Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Rule sets for Rune creation #257

Merged
merged 6 commits into from
May 20, 2024
Merged

Add Rule sets for Rune creation #257

merged 6 commits into from
May 20, 2024

Conversation

nepet
Copy link
Collaborator

@nepet nepet commented Sep 7, 2023
edited

The goal of this PR is to provide a system that makes it easy and secure to construct runes with certain restrictions. We provide rule sets for common restrictions and combinations of those.

Example from a user perspective:
A user wants to create and hand out a rune to a bookkeeping application (we all have to do taxes eventually):
The application should not be allowed to move funds, neither off-chain nor on-chain but shall be able to read information from the node. A coarse rule set that is easy to understand (or at least human readable) and fulfills the task would be a readonly set that can be used to construct a rune that restricts the owner to read methods.

Example from an application perspective (pairing-protocol)
A Podcast application uses greenlight without a distinct singer. The application wants to be authorized for a direct debit of max 1000 sat per week
During the pairing-process the application would request a rune that is restricted to pay max amt sat per delta_time via the rule rate(amt, delta_time) that the user can then confirm or reject.

Tasks:

  • Add rune factory
  • Add exemplary set of rules
    • readonly
    • pay
    • disjunct set
  • Check runes on signer
  • Bindings for the rules and the factory

Rules (incomplete, loose ideas):

  • only off-chain
  • only on-chain
  • rate limiting (amt, time, amt/time)
  • one-time-rune (n-times)
  • time-restricted (until date)

We do not have to implement every rule from the beginning but I am starting with a hand full of rule sets and recipes to ensure that our approach is modular enough.

@nepet nepet force-pushed the 202309-rune-restrictions branch 2 times, most recently from 9e72e1b to dbd75e1 Compare September 10, 2023 16:18
@nepet nepet marked this pull request as ready for review September 30, 2023 13:05
@nepet
Copy link
Collaborator Author

nepet commented Sep 30, 2023

Main tasks are done.
We still need to define an initial signer context that we check against a rune
From CLN: ("method", "rate" (needs to persist), "time", "pnum", "pnameX", "parrN", "pubkey")

@nepet nepet changed the base branch from 202306-add-runes to 202310-cleanup-runes November 10, 2023 16:01
Base automatically changed from 202310-cleanup-runes to main-0.2 November 21, 2023 12:21
@cdecker
Copy link
Collaborator

cdecker commented Jan 8, 2024

Rebased on top of for merging.

@cdecker
Copy link
Collaborator

cdecker commented Jan 8, 2024

Rebased on top of main-0.2 for merging.

@cdecker cdecker force-pushed the main-0.2 branch 2 times, most recently from 737acd9 to 5a5618a Compare March 6, 2024 16:33
Base automatically changed from main-0.2 to main March 6, 2024 17:01
@Randy808 Randy808 requested review from cdecker, Randy808 and ErikDeSmedt and removed request for cdecker and Randy808 May 7, 2024 14:22
@Randy808
Copy link
Collaborator

Randy808 commented May 7, 2024

I like the idea but it's hard to see the changes introduced in this branch without a rebase

ErikDeSmedt
ErikDeSmedt reviewed May 8, 2024
View reviewed changes
libs/gl-client-py/glclient/__init__.py Outdated
@@ -55,6 +55,9 @@ def shutdown(self) -> None:
self.handle.shutdown()
self.handle = None

def create_rune(self, restrictions: List[List[str]], rune: Optional[str] = None) -> str:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a doc-string that describes how to add a restriction?
I fail to understand why this should be a List[List[str]] and not a List[str]

docs/src/reference/creds.md Outdated Show resolved Hide resolved
@nepet nepet force-pushed the 202309-rune-restrictions branch 2 times, most recently from 47e046c to 1e296c5 Compare May 9, 2024 12:35
Randy808
Randy808 previously approved these changes May 13, 2024
View reviewed changes
@cdecker
Copy link
Collaborator

cdecker commented May 16, 2024

I think this is good to go, but it needs fixing of the tests.
@nepet please fix them up and then we'll merge this asap, it's been pending for a while now.

nepet added 4 commits May 17, 2024 17:37
@nepet
runes: Add RuneFactory to carve runes rule sets
ade3af2 
We need  a modular approach to create new runes with additional
restrictions from a base rune. For the ease of use we want to provide
predefined rule sets that hold the recipes for the corresponding
restrictions, e.g a 'readonly' rule that produces a restriction that
only allows for reading operations.

- Added a `RuneFactory` that centralizes utilities to carve (create)
  runes using entities that implement the `Restricter` trait. It comes
  with a `carve` method that appends restrictions from `Restricter`s to
  a base rune.

- Added a `DefRules` enum that provides predefined rule sets and holds
  recipes how to generate the corresponding restrictions. `DefRules`
  implements the `Restricter` trait.

Signed-off-by: Peter Neuroth <pet.v.ne@gmail.com>
@nepet
runes: Implement Display trait for DefRules
e6b9400 
It seems handy to be able to print the rule set at least for debugging
purposes.

Signed-off-by: Peter Neuroth <pet.v.ne@gmail.com>
@nepet
runes: Introduce Check for request context
dd15e95 
We introduce a Context struct that holds data relevant to a signing
request and that we want to check against a rune. The struct currently
checks the following informations:
-method: the rpc method
-pubkey: the pubkey that was used to sign the request
-time: the timestamp that was part of the rune. (this way we COULD
create a rune per command that times out after a certain time)

Signed-off-by: Peter Neuroth <pet.v.ne@gmail.com>
@nepet
signer: Add rune check to the signer
19fe4f0 
We create a context now and check the context agains the rune.

Signed-off-by: Peter Neuroth <pet.v.ne@gmail.com>
@nepet nepet force-pushed the 202309-rune-restrictions branch from 1e296c5 to 19fe4f0 Compare May 17, 2024 16:59
@nepet
py: Add listpeerchannels to python bindings
db2d511 
The channels array returned by the rpc call `listpeers` is optional and
has been deprecated with v23.02 and will be removed after v24.02

Signed-off-by: Peter Neuroth <pet.v.ne@gmail.com>
@nepet nepet force-pushed the 202309-rune-restrictions branch from 556e593 to db2d511 Compare May 19, 2024 19:48
@nepet
tests: Replace rpc call to fetch peer channels
7b3621e 
Replace list_peers().channel (which is optional)  with
list_peer_channels().

Signed-off-by: Peter Neuroth <pet.v.ne@gmail.com>
@Randy808 Randy808 merged commit e0162d2 into main May 20, 2024
19 checks passed
@Randy808 Randy808 deleted the 202309-rune-restrictions branch May 20, 2024 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ErikDeSmedt ErikDeSmedt ErikDeSmedt left review comments

@Randy808 Randy808 Randy808 approved these changes

@cdecker cdecker Awaiting requested review from cdecker

Assignees

@cdecker cdecker

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nepet @cdecker @Randy808 @ErikDeSmedt