Building a Content Distribution Proxy Implementing the LSATs spec | Summer Of Bitcoin’22 at Alby
About the project
The main goal of the project is to build a solution that leverages the widely underused HTTP 402 (payment required) status code and LSAT (Lightning Service Authentication Token — a new protocol standard for authentication and paid APIs) to make microtransactions possible to get access to ad-free content or any paid APIs. It includes developing tools that integrate LSAT in the content distribution process and allow the delivery of specific content based on the provided payments. The solution will allow the client to indicate if they support LSAT or not and then the server can decide which content to deliver based on it. It also focuses on ease of use and deployment and giving the users the flexibility of optionally enabling the paywall if the client prefers.
A good use case can be:- A podcast service delivering ad-free audio files to players that support lightning payments and ad-version to others ensuring a smooth upgrade path to lightning payments without breaking the audio players (clients) that do not support lightning yet.
The complete architecture looks like this:-
Detailed authentication flow:-
- Authentication of resources using LSAT:-
A typical LSAT macaroon and invoice wrapped inside the
WWW-Authenticate field will look like:-
A typical macaroon and preimage wrapped inside the
Authorization field will look like:-
2. Authentication for users requesting free content or not having enough funds:-
The client can indicate to the server that it prefers LSAT payments for the resources and the server can then respond with LSAT if supported. The client will send the accept type with the header as shown below:-
I have implemented the LSAT proxy server demonstrating all of the above handshakes. The request-response flow looks like this:-
Upcoming project goals
- Add support for other nodes like Core-lightning and Eclair.
- Implement the proxy as a middleware.
- Implement a dynamic module for NGINX.
- Develop client-side SDKs and libraries in popular languages like Golang and Python.