perms

package
v0.0.0-reproducible-bu... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2024 License: MIT Imports: 23 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// RequiredPermissions is a map of all LiT RPC methods and their
	// required macaroon permissions to access the session service.
	RequiredPermissions = map[string][]bakery.Op{
		"/litrpc.Sessions/AddSession": {{
			Entity: "sessions",
			Action: "write",
		}},
		"/litrpc.Sessions/ListSessions": {{
			Entity: "sessions",
			Action: "read",
		}},
		"/litrpc.Sessions/RevokeSession": {{
			Entity: "sessions",
			Action: "write",
		}},
		"/litrpc.Accounts/CreateAccount": {{
			Entity: "account",
			Action: "write",
		}},
		"/litrpc.Accounts/UpdateAccount": {{
			Entity: "account",
			Action: "write",
		}},
		"/litrpc.Accounts/ListAccounts": {{
			Entity: "account",
			Action: "read",
		}},
		"/litrpc.Accounts/AccountInfo": {{
			Entity: "account",
			Action: "read",
		}},
		"/litrpc.Accounts/RemoveAccount": {{
			Entity: "account",
			Action: "write",
		}},
		"/litrpc.Firewall/ListActions": {{
			Entity: "actions",
			Action: "read",
		}},
		"/litrpc.Autopilot/ListAutopilotFeatures": {{
			Entity: "autopilot",
			Action: "read",
		}},
		"/litrpc.Autopilot/AddAutopilotSession": {{
			Entity: "autopilot",
			Action: "write",
		}},
		"/litrpc.Autopilot/ListAutopilotSessions": {{
			Entity: "autopilot",
			Action: "read",
		}},
		"/litrpc.Autopilot/RevokeAutopilotSession": {{
			Entity: "autopilot",
			Action: "write",
		}},
		"/litrpc.Firewall/PrivacyMapConversion": {{
			Entity: "privacymap",
			Action: "read",
		}},
		"/litrpc.Proxy/StopDaemon": {{
			Entity: "proxy",
			Action: "write",
		}},
		"/litrpc.Proxy/GetInfo": {{
			Entity: "proxy",
			Action: "read",
		}},
		"/litrpc.Proxy/BakeSuperMacaroon": {{
			Entity: "supermacaroon",
			Action: "write",
		}},
	}
)

Functions

This section is empty.

Types

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages the permission lists that Lit requires.

func NewManager 

func NewManager(withAllSubServers bool) (*Manager, error)

NewManager constructs a new Manager instance and collects any of the fixed permissions. If withAllSubServers is true, then all the LND sub-server permissions will be added to the available permissions set regardless of whether LND was compiled with those sub-servers. If it is not set, however, then OnLNDBuildTags can be used to specify the exact sub-servers that LND was compiled with and then only the corresponding permissions will be added.

func (*Manager) ActivePermissions 

func (pm *Manager) ActivePermissions(readOnly bool) []bakery.Op

ActivePermissions returns all the available active permissions that the manager is aware of. Optionally, readOnly can be set to true if only the read-only permissions should be returned.

func (*Manager) GetLitPerms 

func (pm *Manager) GetLitPerms() map[string][]bakery.Op

GetLitPerms returns a map of all permissions that the manager is aware of _except_ for any LND permissions. In other words, this returns permissions for which the external validator of Lit is responsible.

func (*Manager) IsSubServerURI 

func (pm *Manager) IsSubServerURI(name string, uri string) bool

IsSubServerURI if the given URI belongs to the RPC of the given server.

func (*Manager) IsWhiteListedURL 

func (pm *Manager) IsWhiteListedURL(url string) bool

IsWhiteListedURL returns true if the given URL has been whitelisted meaning that it does not require a macaroon for validation. A URL is considered white-listed if it has no operations associated with a URL.

func (*Manager) MatchRegexURI 

func (pm *Manager) MatchRegexURI(uriRegex string) ([]string, bool)

MatchRegexURI first checks that the given URI is in fact a regex. If it is, then it is used to match on the perms that the manager has. The return values are a list of URIs that match the regex and the boolean represents whether the given uri is in fact a regex.

func (*Manager) OnLNDBuildTags 

func (pm *Manager) OnLNDBuildTags(lndBuildTags []string)

OnLNDBuildTags should be called once a list of LND build tags has been obtained. It then uses those build tags to decide which of the LND sub-server permissions to add to the main permissions list. This method should only be called once.

func (*Manager) RegisterSubServer 

func (pm *Manager) RegisterSubServer(name string,
	permissions map[string][]bakery.Op, whiteListURLs map[string]struct{})

RegisterSubServer adds the permissions of a given sub-server to the set managed by the Manager.

func (*Manager) URIPermissions 

func (pm *Manager) URIPermissions(uri string) ([]bakery.Op, bool)

URIPermissions returns a list of permission operations for the given URI if the uri is known to the manager. The second return parameter will be false if the URI is unknown to the manager.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.