Skip to content

Add option to stop creation of macaroons #406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion cmd/loop/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -434,6 +434,10 @@ func readMacaroon(macPath string) (grpc.DialOption, error) {
}

// Now we append the macaroon credentials to the dial options.
cred := macaroons.NewMacaroonCredential(constrainedMac)
cred, err := macaroons.NewMacaroonCredential(constrainedMac)
if err != nil {
return nil, fmt.Errorf("error creating macaroon credential: %v",
err)
}
return grpc.WithPerRPCCredentials(cred), nil
}
11 changes: 7 additions & 4 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,29 +1,32 @@
module github.com/lightninglabs/loop

require (
github.com/btcsuite/btcd v0.21.0-beta.0.20210513141527-ee5896bad5be
github.com/btcsuite/btcd v0.22.0-beta.0.20210803133449-f5a1fb9965e4
github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f
github.com/btcsuite/btcutil v1.0.3-0.20210527170813-e2ba6805a890
github.com/btcsuite/btcwallet/wtxmgr v1.3.1-0.20210706234807-aaf03fee735a
github.com/btcsuite/btcwallet/wtxmgr v1.3.1-0.20210822222949-9b5a201c344c
github.com/coreos/bbolt v1.3.3
github.com/fortytw2/leaktest v1.3.0
github.com/grpc-ecosystem/grpc-gateway/v2 v2.5.0
github.com/jessevdk/go-flags v1.4.0
github.com/lightninglabs/aperture v0.1.6-beta
github.com/lightninglabs/lndclient v0.11.1-9
github.com/lightninglabs/protobuf-hex-display v1.4.3-hex-display
github.com/lightningnetwork/lnd v0.13.0-beta.rc5.0.20210728112744-ebabda671786
github.com/lightningnetwork/lnd v0.13.0-beta.rc5.0.20210921132504-8d8db527237e
github.com/lightningnetwork/lnd/cert v1.0.3
github.com/lightningnetwork/lnd/clock v1.0.1
github.com/lightningnetwork/lnd/kvdb v1.0.3
github.com/lightningnetwork/lnd/queue v1.0.4
github.com/lightningnetwork/lnd/ticker v1.0.0
github.com/stretchr/testify v1.7.0
github.com/urfave/cli v1.20.0
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
golang.org/x/net v0.0.0-20210913180222-943fd674d43e
google.golang.org/grpc v1.38.0
google.golang.org/protobuf v1.26.0
gopkg.in/macaroon-bakery.v2 v2.0.1
gopkg.in/macaroon.v2 v2.1.0
)

go 1.15

replace github.com/lightninglabs/lndclient => github.com/guggero/lndclient v0.11.0-2.0.20210921141129-268bfb6c4797
59 changes: 28 additions & 31 deletions go.sum

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions liquidity/liquidity.go
Original file line number Diff line number Diff line change
Expand Up @@ -445,7 +445,7 @@ func (m *Manager) SetParameters(ctx context.Context, params Parameters) error {
return err
}

channels, err := m.cfg.Lnd.Client.ListChannels(ctx)
channels, err := m.cfg.Lnd.Client.ListChannels(ctx, false, false)
if err != nil {
return err
}
Expand Down Expand Up @@ -680,7 +680,7 @@ func (m *Manager) SuggestSwaps(ctx context.Context, autoloop bool) (
return m.singleReasonSuggestion(ReasonInFlight), nil
}

channels, err := m.cfg.Lnd.Client.ListChannels(ctx)
channels, err := m.cfg.Lnd.Client.ListChannels(ctx, false, false)
if err != nil {
return nil, err
}
Expand Down
12 changes: 7 additions & 5 deletions loopd/daemon.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ func (d *Daemon) Start() error {
// server client, the swap client RPC server instance and our main swap
// and error handlers. If this fails, then nothing has been started yet
// and we can just return the error.
err = d.initialize()
err = d.initialize(false)
if errors.Is(err, bbolt.ErrTimeout) {
// We're trying to be started as a standalone Loop daemon, most
// likely LiT is already running and blocking the DB
Expand Down Expand Up @@ -161,7 +161,9 @@ func (d *Daemon) Start() error {
// create its own gRPC server but registers to an existing one. The same goes
// for REST (if enabled), instead of creating an own mux and HTTP server, we
// register to an existing one.
func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error {
func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices,
noMacaroonCreation bool) error {

// There should be no reason to start the daemon twice. Therefore return
// an error if that's tried. This is mostly to guard against Start and
// StartAsSubserver both being called.
Expand All @@ -177,7 +179,7 @@ func (d *Daemon) StartAsSubserver(lndGrpc *lndclient.GrpcLndServices) error {
// the swap server client, the RPC server instance and our main swap
// handlers. If this fails, then nothing has been started yet and we can
// just return the error.
err := d.initialize()
err := d.initialize(noMacaroonCreation)
if errors.Is(err, bbolt.ErrTimeout) {
// We're trying to be started inside LiT so there most likely is
// another standalone Loop process blocking the DB.
Expand Down Expand Up @@ -337,7 +339,7 @@ func (d *Daemon) startWebServers() error {
// the swap client RPC server instance and our main swap and error handlers. If
// this method fails with an error then no goroutine was started yet and no
// cleanup is necessary. If it succeeds, then goroutines have been spawned.
func (d *Daemon) initialize() error {
func (d *Daemon) initialize(noMacaroonCreation bool) error {
// If no swap server is specified, use the default addresses for mainnet
// and testnet.
if d.cfg.Server.Host == "" {
Expand Down Expand Up @@ -368,7 +370,7 @@ func (d *Daemon) initialize() error {

// Start the macaroon service and let it create its default macaroon in
// case it doesn't exist yet.
err = d.startMacaroonService()
err = d.startMacaroonService(noMacaroonCreation)
if err != nil {
// The client is the only thing we started yet, so if we clean
// up its connection now, nothing else needs to be shut down at
Expand Down
38 changes: 24 additions & 14 deletions loopd/macaroons.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package loopd
import (
"context"
"fmt"
"github.com/lightningnetwork/lnd/kvdb"
"io/ioutil"
"os"

Expand Down Expand Up @@ -104,11 +105,11 @@ var (
}},
}

// allPermissions is the list of all existing permissions that exist
// AllPermissions is the list of all existing permissions that exist
// for loopd's RPC. The default macaroon that is created on startup
// contains all these permissions and is therefore equivalent to lnd's
// admin.macaroon but for loop.
allPermissions = []bakery.Op{{
AllPermissions = []bakery.Op{{
Entity: "loop",
Action: "out",
}, {
Expand Down Expand Up @@ -150,19 +151,26 @@ var (
// unlocks the macaroon database and creates the default macaroon if it doesn't
// exist yet. If macaroons are disabled in general in the configuration, none of
// these actions are taken.
func (d *Daemon) startMacaroonService() error {
// Create the macaroon authentication/authorization service.
var err error
d.macaroonService, err = macaroons.NewService(
d.cfg.DataDir, loopMacaroonLocation, false,
loopdb.DefaultLoopDBTimeout, macaroons.IPLockChecker,
)
func (d *Daemon) startMacaroonService(noMacaroonCreation bool) error {
backend, err := kvdb.GetBoltBackend(&kvdb.BoltBackendConfig{
DBPath: d.cfg.DataDir,
DBFileName: "macaroons.db",
DBTimeout: loopdb.DefaultLoopDBTimeout,
})
if err != nil {
return fmt.Errorf("unable to load macaroon db: %v", err)
}
if err == bbolt.ErrTimeout {
return fmt.Errorf("%w: couldn't obtain exclusive lock on "+
"%s/%s, timed out after %v", bbolt.ErrTimeout,
d.cfg.DataDir, "macaroons.db",
loopdb.DefaultLoopDBTimeout)
}

// Create the macaroon authentication/authorization service.
d.macaroonService, err = macaroons.NewService(
backend, loopMacaroonLocation, false, macaroons.IPLockChecker,
)
if err != nil {
return fmt.Errorf("unable to set up macaroon authentication: "+
"%v", err)
Expand All @@ -174,8 +182,10 @@ func (d *Daemon) startMacaroonService() error {
return fmt.Errorf("unable to unlock macaroon DB: %v", err)
}

// Create macaroon files for loop CLI to use if they don't exist.
if !lnrpc.FileExists(d.cfg.MacaroonPath) {
// If a macaroon string was passed into pool, then we already have a
// macaroon and don't need to create macaroon files. Otherwise, we'll
// create macaroon files for loop CLI to use if they don't exist.
if !noMacaroonCreation && !lnrpc.FileExists(d.cfg.MacaroonPath) {
// We don't offer the ability to rotate macaroon root keys yet,
// so just use the default one since the service expects some
// value to be set.
Expand All @@ -187,9 +197,9 @@ func (d *Daemon) startMacaroonService() error {
// existing permissions (equivalent to the admin.macaroon in
// lnd). Custom macaroons can be created through the bakery
// RPC. Add our debug permissions if required.
allPermissions = append(allPermissions, debugPermissions...)
AllPermissions = append(AllPermissions, debugPermissions...)
loopMac, err := d.macaroonService.Oven.NewMacaroon(
idCtx, bakery.LatestVersion, nil, allPermissions...,
idCtx, bakery.LatestVersion, nil, AllPermissions...,
)
if err != nil {
return err
Expand Down Expand Up @@ -225,7 +235,7 @@ func (d *Daemon) macaroonInterceptor() ([]grpc.ServerOption, error) {
RequiredPermissions[endpoint] = perm
}

interceptor := rpcperms.NewInterceptorChain(log, false)
interceptor := rpcperms.NewInterceptorChain(log, false, nil)
err := interceptor.Start()
if err != nil {
return nil, err
Expand Down
2 changes: 1 addition & 1 deletion loopd/swapclient_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -1111,7 +1111,7 @@ func validateLoopOutRequest(ctx context.Context, lnd lndclient.LightningClient,
return 0, err
}

channels, err := lnd.ListChannels(ctx)
channels, err := lnd.ListChannels(ctx, false, false)
if err != nil {
return 0, err
}
Expand Down
2 changes: 1 addition & 1 deletion swap_server_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -693,7 +693,7 @@ func getSwapServerConn(address, proxyAddress string, insecure bool,
address, proxyAddress)
torDialer := func(_ context.Context, addr string) (net.Conn, error) {
return tor.Dial(
addr, proxyAddress, false,
addr, proxyAddress, false, false,
tor.DefaultConnTimeout,
)
}
Expand Down
2 changes: 1 addition & 1 deletion test/lightning_client_mock.go
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ func (h *mockLightningClient) ListTransactions(
}

// ListChannels retrieves all channels of the backing lnd node.
func (h *mockLightningClient) ListChannels(ctx context.Context) (
func (h *mockLightningClient) ListChannels(context.Context, bool, bool) (
[]lndclient.ChannelInfo, error) {

return h.lnd.Channels, nil
Expand Down
2 changes: 1 addition & 1 deletion test/walletkit_mock.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func (m *mockWalletKit) ListUnspent(ctx context.Context, minConfs,
}

func (m *mockWalletKit) LeaseOutput(ctx context.Context, lockID wtxmgr.LockID,
op wire.OutPoint) (time.Time, error) {
op wire.OutPoint, duration time.Duration) (time.Time, error) {

return time.Now(), nil
}
Expand Down