forked from lightninglabs/lightning-terminal
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsubserver_permissions.go
115 lines (102 loc) · 3.08 KB
/
subserver_permissions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package terminal
import (
"github.com/lightninglabs/faraday/frdrpc"
"github.com/lightninglabs/loop/loopd"
"github.com/lightninglabs/pool"
"github.com/lightningnetwork/lnd"
"gopkg.in/macaroon-bakery.v2/bakery"
)
var (
// litPermissions is a map of all LiT RPC methods and their required
// macaroon permissions to access the session service.
litPermissions = map[string][]bakery.Op{
"/litrpc.Sessions/AddSession": {{}},
"/litrpc.Sessions/ListSessions": {{}},
"/litrpc.Sessions/RevokeSession": {{}},
}
)
// getSubserverPermissions returns a merged map of all subserver macaroon
// permissions.
func getSubserverPermissions() map[string][]bakery.Op {
mapSize := len(frdrpc.RequiredPermissions) +
len(loopd.RequiredPermissions) + len(pool.RequiredPermissions)
result := make(map[string][]bakery.Op, mapSize)
for key, value := range frdrpc.RequiredPermissions {
result[key] = value
}
for key, value := range loopd.RequiredPermissions {
result[key] = value
}
for key, value := range pool.RequiredPermissions {
result[key] = value
}
for key, value := range litPermissions {
result[key] = value
}
return result
}
// getAllMethodPermissions returns a merged map of lnd's and all subservers'
// method macaroon permissions.
func getAllMethodPermissions() map[string][]bakery.Op {
subserverPermissions := getSubserverPermissions()
lndPermissions := lnd.MainRPCServerPermissions()
mapSize := len(subserverPermissions) + len(lndPermissions)
result := make(map[string][]bakery.Op, mapSize)
for key, value := range lndPermissions {
result[key] = value
}
for key, value := range subserverPermissions {
result[key] = value
}
return result
}
// getAllPermissions retrieves all the permissions needed to bake a super
// macaroon.
func getAllPermissions() []bakery.Op {
dedupMap := make(map[string]map[string]bool)
for _, methodPerms := range getAllMethodPermissions() {
for _, methodPerm := range methodPerms {
if dedupMap[methodPerm.Entity] == nil {
dedupMap[methodPerm.Entity] = make(
map[string]bool,
)
}
dedupMap[methodPerm.Entity][methodPerm.Action] = true
}
}
result := make([]bakery.Op, 0, len(dedupMap))
for entity, actions := range dedupMap {
for action := range actions {
result = append(result, bakery.Op{
Entity: entity,
Action: action,
})
}
}
return result
}
// isLndURI returns true if the given URI belongs to an RPC of lnd.
func isLndURI(uri string) bool {
_, ok := lnd.MainRPCServerPermissions()[uri]
return ok
}
// isLoopURI returns true if the given URI belongs to an RPC of loopd.
func isLoopURI(uri string) bool {
_, ok := loopd.RequiredPermissions[uri]
return ok
}
// isFaradayURI returns true if the given URI belongs to an RPC of faraday.
func isFaradayURI(uri string) bool {
_, ok := frdrpc.RequiredPermissions[uri]
return ok
}
// isPoolURI returns true if the given URI belongs to an RPC of poold.
func isPoolURI(uri string) bool {
_, ok := pool.RequiredPermissions[uri]
return ok
}
// isLitURI returns true if the given URI belongs to an RPC of LiT.
func isLitURI(uri string) bool {
_, ok := litPermissions[uri]
return ok
}