From 1681be6d65f809ec56d970573e2db0430e0f2434 Mon Sep 17 00:00:00 2001
From: Slyghtning <hieblmi@protonmail.com>
Date: Fri, 7 Mar 2025 09:57:57 +0100
Subject: [PATCH] lncli: ip range caveat for macaroons

---
 cmd/commands/cmd_macaroon.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/cmd/commands/cmd_macaroon.go b/cmd/commands/cmd_macaroon.go
index d7d6d5f9d..7e94e496d 100644
--- a/cmd/commands/cmd_macaroon.go
+++ b/cmd/commands/cmd_macaroon.go
@@ -30,6 +30,10 @@ var (
 		Name:  "ip_address",
 		Usage: "the IP address the macaroon will be bound to",
 	}
+	macIPRangeFlag = cli.StringFlag{
+		Name:  "ip_range",
+		Usage: "the IP range the macaroon will be bound to",
+	}
 	macCustomCaveatNameFlag = cli.StringFlag{
 		Name:  "custom_caveat_name",
 		Usage: "the name of the custom caveat to add",
@@ -557,6 +561,19 @@ func applyMacaroonConstraints(ctx *cli.Context,
 		)
 	}
 
+	if ctx.IsSet(macIPRangeFlag.Name) {
+		_, net, err := net.ParseCIDR(ctx.String(macIPRangeFlag.Name))
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse ip_range "+
+				"%s: %w", ctx.String("ip_range"), err)
+		}
+
+		macConstraints = append(
+			macConstraints,
+			macaroons.IPLockConstraint(net.String()),
+		)
+	}
+
 	if ctx.IsSet(macCustomCaveatNameFlag.Name) {
 		customCaveatName := ctx.String(macCustomCaveatNameFlag.Name)
 		if containsWhiteSpace(customCaveatName) {