1
0
forked from GRIN/grim
Files
goblin/Cargo.toml
T
2ro 3c3b680f93 tor: per-wallet Tor setting + reintroduce the clearnet transport/HTTP path
Foundation slice for making Tor a wallet-level user setting (Phase 2, slice 1
of the per-user-tor plan). Transport/config only; no onboarding/settings UI,
relay-set swap, or nprofile in this slice.

Wallet-level tor_enabled (tri-state):
- NostrConfig gains tor_enabled: Option<bool> with the existing Option +
  serde(default) pattern. tor_enabled() resolves None -> ON, so every legacy
  nostr.toml keeps Tor with no migration; new wallets write an explicit value at
  onboarding (later slice). Adds tor_enabled_is_set() + set_tor_enabled() and a
  back-compat/tri-state unit test.

Clearnet path (the big lift, rebuilt after the Nym removal took it out):
- ClearnetWebSocketTransport parallel to TorWebSocketTransport: direct TLS
  websocket, honoring the user's AppConfig SOCKS5 proxy (tokio-socks, already in
  the tree) so a VPN/proxy user can front their traffic. Shares ws_config/
  split_ws with the Tor transport.
- Transport selection moved into run_service: the wallet's resolved tor_enabled()
  picks Tor vs clearnet when the one pool is built; the Tor-bootstrap wait is
  skipped for clearnet wallets. restart() re-enters here, so a settings toggle
  rebuilds the pool on the new transport.
- Process-global route flag (tor::set_route_over_tor/route_over_tor), mirrored
  from the open wallet like set_home_domain, so free-function HTTP callers pick
  the matching transport off-thread.
- tor::http_request_bytes takes a clearnet branch when the wallet is Tor-off
  (no more hard-fail on "Tor not bootstrapped"); new http::clearnet_request_bytes
  reuses the existing HttpClient (proxy-aware) with the same redirect behavior
  and browser-like UA. NIP-05, price, relay-pool gist and NIP-11 probes all ride
  it unchanged.

Status/readiness:
- New TransportStatus enum + NostrService::transport_status()/tor_routing():
  exposes a "Connected (direct)" clearnet state so a Tor-off wallet does not read
  as "connecting over Tor" forever. The three UI status lines are rewired to it
  in a later slice; the state is exposed cleanly now.

Grin node path unchanged (stays clearnet always). cargo check --all-targets
green; targeted config/nostr/tor tests pass.
2026-07-10 00:42:05 -04:00

223 lines
8.3 KiB
TOML

[package]
name = "grim"
version = "0.3.6"
authors = ["Ardocrat <ardocrat@gri.mw>"]
description = "Goblin: a peer-to-peer wallet for Grin. Send and receive instantly with a handle - slatepacks and Tor handled for you."
license = "Apache-2.0"
repository = "https://code.gri.mw/GUI/grim"
keywords = [ "crypto", "grin", "mimblewimble", "nostr" ]
edition = "2024"
build = "build.rs"
[[bin]]
name = "goblin"
path = "src/main.rs"
[lib]
name="grim"
crate-type = ["rlib"]
# Desktop/CI release binaries ship stripped of debug symbols — the nostr + grin
# tree leaves a large symbol table that's dead weight for users (~16 MB on
# Linux). opt-level stays at the default 3 for wallet/runtime speed.
[profile.release]
strip = true
[profile.release-apk]
inherits = "release"
strip = true
opt-level = "z"
lto = true
codegen-units = 1
panic = "abort"
[features]
## Default build uses the Tor transport only.
default = []
## Compiles the internal E2E harness (src/wallet/e2e.rs); off by default and the
## file is untracked, so a fresh clone builds without it.
e2e-internal = []
[dependencies]
log = "0.4.27"
# node
grin_api = { path = "node/api" }
grin_chain = { path = "node/chain" }
grin_config = { path = "node/config" }
grin_core = { path = "node/core" }
grin_p2p = { path = "node/p2p" }
grin_servers = { path = "node/servers" }
grin_keychain = { path = "node/keychain" }
grin_util = { path = "node/util" }
# wallet
grin_wallet_impls = { path = "wallet/impls" }
grin_wallet_api = { path = "wallet/api"}
grin_wallet_libwallet = { path = "wallet/libwallet" }
grin_wallet_util = { path = "wallet/util" }
grin_wallet_controller = { path = "wallet/controller" }
## ui
egui = { version = "0.33.3", default-features = false }
egui_extras = { version = "0.33.3", features = ["image", "svg"] }
egui-async = "0.3.4"
rust-i18n = "3.1.5"
## other
log4rs = "1.4.0"
anyhow = "1.0.97"
pin-project = "1.1.10"
backtrace = "0.3.76"
thiserror = "2.0.18"
futures = "0.3.31"
dirs = "6.0.0"
sys-locale = "0.3.2"
chrono = "0.4.43"
parking_lot = "0.12.3"
lazy_static = "1.5.0"
toml = "0.9.11+spec-1.1.0"
serde = "1.0.228"
local-ip-address = "0.6.9"
url = "2.5.8"
rand = "0.9.2"
serde_derive = "1.0.228"
serde_json = "1.0.149"
tokio = { version = "1.49.0", features = ["full"] }
image = "0.25.9"
rqrr = "0.10.1"
qrcodegen = "1.8.0"
qrcode = "0.14.1"
ur = "0.4.1"
gif = "0.14.1"
rkv = "0.20.0"
usvg = "0.45.1"
ring = "0.16.20"
hyper = { version = "1.6.0", features = ["full"], package = "hyper" }
hyper-util = { version = "0.1.19", features = ["http1", "client", "client-legacy", "tokio"] }
http-body-util = "0.1.3"
bytes = "1.11.0"
hyper-socks2 = "0.9.1"
hyper-proxy2 = "0.1.0"
hyper-tls = "0.6.0"
# Raw SOCKS5 stream for the clearnet relay websocket, so a Tor-off wallet can
# still be fronted by the user's own SOCKS5 proxy/VPN (AppConfig.socks_proxy_url).
# Version already present transitively (async-socks5 tree) — no new download.
tokio-socks = "0.5"
async-std = "1.13.2"
uuid = { version = "0.8.2", features = ["v4"] }
num-bigint = "0.4.6"
## nostr
nostr-sdk = { version = "0.44", features = ["nip06", "nip44", "nip49", "nip59", "nip98"] }
nostr-relay-pool = "0.44"
## NIP-44 v3 (+ v2) encryption for the NIP-17 backward-compat extension (G4).
## Now published to crates.io as v0.3.0 (the M0 deliverable, all upstream test
## vectors green) — no local sibling checkout required. secp256k1 0.31, bridged
## to nostr-sdk's 0.29 in wrapv3.rs (see the secp256k1 note below).
nip44 = "0.3.0"
## Only to construct the key types the `nip44` crate takes: nostr-sdk pins
## secp256k1 0.29, the nip44 crate 0.31 — bridged via byte arrays in wrapv3.rs.
secp256k1 = "0.31"
## Scrub the NIP-44 conversation-key buffers (raw ECDH secret) from memory on
## drop in wrapv3.rs. Already a transitive dep; pulled in directly here.
zeroize = "1"
async-wsocket = "0.13"
tokio-tungstenite = { version = "0.26", features = ["rustls-tls-webpki-roots"] }
regex = "1"
base64 = "0.22"
hex = "0.4"
## rustls is pulled by our TLS (tungstenite, ring). We install the ring provider
## explicitly at startup (see lib.rs) so rustls 0.23 selects a default
## deterministically. Direct dep just to make
## `rustls::crypto::ring::default_provider()` reachable. NOTHING here may pull
## rustls-platform-verifier — it panics on Android outside a full app context.
rustls = { version = "0.23", features = ["ring"] }
## TLS for the HTTPS-over-Tor client (webpki roots, never the platform
## verifier — see the rustls note above).
tokio-rustls = { version = "0.26", default-features = false, features = ["ring"] }
webpki-roots = "1"
## Tor — embedded arti (the DIALING half only: connect OUT to the relay's .onion,
## and to clearnet HTTP hosts through a Tor exit). Copied from our sister wallet
## GRIM's proven, shipping engine. Two choices inherited VERBATIM from GRIM: arti
## 0.43 across the family, and the native-tls Tor runtime (TokioNativeTlsRuntime),
## NOT rustls — this keeps arti's TLS on native-tls and off the rustls provider
## entirely (our relay/HTTP rustls still uses ring, see lib.rs; arti's own TLS is
## native-tls and never touches the rustls provider).
## `static` vendors openssl (self-contained Android/cross builds, as GRIM ships);
## `onion-service-client` enables dialing .onion. We drop GRIM's `pt-client`
## (bridges) and `onion-service-service` (hosting) — Goblin only dials.
arti-client = { version = "0.43.0", features = ["static", "onion-service-client"] }
tor-rtcompat = { version = "0.43.0", features = ["static"] }
## NIP-98 payload hashing
sha2 = "0.10.8"
## stratum server
tokio-old = { version = "0.2", features = ["full"], package = "tokio" }
tokio-util-old = { version = "0.2", features = ["codec"], package = "tokio-util" }
[target.'cfg(target_os = "linux")'.dependencies]
nokhwa = { version = "0.10.10", default-features = false, features = ["input-v4l"] }
[target.'cfg(target_os = "windows")'.dependencies]
nokhwa = { version = "0.10.10", default-features = false, features = ["input-msmf"] }
[target.'cfg(target_os = "macos")'.dependencies]
nokhwa = { version = "0.10.10", default-features = false, features = ["input-avfoundation", "output-threaded"] }
## Objective-C runtime shim for the macOS `goblin:` deep-link bridge (src/lib.rs,
## mac_deeplink). Already in the macOS build graph via nokhwa/cocoa/metal/wgpu, so
## this pulls no new crate — it just lets us name it directly. Not compiled on any
## other platform.
objc = "0.2"
[target.'cfg(not(target_os = "android"))'.dependencies]
env_logger = "0.11.3"
winit = { version = "0.30.12" }
wgpu = { version = "27.0.1" }
eframe = { version = "0.33.2", features = ["wgpu"] }
arboard = "3.2.0"
rfd = "0.17.2"
interprocess = { version = "2.2.1", features = ["tokio"] }
## native-tls (via hyper-tls) uses OpenSSL only on Linux/Android. arti's `static`
## feature already vendors a statically-linked OpenSSL, but we pin the vendored
## build explicitly for exactly those two targets so each is self-contained even
## if that transitive path changes (no system OpenSSL is assumed for the target).
## Windows (SChannel) and macOS (Security.framework)
## don't use OpenSSL at all, so they must NOT pull it — building openssl-src
## there is both pointless and fragile (the Windows MSVC runner's bash perl is
## missing modules its Configure needs).
[target.'cfg(any(target_os = "linux", target_os = "android"))'.dependencies]
openssl = { version = "0.10", features = ["vendored"] }
[target.'cfg(target_os = "android")'.dependencies]
android_logger = "0.15.0"
jni = "0.21.1"
android-activity = { version = "0.6.0", features = ["game-activity"] }
winit = { version = "0.30.12", features = ["android-game-activity"] }
eframe = { version = "0.33.2", default-features = false, features = ["glow", "android-game-activity"] }
[build-dependencies]
built = "0.8.0"
# Windows hosts only: embed the Goblin icon (wix/Product.ico) into goblin.exe via
# build.rs. Not compiled on Linux/macOS/Android hosts, so other builds are
# unaffected.
[target.'cfg(windows)'.build-dependencies]
winresource = "0.1"
[dev-dependencies]
nostr-sdk = { version = "0.44", features = ["nip06", "nip44", "nip49", "nip59", "nip98"] }
tokio = { version = "1.49.0", features = ["full"] }
base64 = "0.22"
sha2 = "0.10"
hex = "0.4"
serde_yaml = "0.9"
## Re-expose deps that already live in the main graph so the E2E harness can be
## exercised and its logs captured. No new compiles — same versions unify.
log = "0.4.27"
env_logger = "0.11.3"
rustls = { version = "0.23", features = ["ring"] }