mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-01-19 05:44:12 +01:00
Code Issues Projects Releases Wiki Activity

docs: document all the rune commands which look like the now-deprecated commando ones.

Browse Source 
Rune functionality moved into core from commando plugin.

Changelog-Added: JSON-RPC: `checkrune`: check rune validity for authorization; `createrune` to create/modify rune; `listrunes` to list existing runes; `blacklistrune` to revoke permission of rune

Changelog-Deprecated: JSON-RPC: `commando-rune`, `commando-listrunes` and `commando-blacklist`.

No-schema-diff-check
This commit is contained in:
Rusty Russell 2023-07-21 10:55:45 +09:30
parent 4d16b220c2
commit d492c74e3d
17 changed files with 648 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/Makefile
View File

@ -18,8 +18,10 @@ MANPAGES := doc/lightning-cli.1 \
doc/lightning-bkpr-listaccountevents.7 \
doc/lightning-bkpr-listbalances.7 \
doc/lightning-bkpr-listincome.7 \
doc/lightning-blacklistrune.7 \
doc/lightning-check.7 \
doc/lightning-checkmessage.7 \
doc/lightning-checkrune.7 \
doc/lightning-close.7 \
doc/lightning-connect.7 \
doc/lightning-commando.7 \
@ -28,6 +30,7 @@ MANPAGES := doc/lightning-cli.1 \
doc/lightning-commando-rune.7 \
doc/lightning-createonion.7 \
doc/lightning-createinvoice.7 \
doc/lightning-createrune.7 \
doc/lightning-datastore.7 \
doc/lightning-decodepay.7 \
doc/lightning-decode.7 \
@ -65,6 +68,7 @@ MANPAGES := doc/lightning-cli.1 \
doc/lightning-listpays.7 \
doc/lightning-listpeers.7 \
doc/lightning-listpeerchannels.7 \
doc/lightning-listrunes.7 \
doc/lightning-listsendpays.7 \
doc/lightning-makesecret.7 \
doc/lightning-multifundchannel.7 \

4
doc/index.rst
View File

@ -40,8 +40,10 @@ Core Lightning Documentation
lightning-bkpr-listaccountevents <lightning-bkpr-listaccountevents.7.md>
lightning-bkpr-listbalances <lightning-bkpr-listbalances.7.md>
lightning-bkpr-listincome <lightning-bkpr-listincome.7.md>
lightning-blacklistrune <lightning-blacklistrune.7.md>
lightning-check <lightning-check.7.md>
lightning-checkmessage <lightning-checkmessage.7.md>
lightning-checkrune <lightning-checkrune.7.md>
lightning-cli <lightning-cli.1.md>
lightning-close <lightning-close.7.md>
lightning-commando-blacklist <lightning-commando-blacklist.7.md>
@ -51,6 +53,7 @@ Core Lightning Documentation
lightning-connect <lightning-connect.7.md>
lightning-createinvoice <lightning-createinvoice.7.md>
lightning-createonion <lightning-createonion.7.md>
lightning-createrune <lightning-createrune.7.md>
lightning-datastore <lightning-datastore.7.md>
lightning-decode <lightning-decode.7.md>
lightning-decodepay <lightning-decodepay.7.md>
@ -93,6 +96,7 @@ Core Lightning Documentation
lightning-listpays <lightning-listpays.7.md>
lightning-listpeerchannels <lightning-listpeerchannels.7.md>
lightning-listpeers <lightning-listpeers.7.md>
lightning-listrunes <lightning-listrunes.7.md>
lightning-listsendpays <lightning-listsendpays.7.md>
lightning-listsqlschemas <lightning-listsqlschemas.7.md>
lightning-listtransactions <lightning-listtransactions.7.md>

42
doc/lightning-blacklistrune.7.md Normal file
View File

@ -0,0 +1,42 @@
lightning-blacklistrune -- Command to prevent a rune from working
==============================================================
SYNOPSIS
--------
**blacklistrune** [*start* [*end*]]
DESCRIPTION
-----------
The **blacklistrune** RPC command allows you to effectively revoke the rune you have created (and any runes derived from that rune with additional restictions). Attempting to use these runes will be resulted in a `Blacklisted rune` error message.
All runes created by lightning have a unique sequential id within them and can be blacklisted in ranges for efficiency. The command always returns the blacklisted ranges on success. If no parameters are specified, no changes have been made. If start specified without end, that single rune is blacklisted. If end is also specified, every rune from start till end inclusive is blacklisted.
RETURN VALUE
------------
[comment]: # (GENERATE-FROM-SCHEMA-START)
On success, an object containing **blacklist** is returned. It is an array of objects, where each object contains:
- **start** (u64): Unique id of first rune in this blacklist range
- **end** (u64): Unique id of last rune in this blacklist range
[comment]: # (GENERATE-FROM-SCHEMA-END)
AUTHOR
------
Shahana Farooqui <<sfarooqui@blockstream.com>> is mainly responsible.
SEE ALSO
--------
lightning-commando-blacklist(7), lightning-listrunes(7)
RESOURCES
---------
Main web site: <https://github.com/ElementsProject/lightning>
[comment]: # ( SHA256STAMP:a165eb0086559c67fd2992bd736450fc5cb60d5607b94b095782e5c43b945e66)

41
doc/lightning-checkrune.7.md Normal file
View File

@ -0,0 +1,41 @@
lightning-checkrune -- Command to Validate Rune
================================================
SYNOPSIS
--------
**checkrune** [*nodeid*], [*rune*], [*method*] [*params*]
DESCRIPTION
-----------
The **checkrune** RPC command checks the validity/authorization rights of specified rune for the given nodeid, method, and params.
It will return {valid: true} if the rune is authorized otherwise returns error message.
RETURN VALUE
------------
[comment]: # (GENERATE-FROM-SCHEMA-START)
On success, an object is returned, containing:
- **valid** (boolean): true if the rune is valid
[comment]: # (GENERATE-FROM-SCHEMA-END)
AUTHOR
------
Shahana Farooqui <<sfarooqui@blockstream.com>> is mainly responsible
for consolidating logic from commando.
SEE ALSO
--------
lightning-createrune(7), lightning-blacklistrune(7)
RESOURCES
---------
Main web site: <https://github.com/ElementsProject/lightning>
[comment]: # ( SHA256STAMP:977acf366f8fde1411f2c78d072b34b38b456e95381a6bce8fe6855a2d91434a)

221
doc/lightning-createrune.7.md Normal file
View File

@ -0,0 +1,221 @@
lightning-createrune -- Command to Create/Update Rune for Authorizing Remote Peer Access
=========================================================================================
SYNOPSIS
--------
**createrune** [*rune*] [*restrictions*]
DESCRIPTION
-----------
The **createrune** RPC command creates a base64 string called a
*rune* which can be used to access commands on this node. Each *rune*
contains a unique id (a number starting at 0), and can have
restrictions inside it. Nobody can remove restrictions from a rune: if
you try, the rune will be rejected. There is no limit on how many
runes you can issue; the node simply decodes and checks them as they are
received.
If *rune* is supplied, the restrictions are simple appended to that
*rune* (it doesn't need to be a rune belonging to this node). If no
*rune* is supplied, a new one is constructed, with a new unique id.
*restrictions* can be the string "readonly" (creates a rune which
allows most *get* and *list* commands, and the *summary* command), or
an array of restrictions.
Each restriction is an array of one or more alternatives, such as "method
is listpeers", or "method is listpeers OR time is before 2023". Alternatives use a simple language to examine the command which is
being run:
* time: the current UNIX time, e.g. "time<1656759180".
* id: the node\_id of the peer, e.g. "id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605".
* method: the command being run, e.g. "method=withdraw".
* rate: the rate limit, per minute, e.g. "rate=60".
* pnum: the number of parameters. e.g. "pnum<2".
* pnameX: the parameter named X (with any punctuation like `_` removed). e.g. "pnamedestination=1RustyRX2oai4EYYDpQGWvEL62BBGqN9T".
* parrN: the N'th parameter. e.g. "parr0=1RustyRX2oai4EYYDpQGWvEL62BBGqN9T".
RESTRICTION FORMAT
------------------
Restrictions are one or more alternatives. Each
alternative is *name* *operator* *value*. The valid names are shown
above. Note that if a value contains `\\`, it must be preceeded by another `\\`
to form valid JSON:
* `=`: passes if equal ie. identical. e.g. `method=withdraw`
* `/`: not equals, e.g. `method/withdraw`
* `^`: starts with, e.g. `id^024b9a1fa8e006f1e3937f`
* `$`: ends with, e.g. `id$381df1cc449605`.
* `~`: contains, e.g. `id~006f1e3937f65f66c40`.
* `<`: is a decimal integer, and is less than. e.g. `time<1656759180`
* `>`: is a decimal integer, and is greater than. e.g. `time>1656759180`
* `{`: preceeds in alphabetical order (or matches but is shorter), e.g. `id{02ff`.
* `}`: follows in alphabetical order (or matches but is longer), e.g. `id}02ff`.
* `#`: a comment, ignored, e.g. `dumb example#`.
* `!`: only passes if the *name* does *not* exist. e.g. `pnamedestination!`.
Every other operator except `#` fails if *name* does not exist!
EXAMPLES
--------
This creates a fresh rune which can do anything:
$ lightning-cli createrune
{
"rune": "KUhZzNlECC7pYsz3QVbF1TqjIUYi3oyESTI7n60hLMs9MA==",
"unique_id": "0"
}
We can add restrictions to that rune, like so:
$ lightning-cli createrune rune=KUhZzNlECC7pYsz3QVbF1TqjIUYi3oyESTI7n60hLMs9MA== restrictions=readonly
{
"rune": "NbL7KkXcPQsVseJ9TdJNjJK2KsPjnt_q4cE_wvc873I9MCZtZXRob2RebGlzdHxtZXRob2ReZ2V0fG1ldGhvZD1zdW1tYXJ5Jm1ldGhvZC9saXN0ZGF0YXN0b3Jl",
"unique_id": "0"
}
The "readonly" restriction is a short-cut for two restrictions:
1. `["method^list", "method^get", "method=summary"]`: You may call list, get or summary.
2. `["method/listdatastore"]`: But not listdatastore: that contains sensitive stuff!
We can do the same manually, like so:
$ lightning-cli createrune rune=KUhZzNlECC7pYsz3QVbF1TqjIUYi3oyESTI7n60hLMs9MA== restrictions='[["method^list", "method^get", "method=summary"],["method/listdatastore"]]'
{
"rune": "NbL7KkXcPQsVseJ9TdJNjJK2KsPjnt_q4cE_wvc873I9MCZtZXRob2RebGlzdHxtZXRob2ReZ2V0fG1ldGhvZD1zdW1tYXJ5Jm1ldGhvZC9saXN0ZGF0YXN0b3Jl",
"unique_id": "0"
}
Let's create a rune which lets a specific peer
(024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605)
run "listpeers" on themselves:
$ lightning-cli createrune restrictions='[["id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"],["method=listpeers"],["pnum=1"],["pnameid=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605","parr0=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"]]'
{
"rune": "FE8GHiGVvxcFqCQcClVRRiNE_XEeLYQzyG2jmqto4jM9MiZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDV8cGFycjA9MDI0YjlhMWZhOGUwMDZmMWUzOTM3ZjY1ZjY2YzQwOGU2ZGE4ZTFjYTcyOGVhNDMyMjJhNzM4MWRmMWNjNDQ5NjA1",
"unique_id": "2"
}
This allows `listpeers` with 1 argument (`pnum=1`), which is either by name (`pnameid`), or position (`parr0`). We could shorten this in several ways: either allowing only positional or named parameters, or by testing the start of the parameters only. Here's an example which only checks the first 9 bytes of the `listpeers` parameter:
$ lightning-cli createrune restrictions='[["id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"],["method=listpeers"],["pnum=1"],["pnameid^024b9a1fa8e006f1e393", "parr0^024b9a1fa8e006f1e393"]'
{
"rune": "fTQnfL05coEbiBO8SS0cvQwCcPLxE9c02pZCC6HRVEY9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5Mw==",
"unique_id": "3"
}
Before we give this to our peer, let's add two more restrictions: that
it only be usable for 24 hours from now (`time<`), and that it can only
be used twice a minute (`rate=2`). `date +%s` can give us the current
time in seconds:
$ lightning-cli createrune rune=fTQnfL05coEbiBO8SS0cvQwCcPLxE9c02pZCC6HRVEY9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5Mw== restrictions='[["time<'$(($(date +%s) + 24*60*60))'","rate=2"]]'
{
"rune": "tU-RLjMiDpY2U0o3W1oFowar36RFGpWloPbW9-RuZdo9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5MyZ0aW1lPDE2NTY5MjA1MzgmcmF0ZT0y",
"unique_id": "3"
}
You can also use lightning-decode(7) to examine runes you have been given:
$ .lightning-cli decode tU-RLjMiDpY2U0o3W1oFowar36RFGpWloPbW9-RuZdo9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5MyZ0aW1lPDE2NTY5MjA1MzgmcmF0ZT0y
{
"type": "rune",
"unique_id": "3",
"string": "b54f912e33220e9636534a375b5a05a306abdfa4451a95a5a0f6d6f7e46e65da:=3&id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605&method=listpeers&pnum=1&pnameid^024b9a1fa8e006f1e393|parr0^024b9a1fa8e006f1e393&time<1656920538&rate=2",
"restrictions": [
{
"alternatives": [
"id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"
],
"summary": "id (of commanding peer) equal to '024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605'"
},
{
"alternatives": [
"method=listpeers"
],
"summary": "method (of command) equal to 'listpeers'"
},
{
"alternatives": [
"pnum=1"
],
"summary": "pnum (number of command parameters) equal to 1"
},
{
"alternatives": [
"pnameid^024b9a1fa8e006f1e393",
"parr0^024b9a1fa8e006f1e393"
],
"summary": "pnameid (object parameter 'id') starts with '024b9a1fa8e006f1e393' OR parr0 (array parameter #0) starts with '024b9a1fa8e006f1e393'"
},
{
"alternatives": [
"time<1656920538"
],
"summary": "time (in seconds since 1970) less than 1656920538 (approximately 19 hours 18 minutes from now)"
},
{
"alternatives": [
"rate=2"
],
"summary": "rate (max per minute) equal to 2"
}
],
"valid": true
}
SHARING RUNES
-------------
Because anyone can add a restriction to a rune, you can always turn a
normal rune into a read-only rune, or restrict access for 30 minutes
from the time you give it to someone. Adding restrictions before
sharing runes is best practice.
If a rune has a ratelimit, any derived rune will have the same id, and
thus will compete for that ratelimit. You might want to consider
adding a tighter ratelimit to a rune before sharing it, so you will
keep the remainder. For example, if you rune has a limit of 60 times
per minute, adding a limit of 5 times per minute and handing that rune
out means you can still use your original rune 55 times per minute.
RETURN VALUE
------------
[comment]: # (GENERATE-FROM-SCHEMA-START)
On success, an object is returned, containing:
- **rune** (string): the resulting rune
- **unique\_id** (string): the id of this rune: this is set at creation and cannot be changed (even as restrictions are added)
The following warnings may also be returned:
- **warning\_unrestricted\_rune**: A warning shown when runes are created with powers that could drain your node
[comment]: # (GENERATE-FROM-SCHEMA-END)
AUTHOR
------
Rusty Russell <<rusty@rustcorp.com.au>> wrote the original Python
commando.py plugin, the in-tree commando plugin, and this manual page.
Shahana Farooqui <<sfarooqui@blockstream.com>> is mainly responsible
for migrating commando-rune to createrune.
SEE ALSO
--------
lightning-commando-rune(7), lightning-checkrune(7)
RESOURCES
---------
Main web site: <https://github.com/ElementsProject/lightning>
[comment]: # ( SHA256STAMP:7064d2dcc37af3fe83739a11da57400b5c1faef51095b8dacfba6a4312fc9d25)

51
doc/lightning-listrunes.7.md Normal file
View File

@ -0,0 +1,51 @@
lightning-listrunes -- Command to list previously generated runes
==================================================================
SYNOPSIS
--------
**listrunes** [*rune*]
DESCRIPTION
-----------
The **listrunes** RPC command either lists runes that we stored as we generate them (see lightning-createrune(7)) or decodes the rune given on the command line.
RETURN VALUE
------------
[comment]: # (GENERATE-FROM-SCHEMA-START)
On success, an object containing **runes** is returned. It is an array of objects, where each object contains:
- **rune** (string): Base64 encoded rune
- **unique\_id** (string): Unique id assigned when the rune was generated; this is always a u64 for commando runes
- **restrictions** (array of objects): The restrictions on what commands this rune can authorize:
- **alternatives** (array of objects):
- **fieldname** (string): The field this restriction applies to; see commando-rune(7)
- **value** (string): The value accepted for this field
- **condition** (string): The way to compare fieldname and value
- **english** (string): English readable description of this alternative
- **english** (string): English readable summary of alternatives above
- **restrictions\_as\_english** (string): English readable description of the restrictions array above
- **stored** (boolean, optional): This is false if the rune does not appear in our datastore (only possible when `rune` is specified) (always *false*)
- **blacklisted** (boolean, optional): The rune has been blacklisted; see commando-blacklist(7) (always *true*)
- **our\_rune** (boolean, optional): This is not a rune for this node (only possible when `rune` is specified) (always *false*)
[comment]: # (GENERATE-FROM-SCHEMA-END)
AUTHOR
------
Shahana Farooqui <<sfarooqui@blockstream.com>> is mainly responsible.
SEE ALSO
--------
lightning-commando-listrunes(7), lightning-blacklistrune(7)
RESOURCES
---------
Main web site: <https://github.com/ElementsProject/lightning>
[comment]: # ( SHA256STAMP:cd0e75bbeef3d5824448f67485de4679b0c163e97f405673b2ba9495f970d498)

17
doc/schemas/blacklistrune.request.json Normal file
View File

@ -0,0 +1,17 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [],
"added": "v23.08",
"properties": {
"start": {
"type": "u64",
"description": "first rune unique id to blacklist"
},
"end": {
"type": "u64",
"description": "final rune unique id to blacklist (defaults to start)"
}
}
}

32
doc/schemas/blacklistrune.schema.json Normal file
View File

@ -0,0 +1,32 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [
"blacklist"
],
"properties": {
"blacklist": {
"type": "array",
"description": "the resulting blacklist ranges after the command",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"start",
"end"
],
"properties": {
"start": {
"type": "u64",
"description": "Unique id of first rune in this blacklist range"
},
"end": {
"type": "u64",
"description": "Unique id of last rune in this blacklist range"
}
}
}
}
}
}

42
doc/schemas/checkrune.request.json Normal file
View File

@ -0,0 +1,42 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [
"nodeid",
"rune",
"method"
],
"added": "v23.08",
"properties": {
"nodeid": {
"type": "string",
"description": "node id of your node"
},
"method": {
"type": "string",
"description": "method for which rune needs to be validated"
},
"rune": {
"type": "string",
"description": "rune to check for authorization"
},
"params": {
"oneOf": [
{
"type": "array",
"description": "array of positional parameters"
},
{
"type": "object",
"description": "parameters for method"
}
]
},
"filter": {
"type": "object",
"additionalProperties": true,
"description": "filter to apply to any successful result"
}
}
}

14
doc/schemas/checkrune.schema.json Normal file
View File

@ -0,0 +1,14 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [
"valid"
],
"properties": {
"valid": {
"type": "boolean",
"description": "true if the rune is valid"
}
}
}

1
doc/schemas/commando-blacklist.request.json
View File

@ -4,6 +4,7 @@
"additionalProperties": false,
"required": [],
"added": "v23.05",
"deprecated": "v23.08",
"properties": {
"start": {
"type": "u64",

1
doc/schemas/commando-listrunes.request.json
View File

@ -4,6 +4,7 @@
"additionalProperties": false,
"required": [],
"added": "v23.05",
"deprecated": "v23.08",
"properties": {
"rune": {
"type": "string",

1
doc/schemas/commando-rune.request.json
View File

@ -3,6 +3,7 @@
"type": "object",
"additionalProperties": false,
"required": [],
"deprecated": "v23.08",
"properties": {
"rune": {
"type": "string",

34
doc/schemas/createrune.request.json Normal file
View File

@ -0,0 +1,34 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [],
"added": "v23.08",
"properties": {
"rune": {
"type": "string",
"description": "optional rune to add to"
},
"restrictions": {
"oneOf": [
{
"type": "array",
"description": "array of restrictions to add to rune",
"items": {
"type": "array",
"items": {
"type": "string"
}
}
},
{
"type": "string",
"enum": [
"readonly"
],
"description": "readonly string to indicate standard readonly restrictions."
}
]
}
}
}

23
doc/schemas/createrune.schema.json Normal file
View File

@ -0,0 +1,23 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [
"rune",
"unique_id"
],
"properties": {
"rune": {
"type": "string",
"description": "the resulting rune"
},
"unique_id": {
"type": "string",
"description": "the id of this rune: this is set at creation and cannot be changed (even as restrictions are added)"
},
"warning_unrestricted_rune": {
"type": "string",
"description": "A warning shown when runes are created with powers that could drain your node"
}
}
}

13
doc/schemas/listrunes.request.json Normal file
View File

@ -0,0 +1,13 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [],
"added": "v23.08",
"properties": {
"rune": {
"type": "string",
"description": "optional rune to list"
}
}
}

107
doc/schemas/listrunes.schema.json Normal file
View File

@ -0,0 +1,107 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"additionalProperties": false,
"required": [
"runes"
],
"properties": {
"runes": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"rune",
"unique_id",
"restrictions",
"restrictions_as_english"
],
"properties": {
"rune": {
"type": "string",
"description": "Base64 encoded rune"
},
"unique_id": {
"type": "string",
"description": "Unique id assigned when the rune was generated; this is always a u64 for commando runes"
},
"restrictions": {
"type": "array",
"description": "The restrictions on what commands this rune can authorize",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"alternatives",
"english"
],
"properties": {
"alternatives": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"fieldname",
"value",
"condition",
"english"
],
"properties": {
"fieldname": {
"type": "string",
"description": "The field this restriction applies to; see commando-rune(7)"
},
"value": {
"type": "string",
"description": "The value accepted for this field"
},
"condition": {
"type": "string",
"description": "The way to compare fieldname and value"
},
"english": {
"type": "string",
"description": "English readable description of this alternative"
}
}
}
},
"english": {
"type": "string",
"description": "English readable summary of alternatives above"
}
}
}
},
"restrictions_as_english": {
"type": "string",
"description": "English readable description of the restrictions array above"
},
"stored": {
"type": "boolean",
"enum": [
false
],
"description": "This is false if the rune does not appear in our datastore (only possible when `rune` is specified)"
},
"blacklisted": {
"type": "boolean",
"enum": [
true
],
"description": "The rune has been blacklisted; see commando-blacklist(7)"
},
"our_rune": {
"type": "boolean",
"enum": [
false
],
"description": "This is not a rune for this node (only possible when `rune` is specified)"
}
}
}
}
}
}