firewall: add macaroon caveat logic

Author: guggero

firewall/caveats.go

@@ -0,0 +1,144 @@
+package firewall
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/lightningnetwork/lnd/macaroons"
+)
+
+const (
+	// RuleEnforcerCaveat is the name of the custom caveat that contains all
+	// the rules that need to be enforced in the firewall.
+	RuleEnforcerCaveat = "lit-mac-fw"
+
+	// MetaInfoValuePrefix is the static prefix a macaroon caveat value has
+	// to mark the beginning of the meta information JSON data.
+	MetaInfoValuePrefix = "meta"
+
+	// MetaRulesValuePrefix is the static prefix a macaroon caveat value has
+	// to mark the beginning of the rules list JSON data.
+	MetaRulesValuePrefix = "rules"
+)
+
+var (
+	// MetaInfoFullCaveatPrefix is the full prefix a caveat needs to have to
+	// be recognized as a meta information caveat.
+	MetaInfoFullCaveatPrefix = fmt.Sprintf("%s %s %s",
+		macaroons.CondLndCustom, RuleEnforcerCaveat,
+		MetaInfoValuePrefix)
+
+	// MetaRulesFullCaveatPrefix is the full prefix a caveat needs to have
+	// to be recognized as a rules list caveat.
+	MetaRulesFullCaveatPrefix = fmt.Sprintf("%s %s %s",
+		macaroons.CondLndCustom, RuleEnforcerCaveat,
+		MetaRulesValuePrefix)
+
+	// ErrNoMetaInfoCaveat is the error that is returned if a caveat doesn't
+	// have the prefix to be recognized as a meta information caveat.
+	ErrNoMetaInfoCaveat = fmt.Errorf("not a meta info caveat")
+
+	// ErrNoRulesCaveat is the error that is returned if a caveat doesn't
+	// have the prefix to be recognized as a rules list caveat.
+	ErrNoRulesCaveat = fmt.Errorf("not a rules list caveat")
+)
+
+// InterceptMetaInfo is the JSON serializable struct containing meta information
+// about a request made by an automated node management software against LiT.
+// The meta information is added as a macaroon caveat.
+type InterceptMetaInfo struct {
+	// ActorName is the name of the actor service (=management software)
+	// that is issuing this request.
+	ActorName string `json:"actor_name"`
+
+	// Trigger is the action or condition that triggered this intercepted
+	// request to be made.
+	Trigger string `json:"trigger"`
+
+	// Intent is the desired outcome or end condition this request aims to
+	// arrive at.
+	Intent string `json:"intent"`
+}
+
+// ToCaveat returns the full custom caveat string representation of the
+// interception meta information in this format:
+//     lnd-custom lit-mac-fw meta:<JSON_encoded_meta_information>
+func (i *InterceptMetaInfo) ToCaveat() (string, error) {
+	jsonBytes, err := json.Marshal(i)
+	if err != nil {
+		return "", fmt.Errorf("error JSON marshaling: %v", err)
+	}
+
+	return fmt.Sprintf("%s:%s", MetaInfoFullCaveatPrefix, jsonBytes), nil
+}
+
+// ParseMetaInfoCaveat tries to parse the given caveat string as a meta
+// information struct.
+func ParseMetaInfoCaveat(caveat string) (*InterceptMetaInfo, error) {
+	if !strings.HasPrefix(caveat, MetaInfoFullCaveatPrefix) {
+		return nil, ErrNoMetaInfoCaveat
+	}
+
+	// Only the prefix isn't enough.
+	if len(caveat) <= len(MetaInfoFullCaveatPrefix)+1 {
+		return nil, ErrNoMetaInfoCaveat
+	}
+
+	// There's a colon after the prefix that we need to skip as well.
+	jsonData := caveat[len(MetaInfoFullCaveatPrefix)+1:]
+	i := &InterceptMetaInfo{}
+
+	if err := json.Unmarshal([]byte(jsonData), i); err != nil {
+		return nil, fmt.Errorf("error unmarshaling JSON: %v", err)
+	}
+
+	return i, nil
+}
+
+// InterceptRule is the JSON serializable struct containing all the rules and
+// their limits/settings that need to be enforced on a request made by an
+// automated node management software against LiT. The rule information is added
+// as a custom macaroon caveat.
+type InterceptRule struct {
+	// Name is the name of the rule. It must correspond to a
+	Name string `json:"name"`
+
+	// Restrictions is a key/value map of all the parameters that apply to
+	// this rule.
+	Restrictions map[string]string `json:"restrictions"`
+}
+
+// RulesToCaveat encodes a list of rules as a full custom caveat string
+// representation in this format:
+//     lnd-custom lit-mac-fw rules:[<array_of_JSON_encoded_rules>]
+func RulesToCaveat(rules []*InterceptRule) (string, error) {
+	jsonBytes, err := json.Marshal(rules)
+	if err != nil {
+		return "", fmt.Errorf("error JSON marshaling: %v", err)
+	}
+
+	return fmt.Sprintf("%s:%s", MetaRulesFullCaveatPrefix, jsonBytes), nil
+}
+
+// ParseRuleCaveat tries to parse the given caveat string as a rule struct.
+func ParseRuleCaveat(caveat string) ([]*InterceptRule, error) {
+	if !strings.HasPrefix(caveat, MetaRulesFullCaveatPrefix) {
+		return nil, ErrNoRulesCaveat
+	}
+
+	// Only the prefix isn't enough.
+	if len(caveat) <= len(MetaRulesFullCaveatPrefix)+1 {
+		return nil, ErrNoRulesCaveat
+	}
+
+	// There's a colon after the prefix that we need to skip as well.
+	jsonData := caveat[len(MetaRulesFullCaveatPrefix)+1:]
+	var rules []*InterceptRule
+
+	if err := json.Unmarshal([]byte(jsonData), &rules); err != nil {
+		return nil, fmt.Errorf("error unmarshaling JSON: %v", err)
+	}
+
+	return rules, nil
+}

firewall/caveats_test.go

@@ -0,0 +1,177 @@
+package firewall
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	testMetaCaveat = "lnd-custom lit-mac-fw meta:{\"actor_name\":" +
+		"\"re-balancer\",\"trigger\":\"channel 7413345453234435345 " +
+		"depleted\",\"intent\":\"increase outbound liquidity by " +
+		"2000000 sats\"}"
+
+	testRulesCaveat = "lnd-custom lit-mac-fw rules:[{\"name\":" +
+		"\"re-balance-limits\",\"restrictions\":" +
+		"{\"first-hop-ignore-list\":\"03abcd...,02badb01...\"," +
+		"\"max-hops\":\"4\",\"off-chain-fees-sats\":\"10\"}}," +
+		"{\"name\":\"time-limits\",\"restrictions\":" +
+		"{\"re-balance-min-interval-seconds\":\"3600\"}}]"
+)
+
+// TestInterceptMetaInfo makes sure that a meta information struct can be
+// formatted as a caveat and then parsed again successfully.
+func TestInterceptMetaInfo(t *testing.T) {
+	info := &InterceptMetaInfo{
+		ActorName: "re-balancer",
+		Trigger:   "channel 7413345453234435345 depleted",
+		Intent:    "increase outbound liquidity by 2000000 sats",
+	}
+
+	caveat, err := info.ToCaveat()
+	require.NoError(t, err)
+
+	require.Equal(t, testMetaCaveat, caveat)
+
+	parsedInfo, err := ParseMetaInfoCaveat(caveat)
+	require.NoError(t, err)
+
+	require.Equal(t, info, parsedInfo)
+}
+
+// TestParseMetaInfoCaveat makes sure the meta information caveat parsing works
+// as expected.
+func TestParseMetaInfoCaveat(t *testing.T) {
+	testCases := []struct {
+		name   string
+		input  string
+		err    error
+		result *InterceptMetaInfo
+	}{{
+		name:  "empty string",
+		input: "",
+		err:   ErrNoMetaInfoCaveat,
+	}, {
+		name:  "prefix only",
+		input: "lnd-custom lit-mac-fw meta:",
+		err:   ErrNoMetaInfoCaveat,
+	}, {
+		name:  "invalid JSON",
+		input: "lnd-custom lit-mac-fw meta:bar",
+		err: fmt.Errorf("error unmarshaling JSON: invalid character " +
+			"'b' looking for beginning of value"),
+	}, {
+		name:   "empty JSON",
+		input:  "lnd-custom lit-mac-fw meta:{}",
+		result: &InterceptMetaInfo{},
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+
+		t.Run(tc.name, func(tt *testing.T) {
+			i, err := ParseMetaInfoCaveat(tc.input)
+
+			if tc.err != nil {
+				require.Error(tt, err)
+				require.Equal(tt, tc.err, err)
+
+				return
+			}
+
+			require.NoError(tt, err)
+			require.Equal(tt, tc.result, i)
+		})
+	}
+}
+
+// TestInterceptRule makes sure that a rules list struct can be formatted as a
+// caveat and then parsed again successfully.
+func TestInterceptRule(t *testing.T) {
+	rules := []*InterceptRule{{
+		Name: "re-balance-limits",
+		Restrictions: map[string]string{
+			"off-chain-fees-sats":   "10",
+			"max-hops":              "4",
+			"first-hop-ignore-list": "03abcd...,02badb01...",
+		},
+	}, {
+		Name: "time-limits",
+		Restrictions: map[string]string{
+			"re-balance-min-interval-seconds": "3600",
+		},
+	}}
+
+	caveat, err := RulesToCaveat(rules)
+	require.NoError(t, err)
+
+	require.Equal(t, testRulesCaveat, caveat)
+
+	parsedRules, err := ParseRuleCaveat(caveat)
+	require.NoError(t, err)
+
+	require.Equal(t, rules, parsedRules)
+}
+
+// TestParseRulesCaveat makes sure the rule list caveat parsing works as
+// expected.
+func TestParseRulesCaveat(t *testing.T) {
+	testCases := []struct {
+		name   string
+		input  string
+		err    error
+		result []*InterceptRule
+	}{{
+		name:  "empty string",
+		input: "",
+		err:   ErrNoRulesCaveat,
+	}, {
+		name:  "prefix only",
+		input: "lnd-custom lit-mac-fw rules:",
+		err:   ErrNoRulesCaveat,
+	}, {
+		name:  "invalid JSON",
+		input: "lnd-custom lit-mac-fw rules:bar",
+		err: fmt.Errorf("error unmarshaling JSON: invalid character " +
+			"'b' looking for beginning of value"),
+	}, {
+		name:   "empty JSON",
+		input:  "lnd-custom lit-mac-fw rules:[]",
+		result: []*InterceptRule{},
+	}, {
+		name:   "empty rules",
+		input:  "lnd-custom lit-mac-fw rules:[{}, {}]",
+		result: []*InterceptRule{{}, {}},
+	}, {
+		name: "valid rules",
+		input: "lnd-custom lit-mac-fw rules:[{\"name\":\"foo\"}, " +
+			"{\"restrictions\":{\"foo\":\"bar\"}}]",
+		result: []*InterceptRule{{
+			Name: "foo",
+		}, {
+			Restrictions: map[string]string{
+				"foo": "bar",
+			},
+		}},
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+
+		t.Run(tc.name, func(tt *testing.T) {
+			i, err := ParseRuleCaveat(tc.input)
+
+			if tc.err != nil {
+				require.Error(tt, err)
+				require.Equal(tt, tc.err, err)
+
+				return
+			}
+
+			require.NoError(tt, err)
+			require.Equal(tt, tc.result, i)
+		})
+	}
+}