
512
                blindedPathExpiry := invoiceExpiry * 2
×
UNCOV
513

×
UNCOV
514
                // Add BlockPadding to the finalCltvDelta so that the receiving
×
UNCOV
515
                // node does not reject the HTLC if some blocks are mined while
×
UNCOV
516
                // the payment is in-flight. Note that unlike vanilla invoices,
×
UNCOV
517
                // with blinded paths, the recipient is responsible for adding
×
UNCOV
518
                // this block padding instead of the sender.
×
UNCOV
519
                finalCLTVDelta := uint32(cltvExpiryDelta)
×
UNCOV
520
                finalCLTVDelta += uint32(routing.BlockPadding)
×
UNCOV
521

×
UNCOV
522
                //nolint:ll
×
UNCOV
523
                paths, err := blindedpath.BuildBlindedPaymentPaths(
×
UNCOV
524
                        &blindedpath.BuildBlindedPathCfg{
×
UNCOV
525
                                FindRoutes:              cfg.QueryBlindedRoutes,
×
UNCOV
526
                                FetchChannelEdgesByID:   cfg.Graph.FetchChannelEdgesByID,
×
UNCOV
527
                                FetchOurOpenChannels:    cfg.ChanDB.FetchAllOpenChannels,
×
UNCOV
528
                                PathID:                  paymentAddr[:],
×
UNCOV
529
                                ValueMsat:               invoice.Value,
×
UNCOV
530
                                BestHeight:              cfg.BestHeight,
×
UNCOV
531
                                MinFinalCLTVExpiryDelta: finalCLTVDelta,
×
UNCOV
532
                                BlocksUntilExpiry:       blindedPathExpiry,
×
UNCOV
533
                                AddPolicyBuffer: func(
×
UNCOV
534
                                        p *blindedpath.BlindedHopPolicy) (
×
UNCOV
535
                                        *blindedpath.BlindedHopPolicy, error) {
×
UNCOV
536

×
UNCOV
537
                                        //nolint:ll
×
UNCOV
538
                                        return blindedpath.AddPolicyBuffer(
×
UNCOV
539
                                                p, blindCfg.RoutePolicyIncrMultiplier,
×
UNCOV
540
                                                blindCfg.RoutePolicyDecrMultiplier,
×
UNCOV
541
                                        )
×
UNCOV
542
                                },
×
543
                                MinNumHops:            blindCfg.MinNumPathHops,
544
                                DefaultDummyHopPolicy: blindCfg.DefaultDummyHopPolicy,
545
                        },
546
                )
UNCOV
547
                if err != nil {
×
UNCOV
548
                        return nil, nil, err
×
UNCOV
549
                }
×
550

UNCOV
551
                for _, path := range paths {
×
UNCOV
552
                        options = append(options, zpay32.WithBlindedPaymentPath(
×
UNCOV
553
                                path,
×
UNCOV
554
                        ))
×
UNCOV
555
                }
×
UNCOV
556
        } else {
×
UNCOV
557
                options = append(options, zpay32.PaymentAddr(paymentAddr))
×
UNCOV
558
        }
×
559

560
        // Create and encode the payment request as a bech32 (zpay32) string.
UNCOV
561
        creationDate := time.Now()
×
UNCOV
562
        payReq, err := zpay32.NewInvoice(
×
UNCOV
563
                cfg.ChainParams, paymentHash, creationDate, options...,
×
UNCOV
564
        )
×
UNCOV
565
        if err != nil {
×
566
                return nil, nil, err
×
567
        }
×
568

UNCOV
569
        payReqString, err := payReq.Encode(zpay32.MessageSigner{
×
UNCOV
570
                SignCompact: func(msg []byte) ([]byte, error) {
×
UNCOV
571
                        // For an invoice without a blinded path, the main node
×
UNCOV
572
                        // key is used to sign the invoice so that the sender
×
UNCOV
573
                        // can derive the true pub key of the recipient.
×
UNCOV
574
                        if !blind {
×
UNCOV
575
                                return cfg.NodeSigner.SignMessageCompact(
×
UNCOV
576
                                        msg, false,
×
UNCOV
577
                                )
×
UNCOV
578
                        }
×
579

580
                        // For an invoice with a blinded path, we use an
581
                        // ephemeral key to sign the invoice since we don't want
582
                        // the sender to be able to know the real pub key of
583
                        // the recipient.
UNCOV
584
                        ephemKey, err := btcec.NewPrivateKey()
×
UNCOV
585
                        if err != nil {
×
586
                                return nil, err
×
587
                        }
×
588

UNCOV
589
                        return ecdsa.SignCompact(
×
UNCOV
590
                                ephemKey, chainhash.HashB(msg), true,
×
UNCOV
591
                        ), nil
×
592
                },
593
        })
UNCOV
594
        if err != nil {
×
595
                return nil, nil, err
×
596
        }
×
597

UNCOV
598
        newInvoice := &invoices.Invoice{
×
UNCOV
599
                CreationDate:   creationDate,
×
UNCOV
600
                Memo:           []byte(invoice.Memo),
×
UNCOV
601
                PaymentRequest: []byte(payReqString),
×
UNCOV
602
                Terms: invoices.ContractTerm{
×
UNCOV
603
                        FinalCltvDelta:  int32(payReq.MinFinalCLTVExpiry()),
×
UNCOV
604
                        Expiry:          payReq.Expiry(),
×
UNCOV
605
                        Value:           amtMSat,
×
UNCOV
606
                        PaymentPreimage: paymentPreimage,
×
UNCOV
607
                        PaymentAddr:     paymentAddr,
×
UNCOV
608
                        Features:        invoiceFeatures,
×
UNCOV
609
                },
×
UNCOV
610
                HodlInvoice: invoice.HodlInvoice,
×
UNCOV
611
        }
×
UNCOV
612

×
UNCOV
613
        log.Tracef("[addinvoice] adding new invoice %v",
×
UNCOV
614
                lnutils.SpewLogClosure(newInvoice))
×
UNCOV
615

×
UNCOV
616
        // With all sanity checks passed, write the invoice to the database.
×
UNCOV
617
        _, err = cfg.AddInvoice(ctx, newInvoice, paymentHash)
×
UNCOV
618
        if err != nil {
×
619
                return nil, nil, err
×
620
        }
×
621

UNCOV
622
        return &paymentHash, newInvoice, nil
×
623
}
624

625
// chanCanBeHopHint returns true if the target channel is eligible to be a hop
626
// hint.
627
func chanCanBeHopHint(channel *HopHintInfo, cfg *SelectHopHintsCfg) (
628
        *models.ChannelEdgePolicy, bool) {
17✔
629

17✔
630
        // Since we're only interested in our private channels, we'll skip
17✔
631
        // public ones.
17✔
632
        if channel.IsPublic {
18✔
633
                return nil, false
1✔
634
        }
1✔
635

636
        // Make sure the channel is active.
637
        if !channel.IsActive {
17✔
638
                log.Debugf("Skipping channel %v due to not "+
1✔
639
                        "being eligible to forward payments",
1✔
640
                        channel.ShortChannelID)
1✔
641
                return nil, false
1✔
642
        }
1✔
643

644
        // To ensure we don't leak unadvertised nodes, we'll make sure our
645
        // counterparty is publicly advertised within the network.  Otherwise,
646
        // we'll end up leaking information about nodes that intend to stay
647
        // unadvertised, like in the case of a node only having private
648
        // channels.
649
        var remotePub [33]byte
15✔
650
        copy(remotePub[:], channel.RemotePubkey.SerializeCompressed())
15✔
651
        isRemoteNodePublic, err := cfg.IsPublicNode(remotePub)
15✔
652
        if err != nil {
15✔
653
                log.Errorf("Unable to determine if node %x "+
×
654
                        "is advertised: %v", remotePub, err)
×
655
                return nil, false
×
656
        }
×
657

658
        if !isRemoteNodePublic {
16✔
659
                log.Debugf("Skipping channel %v due to "+
1✔
660
                        "counterparty %x being unadvertised",
1✔
661
                        channel.ShortChannelID, remotePub)
1✔
662
                return nil, false
1✔
663
        }
1✔
664

665
        // Fetch the policies for each end of the channel.
666
        info, p1, p2, err := cfg.FetchChannelEdgesByID(channel.ShortChannelID)
14✔
667
        if err != nil {
15✔
668
                // In the case of zero-conf channels, it may be the case that
1✔
669
                // the alias SCID was deleted from the graph, and replaced by
1✔
670
                // the confirmed SCID. Check the Graph for the confirmed SCID.
1✔
671
                confirmedScid := channel.ConfirmedScidZC
1✔
672
                info, p1, p2, err = cfg.FetchChannelEdgesByID(confirmedScid)
1✔
673
                if err != nil {
2✔
674
                        log.Errorf("Unable to fetch the routing policies for "+
1✔
675
                                "the edges of the channel %v: %v",
1✔
676
                                channel.ShortChannelID, err)
1✔
677
                        return nil, false
1✔
678
                }
1✔
679
        }
680

681
        // Now, we'll need to determine which is the correct policy for HTLCs
682
        // being sent from the remote node.
683
        var remotePolicy *models.ChannelEdgePolicy
13✔
684
        if bytes.Equal(remotePub[:], info.NodeKey1Bytes[:]) {
14✔
685
                remotePolicy = p1
1✔
686
        } else {
13✔
687
                remotePolicy = p2
12✔
688
        }
12✔
689

690
        return remotePolicy, true
13✔
691
}
692

693
// HopHintInfo contains the channel information required to create a hop hint.
694
type HopHintInfo struct {
695
        // IsPublic indicates whether a channel is advertised to the network.
696
        IsPublic bool
697

698
        // IsActive indicates whether the channel is online and available for
699
        // use.
700
        IsActive bool
701

702
        // FundingOutpoint is the funding txid:index for the channel.
703
        FundingOutpoint wire.OutPoint
704

705
        // RemotePubkey is the public key of the remote party that this channel
706
        // is in.
707
        RemotePubkey *btcec.PublicKey
708

709
        // RemoteBalance is the remote party's balance (our current incoming
710
        // capacity).
711
        RemoteBalance lnwire.MilliSatoshi
712

713
        // ShortChannelID is the short channel ID of the channel.
714
        ShortChannelID uint64
715

716
        // ConfirmedScidZC is the confirmed SCID of a zero-conf channel. This
717
        // may be used for looking up a channel in the graph.
718
        ConfirmedScidZC uint64
719

720
        // ScidAliasFeature denotes whether the channel has negotiated the
721
        // option-scid-alias feature bit.
722
        ScidAliasFeature bool
723
}
724

725
func newHopHintInfo(c *channeldb.OpenChannel, isActive bool) *HopHintInfo {
17✔
726
        isPublic := c.ChannelFlags&lnwire.FFAnnounceChannel != 0
17✔
727

17✔
728
        return &HopHintInfo{
17✔
729
                IsPublic:         isPublic,
17✔
730
                IsActive:         isActive,
17✔
731
                FundingOutpoint:  c.FundingOutpoint,
17✔
732
                RemotePubkey:     c.IdentityPub,
17✔
733
                RemoteBalance:    c.LocalCommitment.RemoteBalance,
17✔
734
                ShortChannelID:   c.ShortChannelID.ToUint64(),
17✔
735
                ConfirmedScidZC:  c.ZeroConfRealScid().ToUint64(),
17✔
736
                ScidAliasFeature: c.ChanType.HasScidAliasFeature(),
17✔
737
        }
17✔
738
}
17✔
739

740
// newHopHint returns a new hop hint using the relevant data from a hopHintInfo
741
// and a ChannelEdgePolicy.
742
func newHopHint(hopHintInfo *HopHintInfo,
743
        chanPolicy *models.ChannelEdgePolicy) zpay32.HopHint {
11✔
744

11✔
745
        return zpay32.HopHint{
11✔
746
                NodeID:      hopHintInfo.RemotePubkey,
11✔
747
                ChannelID:   hopHintInfo.ShortChannelID,
11✔
748
                FeeBaseMSat: uint32(chanPolicy.FeeBaseMSat),
11✔
749
                FeeProportionalMillionths: uint32(
11✔
750
                        chanPolicy.FeeProportionalMillionths,
11✔
751
                ),
11✔
752
                CLTVExpiryDelta: chanPolicy.TimeLockDelta,
11✔
753
        }
11✔
754
}
11✔
755

756
// SelectHopHintsCfg contains the dependencies required to obtain hop hints
757
// for an invoice.
758
type SelectHopHintsCfg struct {
759
        // IsPublicNode is returns a bool indicating whether the node with the
760
        // given public key is seen as a public node in the graph from the
761
        // graph's source node's point of view.
762
        IsPublicNode func(pubKey [33]byte) (bool, error)
763

764
        // FetchChannelEdgesByID attempts to lookup the two directed edges for
765
        // the channel identified by the channel ID.
766
        FetchChannelEdgesByID func(chanID uint64) (*models.ChannelEdgeInfo,
767
                *models.ChannelEdgePolicy, *models.ChannelEdgePolicy,
768
                error)
769

770
        // GetAlias allows the peer's alias SCID to be retrieved for private
771
        // option_scid_alias channels.
772
        GetAlias func(lnwire.ChannelID) (lnwire.ShortChannelID, error)
773

774
        // FetchAllChannels retrieves all open channels currently stored
775
        // within the database.
776
        FetchAllChannels func() ([]*channeldb.OpenChannel, error)
777

778
        // IsChannelActive checks whether the channel identified by the provided
779
        // ChannelID is considered active.
780
        IsChannelActive func(chanID lnwire.ChannelID) bool
781

782
        // MaxHopHints is the maximum number of hop hints we are interested in.
783
        MaxHopHints int
784
}
785

786
func newSelectHopHintsCfg(invoicesCfg *AddInvoiceConfig,
UNCOV
787
        maxHopHints int) *SelectHopHintsCfg {
×
UNCOV
788

×
UNCOV
789
        return &SelectHopHintsCfg{
×
UNCOV
790
                FetchAllChannels:      invoicesCfg.ChanDB.FetchAllChannels,
×
UNCOV
791
                IsChannelActive:       invoicesCfg.IsChannelActive,
×
UNCOV
792
                IsPublicNode:          invoicesCfg.Graph.IsPublicNode,
×
UNCOV
793
                FetchChannelEdgesByID: invoicesCfg.Graph.FetchChannelEdgesByID,
×
UNCOV
794
                GetAlias:              invoicesCfg.GetAlias,
×
UNCOV
795
                MaxHopHints:           maxHopHints,
×
UNCOV
796
        }
×
UNCOV
797
}
×
798

799
// sufficientHints checks whether we have sufficient hop hints, based on the
800
// any of the following criteria:
801
//   - Hop hint count: the number of hints have reach our max target.
802
//   - Total incoming capacity (for non-zero invoice amounts): the sum of the
803
//     remote balance amount in the hints is bigger of equal than our target
804
//     (currently twice the invoice amount)
805
//
806
// We limit our number of hop hints like this to keep our invoice size down,
807
// and to avoid leaking all our private channels when we don't need to.
808
func sufficientHints(nHintsLeft int, currentAmount,
809
        targetAmount lnwire.MilliSatoshi) bool {
16✔
810

16✔
811
        if nHintsLeft <= 0 {
20✔
812
                log.Debugf("Reached targeted number of hop hints")
4✔
813
                return true
4✔
814
        }
4✔
815

816
        if targetAmount != 0 && currentAmount >= targetAmount {
14✔
817
                log.Debugf("Total hint amount: %v has reached target hint "+
2✔
818
                        "bandwidth: %v", currentAmount, targetAmount)
2✔
819
                return true
2✔
820
        }
2✔
821

822
        return false
10✔
823
}
824

825
// getPotentialHints returns a slice of open channels that should be considered
826
// for the hopHint list in an invoice. The slice is sorted in descending order
827
// based on the remote balance.
828
func getPotentialHints(cfg *SelectHopHintsCfg) ([]*channeldb.OpenChannel,
829
        error) {
6✔
830

6✔
831
        // TODO(positiveblue): get the channels slice already filtered by
6✔
832
        // private == true and sorted by RemoteBalance?
6✔
833
        openChannels, err := cfg.FetchAllChannels()
6✔
834
        if err != nil {
6✔
835
                return nil, err
×
836
        }
×
837

838
        privateChannels := make([]*channeldb.OpenChannel, 0, len(openChannels))
6✔
839
        for _, oc := range openChannels {
18✔
840
                isPublic := oc.ChannelFlags&lnwire.FFAnnounceChannel != 0
12✔
841
                if !isPublic {
24✔
842
                        privateChannels = append(privateChannels, oc)
12✔
843
                }
12✔
844
        }
845

846
        // Sort the channels in descending remote balance.
847
        compareRemoteBalance := func(i, j int) bool {
12✔
848
                iBalance := privateChannels[i].LocalCommitment.RemoteBalance
6✔
849
                jBalance := privateChannels[j].LocalCommitment.RemoteBalance
6✔
850
                return iBalance > jBalance
6✔
851
        }
6✔
852
        sort.Slice(privateChannels, compareRemoteBalance)
6✔
853

6✔
854
        return privateChannels, nil
6✔
855
}
856

857
// shouldIncludeChannel returns true if the channel passes all the checks to
858
// be a hopHint in a given invoice.
859
func shouldIncludeChannel(cfg *SelectHopHintsCfg,
860
        channel *channeldb.OpenChannel,
861
        alreadyIncluded map[uint64]bool) (zpay32.HopHint, lnwire.MilliSatoshi,
862
        bool) {
18✔
863

18✔
864
        if _, ok := alreadyIncluded[channel.ShortChannelID.ToUint64()]; ok {
19✔
865
                return zpay32.HopHint{}, 0, false
1✔
866
        }
1✔
867

868
        chanID := lnwire.NewChanIDFromOutPoint(
17✔
869
                channel.FundingOutpoint,
17✔
870
        )
17✔
871

17✔
872
        hopHintInfo := newHopHintInfo(channel, cfg.IsChannelActive(chanID))
17✔
873

17✔
874
        // If this channel can't be a hop hint, then skip it.
17✔
875
        edgePolicy, canBeHopHint := chanCanBeHopHint(hopHintInfo, cfg)
17✔
876
        if edgePolicy == nil || !canBeHopHint {
21✔
877
                return zpay32.HopHint{}, 0, false
4✔
878
        }
4✔
879

880
        if hopHintInfo.ScidAliasFeature {
16✔
881
                alias, err := cfg.GetAlias(chanID)
3✔
882
                if err != nil {
3✔
883
                        return zpay32.HopHint{}, 0, false
×
884
                }
×
885

886
                if alias.IsDefault() || alreadyIncluded[alias.ToUint64()] {
5✔
887
                        return zpay32.HopHint{}, 0, false
2✔
888
                }
2✔
889

890
                hopHintInfo.ShortChannelID = alias.ToUint64()
1✔
891
        }
892

893
        // Now that we know this channel use usable, add it as a hop hint and
894
        // the indexes we'll use later.
895
        hopHint := newHopHint(hopHintInfo, edgePolicy)
11✔
896
        return hopHint, hopHintInfo.RemoteBalance, true
11✔
897
}
898

899
// selectHopHints iterates a list of potential hints selecting the valid hop
900
// hints until we have enough hints or run out of channels.
901
//
902
// NOTE: selectHopHints expects potentialHints to be already sorted in
903
// descending priority.
904
func selectHopHints(cfg *SelectHopHintsCfg, nHintsLeft int,
905
        targetBandwidth lnwire.MilliSatoshi,
906
        potentialHints []*channeldb.OpenChannel,
907
        alreadyIncluded map[uint64]bool) [][]zpay32.HopHint {
6✔
908

6✔
909
        currentBandwidth := lnwire.MilliSatoshi(0)
6✔
910
        hopHints := make([][]zpay32.HopHint, 0, nHintsLeft)
6✔
911
        for _, channel := range potentialHints {
18✔
912
                enoughHopHints := sufficientHints(
12✔
913
                        nHintsLeft, currentBandwidth, targetBandwidth,
12✔
914
                )
12✔
915
                if enoughHopHints {
16✔
916
                        return hopHints
4✔
917
                }
4✔
918

919
                hopHint, remoteBalance, include := shouldIncludeChannel(
8✔
920
                        cfg, channel, alreadyIncluded,
8✔
921
                )
8✔
922

8✔
923
                if include {
16✔
924
                        // Now that we now this channel use usable, add it as a hop
8✔
925
                        // hint and the indexes we'll use later.
8✔
926
                        hopHints = append(hopHints, []zpay32.HopHint{hopHint})
8✔
927
                        currentBandwidth += remoteBalance
8✔
928
                        nHintsLeft--
8✔
929
                }
8✔
930
        }
931

932
        // We do not want to leak information about how our remote balance is
933
        // distributed in our private channels. We shuffle the selected ones
934
        // here so they do not appear in order in the invoice.
935
        mathRand.Shuffle(
2✔
936
                len(hopHints), func(i, j int) {
4✔
937
                        hopHints[i], hopHints[j] = hopHints[j], hopHints[i]
2✔
938
                },
2✔
939
        )
940
        return hopHints
2✔
941
}
942

943
// PopulateHopHints will select up to cfg.MaxHophints from the current open
944
// channels. The set of hop hints will be returned as a slice of functional
945
// options that'll append the route hint to the set of all route hints.
946
//
947
// TODO(roasbeef): do proper sub-set sum max hints usually << numChans.
948
func PopulateHopHints(cfg *SelectHopHintsCfg, amtMSat lnwire.MilliSatoshi,
949
        forcedHints [][]zpay32.HopHint) ([][]zpay32.HopHint, error) {
7✔
950

7✔
951
        hopHints := forcedHints
7✔
952

7✔
953
        // If we already have enough hints we don't need to add any more.
7✔
954
        nHintsLeft := cfg.MaxHopHints - len(hopHints)
7✔
955
        if nHintsLeft <= 0 {
8✔
956
                return hopHints, nil
1✔
957
        }
1✔
958

959
        alreadyIncluded := make(map[uint64]bool)
6✔
960
        for _, hopHint := range hopHints {
6✔
961
                alreadyIncluded[hopHint[0].ChannelID] = true
×
962
        }
×
963

964
        potentialHints, err := getPotentialHints(cfg)
6✔
965
        if err != nil {
6✔
966
                return nil, err
×
967
        }
×
968

969
        targetBandwidth := amtMSat * hopHintFactor
6✔
970
        selectedHints := selectHopHints(
6✔
971
                cfg, nHintsLeft, targetBandwidth, potentialHints,
6✔
972
                alreadyIncluded,
6✔
973
        )
6✔
974

6✔
975
        hopHints = append(hopHints, selectedHints...)
6✔
976
        return hopHints, nil
6✔
977
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2025 Coveralls, Inc