Merge pull request #499 from lightninglabs/public-rpc-multiverse-proo…

…f-courier multi: add CLI flag to enable public access to uni proof courier RPCs
lightninglabs · Sep 20, 2023 · 4ee966a · 4ee966a
2 parents cea86b9 + 3fe7b88
commit 4ee966a
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 37 deletions.
diff --git a/config.go b/config.go
@@ -45,6 +45,8 @@ type RPCConfig struct {
 
 	MacaroonPath string
 
+	AllowPublicUniProofCourier bool
+
 	AllowPublicStats bool
 
 	LetsEncryptDir string
@@ -81,8 +83,6 @@ type Config struct {
 	// connecting to itself as a federation member.
 	RuntimeID int64
 
-	AcceptRemoteUniverseProofs bool
-
 	// TODO(roasbeef): use the Taproot Asset chain param wrapper here?
 	ChainParams chaincfg.Params
 

diff --git a/itest/tapd_harness.go b/itest/tapd_harness.go
@@ -109,7 +109,9 @@ func newTapdHarness(t *testing.T, ht *harnessTest, cfg tapdConfig,
 	tapCfg.TapdDir = cfg.BaseDir
 	tapCfg.DebugLevel = *logLevel
 
-	tapCfg.Universe.AcceptRemoteProofs = true
+	// Enable universe proof courier RPC endpoints. These endpoints are
+	// also used within some tests for transferring proofs.
+	tapCfg.RpcConf.AllowPublicUniProofCourier = true
 
 	// Decide which DB backend to use.
 	switch *dbbackend {

diff --git a/perms/perms.go b/perms/perms.go
@@ -205,21 +205,28 @@ var (
 		"/universerpc.Universe/QueryAssetRoots": {},
 		"/universerpc.Universe/AssetLeafKeys":   {},
 		"/universerpc.Universe/AssetLeaves":     {},
-		"/universerpc.Universe/QueryProof":      {},
-		"/universerpc.Universe/InsertProof":     {},
 		"/universerpc.Universe/Info":            {},
 	}
 )
 
 // MacaroonWhitelist returns the set of RPC endpoints that don't require
 // macaroon authentication.
-func MacaroonWhitelist(allowPublicStats bool) map[string]struct{} {
+func MacaroonWhitelist(allowPublicUniProofCourier bool,
+	allowPublicStats bool) map[string]struct{} {
+
 	// Make a copy of the default whitelist.
 	whitelist := make(map[string]struct{})
 	for k, v := range defaultMacaroonWhitelist {
 		whitelist[k] = v
 	}
 
+	// Conditionally add public multiverse proof courier RPC endpoints to
+	// the whitelist.
+	if allowPublicUniProofCourier {
+		whitelist["/universerpc.Universe/QueryProof"] = struct{}{}
+		whitelist["/universerpc.Universe/InsertProof"] = struct{}{}
+	}
+
 	// Conditionally add public stats RPC endpoints to the whitelist.
 	if allowPublicStats {
 		whitelist["/universerpc.Universe/QueryAssetStats"] = struct{}{}

diff --git a/rpcserver.go b/rpcserver.go
@@ -2969,10 +2969,6 @@ func (r *rpcServer) InsertProof(ctx context.Context,
 		return nil, fmt.Errorf("key cannot be nil")
 	}
 
-	if !r.cfg.AcceptRemoteUniverseProofs {
-		return nil, fmt.Errorf("remote proofs not accepted")
-	}
-
 	universeID, err := unmarshalUniID(req.Key.Id)
 	if err != nil {
 		return nil, err

diff --git a/server.go b/server.go
@@ -228,6 +228,7 @@ func (s *Server) RunUntilShutdown(mainErrChan <-chan error) error {
 
 	// Get RPC endpoints which don't require macaroons.
 	macaroonWhitelist := perms.MacaroonWhitelist(
+		s.cfg.RPCConfig.AllowPublicUniProofCourier,
 		s.cfg.RPCConfig.AllowPublicStats,
 	)
 

diff --git a/tapcfg/config.go b/tapcfg/config.go
@@ -51,8 +51,6 @@ const (
 	defaultMaxLogFiles    = 3
 	defaultMaxLogFileSize = 10
 
-	defaultAcceptRemoteProofs = false
-
 	defaultTestnetFederationServer = "testnet.universe.lightning.finance:10029"
 
 	// DefaultAutogenValidity is the default validity of a self-signed
@@ -204,7 +202,8 @@ type RpcConfig struct {
 	MacaroonPath string `long:"macaroonpath" description:"Path to write the admin macaroon for tapd's RPC and REST services if it doesn't exist"`
 	NoMacaroons  bool   `long:"no-macaroons" description:"Disable macaroon authentication, can only be used if server is not listening on a public interface."`
 
-	AllowPublicStats bool `long:"allow-public-stats" description:"Disable macaroon authentication for stats RPC endpoints."`
+	AllowPublicUniProofCourier bool `long:"allow-public-uni-proof-courier" description:"Disable macaroon authentication for universe proof courier RPC endpoints."`
+	AllowPublicStats           bool `long:"allow-public-stats" description:"Disable macaroon authentication for stats RPC endpoints."`
 
 	RestCORS []string `long:"restcors" description:"Add an ip:port/hostname to allow cross origin access from. To allow all origins, set as \"*\"."`
 
@@ -352,8 +351,7 @@ func DefaultConfig() Config {
 			},
 		},
 		Universe: &UniverseConfig{
-			SyncInterval:       defaultUniverseSyncInterval,
-			AcceptRemoteProofs: defaultAcceptRemoteProofs,
+			SyncInterval: defaultUniverseSyncInterval,
 		},
 	}
 }

diff --git a/tapcfg/server.go b/tapcfg/server.go
@@ -270,12 +270,11 @@ func genServerConfig(cfg *Config, cfgLogger btclog.Logger,
 	})
 
 	return &tap.Config{
-		DebugLevel:                 cfg.DebugLevel,
-		RuntimeID:                  runtimeID,
-		AcceptRemoteUniverseProofs: cfg.Universe.AcceptRemoteProofs,
-		Lnd:                        lndServices,
-		ChainParams:                cfg.ActiveNetParams,
-		ReOrgWatcher:               reOrgWatcher,
+		DebugLevel:   cfg.DebugLevel,
+		RuntimeID:    runtimeID,
+		Lnd:          lndServices,
+		ChainParams:  cfg.ActiveNetParams,
+		ReOrgWatcher: reOrgWatcher,
 		AssetMinter: tapgarden.NewChainPlanter(tapgarden.PlanterConfig{
 			GardenKit: tapgarden.GardenKit{
 				Wallet:      walletAnchor,
@@ -384,22 +383,23 @@ func CreateServerFromConfig(cfg *Config, cfgLogger btclog.Logger,
 	serverCfg.SignalInterceptor = shutdownInterceptor
 
 	serverCfg.RPCConfig = &tap.RPCConfig{
-		LisCfg:            &lnd.ListenerCfg{},
-		RPCListeners:      cfg.rpcListeners,
-		RESTListeners:     cfg.restListeners,
-		GrpcServerOpts:    serverOpts,
-		RestDialOpts:      restDialOpts,
-		RestListenFunc:    restListen,
-		WSPingInterval:    cfg.RpcConf.WSPingInterval,
-		WSPongWait:        cfg.RpcConf.WSPongWait,
-		RestCORS:          cfg.RpcConf.RestCORS,
-		NoMacaroons:       cfg.RpcConf.NoMacaroons,
-		MacaroonPath:      cfg.RpcConf.MacaroonPath,
-		AllowPublicStats:  cfg.RpcConf.AllowPublicStats,
-		LetsEncryptDir:    cfg.RpcConf.LetsEncryptDir,
-		LetsEncryptListen: cfg.RpcConf.LetsEncryptListen,
-		LetsEncryptEmail:  cfg.RpcConf.LetsEncryptEmail,
-		LetsEncryptDomain: cfg.RpcConf.LetsEncryptDomain,
+		LisCfg:                     &lnd.ListenerCfg{},
+		RPCListeners:               cfg.rpcListeners,
+		RESTListeners:              cfg.restListeners,
+		GrpcServerOpts:             serverOpts,
+		RestDialOpts:               restDialOpts,
+		RestListenFunc:             restListen,
+		WSPingInterval:             cfg.RpcConf.WSPingInterval,
+		WSPongWait:                 cfg.RpcConf.WSPongWait,
+		RestCORS:                   cfg.RpcConf.RestCORS,
+		NoMacaroons:                cfg.RpcConf.NoMacaroons,
+		MacaroonPath:               cfg.RpcConf.MacaroonPath,
+		AllowPublicUniProofCourier: cfg.RpcConf.AllowPublicUniProofCourier,
+		AllowPublicStats:           cfg.RpcConf.AllowPublicStats,
+		LetsEncryptDir:             cfg.RpcConf.LetsEncryptDir,
+		LetsEncryptListen:          cfg.RpcConf.LetsEncryptListen,
+		LetsEncryptEmail:           cfg.RpcConf.LetsEncryptEmail,
+		LetsEncryptDomain:          cfg.RpcConf.LetsEncryptDomain,
 	}
 
 	return tap.NewServer(serverCfg), nil