Again, as with WWW-Authenticate header, existing aperture instances
expect LSAT, and the protocol defines it is L402, so send both, LSAT
first, to maintain backward compatibility.
The header "Authorization: LSAT..." can be removed in the future,
when all aperture instances are upgraded.
Old clients expect "L402 macaroon=..." in the first WWW-Authenticate, while
the protocol [1] says it should be "WWW-Authenticate: L402 macaroon=...",
so send both LSAT and L402. LSAT must be sent first, to maintain backward
compatibility with older clients.
[1] https://github.com/lightninglabs/L402/blob/master/protocol-specification.md
auth: LsatAuthenticator -> L402Authenticator
sed -i 's/LsatAuthenticator/L402Authenticator/g' aperture.go auth/authenticator.go auth/authenticator_test.go
rename package lsat to l402
git mv lsat/ l402
sed 's@aperture/lsat@aperture/l402@g' -i `git grep -l aperture/lsat`
sed -i 's@package lsat@package l402@' `git grep -l 'package lsat'`
sed -i 's@lsat\.@l402.@g' -i `git grep -l 'lsat\.'`
sed 's@l402.Id@lsat.Id@' -i mint/mint_test.go
replace lsat with l402 in the code
sed 's@lsat@l402@' -i mint/mint_test.go
sed 's@Lsat@L402@' -i l402/client_interceptor.go
sed 's@lsatstore@l402store@' -i l402/store_test.go
replace LSAT to L402 in comments
sed '/\/\//s@LSAT@L402@g' -i `git grep -l '//.*LSAT'`
replace LSAT -> L402 in the code, skip when a string starts with it
sed 's@\([^"/]\)LSAT@\1L402@g' -i `git grep -l LSAT`
We move the proxy from using its placeholder macaroon creation and
verification to instead use the agreed upon macaroon design. Much of
this is solely a refactor, but some new functionality has also been
introduced as part of integrating the LSAT mint:
1. A request's target service is now verified to ensure its attached
LSAT is authorized.
2. The preimage is now checked against the token's committed payment
hash to ensure it has been paid for.
The target service name remains unused in its current form, but will be
required in order to verify that an incoming request with an LSAT
attached is authorized to access the service being attempted. We can
derive this from the request's host field, but we choose to extend the
methods with the additional parameter in order to prevent parsing the
host field again to determine which service is being accessed.
