loopd: allow loopd to be used as external subserver

When loopd runs in the same process as lnd (in LiT), it hooks itself
into lnd's RPC server as an external subserver. But because the user
should still be able to use the default loop macaroon, the loop daemon
must be able to validate its own macaroons as lnd's macaroon service
doesn't know the root key for it.
pull/281/head
Oliver Gugger 4 years ago
parent 8ecd9673f2
commit 617964e25f
No known key found for this signature in database
GPG Key ID: 8E4256593F177720

@ -18,6 +18,7 @@ import (
"github.com/lightningnetwork/lnd/lntypes"
"github.com/lightningnetwork/lnd/macaroons"
"google.golang.org/grpc"
"gopkg.in/macaroon-bakery.v2/bakery"
)
var (
@ -170,6 +171,21 @@ func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error {
return d.initialize()
}
// ValidateMacaroon extracts the macaroon from the context's gRPC metadata,
// checks its signature, makes sure all specified permissions for the called
// method are contained within and finally ensures all caveat conditions are
// met. A non-nil error is returned if any of the checks fail. This method is
// needed to enable loopd running as an external subserver in the same process
// as lnd but still validate its own macaroons.
func (d *Daemon) ValidateMacaroon(ctx context.Context,
requiredPermissions []bakery.Op, fullMethod string) error {
// Delegate the call to loop's own macaroon validator service.
return d.macaroonService.ValidateMacaroon(
ctx, requiredPermissions, fullMethod,
)
}
// startWebServers starts the gRPC and REST servers in goroutines.
func (d *Daemon) startWebServers() error {
var err error

Loading…
Cancel
Save