l402_middleware 2.2.1

A middleware library for rust that provides handler functions to accept microtransactions before serving ad-free content or any paid APIs.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

use lightning::ln::{PaymentHash, PaymentPreimage};
use macaroon::{Macaroon, Verifier, MacaroonKey};
use rocket::{request, Request};
use hex;

use crate::l402;

pub const L402_TYPE_FREE: &str = "FREE";
pub const L402_TYPE_PAYMENT_REQUIRED: &str = "PAYMENT REQUIRED";
pub const L402_TYPE_PAID: &str = "PAID";
pub const L402_TYPE_ERROR: &str = "ERROR";
pub const L402_HEADER: &str = "L402";
pub const L402_HEADER_NAME: &str = "Accept-Authenticate";
pub const L402_AUTHENTICATE_HEADER_NAME: &str = "WWW-Authenticate";
pub const L402_AUTHORIZATION_HEADER_NAME: &str = "Authorization";

#[derive(Clone)]
pub struct L402Info {
	pub	l402_type: String,
	pub preimage: Option<PaymentPreimage>,
	pub payment_hash: Option<PaymentHash>,
	pub error: Option<String>,
    pub auth_header: Option<String>,
}

#[rocket::async_trait]
impl<'r> request::FromRequest<'r> for L402Info {
    type Error = &'static str;

    async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
        // Retrieve L402Info from the local cache
        let l402_info = request.local_cache::<L402Info, _>(|| {
            L402Info {
                l402_type: l402::L402_TYPE_ERROR.to_string(),
                error: Some("No L402 header present".to_string()),
                preimage: None,
                payment_hash: None,
                auth_header: None,
            }
        });

        request::Outcome::Success(l402_info.clone())
    }
}

pub fn verify_l402(
    mac: &Macaroon,
    caveats: Vec<String>,
    root_key: Vec<u8>,
    preimage: PaymentPreimage,
) -> Result<(), Box<dyn std::error::Error>> {
    // caveat verification
    let mac_caveats = mac.first_party_caveats();
    if caveats.len() > mac_caveats.len() {
        return Err("Error validating macaroon: Caveats don't match".into());
    }

    let mac_key = MacaroonKey::generate(&root_key);
    let mut verifier = Verifier::default();
    
    for caveat in caveats {
        verifier.satisfy_exact(caveat.into());
    }

    match verifier.verify(&mac, &mac_key, Default::default()) {
        Ok(_) => {
            let payment_hash: PaymentHash = PaymentHash::from(preimage);
            let payment_hash_hex = hex::encode(payment_hash.0);
            
            let macaroon_id = mac.identifier().clone();
            let id_bytes = &macaroon_id.0;
            let expected_bytes = &payment_hash.0;
            
            let id_matches = if id_bytes.len() == 33 && id_bytes[0] == 0xff {
                &id_bytes[1..] == expected_bytes
            } else if id_bytes.len() == 32 {
                id_bytes == expected_bytes
            } else {
                // Fallback for unexpected lengths
                let macaroon_id_hex = hex::encode(id_bytes);
                macaroon_id_hex.contains(&payment_hash_hex)
            };

            if id_matches {
                Ok(())
            } else {
                Err(format!(
                    "Invalid PaymentHash {} for macaroon {}",
                    payment_hash_hex, hex::encode(id_bytes)
                ).into())
            }
        },
        Err(error) => {
            Err(format!("Error validating macaroon: {:?}", error).into())
        }
    }
}

/// Verify L402 using a provided Verifier instance
pub fn verify_l402_with_verifier(
    mac: &Macaroon,
    verifier: &mut Verifier,
    root_key: Vec<u8>,
    preimage: PaymentPreimage,
) -> Result<(), Box<dyn std::error::Error>> {
    let mac_key = MacaroonKey::generate(&root_key);
    
    match verifier.verify(&mac, &mac_key, Default::default()) {
        Ok(_) => {
            let payment_hash: PaymentHash = PaymentHash::from(preimage);
            let payment_hash_hex = hex::encode(payment_hash.0);
            
            let macaroon_id = mac.identifier().clone();
            let id_bytes = &macaroon_id.0;
            let expected_bytes = &payment_hash.0;
            
            let id_matches = if id_bytes.len() == 33 && id_bytes[0] == 0xff {
                &id_bytes[1..] == expected_bytes
            } else if id_bytes.len() == 32 {
                id_bytes == expected_bytes
            } else {
                // Fallback for unexpected lengths
                let macaroon_id_hex = hex::encode(id_bytes);
                macaroon_id_hex.contains(&payment_hash_hex)
            };
            
            if id_matches {
                Ok(())
            } else {
                Err(format!(
                    "Invalid PaymentHash {} for macaroon {}",
                    payment_hash_hex, hex::encode(id_bytes)
                ).into())
            }
        },
        Err(error) => {
            Err(format!("Error validating macaroon: {:?}", error).into())
        }
    }
}