highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-06-23 07:11:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

multi: add RPC middleware interception

Browse Source 
With the middleware handler in place, we now need to add a new gRPC
interceptor to the interceptor chain that will send messages to the
registered middlewares for each event that could be of interest to them.
This commit is contained in:
Oliver Gugger 2021-08-12 16:07:24 +02:00
parent 75ca574790
commit efe5f6ae90
No known key found for this signature in database
GPG Key ID: 8E4256593F177720
10 changed files with 941 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lnd.go
View File

@ -352,7 +352,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, interceptor signal.Interceptor) error
// Create a new RPC interceptor that we'll add to the GRPC server. This
// will be used to log the API calls invoked on the GRPC server.
interceptorChain := rpcperms.NewInterceptorChain(
rpcsLog, cfg.NoMacaroons,
rpcsLog, cfg.NoMacaroons, cfg.RPCMiddleware.Mandatory,
)
if err := interceptorChain.Start(); err != nil {
return err
@ -582,6 +582,7 @@ func Main(cfg *Config, lisCfg ListenerCfg, interceptor signal.Interceptor) error
macaroonService, err = macaroons.NewService(
dbs.macaroonDB, "lnd", walletInitParams.StatelessInit,
macaroons.IPLockChecker,
macaroons.CustomChecker(interceptorChain),
)
if err != nil {
err := fmt.Errorf("unable to set up macaroon "+

146
lnrpc/lightning.pb.go
View File

@ -18328,7 +18328,7 @@ var file_lightning_proto_rawDesc = []byte{
0x45, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x45, 0x52, 0x52, 0x10, 0x03,
0x12, 0x24, 0x0a, 0x20, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x55,
0x52, 0x45, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x41, 0x4d,
0x45, 0x54, 0x45, 0x52, 0x10, 0x04, 0x32, 0xbf, 0x23, 0x0a, 0x09, 0x4c, 0x69, 0x67, 0x68, 0x74,
0x45, 0x54, 0x45, 0x52, 0x10, 0x04, 0x32, 0x97, 0x24, 0x0a, 0x09, 0x4c, 0x69, 0x67, 0x68, 0x74,
0x6e, 0x69, 0x6e, 0x67, 0x12, 0x4a, 0x0a, 0x0d, 0x57, 0x61, 0x6c, 0x6c, 0x65, 0x74, 0x42, 0x61,
0x6c, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x1b, 0x2e, 0x6c, 0x6e, 0x72, 0x70, 0x63, 0x2e, 0x57, 0x61,
0x6c, 0x6c, 0x65, 0x74, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
@ -18612,10 +18612,16 @@ var file_lightning_proto_rawDesc = []byte{
0x1a, 0x2e, 0x6c, 0x6e, 0x72, 0x70, 0x63, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x4d, 0x61, 0x63,
0x50, 0x65, 0x72, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x6c, 0x6e,
0x72, 0x70, 0x63, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x4d, 0x61, 0x63, 0x50, 0x65, 0x72, 0x6d,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x27, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68,
0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x6e, 0x69, 0x6e, 0x67,
0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2f, 0x6c, 0x6e, 0x64, 0x2f, 0x6c, 0x6e, 0x72, 0x70,
0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x56, 0x0a, 0x15, 0x52, 0x65, 0x67, 0x69,
0x73, 0x74, 0x65, 0x72, 0x52, 0x50, 0x43, 0x4d, 0x69, 0x64, 0x64, 0x6c, 0x65, 0x77, 0x61, 0x72,
0x65, 0x12, 0x1c, 0x2e, 0x6c, 0x6e, 0x72, 0x70, 0x63, 0x2e, 0x52, 0x50, 0x43, 0x4d, 0x69, 0x64,
0x64, 0x6c, 0x65, 0x77, 0x61, 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a,
0x1b, 0x2e, 0x6c, 0x6e, 0x72, 0x70, 0x63, 0x2e, 0x52, 0x50, 0x43, 0x4d, 0x69, 0x64, 0x64, 0x6c,
0x65, 0x77, 0x61, 0x72, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x28, 0x01, 0x30, 0x01,
0x42, 0x27, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c,
0x69, 0x67, 0x68, 0x74, 0x6e, 0x69, 0x6e, 0x67, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2f,
0x6c, 0x6e, 0x64, 0x2f, 0x6c, 0x6e, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x33,
}
var (
@ -19079,70 +19085,72 @@ var file_lightning_proto_depIdxs = []int32{
181, // 222: lnrpc.Lightning.DeleteMacaroonID:input_type -> lnrpc.DeleteMacaroonIDRequest
184, // 223: lnrpc.Lightning.ListPermissions:input_type -> lnrpc.ListPermissionsRequest
190, // 224: lnrpc.Lightning.CheckMacaroonPermissions:input_type -> lnrpc.CheckMacPermRequest
99, // 225: lnrpc.Lightning.WalletBalance:output_type -> lnrpc.WalletBalanceResponse
102, // 226: lnrpc.Lightning.ChannelBalance:output_type -> lnrpc.ChannelBalanceResponse
22, // 227: lnrpc.Lightning.GetTransactions:output_type -> lnrpc.TransactionDetails
33, // 228: lnrpc.Lightning.EstimateFee:output_type -> lnrpc.EstimateFeeResponse
37, // 229: lnrpc.Lightning.SendCoins:output_type -> lnrpc.SendCoinsResponse
39, // 230: lnrpc.Lightning.ListUnspent:output_type -> lnrpc.ListUnspentResponse
20, // 231: lnrpc.Lightning.SubscribeTransactions:output_type -> lnrpc.Transaction
35, // 232: lnrpc.Lightning.SendMany:output_type -> lnrpc.SendManyResponse
41, // 233: lnrpc.Lightning.NewAddress:output_type -> lnrpc.NewAddressResponse
43, // 234: lnrpc.Lightning.SignMessage:output_type -> lnrpc.SignMessageResponse
45, // 235: lnrpc.Lightning.VerifyMessage:output_type -> lnrpc.VerifyMessageResponse
47, // 236: lnrpc.Lightning.ConnectPeer:output_type -> lnrpc.ConnectPeerResponse
49, // 237: lnrpc.Lightning.DisconnectPeer:output_type -> lnrpc.DisconnectPeerResponse
62, // 238: lnrpc.Lightning.ListPeers:output_type -> lnrpc.ListPeersResponse
64, // 239: lnrpc.Lightning.SubscribePeerEvents:output_type -> lnrpc.PeerEvent
66, // 240: lnrpc.Lightning.GetInfo:output_type -> lnrpc.GetInfoResponse
68, // 241: lnrpc.Lightning.GetRecoveryInfo:output_type -> lnrpc.GetRecoveryInfoResponse
94, // 242: lnrpc.Lightning.PendingChannels:output_type -> lnrpc.PendingChannelsResponse
54, // 243: lnrpc.Lightning.ListChannels:output_type -> lnrpc.ListChannelsResponse
96, // 244: lnrpc.Lightning.SubscribeChannelEvents:output_type -> lnrpc.ChannelEventUpdate
58, // 245: lnrpc.Lightning.ClosedChannels:output_type -> lnrpc.ClosedChannelsResponse
29, // 246: lnrpc.Lightning.OpenChannelSync:output_type -> lnrpc.ChannelPoint
81, // 247: lnrpc.Lightning.OpenChannel:output_type -> lnrpc.OpenStatusUpdate
79, // 248: lnrpc.Lightning.BatchOpenChannel:output_type -> lnrpc.BatchOpenChannelResponse
91, // 249: lnrpc.Lightning.FundingStateStep:output_type -> lnrpc.FundingStateStepResp
27, // 250: lnrpc.Lightning.ChannelAcceptor:output_type -> lnrpc.ChannelAcceptRequest
74, // 251: lnrpc.Lightning.CloseChannel:output_type -> lnrpc.CloseStatusUpdate
151, // 252: lnrpc.Lightning.AbandonChannel:output_type -> lnrpc.AbandonChannelResponse
25, // 253: lnrpc.Lightning.SendPayment:output_type -> lnrpc.SendResponse
25, // 254: lnrpc.Lightning.SendPaymentSync:output_type -> lnrpc.SendResponse
25, // 255: lnrpc.Lightning.SendToRoute:output_type -> lnrpc.SendResponse
25, // 256: lnrpc.Lightning.SendToRouteSync:output_type -> lnrpc.SendResponse
137, // 257: lnrpc.Lightning.AddInvoice:output_type -> lnrpc.AddInvoiceResponse
140, // 258: lnrpc.Lightning.ListInvoices:output_type -> lnrpc.ListInvoiceResponse
134, // 259: lnrpc.Lightning.LookupInvoice:output_type -> lnrpc.Invoice
134, // 260: lnrpc.Lightning.SubscribeInvoices:output_type -> lnrpc.Invoice
155, // 261: lnrpc.Lightning.DecodePayReq:output_type -> lnrpc.PayReq
145, // 262: lnrpc.Lightning.ListPayments:output_type -> lnrpc.ListPaymentsResponse
148, // 263: lnrpc.Lightning.DeletePayment:output_type -> lnrpc.DeletePaymentResponse
149, // 264: lnrpc.Lightning.DeleteAllPayments:output_type -> lnrpc.DeleteAllPaymentsResponse
118, // 265: lnrpc.Lightning.DescribeGraph:output_type -> lnrpc.ChannelGraph
120, // 266: lnrpc.Lightning.GetNodeMetrics:output_type -> lnrpc.NodeMetricsResponse
116, // 267: lnrpc.Lightning.GetChanInfo:output_type -> lnrpc.ChannelEdge
112, // 268: lnrpc.Lightning.GetNodeInfo:output_type -> lnrpc.NodeInfo
106, // 269: lnrpc.Lightning.QueryRoutes:output_type -> lnrpc.QueryRoutesResponse
124, // 270: lnrpc.Lightning.GetNetworkInfo:output_type -> lnrpc.NetworkInfo
126, // 271: lnrpc.Lightning.StopDaemon:output_type -> lnrpc.StopResponse
128, // 272: lnrpc.Lightning.SubscribeChannelGraph:output_type -> lnrpc.GraphTopologyUpdate
153, // 273: lnrpc.Lightning.DebugLevel:output_type -> lnrpc.DebugLevelResponse
159, // 274: lnrpc.Lightning.FeeReport:output_type -> lnrpc.FeeReportResponse
162, // 275: lnrpc.Lightning.UpdateChannelPolicy:output_type -> lnrpc.PolicyUpdateResponse
165, // 276: lnrpc.Lightning.ForwardingHistory:output_type -> lnrpc.ForwardingHistoryResponse
167, // 277: lnrpc.Lightning.ExportChannelBackup:output_type -> lnrpc.ChannelBackup
170, // 278: lnrpc.Lightning.ExportAllChannelBackups:output_type -> lnrpc.ChanBackupSnapshot
175, // 279: lnrpc.Lightning.VerifyChanBackup:output_type -> lnrpc.VerifyChanBackupResponse
173, // 280: lnrpc.Lightning.RestoreChannelBackups:output_type -> lnrpc.RestoreBackupResponse
170, // 281: lnrpc.Lightning.SubscribeChannelBackups:output_type -> lnrpc.ChanBackupSnapshot
178, // 282: lnrpc.Lightning.BakeMacaroon:output_type -> lnrpc.BakeMacaroonResponse
180, // 283: lnrpc.Lightning.ListMacaroonIDs:output_type -> lnrpc.ListMacaroonIDsResponse
182, // 284: lnrpc.Lightning.DeleteMacaroonID:output_type -> lnrpc.DeleteMacaroonIDResponse
185, // 285: lnrpc.Lightning.ListPermissions:output_type -> lnrpc.ListPermissionsResponse
191, // 286: lnrpc.Lightning.CheckMacaroonPermissions:output_type -> lnrpc.CheckMacPermResponse
225, // [225:287] is the sub-list for method output_type
163, // [163:225] is the sub-list for method input_type
195, // 225: lnrpc.Lightning.RegisterRPCMiddleware:input_type -> lnrpc.RPCMiddlewareResponse
99, // 226: lnrpc.Lightning.WalletBalance:output_type -> lnrpc.WalletBalanceResponse
102, // 227: lnrpc.Lightning.ChannelBalance:output_type -> lnrpc.ChannelBalanceResponse
22, // 228: lnrpc.Lightning.GetTransactions:output_type -> lnrpc.TransactionDetails
33, // 229: lnrpc.Lightning.EstimateFee:output_type -> lnrpc.EstimateFeeResponse
37, // 230: lnrpc.Lightning.SendCoins:output_type -> lnrpc.SendCoinsResponse
39, // 231: lnrpc.Lightning.ListUnspent:output_type -> lnrpc.ListUnspentResponse
20, // 232: lnrpc.Lightning.SubscribeTransactions:output_type -> lnrpc.Transaction
35, // 233: lnrpc.Lightning.SendMany:output_type -> lnrpc.SendManyResponse
41, // 234: lnrpc.Lightning.NewAddress:output_type -> lnrpc.NewAddressResponse
43, // 235: lnrpc.Lightning.SignMessage:output_type -> lnrpc.SignMessageResponse
45, // 236: lnrpc.Lightning.VerifyMessage:output_type -> lnrpc.VerifyMessageResponse
47, // 237: lnrpc.Lightning.ConnectPeer:output_type -> lnrpc.ConnectPeerResponse
49, // 238: lnrpc.Lightning.DisconnectPeer:output_type -> lnrpc.DisconnectPeerResponse
62, // 239: lnrpc.Lightning.ListPeers:output_type -> lnrpc.ListPeersResponse
64, // 240: lnrpc.Lightning.SubscribePeerEvents:output_type -> lnrpc.PeerEvent
66, // 241: lnrpc.Lightning.GetInfo:output_type -> lnrpc.GetInfoResponse
68, // 242: lnrpc.Lightning.GetRecoveryInfo:output_type -> lnrpc.GetRecoveryInfoResponse
94, // 243: lnrpc.Lightning.PendingChannels:output_type -> lnrpc.PendingChannelsResponse
54, // 244: lnrpc.Lightning.ListChannels:output_type -> lnrpc.ListChannelsResponse
96, // 245: lnrpc.Lightning.SubscribeChannelEvents:output_type -> lnrpc.ChannelEventUpdate
58, // 246: lnrpc.Lightning.ClosedChannels:output_type -> lnrpc.ClosedChannelsResponse
29, // 247: lnrpc.Lightning.OpenChannelSync:output_type -> lnrpc.ChannelPoint
81, // 248: lnrpc.Lightning.OpenChannel:output_type -> lnrpc.OpenStatusUpdate
79, // 249: lnrpc.Lightning.BatchOpenChannel:output_type -> lnrpc.BatchOpenChannelResponse
91, // 250: lnrpc.Lightning.FundingStateStep:output_type -> lnrpc.FundingStateStepResp
27, // 251: lnrpc.Lightning.ChannelAcceptor:output_type -> lnrpc.ChannelAcceptRequest
74, // 252: lnrpc.Lightning.CloseChannel:output_type -> lnrpc.CloseStatusUpdate
151, // 253: lnrpc.Lightning.AbandonChannel:output_type -> lnrpc.AbandonChannelResponse
25, // 254: lnrpc.Lightning.SendPayment:output_type -> lnrpc.SendResponse
25, // 255: lnrpc.Lightning.SendPaymentSync:output_type -> lnrpc.SendResponse
25, // 256: lnrpc.Lightning.SendToRoute:output_type -> lnrpc.SendResponse
25, // 257: lnrpc.Lightning.SendToRouteSync:output_type -> lnrpc.SendResponse
137, // 258: lnrpc.Lightning.AddInvoice:output_type -> lnrpc.AddInvoiceResponse
140, // 259: lnrpc.Lightning.ListInvoices:output_type -> lnrpc.ListInvoiceResponse
134, // 260: lnrpc.Lightning.LookupInvoice:output_type -> lnrpc.Invoice
134, // 261: lnrpc.Lightning.SubscribeInvoices:output_type -> lnrpc.Invoice
155, // 262: lnrpc.Lightning.DecodePayReq:output_type -> lnrpc.PayReq
145, // 263: lnrpc.Lightning.ListPayments:output_type -> lnrpc.ListPaymentsResponse
148, // 264: lnrpc.Lightning.DeletePayment:output_type -> lnrpc.DeletePaymentResponse
149, // 265: lnrpc.Lightning.DeleteAllPayments:output_type -> lnrpc.DeleteAllPaymentsResponse
118, // 266: lnrpc.Lightning.DescribeGraph:output_type -> lnrpc.ChannelGraph
120, // 267: lnrpc.Lightning.GetNodeMetrics:output_type -> lnrpc.NodeMetricsResponse
116, // 268: lnrpc.Lightning.GetChanInfo:output_type -> lnrpc.ChannelEdge
112, // 269: lnrpc.Lightning.GetNodeInfo:output_type -> lnrpc.NodeInfo
106, // 270: lnrpc.Lightning.QueryRoutes:output_type -> lnrpc.QueryRoutesResponse
124, // 271: lnrpc.Lightning.GetNetworkInfo:output_type -> lnrpc.NetworkInfo
126, // 272: lnrpc.Lightning.StopDaemon:output_type -> lnrpc.StopResponse
128, // 273: lnrpc.Lightning.SubscribeChannelGraph:output_type -> lnrpc.GraphTopologyUpdate
153, // 274: lnrpc.Lightning.DebugLevel:output_type -> lnrpc.DebugLevelResponse
159, // 275: lnrpc.Lightning.FeeReport:output_type -> lnrpc.FeeReportResponse
162, // 276: lnrpc.Lightning.UpdateChannelPolicy:output_type -> lnrpc.PolicyUpdateResponse
165, // 277: lnrpc.Lightning.ForwardingHistory:output_type -> lnrpc.ForwardingHistoryResponse
167, // 278: lnrpc.Lightning.ExportChannelBackup:output_type -> lnrpc.ChannelBackup
170, // 279: lnrpc.Lightning.ExportAllChannelBackups:output_type -> lnrpc.ChanBackupSnapshot
175, // 280: lnrpc.Lightning.VerifyChanBackup:output_type -> lnrpc.VerifyChanBackupResponse
173, // 281: lnrpc.Lightning.RestoreChannelBackups:output_type -> lnrpc.RestoreBackupResponse
170, // 282: lnrpc.Lightning.SubscribeChannelBackups:output_type -> lnrpc.ChanBackupSnapshot
178, // 283: lnrpc.Lightning.BakeMacaroon:output_type -> lnrpc.BakeMacaroonResponse
180, // 284: lnrpc.Lightning.ListMacaroonIDs:output_type -> lnrpc.ListMacaroonIDsResponse
182, // 285: lnrpc.Lightning.DeleteMacaroonID:output_type -> lnrpc.DeleteMacaroonIDResponse
185, // 286: lnrpc.Lightning.ListPermissions:output_type -> lnrpc.ListPermissionsResponse
191, // 287: lnrpc.Lightning.CheckMacaroonPermissions:output_type -> lnrpc.CheckMacPermResponse
192, // 288: lnrpc.Lightning.RegisterRPCMiddleware:output_type -> lnrpc.RPCMiddlewareRequest
226, // [226:289] is the sub-list for method output_type
163, // [163:226] is the sub-list for method input_type
163, // [163:163] is the sub-list for extension type_name
163, // [163:163] is the sub-list for extension extendee
0, // [0:163] is the sub-list for field type_name

83
lnrpc/lightning.pb.gw.go
View File

@ -2251,6 +2251,58 @@ func local_request_Lightning_CheckMacaroonPermissions_0(ctx context.Context, mar
}
func request_Lightning_RegisterRPCMiddleware_0(ctx context.Context, marshaler runtime.Marshaler, client LightningClient, req *http.Request, pathParams map[string]string) (Lightning_RegisterRPCMiddlewareClient, runtime.ServerMetadata, error) {
var metadata runtime.ServerMetadata
stream, err := client.RegisterRPCMiddleware(ctx)
if err != nil {
grpclog.Infof("Failed to start streaming: %v", err)
return nil, metadata, err
}
dec := marshaler.NewDecoder(req.Body)
handleSend := func() error {
var protoReq RPCMiddlewareResponse
err := dec.Decode(&protoReq)
if err == io.EOF {
return err
}
if err != nil {
grpclog.Infof("Failed to decode request: %v", err)
return err
}
if err := stream.Send(&protoReq); err != nil {
grpclog.Infof("Failed to send request: %v", err)
return err
}
return nil
}
if err := handleSend(); err != nil {
if cerr := stream.CloseSend(); cerr != nil {
grpclog.Infof("Failed to terminate client stream: %v", cerr)
}
if err == io.EOF {
return stream, metadata, nil
}
return nil, metadata, err
}
go func() {
for {
if err := handleSend(); err != nil {
break
}
}
if err := stream.CloseSend(); err != nil {
grpclog.Infof("Failed to terminate client stream: %v", err)
}
}()
header, err := stream.Header()
if err != nil {
grpclog.Infof("Failed to get header from client: %v", err)
return nil, metadata, err
}
metadata.HeaderMD = header
return stream, metadata, nil
}
// RegisterLightningHandlerServer registers the http handlers for service Lightning to "mux".
// UnaryRPC :call LightningServer directly.
// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906.
@ -3500,6 +3552,13 @@ func RegisterLightningHandlerServer(ctx context.Context, mux *runtime.ServeMux,
})
mux.Handle("POST", pattern_Lightning_RegisterRPCMiddleware_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
err := status.Error(codes.Unimplemented, "streaming calls are not yet supported in the in-process transport")
_, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
})
return nil
}
@ -4761,6 +4820,26 @@ func RegisterLightningHandlerClient(ctx context.Context, mux *runtime.ServeMux,
})
mux.Handle("POST", pattern_Lightning_RegisterRPCMiddleware_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateContext(ctx, mux, req, "/lnrpc.Lightning/RegisterRPCMiddleware", runtime.WithHTTPPathPattern("/v1/middleware"))
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_Lightning_RegisterRPCMiddleware_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_Lightning_RegisterRPCMiddleware_0(ctx, mux, outboundMarshaler, w, req, func() (proto.Message, error) { return resp.Recv() }, mux.GetForwardResponseOptions()...)
})
return nil
}
@ -4886,6 +4965,8 @@ var (
pattern_Lightning_ListPermissions_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "macaroon", "permissions"}, ""))
pattern_Lightning_CheckMacaroonPermissions_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "macaroon", "checkpermissions"}, ""))
pattern_Lightning_RegisterRPCMiddleware_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "middleware"}, ""))
)
var (
@ -5010,4 +5091,6 @@ var (
forward_Lightning_ListPermissions_0 = runtime.ForwardResponseMessage
forward_Lightning_CheckMacaroonPermissions_0 = runtime.ForwardResponseMessage
forward_Lightning_RegisterRPCMiddleware_0 = runtime.ForwardResponseStream
)

17
lnrpc/lightning.proto
View File

@ -540,6 +540,23 @@ service Lightning {
*/
rpc CheckMacaroonPermissions (CheckMacPermRequest)
returns (CheckMacPermResponse);
/*
RegisterRPCMiddleware adds a new gRPC middleware to the interceptor chain. A
gRPC middleware is software component external to lnd that aims to add
additional business logic to lnd by observing/intercepting/validating
incoming gRPC client requests and (if needed) replacing/overwriting outgoing
messages before they're sent to the client. When registering the middleware
must identify itself and indicate what custom macaroon caveats it wants to
be responsible for. Only requests that contain a macaroon with that specific
custom caveat are then sent to the middleware for inspection. The other
option is to register for the read-only mode in which all requests/responses
are forwarded for interception to the middleware but the middleware is not
allowed to modify any responses. As a security measure, _no_ middleware can
modify responses for requests made with _unencumbered_ macaroons!
*/
rpc RegisterRPCMiddleware (stream RPCMiddlewareResponse)
returns (stream RPCMiddlewareRequest);
}
message Utxo {

158
lnrpc/lightning.swagger.json
View File

@ -1675,6 +1675,49 @@
]
}
},
"/v1/middleware": {
"post": {
"summary": "RegisterRPCMiddleware adds a new gRPC middleware to the interceptor chain. A\ngRPC middleware is software component external to lnd that aims to add\nadditional business logic to lnd by observing/intercepting/validating\nincoming gRPC client requests and (if needed) replacing/overwriting outgoing\nmessages before they're sent to the client. When registering the middleware\nmust identify itself and indicate what custom macaroon caveats it wants to\nbe responsible for. Only requests that contain a macaroon with that specific\ncustom caveat are then sent to the middleware for inspection. The other\noption is to register for the read-only mode in which all requests/responses\nare forwarded for interception to the middleware but the middleware is not\nallowed to modify any responses. As a security measure, _no_ middleware can\nmodify responses for requests made with _unencumbered_ macaroons!",
"operationId": "Lightning_RegisterRPCMiddleware",
"responses": {
"200": {
"description": "A successful response.(streaming responses)",
"schema": {
"type": "object",
"properties": {
"result": {
"$ref": "#/definitions/lnrpcRPCMiddlewareRequest"
},
"error": {
"$ref": "#/definitions/rpcStatus"
}
},
"title": "Stream result of lnrpcRPCMiddlewareRequest"
}
},
"default": {
"description": "An unexpected error response.",
"schema": {
"$ref": "#/definitions/rpcStatus"
}
}
},
"parameters": [
{
"name": "body",
"description": " (streaming inputs)",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/lnrpcRPCMiddlewareResponse"
}
}
],
"tags": [
"Lightning"
]
}
},
"/v1/newaddress": {
"get": {
"summary": "lncli: `newaddress`\nNewAddress creates a new address under control of the local wallet.",
@ -4479,6 +4522,24 @@
],
"default": "INITIATOR_UNKNOWN"
},
"lnrpcInterceptFeedback": {
"type": "object",
"properties": {
"error": {
"type": "string",
"description": "The error to return to the user. If this is non-empty, the incoming gRPC\nstream/request is aborted and the error is returned to the gRPC client. If\nthis value is empty, it means the middleware accepts the stream/request/\nresponse and the processing of it can continue."
},
"replace_response": {
"type": "boolean",
"description": "A boolean indicating that the gRPC response should be replaced/overwritten.\nAs its name suggests, this can only be used as a feedback to an intercepted\nresponse RPC message and is ignored for feedback on any other message. This\nboolean is needed because in protobuf an empty message is serialized as a\n0-length or nil byte slice and we wouldn't be able to distinguish between\nan empty replacement message and the \"don't replace anything\" case."
},
"replacement_serialized": {
"type": "string",
"format": "byte",
"description": "If the replace_response field is set to true, this field must contain the\nbinary serialized gRPC response message in the protobuf format."
}
}
},
"lnrpcInvoice": {
"type": "object",
"properties": {
@ -4903,6 +4964,23 @@
}
}
},
"lnrpcMiddlewareRegistration": {
"type": "object",
"properties": {
"middleware_name": {
"type": "string",
"description": "The name of the middleware to register. The name should be as informative\nas possible and is logged on registration."
},
"custom_macaroon_caveat_name": {
"type": "string",
"description": "The name of the custom macaroon caveat that this middleware is responsible\nfor. Only requests/responses that contain a macaroon with the registered\ncustom caveat are forwarded for interception to the middleware. The\nexception being the read-only mode: All requests/responses are forwarded to\na middleware that requests read-only access but such a middleware won't be\nallowed to _alter_ responses. As a security measure, _no_ middleware can\nchange responses to requests made with _unencumbered_ macaroons!\nNOTE: Cannot be used at the same time as read_only_mode."
},
"read_only_mode": {
"type": "boolean",
"description": "Instead of defining a custom macaroon caveat name a middleware can register\nitself for read-only access only. In that mode all requests/responses are\nforwarded to the middleware but the middleware isn't allowed to alter any of\nthe responses.\nNOTE: Cannot be used at the same time as custom_macaroon_caveat_name."
}
}
},
"lnrpcMultiChanBackup": {
"type": "object",
"properties": {
@ -5626,6 +5704,77 @@
}
}
},
"lnrpcRPCMessage": {
"type": "object",
"properties": {
"method_full_uri": {
"type": "string",
"description": "The full URI (in the format /\u003crpcpackage\u003e.\u003cServiceName\u003e/MethodName, for\nexample /lnrpc.Lightning/GetInfo) of the RPC method the message was sent\nto/from."
},
"stream_rpc": {
"type": "boolean",
"description": "Indicates whether the message was sent over a streaming RPC method or not."
},
"type_name": {
"type": "string",
"description": "The full canonical gRPC name of the message type (in the format\n\u003crpcpackage\u003e.TypeName, for example lnrpc.GetInfoRequest)."
},
"serialized": {
"type": "string",
"format": "byte",
"description": "The full content of the gRPC message, serialized in the binary protobuf\nformat."
}
}
},
"lnrpcRPCMiddlewareRequest": {
"type": "object",
"properties": {
"request_id": {
"type": "string",
"format": "uint64",
"description": "The unique ID of the intercepted request. Useful for mapping request to\nresponse when implementing full duplex message interception."
},
"raw_macaroon": {
"type": "string",
"format": "byte",
"description": "The raw bytes of the complete macaroon as sent by the gRPC client in the\noriginal request. This might be empty for a request that doesn't require\nmacaroons such as the wallet unlocker RPCs."
},
"custom_caveat_condition": {
"type": "string",
"title": "The parsed condition of the macaroon's custom caveat for convenient access.\nThis field only contains the value of the custom caveat that the handling\nmiddleware has registered itself for. The condition _must_ be validated for\nmessages of intercept_type stream_auth and request!"
},
"stream_auth": {
"$ref": "#/definitions/lnrpcStreamAuth",
"description": "Intercept stream authentication: each new streaming RPC call that is\ninitiated against lnd and contains the middleware's custom macaroon\ncaveat can be approved or denied based upon the macaroon in the stream\nheader. This message will only be sent for streaming RPCs, unary RPCs\nmust handle the macaroon authentication in the request interception to\navoid an additional message round trip between lnd and the middleware."
},
"request": {
"$ref": "#/definitions/lnrpcRPCMessage",
"description": "Intercept incoming gRPC client request message: all incoming messages,\nboth on streaming and unary RPCs, are forwarded to the middleware for\ninspection. For unary RPC messages the middleware is also expected to\nvalidate the custom macaroon caveat of the request."
},
"response": {
"$ref": "#/definitions/lnrpcRPCMessage",
"description": "Intercept outgoing gRPC response message: all outgoing messages, both on\nstreaming and unary RPCs, are forwarded to the middleware for inspection\nand amendment. The response in this message is the original response as\nit was generated by the main RPC server. It can either be accepted\n(=forwarded to the client), replaced/overwritten with a new message of\nthe same type, or replaced by an error message."
}
}
},
"lnrpcRPCMiddlewareResponse": {
"type": "object",
"properties": {
"request_id": {
"type": "string",
"format": "uint64",
"description": "The unique ID of the intercepted request that this response refers to. Must\nalways be set when giving feedback to an intercept but is ignored for the\ninitial registration message."
},
"register": {
"$ref": "#/definitions/lnrpcMiddlewareRegistration",
"title": "The registration message identifies the middleware that's being\nregistered in lnd. The registration message must be sent immediately\nafter initiating the RegisterRpcMiddleware stream, otherwise lnd will\ntime out the attempt and terminate the request. NOTE: The middleware\nwill only receive interception messages for requests that contain a\nmacaroon with the custom caveat that the middleware declares it is\nresponsible for handling in the registration message! As a security\nmeasure, _no_ middleware can intercept requests made with _unencumbered_\nmacaroons!"
},
"feedback": {
"$ref": "#/definitions/lnrpcInterceptFeedback",
"description": "The middleware received an interception request and gives feedback to\nit. The request_id indicates what message the feedback refers to."
}
}
},
"lnrpcReadyForPsbtFunding": {
"type": "object",
"properties": {
@ -6047,6 +6196,15 @@
"lnrpcStopResponse": {
"type": "object"
},
"lnrpcStreamAuth": {
"type": "object",
"properties": {
"method_full_uri": {
"type": "string",
"description": "The full URI (in the format /\u003crpcpackage\u003e.\u003cServiceName\u003e/MethodName, for\nexample /lnrpc.Lightning/GetInfo) of the streaming RPC method that was just\nestablished."
}
}
},
"lnrpcTimestampedError": {
"type": "object",
"properties": {

4
lnrpc/lightning.yaml
View File

@ -153,4 +153,6 @@ http:
- selector: lnrpc.Lightning.CheckMacaroonPermissions
post: "/v1/macaroon/checkpermissions"
body: "*"
- selector: lnrpc.Lightning.RegisterRPCMiddleware
post: "/v1/middleware"
body: "*"

94
lnrpc/lightning_grpc.pb.go
View File

@ -389,6 +389,20 @@ type LightningClient interface {
//imposed on the macaroon and that the macaroon is authorized to follow the
//provided permissions.
CheckMacaroonPermissions(ctx context.Context, in *CheckMacPermRequest, opts ...grpc.CallOption) (*CheckMacPermResponse, error)
//
//RegisterRPCMiddleware adds a new gRPC middleware to the interceptor chain. A
//gRPC middleware is software component external to lnd that aims to add
//additional business logic to lnd by observing/intercepting/validating
//incoming gRPC client requests and (if needed) replacing/overwriting outgoing
//messages before they're sent to the client. When registering the middleware
//must identify itself and indicate what custom macaroon caveats it wants to
//be responsible for. Only requests that contain a macaroon with that specific
//custom caveat are then sent to the middleware for inspection. The other
//option is to register for the read-only mode in which all requests/responses
//are forwarded for interception to the middleware but the middleware is not
//allowed to modify any responses. As a security measure, _no_ middleware can
//modify responses for requests made with _unencumbered_ macaroons!
RegisterRPCMiddleware(ctx context.Context, opts ...grpc.CallOption) (Lightning_RegisterRPCMiddlewareClient, error)
}
type lightningClient struct {
@ -1209,6 +1223,37 @@ func (c *lightningClient) CheckMacaroonPermissions(ctx context.Context, in *Chec
return out, nil
}
func (c *lightningClient) RegisterRPCMiddleware(ctx context.Context, opts ...grpc.CallOption) (Lightning_RegisterRPCMiddlewareClient, error) {
stream, err := c.cc.NewStream(ctx, &Lightning_ServiceDesc.Streams[11], "/lnrpc.Lightning/RegisterRPCMiddleware", opts...)
if err != nil {
return nil, err
}
x := &lightningRegisterRPCMiddlewareClient{stream}
return x, nil
}
type Lightning_RegisterRPCMiddlewareClient interface {
Send(*RPCMiddlewareResponse) error
Recv() (*RPCMiddlewareRequest, error)
grpc.ClientStream
}
type lightningRegisterRPCMiddlewareClient struct {
grpc.ClientStream
}
func (x *lightningRegisterRPCMiddlewareClient) Send(m *RPCMiddlewareResponse) error {
return x.ClientStream.SendMsg(m)
}
func (x *lightningRegisterRPCMiddlewareClient) Recv() (*RPCMiddlewareRequest, error) {
m := new(RPCMiddlewareRequest)
if err := x.ClientStream.RecvMsg(m); err != nil {
return nil, err
}
return m, nil
}
// LightningServer is the server API for Lightning service.
// All implementations must embed UnimplementedLightningServer
// for forward compatibility
@ -1584,6 +1629,20 @@ type LightningServer interface {
//imposed on the macaroon and that the macaroon is authorized to follow the
//provided permissions.
CheckMacaroonPermissions(context.Context, *CheckMacPermRequest) (*CheckMacPermResponse, error)
//
//RegisterRPCMiddleware adds a new gRPC middleware to the interceptor chain. A
//gRPC middleware is software component external to lnd that aims to add
//additional business logic to lnd by observing/intercepting/validating
//incoming gRPC client requests and (if needed) replacing/overwriting outgoing
//messages before they're sent to the client. When registering the middleware
//must identify itself and indicate what custom macaroon caveats it wants to
//be responsible for. Only requests that contain a macaroon with that specific
//custom caveat are then sent to the middleware for inspection. The other
//option is to register for the read-only mode in which all requests/responses
//are forwarded for interception to the middleware but the middleware is not
//allowed to modify any responses. As a security measure, _no_ middleware can
//modify responses for requests made with _unencumbered_ macaroons!
RegisterRPCMiddleware(Lightning_RegisterRPCMiddlewareServer) error
mustEmbedUnimplementedLightningServer()
}
@ -1777,6 +1836,9 @@ func (UnimplementedLightningServer) ListPermissions(context.Context, *ListPermis
func (UnimplementedLightningServer) CheckMacaroonPermissions(context.Context, *CheckMacPermRequest) (*CheckMacPermResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method CheckMacaroonPermissions not implemented")
}
func (UnimplementedLightningServer) RegisterRPCMiddleware(Lightning_RegisterRPCMiddlewareServer) error {
return status.Errorf(codes.Unimplemented, "method RegisterRPCMiddleware not implemented")
}
func (UnimplementedLightningServer) mustEmbedUnimplementedLightningServer() {}
// UnsafeLightningServer may be embedded to opt out of forward compatibility for this service.
@ -2954,6 +3016,32 @@ func _Lightning_CheckMacaroonPermissions_Handler(srv interface{}, ctx context.Co
return interceptor(ctx, in, info, handler)
}
func _Lightning_RegisterRPCMiddleware_Handler(srv interface{}, stream grpc.ServerStream) error {
return srv.(LightningServer).RegisterRPCMiddleware(&lightningRegisterRPCMiddlewareServer{stream})
}
type Lightning_RegisterRPCMiddlewareServer interface {
Send(*RPCMiddlewareRequest) error
Recv() (*RPCMiddlewareResponse, error)
grpc.ServerStream
}
type lightningRegisterRPCMiddlewareServer struct {
grpc.ServerStream
}
func (x *lightningRegisterRPCMiddlewareServer) Send(m *RPCMiddlewareRequest) error {
return x.ServerStream.SendMsg(m)
}
func (x *lightningRegisterRPCMiddlewareServer) Recv() (*RPCMiddlewareResponse, error) {
m := new(RPCMiddlewareResponse)
if err := x.ServerStream.RecvMsg(m); err != nil {
return nil, err
}
return m, nil
}
// Lightning_ServiceDesc is the grpc.ServiceDesc for Lightning service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
@ -3225,6 +3313,12 @@ var Lightning_ServiceDesc = grpc.ServiceDesc{
Handler: _Lightning_SubscribeChannelBackups_Handler,
ServerStreams: true,
},
{
StreamName: "RegisterRPCMiddleware",
Handler: _Lightning_RegisterRPCMiddleware_Handler,
ServerStreams: true,
ClientStreams: true,
},
},
Metadata: "lightning.proto",
}

7
lnrpc/rpc_utils.go
View File

@ -9,6 +9,13 @@ import (
"github.com/lightningnetwork/lnd/lnwallet"
)
const (
// RegisterRPCMiddlewareURI is the full RPC method URI for the
// middleware registration call. This is declared here rather than where
// it's mainly used to avoid circular package dependencies.
RegisterRPCMiddlewareURI = "/lnrpc.Lightning/RegisterRPCMiddleware"
)
// RPCTransactionDetails returns a set of rpc transaction details.
func RPCTransactionDetails(txns []*lnwallet.TransactionDetail) *TransactionDetails {
txDetails := &TransactionDetails{

408
rpcperms/interceptor.go
View File

@ -75,7 +75,12 @@ var (
"starting up, but not yet ready to accept calls")
// macaroonWhitelist defines methods that we don't require macaroons to
// access.
// access. We also allow these methods to be called even if not all
// mandatory middlewares are registered yet. If the wallet is locked
// then a middleware cannot register itself, creating an impossible
// situation. Also, a middleware might want to check the state of lnd
// by calling the State service before it registers itself. So we also
// need to exclude those calls from the mandatory middleware check.
macaroonWhitelist = map[string]struct{}{
// We allow all calls to the WalletUnlocker without macaroons.
"/lnrpc.WalletUnlocker/GenSeed": {},
@ -91,8 +96,43 @@ var (
)
// InterceptorChain is a struct that can be added to the running GRPC server,
// intercepting API calls. This is useful for logging, enforcing permissions
// etc.
// intercepting API calls. This is useful for logging, enforcing permissions,
// supporting middleware etc. The following diagram shows the order of each
// interceptor in the chain and when exactly requests/responses are intercepted
// and forwarded to external middleware for approval/modification. Middleware in
// general can only intercept gRPC requests/responses that are sent by the
// client with a macaroon that contains a custom caveat that is supported by one
// of the registered middlewares.
//
// |
// | gRPC request from client
// |
// +---v--------------------------------+
// | InterceptorChain |
// +-+----------------------------------+
// | Log Interceptor |
// +----------------------------------+
// | RPC State Interceptor |
// +----------------------------------+
// | Macaroon Interceptor |
// +----------------------------------+--------> +---------------------+
// | RPC Macaroon Middleware Handler |<-------- | External Middleware |
// +----------------------------------+ | - approve request |
// | Prometheus Interceptor | +---------------------+
// +-+--------------------------------+
// | validated gRPC request from client
// +---v--------------------------------+
// | main gRPC server |
// +---+--------------------------------+
// |
// | original gRPC request to client
// |
// +---v--------------------------------+--------> +---------------------+
// | RPC Macaroon Middleware Handler |<-------- | External Middleware |
// +---+--------------------------------+ | - modify response |
// | +---------------------+
// | edited gRPC request to client
// v
type InterceptorChain struct {
// Required by the grpc-gateway/v2 library for forward compatibility.
lnrpc.UnimplementedStateServer
@ -117,9 +157,22 @@ type InterceptorChain struct {
// permissionMap is the permissions to enforce if macaroons are used.
permissionMap map[string][]bakery.Op
// rpcsLog is the logger used to log calles to the RPCs intercepted.
// rpcsLog is the logger used to log calls to the RPCs intercepted.
rpcsLog btclog.Logger
// registeredMiddleware is a map of all macaroon permission based RPC
// middleware clients that are currently registered. The map is keyed
// by the middleware's name.
registeredMiddleware map[string]*MiddlewareHandler
// mandatoryMiddleware is a list of all middleware that is considered to
// be mandatory. If any of them is not registered then all RPC requests
// (except for the macaroon white listed methods and the middleware
// registration itself) are blocked. This is a security feature to make
// sure that requests can't just go through unobserved/unaudited if a
// middleware crashes.
mandatoryMiddleware []string
quit chan struct{}
sync.RWMutex
}
@ -129,14 +182,18 @@ type InterceptorChain struct {
var _ lnrpc.StateServer = (*InterceptorChain)(nil)
// NewInterceptorChain creates a new InterceptorChain.
func NewInterceptorChain(log btclog.Logger, noMacaroons bool) *InterceptorChain {
func NewInterceptorChain(log btclog.Logger, noMacaroons bool,
mandatoryMiddleware []string) *InterceptorChain {
return &InterceptorChain{
state: waitingToStart,
ntfnServer: subscribe.NewServer(),
noMacaroons: noMacaroons,
permissionMap: make(map[string][]bakery.Op),
rpcsLog: log,
quit: make(chan struct{}),
state: waitingToStart,
ntfnServer: subscribe.NewServer(),
noMacaroons: noMacaroons,
permissionMap: make(map[string][]bakery.Op),
rpcsLog: log,
registeredMiddleware: make(map[string]*MiddlewareHandler),
mandatoryMiddleware: mandatoryMiddleware,
quit: make(chan struct{}),
}
}
@ -241,7 +298,7 @@ func rpcStateToWalletState(state rpcState) (lnrpc.WalletState, error) {
// state will always be delivered immediately.
//
// NOTE: Part of the StateService interface.
func (r *InterceptorChain) SubscribeState(req *lnrpc.SubscribeStateRequest,
func (r *InterceptorChain) SubscribeState(_ *lnrpc.SubscribeStateRequest,
stream lnrpc.State_SubscribeStateServer) error {
sendStateUpdate := func(state rpcState) error {
@ -302,9 +359,9 @@ func (r *InterceptorChain) SubscribeState(req *lnrpc.SubscribeStateRequest,
}
}
// GetState returns he current wallet state.
// GetState returns the current wallet state.
func (r *InterceptorChain) GetState(_ context.Context,
req *lnrpc.GetStateRequest) (*lnrpc.GetStateResponse, error) {
_ *lnrpc.GetStateRequest) (*lnrpc.GetStateResponse, error) {
r.RLock()
state := r.state
@ -359,6 +416,78 @@ func (r *InterceptorChain) Permissions() map[string][]bakery.Op {
return c
}
// RegisterMiddleware registers a new middleware that will handle request/
// response interception for all RPC messages that are initiated with a custom
// macaroon caveat. The name of the custom caveat a middleware is handling is
// also its unique identifier. Only one middleware can be registered for each
// custom caveat.
func (r *InterceptorChain) RegisterMiddleware(mw *MiddlewareHandler) error {
r.Lock()
defer r.Unlock()
// The name of the middleware is the unique identifier.
registered, ok := r.registeredMiddleware[mw.middlewareName]
if ok {
return fmt.Errorf("a middleware with the name '%s' is already "+
"registered", registered.middlewareName)
}
// For now, we only want one middleware per custom caveat name. If we
// allowed multiple middlewares handling the same caveat there would be
// a need for extra call chaining logic, and they could overwrite each
// other's responses.
for name, middleware := range r.registeredMiddleware {
if middleware.customCaveatName == mw.customCaveatName {
return fmt.Errorf("a middleware is already registered "+
"for the custom caveat name '%s': %v",
mw.customCaveatName, name)
}
}
r.registeredMiddleware[mw.middlewareName] = mw
return nil
}
// RemoveMiddleware removes the middleware that handles the given custom caveat
// name.
func (r *InterceptorChain) RemoveMiddleware(middlewareName string) {
r.Lock()
defer r.Unlock()
log.Debugf("Removing middleware %s", middlewareName)
delete(r.registeredMiddleware, middlewareName)
}
// CustomCaveatSupported makes sure a middleware that handles the given custom
// caveat name is registered. If none is, an error is returned, signalling to
// the macaroon bakery and its validator to reject macaroons that have a custom
// caveat with that name.
//
// NOTE: This method is part of the macaroons.CustomCaveatAcceptor interface.
func (r *InterceptorChain) CustomCaveatSupported(customCaveatName string) error {
r.RLock()
defer r.RUnlock()
// We only accept requests with a custom caveat if we also have a
// middleware registered that handles that custom caveat. That is
// crucial for security! Otherwise a request with an encumbered (=has
// restricted permissions based upon the custom caveat condition)
// macaroon would not be validated against the limitations that the
// custom caveat implicate. Since the map is keyed by the _name_ of the
// middleware, we need to loop through all of them to see if one has
// the given custom macaroon caveat name.
for _, middleware := range r.registeredMiddleware {
if middleware.customCaveatName == customCaveatName {
return nil
}
}
return fmt.Errorf("cannot accept macaroon with custom caveat '%s', "+
"no middleware registered to handle it", customCaveatName)
}
// CreateServerOpts creates the GRPC server options that can be added to a GRPC
// server in order to add this InterceptorChain.
func (r *InterceptorChain) CreateServerOpts() []grpc.ServerOption {
@ -393,6 +522,15 @@ func (r *InterceptorChain) CreateServerOpts() []grpc.ServerOption {
strmInterceptors, r.MacaroonStreamServerInterceptor(),
)
// Next, we'll add the interceptors for our custom macaroon caveat based
// middleware.
unaryInterceptors = append(
unaryInterceptors, r.middlewareUnaryServerInterceptor(),
)
strmInterceptors = append(
strmInterceptors, r.middlewareStreamServerInterceptor(),
)
// Get interceptors for Prometheus to gather gRPC performance metrics.
// If monitoring is disabled, GetPromInterceptors() will return empty
// slices.
@ -614,3 +752,245 @@ func (r *InterceptorChain) rpcStateStreamServerInterceptor() grpc.StreamServerIn
return handler(srv, ss)
}
}
// middlewareUnaryServerInterceptor is a unary gRPC interceptor that intercepts
// all requests and responses that are sent with a macaroon containing a custom
// caveat condition that is handled by registered middleware.
func (r *InterceptorChain) middlewareUnaryServerInterceptor() grpc.UnaryServerInterceptor {
return func(ctx context.Context,
req interface{}, info *grpc.UnaryServerInfo,
handler grpc.UnaryHandler) (interface{}, error) {
// Make sure we don't allow any requests through if one of the
// mandatory middlewares is missing.
fullMethod := info.FullMethod
if err := r.checkMandatoryMiddleware(fullMethod); err != nil {
return nil, err
}
msg, err := NewMessageInterceptionRequest(
ctx, TypeRequest, false, info.FullMethod, req,
)
if err != nil {
return nil, err
}
err = r.acceptRequest(msg)
if err != nil {
return nil, err
}
resp, respErr := handler(ctx, req)
if respErr != nil {
return resp, respErr
}
return r.interceptResponse(ctx, false, info.FullMethod, resp)
}
}
// middlewareStreamServerInterceptor is a streaming gRPC interceptor that
// intercepts all requests and responses that are sent with a macaroon
// containing a custom caveat condition that is handled by registered
// middleware.
func (r *InterceptorChain) middlewareStreamServerInterceptor() grpc.StreamServerInterceptor {
return func(srv interface{},
ss grpc.ServerStream, info *grpc.StreamServerInfo,
handler grpc.StreamHandler) error {
// Don't intercept the interceptor itself which is a streaming
// RPC too!
fullMethod := info.FullMethod
if fullMethod == lnrpc.RegisterRPCMiddlewareURI {
return handler(srv, ss)
}
// Make sure we don't allow any requests through if one of the
// mandatory middlewares is missing. We add this check here to
// make sure the middleware registration itself can still be
// called.
if err := r.checkMandatoryMiddleware(fullMethod); err != nil {
return err
}
// To give the middleware a chance to accept or reject the
// establishment of the stream itself (and not only when the
// first message is sent on the stream), we send an intercept
// request for the stream auth now:
msg, err := NewStreamAuthInterceptionRequest(
ss.Context(), info.FullMethod,
)
if err != nil {
return err
}
err = r.acceptRequest(msg)
if err != nil {
return err
}
wrappedSS := &serverStreamWrapper{
ServerStream: ss,
fullMethod: info.FullMethod,
interceptor: r,
}
return handler(srv, wrappedSS)
}
}
// checkMandatoryMiddleware makes sure that each of the middlewares declared as
// mandatory is currently registered.
func (r *InterceptorChain) checkMandatoryMiddleware(fullMethod string) error {
r.RLock()
defer r.RUnlock()
// Allow calls that are whitelisted for macaroons as well, otherwise we
// get into impossible situations where the wallet is locked but the
// unlock call is denied because the middleware isn't registered. But
// the middleware cannot register itself because the wallet is locked.
if _, ok := macaroonWhitelist[fullMethod]; ok {
return nil
}
// Not a white listed call so make sure every mandatory middleware is
// currently connected to lnd.
for _, name := range r.mandatoryMiddleware {
if _, ok := r.registeredMiddleware[name]; !ok {
return fmt.Errorf("mandatory middleware '%s' is "+
"currently not registered, not allowing any "+
"RPC calls", name)
}
}
return nil
}
// acceptRequest sends an intercept request to all middlewares that have
// registered for it. This means either a middleware has requested read-only
// access or the request actually has a macaroon which a caveat the middleware
// registered for.
func (r *InterceptorChain) acceptRequest(msg *InterceptionRequest) error {
r.RLock()
defer r.RUnlock()
for _, middleware := range r.registeredMiddleware {
// If there is a custom caveat in the macaroon, make sure the
// middleware registered for it. Or if a middleware registered
// for read-only mode, it also gets the request.
hasCustomCaveat := macaroons.HasCustomCaveat(
msg.Macaroon, middleware.customCaveatName,
)
if !hasCustomCaveat && !middleware.readOnly {
continue
}
resp, err := middleware.intercept(msg)
// Error during interception itself.
if err != nil {
return err
}
// Error returned from middleware client.
if resp.err != nil {
return resp.err
}
}
return nil
}
// interceptResponse sends out an intercept request for an RPC response. Since
// middleware that hasn't registered for the read-only mode has the option to
// overwrite/replace the response, this needs to be handled differently than the
// request/auth path above.
func (r *InterceptorChain) interceptResponse(ctx context.Context,
isStream bool, fullMethod string, m interface{}) (interface{}, error) {
r.RLock()
defer r.RUnlock()
currentMessage := m
for _, middleware := range r.registeredMiddleware {
msg, err := NewMessageInterceptionRequest(
ctx, TypeResponse, isStream, fullMethod, currentMessage,
)
if err != nil {
return nil, err
}
// If there is a custom caveat in the macaroon, make sure the
// middleware registered for it. Or if a middleware registered
// for read-only mode, it also gets the request.
hasCustomCaveat := macaroons.HasCustomCaveat(
msg.Macaroon, middleware.customCaveatName,
)
if !hasCustomCaveat && !middleware.readOnly {
continue
}
resp, err := middleware.intercept(msg)
// Error during interception itself.
if err != nil {
return nil, err
}
// Error returned from middleware client.
if resp.err != nil {
return nil, resp.err
}
// The message was replaced, make sure the next middleware in
// line receives the updated message.
if !middleware.readOnly && resp.replace {
currentMessage = resp.replacement
}
}
return currentMessage, nil
}
// serverStreamWrapper is a struct that wraps a server stream in a way that all
// requests and responses can be intercepted individually.
type serverStreamWrapper struct {
// ServerStream is the stream that's being wrapped.
grpc.ServerStream
fullMethod string
interceptor *InterceptorChain
}
// SendMsg is called when lnd sends a message to the client. This is wrapped to
// intercept streaming RPC responses.
func (w *serverStreamWrapper) SendMsg(m interface{}) error {
newMsg, err := w.interceptor.interceptResponse(
w.ServerStream.Context(), true, w.fullMethod, m,
)
if err != nil {
return err
}
return w.ServerStream.SendMsg(newMsg)
}
// RecvMsg is called when lnd wants to receive a message from the client. This
// is wrapped to intercept streaming RPC requests.
func (w *serverStreamWrapper) RecvMsg(m interface{}) error {
err := w.ServerStream.RecvMsg(m)
if err != nil {
return err
}
msg, err := NewMessageInterceptionRequest(
w.ServerStream.Context(), TypeRequest, true, w.fullMethod,
m,
)
if err != nil {
return err
}
return w.interceptor.acceptRequest(msg)
}

106
rpcserver.go
View File

@ -528,6 +528,10 @@ func MainRPCServerPermissions() map[string][]bakery.Op {
Entity: "offchain",
Action: "write",
}},
lnrpc.RegisterRPCMiddlewareURI: {{
Entity: "macaroon",
Action: "write",
}},
}
}
@ -7163,3 +7167,105 @@ func (r *rpcServer) FundingStateStep(ctx context.Context,
// current state?
return &lnrpc.FundingStateStepResp{}, nil
}
// RegisterRPCMiddleware adds a new gRPC middleware to the interceptor chain. A
// gRPC middleware is software component external to lnd that aims to add
// additional business logic to lnd by observing/intercepting/validating
// incoming gRPC client requests and (if needed) replacing/overwriting outgoing
// messages before they're sent to the client. When registering the middleware
// must identify itself and indicate what custom macaroon caveats it wants to
// be responsible for. Only requests that contain a macaroon with that specific
// custom caveat are then sent to the middleware for inspection. As a security
// measure, _no_ middleware can intercept requests made with _unencumbered_
// macaroons!
func (r *rpcServer) RegisterRPCMiddleware(
stream lnrpc.Lightning_RegisterRPCMiddlewareServer) error {
// This is a security critical functionality and needs to be enabled
// specifically by the user.
if !r.cfg.RPCMiddleware.Enable {
return fmt.Errorf("RPC middleware not enabled in config")
}
// When registering a middleware the first message being sent from the
// middleware must be a registration message containing its name and the
// custom caveat it wants to register for.
var (
registerChan = make(chan *lnrpc.MiddlewareRegistration, 1)
errChan = make(chan error, 1)
)
ctxc, cancel := context.WithTimeout(
stream.Context(), r.cfg.RPCMiddleware.InterceptTimeout,
)
defer cancel()
// Read the first message in a goroutine because the Recv method blocks
// until the message arrives.
go func() {
msg, err := stream.Recv()
if err != nil {
errChan <- err
return
}
registerChan <- msg.GetRegister()
}()
// Wait for the initial message to arrive or time out if it takes too
// long.
var registerMsg *lnrpc.MiddlewareRegistration
select {
case registerMsg = <-registerChan:
if registerMsg == nil {
return fmt.Errorf("invalid initial middleware " +
"registration message")
}
case err := <-errChan:
return fmt.Errorf("error receiving initial middleware "+
"registration message: %v", err)
case <-ctxc.Done():
return ctxc.Err()
case <-r.quit:
return ErrServerShuttingDown
}
// Make sure the registration is valid.
const nameMinLength = 5
if len(registerMsg.MiddlewareName) < nameMinLength {
return fmt.Errorf("invalid middleware name, use descriptive "+
"name of at least %d characters", nameMinLength)
}
readOnly := registerMsg.ReadOnlyMode
caveatName := registerMsg.CustomMacaroonCaveatName
switch {
case readOnly && len(caveatName) > 0:
return fmt.Errorf("cannot set read-only and custom caveat " +
"name at the same time")
case !readOnly && len(caveatName) < nameMinLength:
return fmt.Errorf("need to set either custom caveat name "+
"of at least %d characters or read-only mode",
nameMinLength)
}
middleware := rpcperms.NewMiddlewareHandler(
registerMsg.MiddlewareName,
caveatName, readOnly, stream.Recv, stream.Send,
r.cfg.RPCMiddleware.InterceptTimeout,
r.cfg.ActiveNetParams.Params, r.quit,
)
// Add the RPC middleware to the interceptor chain and defer its
// removal.
if err := r.interceptorChain.RegisterMiddleware(middleware); err != nil {
return fmt.Errorf("error registering middleware: %v", err)
}
defer r.interceptorChain.RemoveMiddleware(registerMsg.MiddlewareName)
return middleware.Run()
}