loopd: allow loopd to be used as external subserver

When loopd runs in the same process as lnd (in LiT), it hooks itself into lnd's RPC server as an external subserver. But because the user should still be able to use the default loop macaroon, the loop daemon must be able to validate its own macaroons as lnd's macaroon service doesn't know the root key for it.
2024-11-17 21:25:56 +00:00 · 2020-09-03 14:35:43 +02:00 · 2020-09-03 14:35:43 +02:00 · 617964e25f
commit 617964e25f
parent 8ecd9673f2
1 changed files with 16 additions and 0 deletions
--- a/loopd/daemon.go
+++ b/loopd/daemon.go
@ -18,6 +18,7 @@ import (
 	"github.com/lightningnetwork/lnd/lntypes"
 	"github.com/lightningnetwork/lnd/macaroons"
 	"google.golang.org/grpc"
+	"gopkg.in/macaroon-bakery.v2/bakery"
 )

 var (
@ -170,6 +171,21 @@ func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error {
 	return d.initialize()
 }

+// ValidateMacaroon extracts the macaroon from the context's gRPC metadata,
+// checks its signature, makes sure all specified permissions for the called
+// method are contained within and finally ensures all caveat conditions are
+// met. A non-nil error is returned if any of the checks fail. This method is
+// needed to enable loopd running as an external subserver in the same process
+// as lnd but still validate its own macaroons.
+func (d *Daemon) ValidateMacaroon(ctx context.Context,
+	requiredPermissions []bakery.Op, fullMethod string) error {
+
+	// Delegate the call to loop's own macaroon validator service.
+	return d.macaroonService.ValidateMacaroon(
+		ctx, requiredPermissions, fullMethod,
+	)
+}
+
 // startWebServers starts the gRPC and REST servers in goroutines.
 func (d *Daemon) startWebServers() error {
 	var err error