Add LSPS5 DOS protections.

When handling an incoming LSPS5 request, the manager will check
if the counterparty is 'engaged' in some way before responding.
`Engaged` meaning = active channel | LSPS2 active operation | LSPS1 active operation.

Logic: `If not engaged then reject request;`

A single test is added only checking for the active channel condition,
because it's not super easy to get LSPS1-2 on the correct state to check this (yet).
Other tangential work is happening that will make this easier and more tests will come in the near future

Author: martinsaposnic

lightning-liquidity/src/dos_protection_enforcer.rs

@@ -0,0 +1,62 @@
+//! DoS Protection Enforcement for LSP operations.
+//!
+//! This module provides mechanisms to prevent denial-of-service attacks
+//! when using the Lightning Service Provider (LSP) protocols.
+
+#[cfg(lsps1_service)]
+use crate::lsps1::service::LSPS1ServiceHandler;
+use crate::lsps2::service::LSPS2ServiceHandler;
+use crate::lsps5::service::LSPS5ServiceHandler;
+use crate::utils::time::TimeProvider;
+use bitcoin::secp256k1::PublicKey;
+use core::ops::Deref;
+#[cfg(lsps1_service)]
+use lightning::chain::Filter;
+use lightning::ln::channelmanager::AChannelManager;
+#[cfg(lsps1_service)]
+use lightning::sign::EntropySource;
+use lightning::sign::NodeSigner;
+
+/// A trait for implementing Denial-of-Service (DoS) protection mechanisms for LSP services.
+pub trait DosProtectionEnforcer {
+	/// Checks if the specified peer is currently engaged in an ongoing operation.
+	///
+	/// Different LSP protocols have different definitions of "engagement":
+	/// - **LSPS1**: Checks for active channel order requests
+	/// - **LSPS2**: Checks for pending channel open requests  
+	/// - **LSPS5**: Checks for existing open channels with the client
+	fn is_engaged(&self, counterparty_node_id: &PublicKey) -> bool;
+}
+
+#[cfg(lsps1_service)]
+impl<ES: Deref, CM: Deref + Clone, C: Deref> DosProtectionEnforcer
+	for LSPS1ServiceHandler<ES, CM, C>
+where
+	ES::Target: EntropySource,
+	CM::Target: AChannelManager,
+	C::Target: Filter,
+{
+	fn is_engaged(&self, counterparty_node_id: &PublicKey) -> bool {
+		self.has_active_requests(counterparty_node_id)
+	}
+}
+
+impl<CM: Deref> DosProtectionEnforcer for LSPS2ServiceHandler<CM>
+where
+	CM::Target: AChannelManager,
+{
+	fn is_engaged(&self, counterparty_node_id: &PublicKey) -> bool {
+		self.has_pending_channel_open_request(counterparty_node_id)
+	}
+}
+
+impl<CM: Deref, NS: Deref, TP: Deref> DosProtectionEnforcer for LSPS5ServiceHandler<CM, NS, TP>
+where
+	CM::Target: AChannelManager,
+	TP::Target: TimeProvider,
+	NS::Target: NodeSigner,
+{
+	fn is_engaged(&self, counterparty_node_id: &PublicKey) -> bool {
+		self.client_has_open_channel(counterparty_node_id)
+	}
+}

lightning-liquidity/src/lib.rs

@@ -58,6 +58,7 @@ mod prelude {
 	pub(crate) use lightning::util::hash_tables::*;
 }
 
+pub mod dos_protection_enforcer;
 pub mod events;
 pub mod lsps0;
 pub mod lsps1;

lightning-liquidity/src/lsps1/service.rs

@@ -174,6 +174,17 @@ where
 		&self.config
 	}
 
+	pub(crate) fn has_active_requests(&self, counterparty_node_id: &PublicKey) -> bool {
+		let outer_state_lock = self.per_peer_state.read().unwrap();
+		if let Some(inner_state_lock) = outer_state_lock.get(counterparty_node_id) {
+			let peer_state = inner_state_lock.lock().unwrap();
+			!(peer_state.pending_requests.is_empty()
+				&& peer_state.outbound_channels_by_order_id.is_empty())
+		} else {
+			false
+		}
+	}
+
 	fn handle_get_info_request(
 		&self, request_id: LSPSRequestId, counterparty_node_id: &PublicKey,
 	) -> Result<(), LightningError> {

lightning-liquidity/src/lsps2/service.rs

@@ -427,6 +427,10 @@ impl OutboundJITChannel {
 		matches!(self.state, OutboundJITChannelState::PendingInitialPayment { .. })
 	}
 
+	fn is_pending_channel_open(&self) -> bool {
+		matches!(self.state, OutboundJITChannelState::PendingChannelOpen { .. })
+	}
+
 	fn is_prunable(&self) -> bool {
 		// We deem an OutboundJITChannel prunable if our offer expired and we haven't intercepted
 		// any HTLCs initiating the flow yet.
@@ -572,6 +576,21 @@ where
 		&self.config
 	}
 
+	pub(crate) fn has_pending_channel_open_request(
+		&self, counterparty_node_id: &PublicKey,
+	) -> bool {
+		let outer_state_lock = self.per_peer_state.read().unwrap();
+		if let Some(inner_state_lock) = outer_state_lock.get(counterparty_node_id) {
+			let peer_state = inner_state_lock.lock().unwrap();
+			peer_state
+				.outbound_channels_by_intercept_scid
+				.values()
+				.any(|c| c.is_pending_channel_open())
+		} else {
+			false
+		}
+	}
+
 	/// Used by LSP to inform a client requesting a JIT Channel the token they used is invalid.
 	///
 	/// Should be called in response to receiving a [`LSPS2ServiceEvent::GetInfo`] event.

lightning-liquidity/src/lsps5/service.rs

@@ -64,6 +64,8 @@ struct StoredWebhook {
 pub struct LSPS5ServiceConfig {
 	/// Maximum number of webhooks allowed per client.
 	pub max_webhooks_per_client: u32,
+	/// Require an existing channel or active LSPS1/LSPS2 flow before accepting requests.
+	pub enforce_dos_protections: bool,
 }
 
 /// Default maximum number of webhooks allowed per client.
@@ -74,7 +76,10 @@ pub const DEFAULT_NOTIFICATION_COOLDOWN_HOURS: Duration = Duration::from_secs(60
 // Default configuration for LSPS5 service.
 impl Default for LSPS5ServiceConfig {
 	fn default() -> Self {
-		Self { max_webhooks_per_client: DEFAULT_MAX_WEBHOOKS_PER_CLIENT }
+		Self {
+			max_webhooks_per_client: DEFAULT_MAX_WEBHOOKS_PER_CLIENT,
+			enforce_dos_protections: true,
+		}
 	}
 }
 
@@ -150,6 +155,11 @@ where
 		}
 	}
 
+	/// Returns a reference to the used config.
+	pub fn config(&self) -> &LSPS5ServiceConfig {
+		&self.config
+	}
+
 	fn check_prune_stale_webhooks(&self) {
 		let now =
 			LSPSDateTime::new_from_duration_since_epoch(self.time_provider.duration_since_epoch());
@@ -515,7 +525,7 @@ where
 		*last_pruning = Some(now);
 	}
 
-	fn client_has_open_channel(&self, client_id: &PublicKey) -> bool {
+	pub(crate) fn client_has_open_channel(&self, client_id: &PublicKey) -> bool {
 		self.channel_manager
 			.get_cm()
 			.list_channels()

lightning-liquidity/src/manager.rs

@@ -1,6 +1,7 @@
 use alloc::string::ToString;
 use alloc::vec::Vec;
 
+use crate::dos_protection_enforcer::DosProtectionEnforcer;
 use crate::events::{EventQueue, LiquidityEvent};
 use crate::lsps0::client::LSPS0ClientHandler;
 use crate::lsps0::msgs::LSPS0Message;
@@ -483,6 +484,18 @@ where
 		self.pending_events.get_and_clear_pending_events()
 	}
 
+	fn peer_is_engaged(&self, peer: &PublicKey) -> bool {
+		let lsps5_engaged =
+			self.lsps5_service_handler.as_ref().map_or(false, |h| h.is_engaged(peer));
+		let lsps2_engaged =
+			self.lsps2_service_handler.as_ref().map_or(false, |h| h.is_engaged(peer));
+		#[cfg(lsps1_service)]
+		let lsps1_engaged = self.lsps1_service_handler.as_ref().map_or(false, |h| h.is_engaged(peer));
+		#[cfg(not(lsps1_service))]
+		let lsps1_engaged = false;
+		lsps5_engaged || lsps2_engaged || lsps1_engaged
+	}
+
 	fn handle_lsps_message(
 		&self, msg: LSPSMessage, sender_node_id: &PublicKey,
 	) -> Result<(), lightning::ln::msgs::LightningError> {
@@ -559,6 +572,17 @@ where
 			LSPSMessage::LSPS5(msg @ LSPS5Message::Request(..)) => {
 				match &self.lsps5_service_handler {
 					Some(lsps5_service_handler) => {
+						if lsps5_service_handler.config().enforce_dos_protections {
+							if !self.peer_is_engaged(sender_node_id) {
+								return Err(LightningError {
+                                    err: format!(
+                                        "Rejecting LSPS5 request from {:?} without existing engagement",
+                                        sender_node_id
+                                    ),
+                                    action: ErrorAction::IgnoreAndLog(Level::Info),
+                                });
+							}
+						}
 						lsps5_service_handler.handle_message(msg, sender_node_id)?;
 					},
 					None => {