subservers: add uri handler helper funcs

positiveblue · positiveblue · commit c3bc9917fd92 · 2023-05-01T00:48:24.000-07:00
diff --git a/perms/manager.go b/perms/manager.go
@@ -1,6 +1,7 @@
 package perms
 
 import (
+	"fmt"
 	"regexp"
 	"strings"
 	"sync"
@@ -244,8 +245,42 @@ func (pm *Manager) GetLitPerms() map[string][]bakery.Op {
 	return result
 }
 
-// IsLndURI returns true if the given URI belongs to an RPC of lnd.
-func (pm *Manager) IsLndURI(uri string) bool {
+// SubServerHandler returns the name of the subserver that should handle the
+// given URI.
+func (pm *Manager) SubServerHandler(uri string) (string, error) {
+	switch {
+	case pm.IsSubServerURI(lndPerms, uri):
+		return lndPerms, nil
+
+	case pm.IsSubServerURI(faradayPerms, uri):
+		return faradayPerms, nil
+
+	case pm.IsSubServerURI(loopPerms, uri):
+		return loopPerms, nil
+
+	case pm.IsSubServerURI(poolPerms, uri):
+		return poolPerms, nil
+
+	case pm.IsSubServerURI(litPerms, uri):
+		return litPerms, nil
+
+	default:
+		return "", fmt.Errorf("unknown gRPC web request: %v", uri)
+	}
+}
+
+// IsSubServerURI if the given URI belongs to the RPC of the given server.
+func (pm *Manager) IsSubServerURI(name string, uri string) bool {
+	if name == lndPerms {
+		return pm.isLndURI(uri)
+	}
+
+	_, ok := pm.fixedPerms[name][uri]
+	return ok
+}
+
+// isLndURI returns true if the given URI belongs to an RPC of lnd.
+func (pm *Manager) isLndURI(uri string) bool {
 	var lndSubServerCall bool
 	for _, subserverPermissions := range pm.lndSubServerPerms {
 		_, found := subserverPermissions[uri]
diff --git a/rpc_proxy.go b/rpc_proxy.go
@@ -15,6 +15,7 @@ import (
 	"github.com/lightninglabs/lightning-terminal/litrpc"
 	"github.com/lightninglabs/lightning-terminal/perms"
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightninglabs/lightning-terminal/subservers"
 	"github.com/lightningnetwork/lnd/lncfg"
 	"github.com/lightningnetwork/lnd/macaroons"
 	grpcProxy "github.com/mwitkow/grpc-proxy/proxy"
@@ -361,18 +362,30 @@ func (p *rpcProxy) makeDirector(allowLitRPC bool) func(ctx context.Context,
 		// since it must either be an lnd call or something that'll be
 		// handled by the integrated daemons that are hooking into lnd's
 		// gRPC server.
+		isFaraday := p.permsMgr.IsSubServerURI(
+			subservers.FARADAY, requestURI,
+		)
+		isLoop := p.permsMgr.IsSubServerURI(
+			subservers.LOOP, requestURI,
+		)
+		isPool := p.permsMgr.IsSubServerURI(
+			subservers.POOL, requestURI,
+		)
+		isLit := p.permsMgr.IsSubServerURI(
+			subservers.LIT, requestURI,
+		)
 		switch {
-		case p.permsMgr.IsFaradayURI(requestURI) && p.cfg.faradayRemote:
+		case isFaraday && p.cfg.faradayRemote:
 			return outCtx, p.faradayConn, nil
 
-		case p.permsMgr.IsLoopURI(requestURI) && p.cfg.loopRemote:
+		case isLoop && p.cfg.loopRemote:
 			return outCtx, p.loopConn, nil
 
-		case p.permsMgr.IsPoolURI(requestURI) && p.cfg.poolRemote:
+		case isPool && p.cfg.poolRemote:
 			return outCtx, p.poolConn, nil
 
 		// Calls to LiT session RPC aren't allowed in some cases.
-		case p.permsMgr.IsLitURI(requestURI) && !allowLitRPC:
+		case isLit && !allowLitRPC:
 			return outCtx, nil, status.Errorf(
 				codes.Unimplemented, "unknown service %s",
 				requestURI,
@@ -533,37 +546,42 @@ func (p *rpcProxy) basicAuthToMacaroon(basicAuth, requestURI string,
 		macPath string
 		macData []byte
 	)
-	switch {
-	case p.permsMgr.IsLndURI(requestURI):
+	subserver, err := p.permsMgr.SubServerHandler(requestURI)
+	if err != nil {
+		return nil, err
+	}
+
+	switch subserver {
+	case subservers.LND:
 		_, _, _, macPath, macData = p.cfg.lndConnectParams()
 
-	case p.permsMgr.IsFaradayURI(requestURI):
+	case subservers.FARADAY:
 		if p.cfg.faradayRemote {
 			macPath = p.cfg.Remote.Faraday.MacaroonPath
 		} else {
 			macPath = p.cfg.Faraday.MacaroonPath
 		}
 
-	case p.permsMgr.IsLoopURI(requestURI):
+	case subservers.LOOP:
 		if p.cfg.loopRemote {
 			macPath = p.cfg.Remote.Loop.MacaroonPath
 		} else {
 			macPath = p.cfg.Loop.MacaroonPath
 		}
 
-	case p.permsMgr.IsPoolURI(requestURI):
+	case subservers.POOL:
 		if p.cfg.poolRemote {
 			macPath = p.cfg.Remote.Pool.MacaroonPath
 		} else {
 			macPath = p.cfg.Pool.MacaroonPath
 		}
 
-	case p.permsMgr.IsLitURI(requestURI):
+	case subservers.LIT:
 		macPath = p.cfg.MacaroonPath
 
 	default:
-		return nil, fmt.Errorf("unknown gRPC web request: %v",
-			requestURI)
+		return nil, fmt.Errorf("unknown subserver handler: %v",
+			subserver)
 	}
 
 	switch {
@@ -635,21 +653,22 @@ func (p *rpcProxy) convertSuperMacaroon(ctx context.Context, macHex string,
 
 	// Is this actually a request that goes to a daemon that is running
 	// remotely?
-	switch {
-	case p.permsMgr.IsFaradayURI(fullMethod) && p.cfg.faradayRemote:
-		return readMacaroon(lncfg.CleanAndExpandPath(
-			p.cfg.Remote.Faraday.MacaroonPath,
-		))
-
-	case p.permsMgr.IsLoopURI(fullMethod) && p.cfg.loopRemote:
-		return readMacaroon(lncfg.CleanAndExpandPath(
-			p.cfg.Remote.Loop.MacaroonPath,
-		))
-
-	case p.permsMgr.IsPoolURI(fullMethod) && p.cfg.poolRemote:
-		return readMacaroon(lncfg.CleanAndExpandPath(
-			p.cfg.Remote.Pool.MacaroonPath,
-		))
+	subserver, err := p.permsMgr.SubServerHandler(fullMethod)
+	if err == nil {
+		switch {
+		case subserver == subservers.FARADAY && p.cfg.faradayRemote:
+			return readMacaroon(lncfg.CleanAndExpandPath(
+				p.cfg.Remote.Faraday.MacaroonPath,
+			))
+		case subserver == subservers.LOOP && p.cfg.loopRemote:
+			return readMacaroon(lncfg.CleanAndExpandPath(
+				p.cfg.Remote.Loop.MacaroonPath,
+			))
+		case subserver == subservers.POOL && p.cfg.poolRemote:
+			return readMacaroon(lncfg.CleanAndExpandPath(
+				p.cfg.Remote.Pool.MacaroonPath,
+			))
+		}
 	}
 
 	return nil, nil
diff --git a/terminal.go b/terminal.go
@@ -31,6 +31,7 @@ import (
 	mid "github.com/lightninglabs/lightning-terminal/rpcmiddleware"
 	"github.com/lightninglabs/lightning-terminal/rules"
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightninglabs/lightning-terminal/subservers"
 	"github.com/lightninglabs/lndclient"
 	"github.com/lightninglabs/loop"
 	"github.com/lightninglabs/loop/loopd"
@@ -999,7 +1000,7 @@ func (g *LightningTerminal) ValidateMacaroon(ctx context.Context,
 	// process. Calls that we proxy to a remote host don't need to be
 	// checked as they'll have their own interceptor.
 	switch {
-	case g.permsMgr.IsFaradayURI(fullMethod):
+	case g.permsMgr.IsSubServerURI(subservers.FARADAY, fullMethod):
 		// In remote mode we just pass through the request, the remote
 		// daemon will check the macaroon.
 		if g.cfg.faradayRemote {
@@ -1023,7 +1024,7 @@ func (g *LightningTerminal) ValidateMacaroon(ctx context.Context,
 			}
 		}
 
-	case g.permsMgr.IsLoopURI(fullMethod):
+	case g.permsMgr.IsSubServerURI(subservers.LOOP, fullMethod):
 		// In remote mode we just pass through the request, the remote
 		// daemon will check the macaroon.
 		if g.cfg.loopRemote {
@@ -1047,7 +1048,7 @@ func (g *LightningTerminal) ValidateMacaroon(ctx context.Context,
 			}
 		}
 
-	case g.permsMgr.IsPoolURI(fullMethod):
+	case g.permsMgr.IsSubServerURI(subservers.POOL, fullMethod):
 		// In remote mode we just pass through the request, the remote
 		// daemon will check the macaroon.
 		if g.cfg.poolRemote {
@@ -1071,7 +1072,7 @@ func (g *LightningTerminal) ValidateMacaroon(ctx context.Context,
 			}
 		}
 
-	case g.permsMgr.IsLitURI(fullMethod):
+	case g.permsMgr.IsSubServerURI(subservers.LIT, fullMethod):
 		if !g.macaroonServiceStarted {
 			return fmt.Errorf("the macaroon service has not " +
 				"started yet")
