highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-05-23 10:10:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

cmd/lncli: add metadata kvpair flag

Browse Source 
Add a new `metadata` string slice flag to lncli that allows the caller
to specify multiple key-value string pairs that should be appended to
the outgoing context.
This commit is contained in:
Elle Mouton 2022-08-11 11:10:27 +02:00
parent e488bbfc9d
commit 1dffaf10e2
No known key found for this signature in database
GPG Key ID: D7D916376026F177
2 changed files with 98 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
cmd/lncli/main.go
View File

@ -24,6 +24,7 @@ import (
"golang.org/x/term" "golang.org/x/term"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"google.golang.org/grpc/metadata"
) )
const ( const (
@ -109,6 +110,12 @@ func getClientConn(ctx *cli.Context, skipMacaroons bool) *grpc.ClientConn {
// Create a dial options array. // Create a dial options array.
opts := []grpc.DialOption{ opts := []grpc.DialOption{
grpc.WithTransportCredentials(creds), grpc.WithTransportCredentials(creds),
grpc.WithUnaryInterceptor(
addMetadataUnaryInterceptor(profile.Metadata),
),
grpc.WithStreamInterceptor(
addMetaDataStreamInterceptor(profile.Metadata),
),
} }
// Only process macaroon credentials if --no-macaroons isn't set and // Only process macaroon credentials if --no-macaroons isn't set and
@ -141,16 +148,17 @@ func getClientConn(ctx *cli.Context, skipMacaroons bool) *grpc.ClientConn {
} }
macConstraints := []macaroons.Constraint{ macConstraints := []macaroons.Constraint{
// We add a time-based constraint to prevent replay of the // We add a time-based constraint to prevent replay of
// macaroon. It's good for 60 seconds by default to make up for // the macaroon. It's good for 60 seconds by default to
// any discrepancy between client and server clocks, but leaking // make up for any discrepancy between client and server
// the macaroon before it becomes invalid makes it possible for // clocks, but leaking the macaroon before it becomes
// an attacker to reuse the macaroon. In addition, the validity // invalid makes it possible for an attacker to reuse
// time of the macaroon is extended by the time the server clock // the macaroon. In addition, the validity time of the
// is behind the client clock, or shortened by the time the // macaroon is extended by the time the server clock is
// behind the client clock, or shortened by the time the
// server clock is ahead of the client clock (or invalid // server clock is ahead of the client clock (or invalid
// altogether if, in the latter case, this time is more than 60 // altogether if, in the latter case, this time is more
// seconds). // than 60 seconds).
// TODO(aakselrod): add better anti-replay protection. // TODO(aakselrod): add better anti-replay protection.
macaroons.TimeoutConstraint(profile.Macaroons.Timeout), macaroons.TimeoutConstraint(profile.Macaroons.Timeout),
@ -180,7 +188,9 @@ func getClientConn(ctx *cli.Context, skipMacaroons bool) *grpc.ClientConn {
// to connect to the grpc server. // to connect to the grpc server.
if ctx.GlobalIsSet("socksproxy") { if ctx.GlobalIsSet("socksproxy") {
socksProxy := ctx.GlobalString("socksproxy") socksProxy := ctx.GlobalString("socksproxy")
torDialer := func(_ context.Context, addr string) (net.Conn, error) { torDialer := func(_ context.Context, addr string) (net.Conn,
error) {
return tor.Dial( return tor.Dial(
addr, socksProxy, false, false, addr, socksProxy, false, false,
tor.DefaultConnTimeout, tor.DefaultConnTimeout,
@ -204,6 +214,49 @@ func getClientConn(ctx *cli.Context, skipMacaroons bool) *grpc.ClientConn {
return conn return conn
} }
// addMetadataUnaryInterceptor returns a grpc client side interceptor that
// appends any key-value metadata strings to the outgoing context of a grpc
// unary call.
func addMetadataUnaryInterceptor(
md map[string]string) grpc.UnaryClientInterceptor {
return func(ctx context.Context, method string, req, reply interface{},
cc *grpc.ClientConn, invoker grpc.UnaryInvoker,
opts ...grpc.CallOption) error {
outCtx := contextWithMetadata(ctx, md)
return invoker(outCtx, method, req, reply, cc, opts...)
}
}
// addMetaDataStreamInterceptor returns a grpc client side interceptor that
// appends any key-value metadata strings to the outgoing context of a grpc
// stream call.
func addMetaDataStreamInterceptor(
md map[string]string) grpc.StreamClientInterceptor {
return func(ctx context.Context, desc *grpc.StreamDesc,
cc *grpc.ClientConn, method string, streamer grpc.Streamer,
opts ...grpc.CallOption) (grpc.ClientStream, error) {
outCtx := contextWithMetadata(ctx, md)
return streamer(outCtx, desc, cc, method, opts...)
}
}
// contextWithMetaData appends the given metadata key-value pairs to the given
// context.
func contextWithMetadata(ctx context.Context,
md map[string]string) context.Context {
kvPairs := make([]string, 0, 2*len(md))
for k, v := range md {
kvPairs = append(kvPairs, k, v)
}
return metadata.AppendToOutgoingContext(ctx, kvPairs...)
}
// extractPathArgs parses the TLS certificate and macaroon paths from the // extractPathArgs parses the TLS certificate and macaroon paths from the
// command. // command.
func extractPathArgs(ctx *cli.Context) (string, string, error) { func extractPathArgs(ctx *cli.Context) (string, string, error) {
@ -349,6 +402,14 @@ func main() {
"macaroon jar instead of the default one. " + "macaroon jar instead of the default one. " +
"Can only be used if profiles are defined.", "Can only be used if profiles are defined.",
}, },
cli.StringSliceFlag{
Name: "metadata",
Usage: "This flag can be used to specify a key-value " +
"pair that should be appended to the " +
"outgoing context before the request is sent " +
"to lnd. This flag may be specified multiple " +
"times. The format is: \"key:value\".",
},
} }
app.Commands = []cli.Command{ app.Commands = []cli.Command{
createCommand, createCommand,

20
cmd/lncli/profile.go
View File

@ -32,6 +32,7 @@ type profileEntry struct {
NoMacaroons bool `json:"no-macaroons,omitempty"` // nolint:tagliatelle NoMacaroons bool `json:"no-macaroons,omitempty"` // nolint:tagliatelle
TLSCert string `json:"tlscert"` TLSCert string `json:"tlscert"`
Macaroons *macaroonJar `json:"macaroons"` Macaroons *macaroonJar `json:"macaroons"`
Metadata map[string]string `json:"metadata,omitempty"`
} }
// cert returns the profile's TLS certificate as a x509 certificate pool. // cert returns the profile's TLS certificate as a x509 certificate pool.
@ -128,17 +129,32 @@ func profileFromContext(ctx *cli.Context, store, skipMacaroons bool) (
var err error var err error
tlsCert, err = ioutil.ReadFile(tlsCertPath) tlsCert, err = ioutil.ReadFile(tlsCertPath)
if err != nil { if err != nil {
return nil, fmt.Errorf("could not load TLS cert file: %v", err) return nil, fmt.Errorf("could not load TLS cert "+
"file: %v", err)
} }
} }
metadata := make(map[string]string)
for _, m := range ctx.GlobalStringSlice("metadata") {
pair := strings.Split(m, ":")
if len(pair) != 2 {
return nil, fmt.Errorf("invalid format for metadata " +
"flag; expected \"key:value\"")
}
metadata[pair[0]] = pair[1]
}
entry := &profileEntry{ entry := &profileEntry{
RPCServer: ctx.GlobalString("rpcserver"), RPCServer: ctx.GlobalString("rpcserver"),
LndDir: lncfg.CleanAndExpandPath(ctx.GlobalString("lnddir")), LndDir: lncfg.CleanAndExpandPath(
ctx.GlobalString("lnddir"),
),
Chain: ctx.GlobalString("chain"), Chain: ctx.GlobalString("chain"),
Network: ctx.GlobalString("network"), Network: ctx.GlobalString("network"),
NoMacaroons: ctx.GlobalBool("no-macaroons"), NoMacaroons: ctx.GlobalBool("no-macaroons"),
TLSCert: string(tlsCert), TLSCert: string(tlsCert),
Metadata: metadata,
} }
// If we aren't using macaroons in general (flag --no-macaroons) or // If we aren't using macaroons in general (flag --no-macaroons) or