mirror of
https://github.com/aljazceru/ark.git
synced 2025-12-17 12:14:21 +01:00
4da76ec88b
* [domain] add reverse boarding inputs in Payment struct * [tx-builder] support reverse boarding script * [wallet] add GetTransaction * [api-spec][application] add reverse boarding support in covenantless * [config] add reverse boarding config * [api-spec] add ReverseBoardingAddress RPC * [domain][application] support empty forfeits txs in EndFinalization events * [tx-builder] optional connector output in round tx * [btc-embedded] fix getTx and taproot finalizer * whitelist ReverseBoardingAddress RPC * [test] add reverse boarding integration test * [client] support reverse boarding * [sdk] support reverse boarding * [e2e] add sleep time after faucet * [test] run using bitcoin-core RPC * [tx-builder] fix GetSweepInput * [application][tx-builder] support reverse onboarding in covenant * [cli] support reverse onboarding in covenant CLI * [test] rework integration tests * [sdk] remove onchain wallet, replace by onboarding address * remove old onboarding protocols * [sdk] Fix RegisterPayment * [e2e] add more funds to covenant ASP * [e2e] add sleeping time * several fixes * descriptor boarding * remove boarding delay from info * [sdk] implement descriptor boarding * go mod tidy * fixes and revert error msgs * move descriptor pkg to common * add replace in go.mod * [sdk] fix unit tests * rename DescriptorInput --> BoardingInput * genrest in SDK * remove boarding input from domain * remove all "reverse boarding" * rename "onboarding" ==> "boarding" * remove outdate payment unit test * use tmpfs docker volument for compose testing files * several fixes
205 lines
5.4 KiB
Go
205 lines
5.4 KiB
Go
package permissions
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"gopkg.in/macaroon-bakery.v2/bakery"
|
|
|
|
arkv1 "github.com/ark-network/ark/api-spec/protobuf/gen/ark/v1"
|
|
grpchealth "google.golang.org/grpc/health/grpc_health_v1"
|
|
)
|
|
|
|
const (
|
|
EntityWallet = "wallet"
|
|
EntityAdmin = "admin"
|
|
EntityManager = "manager"
|
|
EntityArk = "ark"
|
|
EntityHealth = "health"
|
|
)
|
|
|
|
// ReadOnlyPermissions returns the permissions of the macaroon readonly.macaroon.
|
|
// This grants access to the read action for all entities.
|
|
func ReadOnlyPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
},
|
|
}
|
|
}
|
|
|
|
// WalletPermissions returns the permissions of the macaroon wallet.macaroon.
|
|
// This grants access to the all actions for the wallet entity.
|
|
func WalletPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
},
|
|
}
|
|
}
|
|
|
|
// ManagerPermissions returns the permissions of the macaroon manager.macaroon.
|
|
// This grants access to the all actions for the manager entity.
|
|
func ManagerPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "write",
|
|
},
|
|
}
|
|
}
|
|
|
|
// AdminPermissions returns the permissions of the macaroon admin.macaroon.
|
|
// This grants access to the all actions for all entities.
|
|
func AdminPermissions() []bakery.Op {
|
|
return []bakery.Op{
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityManager,
|
|
Action: "write",
|
|
},
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
},
|
|
{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
},
|
|
}
|
|
}
|
|
|
|
// Whitelist returns the list of all whitelisted methods with the relative
|
|
// entity and action.
|
|
func Whitelist() map[string][]bakery.Op {
|
|
return map[string][]bakery.Op{
|
|
fmt.Sprintf("/%s/GenSeed", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/Create", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/Restore", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/Unlock", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/GetStatus", arkv1.WalletInitializerService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/RegisterPayment", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/ClaimPayment", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/FinalizePayment", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRound", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRoundById", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetEventStream", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/Ping", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/ListVtxos", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetInfo", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/CreatePayment", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/CompletePayment", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/Check", grpchealth.Health_ServiceDesc.ServiceName): {{
|
|
Entity: EntityHealth,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetBoardingAddress", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/SendTreeNonces", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/SendTreeSignatures", arkv1.ArkService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityArk,
|
|
Action: "write",
|
|
}},
|
|
}
|
|
}
|
|
|
|
// AllPermissionsByMethod returns a mapping of the RPC server calls to the
|
|
// permissions they require.
|
|
func AllPermissionsByMethod() map[string][]bakery.Op {
|
|
return map[string][]bakery.Op{
|
|
fmt.Sprintf("/%s/Lock", arkv1.WalletService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/DeriveAddress", arkv1.WalletService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "write",
|
|
}},
|
|
fmt.Sprintf("/%s/GetBalance", arkv1.WalletService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityWallet,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetScheduledSweep", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRoundDetails", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
}},
|
|
fmt.Sprintf("/%s/GetRounds", arkv1.AdminService_ServiceDesc.ServiceName): {{
|
|
Entity: EntityManager,
|
|
Action: "read",
|
|
}},
|
|
}
|
|
}
|