Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Runes migration from commando to lightning #6403

Merged
merged 9 commits into from
Jul 21, 2023
5 changes: 5 additions & 0 deletions common/jsonrpc_errors.h
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ enum jsonrpc_errcode {
/* Errors from delforward command */
DELFORWARD_NOT_FOUND = 1401,

/* Errors from runes */
RUNE_NOT_AUTHORIZED = 1501,
RUNE_NOT_PERMITTED = 1502,
RUNE_BLACKLISTED = 1503,

/* Errors from wait* commands */
WAIT_TIMEOUT = 2000,
};
Expand Down
4 changes: 4 additions & 0 deletions doc/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,10 @@ MANPAGES := doc/lightning-cli.1 \
doc/lightning-bkpr-listaccountevents.7 \
doc/lightning-bkpr-listbalances.7 \
doc/lightning-bkpr-listincome.7 \
doc/lightning-blacklistrune.7 \
doc/lightning-check.7 \
doc/lightning-checkmessage.7 \
doc/lightning-checkrune.7 \
doc/lightning-close.7 \
doc/lightning-connect.7 \
doc/lightning-commando.7 \
Expand All @@ -28,6 +30,7 @@ MANPAGES := doc/lightning-cli.1 \
doc/lightning-commando-rune.7 \
doc/lightning-createonion.7 \
doc/lightning-createinvoice.7 \
doc/lightning-createrune.7 \
doc/lightning-datastore.7 \
doc/lightning-decodepay.7 \
doc/lightning-decode.7 \
Expand Down Expand Up @@ -65,6 +68,7 @@ MANPAGES := doc/lightning-cli.1 \
doc/lightning-listpays.7 \
doc/lightning-listpeers.7 \
doc/lightning-listpeerchannels.7 \
doc/lightning-listrunes.7 \
doc/lightning-listsendpays.7 \
doc/lightning-makesecret.7 \
doc/lightning-multifundchannel.7 \
Expand Down
4 changes: 4 additions & 0 deletions doc/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,10 @@ Core Lightning Documentation
lightning-bkpr-listaccountevents <lightning-bkpr-listaccountevents.7.md>
lightning-bkpr-listbalances <lightning-bkpr-listbalances.7.md>
lightning-bkpr-listincome <lightning-bkpr-listincome.7.md>
lightning-blacklistrune <lightning-blacklistrune.7.md>
lightning-check <lightning-check.7.md>
lightning-checkmessage <lightning-checkmessage.7.md>
lightning-checkrune <lightning-checkrune.7.md>
lightning-cli <lightning-cli.1.md>
lightning-close <lightning-close.7.md>
lightning-commando-blacklist <lightning-commando-blacklist.7.md>
Expand All @@ -51,6 +53,7 @@ Core Lightning Documentation
lightning-connect <lightning-connect.7.md>
lightning-createinvoice <lightning-createinvoice.7.md>
lightning-createonion <lightning-createonion.7.md>
lightning-createrune <lightning-createrune.7.md>
lightning-datastore <lightning-datastore.7.md>
lightning-decode <lightning-decode.7.md>
lightning-decodepay <lightning-decodepay.7.md>
Expand Down Expand Up @@ -93,6 +96,7 @@ Core Lightning Documentation
lightning-listpays <lightning-listpays.7.md>
lightning-listpeerchannels <lightning-listpeerchannels.7.md>
lightning-listpeers <lightning-listpeers.7.md>
lightning-listrunes <lightning-listrunes.7.md>
lightning-listsendpays <lightning-listsendpays.7.md>
lightning-listsqlschemas <lightning-listsqlschemas.7.md>
lightning-listtransactions <lightning-listtransactions.7.md>
Expand Down
42 changes: 42 additions & 0 deletions doc/lightning-blacklistrune.7.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
lightning-blacklistrune -- Command to prevent a rune from working
==============================================================

SYNOPSIS
--------

**blacklistrune** [*start* [*end*]]

DESCRIPTION
-----------

The **blacklistrune** RPC command allows you to effectively revoke the rune you have created (and any runes derived from that rune with additional restictions). Attempting to use these runes will be resulted in a `Blacklisted rune` error message.

All runes created by lightning have a unique sequential id within them and can be blacklisted in ranges for efficiency. The command always returns the blacklisted ranges on success. If no parameters are specified, no changes have been made. If start specified without end, that single rune is blacklisted. If end is also specified, every rune from start till end inclusive is blacklisted.

RETURN VALUE
------------

[comment]: # (GENERATE-FROM-SCHEMA-START)
On success, an object containing **blacklist** is returned. It is an array of objects, where each object contains:

- **start** (u64): Unique id of first rune in this blacklist range
- **end** (u64): Unique id of last rune in this blacklist range

[comment]: # (GENERATE-FROM-SCHEMA-END)

AUTHOR
------

Shahana Farooqui <<[email protected]>> is mainly responsible.

SEE ALSO
--------

lightning-commando-blacklist(7), lightning-listrunes(7)

RESOURCES
---------

Main web site: <https://github.com/ElementsProject/lightning>

[comment]: # ( SHA256STAMP:a165eb0086559c67fd2992bd736450fc5cb60d5607b94b095782e5c43b945e66)
41 changes: 41 additions & 0 deletions doc/lightning-checkrune.7.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
lightning-checkrune -- Command to Validate Rune
================================================

SYNOPSIS
--------

**checkrune** [*nodeid*], [*rune*], [*method*] [*params*]

DESCRIPTION
-----------

The **checkrune** RPC command checks the validity/authorization rights of specified rune for the given nodeid, method, and params.

It will return {valid: true} if the rune is authorized otherwise returns error message.

RETURN VALUE
------------

[comment]: # (GENERATE-FROM-SCHEMA-START)
On success, an object is returned, containing:

- **valid** (boolean): true if the rune is valid

[comment]: # (GENERATE-FROM-SCHEMA-END)

AUTHOR
------

Shahana Farooqui <<[email protected]>> is mainly responsible
for consolidating logic from commando.

SEE ALSO
--------

lightning-createrune(7), lightning-blacklistrune(7)

RESOURCES
---------

Main web site: <https://github.com/ElementsProject/lightning>
[comment]: # ( SHA256STAMP:977acf366f8fde1411f2c78d072b34b38b456e95381a6bce8fe6855a2d91434a)
221 changes: 221 additions & 0 deletions doc/lightning-createrune.7.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,221 @@
lightning-createrune -- Command to Create/Update Rune for Authorizing Remote Peer Access
=========================================================================================

SYNOPSIS
--------

**createrune** [*rune*] [*restrictions*]

DESCRIPTION
-----------

The **createrune** RPC command creates a base64 string called a
*rune* which can be used to access commands on this node. Each *rune*
contains a unique id (a number starting at 0), and can have
restrictions inside it. Nobody can remove restrictions from a rune: if
you try, the rune will be rejected. There is no limit on how many
runes you can issue; the node simply decodes and checks them as they are
received.

If *rune* is supplied, the restrictions are simple appended to that
*rune* (it doesn't need to be a rune belonging to this node). If no
*rune* is supplied, a new one is constructed, with a new unique id.

*restrictions* can be the string "readonly" (creates a rune which
allows most *get* and *list* commands, and the *summary* command), or
an array of restrictions.

Each restriction is an array of one or more alternatives, such as "method
is listpeers", or "method is listpeers OR time is before 2023". Alternatives use a simple language to examine the command which is
being run:

* time: the current UNIX time, e.g. "time<1656759180".
* id: the node\_id of the peer, e.g. "id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605".
* method: the command being run, e.g. "method=withdraw".
* rate: the rate limit, per minute, e.g. "rate=60".
* pnum: the number of parameters. e.g. "pnum<2".
* pnameX: the parameter named X (with any punctuation like `_` removed). e.g. "pnamedestination=1RustyRX2oai4EYYDpQGWvEL62BBGqN9T".
* parrN: the N'th parameter. e.g. "parr0=1RustyRX2oai4EYYDpQGWvEL62BBGqN9T".

RESTRICTION FORMAT
------------------

Restrictions are one or more alternatives. Each
alternative is *name* *operator* *value*. The valid names are shown
above. Note that if a value contains `\\`, it must be preceeded by another `\\`
to form valid JSON:

* `=`: passes if equal ie. identical. e.g. `method=withdraw`
* `/`: not equals, e.g. `method/withdraw`
* `^`: starts with, e.g. `id^024b9a1fa8e006f1e3937f`
* `$`: ends with, e.g. `id$381df1cc449605`.
* `~`: contains, e.g. `id~006f1e3937f65f66c40`.
* `<`: is a decimal integer, and is less than. e.g. `time<1656759180`
* `>`: is a decimal integer, and is greater than. e.g. `time>1656759180`
* `{`: preceeds in alphabetical order (or matches but is shorter), e.g. `id{02ff`.
* `}`: follows in alphabetical order (or matches but is longer), e.g. `id}02ff`.
* `#`: a comment, ignored, e.g. `dumb example#`.
* `!`: only passes if the *name* does *not* exist. e.g. `pnamedestination!`.
Every other operator except `#` fails if *name* does not exist!

EXAMPLES
--------

This creates a fresh rune which can do anything:

$ lightning-cli createrune
{
"rune": "KUhZzNlECC7pYsz3QVbF1TqjIUYi3oyESTI7n60hLMs9MA==",
"unique_id": "0"
}

We can add restrictions to that rune, like so:

$ lightning-cli createrune rune=KUhZzNlECC7pYsz3QVbF1TqjIUYi3oyESTI7n60hLMs9MA== restrictions=readonly
{
"rune": "NbL7KkXcPQsVseJ9TdJNjJK2KsPjnt_q4cE_wvc873I9MCZtZXRob2RebGlzdHxtZXRob2ReZ2V0fG1ldGhvZD1zdW1tYXJ5Jm1ldGhvZC9saXN0ZGF0YXN0b3Jl",
"unique_id": "0"
}

The "readonly" restriction is a short-cut for two restrictions:

1. `["method^list", "method^get", "method=summary"]`: You may call list, get or summary.
2. `["method/listdatastore"]`: But not listdatastore: that contains sensitive stuff!

We can do the same manually, like so:

$ lightning-cli createrune rune=KUhZzNlECC7pYsz3QVbF1TqjIUYi3oyESTI7n60hLMs9MA== restrictions='[["method^list", "method^get", "method=summary"],["method/listdatastore"]]'
{
"rune": "NbL7KkXcPQsVseJ9TdJNjJK2KsPjnt_q4cE_wvc873I9MCZtZXRob2RebGlzdHxtZXRob2ReZ2V0fG1ldGhvZD1zdW1tYXJ5Jm1ldGhvZC9saXN0ZGF0YXN0b3Jl",
"unique_id": "0"
}

Let's create a rune which lets a specific peer
(024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605)
run "listpeers" on themselves:

$ lightning-cli createrune restrictions='[["id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"],["method=listpeers"],["pnum=1"],["pnameid=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605","parr0=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"]]'
{
"rune": "FE8GHiGVvxcFqCQcClVRRiNE_XEeLYQzyG2jmqto4jM9MiZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDV8cGFycjA9MDI0YjlhMWZhOGUwMDZmMWUzOTM3ZjY1ZjY2YzQwOGU2ZGE4ZTFjYTcyOGVhNDMyMjJhNzM4MWRmMWNjNDQ5NjA1",
"unique_id": "2"
}

This allows `listpeers` with 1 argument (`pnum=1`), which is either by name (`pnameid`), or position (`parr0`). We could shorten this in several ways: either allowing only positional or named parameters, or by testing the start of the parameters only. Here's an example which only checks the first 9 bytes of the `listpeers` parameter:

$ lightning-cli createrune restrictions='[["id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"],["method=listpeers"],["pnum=1"],["pnameid^024b9a1fa8e006f1e393", "parr0^024b9a1fa8e006f1e393"]'
{
"rune": "fTQnfL05coEbiBO8SS0cvQwCcPLxE9c02pZCC6HRVEY9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5Mw==",
"unique_id": "3"
}

Before we give this to our peer, let's add two more restrictions: that
it only be usable for 24 hours from now (`time<`), and that it can only
be used twice a minute (`rate=2`). `date +%s` can give us the current
time in seconds:

$ lightning-cli createrune rune=fTQnfL05coEbiBO8SS0cvQwCcPLxE9c02pZCC6HRVEY9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5Mw== restrictions='[["time<'$(($(date +%s) + 24*60*60))'","rate=2"]]'
{
"rune": "tU-RLjMiDpY2U0o3W1oFowar36RFGpWloPbW9-RuZdo9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5MyZ0aW1lPDE2NTY5MjA1MzgmcmF0ZT0y",
"unique_id": "3"
}

You can also use lightning-decode(7) to examine runes you have been given:

$ .lightning-cli decode tU-RLjMiDpY2U0o3W1oFowar36RFGpWloPbW9-RuZdo9MyZpZD0wMjRiOWExZmE4ZTAwNmYxZTM5MzdmNjVmNjZjNDA4ZTZkYThlMWNhNzI4ZWE0MzIyMmE3MzgxZGYxY2M0NDk2MDUmbWV0aG9kPWxpc3RwZWVycyZwbnVtPTEmcG5hbWVpZF4wMjRiOWExZmE4ZTAwNmYxZTM5M3xwYXJyMF4wMjRiOWExZmE4ZTAwNmYxZTM5MyZ0aW1lPDE2NTY5MjA1MzgmcmF0ZT0y
{
"type": "rune",
"unique_id": "3",
"string": "b54f912e33220e9636534a375b5a05a306abdfa4451a95a5a0f6d6f7e46e65da:=3&id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605&method=listpeers&pnum=1&pnameid^024b9a1fa8e006f1e393|parr0^024b9a1fa8e006f1e393&time<1656920538&rate=2",
"restrictions": [
{
"alternatives": [
"id=024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605"
],
"summary": "id (of commanding peer) equal to '024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605'"
},
{
"alternatives": [
"method=listpeers"
],
"summary": "method (of command) equal to 'listpeers'"
},
{
"alternatives": [
"pnum=1"
],
"summary": "pnum (number of command parameters) equal to 1"
},
{
"alternatives": [
"pnameid^024b9a1fa8e006f1e393",
"parr0^024b9a1fa8e006f1e393"
],
"summary": "pnameid (object parameter 'id') starts with '024b9a1fa8e006f1e393' OR parr0 (array parameter #0) starts with '024b9a1fa8e006f1e393'"
},
{
"alternatives": [
"time<1656920538"
],
"summary": "time (in seconds since 1970) less than 1656920538 (approximately 19 hours 18 minutes from now)"
},
{
"alternatives": [
"rate=2"
],
"summary": "rate (max per minute) equal to 2"
}
],
"valid": true
}


SHARING RUNES
-------------

Because anyone can add a restriction to a rune, you can always turn a
normal rune into a read-only rune, or restrict access for 30 minutes
from the time you give it to someone. Adding restrictions before
sharing runes is best practice.

If a rune has a ratelimit, any derived rune will have the same id, and
thus will compete for that ratelimit. You might want to consider
adding a tighter ratelimit to a rune before sharing it, so you will
keep the remainder. For example, if you rune has a limit of 60 times
per minute, adding a limit of 5 times per minute and handing that rune
out means you can still use your original rune 55 times per minute.

RETURN VALUE
------------

[comment]: # (GENERATE-FROM-SCHEMA-START)
On success, an object is returned, containing:

- **rune** (string): the resulting rune
- **unique\_id** (string): the id of this rune: this is set at creation and cannot be changed (even as restrictions are added)

The following warnings may also be returned:

- **warning\_unrestricted\_rune**: A warning shown when runes are created with powers that could drain your node

[comment]: # (GENERATE-FROM-SCHEMA-END)

AUTHOR
------

Rusty Russell <<[email protected]>> wrote the original Python
commando.py plugin, the in-tree commando plugin, and this manual page.

Shahana Farooqui <<[email protected]>> is mainly responsible
for migrating commando-rune to createrune.

SEE ALSO
--------

lightning-commando-rune(7), lightning-checkrune(7)

RESOURCES
---------

Main web site: <https://github.com/ElementsProject/lightning>

[comment]: # ( SHA256STAMP:7064d2dcc37af3fe83739a11da57400b5c1faef51095b8dacfba6a4312fc9d25)
Loading