Add CheckMacaroonPermissions command to client

orbitalturtle · orbitalturtle · commit 446bb307cfa4 · 2021-08-12T16:30:06.000-05:00
diff --git a/lightning_client.go b/lightning_client.go
@@ -181,6 +181,12 @@ type LightningClient interface {
 	// vertices.
 	QueryRoutes(ctx context.Context, req QueryRoutesRequest) (
 		*QueryRoutesResponse, error)
+
+	// CheckMacaroonPermissions allows a client to check the validity of a
+	// macaroon.
+	CheckMacaroonPermissions(ctx context.Context, macaroon []byte,
+		permissions []MacaroonPermission, fullMethod string) (bool,
+		error)
 }
 
 // Info contains info about the connected lnd node.
@@ -3480,3 +3486,30 @@ func (s *lightningClient) QueryRoutes(ctx context.Context,
 		TotalAmtMsat:  lnwire.MilliSatoshi(route.TotalAmtMsat),
 	}, nil
 }
+
+func (s *lightningClient) CheckMacaroonPermissions(ctx context.Context,
+	macaroon []byte, permissions []MacaroonPermission, fullMethod string) (bool,
+	error) {
+
+	rpcPermissions := make([]*lnrpc.MacaroonPermission, len(permissions))
+	for idx, perm := range permissions {
+		rpcPermissions[idx] = &lnrpc.MacaroonPermission{
+			Entity: perm.Entity,
+			Action: perm.Action,
+		}
+	}
+
+	rpcCtx := s.adminMac.WithMacaroonAuth(ctx)
+	res, err := s.client.CheckMacaroonPermissions(
+		rpcCtx, &lnrpc.CheckMacPermRequest{
+			Macaroon:    macaroon,
+			Permissions: rpcPermissions,
+			FullMethod:  fullMethod,
+		},
+	)
+	if err != nil {
+		return false, err
+	}
+
+	return res.Valid, nil
+}
diff --git a/macaroon_recipes_test.go b/macaroon_recipes_test.go
@@ -12,7 +12,7 @@ import (
 
 var (
 	expectedPermissions = map[string]int{
-		"lnrpc":       9,
+		"lnrpc":       10,
 		"chainrpc":    1,
 		"invoicesrpc": 2,
 		"routerrpc":   2,
diff --git a/testdata/permissions.json b/testdata/permissions.json
@@ -140,6 +140,14 @@
                 }
             ]
         },
+        "/lnrpc.Lightning/CheckMacaroonPermissions": {
+            "permissions": [
+                {
+                    "entity": "macaroon",
+                    "action": "read"
+                }
+            ]
+        },
         "/lnrpc.Lightning/CloseChannel": {
             "permissions": [
                 {

Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,14 @@`
`140`	`140`	`}`
`141`	`141`	`]`
`142`	`142`	`},`
	`143`	`+ "/lnrpc.Lightning/CheckMacaroonPermissions": {`
	`144`	`+ "permissions": [`
	`145`	`+ {`
	`146`	`+ "entity": "macaroon",`
	`147`	`+ "action": "read"`
	`148`	`+ }`
	`149`	`+ ]`
	`150`	`+ },`
`143`	`151`	`"/lnrpc.Lightning/CloseChannel": {`
`144`	`152`	`"permissions": [`
`145`	`153`	`{`