Closed gkrizek closed 3 years ago
It's really strange why admin.macaroon is not sufficient. Baking specific macaroons is already possible (I did it for BTCPayServer for instance).
I just figured out I'm blocked on this since I separated the macaroons into different directories to improve security. Any chance to get this working?
The admin macaroon would be more than enough. But it's a feature (or bug, depending on the context) of the lndclient
library that it wants to make sure you have all required subservers activated in lnd
and the macaroons baked for them.
This certainly isn't optimal and I started working on a fix that allows you to specify a single, custom macaroon that contains all required permissions. That can be the admin.macaroon
or one baked specifically for loop
.
@guggero awesome! I like that idea. This problem exists in Faraday and therefore LiT too. I'm guessing fixing it for one fixes them all?
Yes, it will be fixed in all projects that use lndclient
, though it will need a separate PR in each of them to enable the feature.
Since the changes needed were merged into the library, this should now be easy, right? If so and you don't have the time to do it soon, I could take a look at it. (Disclaimer: I'm not a Go developer.)
I'll see if I can get to creating a PR for this in the next few days. If there isn't a PR up until end of week, feel free to try yourself.
Thanks!
Currently users are required to specify a directory for LND's macaroons with --lnd.macaroondir. This can be problematic or annoying if you aren't running loopd on the same server that's running LND. I would suggest the ability to use a single macaroon (like admin.macaroon) to make it easy to use. Eventually once the macaroon baking changes land in LND we could even bake a macaroon specific for loop.