-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
multi: allow LND and subserver whitelisted calls #617
multi: allow LND and subserver whitelisted calls #617
Conversation
8dab4e4
to
d6eb106
Compare
d6eb106
to
7387482
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🎉
When integrating with Can this be addressed in this PR or should I open a separate issue? |
ah! great catch @jamaljsr ! Yeah I think it defs makes sense to add that in this PR. Will do asap 👍 |
7387482
to
e2708fa
Compare
@guggero - apologies, im re-requesting your review cause quite a bit has changed now so that whitelisted calls from other sub-servers are also taken into account |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice, just one small change then we're good to go.
e2708fa
to
14918de
Compare
Thanks @guggero 🎉 updated! |
14918de
to
2222f5a
Compare
2222f5a
to
22bdf79
Compare
@ViktorTigerstrom: review reminder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, very clean PR 🔥🚀!
Just for clarification, I just want to verify as well that it's intentional that the LightningTerminal.Permissions
function won't include any whitelisted urls, as will happen with this PR. That's intended behaviour, correct? I'm asking because I'm not 100% what "permissions for which the external validator of the terminal is responsible." really entails.
Before this commit, LND's State server could not be accessed via Lit's REST server.
Currently `basicAuthToMacaroon` returns a different error for an un-handled URI than is returned for other funcions which first check the permissions manager to see if a URI is handled. With this commit, we ensure that the error returned is the same so that the error we assert on in tests can just be one error.
This commit adds a new `IsWhiteListURL` to the permissions manager. This can then be used by LiT to check if it should perform macaroon validation on a query or not.
Add a new `WhiteListedURLs` method to the `SubServer` interface so that Lit can easily collect the set of permissions from each sub-server that does not require a macaroon.
As far as I can see, |
22bdf79
to
e766e9a
Compare
Ah wait, I realised that I was confused sorry. I interpreted yesterday that Sorry for the confusion :). |
This PR does a few things: