multi: add macaroon service and remove ui password use in litcli #308
Conversation
ellemouton
force-pushed
the
macaroonService
branch
2 times, most recently
from
b69ed87 to
ab37af6
Compare
session_rpcserver.go
Outdated
|
|
||
| var ( | ||
| // TODO(elle): Temp values. change these before landing pr. | ||
| nBytes, _ = hex.DecodeString( |
There was a problem hiding this comment.
Should instead be a key derived from the user's seed?
There was a problem hiding this comment.
from the users seed in LND? yes this is the idea. So we have a static pubkey here (need to still gen a proper one) and then we derive a shared secret with lnd using this static key and a seed in LND using the DeriveSharedSecret endpoint. the macaroon service does this.
Is this what you mean or is there a litd user seed that you mean?
There was a problem hiding this comment.
Here's the public key derived with numsgen from LNC with the phrase "Shared Secret": 0215b5a3e0ef58b101431e1e513dd017d1018b420bd2e89dcd71f45c031f00469e
Should probably mention the phrase and link to https://github.com/lightninglabs/lightning-node-connect/tree/master/mailbox/numsgen
ellemouton
force-pushed
the
macaroonService
branch
from
ab37af6 to
ef27e42
Compare
session_rpcserver.go
Outdated
|
|
||
| var ( | ||
| // TODO(elle): Temp values. change these before landing pr. | ||
| nBytes, _ = hex.DecodeString( |
There was a problem hiding this comment.
Here's the public key derived with numsgen from LNC with the phrase "Shared Secret": 0215b5a3e0ef58b101431e1e513dd017d1018b420bd2e89dcd71f45c031f00469e
Should probably mention the phrase and link to https://github.com/lightninglabs/lightning-node-connect/tree/master/mailbox/numsgen
ellemouton
force-pushed
the
macaroonService
branch
3 times, most recently
from
3d664cc to
e4f3ab4
Compare
ellemouton
force-pushed
the
macaroonService
branch
from
e4f3ab4 to
b2035c5
Compare
ellemouton
force-pushed
the
macaroonService
branch
2 times, most recently
from
dd942fd to
5b93b03
Compare
|
this is pretty much ready for re-review. Just waiting on tagged releases for pool & faraday so the go.mod here can be bumped to include the macaroon service changes in those repos. |
|
Can you rebase this when you have time please so I can do another pass? |
ellemouton
force-pushed
the
macaroonService
branch
from
5b93b03 to
3d08303
Compare
|
Mmmm ok I rebased but need to still figure out how to update the itests to use the macaroon path instead of ui password.... |
ellemouton
force-pushed
the
macaroonService
branch
from
3d08303 to
7597dd7
Compare
|
ok, the itest is fixed now @guggero , this is ready for re-review 👍 (btw, the lnc-auth itest for remote mote consistently fails for me on my machine (on master branch too). any idea why that could be?) |
ellemouton
force-pushed
the
macaroonService
branch
3 times, most recently
from
c767f6a to
86655ab
Compare
ellemouton
force-pushed
the
macaroonService
branch
from
86655ab to
c63d828
Compare
|
erg the itests are failing now. dont think i quite understand what do want/dont want on the lnd vs litd port... |
|
nvm, i found the issue. will push up in a minute |
ellemouton
force-pushed
the
macaroonService
branch
from
c63d828 to
d0d7b27
Compare
|
will update this today 👍 |
ellemouton
force-pushed
the
macaroonService
branch
3 times, most recently
from
22b9432 to
29806d1
Compare
|
updated @guggero 😊 |
ellemouton
force-pushed
the
macaroonService
branch
from
29806d1 to
52981ea
Compare
|
@Roasbeef: review reminder |
Currently, if in lnd-remote mode, the tls cert path will be constructed to be in the network directory which it should not be.
Let sessionRpcServer handle the session db and session server instead of LightningTerminal handling those direclty. Then start the sessionRpcServer as if it was a subserver like loop/pool.
Add a macaroonService to the main LightningTerminal struct.
Use the new macaroon service to verify LitURI calls.
ellemouton
force-pushed
the
macaroonService
branch
from
52981ea to
79d2531
Compare
|
@Roasbeef , could you take a quick look at this pr? I think we are just waiting for your ACK here since you previously left some review comments on it |
| wrap := fmt.Errorf("invalid basic auth") | ||
| _, err := g.rpcProxy.convertBasicAuth(ctx, fullMethod, wrap) | ||
| if err != nil { | ||
| if !g.macaroonServiceStarted { |
There was a problem hiding this comment.
How are we planning on handling the rollout here re people with old litd installs and TW? Specifically, lets say a new TW client is running in the browser and goes to connect to my existing (unupgraded) litd node, as is this operation will fail.
There was a problem hiding this comment.
LitURI calls are not allowed through TW.
| @@ -1,14 +1,11 @@ | |||
| package main | |||
|
|
|||
| import ( | |||
| "context" | |||
There was a problem hiding this comment.
Note, this means that in stateless mode, litcli calls wont work and all calls will need to go through tht UI.
Which UI?
Isn't it the case that litcli can still just use the macaroon to interact w/ litd? Stateless just means we don't write the macaroon to disk, but as long as litcli can find that macaroon somehow, then things should work.
There was a problem hiding this comment.
Which UI?
The UI served from the Litd binary.
but as long as litcli can find that macaroon somehow, then things should work.
yeah 👍 updated the commit message 👍
| "the necessary macaroon: %w", pubKeyBytes, err) | ||
| return nil | ||
| } | ||
| if sess.Type != session.TypeMacaroonAdmin && |
There was a problem hiding this comment.
Below we check TypeMacaroonReadonly, so presumably we want to allow it here as well?
There was a problem hiding this comment.
this check errors out if type is not either admin or readonly. If it is one of those then it is allowed.
ellemouton
force-pushed
the
macaroonService
branch
from
79d2531 to
371e17f
Compare
Remove the use of the UI password from litcl. Use the litd macaroon instead. Note, this means that in stateless mode, litcli won't have a macaroon to use on disk and one must be baked specifically.
ellemouton
force-pushed
the
macaroonService
branch
from
371e17f to
6ebab93
Compare
Add a macaroon service to litd for its session rpc server and use this to validate incoming LitURI calls. Remove ui password requirement from litcli.