subservers: add WhiteListedURLs to the SubServer interface

ellemouton · ellemouton · commit 1332106eef8c · 2023-09-07T11:00:02.000+02:00
Add a new `WhiteListedURLs` method to the `SubServer` interface
so that Lit can easily collect the set of permissions from each
sub-server that does not require a macaroon.
diff --git a/subservers/faraday.go b/subservers/faraday.go
@@ -118,3 +118,11 @@ func (f *faradaySubServer) MacPath() string {
 func (f *faradaySubServer) Permissions() map[string][]bakery.Op {
 	return perms.RequiredPermissions
 }
+
+// WhiteListedURLs returns a map of all the sub-server's URLs that can be
+// accessed without a macaroon.
+//
+// NOTE: this is part of the SubServer interface.
+func (f *faradaySubServer) WhiteListedURLs() map[string]struct{} {
+	return nil
+}
diff --git a/subservers/interface.go b/subservers/interface.go
@@ -58,4 +58,8 @@ type SubServer interface {
 	// Permissions returns a map of all RPC methods and their required
 	// macaroon permissions to access the sub-server.
 	Permissions() map[string][]bakery.Op
+
+	// WhiteListedURLs returns a map of all the sub-server's URLs that can
+	// be accessed without a macaroon.
+	WhiteListedURLs() map[string]struct{}
 }
diff --git a/subservers/loop.go b/subservers/loop.go
@@ -128,3 +128,11 @@ func (l *loopSubServer) MacPath() string {
 func (l *loopSubServer) Permissions() map[string][]bakery.Op {
 	return perms.RequiredPermissions
 }
+
+// WhiteListedURLs returns a map of all the sub-server's URLs that can be
+// accessed without a macaroon.
+//
+// NOTE: this is part of the SubServer interface.
+func (l *loopSubServer) WhiteListedURLs() map[string]struct{} {
+	return nil
+}
diff --git a/subservers/pool.go b/subservers/pool.go
@@ -118,3 +118,11 @@ func (p *poolSubServer) MacPath() string {
 func (p *poolSubServer) Permissions() map[string][]bakery.Op {
 	return perms.RequiredPermissions
 }
+
+// WhiteListedURLs returns a map of all the sub-server's URLs that can be
+// accessed without a macaroon.
+//
+// NOTE: this is part of the SubServer interface.
+func (p *poolSubServer) WhiteListedURLs() map[string]struct{} {
+	return nil
+}
diff --git a/subservers/taproot-assets.go b/subservers/taproot-assets.go
@@ -174,3 +174,19 @@ func (t *taprootAssetsSubServer) MacPath() string {
 func (t *taprootAssetsSubServer) Permissions() map[string][]bakery.Op {
 	return perms.RequiredPermissions
 }
+
+// WhiteListedURLs returns a map of all the sub-server's URLs that can be
+// accessed without a macaroon.
+//
+// NOTE: this is part of the SubServer interface.
+func (t *taprootAssetsSubServer) WhiteListedURLs() map[string]struct{} {
+	// If the taproot-asset daemon is running in integrated mode, then we
+	// use cfg.RpcConf.AllowPublicStats to determine if the public stats
+	// endpoints should be included in the whitelist. If it is running in
+	// remote mode, however, then we don't know if the public stats are
+	// allowed, and so we just allow the request through since the remote
+	// daemon will handle blocking the call if it is not whitelisted there.
+	return perms.MacaroonWhitelist(
+		t.cfg.RpcConf.AllowPublicStats || t.remote,
+	)
+}

Original file line number	Diff line number	Diff line change
`@@ -58,4 +58,8 @@ type SubServer interface {`
`58`	`58`	`// Permissions returns a map of all RPC methods and their required`
`59`	`59`	`// macaroon permissions to access the sub-server.`
`60`	`60`	`Permissions() map[string][]bakery.Op`
	`61`	`+`
	`62`	`+ // WhiteListedURLs returns a map of all the sub-server's URLs that can`
	`63`	`+ // be accessed without a macaroon.`
	`64`	`+ WhiteListedURLs() map[string]struct{}`
`61`	`65`	`}`