multi: move challenger and secrets files to new packages

Moves challenger and secrets files to new packages so they can be
imported elsewhere.

Author: orbitalturtle

aperture.go

@@ -18,8 +18,10 @@ import (
 	gateway "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
 	flags "github.com/jessevdk/go-flags"
 	"github.com/lightninglabs/aperture/auth"
+	"github.com/lightninglabs/aperture/challenger"
 	"github.com/lightninglabs/aperture/mint"
 	"github.com/lightninglabs/aperture/proxy"
+	"github.com/lightninglabs/aperture/secrets"
 	"github.com/lightninglabs/lightning-node-connect/hashmailrpc"
 	"github.com/lightningnetwork/lnd"
 	"github.com/lightningnetwork/lnd/build"
@@ -42,14 +44,6 @@ import (
 )
 
 const (
-	// topLevelKey is the top level key for an etcd cluster where we'll
-	// store all LSAT proxy related data.
-	topLevelKey = "lsat/proxy"
-
-	// etcdKeyDelimeter is the delimeter we'll use for all etcd keys to
-	// represent a path-like structure.
-	etcdKeyDelimeter = "/"
-
 	// selfSignedCertOrganization is the static string that we encode in the
 	// organization field of a certificate if we create it ourselves.
 	selfSignedCertOrganization = "aperture autogenerated cert"
@@ -160,7 +154,7 @@ type Aperture struct {
 	cfg *Config
 
 	etcdClient    *clientv3.Client
-	challenger    *LndChallenger
+	challenger    *challenger.LndChallenger
 	httpsServer   *http.Server
 	torHTTPServer *http.Server
 	proxy         *proxy.Proxy
@@ -229,8 +223,15 @@ func (a *Aperture) Start(errChan chan error) error {
 	}
 
 	if !a.cfg.Authenticator.Disable {
-		a.challenger, err = NewLndChallenger(
-			a.cfg.Authenticator, genInvoiceReq, errChan,
+		challengerAuth := &challenger.AuthConfig{
+			LndHost: a.cfg.Authenticator.LndHost,
+			TLSPath: a.cfg.Authenticator.TLSPath,
+			MacDir:  a.cfg.Authenticator.MacDir,
+			Network: a.cfg.Authenticator.Network,
+			Disable: a.cfg.Authenticator.Disable,
+		}
+		a.challenger, err = challenger.NewLndChallenger(
+			challengerAuth, genInvoiceReq, errChan,
 		)
 		if err != nil {
 			return err
@@ -655,12 +656,12 @@ func initTorListener(cfg *Config, etcd *clientv3.Client) (*tor.Controller, error
 }
 
 // createProxy creates the proxy with all the services it needs.
-func createProxy(cfg *Config, challenger *LndChallenger,
+func createProxy(cfg *Config, challenger *challenger.LndChallenger,
 	etcdClient *clientv3.Client) (*proxy.Proxy, func(), error) {
 
 	minter := mint.New(&mint.Config{
 		Challenger:     challenger,
-		Secrets:        newSecretStore(etcdClient),
+		Secrets:        secrets.NewStore(etcdClient),
 		ServiceLimiter: newStaticServiceLimiter(cfg.Services),
 	})
 	authenticator := auth.NewLsatAuthenticator(minter, challenger)

challenger.go renamed to challenger/challenger.go

@@ -1,4 +1,4 @@
-package aperture
+package challenger
 
 import (
 	"context"
@@ -55,15 +55,28 @@ type LndChallenger struct {
 	wg   sync.WaitGroup
 }
 
+type AuthConfig struct {
+	// LndHost is the hostname of the LND instance to connect to.
+	LndHost string `long:"lndhost" description:"Hostname of the LND instance to connect to"`
+
+	TLSPath string `long:"tlspath" description:"Path to LND instance's tls certificate"`
+
+	MacDir string `long:"macdir" description:"Directory containing LND instance's macaroons"`
+
+	Network string `long:"network" description:"The network LND is connected to." choice:"regtest" choice:"simnet" choice:"testnet" choice:"mainnet"`
+
+	Disable bool `long:"disable" description:"Whether to disable LND auth."`
+}
+
 // A compile time flag to ensure the LndChallenger satisfies the
 // mint.Challenger and auth.InvoiceChecker interface.
 var _ mint.Challenger = (*LndChallenger)(nil)
 var _ auth.InvoiceChecker = (*LndChallenger)(nil)
 
 const (
-	// invoiceMacaroonName is the name of the invoice macaroon belonging
+	// InvoiceMacaroonName is the name of the invoice macaroon belonging
 	// to the target lnd node.
-	invoiceMacaroonName = "invoice.macaroon"
+	InvoiceMacaroonName = "invoice.macaroon"
 )
 
 // NewLndChallenger creates a new challenger that uses the given connection
@@ -77,7 +90,7 @@ func NewLndChallenger(cfg *AuthConfig, genInvoiceReq InvoiceRequestGenerator,
 
 	client, err := lndclient.NewBasicClient(
 		cfg.LndHost, cfg.TLSPath, cfg.MacDir, cfg.Network,
-		lndclient.MacFilename(invoiceMacaroonName),
+		lndclient.MacFilename(InvoiceMacaroonName),
 	)
 	if err != nil {
 		return nil, err

challenger_test.go renamed to challenger/challenger_test.go

@@ -1,4 +1,4 @@
-package aperture
+package challenger
 
 import (
 	"context"

challenger/log.go

@@ -0,0 +1,31 @@
+package challenger
+
+import (
+	"github.com/btcsuite/btclog"
+	"github.com/lightningnetwork/lnd/build"
+)
+
+const Subsystem = "CHAL"
+
+// log is a logger that is initialized with no output filters.  This
+// means the package will not perform any logging by default until the caller
+// requests it.
+var log btclog.Logger
+
+// The default amount of logging is none.
+func init() {
+	UseLogger(build.NewSubLogger(Subsystem, nil))
+}
+
+// DisableLog disables all library log output.  Logging output is disabled
+// by default until UseLogger is called.
+func DisableLog() {
+	UseLogger(btclog.Disabled)
+}
+
+// UseLogger uses a specified Logger to output package logging info.
+// This should be used in preference to SetLogWriter if the caller is also
+// using btclog.
+func UseLogger(logger btclog.Logger) {
+	log = logger
+}

log.go

@@ -3,6 +3,7 @@ package aperture
 import (
 	"github.com/btcsuite/btclog"
 	"github.com/lightninglabs/aperture/auth"
+	"github.com/lightninglabs/aperture/challenger"
 	"github.com/lightninglabs/aperture/lsat"
 	"github.com/lightninglabs/aperture/proxy"
 	"github.com/lightninglabs/lndclient"
@@ -27,6 +28,9 @@ func SetupLoggers(root *build.RotatingLogWriter, intercept signal.Interceptor) {
 
 	lnd.SetSubLogger(root, Subsystem, log)
 	lnd.AddSubLogger(root, auth.Subsystem, intercept, auth.UseLogger)
+	lnd.AddSubLogger(
+		root, challenger.Subsystem, intercept, challenger.UseLogger,
+	)
 	lnd.AddSubLogger(root, lsat.Subsystem, intercept, lsat.UseLogger)
 	lnd.AddSubLogger(root, proxy.Subsystem, intercept, proxy.UseLogger)
 	lnd.AddSubLogger(root, "LNDC", intercept, lndclient.UseLogger)

onion_store.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"strings"
 
+	"github.com/lightninglabs/aperture/secrets"
 	"github.com/lightningnetwork/lnd/tor"
 	clientv3 "go.etcd.io/etcd/client/v3"
 )
@@ -20,7 +21,7 @@ const (
 
 // onionPath is the full path to an onion service's private key.
 var onionPath = strings.Join(
-	[]string{topLevelKey, onionDir, onionV3Dir}, etcdKeyDelimeter,
+	[]string{secrets.TopLevelKey, onionDir, onionV3Dir}, secrets.EtcdKeyDelimeter,
 )
 
 // onionStore is an etcd-based implementation of tor.OnionStore.

onion_store_test.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"testing"
 
+	"github.com/lightninglabs/aperture/secrets"
 	"github.com/lightningnetwork/lnd/tor"
 )
 
@@ -35,7 +36,7 @@ func assertPrivateKeyExists(t *testing.T, store *onionStore,
 // TestOnionStore ensures the different operations of the onionStore behave
 // as expected.
 func TestOnionStore(t *testing.T) {
-	etcdClient, serverCleanup := etcdSetup(t)
+	etcdClient, serverCleanup := secrets.EtcdSetup(t)
 	defer etcdClient.Close()
 	defer serverCleanup()
 

secrets.go renamed to secrets/secrets.go

@@ -1,4 +1,4 @@
-package aperture
+package secrets
 
 import (
 	"context"
@@ -13,6 +13,16 @@ import (
 	clientv3 "go.etcd.io/etcd/client/v3"
 )
 
+const (
+	// TopLevelKey is the top level key for an etcd cluster where we'll
+	// store all LSAT proxy related data.
+	TopLevelKey = "lsat/proxy"
+
+	// EtcdKeyDelimeter is the delimeter we'll use for all etcd keys to
+	// represent a path-like structure.
+	EtcdKeyDelimeter = "/"
+)
+
 var (
 	// secretsPrefix is the key we'll use to prefix all LSAT identifiers
 	// with when storing secrets in an etcd cluster.
@@ -27,8 +37,8 @@ var (
 // lsat/proxy/secrets/bff4ee83
 func idKey(id [sha256.Size]byte) string {
 	return strings.Join(
-		[]string{topLevelKey, secretsPrefix, hex.EncodeToString(id[:])},
-		etcdKeyDelimeter,
+		[]string{TopLevelKey, secretsPrefix, hex.EncodeToString(id[:])},
+		EtcdKeyDelimeter,
 	)
 }
 
@@ -40,9 +50,9 @@ type secretStore struct {
 // A compile-time constraint to ensure secretStore implements mint.SecretStore.
 var _ mint.SecretStore = (*secretStore)(nil)
 
-// newSecretStore instantiates a new LSAT secrets store backed by an etcd
+// NewStore instantiates a new LSAT secrets store backed by an etcd
 // cluster.
-func newSecretStore(client *clientv3.Client) *secretStore {
+func NewStore(client *clientv3.Client) *secretStore {
 	return &secretStore{Client: client}
 }
 

secrets_test.go renamed to secrets/secrets_test.go

@@ -1,65 +1,15 @@
-package aperture
+package secrets
 
 import (
 	"bytes"
 	"context"
 	"crypto/sha256"
-	"net/url"
-	"os"
 	"testing"
-	"time"
 
 	"github.com/lightninglabs/aperture/lsat"
 	"github.com/lightninglabs/aperture/mint"
-	clientv3 "go.etcd.io/etcd/client/v3"
-	"go.etcd.io/etcd/server/v3/embed"
 )
 
-// etcdSetup is a helper that instantiates a new etcd cluster along with a
-// client connection to it. A cleanup closure is also returned to free any
-// allocated resources required by etcd.
-func etcdSetup(t *testing.T) (*clientv3.Client, func()) {
-	t.Helper()
-
-	tempDir, err := os.MkdirTemp("", "etcd")
-	if err != nil {
-		t.Fatalf("unable to create temp dir: %v", err)
-	}
-
-	cfg := embed.NewConfig()
-	cfg.Dir = tempDir
-	cfg.Logger = "zap"
-	cfg.LCUrls = []url.URL{{Host: "127.0.0.1:9125"}}
-	cfg.LPUrls = []url.URL{{Host: "127.0.0.1:9126"}}
-
-	etcd, err := embed.StartEtcd(cfg)
-	if err != nil {
-		os.RemoveAll(tempDir)
-		t.Fatalf("unable to start etcd: %v", err)
-	}
-
-	select {
-	case <-etcd.Server.ReadyNotify():
-	case <-time.After(5 * time.Second):
-		os.RemoveAll(tempDir)
-		etcd.Server.Stop() // trigger a shutdown
-		t.Fatal("server took too long to start")
-	}
-
-	client, err := clientv3.New(clientv3.Config{
-		Endpoints:   []string{cfg.LCUrls[0].Host},
-		DialTimeout: 5 * time.Second,
-	})
-	if err != nil {
-		t.Fatalf("unable to connect to etcd: %v", err)
-	}
-
-	return client, func() {
-		etcd.Close()
-		os.RemoveAll(tempDir)
-	}
-}
-
 // assertSecretExists is a helper to determine if a secret for the given
 // identifier exists in the store. If it exists, its value is compared against
 // the expected secret.
@@ -87,12 +37,12 @@ func assertSecretExists(t *testing.T, store *secretStore, id [sha256.Size]byte,
 // TestSecretStore ensures the different operations of the secretStore behave as
 // expected.
 func TestSecretStore(t *testing.T) {
-	etcdClient, serverCleanup := etcdSetup(t)
+	etcdClient, serverCleanup := EtcdSetup(t)
 	defer etcdClient.Close()
 	defer serverCleanup()
 
 	ctx := context.Background()
-	store := newSecretStore(etcdClient)
+	store := NewStore(etcdClient)
 
 	// Create a test ID and ensure a secret doesn't exist for it yet as we
 	// haven't created one.

secrets/test_util.go

@@ -0,0 +1,57 @@
+package secrets
+
+import (
+	"io/ioutil"
+	"net/url"
+	"os"
+	"testing"
+	"time"
+
+	clientv3 "go.etcd.io/etcd/client/v3"
+	"go.etcd.io/etcd/server/v3/embed"
+)
+
+// EtcdSetup is a helper that instantiates a new etcd cluster along with a
+// client connection to it. A cleanup closure is also returned to free any
+// allocated resources required by etcd.
+func EtcdSetup(t *testing.T) (*clientv3.Client, func()) {
+	t.Helper()
+
+	tempDir, err := ioutil.TempDir("", "etcd")
+	if err != nil {
+		t.Fatalf("unable to create temp dir: %v", err)
+	}
+
+	cfg := embed.NewConfig()
+	cfg.Dir = tempDir
+	cfg.Logger = "zap"
+	cfg.LCUrls = []url.URL{{Host: "127.0.0.1:9125"}}
+	cfg.LPUrls = []url.URL{{Host: "127.0.0.1:9126"}}
+
+	etcd, err := embed.StartEtcd(cfg)
+	if err != nil {
+		os.RemoveAll(tempDir)
+		t.Fatalf("unable to start etcd: %v", err)
+	}
+
+	select {
+	case <-etcd.Server.ReadyNotify():
+	case <-time.After(5 * time.Second):
+		os.RemoveAll(tempDir)
+		etcd.Server.Stop() // trigger a shutdown
+		t.Fatal("server took too long to start")
+	}
+
+	client, err := clientv3.New(clientv3.Config{
+		Endpoints:   []string{cfg.LCUrls[0].Host},
+		DialTimeout: 5 * time.Second,
+	})
+	if err != nil {
+		t.Fatalf("unable to connect to etcd: %v", err)
+	}
+
+	return client, func() {
+		etcd.Close()
+		os.RemoveAll(tempDir)
+	}
+}