fix: use file paths instead of hex during LND onboarding

[im-adithya]

Fixes #1968

Summary by CodeRabbit

• New Features
  • LND node setup now accepts TLS certificate and admin macaroon credentials as file uploads instead of hex string inputs, streamlining the credential configuration process.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes migrate LND credential handling from direct hex value inputs to file-based inputs. Users now provide paths to certificate and macaroon files, which are read from disk, converted to hex, and persisted in configuration. This change applies consistently across the backend setup logic and frontend form components.

Changes

Cohort / File(s)	Summary
Backend Setup Logic api/api.go	Modified setup request handler to read LND certificate and macaroon files from disk using os.ReadFile, encode them to hex format, and persist via config. Added error handling for file read failures. Updated imports to include encoding/hex and os.
API Models api/models.go	Removed LNDCertHex and LNDMacaroonHex fields from the SetupRequest struct. Corresponding file-based fields are now expected in the HTTP request payload.
Frontend Type Definitions frontend/src/types.ts	Updated SetupNodeInfo type to replace lndCertHex and lndMacaroonHex optional properties with lndCertFile and lndMacaroonFile respectively.
Frontend Form Component frontend/src/screens/setup/node/LNDForm.tsx	Updated LND node setup form to accept file paths instead of hex values. Changed state initialization, form field metadata (labels, name, id attributes), and form submission payload to reference file-based inputs. Updated conditional logic for optional certificate validation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Fresh files from disk we now shall read,
No stale hex cached, no old seed!
Certificates renewed will serve us true,
When startup comes, we read anew! 🌿✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: replacing hex-encoded certificate inputs with file-path inputs during LND setup, directly addressing the caching issue described in #1968.
Linked Issues check	✅ Passed	The PR implements the core objective from #1968: re-reading TLS certificate files from disk on startup instead of caching them, by replacing hex inputs with file-based inputs throughout the codebase.
Out of Scope Changes check	✅ Passed	All changes are scoped to the LND credential input mechanism conversion from hex to file paths, with no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/lnd-cert-file

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

api/api.go (1)

1534-1559: ⚠️ Potential issue | 🟠 Major

LND certificate/macaroon rotation not supported—stored hex snapshots are stale after file changes

Certificates and macaroons are read once during setup (lines 1535, 1548) and converted to hex snapshots stored in config. At runtime, the application reads only the stored hex values (see service/start.go:345-347), never re-checking the original file paths. If cert or macaroon files rotate on disk after setup, those changes won't be picked up without restarting the application. Consider implementing a mechanism to either re-read files at runtime or provide a credential refresh endpoint.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/api.go` around lines 1534 - 1559, The current setup code encodes
LNDCertFile and LNDMacaroonFile contents to hex and persists those snapshots via
cfg.SetUpdate, which prevents picking up rotated files at runtime; update the
flow so the runtime reads the live files or supports explicit refresh: either
persist the original file paths (store LNDCertFile/LNDMacaroonFile strings
instead of hex) and change the component that initializes the LND client to call
a new helper (e.g., readAndEncodeLndCredentials or reloadLndCredentials) that
reads the files and encodes them when creating/recreating the LND connection, or
add a credential refresh API endpoint (e.g., RefreshLndCredentials) that
re-reads the files and calls cfg.SetUpdate with new hex values; ensure symbols
to edit include LNDCertFile, LNDMacaroonFile, cfg.SetUpdate and the LND client
initialization path (the code that currently reads stored hex at runtime) so
rotated certs/macaroon are picked up without needing a full restart.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/api.go`:
- Around line 1536-1538: The error returned after logging the failed file reads
should be wrapped with context using fmt.Errorf instead of returning the raw
err; replace the bare returns at the logger lines (e.g., the
logger.Logger.WithError(err).Error("Failed to read lnd cert file") site and the
similar read failure site referenced around 1549-1551) with returns like return
fmt.Errorf("failed to read lnd cert file: %w", err) (and the analogous
contextual message for the other read), and add an import for "fmt" if missing.

---

Outside diff comments:
In `@api/api.go`:
- Around line 1534-1559: The current setup code encodes LNDCertFile and
LNDMacaroonFile contents to hex and persists those snapshots via cfg.SetUpdate,
which prevents picking up rotated files at runtime; update the flow so the
runtime reads the live files or supports explicit refresh: either persist the
original file paths (store LNDCertFile/LNDMacaroonFile strings instead of hex)
and change the component that initializes the LND client to call a new helper
(e.g., readAndEncodeLndCredentials or reloadLndCredentials) that reads the files
and encodes them when creating/recreating the LND connection, or add a
credential refresh API endpoint (e.g., RefreshLndCredentials) that re-reads the
files and calls cfg.SetUpdate with new hex values; ensure symbols to edit
include LNDCertFile, LNDMacaroonFile, cfg.SetUpdate and the LND client
initialization path (the code that currently reads stored hex at runtime) so
rotated certs/macaroon are picked up without needing a full restart.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bb269f03-7734-4a5e-bdd7-206aa5130dd1

📥 Commits

Reviewing files that changed from the base of the PR and between 4aea341 and 6a04b69.

📒 Files selected for processing (4)

• api/api.go
• api/models.go
• frontend/src/screens/setup/node/LNDForm.tsx
• frontend/src/types.ts

💤 Files with no reviewable changes (1)

• api/models.go