multi: add super mac validator to proxy

guggero · guggero · commit 5d4ae278ef8b · 2022-02-17T15:00:41.000+01:00
diff --git a/rpc_proxy.go b/rpc_proxy.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/improbable-eng/grpc-web/go/grpcweb"
+	"github.com/lightninglabs/lightning-terminal/session"
 	"github.com/lightningnetwork/lnd/lncfg"
 	"github.com/lightningnetwork/lnd/macaroons"
 	grpcProxy "github.com/mwitkow/grpc-proxy/proxy"
@@ -64,6 +65,7 @@ func (e *proxyErr) Unwrap() error {
 // or REST request and delegate (and convert if necessary) it to the correct
 // component.
 func newRpcProxy(cfg *Config, validator macaroons.MacaroonValidator,
+	superMacValidator session.SuperMacaroonValidator,
 	permissionMap map[string][]bakery.Op,
 	bufListener *bufconn.Listener) *rpcProxy {
 
@@ -80,10 +82,11 @@ func newRpcProxy(cfg *Config, validator macaroons.MacaroonValidator,
 	// need to be addressed with a custom director that just takes care of a
 	// few HTTP header fields.
 	p := &rpcProxy{
-		cfg:          cfg,
-		basicAuth:    basicAuth,
-		macValidator: validator,
-		bufListener:  bufListener,
+		cfg:               cfg,
+		basicAuth:         basicAuth,
+		macValidator:      validator,
+		superMacValidator: superMacValidator,
+		bufListener:       bufListener,
 	}
 	p.grpcServer = grpc.NewServer(
 		// From the grpxProxy doc: This codec is *crucial* to the
@@ -156,8 +159,9 @@ type rpcProxy struct {
 	cfg       *Config
 	basicAuth string
 
-	macValidator macaroons.MacaroonValidator
-	bufListener  *bufconn.Listener
+	macValidator      macaroons.MacaroonValidator
+	superMacValidator session.SuperMacaroonValidator
+	bufListener       *bufconn.Listener
 
 	superMacaroon string
 
diff --git a/session/macaroon.go b/session/macaroon.go
@@ -2,6 +2,7 @@ package session
 
 import (
 	"bytes"
+	"context"
 	"encoding/binary"
 	"encoding/hex"
 	"strconv"
@@ -18,6 +19,11 @@ var (
 	SuperMacaroonRootKeyPrefix = [4]byte{0xFF, 0xEE, 0xDD, 0xCC}
 )
 
+// SuperMacaroonValidator is a function type for validating a super macaroon.
+type SuperMacaroonValidator func(ctx context.Context,
+	superMacaroon []byte, requiredPermissions []bakery.Op,
+	fullMethod string) error
+
 // NewSuperMacaroonRootKeyID returns a new macaroon root key ID that has the
 // prefix to mark it as a super macaroon root key.
 func NewSuperMacaroonRootKeyID(id [4]byte) uint64 {
diff --git a/terminal.go b/terminal.go
@@ -194,7 +194,8 @@ func (g *LightningTerminal) Run() error {
 	g.loopServer = loopd.New(g.cfg.Loop, nil)
 	g.poolServer = pool.NewServer(g.cfg.Pool)
 	g.rpcProxy = newRpcProxy(
-		g.cfg, g, getAllMethodPermissions(), bufRpcListener,
+		g.cfg, g, g.validateSuperMacaroon, getAllMethodPermissions(),
+		bufRpcListener,
 	)
 
 	// Create an instance of the local Terminal Connect session store DB.

Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,8 @@ func (g *LightningTerminal) Run() error {`
`194`	`194`	`g.loopServer = loopd.New(g.cfg.Loop, nil)`
`195`	`195`	`g.poolServer = pool.NewServer(g.cfg.Pool)`
`196`	`196`	`g.rpcProxy = newRpcProxy(`
`197`		`- g.cfg, g, getAllMethodPermissions(), bufRpcListener,`
	`197`	`+ g.cfg, g, g.validateSuperMacaroon, getAllMethodPermissions(),`
	`198`	`+ bufRpcListener,`
`198`	`199`	`)`
`199`	`200`
`200`	`201`	`// Create an instance of the local Terminal Connect session store DB.`