autopilot: feature configuration

autopilotserver/client.go

@@ -357,10 +357,11 @@ func (c *Client) ListFeatures(ctx context.Context) (map[string]*Feature,
 		perms := unmarshalPermissions(feature.PermissionsList)
 		rules := unmarshalRules(feature.Rules)
 		features[i] = &Feature{
-			Name:        feature.Name,
-			Description: feature.Description,
-			Permissions: perms,
-			Rules:       rules,
+			Name:          feature.Name,
+			Description:   feature.Description,
+			Permissions:   perms,
+			Rules:         rules,
+			Configuration: feature.Configuration,
 		}
 	}
 

autopilotserver/interface.go

@@ -67,6 +67,9 @@ type Feature struct {
 	// Rules is a list of all the firewall that must be specified for this
 	// feature.
 	Rules map[string]*RuleValues
+
+	// Configuration is a JSON-serialized configuration of the feature.
+	Configuration []byte
 }
 
 // RuleValues holds the default value along with the sane max and min values

autopilotserverrpc/autopilotserver.proto

@@ -87,6 +87,11 @@ message Feature {
     A list of the permissions that the feature will require to operate.
     */
     repeated Permissions permissions_list = 4;
+
+    /*
+    The JSON-marshaled representation of a feature's configuration.
+    */
+    bytes configuration = 5;
 }
 
 message Rule {

cmd/litcli/autopilot.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"encoding/hex"
+	"fmt"
 	"strconv"
 	"strings"
 	"time"
@@ -65,6 +66,12 @@ var addAutopilotSessionCmd = cli.Command{
 				"perform actions on. In the " +
 				"form of: peerID1,peerID2,...",
 		},
+		cli.StringSliceFlag{
+			Name: "configuration",
+			Usage: `per feature JSON-serialized configuration, ` +
+				`expected format: {"version":0,"option1":` +
+				`"parameter1","option2":"parameter2",...}`,
+		},
 	},
 }
 
@@ -216,11 +223,27 @@ func initAutopilotSession(ctx *cli.Context) error {
 		}
 	}
 
+	configs := ctx.StringSlice("configuration")
+	features := ctx.StringSlice("feature")
+
+	if len(configs) > 0 && len(features) != len(configs) {
+		return fmt.Errorf("number of features and configurations " +
+			"must match")
+	}
+
 	featureMap := make(map[string]*litrpc.FeatureConfig)
-	for _, feature := range ctx.StringSlice("feature") {
+	for i, feature := range ctx.StringSlice("feature") {
+		var config []byte
+
+		// We allow empty configs, to signal the usage of the default
+		// configuration when the session is registered.
+		if len(configs) > 0 && configs[i] != "{}" {
+			config = []byte(configs[i])
+		}
+
 		featureMap[feature] = &litrpc.FeatureConfig{
 			Rules:  ruleMap,
-			Config: nil,
+			Config: config,
 		}
 	}
 

firewall/privacy_mapper.go

@@ -6,6 +6,8 @@ import (
 	"errors"
 	"fmt"
 	"math/big"
+	"regexp"
+	"strings"
 	"time"
 
 	"github.com/lightninglabs/lightning-terminal/firewalldb"
@@ -833,3 +835,41 @@ func CryptoRandIntn(n int) (int, error) {
 
 	return int(nBig.Int64()), nil
 }
+
+// ObfuscateConfig alters the config string by replacing pubkeys with random
+// values and updates the privacy pair map.
+func ObfuscateConfig(privacyPairs map[string]string, configB []byte) ([]byte,
+	error) {
+
+	// The config is a JSON blob, so we interpret it as a string to detect
+	// any patterns we want to replace.
+	config := string(configB)
+
+	// Replace all pubkeys with a pseudo-random string.
+	pubKeyRegex := regexp.MustCompile(`[a-fA-F0-9]+`)
+	matches := pubKeyRegex.FindAllString(config, -1)
+
+	for _, match := range matches {
+		// A pubkey is 66 characters long.
+		if len(match) != 66 {
+			continue
+		}
+
+		if _, ok := privacyPairs[match]; ok {
+			continue
+		}
+
+		replacement, err := firewalldb.NewPseudoStr(len(match))
+		if err != nil {
+			return nil, err
+		}
+		privacyPairs[match] = replacement
+	}
+
+	// Replace all occurances.
+	for k, v := range privacyPairs {
+		config = strings.ReplaceAll(config, k, v)
+	}
+
+	return []byte(config), nil
+}

firewall/privacy_mapper_test.go

@@ -675,6 +675,68 @@ func TestHideBool(t *testing.T) {
 	require.False(t, val)
 }
 
+// TestObfuscateConfig tests that we substitute substrings in the config
+// correctly.
+func TestObfuscateConfig(t *testing.T) {
+	tests := []struct {
+		name            string
+		config          []byte
+		expectedPubKeys int
+	}{
+		{
+			name: "empty",
+		},
+		{
+			name: "pubkeys",
+			config: []byte(`{"version":1,"pubkeys":` +
+				`"d23da57575cdcb878ac191e1e0c8a5c4f061b11cfdc7a8ec5c9d495270de66fdbf,` +
+				`0e092708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca85,` +
+				`DEAD2708c9e737115ff14a85b65466561280d77c1b8cd666bc655536ad81ccca85,` +
+				`586b59212da4623c40dcc68c4573da1719e5893630790c9f2db8940fff3efd8cd4"}`),
+			expectedPubKeys: 4,
+		},
+		{
+			name: "too short pubkey",
+			config: []byte(`{"version":1,"pubkeys":` +
+				`"d23da57575cdcb878ac191e1e0c8a5c4f061b11"}`),
+			expectedPubKeys: 0,
+		},
+		{
+			name: "too long pubkey",
+			config: []byte(`{"version":1,"pubkeys":` +
+				`"586b59212da4623c40dcc68c4573da1719e5893630790c9f2db8940fff3efd8cd4dead"}`),
+			expectedPubKeys: 0,
+		},
+		{
+			name: "nonhex",
+			config: []byte(`{"version":1,"pubkeys":` +
+				`"x86b59212da4623c40dcc68c4573da1719e5893630790c9f2db8940fff3efd8cd4"}`),
+			expectedPubKeys: 0,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+
+		t.Run(tt.name, func(t *testing.T) {
+			privacyPairMap := make(map[string]string)
+			config, err := ObfuscateConfig(
+				privacyPairMap, tt.config,
+			)
+			require.NoError(t, err)
+
+			// We expect the config to be obfuscated only if there
+			// are pubkeys.
+			if tt.expectedPubKeys > 0 {
+				require.NotEqual(t, config, tt.config)
+			}
+			require.Equal(t, len(tt.config), len(config))
+			require.Equal(t, tt.expectedPubKeys,
+				len(privacyPairMap))
+		})
+	}
+}
+
 // mean computes the mean of the given slice of numbers.
 func mean(numbers []uint64) uint64 {
 	sum := uint64(0)

litrpc/lit-autopilot.proto

@@ -156,6 +156,11 @@ message Feature {
     feature rules set contains a rule that Litd is unaware of.
     */
     bool requires_upgrade = 5;
+
+    /*
+    Represents the JSON-serialized configuration of a feature.
+    */
+    string configuration = 6;
 }
 
 message RuleValues {
@@ -191,4 +196,4 @@ message Permissions {
     A list of the permissions required for this method.
     */
     repeated MacaroonPermission operations = 2;
-}
+}

litrpc/lit-autopilot.swagger.json

@@ -260,6 +260,10 @@
         "requires_upgrade": {
           "type": "boolean",
           "description": "A boolean indicating if the user would need to upgrade their Litd version in\norder to subscribe to the Autopilot feature. This will be true if the\nfeature rules set contains a rule that Litd is unaware of."
+        },
+        "configuration": {
+          "type": "string",
+          "description": "Represents the JSON-serialized configuration of a feature."
         }
       }
     },
@@ -578,6 +582,13 @@
           "type": "string",
           "format": "uint64",
           "description": "The unix timestamp indicating the time at which the session was revoked.\nNote that this field has not been around since the beginning and so it\ncould be the case that a session has been revoked but that this field\nwill not have been set for that session. Therefore, it is suggested that\nreaders should not assume that if this field is zero that the session is\nnot revoked. Readers should instead first check the session_state field."
+        },
+        "feature_configs": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Configurations for each individual feature mapping from the feature name to\na JSON-serialized configuration."
         }
       }
     },