Closed ellemouton closed 10 months ago
When integrating with tapd
's universe stats HTTP endpoints, I ran into an issue with litd
requiring a macaroon for whitelisted RPCs.
Can this be addressed in this PR or should I open a separate issue?
ah! great catch @jamaljsr ! Yeah I think it defs makes sense to add that in this PR. Will do asap 👍
@guggero - apologies, im re-requesting your review cause quite a bit has changed now so that whitelisted calls from other sub-servers are also taken into account
Thanks @guggero 🎉 updated!
@viktortigerstrom: review reminder
Just for clarification, I just want to verify as well that it's intentional that the LightningTerminal.Permissions function won't include any whitelisted urls, as will happen with this PR. That's intended behaviour, correct? I'm asking because I'm not 100% what "permissions for which the external validator of the terminal is responsible." really entails.
As far as I can see, LightningTerminal.Permissions()
calls perms.Manager.GetLitPerms()
which returns everything in fixedPerms
. If a Lit itself has whitelist perms, these will be added to fixedPerms
in the NewManager
function. Then, if any subserver registers whitelist URLs via RegisterSubServer
, then these will also be added to fixedPerms
. So Lightning.Permissions
right now will include the whiltelist calls. Or am I misunderstanding?
As far as I can see,
LightningTerminal.Permissions()
callsperms.Manager.GetLitPerms()
which returns everything infixedPerms
.
Ah wait, I realised that I was confused sorry. I interpreted yesterday that GetLitPerms
looped over the specific []bakery.Op
list for an url to add it to result
, which would have resulted in whitelisted urls not getting added as a url is whitelisted by having an empty []bakery.Op
list.
But I see now that GetLitPerms
loops over the outer map[string][]bakery.Op
, which should mean that the specific url does indeed get added with an empty []bakery.Op
as the result.
Sorry for the confusion :).
This PR does a few things: