diff --git a/config.go b/config.go index d22822f1c..044c3a497 100644 --- a/config.go +++ b/config.go @@ -45,6 +45,8 @@ type RPCConfig struct { MacaroonPath string + AllowPublicUniProofCourier bool + AllowPublicStats bool LetsEncryptDir string diff --git a/perms/perms.go b/perms/perms.go index c8a3b2b90..3c1bbc83a 100644 --- a/perms/perms.go +++ b/perms/perms.go @@ -209,13 +209,22 @@ var ( // MacaroonWhitelist returns the set of RPC endpoints that don't require // macaroon authentication. -func MacaroonWhitelist(allowPublicStats bool) map[string]struct{} { +func MacaroonWhitelist(allowPublicUniProofCourier bool, + allowPublicStats bool) map[string]struct{} { + // Make a copy of the default whitelist. whitelist := make(map[string]struct{}) for k, v := range defaultMacaroonWhitelist { whitelist[k] = v } + // Conditionally add public multiverse proof courier RPC endpoints to + // the whitelist. + if allowPublicUniProofCourier { + whitelist["/universerpc.Universe/QueryProof"] = struct{}{} + whitelist["/universerpc.Universe/InsertProof"] = struct{}{} + } + // Conditionally add public stats RPC endpoints to the whitelist. if allowPublicStats { whitelist["/universerpc.Universe/QueryAssetStats"] = struct{}{} diff --git a/server.go b/server.go index bbf41d74c..3e6172ca7 100644 --- a/server.go +++ b/server.go @@ -228,6 +228,7 @@ func (s *Server) RunUntilShutdown(mainErrChan <-chan error) error { // Get RPC endpoints which don't require macaroons. macaroonWhitelist := perms.MacaroonWhitelist( + s.cfg.RPCConfig.AllowPublicUniProofCourier, s.cfg.RPCConfig.AllowPublicStats, ) diff --git a/tapcfg/config.go b/tapcfg/config.go index 0a3776bcf..4b642a765 100644 --- a/tapcfg/config.go +++ b/tapcfg/config.go @@ -204,7 +204,8 @@ type RpcConfig struct { MacaroonPath string `long:"macaroonpath" description:"Path to write the admin macaroon for tapd's RPC and REST services if it doesn't exist"` NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication, can only be used if server is not listening on a public interface."` - AllowPublicStats bool `long:"allow-public-stats" description:"Disable macaroon authentication for stats RPC endpoints."` + AllowPublicUniProofCourier bool `long:"allow-public-uni-proof-courier" description:"Disable macaroon authentication for universe proof courier RPC endpoints."` + AllowPublicStats bool `long:"allow-public-stats" description:"Disable macaroon authentication for stats RPC endpoints."` RestCORS []string `long:"restcors" description:"Add an ip:port/hostname to allow cross origin access from. To allow all origins, set as \"*\"."` diff --git a/tapcfg/server.go b/tapcfg/server.go index 81f16fdcc..60c50bc5b 100644 --- a/tapcfg/server.go +++ b/tapcfg/server.go @@ -384,22 +384,23 @@ func CreateServerFromConfig(cfg *Config, cfgLogger btclog.Logger, serverCfg.SignalInterceptor = shutdownInterceptor serverCfg.RPCConfig = &tap.RPCConfig{ - LisCfg: &lnd.ListenerCfg{}, - RPCListeners: cfg.rpcListeners, - RESTListeners: cfg.restListeners, - GrpcServerOpts: serverOpts, - RestDialOpts: restDialOpts, - RestListenFunc: restListen, - WSPingInterval: cfg.RpcConf.WSPingInterval, - WSPongWait: cfg.RpcConf.WSPongWait, - RestCORS: cfg.RpcConf.RestCORS, - NoMacaroons: cfg.RpcConf.NoMacaroons, - MacaroonPath: cfg.RpcConf.MacaroonPath, - AllowPublicStats: cfg.RpcConf.AllowPublicStats, - LetsEncryptDir: cfg.RpcConf.LetsEncryptDir, - LetsEncryptListen: cfg.RpcConf.LetsEncryptListen, - LetsEncryptEmail: cfg.RpcConf.LetsEncryptEmail, - LetsEncryptDomain: cfg.RpcConf.LetsEncryptDomain, + LisCfg: &lnd.ListenerCfg{}, + RPCListeners: cfg.rpcListeners, + RESTListeners: cfg.restListeners, + GrpcServerOpts: serverOpts, + RestDialOpts: restDialOpts, + RestListenFunc: restListen, + WSPingInterval: cfg.RpcConf.WSPingInterval, + WSPongWait: cfg.RpcConf.WSPongWait, + RestCORS: cfg.RpcConf.RestCORS, + NoMacaroons: cfg.RpcConf.NoMacaroons, + MacaroonPath: cfg.RpcConf.MacaroonPath, + AllowPublicUniProofCourier: cfg.RpcConf.AllowPublicUniProofCourier, + AllowPublicStats: cfg.RpcConf.AllowPublicStats, + LetsEncryptDir: cfg.RpcConf.LetsEncryptDir, + LetsEncryptListen: cfg.RpcConf.LetsEncryptListen, + LetsEncryptEmail: cfg.RpcConf.LetsEncryptEmail, + LetsEncryptDomain: cfg.RpcConf.LetsEncryptDomain, } return tap.NewServer(serverCfg), nil