rules: thread context through

ellemouton · ellemouton · commit 21983bab7564 · 2025-01-13T09:23:20.000+02:00
diff --git a/firewall/rule_enforcer.go b/firewall/rule_enforcer.go
@@ -238,7 +238,7 @@ func (r *RuleEnforcer) handleRequest(ctx context.Context,
 		return nil, fmt.Errorf("could not extract ID from macaroon")
 	}
 
-	rules, err := r.collectEnforcers(ri, sessionID)
+	rules, err := r.collectEnforcers(ctx, ri, sessionID)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing rules: %v", err)
 	}
@@ -294,7 +294,7 @@ func (r *RuleEnforcer) handleResponse(ctx context.Context,
 		return nil, fmt.Errorf("could not extract ID from macaroon")
 	}
 
-	enforcers, err := r.collectEnforcers(ri, sessionID)
+	enforcers, err := r.collectEnforcers(ctx, ri, sessionID)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing rules: %v", err)
 	}
@@ -328,7 +328,7 @@ func (r *RuleEnforcer) handleErrorResponse(ctx context.Context,
 		return nil, fmt.Errorf("could not extract ID from macaroon")
 	}
 
-	enforcers, err := r.collectEnforcers(ri, sessionID)
+	enforcers, err := r.collectEnforcers(ctx, ri, sessionID)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing rules: %v", err)
 	}
@@ -353,7 +353,7 @@ func (r *RuleEnforcer) handleErrorResponse(ctx context.Context,
 
 // collectRule initialises and returns all the Rules that need to be enforced
 // for the given request.
-func (r *RuleEnforcer) collectEnforcers(ri *RequestInfo,
+func (r *RuleEnforcer) collectEnforcers(ctx context.Context, ri *RequestInfo,
 	sessionID session.ID) ([]rules.Enforcer, error) {
 
 	ruleEnforcers := make(
@@ -363,8 +363,8 @@ func (r *RuleEnforcer) collectEnforcers(ri *RequestInfo,
 
 	for rule, value := range ri.Rules.FeatureRules[ri.MetaInfo.Feature] {
 		r, err := r.initRule(
-			ri.RequestID, rule, []byte(value), ri.MetaInfo.Feature,
-			sessionID, false, ri.WithPrivacy,
+			ctx, ri.RequestID, rule, []byte(value),
+			ri.MetaInfo.Feature, sessionID, false, ri.WithPrivacy,
 		)
 		if err != nil {
 			return nil, err
@@ -377,8 +377,8 @@ func (r *RuleEnforcer) collectEnforcers(ri *RequestInfo,
 }
 
 // initRule initialises a rule.Rule with any required config values.
-func (r *RuleEnforcer) initRule(reqID uint64, name string, value []byte,
-	featureName string, sessionID session.ID,
+func (r *RuleEnforcer) initRule(ctx context.Context, reqID uint64, name string,
+	value []byte, featureName string, sessionID session.ID,
 	sessionRule, privacy bool) (rules.Enforcer, error) {
 
 	ruleValues, err := r.ruleMgrs.InitRuleValues(name, value)
@@ -425,5 +425,5 @@ func (r *RuleEnforcer) initRule(reqID uint64, name string, value []byte,
 		LndConnID:    r.lndConnID,
 	}
 
-	return r.ruleMgrs.InitEnforcer(cfg, name, ruleValues)
+	return r.ruleMgrs.InitEnforcer(ctx, cfg, name, ruleValues)
 }
diff --git a/rules/chan_policy_bounds.go b/rules/chan_policy_bounds.go
@@ -39,8 +39,8 @@ func (b *ChanPolicyBoundsMgr) Stop() error {
 // values and config.
 //
 // NOTE: This is part of the Manager interface.
-func (b *ChanPolicyBoundsMgr) NewEnforcer(_ Config, values Values) (Enforcer,
-	error) {
+func (b *ChanPolicyBoundsMgr) NewEnforcer(_ context.Context, _ Config,
+	values Values) (Enforcer, error) {
 
 	bounds, ok := values.(*ChanPolicyBounds)
 	if !ok {
diff --git a/rules/channel_constraints.go b/rules/channel_constraints.go
@@ -38,8 +38,8 @@ func (m *ChanConstraintMgr) Stop() error {
 // values and config.
 //
 // NOTE: This is part of the Manager interface.
-func (m *ChanConstraintMgr) NewEnforcer(_ Config, values Values) (Enforcer,
-	error) {
+func (m *ChanConstraintMgr) NewEnforcer(_ context.Context, _ Config,
+	values Values) (Enforcer, error) {
 
 	bounds, ok := values.(*ChannelConstraint)
 	if !ok {
diff --git a/rules/channel_restrictions.go b/rules/channel_restrictions.go
@@ -60,8 +60,8 @@ func (c *ChannelRestrictMgr) Stop() error {
 // values and config.
 //
 // NOTE: This is part of the Manager interface.
-func (c *ChannelRestrictMgr) NewEnforcer(cfg Config, values Values) (Enforcer,
-	error) {
+func (c *ChannelRestrictMgr) NewEnforcer(ctx context.Context, cfg Config,
+	values Values) (Enforcer, error) {
 
 	channels, ok := values.(*ChannelRestrict)
 	if !ok {
@@ -72,7 +72,8 @@ func (c *ChannelRestrictMgr) NewEnforcer(cfg Config, values Values) (Enforcer,
 	chanMap := make(map[uint64]bool, len(channels.DenyList))
 	for _, chanID := range channels.DenyList {
 		chanMap[chanID] = true
-		if err := c.maybeUpdateChannelMaps(cfg, chanID); err != nil {
+		err := c.maybeUpdateChannelMaps(ctx, cfg, chanID)
+		if err != nil {
 			return nil, err
 		}
 	}
@@ -118,8 +119,8 @@ func (c *ChannelRestrictMgr) EmptyValue() Values {
 
 // maybeUpdateChannelMaps updates the ChannelRestrictMgrs set of known channels
 // iff the channel given by the caller is not found in the current map set.
-func (c *ChannelRestrictMgr) maybeUpdateChannelMaps(cfg Config,
-	chanID uint64) error {
+func (c *ChannelRestrictMgr) maybeUpdateChannelMaps(ctx context.Context,
+	cfg Config, chanID uint64) error {
 
 	c.mu.Lock()
 	defer c.mu.Unlock()
@@ -133,7 +134,7 @@ func (c *ChannelRestrictMgr) maybeUpdateChannelMaps(cfg Config,
 
 	// Fetch a list of our open channels from LND.
 	lnd := cfg.GetLndClient()
-	chans, err := lnd.ListChannels(context.Background(), false, false)
+	chans, err := lnd.ListChannels(ctx, false, false)
 	if err != nil {
 		return err
 	}
diff --git a/rules/channel_restrictions_test.go b/rules/channel_restrictions_test.go
@@ -53,7 +53,7 @@ func TestChannelRestrictCheckRequest(t *testing.T) {
 			},
 		},
 	}
-	enf, err := mgr.NewEnforcer(cfg, &ChannelRestrict{
+	enf, err := mgr.NewEnforcer(ctx, cfg, &ChannelRestrict{
 		DenyList: []uint64{
 			chanID1, chanID2,
 		},
diff --git a/rules/history_limit.go b/rules/history_limit.go
@@ -38,8 +38,8 @@ func (h *HistoryLimitMgr) Stop() error {
 // values and config.
 //
 // NOTE: This is part of the Manager interface.
-func (h *HistoryLimitMgr) NewEnforcer(_ Config, values Values) (Enforcer,
-	error) {
+func (h *HistoryLimitMgr) NewEnforcer(_ context.Context, _ Config,
+	values Values) (Enforcer, error) {
 
 	limit, ok := values.(*HistoryLimit)
 	if !ok {
diff --git a/rules/interfaces.go b/rules/interfaces.go
@@ -16,7 +16,8 @@ import (
 type Manager interface {
 	// NewEnforcer constructs a new rule enforcer using the passed values
 	// and config.
-	NewEnforcer(cfg Config, values Values) (Enforcer, error)
+	NewEnforcer(ctx context.Context, cfg Config, values Values) (Enforcer,
+		error)
 
 	// NewValueFromProto converts the given proto value into a Value object.
 	NewValueFromProto(p *litrpc.RuleValue) (Values, error)
diff --git a/rules/manager_set.go b/rules/manager_set.go
@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 
@@ -32,7 +33,7 @@ func NewRuleManagerSet() ManagerSet {
 
 // InitEnforcer gets the appropriate rule Manager for the given name and uses it
 // to create an appropriate rule Enforcer.
-func (m ManagerSet) InitEnforcer(cfg Config, name string,
+func (m ManagerSet) InitEnforcer(ctx context.Context, cfg Config, name string,
 	values Values) (Enforcer, error) {
 
 	mgr, ok := m[name]
@@ -41,7 +42,7 @@ func (m ManagerSet) InitEnforcer(cfg Config, name string,
 			name)
 	}
 
-	return mgr.NewEnforcer(cfg, values)
+	return mgr.NewEnforcer(ctx, cfg, values)
 }
 
 // GetAllRules returns a map of names of all the rules supported by rule
diff --git a/rules/onchain_budget.go b/rules/onchain_budget.go
@@ -63,8 +63,8 @@ func (o *OnChainBudgetMgr) Stop() error {
 // passed values and config.
 //
 // NOTE: This is part of the Manager interface.
-func (o *OnChainBudgetMgr) NewEnforcer(cfg Config, values Values) (Enforcer,
-	error) {
+func (o *OnChainBudgetMgr) NewEnforcer(_ context.Context, cfg Config,
+	values Values) (Enforcer, error) {
 
 	budget, ok := values.(*OnChainBudget)
 	if !ok {
diff --git a/rules/peer_restrictions.go b/rules/peer_restrictions.go
@@ -53,8 +53,8 @@ func (c *PeerRestrictMgr) Stop() error {
 // values and config.
 //
 // NOTE: This is part of the Manager interface.
-func (c *PeerRestrictMgr) NewEnforcer(cfg Config, values Values) (Enforcer,
-	error) {
+func (c *PeerRestrictMgr) NewEnforcer(ctx context.Context, cfg Config,
+	values Values) (Enforcer, error) {
 
 	peers, ok := values.(*PeerRestrict)
 	if !ok {
@@ -65,7 +65,7 @@ func (c *PeerRestrictMgr) NewEnforcer(cfg Config, values Values) (Enforcer,
 	peerMap := make(map[string]bool, len(peers.DenyList))
 	for _, peerID := range peers.DenyList {
 		peerMap[peerID] = true
-		if err := c.maybeUpdateMaps(cfg, peerID); err != nil {
+		if err := c.maybeUpdateMaps(ctx, cfg, peerID); err != nil {
 			return nil, err
 		}
 	}
@@ -112,8 +112,8 @@ func (c *PeerRestrictMgr) EmptyValue() Values {
 
 // maybeUpdateMaps updates the managers peer-to-channel and channel-to-peer maps
 // if the given peer ID is unknown to the manager.
-func (c *PeerRestrictMgr) maybeUpdateMaps(cfg peerRestrictCfg,
-	id string) error {
+func (c *PeerRestrictMgr) maybeUpdateMaps(ctx context.Context,
+	cfg peerRestrictCfg, id string) error {
 
 	c.mu.Lock()
 	defer c.mu.Unlock()
@@ -122,15 +122,17 @@ func (c *PeerRestrictMgr) maybeUpdateMaps(cfg peerRestrictCfg,
 		return nil
 	}
 
-	return c.updateMapsUnsafe(cfg)
+	return c.updateMapsUnsafe(ctx, cfg)
 }
 
 // updateMapsUnsafe updates the manager's peer-to-channel and channel-to-peer
 // maps. It is not thread safe and so must only be called if the manager's
 // mutex is being held.
-func (c *PeerRestrictMgr) updateMapsUnsafe(cfg peerRestrictCfg) error {
+func (c *PeerRestrictMgr) updateMapsUnsafe(ctx context.Context,
+	cfg peerRestrictCfg) error {
+
 	lnd := cfg.GetLndClient()
-	chans, err := lnd.ListChannels(context.Background(), false, false)
+	chans, err := lnd.ListChannels(ctx, false, false)
 	if err != nil {
 		return err
 	}
@@ -152,8 +154,8 @@ func (c *PeerRestrictMgr) updateMapsUnsafe(cfg peerRestrictCfg) error {
 	return nil
 }
 
-func (c *PeerRestrictMgr) getPeerFromChanPoint(cfg peerRestrictCfg,
-	cp string) (string, bool, error) {
+func (c *PeerRestrictMgr) getPeerFromChanPoint(ctx context.Context,
+	cfg peerRestrictCfg, cp string) (string, bool, error) {
 
 	c.mu.Lock()
 	defer c.mu.Unlock()
@@ -163,7 +165,7 @@ func (c *PeerRestrictMgr) getPeerFromChanPoint(cfg peerRestrictCfg,
 		return peer, ok, nil
 	}
 
-	err := c.updateMapsUnsafe(cfg)
+	err := c.updateMapsUnsafe(ctx, cfg)
 	if err != nil {
 		return "", false, err
 	}
@@ -295,7 +297,7 @@ func (c *PeerRestrictEnforcer) checkers() map[string]mid.RoundTripChecker {
 				point := fmt.Sprintf("%s:%d", txid, index)
 
 				peerID, ok, err := c.mgr.getPeerFromChanPoint(
-					c.cfg, point,
+					ctx, c.cfg, point,
 				)
 				if err != nil {
 					return err
diff --git a/rules/peer_restrictions_test.go b/rules/peer_restrictions_test.go
@@ -68,7 +68,7 @@ func TestPeerRestrictCheckRequest(t *testing.T) {
 		},
 	}
 
-	enf, err := mgr.NewEnforcer(cfg, &PeerRestrict{
+	enf, err := mgr.NewEnforcer(ctx, cfg, &PeerRestrict{
 		DenyList: []string{
 			peerID1, peerID2,
 		},
diff --git a/rules/rate_limit.go b/rules/rate_limit.go
@@ -38,8 +38,8 @@ func (r *RateLimitMgr) Stop() error {
 // and config.
 //
 // NOTE: This is part of the Manager interface.
-func (r *RateLimitMgr) NewEnforcer(cfg Config, values Values) (Enforcer,
-	error) {
+func (r *RateLimitMgr) NewEnforcer(_ context.Context, cfg Config,
+	values Values) (Enforcer, error) {
 
 	limits, ok := values.(*RateLimit)
 	if !ok {

Original file line number	Diff line number	Diff line change
`@@ -238,7 +238,7 @@ func (r *RuleEnforcer) handleRequest(ctx context.Context,`
`238`	`238`	`return nil, fmt.Errorf("could not extract ID from macaroon")`
`239`	`239`	`}`
`240`	`240`
`241`		`- rules, err := r.collectEnforcers(ri, sessionID)`
	`241`	`+ rules, err := r.collectEnforcers(ctx, ri, sessionID)`
`242`	`242`	`if err != nil {`
`243`	`243`	`return nil, fmt.Errorf("error parsing rules: %v", err)`
`244`	`244`	`}`
`@@ -294,7 +294,7 @@ func (r *RuleEnforcer) handleResponse(ctx context.Context,`
`294`	`294`	`return nil, fmt.Errorf("could not extract ID from macaroon")`
`295`	`295`	`}`
`296`	`296`
`297`		`- enforcers, err := r.collectEnforcers(ri, sessionID)`
	`297`	`+ enforcers, err := r.collectEnforcers(ctx, ri, sessionID)`
`298`	`298`	`if err != nil {`
`299`	`299`	`return nil, fmt.Errorf("error parsing rules: %v", err)`
`300`	`300`	`}`
`@@ -328,7 +328,7 @@ func (r *RuleEnforcer) handleErrorResponse(ctx context.Context,`
`328`	`328`	`return nil, fmt.Errorf("could not extract ID from macaroon")`
`329`	`329`	`}`
`330`	`330`
`331`		`- enforcers, err := r.collectEnforcers(ri, sessionID)`
	`331`	`+ enforcers, err := r.collectEnforcers(ctx, ri, sessionID)`
`332`	`332`	`if err != nil {`
`333`	`333`	`return nil, fmt.Errorf("error parsing rules: %v", err)`
`334`	`334`	`}`
`@@ -353,7 +353,7 @@ func (r *RuleEnforcer) handleErrorResponse(ctx context.Context,`
`353`	`353`
`354`	`354`	`// collectRule initialises and returns all the Rules that need to be enforced`
`355`	`355`	`// for the given request.`
`356`		`-func (r RuleEnforcer) collectEnforcers(ri RequestInfo,`
	`356`	`+func (r RuleEnforcer) collectEnforcers(ctx context.Context, ri RequestInfo,`
`357`	`357`	`sessionID session.ID) ([]rules.Enforcer, error) {`
`358`	`358`
`359`	`359`	`ruleEnforcers := make(`
`@@ -363,8 +363,8 @@ func (r RuleEnforcer) collectEnforcers(ri RequestInfo,`
`363`	`363`
`364`	`364`	`for rule, value := range ri.Rules.FeatureRules[ri.MetaInfo.Feature] {`
`365`	`365`	`r, err := r.initRule(`
`366`		`- ri.RequestID, rule, []byte(value), ri.MetaInfo.Feature,`
`367`		`- sessionID, false, ri.WithPrivacy,`
	`366`	`+ ctx, ri.RequestID, rule, []byte(value),`
	`367`	`+ ri.MetaInfo.Feature, sessionID, false, ri.WithPrivacy,`
`368`	`368`	`)`
`369`	`369`	`if err != nil {`
`370`	`370`	`return nil, err`
`@@ -377,8 +377,8 @@ func (r RuleEnforcer) collectEnforcers(ri RequestInfo,`
`377`	`377`	`}`
`378`	`378`
`379`	`379`	`// initRule initialises a rule.Rule with any required config values.`
`380`		`-func (r *RuleEnforcer) initRule(reqID uint64, name string, value []byte,`
`381`		`- featureName string, sessionID session.ID,`
	`380`	`+func (r *RuleEnforcer) initRule(ctx context.Context, reqID uint64, name string,`
	`381`	`+ value []byte, featureName string, sessionID session.ID,`
`382`	`382`	`sessionRule, privacy bool) (rules.Enforcer, error) {`
`383`	`383`
`384`	`384`	`ruleValues, err := r.ruleMgrs.InitRuleValues(name, value)`
`@@ -425,5 +425,5 @@ func (r *RuleEnforcer) initRule(reqID uint64, name string, value []byte,`
`425`	`425`	`LndConnID: r.lndConnID,`
`426`	`426`	`}`
`427`	`427`
`428`		`- return r.ruleMgrs.InitEnforcer(cfg, name, ruleValues)`
	`428`	`+ return r.ruleMgrs.InitEnforcer(ctx, cfg, name, ruleValues)`
`429`	`429`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ func TestChannelRestrictCheckRequest(t *testing.T) {`
`53`	`53`	`},`
`54`	`54`	`},`
`55`	`55`	`}`
`56`		`- enf, err := mgr.NewEnforcer(cfg, &ChannelRestrict{`
	`56`	`+ enf, err := mgr.NewEnforcer(ctx, cfg, &ChannelRestrict{`
`57`	`57`	`DenyList: []uint64{`
`58`	`58`	`chanID1, chanID2,`
`59`	`59`	`},`