Building a Content Distribution Proxy Implementing the LSATs spec
The main goal of the project is to build a solution that leverages the widely underused HTTP 402 (payment required) status code and LSAT — a protocol standard for authentication and paid APIs) to make microtransactions possible to get access to ad-free content or any paid APIs.
About the project
The main goal of the project is to build a solution that leverages the widely underused HTTP 402 (payment required) status code and LSAT (Lightning Service Authentication Token — a new protocol standard for authentication and paid APIs) to make microtransactions possible to get access to ad-free content or any paid APIs. It includes developing tools that integrate LSAT in the content distribution process and allow the delivery of specific content based on the provided payments. The solution will allow the client to indicate if they support LSAT or not and then the server can decide which content to deliver based on it. It also focuses on ease of use and deployment and gives the users the flexibility of optionally enabling the paywall if the client prefers.
A good use case can be:- A podcast service delivering ad-free audio files to players that support Lightning payments and ad-version to others ensuring a smooth upgrade path to Lightning payments without breaking the audio players (clients) that do not support Lightning yet.
The complete architecture looks like this:-
Detailed authentication flow
Authentication of resources using LSAT-
A typical LSAT macaroon and invoice wrapped inside the WWW-Authenticate
field will look like this:-
{
"WWW-Authenticate" : "LSAT macaroon=AgEETFNBVALdAUr/gQMBARJNYWNhcm9vbklkZW50aWZpZXIB/4IAAQMBB1ZlcnNpb24BBgABC1BheW1lbnRIYXNoAf+EAAEHVG9rZW5JZAH/hgAAABT/gwEBAQRIYXNoAf+EAAEGAUAAABn/hQEBAQlbMzJddWludDgB/4YAAQYBQAAAYv+CAiB5Ajn/snH/jf/eWiT/rf+Lb/+UUkBaTUr/lF3/hh9e/+Bg/5n/kn3/7BcfJwEgCf/yVHICMP+E/6z/l3dzev/mT1Bq/6j/ry7/+P+4TnYa/+j/kP/2/+P/tEtz/60AAAAGIGh1sGC1mXipVEL7NpngphKFU8oFI0fBDPz3SgZIf9Gy, invoice=lnbcrt50n1p3v22supp50yprnvn33h095f9d3dheg5jqtfx549zasc04acrqnxf8mmqhrunsdq8f3f5z4qcqzpgxqyz5vqsp5lvh0kaj9h7my8aramcrek3pmxy4d4ld9sy8ryjql3n8k2r7r37qq9qyyssqmm6xlm7y02yqka53fx3tlzswn00pa7c3mc6446k7ezvjmesskp8sgu9n7wen0yzk9uxczhlu0nthqxqhzhxztcm907vmh5s7dpq40cqpnx5kp5"
}
A typical macaroon and preimage wrapped inside the Authorization
field will look like this:-
{
"Authorization": "LSAT AgEETFNBVALgAUr/gQMBARJNYWNhcm9vbklkZW50aWZpZXIB/4IAAQMBB1ZlcnNpb24BBgABC1BheW1lbnRIYXNoAf+EAAEHVG9rZW5JZAH/hgAAABT/gwEBAQRIYXNoAf+EAAEGAUAAABn/hQEBAQlbMzJddWludDgB/4YAAQYBQAAAZf+CAiD/4v/p/7JI/8okVxn/7//BUUL/8P/H/8sO/5//gn0hRiVB/7L/qFv/0B//11cZXwEgdV//pP/G/+z/igf/nmdhGQ7/rF4E/4v/phX/+ycCIh7/7BJbRf+r/47/vP+5//QAAAAGIOfhhO75zxeMw1MrmhvPOhjhhcnoc2VLYHHFqlGBdjJg:71eee38bf35907d059ec193756201b70f0a2a8f7d21e51754c1d91d47a5bdcec"
}
Authentication for users requesting free content or not having enough funds-
The client can indicate to the server that it prefers LSAT payments for the resources and the server can then respond with LSAT if supported. The client will send the accept type with the header as shown below:-
{
“Accept”: “application/vnd.lsat.v1.full+json”
}
Project Progress
I have implemented the LSAT proxy server demonstrating all of the above handshakes. The request-response flow looks like this:-
It currently supports LND (Lightning Network Daemon) and LNURL for generating invoices but it will be extended to support Core-Lightning and Eclair to make the solution node independent.
Upcoming project goals
- Add support for other nodes like Core-Lightning and Eclair.
- Implement the proxy as a middleware.
- Implement a dynamic module for NGINX.
- Develop client-side SDKs and libraries in popular languages like Golang and Python.
Thanks to my mentors Michael and Kwinten for helping me with the project. You can learn more about the project from the repo.
This article by Dhananjay Purohit, a Summer of Bitcoin intern at Alby, was originally written on Medium. Reshared here with permission.