search

lightninglabs / lightning-terminal

Lightning Terminal: Your Home for Lightning Liquidity
MIT License
509 stars 91 forks source link

accounts: tighten macaroon permissions to reflect allowed calls #504

Open guggero opened 1 year ago

guggero commented 1 year ago

Currently, when creating an account, the permissions assigned to the macaroon that is created for the account are:

                "info:read",
                "invoices:read",
                "invoices:write",
                "offchain:read",
                "offchain:write",
                "onchain:read",
                "peers:read"

But this is a superset of the calls that are actually allowed to be made with an account restricted macaroon, which leads to incorrect permissions being reported when using the wasmClientHasPerms call in LNC.

The actual list of calls that should be allowed is (see https://github.com/lightninglabs/lightning-terminal/blob/master/accounts/checkers.go#L111):

/lnrpc.Lightning/AddInvoice
/lnrpc.Lightning/ListInvoices
/lnrpc.Lightning/LookupInvoice
/lnrpc.Lightning/SendPayment
/lnrpc.Lightning/SendPaymentSync
/routerrpc.Router/SendPaymentV2
/lnrpc.Lightning/SendToRoute
/lnrpc.Lightning/SendToRouteSync
/routerrpc.Router/SendToRouteV2
/lnrpc.Lightning/DecodePayReq
/lnrpc.Lightning/ListPayments
/routerrpc.Router/TrackPaymentV2
/lnrpc.Lightning/PendingChannels
/lnrpc.Lightning/ListChannels
/lnrpc.Lightning/ClosedChannels
/lnrpc.Lightning/ChannelBalance
/lnrpc.Lightning/WalletBalance
/lnrpc.Lightning/GetTransactions
/lnrpc.Lightning/ListPeers
/lnrpc.Lightning/GetInfo
/lnrpc.Lightning/GetNodeInfo
levmi commented 1 year ago

@itsrachelfish assigning you to this one as you're the most familiar with this area of the code base! Thanks!

kaloudis commented 1 year ago

I don't think /lnrpc.Lightning/ListChannels should be on the list because even though the call returns, it's always an empty. It's more useful for people integrating to just have this return as false so they can know to no show any channels-related UI.

guggero commented 1 year ago

I don't think /lnrpc.Lightning/ListChannels should be on the list because even though the call returns, it's always an empty. It's more useful for people integrating to just have this return as false so they can know to no show any channels-related UI.

Sounds good! When I originally built this, I used Zap as the UI to test it. And that just made the call, as it didn't have any capability of detecting permissions.