forked from lightninglabs/aperture
-
Notifications
You must be signed in to change notification settings - Fork 0
/
services.go
114 lines (95 loc) · 2.99 KB
/
services.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package aperture
import (
"context"
"time"
"github.com/lightninglabs/aperture/l402"
"github.com/lightninglabs/aperture/mint"
"github.com/lightninglabs/aperture/proxy"
)
// staticServiceLimiter provides static restrictions for services.
//
// TODO(wilmer): use etcd instead.
type staticServiceLimiter struct {
capabilities map[l402.Service]l402.Caveat
constraints map[l402.Service][]l402.Caveat
timeouts map[l402.Service]l402.Caveat
}
// A compile-time constraint to ensure staticServiceLimiter implements
// mint.ServiceLimiter.
var _ mint.ServiceLimiter = (*staticServiceLimiter)(nil)
// newStaticServiceLimiter instantiates a new static service limiter backed by
// the given restrictions.
func newStaticServiceLimiter(
proxyServices []*proxy.Service) *staticServiceLimiter {
capabilities := make(map[l402.Service]l402.Caveat)
constraints := make(map[l402.Service][]l402.Caveat)
timeouts := make(map[l402.Service]l402.Caveat)
for _, proxyService := range proxyServices {
s := l402.Service{
Name: proxyService.Name,
Tier: l402.BaseTier,
Price: proxyService.Price,
}
if proxyService.Timeout > 0 {
timeouts[s] = l402.NewTimeoutCaveat(
proxyService.Name,
proxyService.Timeout,
time.Now,
)
}
capabilities[s] = l402.NewCapabilitiesCaveat(
proxyService.Name, proxyService.Capabilities,
)
for cond, value := range proxyService.Constraints {
caveat := l402.Caveat{Condition: cond, Value: value}
constraints[s] = append(constraints[s], caveat)
}
}
return &staticServiceLimiter{
capabilities: capabilities,
constraints: constraints,
timeouts: timeouts,
}
}
// ServiceCapabilities returns the capabilities caveats for each service. This
// determines which capabilities of each service can be accessed.
func (l *staticServiceLimiter) ServiceCapabilities(ctx context.Context,
services ...l402.Service) ([]l402.Caveat, error) {
res := make([]l402.Caveat, 0, len(services))
for _, service := range services {
capabilities, ok := l.capabilities[service]
if !ok {
continue
}
res = append(res, capabilities)
}
return res, nil
}
// ServiceConstraints returns the constraints for each service. This enforces
// additional constraints on a particular service/service capability.
func (l *staticServiceLimiter) ServiceConstraints(ctx context.Context,
services ...l402.Service) ([]l402.Caveat, error) {
res := make([]l402.Caveat, 0, len(services))
for _, service := range services {
constraints, ok := l.constraints[service]
if !ok {
continue
}
res = append(res, constraints...)
}
return res, nil
}
// ServiceTimeouts returns the timeout caveat for each service. This enforces
// an expiration time for service access if enabled.
func (l *staticServiceLimiter) ServiceTimeouts(ctx context.Context,
services ...l402.Service) ([]l402.Caveat, error) {
res := make([]l402.Caveat, 0, len(services))
for _, service := range services {
timeout, ok := l.timeouts[service]
if !ok {
continue
}
res = append(res, timeout)
}
return res, nil
}