Skip to content

Commit 159bf07

Browse files
ellemoutonellemouton
committed
terminal: extract bakeSuperMac function
Extract the bake-supermacaoon logic into a function so it can be used elsewhere.
1 parent 72faf76 commit 159bf07

File tree

1 file changed

+58
-16
lines changed

1 file changed

+58
-16
lines changed

terminal.go

Lines changed: 58 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ import (
5353
"google.golang.org/grpc/test/bufconn"
5454
"google.golang.org/protobuf/encoding/protojson"
5555
"gopkg.in/macaroon-bakery.v2/bakery"
56+
"gopkg.in/macaroon.v2"
5657
)
5758

5859
const (
@@ -495,27 +496,15 @@ func (g *LightningTerminal) startSubservers() error {
495496
if g.cfg.LndMode == ModeIntegrated {
496497
// Create a super macaroon that can be used to control lnd,
497498
// faraday, loop, and pool, all at the same time.
498-
bakePerms := getAllPermissions()
499-
req := &lnrpc.BakeMacaroonRequest{
500-
Permissions: make(
501-
[]*lnrpc.MacaroonPermission, len(bakePerms),
502-
),
503-
AllowExternalPermissions: true,
504-
}
505-
for idx, perm := range bakePerms {
506-
req.Permissions[idx] = &lnrpc.MacaroonPermission{
507-
Entity: perm.Entity,
508-
Action: perm.Action,
509-
}
510-
}
511-
512499
ctx := context.Background()
513-
res, err := basicClient.BakeMacaroon(ctx, req)
500+
superMacaroon, err := bakeSuperMacaroon(
501+
ctx, basicClient, 0, getAllPermissions(), nil,
502+
)
514503
if err != nil {
515504
return err
516505
}
517506

518-
g.rpcProxy.superMacaroon = res.Macaroon
507+
g.rpcProxy.superMacaroon = superMacaroon
519508
}
520509

521510
// If we're in integrated and stateless init mode, we won't create
@@ -1131,6 +1120,59 @@ func (g *LightningTerminal) createRESTProxy() error {
11311120
return nil
11321121
}
11331122

1123+
// bakeSuperMacaroon uses the lnd client to bake a macaroon that can include
1124+
// permissions for multiple daemons.
1125+
func bakeSuperMacaroon(ctx context.Context, lnd lnrpc.LightningClient,
1126+
rootKeyID uint64, perms []bakery.Op, caveats []macaroon.Caveat) (string,
1127+
error) {
1128+
1129+
if lnd == nil {
1130+
return "", errors.New("lnd not yet connected")
1131+
}
1132+
1133+
req := &lnrpc.BakeMacaroonRequest{
1134+
Permissions: make(
1135+
[]*lnrpc.MacaroonPermission, len(perms),
1136+
),
1137+
AllowExternalPermissions: true,
1138+
RootKeyId: rootKeyID,
1139+
}
1140+
for idx, perm := range perms {
1141+
req.Permissions[idx] = &lnrpc.MacaroonPermission{
1142+
Entity: perm.Entity,
1143+
Action: perm.Action,
1144+
}
1145+
}
1146+
1147+
res, err := lnd.BakeMacaroon(ctx, req)
1148+
if err != nil {
1149+
return "", err
1150+
}
1151+
1152+
macBytes, err := hex.DecodeString(res.Macaroon)
1153+
if err != nil {
1154+
return "", err
1155+
}
1156+
1157+
var mac macaroon.Macaroon
1158+
if err := mac.UnmarshalBinary(macBytes); err != nil {
1159+
return "", err
1160+
}
1161+
1162+
for _, caveat := range caveats {
1163+
if err := mac.AddFirstPartyCaveat(caveat.Id); err != nil {
1164+
return "", err
1165+
}
1166+
}
1167+
1168+
macBytes, err = mac.MarshalBinary()
1169+
if err != nil {
1170+
return "", err
1171+
}
1172+
1173+
return hex.EncodeToString(macBytes), err
1174+
}
1175+
11341176
// allowCORS wraps the given http.Handler with a function that adds the
11351177
// Access-Control-Allow-Origin header to the response.
11361178
func allowCORS(handler http.Handler, origins []string) http.Handler {

0 commit comments

Comments
 (0)