lnd: add Authenticate method

Adds a global Authenticate method that can be used to get the atuhentication options needed to call the grpc server. Currently meant only for used with the mobile bindings, so we use the admin macaroon.
2019-12-02 13:23:20 +01:00 · 2019-12-02 13:23:20 +01:00 · 7077d19589
commit 7077d19589
parent ca22001bab
1 changed files with 40 additions and 0 deletions
--- a/lnd.go
+++ b/lnd.go
@ -22,6 +22,7 @@ import (
 	_ "net/http/pprof"

 	"gopkg.in/macaroon-bakery.v2/bakery"
+	"gopkg.in/macaroon.v2"

 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@ -59,6 +60,45 @@ var (
 	networkDir string
 )

+// AdminAuthOptions returns a list of DialOptions that can be used to
+// authenticate with the RPC server with admin capabilities.
+//
+// NOTE: This should only be called after the RPCListener has signaled it is
+// ready.
+func AdminAuthOptions() ([]grpc.DialOption, error) {
+	creds, err := credentials.NewClientTLSFromFile(cfg.TLSCertPath, "")
+	if err != nil {
+		return nil, fmt.Errorf("unable to read TLS cert: %v", err)
+	}
+
+	// Create a dial options array.
+	opts := []grpc.DialOption{
+		grpc.WithTransportCredentials(creds),
+	}
+
+	// Get the admin macaroon if macaroons are active.
+	if !cfg.NoMacaroons {
+		// Load the adming macaroon file.
+		macBytes, err := ioutil.ReadFile(cfg.AdminMacPath)
+		if err != nil {
+			return nil, fmt.Errorf("unable to read macaroon "+
+				"path (check the network setting!): %v", err)
+		}
+
+		mac := &macaroon.Macaroon{}
+		if err = mac.UnmarshalBinary(macBytes); err != nil {
+			return nil, fmt.Errorf("unable to decode macaroon: %v",
+				err)
+		}
+
+		// Now we append the macaroon credentials to the dial options.
+		cred := macaroons.NewMacaroonCredential(mac)
+		opts = append(opts, grpc.WithPerRPCCredentials(cred))
+	}
+
+	return opts, nil
+}
+
 // ListnerWithSignal is a net.Listner that has an additional Ready channel that
 // will be closed when a server starts listening.
 type ListenerWithSignal struct {