[how to] Core Lightning unix socket RPC clients, clnrest, cln-grpc and commando
1322 sats \ 0 comments \ @tonyaldon 29 Feb lightning
I had a question from a friend this morning about Core Lightning RPC interface and I thought my answer may be helpful for other. So here we are in Stacker News.
What is your take on RPC? my understanding is that you cannot add rune permissions to it and that it gives you admin access (god mode) on your node.
  • A unix socket RPC client is something that runs on the same machine as your node and connects to it via the socket file lightning-rpc. It is something inherently local. So if you run something in you node machine, anyway you already have access to the node, so there is no need for restriction like rune. If you have access to the node, you are already god ;)
  • For instance lightning-cli is a RPC client. You use it in the same machine as the node, and each time you run a command it connect to your node via the socket file lightning-rpc. So if there is no unix socket RPC client, you couldn't talk to your node.
  • clnrest and cln-grpc are both plugins that expose CLN commands via some (communication) protocols: HTTP/HTTPS for clnrest and Grpc for cln-grpc. Both plugins are running locally in the node's machine, and both use a unix socket client to talk to the node. clnrest uses the Python library pyln-client as RPC client and cln-grpc uses the Rust library cln-rpc. So when you ask one of those plugins to do something on your node, they will issue a RPC request to your node. What is interesting is that clnrest asks you for a rune because it will check with checkrune if you are allowed to run the command you want to run and then run it locally. Something that cln-grpc doesn't do (as far as I understand).
  • lnsocket is really something different. This is a library (C, go) that connects to your node using the LN protocol (BOLT #8 and BOLT #1) and send commando messages. And your node that runs the builtin plugin commando knows how to handle those specific messages. And commando requires a rune to run the command you ask him to run. Under the hood it will also check the run with checkrune command. If you are interested you can watch those lives:
I hope this is useful! Have a nice day
write
preview
related posts