rpcserver: Add flag to BakeMacaroonRequest for allowing external permissions

2025-06-29 18:10:48 +02:00 · 2021-05-17 02:13:38 -04:00
parent d10a682fa9
commit 72a46b8673
4 changed files with 564 additions and 529 deletions
--- a/rpcserver.go
+++ b/rpcserver.go
@ -6799,6 +6799,8 @@ func (r *rpcServer) ChannelAcceptor(stream lnrpc.Lightning_ChannelAcceptorServer

 // BakeMacaroon allows the creation of a new macaroon with custom read and write
 // permissions. No first-party caveats are added since this can be done offline.
+// If the --allow-external-permissions flag is set, the RPC will allow
+// external permissions that LND is not aware of.
 func (r *rpcServer) BakeMacaroon(ctx context.Context,
 	req *lnrpc.BakeMacaroonRequest) (*lnrpc.BakeMacaroonResponse, error) {

@ -6821,9 +6823,18 @@ func (r *rpcServer) BakeMacaroon(ctx context.Context,
 	}

 	// Validate and map permission struct used by gRPC to the one used by
-	// the bakery.
+	// the bakery. If the --allow-external-permissions flag is set, we
+	// will not validate, but map.
 	requestedPermissions := make([]bakery.Op, len(req.Permissions))
 	for idx, op := range req.Permissions {
+		if req.AllowExternalPermissions {
+			requestedPermissions[idx] = bakery.Op{
+				Entity: op.Entity,
+				Action: op.Action,
+			}
+			continue
+		}
+
 		if !stringInSlice(op.Entity, validEntities) {
 			return nil, fmt.Errorf("invalid permission entity. %s",
 				helpMsg)