From 92d4aa0e06d643dca8b64d2c1ab18bd91a14d41b Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Tue, 14 Jun 2022 15:06:04 +0200 Subject: [PATCH] multi: move RequiredPermissions to dedicated dir This commit moves the RequiredPermissions map to its own directory so that projects importing the permissions list dont need to import all the dependencies of the pool package. --- macaroons.go | 134 ------------------------------------------------- perms/perms.go | 133 ++++++++++++++++++++++++++++++++++++++++++++++++ server.go | 6 ++- 3 files changed, 137 insertions(+), 136 deletions(-) create mode 100644 perms/perms.go diff --git a/macaroons.go b/macaroons.go index 7511332ab..486ec50a6 100644 --- a/macaroons.go +++ b/macaroons.go @@ -1,9 +1,5 @@ package pool -import ( - "gopkg.in/macaroon-bakery.v2/bakery" -) - const ( // poolMacaroonLocation is the value we use for the pool macaroons' // "Location" field when baking them. @@ -11,136 +7,6 @@ const ( ) var ( - // RequiredPermissions is a map of all pool RPC methods and their - // required macaroon permissions to access poold. - RequiredPermissions = map[string][]bakery.Op{ - "/poolrpc.Trader/GetInfo": {{ - Entity: "account", - Action: "read", - }, { - Entity: "order", - Action: "read", - }, { - Entity: "auction", - Action: "read", - }, { - Entity: "auth", - Action: "read", - }}, - "/poolrpc.Trader/StopDaemon": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/QuoteAccount": {{ - Entity: "account", - Action: "read", - }}, - "/poolrpc.Trader/InitAccount": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/ListAccounts": {{ - Entity: "account", - Action: "read", - }}, - "/poolrpc.Trader/CloseAccount": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/WithdrawAccount": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/DepositAccount": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/RenewAccount": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/BumpAccountFee": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/RecoverAccounts": {{ - Entity: "account", - Action: "write", - }}, - "/poolrpc.Trader/SubmitOrder": {{ - Entity: "order", - Action: "write", - }}, - "/poolrpc.Trader/ListOrders": {{ - Entity: "order", - Action: "read", - }}, - "/poolrpc.Trader/CancelOrder": {{ - Entity: "order", - Action: "write", - }}, - "/poolrpc.Trader/QuoteOrder": {{ - Entity: "order", - Action: "read", - }}, - "/poolrpc.Trader/AuctionFee": {{ - Entity: "auction", - Action: "read", - }}, - "/poolrpc.Trader/Leases": {{ - Entity: "auction", - Action: "read", - }}, - "/poolrpc.Trader/BatchSnapshot": {{ - Entity: "auction", - Action: "read", - }}, - "/poolrpc.Trader/GetLsatTokens": {{ - Entity: "auth", - Action: "read", - }}, - "/poolrpc.Trader/LeaseDurations": {{ - Entity: "auction", - Action: "read", - }}, - "/poolrpc.Trader/NextBatchInfo": {{ - Entity: "auction", - Action: "read", - }}, - "/poolrpc.Trader/NodeRatings": {{ - Entity: "auction", - Action: "read", - }}, - "/poolrpc.Trader/BatchSnapshots": {{ - Entity: "auction", - Action: "read", - }}, - "/poolrpc.Trader/OfferSidecar": {{ - Entity: "order", - Action: "write", - }}, - "/poolrpc.Trader/RegisterSidecar": {{ - Entity: "order", - Action: "write", - }}, - "/poolrpc.Trader/ExpectSidecarChannel": {{ - Entity: "order", - Action: "write", - }}, - "/poolrpc.Trader/DecodeSidecarTicket": {{ - Entity: "order", - Action: "read", - }}, - "/poolrpc.Trader/ListSidecars": {{ - Entity: "order", - Action: "read", - }}, - "/poolrpc.Trader/CancelSidecar": {{ - Entity: "order", - Action: "write", - }}, - } - // macDbDefaultPw is the default encryption password used to encrypt the // pool macaroon database. The macaroon service requires us to set a // non-nil password so we set it to an empty string. This will cause the diff --git a/perms/perms.go b/perms/perms.go new file mode 100644 index 000000000..6886efbb4 --- /dev/null +++ b/perms/perms.go @@ -0,0 +1,133 @@ +package perms + +import "gopkg.in/macaroon-bakery.v2/bakery" + +// RequiredPermissions is a map of all pool RPC methods and their required +// macaroon permissions to access poold. +var RequiredPermissions = map[string][]bakery.Op{ + "/poolrpc.Trader/GetInfo": {{ + Entity: "account", + Action: "read", + }, { + Entity: "order", + Action: "read", + }, { + Entity: "auction", + Action: "read", + }, { + Entity: "auth", + Action: "read", + }}, + "/poolrpc.Trader/StopDaemon": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/QuoteAccount": {{ + Entity: "account", + Action: "read", + }}, + "/poolrpc.Trader/InitAccount": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/ListAccounts": {{ + Entity: "account", + Action: "read", + }}, + "/poolrpc.Trader/CloseAccount": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/WithdrawAccount": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/DepositAccount": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/RenewAccount": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/BumpAccountFee": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/RecoverAccounts": {{ + Entity: "account", + Action: "write", + }}, + "/poolrpc.Trader/SubmitOrder": {{ + Entity: "order", + Action: "write", + }}, + "/poolrpc.Trader/ListOrders": {{ + Entity: "order", + Action: "read", + }}, + "/poolrpc.Trader/CancelOrder": {{ + Entity: "order", + Action: "write", + }}, + "/poolrpc.Trader/QuoteOrder": {{ + Entity: "order", + Action: "read", + }}, + "/poolrpc.Trader/AuctionFee": {{ + Entity: "auction", + Action: "read", + }}, + "/poolrpc.Trader/Leases": {{ + Entity: "auction", + Action: "read", + }}, + "/poolrpc.Trader/BatchSnapshot": {{ + Entity: "auction", + Action: "read", + }}, + "/poolrpc.Trader/GetLsatTokens": {{ + Entity: "auth", + Action: "read", + }}, + "/poolrpc.Trader/LeaseDurations": {{ + Entity: "auction", + Action: "read", + }}, + "/poolrpc.Trader/NextBatchInfo": {{ + Entity: "auction", + Action: "read", + }}, + "/poolrpc.Trader/NodeRatings": {{ + Entity: "auction", + Action: "read", + }}, + "/poolrpc.Trader/BatchSnapshots": {{ + Entity: "auction", + Action: "read", + }}, + "/poolrpc.Trader/OfferSidecar": {{ + Entity: "order", + Action: "write", + }}, + "/poolrpc.Trader/RegisterSidecar": {{ + Entity: "order", + Action: "write", + }}, + "/poolrpc.Trader/ExpectSidecarChannel": {{ + Entity: "order", + Action: "write", + }}, + "/poolrpc.Trader/DecodeSidecarTicket": {{ + Entity: "order", + Action: "read", + }}, + "/poolrpc.Trader/ListSidecars": {{ + Entity: "order", + Action: "read", + }}, + "/poolrpc.Trader/CancelSidecar": {{ + Entity: "order", + Action: "write", + }}, +} diff --git a/server.go b/server.go index eb4bb0bef..85af4b4b3 100644 --- a/server.go +++ b/server.go @@ -14,6 +14,8 @@ import ( "sync" "sync/atomic" + "github.com/lightninglabs/pool/perms" + "github.com/btcsuite/btcd/btcec/v2" proxy "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" "github.com/lightninglabs/aperture/lsat" @@ -163,7 +165,7 @@ func (s *Server) Start() error { Checkers: []macaroons.Checker{ macaroons.IPLockChecker, }, - RequiredPerms: RequiredPermissions, + RequiredPerms: perms.RequiredPermissions, DBPassword: macDbDefaultPw, LndClient: &s.lndServices.LndServices, EphemeralKey: lndclient.SharedKeyNUMS, @@ -378,7 +380,7 @@ func (s *Server) StartAsSubserver(lndClient lnrpc.LightningClient, Checkers: []macaroons.Checker{ macaroons.IPLockChecker, }, - RequiredPerms: RequiredPermissions, + RequiredPerms: perms.RequiredPermissions, DBPassword: macDbDefaultPw, LndClient: &s.lndServices.LndServices, EphemeralKey: lndclient.SharedKeyNUMS,