From 8ccd35e0c10749da2be994e7fcc2283285660573 Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Tue, 14 Jun 2022 15:12:22 +0200 Subject: [PATCH] loopd: move RequiredPermissions to dedicated dir This commit moves the RequiredPermissions map to its own directory so that projects importing the permissions list dont need to import all the dependencies of the loopd package. --- loopd/daemon.go | 5 +-- loopd/macaroons.go | 85 -------------------------------------------- loopd/perms/perms.go | 85 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 87 deletions(-) create mode 100644 loopd/perms/perms.go diff --git a/loopd/daemon.go b/loopd/daemon.go index 71f1a6b..18fb3a6 100644 --- a/loopd/daemon.go +++ b/loopd/daemon.go @@ -15,6 +15,7 @@ import ( proxy "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" "github.com/lightninglabs/lndclient" "github.com/lightninglabs/loop" + "github.com/lightninglabs/loop/loopd/perms" "github.com/lightninglabs/loop/loopdb" "github.com/lightninglabs/loop/looprpc" "github.com/lightningnetwork/lnd/lntypes" @@ -379,7 +380,7 @@ func (d *Daemon) initialize(withMacaroonService bool) error { // Add our debug permissions to our main set of required permissions // if compiled in. for endpoint, perm := range debugRequiredPermissions { - RequiredPermissions[endpoint] = perm + perms.RequiredPermissions[endpoint] = perm } if withMacaroonService { @@ -395,7 +396,7 @@ func (d *Daemon) initialize(withMacaroonService bool) error { Checkers: []macaroons.Checker{ macaroons.IPLockChecker, }, - RequiredPerms: RequiredPermissions, + RequiredPerms: perms.RequiredPermissions, DBPassword: macDbDefaultPw, LndClient: &d.lnd.LndServices, EphemeralKey: lndclient.SharedKeyNUMS, diff --git a/loopd/macaroons.go b/loopd/macaroons.go index c312939..775d69e 100644 --- a/loopd/macaroons.go +++ b/loopd/macaroons.go @@ -1,9 +1,5 @@ package loopd -import ( - "gopkg.in/macaroon-bakery.v2/bakery" -) - const ( // loopMacaroonLocation is the value we use for the loopd macaroons' // "Location" field when baking them. @@ -11,87 +7,6 @@ const ( ) var ( - // RequiredPermissions is a map of all loop RPC methods and their - // required macaroon permissions to access loopd. - RequiredPermissions = map[string][]bakery.Op{ - "/looprpc.SwapClient/LoopOut": {{ - Entity: "swap", - Action: "execute", - }, { - Entity: "loop", - Action: "out", - }}, - "/looprpc.SwapClient/LoopIn": {{ - Entity: "swap", - Action: "execute", - }, { - Entity: "loop", - Action: "in", - }}, - "/looprpc.SwapClient/Monitor": {{ - Entity: "swap", - Action: "read", - }}, - "/looprpc.SwapClient/ListSwaps": {{ - Entity: "swap", - Action: "read", - }}, - "/looprpc.SwapClient/SwapInfo": {{ - Entity: "swap", - Action: "read", - }}, - "/looprpc.SwapClient/LoopOutTerms": {{ - Entity: "terms", - Action: "read", - }, { - Entity: "loop", - Action: "out", - }}, - "/looprpc.SwapClient/LoopOutQuote": {{ - Entity: "swap", - Action: "read", - }, { - Entity: "loop", - Action: "out", - }}, - "/looprpc.SwapClient/GetLoopInTerms": {{ - Entity: "terms", - Action: "read", - }, { - Entity: "loop", - Action: "in", - }}, - "/looprpc.SwapClient/GetLoopInQuote": {{ - Entity: "swap", - Action: "read", - }, { - Entity: "loop", - Action: "in", - }}, - "/looprpc.SwapClient/GetLsatTokens": {{ - Entity: "auth", - Action: "read", - }}, - "/looprpc.SwapClient/SuggestSwaps": {{ - Entity: "suggestions", - Action: "read", - }}, - "/looprpc.SwapClient/GetLiquidityParams": {{ - Entity: "suggestions", - Action: "read", - }}, - "/looprpc.SwapClient/SetLiquidityParams": {{ - Entity: "suggestions", - Action: "write", - }}, - "/looprpc.SwapClient/Probe": {{ - Entity: "swap", - Action: "execute", - }, { - Entity: "loop", - Action: "in", - }}, - } // macDbDefaultPw is the default encryption password used to encrypt the // loop macaroon database. The macaroon service requires us to set a diff --git a/loopd/perms/perms.go b/loopd/perms/perms.go new file mode 100644 index 0000000..5c8f432 --- /dev/null +++ b/loopd/perms/perms.go @@ -0,0 +1,85 @@ +package perms + +import "gopkg.in/macaroon-bakery.v2/bakery" + +// RequiredPermissions is a map of all loop RPC methods and their +// required macaroon permissions to access loopd. +var RequiredPermissions = map[string][]bakery.Op{ + "/looprpc.SwapClient/LoopOut": {{ + Entity: "swap", + Action: "execute", + }, { + Entity: "loop", + Action: "out", + }}, + "/looprpc.SwapClient/LoopIn": {{ + Entity: "swap", + Action: "execute", + }, { + Entity: "loop", + Action: "in", + }}, + "/looprpc.SwapClient/Monitor": {{ + Entity: "swap", + Action: "read", + }}, + "/looprpc.SwapClient/ListSwaps": {{ + Entity: "swap", + Action: "read", + }}, + "/looprpc.SwapClient/SwapInfo": {{ + Entity: "swap", + Action: "read", + }}, + "/looprpc.SwapClient/LoopOutTerms": {{ + Entity: "terms", + Action: "read", + }, { + Entity: "loop", + Action: "out", + }}, + "/looprpc.SwapClient/LoopOutQuote": {{ + Entity: "swap", + Action: "read", + }, { + Entity: "loop", + Action: "out", + }}, + "/looprpc.SwapClient/GetLoopInTerms": {{ + Entity: "terms", + Action: "read", + }, { + Entity: "loop", + Action: "in", + }}, + "/looprpc.SwapClient/GetLoopInQuote": {{ + Entity: "swap", + Action: "read", + }, { + Entity: "loop", + Action: "in", + }}, + "/looprpc.SwapClient/GetLsatTokens": {{ + Entity: "auth", + Action: "read", + }}, + "/looprpc.SwapClient/SuggestSwaps": {{ + Entity: "suggestions", + Action: "read", + }}, + "/looprpc.SwapClient/GetLiquidityParams": {{ + Entity: "suggestions", + Action: "read", + }}, + "/looprpc.SwapClient/SetLiquidityParams": {{ + Entity: "suggestions", + Action: "write", + }}, + "/looprpc.SwapClient/Probe": {{ + Entity: "swap", + Action: "execute", + }, { + Entity: "loop", + Action: "in", + }}, +}