aperture: Custom price per service

2025-12-18 17:44:20 +01:00 · 2020-05-10 15:49:48 +02:00
parent 57a5605990
commit 162571ac45
12 changed files with 82 additions and 17 deletions
--- a/aperture.go
+++ b/aperture.go
@@ -96,10 +96,10 @@ func start() error {
 	}
 	// Create the proxy and connect it to lnd.
-	genInvoiceReq := func() (*lnrpc.Invoice, error) {
+	genInvoiceReq := func(price int64) (*lnrpc.Invoice, error) {
 		return &lnrpc.Invoice{
 			Memo:  "LSAT",
-			Value: 1,
+			Value: price,
 		}, nil
 	}
 	servicesProxy, err := createProxy(cfg, genInvoiceReq, etcdClient)
--- a/auth/authenticator.go
+++ b/auth/authenticator.go
@@ -59,9 +59,13 @@ func (l *LsatAuthenticator) Accept(header *http.Header, serviceName string) bool
 //
 // NOTE: This is part of the Authenticator interface.
 func (l *LsatAuthenticator) FreshChallengeHeader(r *http.Request,
-	serviceName string) (http.Header, error) {
+	serviceName string, servicePrice int64) (http.Header, error) {
-	service := lsat.Service{Name: serviceName, Tier: lsat.BaseTier}
+	service := lsat.Service{
 		Name:  serviceName,
 		Tier:  lsat.BaseTier,
 		Price: servicePrice,
 	}
 	mac, paymentRequest, err := l.minter.MintLSAT(
 		context.Background(), service,
 	)
--- a/auth/interface.go
+++ b/auth/interface.go
@@ -18,7 +18,7 @@ type Authenticator interface {
 	// FreshChallengeHeader returns a header containing a challenge for the
 	// user to complete.
-	FreshChallengeHeader(*http.Request, string) (http.Header, error)
+	FreshChallengeHeader(*http.Request, string, int64) (http.Header, error)
 }
 // Minter is an entity that is able to mint and verify LSATs for a set of
--- a/auth/mock_authenticator.go
+++ b/auth/mock_authenticator.go
@@ -32,7 +32,7 @@ func (a MockAuthenticator) Accept(header *http.Header, _ string) bool {
 // FreshChallengeHeader returns a header containing a challenge for the user to
 // complete.
 func (a MockAuthenticator) FreshChallengeHeader(r *http.Request,
-	_ string) (http.Header, error) {
+	_ string, _ int64) (http.Header, error) {
 	header := r.Header
 	header.Set(
--- a/challenger.go
+++ b/challenger.go
@@ -12,7 +12,7 @@ import (
 // InvoiceRequestGenerator is a function type that returns a new request for the
 // lnrpc.AddInvoice call.
-type InvoiceRequestGenerator func() (*lnrpc.Invoice, error)
+type InvoiceRequestGenerator func(price int64) (*lnrpc.Invoice, error)
 // LndChallenger is a challenger that uses an lnd backend to create new LSAT
 // payment challenges.
@@ -57,10 +57,10 @@ func NewLndChallenger(cfg *authConfig, genInvoiceReq InvoiceRequestGenerator) (
 // request (invoice) and the corresponding payment hash.
 //
 // NOTE: This is part of the Challenger interface.
-func (l *LndChallenger) NewChallenge() (string, lntypes.Hash, error) {
+func (l *LndChallenger) NewChallenge(price int64) (string, lntypes.Hash, error) {
 	// Obtain a new invoice from lnd first. We need to know the payment hash
 	// so we can add it as a caveat to the macaroon.
-	invoice, err := l.genInvoiceReq()
+	invoice, err := l.genInvoiceReq(price)
 	if err != nil {
 		log.Errorf("Error generating invoice request: %v", err)
 		return "", lntypes.ZeroHash, err
--- a/lsat/service.go
+++ b/lsat/service.go
@@ -46,6 +46,9 @@ type Service struct {
 	// Tier is the tier of the LSAT-enabled service.
 	Tier ServiceTier
 	// Price of service LSAT in satoshis.
 	Price int64
 }
 // NewServicesCaveat creates a new services caveat with the provided caveats.
--- a/mint/mint.go
+++ b/mint/mint.go
@@ -27,7 +27,7 @@ type Challenger interface {
 	// payment request. The payment hash is also returned as a convenience
 	// to avoid having to decode the payment request in order to retrieve
 	// its payment hash.
-	NewChallenge() (string, lntypes.Hash, error)
+	NewChallenge(price int64) (string, lntypes.Hash, error)
 }
 // SecretStore is the store responsible for storing LSAT secrets. These secrets
@@ -93,9 +93,13 @@ func New(cfg *Config) *Mint {
 func (m *Mint) MintLSAT(ctx context.Context,
 	services ...lsat.Service) (*macaroon.Macaroon, string, error) {
 	// Let the LSAT value as the price of the most expensive of the
 	// services.
 	price := maximumPrice(services)
 	// We'll start by retrieving a new challenge in the form of a Lightning
 	// payment request to present the requester of the LSAT with.
-	paymentRequest, paymentHash, err := m.cfg.Challenger.NewChallenge()
+	paymentRequest, paymentHash, err := m.cfg.Challenger.NewChallenge(price)
 	if err != nil {
 		return nil, "", err
 	}
@@ -143,6 +147,20 @@ func (m *Mint) MintLSAT(ctx context.Context,
 	return mac, paymentRequest, nil
 }
 // maximumPrice determines the necessary price to use for a collection
 // of services.
 func maximumPrice(services []lsat.Service) int64 {
 	var max int64
 	for _, service := range services {
 		if service.Price > max {
 			max = service.Price
 		}
 	}
 	return max
 }
 // createUniqueIdentifier creates a new LSAT identifier bound to a payment hash
 // and a randomly generated ID.
 func createUniqueIdentifier(paymentHash lntypes.Hash) ([]byte, error) {
--- a/mint/mock_test.go
+++ b/mint/mock_test.go
@@ -26,7 +26,7 @@ func newMockChallenger() *mockChallenger {
 	return &mockChallenger{}
 }
-func (d *mockChallenger) NewChallenge() (string, lntypes.Hash, error) {
+func (d *mockChallenger) NewChallenge(price int64) (string, lntypes.Hash, error) {
 	return testPayReq, testHash, nil
 }
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -97,7 +97,7 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	case authLevel.IsOn():
 		if !p.authenticator.Accept(&r.Header, target.Name) {
 			prefixLog.Infof("Authentication failed. Sending 402.")
-			p.handlePaymentRequired(w, r, target.Name)
+			p.handlePaymentRequired(w, r, target.Name, target.Price)
 			return
 		}
@@ -116,7 +116,7 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				return
 			}
 			if !ok {
-				p.handlePaymentRequired(w, r, target.Name)
+				p.handlePaymentRequired(w, r, target.Name, target.Price)
 				return
 			}
 			_, err = target.freebieDb.TallyFreebie(r, remoteIP)
@@ -281,11 +281,11 @@ func addCorsHeaders(header http.Header) {
 // handlePaymentRequired returns fresh challenge header fields and status code
 // to the client signaling that a payment is required to fulfil the request.
 func (p *Proxy) handlePaymentRequired(w http.ResponseWriter, r *http.Request,
-	serviceName string) {
+	serviceName string, servicePrice int64) {
 	addCorsHeaders(r.Header)
-	header, err := p.authenticator.FreshChallengeHeader(r, serviceName)
+	header, err := p.authenticator.FreshChallengeHeader(r, serviceName, servicePrice)
 	if err != nil {
 		log.Errorf("Error creating new challenge header: %v", err)
 		sendDirectResponse(
--- a/proxy/service.go
+++ b/proxy/service.go
@@ -9,6 +9,7 @@ import (
 	"regexp"
 	"strings"
 	"github.com/btcsuite/btcutil"
 	"github.com/lightninglabs/aperture/auth"
 	"github.com/lightninglabs/aperture/freebie"
 )
@@ -19,6 +20,16 @@ var (
 	filePrefixBase64 = filePrefix + "+base64"
 )
 const (
 	// defaultServicePrice is price in satoshis to be used as the default
 	// service price.
 	defaultServicePrice = 1
 	// maxServicePrice is the maximum price in satoshis that can be used
 	// to create an invoice through lnd.
 	maxServicePrice = btcutil.SatoshiPerBitcoin * 100000
 )
 // Service generically specifies configuration data for backend services to the
 // Kirin proxy.
 type Service struct {
@@ -69,6 +80,10 @@ type Service struct {
 	// correspond to the caveat's condition.
 	Constraints map[string]string `long:"constraints" description:"The service constraints to enforce at the base tier"`
 	// Price is the custom LSAT value in satoshis to be used for the
 	// service's endpoint.
 	Price int64 `long:"price" description:"Static LSAT value in satoshis to be used for this service"`
 	// AuthWhitelistPaths is an optional list of regular expressions that
 	// are matched against the path of the URL of a request. If the request
 	// URL matches any of those regular expressions, the call is treated as
@@ -154,6 +169,23 @@ func prepareServices(services []*Service) error {
 					"whitelist: %v", err)
 			}
 		}
 		// Check that the price for the service is not negative and not
 		// more than the maximum amount allowed by lnd. If no price, or
 		// a price of zero satoshis, is set the then default price of 1
 		// satoshi is to be used.
 		switch {
 		case service.Price == 0:
 			log.Debugf("Using default LSAT price of %v satoshis for "+
 				"service %s.", defaultServicePrice, service.Name)
 			service.Price = defaultServicePrice
 		case service.Price < 0:
 			return fmt.Errorf("negative price set for "+
 				"service %s", service.Name)
 		case service.Price > maxServicePrice:
 			return fmt.Errorf("maximum price exceeded for "+
 				"service %s", service.Name)
 		}
 	}
 	return nil
 }
--- a/sample-conf.yaml
+++ b/sample-conf.yaml
@@ -78,6 +78,9 @@ services:
    constraints:
        "valid_until": "2020-01-01"
    # The LSAT value in satoshis for the service.
    price: 1     
  - name: "service2"
    hostregexp: "service2.com:8083"
    pathregexp: '^/.*$'
@@ -85,6 +88,7 @@ services:
    protocol: https
    constraints:
        "valid_until": "2020-01-01"
    price: 1
 # Settings for a Tor instance to allow requests over Tor as onion services.
 # Configuring Tor is optional.
--- a/services.go
+++ b/services.go
@@ -27,7 +27,11 @@ func newStaticServiceLimiter(proxyServices []*proxy.Service) *staticServiceLimit
 	constraints := make(map[lsat.Service][]lsat.Caveat)
 	for _, proxyService := range proxyServices {
-		s := lsat.Service{Name: proxyService.Name, Tier: lsat.BaseTier}
+		s := lsat.Service{
 			Name:  proxyService.Name,
 			Tier:  lsat.BaseTier,
 			Price: proxyService.Price,
 		}
 		capabilities[s] = lsat.NewCapabilitiesCaveat(
 			proxyService.Name, proxyService.Capabilities,
 		)