multi: use ReadOnly param of BakeSuperMacaroon

ellemouton · ellemouton · commit b4f8224c5439 · 2024-10-14T15:48:18.000+02:00
diff --git a/cmd/litcli/proxy.go b/cmd/litcli/proxy.go
@@ -32,6 +32,11 @@ var litCommands = []cli.Command{
 					"specified as a hex string using a " +
 					"maximum of 8 characters.",
 			},
+			cli.BoolFlag{
+				Name: "read_only",
+				Usage: "Whether the macaroon should " +
+					"only contain read permissions.",
+			},
 			cli.StringFlag{
 				Name: "save_to",
 				Usage: "Save returned admin macaroon to " +
@@ -125,6 +130,7 @@ func bakeSuperMacaroon(ctx *cli.Context) error {
 	resp, err := client.BakeSuperMacaroon(
 		ctxb, &litrpc.BakeSuperMacaroonRequest{
 			RootKeyIdSuffix: suffix,
+			ReadOnly:        ctx.Bool("read_only"),
 		},
 	)
 	if err != nil {
diff --git a/rpc_proxy.go b/rpc_proxy.go
@@ -187,7 +187,8 @@ type rpcProxy struct {
 }
 
 // bakeSuperMac can be used to bake a new super macaroon.
-type bakeSuperMac func(ctx context.Context, rootKeyID uint32) (string, error)
+type bakeSuperMac func(ctx context.Context, rootKeyID uint32,
+	readOnly bool) (string, error)
 
 // lndBasicClientFn can be used to obtain access to an lnrpc.LightningClient if
 // it is available.
@@ -255,7 +256,7 @@ func (p *rpcProxy) BakeSuperMacaroon(ctx context.Context,
 		return nil, ErrWaitingToStart
 	}
 
-	superMac, err := p.bakeSuperMac(ctx, req.RootKeyIdSuffix)
+	superMac, err := p.bakeSuperMac(ctx, req.RootKeyIdSuffix, req.ReadOnly)
 	if err != nil {
 		return nil, err
 	}
diff --git a/terminal.go b/terminal.go
@@ -584,8 +584,8 @@ func (g *LightningTerminal) start() error {
 
 	// bakeSuperMac is a closure that can be used to bake a new super
 	// macaroon that contains all active permissions.
-	bakeSuperMac := func(ctx context.Context, rootKeyIDSuffix uint32) (
-		string, error) {
+	bakeSuperMac := func(ctx context.Context, rootKeyIDSuffix uint32,
+		readOnly bool) (string, error) {
 
 		var suffixBytes [4]byte
 		binary.BigEndian.PutUint32(suffixBytes[:], rootKeyIDSuffix)
@@ -594,7 +594,7 @@ func (g *LightningTerminal) start() error {
 
 		return BakeSuperMacaroon(
 			ctx, g.basicClient, rootKeyID,
-			g.permsMgr.ActivePermissions(false), nil,
+			g.permsMgr.ActivePermissions(readOnly), nil,
 		)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,8 @@ type rpcProxy struct {`
`187`	`187`	`}`
`188`	`188`
`189`	`189`	`// bakeSuperMac can be used to bake a new super macaroon.`
`190`		`-type bakeSuperMac func(ctx context.Context, rootKeyID uint32) (string, error)`
	`190`	`+type bakeSuperMac func(ctx context.Context, rootKeyID uint32,`
	`191`	`+ readOnly bool) (string, error)`
`191`	`192`
`192`	`193`	`// lndBasicClientFn can be used to obtain access to an lnrpc.LightningClient if`
`193`	`194`	`// it is available.`
`@@ -255,7 +256,7 @@ func (p *rpcProxy) BakeSuperMacaroon(ctx context.Context,`
`255`	`256`	`return nil, ErrWaitingToStart`
`256`	`257`	`}`
`257`	`258`
`258`		`- superMac, err := p.bakeSuperMac(ctx, req.RootKeyIdSuffix)`
	`259`	`+ superMac, err := p.bakeSuperMac(ctx, req.RootKeyIdSuffix, req.ReadOnly)`
`259`	`260`	`if err != nil {`
`260`	`261`	`return nil, err`
`261`	`262`	`}`