RegisterRPCMiddleware
RegisterRPCMiddleware adds a new gRPC middleware to the interceptor chain. A gRPC middleware is software component external to lnd that aims to add additional business logic to lnd by observing/intercepting/validating incoming gRPC client requests and (if needed) replacing/overwriting outgoing messages before they're sent to the client. When registering the middleware must identify itself and indicate what custom macaroon caveats it wants to be responsible for. Only requests that contain a macaroon with that specific custom caveat are then sent to the middleware for inspection. The other option is to register for the read-only mode in which all requests/responses are forwarded for interception to the middleware but the middleware is not allowed to modify any responses. As a security measure, no middleware can modify responses for requests made with unencumbered macaroons!
Source: lightning.proto
gRPC
This is a bidirectional-streaming RPC
rpc RegisterRPCMiddleware (stream RPCMiddlewareResponse) returns (stream RPCMiddlewareRequest);
REST
HTTP Method | Path |
---|---|
POST | /v1/middleware |
Code Samples
- gRPC
- REST
- Shell
- Javascript
- Python
const fs = require('fs');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');
const GRPC_HOST = 'localhost:10009'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
const TLS_PATH = 'LND_DIR/tls.cert'
const loaderOptions = {
keepCase: true,
longs: String,
enums: String,
defaults: true,
oneofs: true,
};
const packageDefinition = protoLoader.loadSync('lightning.proto', loaderOptions);
const lnrpc = grpc.loadPackageDefinition(packageDefinition).lnrpc;
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
const tlsCert = fs.readFileSync(TLS_PATH);
const sslCreds = grpc.credentials.createSsl(tlsCert);
const macaroon = fs.readFileSync(MACAROON_PATH).toString('hex');
const macaroonCreds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
let metadata = new grpc.Metadata();
metadata.add('macaroon', macaroon);
callback(null, metadata);
});
let creds = grpc.credentials.combineChannelCredentials(sslCreds, macaroonCreds);
let client = new lnrpc.Lightning(GRPC_HOST, creds);
let request = {
ref_msg_id: <uint64>,
register: <MiddlewareRegistration>,
feedback: <InterceptFeedback>,
};
let call = client.registerRPCMiddleware({});
call.on('data', function(response) {
// A response was received from the server.
console.log(response);
});
call.on('status', function(status) {
// The current status of the stream.
});
call.on('end', function() {
// The server has closed the stream.
});
call.write(request);
// Console output:
// {
// "request_id": <uint64>,
// "raw_macaroon": <bytes>,
// "custom_caveat_condition": <string>,
// "stream_auth": <StreamAuth>,
// "request": <RPCMessage>,
// "response": <RPCMessage>,
// "reg_complete": <bool>,
// "msg_id": <uint64>,
// }
import codecs, grpc, os
# Generate the following 2 modules by compiling the lightning.proto with the grpcio-tools.
# See https://github.com/lightningnetwork/lnd/blob/master/docs/grpc/python.md for instructions.
import lightning_pb2 as lnrpc, lightning_pb2_grpc as lightningstub
GRPC_HOST = 'localhost:10009'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
# create macaroon credentials
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
def metadata_callback(context, callback):
callback([('macaroon', macaroon)], None)
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# create SSL credentials
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
# combine macaroon and SSL credentials
combined_creds = grpc.composite_channel_credentials(ssl_creds, auth_creds)
# make the request
channel = grpc.secure_channel(GRPC_HOST, combined_creds)
stub = lightningstub.LightningStub(channel)
# Define a generator that returns an Iterable of RPCMiddlewareResponse objects.
def request_generator():
# Initialization code here.
while True:
# Parameters here can be set as arguments to the generator.
request = lnrpc.RPCMiddlewareResponse(
ref_msg_id=<uint64>,
register=<MiddlewareRegistration>,
feedback=<InterceptFeedback>,
)
yield request
# Do things between iterations here.
request_iterable = request_generator()
for response in stub.RegisterRPCMiddleware(request_iterable):
print(response)
# {
# "request_id": <uint64>,
# "raw_macaroon": <bytes>,
# "custom_caveat_condition": <string>,
# "stream_auth": <StreamAuth>,
# "request": <RPCMessage>,
# "response": <RPCMessage>,
# "reg_complete": <bool>,
# "msg_id": <uint64>,
# }
- Javascript
- Python
const fs = require('fs');
const request = require('request');
const REST_HOST = 'localhost:8080'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
let requestBody = {
ref_msg_id: <unknown>, // <uint64>
register: <object>, // <MiddlewareRegistration>
feedback: <object>, // <InterceptFeedback>
};
let options = {
url: `https://${REST_HOST}/v1/middleware`,
// Work-around for self-signed certificates.
rejectUnauthorized: false,
json: true,
headers: {
'Grpc-Metadata-macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
},
form: JSON.stringify(requestBody),
}
request.post(options, function(error, response, body) {
console.log(body);
});
// Console output:
// {
// "request_id": <string>, // <uint64>
// "raw_macaroon": <string>, // <bytes>
// "custom_caveat_condition": <string>, // <string>
// "stream_auth": <object>, // <StreamAuth>
// "request": <object>, // <RPCMessage>
// "response": <object>, // <RPCMessage>
// "reg_complete": <boolean>, // <bool>
// "msg_id": <string>, // <uint64>
// }
// --------------------------
// Example with websockets:
// --------------------------
const WebSocket = require('ws');
const fs = require('fs');
const REST_HOST = 'localhost:8080'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
let ws = new WebSocket(`wss://${REST_HOST}/v1/middleware?method=POST`, {
// Work-around for self-signed certificates.
rejectUnauthorized: false,
headers: {
'Grpc-Metadata-Macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
},
});
let requestBody = {
ref_msg_id: <uint64>, // <uint64>
register: <MiddlewareRegistration>, // <MiddlewareRegistration>
feedback: <InterceptFeedback>, // <InterceptFeedback>
};
ws.on('open', function() {
ws.send(JSON.stringify(requestBody));
});
ws.on('error', function(err) {
console.log('Error: ' + err);
});
ws.on('message', function(body) {
console.log(body);
});
// Console output:
// {
// "request_id": <string>, // <uint64>
// "raw_macaroon": <string>, // <bytes>
// "custom_caveat_condition": <string>, // <string>
// "stream_auth": <object>, // <StreamAuth>
// "request": <object>, // <RPCMessage>
// "response": <object>, // <RPCMessage>
// "reg_complete": <boolean>, // <bool>
// "msg_id": <string>, // <uint64>
// }
import base64, codecs, json, requests
REST_HOST = 'localhost:8080'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
url = f'https://{REST_HOST}/v1/middleware'
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
headers = {'Grpc-Metadata-macaroon': macaroon}
data = {
'ref_msg_id': <uint64>,
'register': <MiddlewareRegistration>,
'feedback': <InterceptFeedback>,
}
r = requests.post(url, headers=headers, stream=True, data=json.dumps(data), verify=TLS_PATH)
for raw_response in r.iter_lines():
json_response = json.loads(raw_response)
print(json_response)
# {
# "request_id": <uint64>,
# "raw_macaroon": <bytes>,
# "custom_caveat_condition": <string>,
# "stream_auth": <StreamAuth>,
# "request": <RPCMessage>,
# "response": <RPCMessage>,
# "reg_complete": <bool>,
# "msg_id": <uint64>,
# }
# There is no CLI command for this RPC
Messages
lnrpc.RPCMiddlewareResponse
Source: lightning.proto
Field | gRPC Type | REST Type | REST Placement |
---|---|---|---|
ref_msg_id | uint64 | unknown | unknown |
register | MiddlewareRegistration | object | unknown |
feedback | InterceptFeedback | object | unknown |
lnrpc.RPCMiddlewareRequest
Source: lightning.proto
Field | gRPC Type | REST Type |
---|---|---|
request_id | uint64 | string |
raw_macaroon | bytes | string |
custom_caveat_condition | string | string |
stream_auth | StreamAuth | object |
request | RPCMessage | object |
response | RPCMessage | object |
reg_complete | bool | boolean |
msg_id | uint64 | string |
Nested Messages
lnrpc.InterceptFeedback
Field | gRPC Type | REST Type |
---|---|---|
error | string | string |
replace_response | bool | boolean |
replacement_serialized | bytes | string |
lnrpc.MiddlewareRegistration
Field | gRPC Type | REST Type |
---|---|---|
middleware_name | string | string |
custom_macaroon_caveat_name | string | string |
read_only_mode | bool | boolean |
lnrpc.RPCMessage
Field | gRPC Type | REST Type |
---|---|---|
method_full_uri | string | string |
stream_rpc | bool | boolean |
type_name | string | string |
serialized | bytes | string |
is_error | bool | boolean |
lnrpc.StreamAuth
Field | gRPC Type | REST Type |
---|---|---|
method_full_uri | string | string |