multi: allow LND and subserver whitelisted calls

lightninglabs / lightning-terminal

Lightning Terminal: Your Home for Lightning Liquidity

MIT License

487 stars 82 forks source link

multi: allow LND and subserver whitelisted calls #617

Closed ellemouton closed 10 months ago

ellemouton commented 11 months ago

This PR does a few things:

Ensures that Lit register's LND's State server to it's REST server
Allow LND's & Lit's and all Lit's subserver's whitelisted endpoints to pass through without requiring a macaroon

jamaljsr commented 11 months ago

When integrating with tapd's universe stats HTTP endpoints, I ran into an issue with litd requiring a macaroon for whitelisted RPCs.

Can this be addressed in this PR or should I open a separate issue?

ellemouton commented 11 months ago

ah! great catch @jamaljsr ! Yeah I think it defs makes sense to add that in this PR. Will do asap 👍

ellemouton commented 11 months ago

@guggero - apologies, im re-requesting your review cause quite a bit has changed now so that whitelisted calls from other sub-servers are also taken into account

ellemouton commented 10 months ago

Thanks @guggero 🎉 updated!

lightninglabs-deploy commented 10 months ago

@viktortigerstrom: review reminder

ellemouton commented 10 months ago

Just for clarification, I just want to verify as well that it's intentional that the LightningTerminal.Permissions function won't include any whitelisted urls, as will happen with this PR. That's intended behaviour, correct? I'm asking because I'm not 100% what "permissions for which the external validator of the terminal is responsible." really entails.

As far as I can see, LightningTerminal.Permissions() calls perms.Manager.GetLitPerms() which returns everything in fixedPerms. If a Lit itself has whitelist perms, these will be added to fixedPerms in the NewManager function. Then, if any subserver registers whitelist URLs via RegisterSubServer, then these will also be added to fixedPerms. So Lightning.Permissions right now will include the whiltelist calls. Or am I misunderstanding?

ViktorTigerstrom commented 10 months ago

As far as I can see, LightningTerminal.Permissions() calls perms.Manager.GetLitPerms() which returns everything in fixedPerms.

Ah wait, I realised that I was confused sorry. I interpreted yesterday that GetLitPerms looped over the specific []bakery.Op list for an url to add it to result, which would have resulted in whitelisted urls not getting added as a url is whitelisted by having an empty []bakery.Op list. But I see now that GetLitPerms loops over the outer map[string][]bakery.Op, which should mean that the specific url does indeed get added with an empty []bakery.Op as the result.

Sorry for the confusion :).