Skip to content

Commit 705bf12

Browse files
ellemoutonellemouton
committed
perms: add IsWhiteListURL method to the Manager
This commit adds a new `IsWhiteListURL` to the permissions manager. This can then be used by LiT to check if it should perform macaroon validation on a query or not.
1 parent d856616 commit 705bf12

File tree

2 files changed

+24
-3
lines changed

2 files changed

+24
-3
lines changed

perms/manager.go

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,13 @@ func NewManager(withAllSubServers bool) (*Manager, error) {
4949
permissions := make(map[string]map[string][]bakery.Op)
5050
permissions[litPerms] = RequiredPermissions
5151
permissions[lndPerms] = lnd.MainRPCServerPermissions()
52-
for k, v := range whiteListedLNDMethods {
53-
permissions[lndPerms][k] = v
52+
53+
for url := range whiteListedLitMethods {
54+
permissions[litPerms][url] = []bakery.Op{}
55+
}
56+
57+
for url := range whiteListedLNDMethods {
58+
permissions[lndPerms][url] = []bakery.Op{}
5459
}
5560

5661
// Collect all LND sub-server permissions along with the name of the
@@ -96,6 +101,18 @@ func NewManager(withAllSubServers bool) (*Manager, error) {
96101
}, nil
97102
}
98103

104+
// IsWhiteListedURL returns true if the given URL has been whitelisted meaning
105+
// that it does not require a macaroon for validation. A URL is considered
106+
// white-listed if it has no operations associated with a URL.
107+
func (pm *Manager) IsWhiteListedURL(url string) bool {
108+
pm.permsMu.Lock()
109+
defer pm.permsMu.Unlock()
110+
111+
ops, ok := pm.perms[url]
112+
113+
return ok && len(ops) == 0
114+
}
115+
99116
// RegisterSubServer adds the permissions of a given sub-server to the set
100117
// managed by the Manager.
101118
func (pm *Manager) RegisterSubServer(name string,

perms/permissions.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ var (
8080

8181
// whiteListedLNDMethods is a map of all lnd RPC methods that don't
8282
// require any macaroon authentication.
83-
whiteListedLNDMethods = map[string][]bakery.Op{
83+
whiteListedLNDMethods = map[string]struct{}{
8484
"/lnrpc.WalletUnlocker/GenSeed": {},
8585
"/lnrpc.WalletUnlocker/InitWallet": {},
8686
"/lnrpc.WalletUnlocker/UnlockWallet": {},
@@ -92,6 +92,10 @@ var (
9292
"/lnrpc.State/GetState": {},
9393
}
9494

95+
// whiteListedLitMethods is a map of all LiT's RPC methods that don't
96+
// require any macaroon authentication.
97+
whiteListedLitMethods = map[string]struct{}{}
98+
9599
// lndSubServerNameToTag is a map from the name of an LND subserver to
96100
// the name of the LND tag that corresponds to the subserver. This map
97101
// only contains the subserver-to-tag pairs for the pairs where the

0 commit comments

Comments
 (0)