BakeSuperMacaroon

BakeSuperMacaroon bakes a new macaroon that includes permissions for all the active daemons that LiT is connected to.

Source: proxy.proto

gRPC

rpc BakeSuperMacaroon (BakeSuperMacaroonRequest) returns (BakeSuperMacaroonResponse);

REST

HTTP Method	Path
POST	/v1/proxy/supermacaroon

Code Samples

gRPC

Javascript

const fs = require('fs');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');

const GRPC_HOST = 'localhost:8443'
const MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'
const TLS_PATH = 'LIT_DIR/tls.cert'

const loaderOptions = {
  keepCase: true,
  longs: String,
  enums: String,
  defaults: true,
  oneofs: true,
};
const packageDefinition = protoLoader.loadSync('proxy.proto', loaderOptions);
const litrpc = grpc.loadPackageDefinition(packageDefinition).litrpc;
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
const tlsCert = fs.readFileSync(TLS_PATH);
const sslCreds = grpc.credentials.createSsl(tlsCert);
const macaroon = fs.readFileSync(MACAROON_PATH).toString('hex');
const macaroonCreds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
  let metadata = new grpc.Metadata();
  metadata.add('macaroon', macaroon);
  callback(null, metadata);
});
let creds = grpc.credentials.combineChannelCredentials(sslCreds, macaroonCreds);
let client = new litrpc.Proxy(GRPC_HOST, creds);
let request = {
  root_key_id_suffix: <uint32>,
  read_only: <bool>,
};
client.bakeSuperMacaroon(request, function(err, response) {
  console.log(response);
});
// Console output:
//  {
//    "macaroon": <string>,
//  }

Python

import codecs, grpc, os
# Generate the following 2 modules by compiling the proxy.proto with the grpcio-tools.
# See https://github.com/lightningnetwork/lnd/blob/master/docs/grpc/python.md for instructions.
import proxy_pb2 as litrpc, proxy_pb2_grpc as proxystub

GRPC_HOST = 'localhost:8443'
MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'
TLS_PATH = 'LIT_DIR/tls.cert'

# create macaroon credentials
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
def metadata_callback(context, callback):
  callback([('macaroon', macaroon)], None)
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# create SSL credentials
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
# combine macaroon and SSL credentials
combined_creds = grpc.composite_channel_credentials(ssl_creds, auth_creds)
# make the request
channel = grpc.secure_channel(GRPC_HOST, combined_creds)
stub = proxystub.ProxyStub(channel)
request = litrpc.BakeSuperMacaroonRequest(
  root_key_id_suffix=<uint32>,
  read_only=<bool>,
)
response = stub.BakeSuperMacaroon(request)
print(response)
# {
#    "macaroon": <string>,
# }

REST

Javascript

const fs = require('fs');
const request = require('request');

const REST_HOST = 'localhost:8443'
const MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'

let requestBody = {
  root_key_id_suffix: <integer>, // <uint32> 
  read_only: <boolean>, // <bool> 
};
let options = {
  url: `https://${REST_HOST}/v1/proxy/supermacaroon`,
  // Work-around for self-signed certificates.
  rejectUnauthorized: false,
  json: true,
  headers: {
    'Grpc-Metadata-macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
  },
  form: JSON.stringify(requestBody),
}
request.post(options, function(error, response, body) {
  console.log(body);
});
// Console output:
//  {
//    "macaroon": <string>, // <string> 
//  }

Python

import base64, codecs, json, requests

REST_HOST = 'localhost:8443'
MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'
TLS_PATH = 'LIT_DIR/tls.cert'

url = f'https://{REST_HOST}/v1/proxy/supermacaroon'
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
headers = {'Grpc-Metadata-macaroon': macaroon}
data = {
  'root_key_id_suffix': <uint32>,
  'read_only': <bool>,
}
r = requests.post(url, headers=headers, data=json.dumps(data), verify=TLS_PATH)
print(r.json())
# {
#    "macaroon": <string>,
# }

Shell

$ litcli bakesupermacaroon --help

NAME:
   litcli bakesupermacaroon - Bake a new super macaroon with all of LiT's active permissions

USAGE:
   litcli bakesupermacaroon [command options] [arguments...]

CATEGORY:
   LiT

DESCRIPTION:
   Bake a new super macaroon with all of LiT's active permissions.

OPTIONS:
   --root_key_suffix value  A 4-byte suffix to use in the construction of the root key ID. If not provided, then a random one will be generated. This must be specified as a hex string using a maximum of 8 characters.
   --read_only              Whether the macaroon should only contain read permissions.
   --save_to value          Save returned admin macaroon to this file.
   

Messages

litrpc.BakeSuperMacaroonRequest

Source: proxy.proto

Field	gRPC Type	REST Type	REST Placement
root_key_id_suffix The root key ID suffix is the 4-byte suffix of the root key ID that will be used to create the macaroon.	uint32	integer	body
read_only Whether the macaroon should only contain read permissions.	bool	boolean	body

litrpc.BakeSuperMacaroonResponse

Source: proxy.proto

Field	gRPC Type	REST Type
macaroon The hex encoded macaroon.	string	string