lnrpc+rpcperms: add ctx metadata pairs to RPCMiddlewareRequest

The MW interceptor works via a stream & sends requests to the interceptor via this stream. Sometimes, the interceptor might want to work with grpc metadata pairs that were sent via the context of the original request though and so in this commit, we ensure that for each request sent via the stream to the interceptr, the grpc metadata is sent along explicitly as well. This is done by adding a new `metadata_pairs` field to the RPCMiddlewareRequest proto message.
2025-05-03 00:10:20 +02:00 · 2025-04-20 10:25:46 +02:00 · 2025-04-20 10:25:46 +02:00 · e9fc852390
commit e9fc852390
parent c9fe051b2f
4 changed files with 918 additions and 775 deletions
--- a/lnrpc/lightning.pb.go
+++ b/lnrpc/lightning.pb.go
--- a/lnrpc/lightning.proto
+++ b/lnrpc/lightning.proto
@ -5128,6 +5128,22 @@ message RPCMiddlewareRequest {
    intercept message.
    */
    uint64 msg_id = 7;
+
+    /*
+    The metadata pairs that were sent along with the original gRPC request via
+    the golang context.Context using explicit [gRPC
+    metadata](https://grpc.io/docs/guides/metadata/). Context values are not
+    propagated via gRPC and so we send any pairs along explicitly here so that
+    the interceptor can access them.
+    */
+    map<string, MetadataValues> metadata_pairs = 9;
+}
+
+message MetadataValues {
+    /*
+    The set of metadata values that correspond to the metadata key.
+    */
+    repeated string values = 1;
 }

 message StreamAuth {
--- a/lnrpc/lightning.swagger.json
+++ b/lnrpc/lightning.swagger.json
@ -6093,6 +6093,18 @@
        }
      }
    },
+    "lnrpcMetadataValues": {
+      "type": "object",
+      "properties": {
+        "values": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "The set of metadata values that correspond to the metadata key."
+        }
+      }
+    },
    "lnrpcMiddlewareRegistration": {
      "type": "object",
      "properties": {
@ -7051,6 +7063,13 @@
          "type": "string",
          "format": "uint64",
          "description": "The unique message ID of this middleware intercept message. There can be\nmultiple middleware intercept messages per single gRPC request (one for the\nincoming request and one for the outgoing response) or gRPC stream (one for\neach incoming message and one for each outgoing response). This message ID\nmust be referenced when responding (accepting/rejecting/modifying) to an\nintercept message."
+        },
+        "metadata_pairs": {
+          "type": "object",
+          "additionalProperties": {
+            "$ref": "#/definitions/lnrpcMetadataValues"
+          },
+          "description": "The metadata pairs that were sent along with the original gRPC request via\nthe golang context.Context using explicit [gRPC\nmetadata](https://grpc.io/docs/guides/metadata/). Context values are not\npropagated via gRPC and so we send any pairs along explicitly here so that\nthe interceptor can access them."
        }
      }
    },
--- a/rpcperms/middleware_handler.go
+++ b/rpcperms/middleware_handler.go
@ -12,6 +12,7 @@ import (
 	"github.com/btcsuite/btcd/chaincfg"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/macaroons"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/reflect/protoregistry"
@ -391,6 +392,10 @@ type InterceptionRequest struct {
 	// IsError indicates that the message contained within this request is
 	// an error. Will only ever be true for response messages.
 	IsError bool
+
+	// CtxMetadataPairs contains the metadata pairs that were sent along
+	// with the RPC request via the context.
+	CtxMetadataPairs metadata.MD
 }

 // NewMessageInterceptionRequest creates a new interception request for either
@ -404,12 +409,15 @@ func NewMessageInterceptionRequest(ctx context.Context,
 		return nil, err
 	}

+	md, _ := metadata.FromIncomingContext(ctx)
+
 	req := &InterceptionRequest{
-		Type:        authType,
-		StreamRPC:   isStream,
-		Macaroon:    mac,
-		RawMacaroon: rawMacaroon,
-		FullURI:     fullMethod,
+		Type:             authType,
+		StreamRPC:        isStream,
+		Macaroon:         mac,
+		RawMacaroon:      rawMacaroon,
+		FullURI:          fullMethod,
+		CtxMetadataPairs: md,
 	}

 	// The message is either a proto message or an error, we don't support
@ -486,11 +494,21 @@ func macaroonFromContext(ctx context.Context) (*macaroon.Macaroon, []byte,
 func (r *InterceptionRequest) ToRPC(requestID,
 	msgID uint64) (*lnrpc.RPCMiddlewareRequest, error) {

+	mdPairs := make(
+		map[string]*lnrpc.MetadataValues, len(r.CtxMetadataPairs),
+	)
+	for key, values := range r.CtxMetadataPairs {
+		mdPairs[key] = &lnrpc.MetadataValues{
+			Values: values,
+		}
+	}
+
 	rpcRequest := &lnrpc.RPCMiddlewareRequest{
 		RequestId:             requestID,
 		MsgId:                 msgID,
 		RawMacaroon:           r.RawMacaroon,
 		CustomCaveatCondition: r.CustomCaveatCondition,
+		MetadataPairs:         mdPairs,
 	}

 	switch r.Type {