From a0dc36d04fa1be928ae55b4a5c4b255495acc1a9 Mon Sep 17 00:00:00 2001
From: sputn1ck <kon@kon.ninja>
Date: Tue, 18 Feb 2025 11:34:58 +0100
Subject: [PATCH] (optional) multi: add public price oracle flag

---
 config.go        | 2 ++
 perms/perms.go   | 8 +++++++-
 sample-tapd.conf | 3 +++
 server.go        | 1 +
 tapcfg/config.go | 1 +
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/config.go b/config.go
index d08e2e551..681e958bc 100644
--- a/config.go
+++ b/config.go
@@ -53,6 +53,8 @@ type RPCConfig struct {
 
 	AllowPublicStats bool
 
+	AllowPublicPriceOracle bool
+
 	LetsEncryptDir string
 
 	LetsEncryptListen string
diff --git a/perms/perms.go b/perms/perms.go
index c0d6fd3dd..91c382d14 100644
--- a/perms/perms.go
+++ b/perms/perms.go
@@ -336,7 +336,8 @@ var (
 // macaroon authentication.
 func MacaroonWhitelist(allowUniPublicAccessRead bool,
 	allowUniPublicAccessWrite bool, allowPublicUniProofCourier bool,
-	allowPublicStats bool) map[string]struct{} {
+	allowPublicStats bool, allowPublicPriceOracle bool,
+) map[string]struct{} {
 
 	// Make a copy of the default whitelist.
 	whitelist := make(map[string]struct{})
@@ -361,5 +362,10 @@ func MacaroonWhitelist(allowUniPublicAccessRead bool,
 		whitelist["/universerpc.Universe/QueryEvents"] = struct{}{}
 	}
 
+	// Conditionally add public price oracle RPC endpoints to the whitelist.
+	if allowPublicPriceOracle {
+		whitelist["/priceoraclerpc.PriceOracle/QueryAssetRates"] = struct{}{} // nolint: lll
+	}
+
 	return whitelist
 }
diff --git a/sample-tapd.conf b/sample-tapd.conf
index ba91f742b..dc6b26640 100644
--- a/sample-tapd.conf
+++ b/sample-tapd.conf
@@ -128,6 +128,9 @@
 ; Disable macaroon authentication for stats RPC endpoints
 ; allow-public-stats=false
 
+; Disble macaroon authentication for price oracle proxy RPC endpoints
+; allow-public-price-oracle=false
+
 ; Add an ip:port/hostname to allow cross origin access from
 ; To allow all origins, set as "*"
 ; restcors=
diff --git a/server.go b/server.go
index bede71108..61ee92c7c 100644
--- a/server.go
+++ b/server.go
@@ -315,6 +315,7 @@ func (s *Server) RunUntilShutdown(mainErrChan <-chan error) error {
 		s.cfg.UniversePublicAccess.IsWriteAccessGranted(),
 		s.cfg.RPCConfig.AllowPublicUniProofCourier,
 		s.cfg.RPCConfig.AllowPublicStats,
+		s.cfg.RPCConfig.AllowPublicPriceOracle,
 	)
 
 	// Create a new RPC interceptor that we'll add to the GRPC server. This
diff --git a/tapcfg/config.go b/tapcfg/config.go
index 4635de007..d7fd2282e 100644
--- a/tapcfg/config.go
+++ b/tapcfg/config.go
@@ -238,6 +238,7 @@ type RpcConfig struct {
 
 	AllowPublicUniProofCourier bool `long:"allow-public-uni-proof-courier" description:"Disable macaroon authentication for universe proof courier RPC endpoints."`
 	AllowPublicStats           bool `long:"allow-public-stats" description:"Disable macaroon authentication for stats RPC endpoints."`
+	AllowPublicPriceOracle     bool `long:"allow-public-price-oracle" description:"Disable macaroon authentication for price oracle RPC endpoints."`
 
 	RestCORS []string `long:"restcors" description:"Add an ip:port/hostname to allow cross origin access from. To allow all origins, set as \"*\"."`