cmd/litcli: add bakesupermacaroon command

ellemouton · ellemouton · commit 17458b834ed9 · 2023-06-14T21:01:31.000+02:00
diff --git a/cmd/litcli/proxy.go b/cmd/litcli/proxy.go
@@ -2,9 +2,14 @@ package main
 
 import (
 	"context"
+	"crypto/rand"
+	"encoding/binary"
+	"encoding/hex"
 	"fmt"
+	"os"
 
 	"github.com/lightninglabs/lightning-terminal/litrpc"
+	"github.com/lightningnetwork/lnd/lncfg"
 	"github.com/urfave/cli"
 )
 
@@ -22,6 +27,29 @@ var litCommands = []cli.Command{
 		Category: "LiT",
 		Action:   getInfo,
 	},
+	{
+		Name: "bakesupermacaroon",
+		Usage: "Bake a new super macaroon with all of LiT's active " +
+			"permissions.",
+		Category: "LiT",
+		Action:   bakeSuperMacaroon,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name: "suffix",
+				Usage: "A 4-byte suffix to use in the " +
+					"construction of the root key ID. " +
+					"If not provided, then a random one " +
+					"will be generated. This must be " +
+					"specified hex string using a " +
+					"maximum of 8 characters.",
+			},
+			cli.StringFlag{
+				Name: "save_to",
+				Usage: "save returned admin macaroon to " +
+					"this file",
+			},
+		},
+	},
 }
 
 func getInfo(ctx *cli.Context) error {
@@ -61,3 +89,61 @@ func shutdownLit(ctx *cli.Context) error {
 
 	return nil
 }
+
+func bakeSuperMacaroon(ctx *cli.Context) error {
+	var suffixBytes [4]byte
+	if ctx.IsSet("suffix") {
+		suffixHex, err := hex.DecodeString(ctx.String("suffix"))
+		if err != nil {
+			return err
+		}
+
+		copy(suffixBytes[:], suffixHex)
+	} else {
+		_, err := rand.Read(suffixBytes[:])
+		if err != nil {
+			return err
+		}
+	}
+	suffix := binary.BigEndian.Uint32(suffixBytes[:])
+
+	clientConn, cleanup, err := connectClient(ctx)
+	if err != nil {
+		return err
+	}
+	defer cleanup()
+	client := litrpc.NewProxyClient(clientConn)
+
+	ctxb := context.Background()
+	resp, err := client.BakeSuperMacaroon(
+		ctxb, &litrpc.BakeSuperMacaroonRequest{
+			RootKeyIdSuffix: suffix,
+		},
+	)
+	if err != nil {
+		return err
+	}
+
+	// If the user specified the optional --save_to parameter, we'll save
+	// the macaroon to that file.
+	if ctx.IsSet("save_to") {
+		macSavePath := lncfg.CleanAndExpandPath(ctx.String("save_to"))
+		superMacBytes, err := hex.DecodeString(resp.Macaroon)
+		if err != nil {
+			return err
+		}
+
+		err = os.WriteFile(macSavePath, superMacBytes, 0644)
+		if err != nil {
+			_ = os.Remove(macSavePath)
+			return err
+		}
+		fmt.Printf("Super macaroon saved to %s\n", macSavePath)
+
+		return nil
+	}
+
+	printRespJSON(resp)
+
+	return nil
+}
