proxy: LSAT and L402 WWW-Authenticate headers

Old clients expect "L402 macaroon=..." in the first WWW-Authenticate, while the protocol [1] says it should be "WWW-Authenticate: L402 macaroon=...", so send both LSAT and L402. LSAT must be sent first, to maintain backward compatibility with older clients. [1] https://github.com/lightninglabs/L402/blob/master/protocol-specification.md
2025-12-18 01:24:19 +01:00 · 2024-04-16 12:44:14 -03:00
parent 728707ba5c
commit 709463fe5b
5 changed files with 95 additions and 55 deletions
--- a/proxy/proxy_test.go
+++ b/proxy/proxy_test.go
@@ -154,7 +154,7 @@ func runHTTPTest(t *testing.T, tc *testCase) {
 	require.Equal(t, "402 Payment Required", resp.Status)

 	authHeader := resp.Header.Get("Www-Authenticate")
-	require.Contains(t, authHeader, "LSAT")
+	require.Regexp(t, "(LSAT|L402)", authHeader)
 	_ = resp.Body.Close()

 	// Make sure that if we query an URL that is on the whitelist, we don't
@@ -317,10 +317,10 @@ func runGRPCTest(t *testing.T, tc *testCase) {
 		Header: map[string][]string{},
 	}, "", 0)
 	capturedHeader := captureMetadata.Get("WWW-Authenticate")
-	require.Len(t, capturedHeader, 1)
+	require.Len(t, capturedHeader, 2)
 	require.Equal(
-		t, expectedHeaderContent.Get("WWW-Authenticate"),
-		capturedHeader[0],
+		t, expectedHeaderContent.Values("WWW-Authenticate"),
+		capturedHeader,
 	)

 	// Make sure that if we query an URL that is on the whitelist, we don't