lightning_signer/policy/
mod.rs

1/// Policy errors
2#[macro_use]
3pub mod error;
4/// Filter
5pub mod filter;
6/// Null policy enforcement
7#[cfg(feature = "test_utils")]
8pub mod null_validator;
9/// Basic policy enforcement plus on-chain validation
10pub mod onchain_validator;
11/// Basic policy enforcement
12pub mod simple_validator;
13/// Policy enforcement interface
14pub mod validator;
15
16use crate::policy::error::temporary_policy_error;
17use crate::prelude::*;
18use crate::util::velocity::{VelocityControlIntervalType, VelocityControlSpec};
19use core::time::Duration;
20use error::{policy_error, ValidationError};
21use filter::{FilterResult, PolicyFilter};
22use log::warn;
23
24/// The default velocity control for L1 fees
25pub const DEFAULT_FEE_VELOCITY_CONTROL: VelocityControlSpec = VelocityControlSpec {
26    limit_msat: 1_000_000_000,
27    interval_type: VelocityControlIntervalType::Daily,
28};
29
30/// Default maximum number of concurrent channels
31pub const MAX_CHANNELS: usize = 1000; // WORKAROUND for #305, #306
32
33/// Default maximum number of outstanding invoices (issued and approved)
34pub const MAX_INVOICES: usize = 1000;
35
36/// The maximum L1 transaction size
37pub const MAX_ONCHAIN_TX_SIZE: usize = 32 * 1024;
38
39/// A new invoice must not expire sooner than this many seconds from now.
40pub const MIN_INVOICE_EXPIRY: Duration = Duration::from_secs(60);
41
42/// Allowed clock skew (e.g. from invoice issuer to us)
43pub const MAX_CLOCK_SKEW: Duration = Duration::from_secs(60);
44
45/// An enforcement policy
46pub trait Policy: Send + Sync {
47    /// A policy error has occurred.
48    /// Policy errors can be converted to warnings by returning `Ok(())`
49    fn policy_error(&self, _tag: String, msg: String) -> Result<(), error::ValidationError>;
50    /// A temporary policy error has occurred.
51    /// Policy errors can be converted to warnings by returning `Ok(())`
52    fn temporary_policy_error(
53        &self,
54        _tag: String,
55        msg: String,
56    ) -> Result<(), error::ValidationError>;
57    /// Log at ERROR or WARN matching the policy error handling
58    fn policy_log(&self, _tag: String, msg: String);
59    /// Velocity control to apply to the entire node
60    fn global_velocity_control(&self) -> VelocityControlSpec;
61    /// Maximum number of concurrent channels
62    fn max_channels(&self) -> usize {
63        MAX_CHANNELS
64    }
65    /// Maximum number of concurrent invoices (issued and approved)
66    fn max_invoices(&self) -> usize {
67        MAX_INVOICES
68    }
69    /// Velocity control to apply to L1 fees paid by the node
70    fn fee_velocity_control(&self) -> VelocityControlSpec;
71}
72
73fn policy_error_with_filter(
74    tag: String,
75    msg: String,
76    filter: &PolicyFilter,
77) -> Result<(), ValidationError> {
78    warn!("policy failed: {} {}", tag, msg);
79    let res = make_policy_error_with_filter(tag.clone(), msg.clone(), filter);
80    if let Err(ref e) = res {
81        #[cfg(feature = "use_backtrace")]
82        warn!("BACKTRACE:\n{:?}", &e.bt);
83    }
84    res
85}
86
87fn make_policy_error_with_filter(
88    tag: String,
89    msg: String,
90    filter: &PolicyFilter,
91) -> Result<(), ValidationError> {
92    if filter.filter(&tag) == FilterResult::Error {
93        Err(policy_error(tag, msg))
94    } else {
95        Ok(())
96    }
97}
98
99fn temporary_policy_error_with_filter(
100    tag: String,
101    msg: String,
102    filter: &PolicyFilter,
103) -> Result<(), ValidationError> {
104    if filter.filter(&tag) == FilterResult::Error {
105        Err(temporary_policy_error(tag, msg))
106    } else {
107        warn!("policy temporarily failed: {} {}", tag, msg);
108        #[cfg(feature = "use_backtrace")]
109        warn!("BACKTRACE:\n{:?}", backtrace::Backtrace::new());
110        Ok(())
111    }
112}