Commit Graph

33 Commits

Author SHA1 Message Date
Elle Mouton
23602e017e
multi: start updating various loggers to use the new v2 type 2024-10-22 17:03:55 +02:00
Oliver Gugger
648fb22f63
multi: wrap all errors 2024-04-11 15:04:03 +02:00
ffranr
cd566eb097
multi: fix fmt.Errorf error wrapping
Refactor fmt.Errorf usage to correctly wrap errors instead of using
non-wrapping format verbs.
2024-02-27 11:13:40 +00:00
yyforyongyu
9bd0dcd121
rpcserver: add debug log for rpc calls 2023-03-17 10:01:42 +08:00
Oliver Gugger
55b53555e9
multi: improve readability of goroutine defers
This commit fixes the readability of some of the defer calls in
goroutines by making sure the defer stands out properly.
2022-11-21 13:54:24 +01:00
yyforyongyu
0735522194
multi: fix make fmt 2022-08-23 22:10:24 +08:00
Elle Mouton
cc2fbd18b1
rpcperms: re-init mw lookup map after removal of one
After removing a registered middlware from the slice, we need to update
the index lookup map with the updated index for each middleware.
2022-07-15 14:25:54 +02:00
Oliver Gugger
b1d8767a0c
rpcperms: intercept errors too 2022-07-14 09:36:50 +02:00
Oliver Gugger
86c64abfe6
rpcperms: allow requests to be replaced as well
With this commit we allow a replacement message to be sent by the
middleware for a request type as well as the response type. This allows
an incoming RPC request to be modified before it is forwarded to lnd.
2022-07-14 09:36:36 +02:00
Oliver Gugger
dc32ca61f8
rpcperms: add replaceProtoMsg
Because of the way the gRPC Receive() method is designed, we need a way
to replace a proto message with the content of another one without
replacing the original instance itself (e.g. overwrite all values in the
existing struct instance).
2022-07-14 09:36:36 +02:00
Elle Mouton
0d55deac63
rpcperms: enforce order of interceptors
In this commit, we let the registered middleware interceptors be stored
in a slice rather than a map so that the order in which the interceptors
are executed is guarenteed to be the same as the order in which they
were registered.
2022-07-07 17:16:42 +02:00
Carsten Otto
50ec39477e rpcperms: fix typo [skip ci] 2022-04-04 22:58:41 +02:00
Oliver Gugger
895a2e497b
multi: formatting and comment fixes 2022-02-10 11:02:02 +01:00
Olaoluwa Osuntokun
234fdc6c9c
Merge pull request #6185 from sangaman/rpc-middleware-custom-caveat
rpcperms: set CustomCaveatCondition on middleware req
2022-01-24 15:45:49 -08:00
Daniel McNally
4a573b18cf
rpcperms: set CustomCaveatCondition on middleware req
This sets the `CustomCaveatCondition` value on rpc middleware requests
if one exists. Previously, this value was always blank even if the
macaroon had a value set for its custom caveat condition.
2022-01-24 11:39:07 -05:00
Dimitris Apostolou
530a2059e5
multi: Fix typos [skip ci] 2022-01-24 12:19:02 +02:00
Oliver Gugger
54a25146f4
rpcperms: add unique request ID
This commit adds a unique request ID that is the same for each gRPC
request and response intercept message or each request/response message
of a gRPC stream.
2021-11-08 15:01:26 +01:00
Oliver Gugger
9a28a4a9ff
lnrpc+rpcperms+lntest: add unique MW message ID
This commit adds a new unique intercept message ID that is different for
each message sent to an RPC middleware. This will allow us to re-purpose
the existing request ID field into its original intention, which was to
have a unique ID for a full gRPC request/response pair or gRPC stream as
a whole.
2021-11-08 15:00:29 +01:00
Oliver Gugger
af09f11c1c
rpcperms: don't intercept if no middleware is registered
If there is no middleware registered, we don't need to intercept any
call and therefore can skip the request and macaroon parsing section.
2021-10-26 17:48:10 +02:00
Oliver Gugger
b22f51098a
rpcperms+lnd: use macaroon service from interceptor chain
We'll refactor the wallet creation and unlock process in a following
commit and want to make it possible to not need a direct reference to
the macaroon service in our main function. Since we store it in the
interceptor chain anyway (if we're using macaroons in the first place),
we might as well use the instance there directly.
2021-10-08 12:06:53 +02:00
Oliver Gugger
efe5f6ae90
multi: add RPC middleware interception
With the middleware handler in place, we now need to add a new gRPC
interceptor to the interceptor chain that will send messages to the
registered middlewares for each event that could be of interest to them.
2021-09-20 17:04:29 +02:00
Oliver Gugger
75ca574790
lnrpc+rpcperms: add middleware handler
With this commit we introduce the concept of RPC middleware: A mechanism
similar to the existing channel or HTLC interceptors but this time for
gRPC messages themselves.
An RPC middleware can register itself to the main RPC server to get
notified each time a new gRPC request comes in, a gRPC response is sent
back or a streaming RPC is connected. The middleware can
validate/inspect incoming requests and modify/overwrite outgoing
responses.

Since this also opens the door for malicious software to interfere with
lnd in a negative way, we bind everything to macaroons with custom
caveat conditions: A middleware declares upon registration which custom
caveat name it can handle. Only client requests that send a macaroon
with that custom caveat will then be given to the middleware for
inspection. The only exception is if the middleware instead registers
to use the read-only mode. In that mode it will be able to intercept
all requests/responses, even those not made with a special encumbered
macaroon. But the middleware won't be able to alter responses in the
read-only mode. Therefore requests with the default, unencumbered macaroons
can never be modified by any middleware.
2021-09-20 13:12:49 +02:00
Oliver Gugger
8509d92070
log+rpcperms: add custom RPCP logger to rpcperms package
The custom RPC middleware logic that we are going to add in the next
commits will need to log under their own sub logger so we add one with a
new subsystem name.
2021-09-20 13:05:47 +02:00
yyforyongyu
f5bac969e3
rpcperms+rpc: add ServerActive state and set it when server started 2021-09-14 07:34:09 +08:00
ErikEk
195e57025b lncli: remove error logs 2021-09-06 19:12:43 +02:00
Oliver Gugger
dd749fe580
lnrpc: update grpc-gateway library to v2 2021-07-27 13:09:59 +02:00
Andras Banki-Horvath
9aacc35989
lnrpc: add GetState to stateservice (v1/state)
This commit adds a new GetState call to the state service in order to
make leader election integrate simply with k8s using a readinessProbe.
2021-05-04 17:33:13 +02:00
Andras Banki-Horvath
5e215a7a66
lnrpc: add "waiting to start" state to state service
This commit adds a new "waiting to start" state which may be used to
query if we're still waiting to become the cluster leader. Once leader
we advance the state to "wallet not exist" or "wallet locked" given
wallet availablity.
2021-05-04 17:33:11 +02:00
Johan T. Halseth
9ef556624e
lnrpc: add StateService 2021-03-17 12:09:38 +01:00
Johan T. Halseth
b2e0a7d684
rpcperms: export macaroon interceptor methods
Since we need access to these methods from external subservers in some
cases, we export them.
2021-03-11 13:05:24 +01:00
Johan T. Halseth
2877511fce
rpcperms+lnd: gate RPC calls on RPC state
This commit makes us gate the calls to the RPC servers according to the
current RPC state. This ensures we won't try to call the RPC server
before it has been fully initialized, and that we won't call the
walletUnlocker after the wallet already has been unlocked.
2021-03-11 13:05:24 +01:00
Johan T. Halseth
73711941ad
rpcperms: add macaroon whitelist
We extract common macaroon validating code into a method, and add a
method whitelist, for methods that won't need macaroons.

This give us explicit control over which methods don't require
macaroons, to avoid inadvertently adding RPCs that are unauthenticated.

For now this whitelist contains the WalletUnlocker methods, as the
wallet password is required to open the macaroon db.
2021-03-11 13:05:23 +01:00
Johan T. Halseth
3c81a5dd73
rpcperms: add RPC interceptor chain
This adds a new package rpcperms which houses the InterceptorChain
struct.  This is a central place where we'll craft interceptors to use
for the GRPC server, which includes macaroon enforcement.

This let us add the interceptor chain to the GRPC server before the
macaroon service is ready, allowing us to avoid tearing down the GRPC
server after the wallet has been unlocked.
2021-03-11 13:05:23 +01:00