macaroons+rpcserver: Add new RPC call for checking macaroon permissions

2025-11-10 06:07:16 +01:00 · 2021-05-17 02:19:30 -04:00
parent 1ea6db1f26
commit d10a682fa9
9 changed files with 1000 additions and 571 deletions
--- a/macaroons/service.go
+++ b/macaroons/service.go
@@ -161,10 +161,20 @@ func (svc *Service) ValidateMacaroon(ctx context.Context,
 			len(md["macaroon"]))
 	}

+	return svc.CheckMacAuth(
+		ctx, md["macaroon"][0], requiredPermissions, fullMethod,
+	)
+}
+
+// CheckMacAuth checks that the macaroon is not disobeying any caveats and is
+// authorized to perform the operation the user wants to perform.
+func (svc *Service) CheckMacAuth(ctx context.Context, macStr string,
+	requiredPermissions []bakery.Op, fullMethod string) error {
+
 	// With the macaroon obtained, we'll now decode the hex-string
 	// encoding, then unmarshal it from binary into its concrete struct
 	// representation.
-	macBytes, err := hex.DecodeString(md["macaroon"][0])
+	macBytes, err := hex.DecodeString(macStr)
 	if err != nil {
 		return err
 	}