lnrpc+rpcperms: add ctx metadata pairs to RPCMiddlewareRequest

The MW interceptor works via a stream & sends requests to the interceptor via this stream. Sometimes, the interceptor might want to work with grpc metadata pairs that were sent via the context of the original request though and so in this commit, we ensure that for each request sent via the stream to the interceptr, the grpc metadata is sent along explicitly as well. This is done by adding a new `metadata_pairs` field to the RPCMiddlewareRequest proto message.
2025-08-30 07:35:07 +02:00 · 2025-04-20 10:25:46 +02:00
parent c9fe051b2f
commit e9fc852390
4 changed files with 918 additions and 775 deletions
--- a/rpcperms/middleware_handler.go
+++ b/rpcperms/middleware_handler.go
@@ -12,6 +12,7 @@ import (
 	"github.com/btcsuite/btcd/chaincfg"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/macaroons"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/reflect/protoregistry"
@@ -391,6 +392,10 @@ type InterceptionRequest struct {
 	// IsError indicates that the message contained within this request is
 	// an error. Will only ever be true for response messages.
 	IsError bool
+
+	// CtxMetadataPairs contains the metadata pairs that were sent along
+	// with the RPC request via the context.
+	CtxMetadataPairs metadata.MD
 }

 // NewMessageInterceptionRequest creates a new interception request for either
@@ -404,12 +409,15 @@ func NewMessageInterceptionRequest(ctx context.Context,
 		return nil, err
 	}

+	md, _ := metadata.FromIncomingContext(ctx)
+
 	req := &InterceptionRequest{
-		Type:        authType,
-		StreamRPC:   isStream,
-		Macaroon:    mac,
-		RawMacaroon: rawMacaroon,
-		FullURI:     fullMethod,
+		Type:             authType,
+		StreamRPC:        isStream,
+		Macaroon:         mac,
+		RawMacaroon:      rawMacaroon,
+		FullURI:          fullMethod,
+		CtxMetadataPairs: md,
 	}

 	// The message is either a proto message or an error, we don't support
@@ -486,11 +494,21 @@ func macaroonFromContext(ctx context.Context) (*macaroon.Macaroon, []byte,
 func (r *InterceptionRequest) ToRPC(requestID,
 	msgID uint64) (*lnrpc.RPCMiddlewareRequest, error) {

+	mdPairs := make(
+		map[string]*lnrpc.MetadataValues, len(r.CtxMetadataPairs),
+	)
+	for key, values := range r.CtxMetadataPairs {
+		mdPairs[key] = &lnrpc.MetadataValues{
+			Values: values,
+		}
+	}
+
 	rpcRequest := &lnrpc.RPCMiddlewareRequest{
 		RequestId:             requestID,
 		MsgId:                 msgID,
 		RawMacaroon:           r.RawMacaroon,
 		CustomCaveatCondition: r.CustomCaveatCondition,
+		MetadataPairs:         mdPairs,
 	}

 	switch r.Type {