perms+subservers: let subserver register perms

Author: ellemouton

itest/litd_mode_integrated_test.go

@@ -18,12 +18,16 @@ import (
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcutil"
 	"github.com/lightninglabs/faraday/frdrpc"
+	faraday "github.com/lightninglabs/faraday/frdrpcserver/perms"
 	"github.com/lightninglabs/lightning-node-connect/mailbox"
 	terminal "github.com/lightninglabs/lightning-terminal"
 	"github.com/lightninglabs/lightning-terminal/litrpc"
 	"github.com/lightninglabs/lightning-terminal/perms"
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightninglabs/lightning-terminal/subservers"
+	loop "github.com/lightninglabs/loop/loopd/perms"
 	"github.com/lightninglabs/loop/looprpc"
+	pool "github.com/lightninglabs/pool/perms"
 	"github.com/lightninglabs/pool/poolrpc"
 	"github.com/lightningnetwork/lnd/keychain"
 	"github.com/lightningnetwork/lnd/lnrpc"
@@ -1090,6 +1094,12 @@ func bakeSuperMacaroon(cfg *LitNodeConfig, readOnly bool) (string, error) {
 		return "", err
 	}
 
+	permsMgr.RegisterSubServer(subservers.LOOP, loop.RequiredPermissions)
+	permsMgr.RegisterSubServer(subservers.POOL, pool.RequiredPermissions)
+	permsMgr.RegisterSubServer(
+		subservers.FARADAY, faraday.RequiredPermissions,
+	)
+
 	superMacPermissions := permsMgr.ActivePermissions(readOnly)
 	nullID := [4]byte{}
 	superMacHex, err := terminal.BakeSuperMacaroon(

perms/manager.go

@@ -1,25 +1,18 @@
 package perms
 
 import (
-	"fmt"
 	"regexp"
 	"strings"
 	"sync"
 
-	faraday "github.com/lightninglabs/faraday/frdrpcserver/perms"
-	loop "github.com/lightninglabs/loop/loopd/perms"
-	pool "github.com/lightninglabs/pool/perms"
 	"github.com/lightningnetwork/lnd"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"gopkg.in/macaroon-bakery.v2/bakery"
 )
 
 const (
-	poolPerms    string = "pool"
-	loopPerms    string = "loop"
-	faradayPerms string = "faraday"
-	litPerms     string = "lit"
-	lndPerms     string = "lnd"
+	litPerms string = "lit"
+	lndPerms string = "lnd"
 )
 
 // Manager manages the permission lists that Lit requires.
@@ -54,9 +47,6 @@ type Manager struct {
 // was compiled with and then only the corresponding permissions will be added.
 func NewManager(withAllSubServers bool) (*Manager, error) {
 	permissions := make(map[string]map[string][]bakery.Op)
-	permissions[faradayPerms] = faraday.RequiredPermissions
-	permissions[loopPerms] = loop.RequiredPermissions
-	permissions[poolPerms] = pool.RequiredPermissions
 	permissions[litPerms] = RequiredPermissions
 	permissions[lndPerms] = lnd.MainRPCServerPermissions()
 	for k, v := range whiteListedLNDMethods {
@@ -106,6 +96,21 @@ func NewManager(withAllSubServers bool) (*Manager, error) {
 	}, nil
 }
 
+// RegisterSubServer adds the permissions of a given sub-server to the set
+// managed by the Manager.
+func (pm *Manager) RegisterSubServer(name string,
+	permissions map[string][]bakery.Op) {
+
+	pm.permsMu.Lock()
+	defer pm.permsMu.Unlock()
+
+	pm.fixedPerms[name] = permissions
+
+	for uri, ops := range permissions {
+		pm.perms[uri] = ops
+	}
+}
+
 // OnLNDBuildTags should be called once a list of LND build tags has been
 // obtained. It then uses those build tags to decide which of the LND sub-server
 // permissions to add to the main permissions list. This method should only
@@ -225,50 +230,19 @@ func (pm *Manager) ActivePermissions(readOnly bool) []bakery.Op {
 // _except_ for any LND permissions. In other words, this returns permissions
 // for which the external validator of Lit is responsible.
 func (pm *Manager) GetLitPerms() map[string][]bakery.Op {
-	mapSize := len(pm.fixedPerms[litPerms]) +
-		len(pm.fixedPerms[faradayPerms]) +
-		len(pm.fixedPerms[loopPerms]) + len(pm.fixedPerms[poolPerms])
+	result := make(map[string][]bakery.Op)
+	for subserver, ops := range pm.fixedPerms {
+		if subserver == lndPerms {
+			continue
+		}
 
-	result := make(map[string][]bakery.Op, mapSize)
-	for key, value := range pm.fixedPerms[faradayPerms] {
-		result[key] = value
-	}
-	for key, value := range pm.fixedPerms[loopPerms] {
-		result[key] = value
-	}
-	for key, value := range pm.fixedPerms[poolPerms] {
-		result[key] = value
-	}
-	for key, value := range pm.fixedPerms[litPerms] {
-		result[key] = value
+		for key, value := range ops {
+			result[key] = value
+		}
 	}
 	return result
 }
 
-// SubServerHandler returns the name of the subserver that should handle the
-// given URI.
-func (pm *Manager) SubServerHandler(uri string) (string, error) {
-	switch {
-	case pm.IsSubServerURI(lndPerms, uri):
-		return lndPerms, nil
-
-	case pm.IsSubServerURI(faradayPerms, uri):
-		return faradayPerms, nil
-
-	case pm.IsSubServerURI(loopPerms, uri):
-		return loopPerms, nil
-
-	case pm.IsSubServerURI(poolPerms, uri):
-		return poolPerms, nil
-
-	case pm.IsSubServerURI(litPerms, uri):
-		return litPerms, nil
-
-	default:
-		return "", fmt.Errorf("unknown gRPC web request: %v", uri)
-	}
-}
-
 // IsSubServerURI if the given URI belongs to the RPC of the given server.
 func (pm *Manager) IsSubServerURI(name string, uri string) bool {
 	if name == lndPerms {

subservers/manager.go

@@ -53,6 +53,8 @@ func (s *Manager) AddServer(ss SubServer) {
 		SubServer: ss,
 		quit:      make(chan struct{}),
 	})
+
+	s.permsMgr.RegisterSubServer(ss.Name(), ss.Permissions())
 }
 
 // StartIntegratedServers starts all the manager's sub-servers that should be