mirrors/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2024-11-19 01:43:16 +01:00
Code Issues Projects Releases Wiki Activity

rpcserver: Add flag to BakeMacaroonRequest for allowing external permissions

Browse Source
This commit is contained in:
Turtle 2021-05-17 02:13:38 -04:00
parent d10a682fa9
commit 72a46b8673
No known key found for this signature in database
GPG Key ID: 3E325201FFD68EC0
4 changed files with 564 additions and 529 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1070
lnrpc/lightning.pb.go
View File

File diff suppressed because it is too large Load Diff

6
lnrpc/lightning.proto
View File

@ -3803,6 +3803,12 @@ message BakeMacaroonRequest {
// The root key ID used to create the macaroon, must be a positive integer.
uint64 root_key_id = 2;
/*
Informs the RPC on whether to allow external permissions that LND is not
aware of.
*/
bool allow_external_permissions = 3;
}
message BakeMacaroonResponse {
// The hex encoded macaroon, serialized in binary format.

4
lnrpc/lightning.swagger.json
View File

@ -2820,6 +2820,10 @@
"type": "string",
"format": "uint64",
"description": "The root key ID used to create the macaroon, must be a positive integer."
},
"allow_external_permissions": {
"type": "boolean",
"description": "Informs the RPC on whether to allow external permissions that LND is not\naware of."
}
}
},

13
rpcserver.go
View File

@ -6799,6 +6799,8 @@ func (r *rpcServer) ChannelAcceptor(stream lnrpc.Lightning_ChannelAcceptorServer
// BakeMacaroon allows the creation of a new macaroon with custom read and write
// permissions. No first-party caveats are added since this can be done offline.
// If the --allow-external-permissions flag is set, the RPC will allow
// external permissions that LND is not aware of.
func (r *rpcServer) BakeMacaroon(ctx context.Context,
req *lnrpc.BakeMacaroonRequest) (*lnrpc.BakeMacaroonResponse, error) {
@ -6821,9 +6823,18 @@ func (r *rpcServer) BakeMacaroon(ctx context.Context,
}
// Validate and map permission struct used by gRPC to the one used by
// the bakery.
// the bakery. If the --allow-external-permissions flag is set, we
// will not validate, but map.
requestedPermissions := make([]bakery.Op, len(req.Permissions))
for idx, op := range req.Permissions {
if req.AllowExternalPermissions {
requestedPermissions[idx] = bakery.Op{
Entity: op.Entity,
Action: op.Action,
}
continue
}
if !stringInSlice(op.Entity, validEntities) {
return nil, fmt.Errorf("invalid permission entity. %s",
helpMsg)