BakeSuperMacaroon
BakeSuperMacaroon bakes a new macaroon that includes permissions for all the active daemons that LiT is connected to.
Source: proxy.proto
gRPC
rpc BakeSuperMacaroon (BakeSuperMacaroonRequest) returns (BakeSuperMacaroonResponse);
REST
| HTTP Method | Path |
|---|---|
| POST | /v1/proxy/supermacaroon |
Code Samples
- gRPC
- REST
- litcli
- Javascript
- Python
- grpcurl
const fs = require('fs');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');
const GRPC_HOST = 'localhost:8443'
const MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'
const TLS_PATH = 'LIT_DIR/tls.cert'
const loaderOptions = {
keepCase: true,
longs: String,
enums: String,
defaults: true,
oneofs: true,
};
const packageDefinition = protoLoader.loadSync('proxy.proto', loaderOptions);
const litrpc = grpc.loadPackageDefinition(packageDefinition).litrpc;
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
const tlsCert = fs.readFileSync(TLS_PATH);
const sslCreds = grpc.credentials.createSsl(tlsCert);
const macaroon = fs.readFileSync(MACAROON_PATH).toString('hex');
const macaroonCreds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
let metadata = new grpc.Metadata();
metadata.add('macaroon', macaroon);
callback(null, metadata);
});
let creds = grpc.credentials.combineChannelCredentials(sslCreds, macaroonCreds);
let client = new litrpc.Proxy(GRPC_HOST, creds);
let request = {
root_key_id_suffix: <uint32>,
read_only: <bool>,
};
client.bakeSuperMacaroon(request, function(err, response) {
console.log(response);
});
// Console output:
// {
// "macaroon": <string>,
// }
import codecs, grpc, os
# Generate the following 2 modules by compiling the proxy.proto with the grpcio-tools.
# See https://github.com/lightningnetwork/lnd/blob/master/docs/grpc/python.md for instructions.
import proxy_pb2 as litrpc, proxy_pb2_grpc as proxystub
GRPC_HOST = 'localhost:8443'
MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'
TLS_PATH = 'LIT_DIR/tls.cert'
# create macaroon credentials
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
def metadata_callback(context, callback):
callback([('macaroon', macaroon)], None)
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# create SSL credentials
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
# combine macaroon and SSL credentials
combined_creds = grpc.composite_channel_credentials(ssl_creds, auth_creds)
# make the request
channel = grpc.secure_channel(GRPC_HOST, combined_creds)
stub = proxystub.ProxyStub(channel)
request = litrpc.BakeSuperMacaroonRequest(
root_key_id_suffix=<uint32>,
read_only=<bool>,
)
response = stub.BakeSuperMacaroon(request)
print(response)
# {
# "macaroon": <string>,
# }
# grpcurl docs: https://github.com/fullstorydev/grpcurl
# Proto source: https://github.com/lightninglabs/lightning-terminal
GRPC_HOST=localhost:8443
LIT_DIR=~/.lit
LIT_SOURCE=path/to/lightning-terminal
NETWORK=mainnet
MACAROON_PATH="$LIT_DIR/$NETWORK/lit.macaroon"
TLS_PATH="$LIT_DIR/tls.cert"
grpcurl \
-import-path $LIT_SOURCE/litrpc/ \
-proto proxy.proto \
-cacert $TLS_PATH \
-H "macaroon: $(xxd -ps -u -c 1000 $MACAROON_PATH)" \
-d '{ "root_key_id_suffix": <uint32>, "read_only": <bool> }' \
$GRPC_HOST \
litrpc.Proxy/BakeSuperMacaroon
- Javascript
- Python
- curl
const fs = require('fs');
const request = require('request');
const REST_HOST = 'localhost:8443'
const MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'
let requestBody = {
root_key_id_suffix: <integer>, // <uint32>
read_only: <boolean>, // <bool>
};
let options = {
url: `https://${REST_HOST}/v1/proxy/supermacaroon`,
// Work-around for self-signed certificates.
rejectUnauthorized: false,
json: true,
headers: {
'Grpc-Metadata-macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
},
form: JSON.stringify(requestBody),
}
request.post(options, function(error, response, body) {
console.log(body);
});
// Console output:
// {
// "macaroon": <string>, // <string>
// }
import base64, codecs, json, requests
REST_HOST = 'localhost:8443'
MACAROON_PATH = 'LIT_DIR/regtest/lit.macaroon'
TLS_PATH = 'LIT_DIR/tls.cert'
url = f'https://{REST_HOST}/v1/proxy/supermacaroon'
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
headers = {'Grpc-Metadata-macaroon': macaroon}
data = {
'root_key_id_suffix': <uint32>,
'read_only': <bool>,
}
r = requests.post(url, headers=headers, data=json.dumps(data), verify=TLS_PATH)
print(r.json())
# {
# "macaroon": <string>,
# }
REST_HOST=localhost:8443
LIT_DIR=~/.lit
NETWORK=mainnet
MACAROON_PATH="$LIT_DIR/$NETWORK/lit.macaroon"
TLS_PATH="$LIT_DIR/tls.cert"
curl -X POST \
--cacert $TLS_PATH \
-H "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 $MACAROON_PATH)" \
-d '{ "root_key_id_suffix": <uint32>, "read_only": <bool> }' \
https://$REST_HOST/v1/proxy/supermacaroon
$ litcli bakesupermacaroon --help
NAME:
litcli bakesupermacaroon - Bake a new super macaroon with all of LiT's active permissions
USAGE:
litcli bakesupermacaroon [command options] [arguments...]
CATEGORY:
LiT
DESCRIPTION:
Bake a new super macaroon with all of LiT's active permissions.
OPTIONS:
--root_key_suffix value A 4-byte suffix to use in the construction of the root key ID. If not provided, then a random one will be generated. This must be specified as a hex string using a maximum of 8 characters.
--read_only Whether the macaroon should only contain read permissions.
--save_to value Save returned admin macaroon to this file.
Messages
litrpc.BakeSuperMacaroonRequest
Source: proxy.proto
| Field | gRPC Type | REST Type | REST Placement |
|---|---|---|---|
root_key_id_suffix | uint32 | integer | body |
read_only | bool | boolean | body |
litrpc.BakeSuperMacaroonResponse
Source: proxy.proto
| Field | gRPC Type | REST Type |
|---|---|---|
macaroon | string | string |