firewall: add WithPrivacy to RequestInfo

ellemouton · ellemouton · commit e8065428e626 · 2023-01-27T06:47:13.000+02:00
diff --git a/firewall/caveats.go b/firewall/caveats.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/lightningnetwork/lnd/macaroons"
+	"gopkg.in/macaroon.v2"
 )
 
 const (
@@ -20,6 +21,11 @@ const (
 	// MetaRulesValuePrefix is the static prefix a macaroon caveat value has
 	// to mark the beginning of the rules list JSON data.
 	MetaRulesValuePrefix = "rules"
+
+	// CondPrivacy is the name of the custom caveat that will
+	// instruct lnd to send all requests with this caveat to this
+	// interceptor.
+	CondPrivacy = "privacy"
 )
 
 var (
@@ -35,6 +41,15 @@ var (
 		macaroons.CondLndCustom, RuleEnforcerCaveat,
 		MetaRulesValuePrefix)
 
+	// MetaPrivacyCaveatPrefix is the caveat prefix that will be used to
+	// identify the privacy mapper caveat.
+	MetaPrivacyCaveatPrefix = fmt.Sprintf("%s %s", macaroons.CondLndCustom,
+		CondPrivacy)
+
+	// MetaPrivacyCaveat is the caveat required to ensure that the
+	// privacy mapper is activated as an interceptor for a request.
+	MetaPrivacyCaveat = macaroon.Caveat{Id: []byte(MetaPrivacyCaveatPrefix)}
+
 	// ErrNoMetaInfoCaveat is the error that is returned if a caveat doesn't
 	// have the prefix to be recognized as a meta information caveat.
 	ErrNoMetaInfoCaveat = fmt.Errorf("not a meta info caveat")
@@ -150,3 +165,9 @@ func ParseRuleCaveat(caveat string) (*InterceptRules, error) {
 
 	return &rules, nil
 }
+
+// IsPrivacyCaveat returns true if the given caveat string is a privacy mapper
+// caveat.
+func IsPrivacyCaveat(caveat string) bool {
+	return strings.Contains(caveat, MetaPrivacyCaveatPrefix)
+}
diff --git a/firewall/request_info.go b/firewall/request_info.go
@@ -37,6 +37,7 @@ type RequestInfo struct {
 	Caveats         []string
 	MetaInfo        *InterceptMetaInfo
 	Rules           *InterceptRules
+	WithPrivacy     bool
 }
 
 // NewInfoFromRequest parses the given RPC middleware interception request and
@@ -99,7 +100,8 @@ func NewInfoFromRequest(req *lnrpc.RPCMiddlewareRequest) (*RequestInfo, error) {
 		if err == nil {
 			ri.MetaInfo = metaInfo
 
-			// The same caveat can't be a meta info and rule list.
+			// The same caveat can't be a meta info and a rule list
+			// or a privacy caveat.
 			continue
 		}
 
@@ -109,6 +111,14 @@ func NewInfoFromRequest(req *lnrpc.RPCMiddlewareRequest) (*RequestInfo, error) {
 		rules, err := ParseRuleCaveat(ri.Caveats[idx])
 		if err == nil {
 			ri.Rules = rules
+
+			// The same caveat can't be a rule list and a privacy
+			// caveat.
+			continue
+		}
+
+		if IsPrivacyCaveat(ri.Caveats[idx]) {
+			ri.WithPrivacy = true
 		}
 	}
 
