Documentation ¶
Index ¶
- Constants
- Variables
- func DisableLog()
- func UseLogger(logger bronlog.Logger)
- type InterceptType
- type InterceptionRequest
- type InterceptorChain
- func (r *InterceptorChain) AddMacaroonService(svc *macaroons.Service)
- func (r *InterceptorChain) AddPermission(method string, ops []bakery.Op) error
- func (r *InterceptorChain) CreateServerOpts() []grpc.ServerOption
- func (r *InterceptorChain) CustomCaveatSupported(customCaveatName string) error
- func (r *InterceptorChain) GetState(_ context.Context, _ *lnrpc.GetStateRequest) (*lnrpc.GetStateResponse, error)
- func (r *InterceptorChain) MacaroonService() *macaroons.Service
- func (r *InterceptorChain) MacaroonStreamServerInterceptor() grpc.StreamServerInterceptor
- func (r *InterceptorChain) MacaroonUnaryServerInterceptor() grpc.UnaryServerInterceptor
- func (r *InterceptorChain) Permissions() map[string][]bakery.Op
- func (r *InterceptorChain) RegisterMiddleware(mw *MiddlewareHandler) error
- func (r *InterceptorChain) RemoveMiddleware(middlewareName string)
- func (r *InterceptorChain) SetRPCActive()
- func (r *InterceptorChain) SetServerActive()
- func (r *InterceptorChain) SetWalletLocked()
- func (r *InterceptorChain) SetWalletNotCreated()
- func (r *InterceptorChain) SetWalletUnlocked()
- func (r *InterceptorChain) Start() error
- func (r *InterceptorChain) Stop() error
- func (r *InterceptorChain) SubscribeState(_ *lnrpc.SubscribeStateRequest, stream lnrpc.State_SubscribeStateServer) error
- type MiddlewareHandler
Constants ¶
const Subsystem = "RPCP"
Subsystem defines the logging code for this subsystem.
Variables ¶
var ( // ErrWaitingToStart is returned if broln is still wating to start, // possibly blocked until elected as the leader. ErrWaitingToStart = fmt.Errorf("waiting to start, RPC services not " + "available") // ErrNoWallet is returned if the wallet does not exist. ErrNoWallet = fmt.Errorf("wallet not created, create one to enable " + "full RPC access") // ErrWalletLocked is returned if the wallet is locked and any service // other than the WalletUnlocker is called. ErrWalletLocked = fmt.Errorf("wallet locked, unlock it to enable " + "full RPC access") // ErrWalletUnlocked is returned if the WalletUnlocker service is // called when the wallet already has been unlocked. ErrWalletUnlocked = fmt.Errorf("wallet already unlocked, " + "WalletUnlocker service is no longer available") // ErrRPCStarting is returned if the wallet has been unlocked but the // RPC server is not yet ready to accept calls. ErrRPCStarting = fmt.Errorf("the RPC server is in the process of " + "starting up, but not yet ready to accept calls") )
var ( // ErrShuttingDown is the error that's returned when the server is // shutting down and a request cannot be served anymore. ErrShuttingDown = errors.New("server shutting down") // ErrTimeoutReached is the error that's returned if any of the // middleware's tasks is not completed in the given time. ErrTimeoutReached = errors.New("intercept timeout reached") )
Functions ¶
func DisableLog ¶
func DisableLog()
DisableLog disables all library log output. Logging output is disabled by default until UseLogger is called.
Types ¶
type InterceptType ¶
type InterceptType uint8
InterceptType defines the different types of intercept messages a middleware can receive.
const ( // TypeStreamAuth is the type of intercept message that is sent when a // client or streaming RPC is initialized. A message with this type will // be sent out during stream initialization so a middleware can // accept/deny the whole stream instead of only single messages on the // stream. TypeStreamAuth InterceptType = 1 // TypeRequest is the type of intercept message that is sent when an RPC // request message is sent to broln. For client-streaming RPCs a new // message of this type is sent for each individual RPC request sent to // the stream. TypeRequest InterceptType = 2 // TypeResponse is the type of intercept message that is sent when an // RPC response message is sent from broln to a client. For // server-streaming RPCs a new message of this type is sent for each // individual RPC response sent to the stream. Middleware has the option // to modify a response message before it is sent out to the client. TypeResponse InterceptType = 3 )
type InterceptionRequest ¶
type InterceptionRequest struct { // Type is the type of the interception message. Type InterceptType // StreamRPC is set to true if the invoked RPC method is client or // server streaming. StreamRPC bool // Macaroon holds the macaroon that the client sent to broln. Macaroon *macaroon.Macaroon // RawMacaroon holds the raw binary serialized macaroon that the client // sent to broln. RawMacaroon []byte // CustomCaveatName is the name of the custom caveat that the middleware // was intercepting for. CustomCaveatName string // CustomCaveatCondition is the condition of the custom caveat that the // middleware was intercepting for. This can be empty for custom caveats // that only have a name (marker caveats). CustomCaveatCondition string // FullURI is the full RPC method URI that was invoked. FullURI string // ProtoSerialized is the full request or response object in the // protobuf binary serialization format. ProtoSerialized []byte // ProtoTypeName is the fully qualified name of the protobuf type of the // request or response message that is serialized in the field above. ProtoTypeName string }
InterceptionRequest is a struct holding all information that is sent to a middleware whenever there is something to intercept (auth, request, response).
func NewMessageInterceptionRequest ¶
func NewMessageInterceptionRequest(ctx context.Context, authType InterceptType, isStream bool, fullMethod string, m interface{}) (*InterceptionRequest, error)
NewMessageInterceptionRequest creates a new interception request for either a request or response message.
func NewStreamAuthInterceptionRequest ¶
func NewStreamAuthInterceptionRequest(ctx context.Context, fullMethod string) (*InterceptionRequest, error)
NewStreamAuthInterceptionRequest creates a new interception request for a stream authentication message.
func (*InterceptionRequest) ToRPC ¶
func (r *InterceptionRequest) ToRPC(requestID, msgID uint64) (*lnrpc.RPCMiddlewareRequest, error)
ToRPC converts the interception request to its RPC counterpart.
type InterceptorChain ¶
type InterceptorChain struct { // Required by the grpc-gateway/v2 library for forward compatibility. lnrpc.UnimplementedStateServer sync.RWMutex // contains filtered or unexported fields }
InterceptorChain is a struct that can be added to the running GRPC server, intercepting API calls. This is useful for logging, enforcing permissions, supporting middleware etc. The following diagram shows the order of each interceptor in the chain and when exactly requests/responses are intercepted and forwarded to external middleware for approval/modification. Middleware in general can only intercept gRPC requests/responses that are sent by the client with a macaroon that contains a custom caveat that is supported by one of the registered middlewares.
| | gRPC request from client | +---v--------------------------------+ | InterceptorChain | +-+----------------------------------+ | Log Interceptor | +----------------------------------+ | RPC State Interceptor | +----------------------------------+ | Macaroon Interceptor | +----------------------------------+--------> +---------------------+ | RPC Macaroon Middleware Handler |<-------- | External Middleware | +----------------------------------+ | - approve request | | Prometheus Interceptor | +---------------------+ +-+--------------------------------+ | validated gRPC request from client +---v--------------------------------+ | main gRPC server | +---+--------------------------------+ | | original gRPC request to client | +---v--------------------------------+--------> +---------------------+ | RPC Macaroon Middleware Handler |<-------- | External Middleware | +---+--------------------------------+ | - modify response | | +---------------------+ | edited gRPC request to client v
func NewInterceptorChain ¶
func NewInterceptorChain(log bronlog.Logger, noMacaroons bool, mandatoryMiddleware []string) *InterceptorChain
NewInterceptorChain creates a new InterceptorChain.
func (*InterceptorChain) AddMacaroonService ¶
func (r *InterceptorChain) AddMacaroonService(svc *macaroons.Service)
AddMacaroonService adds a macaroon service to the interceptor. After this is done every RPC call made will have to pass a valid macaroon to be accepted.
func (*InterceptorChain) AddPermission ¶
func (r *InterceptorChain) AddPermission(method string, ops []bakery.Op) error
AddPermission adds a new macaroon rule for the given method.
func (*InterceptorChain) CreateServerOpts ¶
func (r *InterceptorChain) CreateServerOpts() []grpc.ServerOption
CreateServerOpts creates the GRPC server options that can be added to a GRPC server in order to add this InterceptorChain.
func (*InterceptorChain) CustomCaveatSupported ¶
func (r *InterceptorChain) CustomCaveatSupported(customCaveatName string) error
CustomCaveatSupported makes sure a middleware that handles the given custom caveat name is registered. If none is, an error is returned, signalling to the macaroon bakery and its validator to reject macaroons that have a custom caveat with that name.
NOTE: This method is part of the macaroons.CustomCaveatAcceptor interface.
func (*InterceptorChain) GetState ¶
func (r *InterceptorChain) GetState(_ context.Context, _ *lnrpc.GetStateRequest) (*lnrpc.GetStateResponse, error)
GetState returns the current wallet state.
func (*InterceptorChain) MacaroonService ¶
func (r *InterceptorChain) MacaroonService() *macaroons.Service
MacaroonService returns the currently registered macaroon service. This might be nil if none was registered (yet).
func (*InterceptorChain) MacaroonStreamServerInterceptor ¶
func (r *InterceptorChain) MacaroonStreamServerInterceptor() grpc.StreamServerInterceptor
MacaroonStreamServerInterceptor is a GRPC interceptor that checks whether the request is authorized by the included macaroons.
func (*InterceptorChain) MacaroonUnaryServerInterceptor ¶
func (r *InterceptorChain) MacaroonUnaryServerInterceptor() grpc.UnaryServerInterceptor
MacaroonUnaryServerInterceptor is a GRPC interceptor that checks whether the request is authorized by the included macaroons.
func (*InterceptorChain) Permissions ¶
func (r *InterceptorChain) Permissions() map[string][]bakery.Op
Permissions returns the current set of macaroon permissions.
func (*InterceptorChain) RegisterMiddleware ¶
func (r *InterceptorChain) RegisterMiddleware(mw *MiddlewareHandler) error
RegisterMiddleware registers a new middleware that will handle request/ response interception for all RPC messages that are initiated with a custom macaroon caveat. The name of the custom caveat a middleware is handling is also its unique identifier. Only one middleware can be registered for each custom caveat.
func (*InterceptorChain) RemoveMiddleware ¶
func (r *InterceptorChain) RemoveMiddleware(middlewareName string)
RemoveMiddleware removes the middleware that handles the given custom caveat name.
func (*InterceptorChain) SetRPCActive ¶
func (r *InterceptorChain) SetRPCActive()
SetRPCActive moves the RPC state from walletUnlocked to rpcActive.
func (*InterceptorChain) SetServerActive ¶
func (r *InterceptorChain) SetServerActive()
SetServerActive moves the RPC state from walletUnlocked to rpcActive.
func (*InterceptorChain) SetWalletLocked ¶
func (r *InterceptorChain) SetWalletLocked()
SetWalletLocked moves the RPC state from either walletNotCreated to walletLocked.
func (*InterceptorChain) SetWalletNotCreated ¶
func (r *InterceptorChain) SetWalletNotCreated()
SetWalletNotCreated moves the RPC state from either waitingToStart to walletNotCreated.
func (*InterceptorChain) SetWalletUnlocked ¶
func (r *InterceptorChain) SetWalletUnlocked()
SetWalletUnlocked moves the RPC state from either walletNotCreated or walletLocked to walletUnlocked.
func (*InterceptorChain) Start ¶
func (r *InterceptorChain) Start() error
Start starts the InterceptorChain, which is needed to start the state subscription server it powers.
func (*InterceptorChain) Stop ¶
func (r *InterceptorChain) Stop() error
Stop stops the InterceptorChain and its internal state subscription server.
func (*InterceptorChain) SubscribeState ¶
func (r *InterceptorChain) SubscribeState(_ *lnrpc.SubscribeStateRequest, stream lnrpc.State_SubscribeStateServer) error
SubscribeState subscribes to the state of the wallet. The current wallet state will always be delivered immediately.
NOTE: Part of the StateService interface.
type MiddlewareHandler ¶
type MiddlewareHandler struct {
// contains filtered or unexported fields
}
MiddlewareHandler is a type that communicates with a middleware over the established bi-directional RPC stream. It sends messages to the middleware whenever the custom business logic implemented there should give feedback to a request or response that's happening on the main gRPC server.
func NewMiddlewareHandler ¶
func NewMiddlewareHandler(name, customCaveatName string, readOnly bool, receive func() (*lnrpc.RPCMiddlewareResponse, error), send func(request *lnrpc.RPCMiddlewareRequest) error, timeout time.Duration, params *chaincfg.Params, quit chan struct{}) *MiddlewareHandler
NewMiddlewareHandler creates a new handler for the middleware with the given name and custom caveat name.
func (*MiddlewareHandler) Run ¶
func (h *MiddlewareHandler) Run() error
Run is the main loop for the middleware handler. This function will block until it receives the signal that broln is shutting down, or the rpc stream is cancelled by the client.