mirror of
https://github.com/lightningnetwork/lnd.git
synced 2025-11-19 18:48:03 +01:00
75ca574790
With this commit we introduce the concept of RPC middleware: A mechanism similar to the existing channel or HTLC interceptors but this time for gRPC messages themselves. An RPC middleware can register itself to the main RPC server to get notified each time a new gRPC request comes in, a gRPC response is sent back or a streaming RPC is connected. The middleware can validate/inspect incoming requests and modify/overwrite outgoing responses. Since this also opens the door for malicious software to interfere with lnd in a negative way, we bind everything to macaroons with custom caveat conditions: A middleware declares upon registration which custom caveat name it can handle. Only client requests that send a macaroon with that custom caveat will then be given to the middleware for inspection. The only exception is if the middleware instead registers to use the read-only mode. In that mode it will be able to intercept all requests/responses, even those not made with a special encumbered macaroon. But the middleware won't be able to alter responses in the read-only mode. Therefore requests with the default, unencumbered macaroons can never be modified by any middleware.
15 KiB
15 KiB