Skip to content

Commit

Permalink
multi: add CLI flag to enable public access to uni proof courier RPCs
Browse files Browse the repository at this point in the history
  • Loading branch information
ffranr committed Sep 11, 2023
1 parent c5bdbfe commit ef592c1
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 18 deletions.
2 changes: 2 additions & 0 deletions config.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ type RPCConfig struct {

MacaroonPath string

AllowPublicMultiverseProofCourier bool

AllowPublicStats bool

LetsEncryptDir string
Expand Down
11 changes: 10 additions & 1 deletion perms/perms.go
Original file line number Diff line number Diff line change
Expand Up @@ -209,13 +209,22 @@ var (

// MacaroonWhitelist returns the set of RPC endpoints that don't require
// macaroon authentication.
func MacaroonWhitelist(allowPublicStats bool) map[string]struct{} {
func MacaroonWhitelist(allowPublicMultiverseProofCourier bool,
allowPublicStats bool) map[string]struct{} {

// Make a copy of the default whitelist.
whitelist := make(map[string]struct{})
for k, v := range defaultMacaroonWhitelist {
whitelist[k] = v
}

// Conditionally add public multiverse proof courier RPC endpoints to
// the whitelist.
if allowPublicMultiverseProofCourier {
whitelist["/universerpc.Universe/QueryProof"] = struct{}{}
whitelist["/universerpc.Universe/InsertProof"] = struct{}{}
}

// Conditionally add public stats RPC endpoints to the whitelist.
if allowPublicStats {
whitelist["/universerpc.Universe/QueryAssetStats"] = struct{}{}
Expand Down
1 change: 1 addition & 0 deletions server.go
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,7 @@ func (s *Server) RunUntilShutdown(mainErrChan <-chan error) error {

// Get RPC endpoints which don't require macaroons.
macaroonWhitelist := perms.MacaroonWhitelist(
s.cfg.RPCConfig.AllowPublicMultiverseProofCourier,
s.cfg.RPCConfig.AllowPublicStats,
)

Expand Down
3 changes: 2 additions & 1 deletion tapcfg/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,8 @@ type RpcConfig struct {
MacaroonPath string `long:"macaroonpath" description:"Path to write the admin macaroon for tapd's RPC and REST services if it doesn't exist"`
NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication, can only be used if server is not listening on a public interface."`

AllowPublicStats bool `long:"allow-public-stats" description:"Disable macaroon authentication for stats RPC endpoints."`
AllowPublicMultiverseProofCourier bool `long:"allow-public-multiverse-proof-courier" description:"Disable macaroon authentication for multiverse proof courier RPC endpoints."`
AllowPublicStats bool `long:"allow-public-stats" description:"Disable macaroon authentication for stats RPC endpoints."`

RestCORS []string `long:"restcors" description:"Add an ip:port/hostname to allow cross origin access from. To allow all origins, set as \"*\"."`

Expand Down
33 changes: 17 additions & 16 deletions tapcfg/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -384,22 +384,23 @@ func CreateServerFromConfig(cfg *Config, cfgLogger btclog.Logger,
serverCfg.SignalInterceptor = shutdownInterceptor

serverCfg.RPCConfig = &tap.RPCConfig{
LisCfg: &lnd.ListenerCfg{},
RPCListeners: cfg.rpcListeners,
RESTListeners: cfg.restListeners,
GrpcServerOpts: serverOpts,
RestDialOpts: restDialOpts,
RestListenFunc: restListen,
WSPingInterval: cfg.RpcConf.WSPingInterval,
WSPongWait: cfg.RpcConf.WSPongWait,
RestCORS: cfg.RpcConf.RestCORS,
NoMacaroons: cfg.RpcConf.NoMacaroons,
MacaroonPath: cfg.RpcConf.MacaroonPath,
AllowPublicStats: cfg.RpcConf.AllowPublicStats,
LetsEncryptDir: cfg.RpcConf.LetsEncryptDir,
LetsEncryptListen: cfg.RpcConf.LetsEncryptListen,
LetsEncryptEmail: cfg.RpcConf.LetsEncryptEmail,
LetsEncryptDomain: cfg.RpcConf.LetsEncryptDomain,
LisCfg: &lnd.ListenerCfg{},
RPCListeners: cfg.rpcListeners,
RESTListeners: cfg.restListeners,
GrpcServerOpts: serverOpts,
RestDialOpts: restDialOpts,
RestListenFunc: restListen,
WSPingInterval: cfg.RpcConf.WSPingInterval,
WSPongWait: cfg.RpcConf.WSPongWait,
RestCORS: cfg.RpcConf.RestCORS,
NoMacaroons: cfg.RpcConf.NoMacaroons,
MacaroonPath: cfg.RpcConf.MacaroonPath,
AllowPublicMultiverseProofCourier: cfg.RpcConf.AllowPublicMultiverseProofCourier,
AllowPublicStats: cfg.RpcConf.AllowPublicStats,
LetsEncryptDir: cfg.RpcConf.LetsEncryptDir,
LetsEncryptListen: cfg.RpcConf.LetsEncryptListen,
LetsEncryptEmail: cfg.RpcConf.LetsEncryptEmail,
LetsEncryptDomain: cfg.RpcConf.LetsEncryptDomain,
}

return tap.NewServer(serverCfg), nil
Expand Down

0 comments on commit ef592c1

Please sign in to comment.