mirror of
https://github.com/aljazceru/ark.git
synced 2025-12-17 04:04:21 +01:00
12d666bfdf
* move OOR transaction creation client-side * robust redeem tx checks * optimize GetVtxos db call * rename CompleteAsyncPayment --> SubmitRedeemTx * fix permissions.go
221 lines
5.9 KiB
Go
221 lines
5.9 KiB
Go
package permissions
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"gopkg.in/macaroon-bakery.v2/bakery"
|
|
|
|
arkv1 "github.com/ark-network/ark/api-spec/protobuf/gen/ark/v1"
|
|
grpchealth "google.golang.org/grpc/health/grpc_health_v1"
|
|
)
|
|
|
|
const (
|
|
EntityWallet = "wallet"
|
|
EntityAdmin = "admin"
|
|
EntityManager = "manager"
|
|
EntityArk = "ark"
|
|
EntityHealth = "health"
|
|
)
|
|
|
|
// ReadOnlyPermissions returns the permissions of the macaroon readonly.macaroon.
|
|
// This grants access to the read action for all entities.
|
|
func ReadOnlyPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
},
|
|
}
|
|
}
|
|
|
|
// WalletPermissions returns the permissions of the macaroon wallet.macaroon.
|
|
// This grants access to the all actions for the wallet entity.
|
|
func WalletPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
},
|
|
}
|
|
}
|
|
|
|
// ManagerPermissions returns the permissions of the macaroon manager.macaroon.
|
|
// This grants access to the all actions for the manager entity.
|
|
func ManagerPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "write",
|
|
},
|
|
}
|
|
}
|
|
|
|
// AdminPermissions returns the permissions of the macaroon admin.macaroon.
|
|
// This grants access to the all actions for all entities.
|
|
func AdminPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "write",
|
|
},
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
},
|
|
}
|
|
}
|
|
|
|
// Whitelist returns the list of all whitelisted methods with the relative
|
|
// entity and action.
|
|
func Whitelist() map[string][]bakery.Op {
|
|
return map[string][]bakery.Op{
|
|
fmt.Sprintf("/%s/GenSeed", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/Create", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/Restore", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/Unlock", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/GetStatus", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/RegisterInputsForNextRound", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/RegisterOutputsForNextRound", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/SubmitSignedForfeitTxs", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRound", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRoundById", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetEventStream", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/Ping", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/ListVtxos", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetInfo", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/SubmitRedeemTx", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/Check", grpchealth.Health_ServiceDesc.ServiceName): {{
|
|
Entity: EntityHealth,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetBoardingAddress", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/SubmitTreeNonces", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/SubmitTreeSignatures", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/SetNostrRecipient", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/DeleteNostrRecipient", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
}
|
|
}
|
|
|
|
// AllPermissionsByMethod returns a mapping of the RPC server calls to the
|
|
// permissions they require.
|
|
func AllPermissionsByMethod() map[string][]bakery.Op {
|
|
return map[string][]bakery.Op{
|
|
fmt.Sprintf("/%s/Lock", arkv1.WalletService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/DeriveAddress", arkv1.WalletService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/GetBalance", arkv1.WalletService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetScheduledSweep", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRoundDetails", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRounds", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/CreateNote", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/GetMarketHourConfig", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/UpdateMarketHourConfig", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "write",
|
|
}},
|
|
}
|
|
}
|