multi: add macroon service to sessionRpcServer

ellemouton · ellemouton · commit bd77c1a1d8c3 · 2022-02-14T11:18:36.000Z
Add a macaroonService to the sessionRPCServer so that its methods can be
protected by macaroon authentication.
diff --git a/config.go b/config.go
@@ -119,6 +119,16 @@ var (
 		lndDefaultConfig.DataDir, defaultLndChainSubDir,
 		defaultLndChain, DefaultNetwork, defaultLndMacaroon,
 	)
+
+	// DefaultMacaroonFilename is the default file name for the
+	// autogenerated lit macaroon.
+	DefaultMacaroonFilename = "lit.macaroon"
+
+	// DefaultMacaroonPath is the default full path of the base lit
+	// macaroon.
+	DefaultMacaroonPath = filepath.Join(
+		DefaultLitDir, DefaultNetwork, DefaultMacaroonFilename,
+	)
 )
 
 // Config is the main configuration struct of lightning-terminal. It contains
@@ -141,6 +151,8 @@ type Config struct {
 	LitDir     string `long:"lit-dir" description:"The main directory where LiT looks for its configuration file. If LiT is running in 'remote' lnd mode, this is also the directory where the TLS certificates and log files are stored by default."`
 	ConfigFile string `long:"configfile" description:"Path to LiT's configuration file."`
 
+	MacaroonPath string `long:"macaroonpath" description:"Path to write the macaroon for litd's RPC and REST services if it doesn't exist."`
+
 	// Network is the Bitcoin network we're running on. This will be parsed
 	// before the configuration is loaded and will set the correct flag on
 	// `lnd.bitcoin.mainnet|testnet|regtest` and also for the other daemons.
@@ -296,6 +308,7 @@ func defaultConfig() *Config {
 		LitDir:            DefaultLitDir,
 		LetsEncryptListen: defaultLetsEncryptListen,
 		LetsEncryptDir:    defaultLetsEncryptDir,
+		MacaroonPath:      DefaultMacaroonPath,
 		ConfigFile:        defaultConfigFile,
 		FaradayMode:       defaultFaradayMode,
 		Faraday:           &faradayDefaultConfig,
@@ -394,6 +407,14 @@ func loadAndValidateConfig(interceptor signal.Interceptor) (*Config, error) {
 			"UI, at least %d characters long", uiPasswordMinLength)
 	}
 
+	if cfg.Network != DefaultNetwork {
+		if cfg.MacaroonPath == DefaultMacaroonPath {
+			cfg.MacaroonPath = filepath.Join(
+				litDir, cfg.Network, DefaultMacaroonFilename,
+			)
+		}
+	}
+
 	// Initiate our listeners. For now, we only support listening on one
 	// port at a time because we can only pass in one pre-configured RPC
 	// listener into lnd.
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/lightninglabs/faraday v0.2.7-alpha
 	github.com/lightninglabs/lightning-node-connect v0.1.5-alpha
-	github.com/lightninglabs/lndclient v0.14.0-7
+	github.com/lightninglabs/lndclient v0.14.0-8
 	github.com/lightninglabs/loop v0.15.1-beta
 	github.com/lightninglabs/pool v0.5.4-alpha.0.20220114202858-525fe156d240
 	github.com/lightninglabs/pool/auctioneerrpc v1.0.5
diff --git a/go.sum b/go.sum
@@ -617,6 +617,8 @@ github.com/lightninglabs/lndclient v0.11.0-4/go.mod h1:8/cTKNwgL87NX123gmlv3Xh6p
 github.com/lightninglabs/lndclient v0.14.0-5/go.mod h1:2kH9vNoc29ghIkfMjxwSeK8yCxsYfR80XAJ9PU/QWWk=
 github.com/lightninglabs/lndclient v0.14.0-7 h1:muqPju9ixBtQNcO0SkvbZ2b2oORUMRqQ4e+aC077Qa8=
 github.com/lightninglabs/lndclient v0.14.0-7/go.mod h1:2kH9vNoc29ghIkfMjxwSeK8yCxsYfR80XAJ9PU/QWWk=
+github.com/lightninglabs/lndclient v0.14.0-8 h1:vdwV6yFU4A7BjG2V8cpI8Kqdl2M0NSfsA+RWR+JGTko=
+github.com/lightninglabs/lndclient v0.14.0-8/go.mod h1:YIE/Yac69hIMiq9cm/ZC2sP4F0Llv3tC4hZGfgOhdeY=
 github.com/lightninglabs/loop v0.15.1-beta h1:X4qth5qAdpgKarmcltO85HxMze3Wrk8FzI46Cwt9H4A=
 github.com/lightninglabs/loop v0.15.1-beta/go.mod h1:9TawqLzvjDP4pswZ8QkvTcBqH+wGKBffP+r6mFGBVi4=
 github.com/lightninglabs/neutrino v0.11.0/go.mod h1:CuhF0iuzg9Sp2HO6ZgXgayviFTn1QHdSTJlMncK80wg=
diff --git a/session_rpcserver.go b/session_rpcserver.go
@@ -11,6 +11,7 @@ import (
 	"github.com/lightninglabs/lightning-node-connect/mailbox"
 	"github.com/lightninglabs/lightning-terminal/litrpc"
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightninglabs/lndclient"
 	"google.golang.org/grpc"
 )
 
@@ -20,9 +21,10 @@ type sessionRpcServer struct {
 
 	basicAuth string
 
-	cfg           *sessionRpcServerConfig
-	db            *session.DB
-	sessionServer *session.Server
+	cfg             *sessionRpcServerConfig
+	db              *session.DB
+	sessionServer   *session.Server
+	macaroonService *lndclient.MacaroonService
 
 	quit     chan struct{}
 	wg       sync.WaitGroup
@@ -32,9 +34,10 @@ type sessionRpcServer struct {
 // sessionRpcServerConfig holds the values used to configure the
 // sessionRpcServer.
 type sessionRpcServerConfig struct {
-	basicAuth   string
-	dbDir       string
-	grpcOptions []grpc.ServerOption
+	basicAuth    string
+	dbDir        string
+	grpcOptions  []grpc.ServerOption
+	macaroonPath string
 }
 
 // newSessionRPCServer creates a new sessionRpcServer using the passed config.
@@ -68,7 +71,32 @@ func newSessionRPCServer(cfg *sessionRpcServerConfig) (*sessionRpcServer,
 // start all the components necessary for the sessionRpcServer to start serving
 // requests. This includes starting the macaroon service and resuming all
 // non-revoked sessions.
-func (s *sessionRpcServer) start() error {
+func (s *sessionRpcServer) start(stateless bool,
+	lndClient *lndclient.LndServices) error {
+
+	var err error
+	s.macaroonService, err = lndclient.NewMacaroonService(
+		&lndclient.MacaroonServiceConfig{
+			DBPath:           s.cfg.dbDir,
+			MacaroonLocation: "litd",
+			StatelessInit:    stateless,
+			RequiredPerms:    litPermissions,
+			LndClient:        lndClient,
+			EphemeralKey:     lndclient.SharedKeyNUMS,
+			KeyLocator:       lndclient.SharedKeyLocator,
+			MacaroonPath:     s.cfg.macaroonPath,
+		},
+	)
+	if err != nil {
+		log.Errorf("Could not create a new macaroon service: %v", err)
+		return err
+	}
+
+	if err := s.macaroonService.Start(); err != nil {
+		log.Errorf("Could not start macaroon service: %v", err)
+		return err
+	}
+
 	// Start up all previously created sessions.
 	sessions, err := s.db.ListSessions()
 	if err != nil {
@@ -93,6 +121,11 @@ func (s *sessionRpcServer) stop() error {
 		}
 		s.sessionServer.Stop()
 
+		if err := s.macaroonService.Stop(); err != nil {
+			log.Errorf("Error stopping macaroon service: %v", err)
+			returnErr = err
+		}
+
 		close(s.quit)
 		s.wg.Wait()
 	})
diff --git a/terminal.go b/terminal.go
@@ -193,8 +193,9 @@ func (g *LightningTerminal) Run() error {
 		g.cfg, g, getAllMethodPermissions(), bufRpcListener,
 	)
 	g.sessionRpcServer, err = newSessionRPCServer(&sessionRpcServerConfig{
-		basicAuth: g.rpcProxy.basicAuth,
-		dbDir:     path.Join(g.cfg.LitDir, g.cfg.Network),
+		basicAuth:    g.rpcProxy.basicAuth,
+		macaroonPath: g.cfg.MacaroonPath,
+		dbDir:        path.Join(g.cfg.LitDir, g.cfg.Network),
 		grpcOptions: []grpc.ServerOption{
 			grpc.CustomCodec(grpcProxy.Codec()), // nolint: staticcheck,
 			grpc.UnknownServiceHandler(
@@ -529,7 +530,10 @@ func (g *LightningTerminal) startSubservers() error {
 		g.poolStarted = true
 	}
 
-	if err = g.sessionRpcServer.start(); err != nil {
+	err = g.sessionRpcServer.start(
+		!createDefaultMacaroons, &g.lndClient.LndServices,
+	)
+	if err != nil {
 		return err
 	}
 	g.sessionRpcServerStarted = true

-Original file line number
+Diff line change
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/lightninglabs/faraday v0.2.7-alpha
 	github.com/lightninglabs/lightning-node-connect v0.1.5-alpha
 -	github.com/lightninglabs/lndclient v0.14.0-7
 +	github.com/lightninglabs/lndclient v0.14.0-8
 	github.com/lightninglabs/loop v0.15.1-beta
 	github.com/lightninglabs/pool v0.5.4-alpha.0.20220114202858-525fe156d240
 	github.com/lightninglabs/pool/auctioneerrpc v1.0.5