lightning_signer/policy/
mod.rs

1/// Policy errors
2#[macro_use]
3pub mod error;
4/// Filter
5pub mod filter;
6/// Null policy enforcement
7#[cfg(feature = "test_utils")]
8pub mod null_validator;
9/// Basic policy enforcement plus on-chain validation
10pub mod onchain_validator;
11/// Basic policy enforcement
12pub mod simple_validator;
13/// Policy enforcement interface
14pub mod validator;
15
16use crate::policy::error::temporary_policy_error;
17use crate::prelude::*;
18use crate::util::velocity::{VelocityControlIntervalType, VelocityControlSpec};
19use core::time::Duration;
20use error::{policy_error, ValidationError};
21use filter::{FilterResult, PolicyFilter};
22use log::warn;
23
24/// The default velocity control for L1 fees
25pub const DEFAULT_FEE_VELOCITY_CONTROL: VelocityControlSpec = VelocityControlSpec {
26    limit_msat: 1_000_000_000,
27    interval_type: VelocityControlIntervalType::Daily,
28};
29
30/// Default maximum number of concurrent channels
31pub const MAX_CHANNELS: usize = 1000; // WORKAROUND for #305, #306
32
33/// Default maximum number of outstanding invoices (issued and approved)
34pub const MAX_INVOICES: usize = 1000;
35
36/// The maximum L1 transaction size
37pub const MAX_ONCHAIN_TX_SIZE: usize = 32 * 1024;
38
39/// A new invoice must not expire sooner than this many seconds from now.
40pub const MIN_INVOICE_EXPIRY: Duration = Duration::from_secs(60);
41
42/// Allowed clock skew (e.g. from invoice issuer to us)
43pub const MAX_CLOCK_SKEW: Duration = Duration::from_secs(60);
44
45/// An enforcement policy
46pub trait Policy: Send + Sync {
47    /// A policy error has occurred.
48    /// Policy errors can be converted to warnings by returning `Ok(())`
49    fn policy_error(&self, _tag: String, msg: String) -> Result<(), error::ValidationError>;
50    /// A temporary policy error has occurred.
51    /// Policy errors can be converted to warnings by returning `Ok(())`
52    fn temporary_policy_error(
53        &self,
54        _tag: String,
55        msg: String,
56    ) -> Result<(), error::ValidationError>;
57    /// Log at ERROR or WARN matching the policy error handling
58    fn policy_log(&self, _tag: String, msg: String);
59    /// Velocity control to apply to the entire node
60    fn global_velocity_control(&self) -> VelocityControlSpec;
61    /// Maximum number of concurrent channels
62    fn max_channels(&self) -> usize {
63        MAX_CHANNELS
64    }
65    /// Maximum number of concurrent invoices (issued and approved)
66    fn max_invoices(&self) -> usize {
67        MAX_INVOICES
68    }
69    /// Velocity control to apply to L1 fees paid by the node
70    fn fee_velocity_control(&self) -> VelocityControlSpec;
71}
72
73fn policy_error_with_filter(
74    tag: String,
75    msg: String,
76    filter: &PolicyFilter,
77) -> Result<(), ValidationError> {
78    warn!("policy failed: {} {}", tag, msg);
79
80    if filter.filter(tag.clone()) == FilterResult::Error {
81        Err(policy_error(msg))
82    } else {
83        #[cfg(feature = "use_backtrace")]
84        warn!("BACKTRACE:\n{:?}", backtrace::Backtrace::new());
85        Ok(())
86    }
87}
88
89fn temporary_policy_error_with_filter(
90    tag: String,
91    msg: String,
92    filter: &PolicyFilter,
93) -> Result<(), ValidationError> {
94    if filter.filter(tag.clone()) == FilterResult::Error {
95        Err(temporary_policy_error(msg))
96    } else {
97        warn!("policy temporarily failed: {} {}", tag, msg);
98        #[cfg(feature = "use_backtrace")]
99        warn!("BACKTRACE:\n{:?}", backtrace::Backtrace::new());
100        Ok(())
101    }
102}