mirror of
https://github.com/lightninglabs/loop
synced 2024-11-13 13:10:30 +00:00
1eb8ed3da5
We introduce a new package: `lsat`, which aims to provide utilities that will serve useful in the context of LSAT creation and verification for LSAT-enabled services.
118 lines
3.6 KiB
Go
118 lines
3.6 KiB
Go
package lsat
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
// Satisfier provides a generic interface to satisfy a caveat based on its
|
|
// condition.
|
|
type Satisfier struct {
|
|
// Condition is the condition of the caveat we'll attempt to satisfy.
|
|
Condition string
|
|
|
|
// SatisfyPrevious ensures a caveat is in accordance with a previous one
|
|
// with the same condition. This is needed since caveats of the same
|
|
// condition can be used multiple times as long as they enforce more
|
|
// permissions than the previous.
|
|
//
|
|
// For example, we have a caveat that only allows us to use an LSAT for
|
|
// 7 more days. We can add another caveat that only allows for 3 more
|
|
// days of use and lend it to another party.
|
|
SatisfyPrevious func(previous Caveat, current Caveat) error
|
|
|
|
// SatisfyFinal satisfies the final caveat of an LSAT. If multiple
|
|
// caveats with the same condition exist, this will only be executed
|
|
// once all previous caveats are also satisfied.
|
|
SatisfyFinal func(Caveat) error
|
|
}
|
|
|
|
// NewServicesSatisfier implements a satisfier to determine whether the target
|
|
// service is authorized for a given LSAT.
|
|
//
|
|
// TODO(wilmer): Add tier verification?
|
|
func NewServicesSatisfier(targetService string) Satisfier {
|
|
return Satisfier{
|
|
Condition: CondServices,
|
|
SatisfyPrevious: func(prev, cur Caveat) error {
|
|
// Construct a set of the services we were previously
|
|
// allowed to access.
|
|
prevServices, err := decodeServicesCaveatValue(prev.Value)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
prevAllowed := make(map[string]struct{}, len(prevServices))
|
|
for _, service := range prevServices {
|
|
prevAllowed[service.Name] = struct{}{}
|
|
}
|
|
|
|
// The caveat should not include any new services that
|
|
// weren't previously allowed.
|
|
currentServices, err := decodeServicesCaveatValue(cur.Value)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, service := range currentServices {
|
|
if _, ok := prevAllowed[service.Name]; !ok {
|
|
return fmt.Errorf("service %v not "+
|
|
"previously allowed", service)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
},
|
|
SatisfyFinal: func(c Caveat) error {
|
|
services, err := decodeServicesCaveatValue(c.Value)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, service := range services {
|
|
if service.Name == targetService {
|
|
return nil
|
|
}
|
|
}
|
|
return fmt.Errorf("target service %v not authorized",
|
|
targetService)
|
|
},
|
|
}
|
|
}
|
|
|
|
// NewCapabilitiesSatisfier implements a satisfier to determine whether the
|
|
// target capability for a service is authorized for a given LSAT.
|
|
func NewCapabilitiesSatisfier(service string, targetCapability string) Satisfier {
|
|
return Satisfier{
|
|
Condition: service + CondCapabilitiesSuffix,
|
|
SatisfyPrevious: func(prev, cur Caveat) error {
|
|
// Construct a set of the service's capabilities we were
|
|
// previously allowed to access.
|
|
prevCapabilities := strings.Split(prev.Value, ",")
|
|
allowed := make(map[string]struct{}, len(prevCapabilities))
|
|
for _, capability := range prevCapabilities {
|
|
allowed[capability] = struct{}{}
|
|
}
|
|
|
|
// The caveat should not include any new service
|
|
// capabilities that weren't previously allowed.
|
|
currentCapabilities := strings.Split(cur.Value, ",")
|
|
for _, capability := range currentCapabilities {
|
|
if _, ok := allowed[capability]; !ok {
|
|
return fmt.Errorf("capability %v not "+
|
|
"previously allowed", capability)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
},
|
|
SatisfyFinal: func(c Caveat) error {
|
|
capabilities := strings.Split(c.Value, ",")
|
|
for _, capability := range capabilities {
|
|
if capability == targetCapability {
|
|
return nil
|
|
}
|
|
}
|
|
return fmt.Errorf("target capability %v not authorized",
|
|
targetCapability)
|
|
},
|
|
}
|
|
}
|