rules

package
v0.15.1-alpha.rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 15, 2025 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const ChanConstraintName = "channel-constraint"

ChanConstraintName is the string identifier of the ChannelConstraint rule.

View Source 
const ChanPolicyBoundsName = "channel-policy-bounds"

ChanPolicyBoundsName is the string identifier of the ChanPolicyBounds rule.

View Source 
const ChannelRestrictName = "channel-restriction"

ChannelRestrictName is the string identifier of the ChannelRestrict rule.

View Source 
const HistoryLimitName = "history-limit"

HistoryLimitName is the string identifier of the HistoryLimit rule.

View Source 
const LndConnIdLen = 16

LndConnIdLen is the length of the random connection ID used to create unique request identifiers.

View Source 
const (
	// OnChainBudgetName is the string identifier of the OnChainBudgetMgr
	// rule.
	OnChainBudgetName = "on-chain-budget"
)
View Source 
const PeersRestrictName = "peer-restriction"

PeersRestrictName is the string identifier of the PeerRestrict rule.

View Source 
const RateLimitName = "rate-limit"

RateLimitName is the string identifier of the RateLimitMgr values.

View Source 
const Subsystem = "RULE"

Variables

View Source 
var ErrUnknownRule = fmt.Errorf("unknown rule")

ErrUnknownRule indicates that LiT is unaware of a values name.

Functions

func Marshal 

func Marshal(v Values) ([]byte, error)

Marshal converts the rule Values to a json byte slice.

func UseLogger 

func UseLogger(logger btclog.Logger)

UseLogger uses a specified Logger to output package logging info. This should be used in preference to SetLogWriter if the caller is also using btclog.

Types

type ChanConstraintMgr 

type ChanConstraintMgr struct{}

ChanConstraintMgr manages the ChannelConstraint rule.

func (*ChanConstraintMgr) EmptyValue 

func (m *ChanConstraintMgr) EmptyValue() Values

EmptyValue returns a new instance of ChannelConstraint.

NOTE: This is part of the Manager interface.

func (*ChanConstraintMgr) NewEnforcer 

func (m *ChanConstraintMgr) NewEnforcer(_ context.Context, _ Config,
	values Values) (Enforcer, error)

NewEnforcer constructs a new ChannelConstraint rule enforcer using the passed values and config.

NOTE: This is part of the Manager interface.

func (*ChanConstraintMgr) NewValueFromProto 

func (m *ChanConstraintMgr) NewValueFromProto(value *litrpc.RuleValue) (Values,
	error)

NewValueFromProto converts the given proto value into a ChannelConstraint Value object.

NOTE: This is part of the Manager interface.

func (*ChanConstraintMgr) Stop 

func (m *ChanConstraintMgr) Stop() error

Stop cleans up the resources held by the manager.

NOTE: This is part of the Manager interface.

type ChanOpenReq 

type ChanOpenReq interface {
	GetLocalFundingAmount() int64
	GetPushSat() int64
	GetCloseAddress() string
	GetPrivate() bool
	GetNodePubkey() []byte
	GetBaseFee() uint64
	GetUseBaseFee() bool
	GetFeeRate() uint64
	GetUseFeeRate() bool
	GetMinHtlcMsat() int64
}

ChanOpenReq represents either a BatchOpenChannel or OpenChannelRequest.

type ChanPolicyBounds 

type ChanPolicyBounds struct {
	// MinBaseMsat is the minimum base fee in msat that can set for a
	// channel.
	MinBaseMsat uint64 `json:"min_base_msat"`

	// MaxBaseMsat is the maximum base fee in msat that can set for a
	// channel.
	MaxBaseMsat uint64 `json:"max_base_msat"`

	// MinRatePPM is the minimum ppm fee in msat that can be set for a
	// channel.
	MinRatePPM uint32 `json:"min_rate_ppm"`

	// MaxRatePPM is the maximum ppm fee in msat that can be set for a
	// channel.
	MaxRatePPM uint32 `json:"max_rate_ppm"`

	// MinCLTVDelta is the minimum cltv delta that may set for a channel.
	MinCLTVDelta uint32 `json:"min_cltv_delta"`

	// MaxCLTVDelta is the maximum cltv delta that may set for a channel.
	MaxCLTVDelta uint32 `json:"max_cltv_delta"`

	// MinHtlcMsat is the minimum htlc size msat that may set for a channel.
	MinHtlcMsat uint64 `json:"min_htlc_msat"`

	// MaxHtlcMsat is the maximum htlc size in msat that may be set for a
	// channel.
	MaxHtlcMsat uint64 `json:"max_htlc_msat"`
}

ChanPolicyBounds represents the channel policy bounds rule.

func (*ChanPolicyBounds) HandleErrorResponse 

func (f *ChanPolicyBounds) HandleErrorResponse(_ context.Context, _ string,
	_ error) (error, error)

HandleErrorResponse handles and possible alters an error. This is a noop for the ChanPolicyBounds rule.

NOTE: this is part of the Enforcer interface.

func (*ChanPolicyBounds) HandleRequest 

func (f *ChanPolicyBounds) HandleRequest(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleRequest checks the validity of a request using the ChanPolicyBounds rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Enforcer interface.

func (*ChanPolicyBounds) HandleResponse 

func (f *ChanPolicyBounds) HandleResponse(_ context.Context, _ string,
	_ proto.Message) (proto.Message, error)

HandleResponse handles and possible alters a response. This is a noop for the ChanPolicyBounds rule.

NOTE: this is part of the Enforcer interface.

func (*ChanPolicyBounds) PseudoToReal 

func (f *ChanPolicyBounds) PseudoToReal(_ context.Context,
	_ firewalldb.PrivacyMapDB, _ session.PrivacyFlags) (Values, error)

PseudoToReal attempts to convert any appropriate pseudo fields in the rule Values to their corresponding real values. It uses the passed PrivacyMapDB to find the real values. This is a no-op for the ChanPolicyBounds rule.

NOTE: this is part of the Values interface.

func (*ChanPolicyBounds) RealToPseudo 

func (f *ChanPolicyBounds) RealToPseudo(_ context.Context,
	_ firewalldb.PrivacyMapReader, _ session.PrivacyFlags) (Values,
	map[string]string, error)

RealToPseudo converts the rule Values to a new one that uses pseudo keys, channel IDs, channel points etc. It returns a map of real to pseudo strings that should be persisted. This is a no-op for the ChanPolicyBounds rule.

NOTE: this is part of the Values interface.

func (*ChanPolicyBounds) RuleName 

func (f *ChanPolicyBounds) RuleName() string

RuleName returns the name of the rule that these values are to be used with.

NOTE: this is part of the Values interface.

func (*ChanPolicyBounds) ToProto 

func (f *ChanPolicyBounds) ToProto() *litrpc.RuleValue

ToProto converts the rule Values to the litrpc counterpart.

NOTE: this is part of the Values interface.

func (*ChanPolicyBounds) VerifySane 

func (f *ChanPolicyBounds) VerifySane(minVal, maxVal Values) error

VerifySane checks that the value of the values is ok given the min and max allowed values.

NOTE: this is part of the Values interface.

type ChanPolicyBoundsMgr 

type ChanPolicyBoundsMgr struct{}

ChanPolicyBoundsMgr manages the ChanPolicyBounds rule.

func (*ChanPolicyBoundsMgr) EmptyValue 

func (b *ChanPolicyBoundsMgr) EmptyValue() Values

EmptyValue returns a new instance of ChanPolicyBounds.

NOTE: This is part of the Manager interface.

func (*ChanPolicyBoundsMgr) NewEnforcer 

func (b *ChanPolicyBoundsMgr) NewEnforcer(_ context.Context, _ Config,
	values Values) (Enforcer, error)

NewEnforcer constructs a new ChanPolicyBounds rule enforcer using the passed values and config.

NOTE: This is part of the Manager interface.

func (*ChanPolicyBoundsMgr) NewValueFromProto 

func (b *ChanPolicyBoundsMgr) NewValueFromProto(value *litrpc.RuleValue) (
	Values, error)

NewValueFromProto converts the given proto value into a ChanPolicyBounds Value object.

NOTE: This is part of the Manager interface.

func (*ChanPolicyBoundsMgr) Stop 

func (b *ChanPolicyBoundsMgr) Stop() error

Stop cleans up the resources held by the manager.

NOTE: This is part of the Manager interface.

type ChannelConstraint 

type ChannelConstraint struct {
	// MinCapacitySat is the minimum capacity in sat that can be set for a
	// channel's capacity.
	MinCapacitySat uint64 `json:"min_capacity_msat"`

	// MaxCapacitySat is the maximum capacity in sat that can be set for a
	// channel's capacity.
	MaxCapacitySat uint64 `json:"max_capacity_msat"`

	// MaxPushSat is the maximum push amount in satoshis that can be set for
	// channel opening.
	MaxPushSat uint64 `json:"max_push_sat"`

	// PrivateAllowed indicates that the constraint allow private channels.
	PrivateAllowed bool `json:"private_allowed"`

	// PublicAllowed indicates that the constraint allow public channels.
	PublicAllowed bool `json:"public_allowed"`
}

ChannelConstraint represents the channel opening constraint rule.

func (*ChannelConstraint) HandleErrorResponse 

func (e *ChannelConstraint) HandleErrorResponse(_ context.Context, _ string,
	err error) (error, error)

HandleErrorResponse handles and possible alters an error. This is a noop for the ChannelConstraint rule.

NOTE: this is part of the Enforcer interface.

func (*ChannelConstraint) HandleRequest 

func (e *ChannelConstraint) HandleRequest(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleRequest checks the validity of a request using the ChannelConstraint rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Enforcer interface.

func (*ChannelConstraint) HandleResponse 

func (e *ChannelConstraint) HandleResponse(_ context.Context, _ string,
	msg proto.Message) (proto.Message, error)

HandleResponse handles and possible alters a response. This is a noop for the ChannelConstraint rule.

NOTE: this is part of the Enforcer interface.

func (*ChannelConstraint) PseudoToReal 

func (v *ChannelConstraint) PseudoToReal(_ context.Context,
	_ firewalldb.PrivacyMapDB, _ session.PrivacyFlags) (Values, error)

PseudoToReal attempts to convert any appropriate pseudo fields in the rule Values to their corresponding real values. It uses the passed PrivacyMapDB to find the real values. This is a no-op for the ChannelConstraint rule.

NOTE: this is part of the Values interface.

func (*ChannelConstraint) RealToPseudo 

func (v *ChannelConstraint) RealToPseudo(_ context.Context,
	_ firewalldb.PrivacyMapReader, _ session.PrivacyFlags) (Values,
	map[string]string, error)

RealToPseudo converts the rule Values to a new one that uses pseudo keys, channel IDs, channel points etc. It returns a map of real to pseudo strings that should be persisted. This is a no-op for the ChannelConstraint rule.

NOTE: this is part of the Values interface.

func (*ChannelConstraint) RuleName 

func (v *ChannelConstraint) RuleName() string

RuleName returns the name of the rule that these values are to be used with.

NOTE: this is part of the Values interface.

func (*ChannelConstraint) ToProto 

func (v *ChannelConstraint) ToProto() *litrpc.RuleValue

ToProto converts the rule Values to the litrpc counterpart.

NOTE: this is part of the Values interface.

func (*ChannelConstraint) VerifySane 

func (v *ChannelConstraint) VerifySane(minVal, maxVal Values) error

VerifySane checks that the value of the values is ok given the min and max allowed values.

NOTE: this is part of the Values interface.

type ChannelRestrict 

type ChannelRestrict struct {
	// DenyList is a list of SCIDs that should not be acted upon by
	// any call.
	DenyList []uint64 `json:"channel_deny_list"`
}

ChannelRestrict is a rule prevents calls from acting upon a given set of channels.

func (*ChannelRestrict) PseudoToReal 

func (c *ChannelRestrict) PseudoToReal(ctx context.Context,
	db firewalldb.PrivacyMapDB, flags session.PrivacyFlags) (Values,
	error)

PseudoToReal assumes that the deny-list contains pseudo channel IDs and uses these to check the privacy map db for the corresponding real channel IDs. It constructs a new ChannelRestrict instance with these real channel IDs.

NOTE: this is part of the Values interface.

func (*ChannelRestrict) RealToPseudo 

func (c *ChannelRestrict) RealToPseudo(_ context.Context,
	db firewalldb.PrivacyMapReader,
	flags session.PrivacyFlags) (Values, map[string]string, error)

RealToPseudo converts all the real channel IDs into pseudo IDs. It returns a map of any new real to pseudo strings that should be persisted that it did not find in the given PrivacyMapReader.

NOTE: this is part of the Values interface.

func (*ChannelRestrict) RuleName 

func (c *ChannelRestrict) RuleName() string

RuleName returns the name of the rule that these values are to be used with.

NOTE: this is part of the Values interface.

func (*ChannelRestrict) ToProto 

func (c *ChannelRestrict) ToProto() *litrpc.RuleValue

ToProto converts the rule Values to the litrpc counterpart.

NOTE: this is part of the Values interface.

func (*ChannelRestrict) VerifySane 

func (c *ChannelRestrict) VerifySane(_, _ Values) error

VerifySane checks that the value of the values is ok given the min and max allowed values. This is a noop for the ChannelRestrict rule.

NOTE: this is part of the Values interface.

type ChannelRestrictEnforcer 

type ChannelRestrictEnforcer struct {
	*ChannelRestrict
	// contains filtered or unexported fields
}

ChannelRestrictEnforcer enforces requests and responses against a ChannelRestrict rule.

func (*ChannelRestrictEnforcer) HandleErrorResponse 

func (c *ChannelRestrictEnforcer) HandleErrorResponse(_ context.Context,
	_ string, _ error) (error, error)

HandleErrorResponse handles and possible alters an error. This is a noop for the ChannelRestrict rule.

NOTE: this is part of the Enforcer interface.

func (*ChannelRestrictEnforcer) HandleRequest 

func (c *ChannelRestrictEnforcer) HandleRequest(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleRequest checks the validity of a request using the ChannelRestrict rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Enforcer interface.

func (*ChannelRestrictEnforcer) HandleResponse 

func (c *ChannelRestrictEnforcer) HandleResponse(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleResponse handles a response using the ChannelRestrict rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Enforcer interface.

type ChannelRestrictMgr 

type ChannelRestrictMgr struct {
	// contains filtered or unexported fields
}

ChannelRestrictMgr manages the ChannelRestrict rule.

func NewChannelRestrictMgr 

func NewChannelRestrictMgr() *ChannelRestrictMgr

NewChannelRestrictMgr constructs a new instance of a ChannelRestrictMgr.

func (*ChannelRestrictMgr) EmptyValue 

func (c *ChannelRestrictMgr) EmptyValue() Values

EmptyValue returns a new ChannelRestrict instance.

NOTE: This is part of the Manager interface.

func (*ChannelRestrictMgr) NewEnforcer 

func (c *ChannelRestrictMgr) NewEnforcer(ctx context.Context, cfg Config,
	values Values) (Enforcer, error)

NewEnforcer constructs a new ChannelRestrict rule enforcer using the passed values and config.

NOTE: This is part of the Manager interface.

func (*ChannelRestrictMgr) NewValueFromProto 

func (c *ChannelRestrictMgr) NewValueFromProto(v *litrpc.RuleValue) (Values,
	error)

NewValueFromProto converts the given proto value into a ChannelRestrict Value object.

NOTE: This is part of the Manager interface.

func (*ChannelRestrictMgr) Stop 

func (c *ChannelRestrictMgr) Stop() error

Stop cleans up the resources held by the manager.

NOTE: This is part of the Manager interface.

type Config 

type Config interface {
	// GetStores can be used to get access to methods that can be used to
	// perform atomic transactions on permanent and temporary local and
	// global kv stores.
	GetStores() firewalldb.KVStores

	// GetActionsDB can be used by rules to list any past actions that were
	// made for the specific session or feature.
	GetActionsDB() firewalldb.ActionsListDB

	// GetMethodPerms returns a map that contains URIs and the permissions
	// required to use them.
	GetMethodPerms() func(string) ([]bakery.Op, bool)

	// GetNodePubKey returns the node ID of the lnd node.
	GetNodePubKey() [33]byte

	// GetRouterClient returns an lnd router client.
	GetRouterClient() lndclient.RouterClient

	// GetReqID is the request ID of the call being evaluated. This can be
	// used to link a request with a response.
	GetReqID() int64

	// GetLndConnID returns the unique identifier for the lnd connection.
	GetLndConnID() string

	// GetLndClient returns an lnd client.
	GetLndClient() lndclient.LightningClient
}

Config encompasses all the possible configuration items that could be required by the various rules.

type ConfigImpl 

type ConfigImpl struct {
	// GetStores provides access to methods that can be used to perform
	// atomic transactions on permanent and temporary local and global
	// kv stores.
	Stores firewalldb.KVStores

	// ActionsDB can be used by rules to list any past actions that were
	// made for the specific session or feature.
	ActionsDB firewalldb.ActionsListDB

	// MethodPerms is a function that can be used to fetch the permissions
	// required for a URI.
	MethodPerms func(string) ([]bakery.Op, bool)

	// NodeID is the pub key of the lnd node.
	NodeID [33]byte

	// RouterClient is an lnd router client.
	RouterClient lndclient.RouterClient

	// ReqID is the request ID of the call being evaluated. This can be used
	// to link a request with a response.
	ReqID int64

	// LndConnID is the unique identifier for the lnd connection.
	LndConnID string

	// LndClient is a connection to the Lit node's LND node.
	LndClient lndclient.LightningClient
}

ConfigImpl is an implementation of the Config interface.

func (*ConfigImpl) GetActionsDB 

func (c *ConfigImpl) GetActionsDB() firewalldb.ActionsListDB

GetActionsDB returns the list of past actions.

func (*ConfigImpl) GetLndClient 

func (c *ConfigImpl) GetLndClient() lndclient.LightningClient

GetLndClient returns an lnd client.

func (*ConfigImpl) GetLndConnID 

func (c *ConfigImpl) GetLndConnID() string

GetLndConnID returns the unique identifier for the lnd connection to create unique request ids per lnd runtime.

func (*ConfigImpl) GetMethodPerms 

func (c *ConfigImpl) GetMethodPerms() func(string) ([]bakery.Op, bool)

GetMethodPerms returns a function that can be used to fetch the permissions of a URI.

func (*ConfigImpl) GetNodePubKey 

func (c *ConfigImpl) GetNodePubKey() [33]byte

GetNodePubKey returns the node ID for the lnd node.

func (*ConfigImpl) GetReqID 

func (c *ConfigImpl) GetReqID() int64

GetReqID returns the request ID of the request or response being evaluated.

func (*ConfigImpl) GetRouterClient 

func (c *ConfigImpl) GetRouterClient() lndclient.RouterClient

GetRouterClient returns an lnd router client.

func (*ConfigImpl) GetStores 

func (c *ConfigImpl) GetStores() firewalldb.KVStores

type Enforcer 

type Enforcer interface {
	// HandleRequest checks the validity of a request and possibly edits it.
	HandleRequest(ctx context.Context, uri string,
		protoMsg proto.Message) (proto.Message, error)

	// HandleResponse handles and possibly alters a response.
	HandleResponse(ctx context.Context, uri string,
		protoMsg proto.Message) (proto.Message, error)

	// HandleErrorResponse handles and possibly alters a response error.
	HandleErrorResponse(ctx context.Context, uri string, err error) (error,
		error)
}

Enforcer is the interface that any firewall rule enforcer must implement. An enforcer accepts, rejects, and possible alters an RPC proto message for a specific URI.

type HistoryLimit 

type HistoryLimit struct {
	StartDate time.Time     `json:"start_date,omitempty"`
	Duration  time.Duration `json:"duration,omitempty"`
}

HistoryLimit represents the history-limit values.

func (*HistoryLimit) GetStartDate 

func (h *HistoryLimit) GetStartDate() time.Time

GetStartDate is a helper function that determines the start date of the values given if a start date is set or a max duration is given.

func (*HistoryLimit) HandleErrorResponse 

func (h *HistoryLimit) HandleErrorResponse(_ context.Context, _ string,
	_ error) (error, error)

HandleErrorResponse handles and possible alters an error. This is a noop for the HistoryLimit rule.

NOTE: this is part of the Enforcer interface.

func (*HistoryLimit) HandleRequest 

func (h *HistoryLimit) HandleRequest(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleRequest checks the validity of a request using the HistoryLimit rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Rule interface.

func (*HistoryLimit) HandleResponse 

func (h *HistoryLimit) HandleResponse(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleResponse handles a response using the HistoryLimit rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Rule interface.

func (*HistoryLimit) PseudoToReal 

func (h *HistoryLimit) PseudoToReal(_ context.Context,
	_ firewalldb.PrivacyMapDB, _ session.PrivacyFlags) (Values, error)

PseudoToReal attempts to convert any appropriate pseudo fields in the rule Values to their corresponding real values. It uses the passed PrivacyMapDB to find the real values. This is a no-op for the HistoryLimit rule.

NOTE: this is part of the Values interface.

func (*HistoryLimit) RealToPseudo 

func (h *HistoryLimit) RealToPseudo(_ context.Context,
	_ firewalldb.PrivacyMapReader, _ session.PrivacyFlags) (Values,
	map[string]string, error)

RealToPseudo converts the rule Values to a new one that uses pseudo keys, channel IDs, channel points etc. It returns a map of real to pseudo strings that should be persisted. This is a no-op for the HistoryLimit rule.

NOTE: this is part of the Values interface.

func (*HistoryLimit) RuleName 

func (h *HistoryLimit) RuleName() string

RuleName returns the name of the rule that these values are to be used with.

NOTE: this is part of the Values interface.

func (*HistoryLimit) ToProto 

func (h *HistoryLimit) ToProto() *litrpc.RuleValue

ToProto converts the rule Values to the litrpc counterpart.

NOTE: this is part of the Values interface.

func (*HistoryLimit) VerifySane 

func (h *HistoryLimit) VerifySane(minVal, _ Values) error

VerifySane checks that the value of the values is ok given the min and max allowed values.

NOTE: this is part of the Values interface.

type HistoryLimitMgr 

type HistoryLimitMgr struct{}

HistoryLimitMgr manages the History limit rule.

func (*HistoryLimitMgr) EmptyValue 

func (h *HistoryLimitMgr) EmptyValue() Values

EmptyValue returns a new HistoryLimit instance.

NOTE: This is part of the Manager interface.

func (*HistoryLimitMgr) NewEnforcer 

func (h *HistoryLimitMgr) NewEnforcer(_ context.Context, _ Config,
	values Values) (Enforcer, error)

NewEnforcer constructs a new HistoryLimit rule enforcer using the passed values and config.

NOTE: This is part of the Manager interface.

func (*HistoryLimitMgr) NewValueFromProto 

func (h *HistoryLimitMgr) NewValueFromProto(v *litrpc.RuleValue) (Values,
	error)

NewValueFromProto converts the given proto value into a HistoryLimit Value object.

NOTE: This is part of the Manager interface.

func (*HistoryLimitMgr) Stop 

func (h *HistoryLimitMgr) Stop() error

Stop cleans up the resources held by the manager.

NOTE: This is part of the Manager interface.

type Manager 

type Manager interface {
	// NewEnforcer constructs a new rule enforcer using the passed values
	// and config.
	NewEnforcer(ctx context.Context, cfg Config, values Values) (Enforcer,
		error)

	// NewValueFromProto converts the given proto value into a Value object.
	NewValueFromProto(p *litrpc.RuleValue) (Values, error)

	// EmptyValue returns a new Values instance of the type that this
	// Manager handles.
	EmptyValue() Values

	// Stop cleans up the resources held by the manager.
	Stop() error
}

Manager is the interface that any firewall rule managers will need to implement. A rule Manager is used to construct a rule Enforcer or rule Values.

type ManagerSet 

type ManagerSet map[string]Manager

ManagerSet is a map from a rule name to a rule Manager.

func NewRuleManagerSet 

func NewRuleManagerSet() ManagerSet

NewRuleManagerSet creates a new map of the supported rule ManagerSet.

func (ManagerSet) GetAllRules 

func (m ManagerSet) GetAllRules() map[string]bool

GetAllRules returns a map of names of all the rules supported by rule ManagerSet.

func (ManagerSet) InitEnforcer 

func (m ManagerSet) InitEnforcer(ctx context.Context, cfg Config, name string,
	values Values) (Enforcer, error)

InitEnforcer gets the appropriate rule Manager for the given name and uses it to create an appropriate rule Enforcer.

func (ManagerSet) InitRuleValues 

func (m ManagerSet) InitRuleValues(name string, valueBytes []byte) (Values,
	error)

InitRuleValues can be used to construct a Values object given raw rule value bytes along with the name of the appropriate rule.

func (ManagerSet) Stop 

func (m ManagerSet) Stop() error

Stop stops all the managers in the set.

func (ManagerSet) UnmarshalRuleValues 

func (m ManagerSet) UnmarshalRuleValues(name string, proto *litrpc.RuleValue) (
	Values, error)

UnmarshalRuleValues identifies the appropriate rule Manager based on the given rule name and uses that to parse the proto value into a Value object.

type OnChainBudget 

type OnChainBudget struct {
	AbsoluteAmtSats uint64 `json:"absolute_amt_sats"`
	MaxSatPerVByte  uint64 `json:"max_sat_per_v_byte"`
}

OnChainBudget are the static values that determine the on-chain budget.

func (*OnChainBudget) PseudoToReal 

func (o *OnChainBudget) PseudoToReal(_ context.Context,
	_ firewalldb.PrivacyMapDB, _ session.PrivacyFlags) (Values, error)

PseudoToReal attempts to convert any appropriate pseudo fields in the rule Values to their corresponding real values. It uses the passed PrivacyMapDB to find the real values. This is a no-op for the OnChainBudget rule.

NOTE: this is part of the Values interface.

func (*OnChainBudget) RealToPseudo 

func (o *OnChainBudget) RealToPseudo(_ context.Context,
	_ firewalldb.PrivacyMapReader, _ session.PrivacyFlags) (Values,
	map[string]string, error)

RealToPseudo converts the rule Values to a new one that uses pseudo keys, channel IDs, channel points etc. It returns a map of real to pseudo strings that should be persisted. This is a no-op for the OnChainBudget rule.

NOTE: this is part of the Values interface.

func (*OnChainBudget) RuleName 

func (o *OnChainBudget) RuleName() string

RuleName returns the name of the rule that these values are to be used with.

NOTE: this is part of the Values interface.

func (*OnChainBudget) ToProto 

func (o *OnChainBudget) ToProto() *litrpc.RuleValue

ToProto converts the rule Values to the litrpc counterpart.

NOTE: this is part of the Values interface.

func (*OnChainBudget) VerifySane 

func (o *OnChainBudget) VerifySane(minVal, _ Values) error

VerifySane checks that the value of the values is ok given the min and max allowed values.

NOTE: this is part of the Values interface.

type OnChainBudgetEnforcer 

type OnChainBudgetEnforcer struct {
	*OnChainBudget
	*OnChainBudgetMgr
	// contains filtered or unexported fields
}

OnChainBudgetEnforcer enforces requests and responses against a OnChainBudget rule.

func (*OnChainBudgetEnforcer) HandleErrorResponse 

func (o *OnChainBudgetEnforcer) HandleErrorResponse(ctx context.Context,
	uri string, respErr error) (error, error)

HandleErrorResponse handles and possible alters an error. This can be used to roll back any budget changes made by the request.

NOTE: this is part of the Enforcer interface.

func (*OnChainBudgetEnforcer) HandleRequest 

func (o *OnChainBudgetEnforcer) HandleRequest(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleRequest checks the validity of a request using the OnChainBudgetMgr rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Rule interface.

func (*OnChainBudgetEnforcer) HandleResponse 

func (o *OnChainBudgetEnforcer) HandleResponse(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleResponse handles and possible alters a response.

NOTE: this is part of the Rule interface.

type OnChainBudgetMgr 

type OnChainBudgetMgr struct {
	// The mutex is used to ensure that only one Enforcer created by the
	// manager can run the HandleRequest and HandleResponse functions at
	// any given time. This prevents db entry race conditions.
	sync.Mutex
}

OnChainBudgetMgr manages the OnChainBudget rule. See docs/onchain_budget.md for more information on the rule.

func (*OnChainBudgetMgr) EmptyValue 

func (o *OnChainBudgetMgr) EmptyValue() Values

EmptyValue returns a new instance of OnChainBudget.

NOTE: This is part of the Manager interface.

func (*OnChainBudgetMgr) NewEnforcer 

func (o *OnChainBudgetMgr) NewEnforcer(_ context.Context, cfg Config,
	values Values) (Enforcer, error)

NewEnforcer constructs a new OnChainBudgetEnforcer rule enforcer using the passed values and config.

NOTE: This is part of the Manager interface.

func (*OnChainBudgetMgr) NewValueFromProto 

func (o *OnChainBudgetMgr) NewValueFromProto(v *litrpc.RuleValue) (Values,
	error)

NewValueFromProto converts the given proto value into a OnChainBudget Values object.

NOTE: This is part of the Manager interface.

func (*OnChainBudgetMgr) Stop 

func (o *OnChainBudgetMgr) Stop() error

Stop cleans up the resources held by the manager.

NOTE: This is part of the Manager interface.

type PeerRestrict 

type PeerRestrict struct {
	// DenyList is a list of peer ids that should not be acted upon by any
	// call.
	DenyList []string `json:"peer_deny_list"`
}

PeerRestrict is a rule prevents calls from acting upon a given set of peers.

func (*PeerRestrict) PseudoToReal 

func (c *PeerRestrict) PseudoToReal(ctx context.Context,
	db firewalldb.PrivacyMapDB, flags session.PrivacyFlags) (Values,
	error)

PseudoToReal assumes that the deny-list contains pseudo peer IDs and uses these to check the privacy map db for the corresponding real peer IDs. It constructs a new PeerRestrict instance with these real peer IDs.

NOTE: this is part of the Values interface.

func (*PeerRestrict) RealToPseudo 

func (c *PeerRestrict) RealToPseudo(_ context.Context,
	db firewalldb.PrivacyMapReader,
	flags session.PrivacyFlags) (Values, map[string]string, error)

RealToPseudo converts all the real peer IDs into pseudo IDs. It returns a map of any new real to pseudo strings that should be persisted that it did not find in the given PrivacyMapReader.

NOTE: this is part of the Values interface.

func (*PeerRestrict) RuleName 

func (c *PeerRestrict) RuleName() string

RuleName returns the name of the rule that these values are to be used with.

NOTE: this is part of the Values interface.

func (*PeerRestrict) ToProto 

func (c *PeerRestrict) ToProto() *litrpc.RuleValue

ToProto converts the rule Values to the litrpc counterpart.

NOTE: this is part of the Values interface.

func (*PeerRestrict) VerifySane 

func (c *PeerRestrict) VerifySane(_, _ Values) error

VerifySane checks that the value of the values is ok given the min and max allowed values. This is a noop for the PeerRestrict rule.

NOTE: this is part of the Values interface.

type PeerRestrictEnforcer 

type PeerRestrictEnforcer struct {
	*PeerRestrict
	// contains filtered or unexported fields
}

PeerRestrictEnforcer enforces requests and responses against a PeerRestrict rule.

func (*PeerRestrictEnforcer) HandleErrorResponse 

func (c *PeerRestrictEnforcer) HandleErrorResponse(_ context.Context,
	_ string, _ error) (error, error)

HandleErrorResponse handles and possible alters an error. This is a noop for the PeerRestrict rule.

NOTE: this is part of the Enforcer interface.

func (*PeerRestrictEnforcer) HandleRequest 

func (c *PeerRestrictEnforcer) HandleRequest(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleRequest checks the validity of a request using the PeerRestrict rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Enforcer interface.

func (*PeerRestrictEnforcer) HandleResponse 

func (c *PeerRestrictEnforcer) HandleResponse(ctx context.Context, uri string,
	msg proto.Message) (proto.Message, error)

HandleResponse handles a response using the PeerRestrict rpcmiddleware.RoundTripCheckers.

NOTE: this is part of the Enforcer interface.

type PeerRestrictMgr 

type PeerRestrictMgr struct {
	// contains filtered or unexported fields
}

PeerRestrictMgr manages the PeerRestrict rule.

func NewPeerRestrictMgr 

func NewPeerRestrictMgr() *PeerRestrictMgr

NewPeerRestrictMgr constructs a new PeerRestrictMgr.

func (*PeerRestrictMgr) EmptyValue 

func (c *PeerRestrictMgr) EmptyValue() Values

EmptyValue returns a new PeerRestrict instance.

NOTE: This is part of the Manager interface.

func (*PeerRestrictMgr) NewEnforcer 

func (c *PeerRestrictMgr) NewEnforcer(ctx context.Context, cfg Config,
	values Values) (Enforcer, error)

NewEnforcer constructs a new PeerRestrict rule enforcer using the passed values and config.

NOTE: This is part of the Manager interface.

func (*PeerRestrictMgr) NewValueFromProto 

func (c *PeerRestrictMgr) NewValueFromProto(v *litrpc.RuleValue) (Values,
	error)

NewValueFromProto converts the given proto value into a PeerRestrict Value object.

NOTE: This is part of the Manager interface.

func (*PeerRestrictMgr) Stop 

func (c *PeerRestrictMgr) Stop() error

Stop cleans up the resources held by the manager.

NOTE: This is part of the Manager interface.

type Rate 

type Rate struct {
	Iterations uint32 `json:"iterations"`
	NumHours   uint32 `json:"num_hours"`
}

Rate describes a rate limit in iterations per number of hours.

type RateLimit 

type RateLimit struct {
	WriteLimit *Rate `json:"write_limit"`
	ReadLimit  *Rate `json:"read_limit"`
}

RateLimit represents the rules values.

func (*RateLimit) PseudoToReal 

func (r *RateLimit) PseudoToReal(_ context.Context,
	_ firewalldb.PrivacyMapDB, _ session.PrivacyFlags) (Values, error)

PseudoToReal attempts to convert any appropriate pseudo fields in the rule Values to their corresponding real values. It uses the passed PrivacyMapDB to find the real values. This is a no-op for the RateLimit rule.

NOTE: this is part of the Values interface.

func (*RateLimit) RealToPseudo 

func (r *RateLimit) RealToPseudo(_ context.Context,
	_ firewalldb.PrivacyMapReader, flags session.PrivacyFlags) (Values,
	map[string]string, error)

RealToPseudo converts the rule Values to a new one that uses pseudo keys, channel IDs, channel points etc. It returns a map of real to pseudo strings that should be persisted. This is a no-op for the RateLimit rule.

NOTE: this is part of the Values interface.

func (*RateLimit) RuleName 

func (r *RateLimit) RuleName() string

RuleName returns the name of the rule that these values are to be used with.

NOTE: this is part of the Values interface.

func (*RateLimit) ToProto 

func (r *RateLimit) ToProto() *litrpc.RuleValue

ToProto converts the rule Values to the litrpc counterpart.

NOTE: this is part of the Values interface.

func (*RateLimit) VerifySane 

func (r *RateLimit) VerifySane(minVal, maxVal Values) error

VerifySane checks that the value of the values is ok given the min and max allowed values.

NOTE: this is part of the Values interface.

type RateLimitEnforcer 

type RateLimitEnforcer struct {
	*RateLimit
	// contains filtered or unexported fields
}

RateLimitEnforcer enforces requests and responses against a RateLimit rule.

func (*RateLimitEnforcer) HandleErrorResponse 

func (r *RateLimitEnforcer) HandleErrorResponse(_ context.Context, _ string,
	_ error) (error, error)

HandleErrorResponse handles and possible alters an error. This is a noop for the RateLimitEnforcer rule.

NOTE: this is part of the Enforcer interface.

func (*RateLimitEnforcer) HandleRequest 

func (r *RateLimitEnforcer) HandleRequest(ctx context.Context, uri string,
	_ proto.Message) (proto.Message, error)

HandleRequest checks the validity of a request. It checks if the request is a read or a write request. Then, using the past actions DB, it determines if letting this request through would violate the rate limit rules.

NOTE: this is part of the Rule interface.

func (*RateLimitEnforcer) HandleResponse 

func (r *RateLimitEnforcer) HandleResponse(_ context.Context, _ string,
	_ proto.Message) (proto.Message, error)

HandleResponse handles and possible alters a response. This is a noop for the RateLimitMgr values.

NOTE: this is part of the Rule interface.

type RateLimitMgr 

type RateLimitMgr struct{}

RateLimitMgr represents the rate limit values.

func (*RateLimitMgr) EmptyValue 

func (r *RateLimitMgr) EmptyValue() Values

EmptyValue returns a new RateLimit instance.

func (*RateLimitMgr) NewEnforcer 

func (r *RateLimitMgr) NewEnforcer(_ context.Context, cfg Config,
	values Values) (Enforcer, error)

NewEnforcer constructs a new RateLimit rule enforcer using the passed values and config.

NOTE: This is part of the Manager interface.

func (*RateLimitMgr) NewValueFromProto 

func (r *RateLimitMgr) NewValueFromProto(v *litrpc.RuleValue) (Values, error)

NewValueFromProto converts the given proto value into a RateLimit Value object.

NOTE: This is part of the Manager interface.

func (*RateLimitMgr) Stop 

func (r *RateLimitMgr) Stop() error

Stop cleans up the resources held by the manager.

NOTE: This is part of the Manager interface.

type Values 

type Values interface {
	// RuleName returns the name of the rule that these values are to be
	// used with.
	RuleName() string

	// VerifySane checks that the rules values are valid given the allowed
	// minimum and maximum values.
	VerifySane(minVal, maxVal Values) error

	// ToProto converts the rule Values to the litrpc counterpart.
	ToProto() *litrpc.RuleValue

	// RealToPseudo converts the rule Values to a new one that uses pseudo
	// keys, channel IDs, channel points etc. It returns a map of any new
	// real to pseudo strings that should be persisted that it did not find
	// in the given PrivacyMapReader.
	RealToPseudo(ctx context.Context, db firewalldb.PrivacyMapReader,
		flags session.PrivacyFlags) (Values, map[string]string, error)

	// PseudoToReal attempts to convert any appropriate pseudo fields in
	// the rule Values to their corresponding real values. It uses the
	// passed PrivacyMapDB to find the real values.
	PseudoToReal(ctx context.Context, db firewalldb.PrivacyMapDB,
		flags session.PrivacyFlags) (Values, error)
}

Values represents the static values that encompass the settings of the rule.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.