Add option to stop creation of macaroons

cmd/loop/main.go

@@ -434,6 +434,10 @@ func readMacaroon(macPath string) (grpc.DialOption, error) {
 	}
 
 	// Now we append the macaroon credentials to the dial options.
-	cred := macaroons.NewMacaroonCredential(constrainedMac)
+	cred, err := macaroons.NewMacaroonCredential(constrainedMac)
+	if err != nil {
+		return nil, fmt.Errorf("error creating macaroon credential: %v",
+			err)
+	}
 	return grpc.WithPerRPCCredentials(cred), nil
 }

go.mod

@@ -1,29 +1,32 @@
 module github.com/lightninglabs/loop
 
 require (
-	github.com/btcsuite/btcd v0.21.0-beta.0.20210513141527-ee5896bad5be
+	github.com/btcsuite/btcd v0.22.0-beta.0.20210803133449-f5a1fb9965e4
 	github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f
 	github.com/btcsuite/btcutil v1.0.3-0.20210527170813-e2ba6805a890
-	github.com/btcsuite/btcwallet/wtxmgr v1.3.1-0.20210706234807-aaf03fee735a
+	github.com/btcsuite/btcwallet/wtxmgr v1.3.1-0.20210822222949-9b5a201c344c
 	github.com/coreos/bbolt v1.3.3
 	github.com/fortytw2/leaktest v1.3.0
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.5.0
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/lightninglabs/aperture v0.1.6-beta
 	github.com/lightninglabs/lndclient v0.11.1-9
 	github.com/lightninglabs/protobuf-hex-display v1.4.3-hex-display
-	github.com/lightningnetwork/lnd v0.13.0-beta.rc5.0.20210728112744-ebabda671786
+	github.com/lightningnetwork/lnd v0.13.0-beta.rc5.0.20210921132504-8d8db527237e
 	github.com/lightningnetwork/lnd/cert v1.0.3
 	github.com/lightningnetwork/lnd/clock v1.0.1
+	github.com/lightningnetwork/lnd/kvdb v1.0.3
 	github.com/lightningnetwork/lnd/queue v1.0.4
 	github.com/lightningnetwork/lnd/ticker v1.0.0
 	github.com/stretchr/testify v1.7.0
 	github.com/urfave/cli v1.20.0
-	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+	golang.org/x/net v0.0.0-20210913180222-943fd674d43e
 	google.golang.org/grpc v1.38.0
 	google.golang.org/protobuf v1.26.0
 	gopkg.in/macaroon-bakery.v2 v2.0.1
 	gopkg.in/macaroon.v2 v2.1.0
 )
 
 go 1.15
+
+replace github.com/lightninglabs/lndclient => github.com/guggero/lndclient v0.11.0-2.0.20210921141129-268bfb6c4797

liquidity/liquidity.go

@@ -445,7 +445,7 @@ func (m *Manager) SetParameters(ctx context.Context, params Parameters) error {
 		return err
 	}
 
-	channels, err := m.cfg.Lnd.Client.ListChannels(ctx)
+	channels, err := m.cfg.Lnd.Client.ListChannels(ctx, false, false)
 	if err != nil {
 		return err
 	}
@@ -680,7 +680,7 @@ func (m *Manager) SuggestSwaps(ctx context.Context, autoloop bool) (
 		return m.singleReasonSuggestion(ReasonInFlight), nil
 	}
 
-	channels, err := m.cfg.Lnd.Client.ListChannels(ctx)
+	channels, err := m.cfg.Lnd.Client.ListChannels(ctx, false, false)
 	if err != nil {
 		return nil, err
 	}

loopd/daemon.go

@@ -129,7 +129,7 @@ func (d *Daemon) Start() error {
 	// server client, the swap client RPC server instance and our main swap
 	// and error handlers. If this fails, then nothing has been started yet
 	// and we can just return the error.
-	err = d.initialize()
+	err = d.initialize(false)
 	if errors.Is(err, bbolt.ErrTimeout) {
 		// We're trying to be started as a standalone Loop daemon, most
 		// likely LiT is already running and blocking the DB
@@ -161,7 +161,9 @@ func (d *Daemon) Start() error {
 // create its own gRPC server but registers to an existing one. The same goes
 // for REST (if enabled), instead of creating an own mux and HTTP server, we
 // register to an existing one.
-func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error {
+func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices,
+	noMacaroonCreation bool) error {
+
 	// There should be no reason to start the daemon twice. Therefore return
 	// an error if that's tried. This is mostly to guard against Start and
 	// StartAsSubserver both being called.
@@ -177,7 +179,7 @@ func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error {
 	// the swap server client, the RPC server instance and our main swap
 	// handlers. If this fails, then nothing has been started yet and we can
 	// just return the error.
-	err := d.initialize()
+	err := d.initialize(noMacaroonCreation)
 	if errors.Is(err, bbolt.ErrTimeout) {
 		// We're trying to be started inside LiT so there most likely is
 		// another standalone Loop process blocking the DB.
@@ -337,7 +339,7 @@ func (d *Daemon) startWebServers() error {
 // the swap client RPC server instance and our main swap and error handlers. If
 // this method fails with an error then no goroutine was started yet and no
 // cleanup is necessary. If it succeeds, then goroutines have been spawned.
-func (d *Daemon) initialize() error {
+func (d *Daemon) initialize(noMacaroonCreation bool) error {
 	// If no swap server is specified, use the default addresses for mainnet
 	// and testnet.
 	if d.cfg.Server.Host == "" {
@@ -368,7 +370,7 @@ func (d *Daemon) initialize() error {
 
 	// Start the macaroon service and let it create its default macaroon in
 	// case it doesn't exist yet.
-	err = d.startMacaroonService()
+	err = d.startMacaroonService(noMacaroonCreation)
 	if err != nil {
 		// The client is the only thing we started yet, so if we clean
 		// up its connection now, nothing else needs to be shut down at

loopd/macaroons.go

@@ -3,6 +3,7 @@ package loopd
 import (
 	"context"
 	"fmt"
+	"github.com/lightningnetwork/lnd/kvdb"
 	"io/ioutil"
 	"os"
 
@@ -104,11 +105,11 @@ var (
 		}},
 	}
 
-	// allPermissions is the list of all existing permissions that exist
+	// AllPermissions is the list of all existing permissions that exist
 	// for loopd's RPC. The default macaroon that is created on startup
 	// contains all these permissions and is therefore equivalent to lnd's
 	// admin.macaroon but for loop.
-	allPermissions = []bakery.Op{{
+	AllPermissions = []bakery.Op{{
 		Entity: "loop",
 		Action: "out",
 	}, {
@@ -150,19 +151,26 @@ var (
 // unlocks the macaroon database and creates the default macaroon if it doesn't
 // exist yet. If macaroons are disabled in general in the configuration, none of
 // these actions are taken.
-func (d *Daemon) startMacaroonService() error {
-	// Create the macaroon authentication/authorization service.
-	var err error
-	d.macaroonService, err = macaroons.NewService(
-		d.cfg.DataDir, loopMacaroonLocation, false,
-		loopdb.DefaultLoopDBTimeout, macaroons.IPLockChecker,
-	)
+func (d *Daemon) startMacaroonService(noMacaroonCreation bool) error {
+	backend, err := kvdb.GetBoltBackend(&kvdb.BoltBackendConfig{
+		DBPath:     d.cfg.DataDir,
+		DBFileName: "macaroons.db",
+		DBTimeout:  loopdb.DefaultLoopDBTimeout,
+	})
+	if err != nil {
+		return fmt.Errorf("unable to load macaroon db: %v", err)
+	}
 	if err == bbolt.ErrTimeout {
 		return fmt.Errorf("%w: couldn't obtain exclusive lock on "+
 			"%s/%s, timed out after %v", bbolt.ErrTimeout,
 			d.cfg.DataDir, "macaroons.db",
 			loopdb.DefaultLoopDBTimeout)
 	}
+
+	// Create the macaroon authentication/authorization service.
+	d.macaroonService, err = macaroons.NewService(
+		backend, loopMacaroonLocation, false, macaroons.IPLockChecker,
+	)
 	if err != nil {
 		return fmt.Errorf("unable to set up macaroon authentication: "+
 			"%v", err)
@@ -174,8 +182,10 @@ func (d *Daemon) startMacaroonService() error {
 		return fmt.Errorf("unable to unlock macaroon DB: %v", err)
 	}
 
-	// Create macaroon files for loop CLI to use if they don't exist.
-	if !lnrpc.FileExists(d.cfg.MacaroonPath) {
+	// If a macaroon string was passed into pool, then we already have a
+	// macaroon and don't need to create macaroon files. Otherwise, we'll
+	// create macaroon files for loop CLI to use if they don't exist.
+	if !noMacaroonCreation && !lnrpc.FileExists(d.cfg.MacaroonPath) {
 		// We don't offer the ability to rotate macaroon root keys yet,
 		// so just use the default one since the service expects some
 		// value to be set.
@@ -187,9 +197,9 @@ func (d *Daemon) startMacaroonService() error {
 		// existing permissions (equivalent to the admin.macaroon in
 		// lnd). Custom macaroons can be created through the bakery
 		// RPC. Add our debug permissions if required.
-		allPermissions = append(allPermissions, debugPermissions...)
+		AllPermissions = append(AllPermissions, debugPermissions...)
 		loopMac, err := d.macaroonService.Oven.NewMacaroon(
-			idCtx, bakery.LatestVersion, nil, allPermissions...,
+			idCtx, bakery.LatestVersion, nil, AllPermissions...,
 		)
 		if err != nil {
 			return err
@@ -225,7 +235,7 @@ func (d *Daemon) macaroonInterceptor() ([]grpc.ServerOption, error) {
 		RequiredPermissions[endpoint] = perm
 	}
 
-	interceptor := rpcperms.NewInterceptorChain(log, false)
+	interceptor := rpcperms.NewInterceptorChain(log, false, nil)
 	err := interceptor.Start()
 	if err != nil {
 		return nil, err

loopd/swapclient_server.go

@@ -1111,7 +1111,7 @@ func validateLoopOutRequest(ctx context.Context, lnd lndclient.LightningClient,
 		return 0, err
 	}
 
-	channels, err := lnd.ListChannels(ctx)
+	channels, err := lnd.ListChannels(ctx, false, false)
 	if err != nil {
 		return 0, err
 	}

swap_server_client.go

@@ -693,7 +693,7 @@ func getSwapServerConn(address, proxyAddress string, insecure bool,
 			address, proxyAddress)
 		torDialer := func(_ context.Context, addr string) (net.Conn, error) {
 			return tor.Dial(
-				addr, proxyAddress, false,
+				addr, proxyAddress, false, false,
 				tor.DefaultConnTimeout,
 			)
 		}

test/lightning_client_mock.go

@@ -181,7 +181,7 @@ func (h *mockLightningClient) ListTransactions(
 }
 
 // ListChannels retrieves all channels of the backing lnd node.
-func (h *mockLightningClient) ListChannels(ctx context.Context) (
+func (h *mockLightningClient) ListChannels(context.Context, bool, bool) (
 	[]lndclient.ChannelInfo, error) {
 
 	return h.lnd.Channels, nil

test/walletkit_mock.go

@@ -38,7 +38,7 @@ func (m *mockWalletKit) ListUnspent(ctx context.Context, minConfs,
 }
 
 func (m *mockWalletKit) LeaseOutput(ctx context.Context, lockID wtxmgr.LockID,
-	op wire.OutPoint) (time.Time, error) {
+	op wire.OutPoint, duration time.Duration) (time.Time, error) {
 
 	return time.Now(), nil
 }