rpc_proxy+litcli: replace dummy string with empty macaroon

To avoid the macaroon parsing to fail in session.IsSuperMacaroon(), we
want the dummy macaroon to be formally valid (meaning, it can be parsed)
but not actually valid (meaning, it will fail the signature verification
since we don't have the root key for it anywhere).

Author: guggero

cmd/litcli/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -210,7 +211,7 @@ func getAuthContext(cliCtx *cli.Context) context.Context {
 	ctxb := context.Background()
 	md := metadata.MD{}
 
-	md.Set("macaroon", "no-macaroons-for-litcli")
+	md.Set("macaroon", hex.EncodeToString(terminal.EmptyMacaroonBytes))
 	md.Set("authorization", fmt.Sprintf("Basic %s", basicAuth))
 
 	return metadata.NewOutgoingContext(ctxb, md)

rpc_proxy.go

@@ -33,6 +33,15 @@ const (
 	HeaderMacaroon = "Macaroon"
 )
 
+var (
+	// EmptyMacaroonBytes is the byte representation of an empty but
+	// formally valid macaroon.
+	EmptyMacaroonBytes, _ = hex.DecodeString(
+		"020205656d7074790000062062083e2ea599285ac29350abb4ea21fd7c5a" +
+			"15aca8b4c0d38e6c058829369e50",
+	)
+)
+
 // proxyErr is an error type that adds more context to an error occurring in the
 // proxy.
 type proxyErr struct {
@@ -499,7 +508,7 @@ func (p *rpcProxy) basicAuthToMacaroon(basicAuth, requestURI string,
 		}
 
 	case isLitURI(requestURI):
-		return []byte("no-macaroons-for-litcli"), nil
+		return EmptyMacaroonBytes, nil
 
 	default:
 		return nil, fmt.Errorf("unknown gRPC web request: %v",