rpcproxy: pass the bake-mac call directly to LND if in stateless mode

In this commit, we force the permissions manager to see the
BakeSuperMacaroon call of LiT as whitelisted. This means that when the
initial call comes in, the `LightningTerminal.ValidateMacaroon` method
will return early and not validate the call (which would fail in
stateless init mode since LiT does not have a macaroon service in that
case). So the call ends up going through to the rpcProxy's
BakeSuperMacaroon method. Here we now have the following flow:
- if the request does not have stateless_init set, then we keep the flow
  as it was:
        1) Use the lit mac validator to check that the call is allowed
           given the required permissions of `BakeSuperMacaroon`.
        2) if it is, then use the existing connection to LND that Lit
           has to do the macaroon baking call.
- if stateless_init mode is set, then we do the following:
        1) we extract the macaroon from the call (this should be an LND
           macaroon)
        2) we create a new connection to LND using this provided
           macaroon.
        3) use this connection to LND to bake the macaroon.

Author: ellemouton

rpc_proxy.go

@@ -17,6 +17,7 @@ import (
 	"github.com/lightninglabs/lightning-terminal/session"
 	litstatus "github.com/lightninglabs/lightning-terminal/status"
 	"github.com/lightninglabs/lightning-terminal/subservers"
+	"github.com/lightninglabs/lndclient"
 	"github.com/lightningnetwork/lnd/lncfg"
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/macaroons"
@@ -34,6 +35,10 @@ const (
 	// HeaderMacaroon is the HTTP header field name that is used to send
 	// the macaroon.
 	HeaderMacaroon = "Macaroon"
+
+	// bakeSuperMacURI is the LiT service URI that can be used to bake a
+	// super macaroon.
+	bakeSuperMacURI = "/litrpc.Proxy/BakeSuperMacaroon"
 )
 
 var (
@@ -251,6 +256,14 @@ func (p *rpcProxy) GetInfo(_ context.Context, _ *litrpc.GetInfoRequest) (
 // BakeSuperMacaroon bakes a new macaroon that includes permissions for
 // all the active daemons that LiT is connected to.
 //
+// NOTE that we must always explicitly check the provided macaroon for this
+// method. If req.StatelessInit is false, then we check the macaroon against
+// LiT's macaroon validator, and then we just use LiT's existing, authenticated,
+// connection to LND to bake the macaroon. Otherwise, when StatelessInit is
+// true, we don't verify the macaroon here. We instead create a new connection
+// to LND using the provided macaroon for authentication, and we use this new
+// connection to bake the macaroon.
+//
 // NOTE: this is part of the litrpc.ProxyServiceServer interface.
 func (p *rpcProxy) BakeSuperMacaroon(ctx context.Context,
 	req *litrpc.BakeSuperMacaroonRequest) (
@@ -260,7 +273,59 @@ func (p *rpcProxy) BakeSuperMacaroon(ctx context.Context,
 		return nil, ErrWaitingToStart
 	}
 
-	superMac, err := p.bakeSuperMac(ctx, p.basicClient, req.RootKeyIdSuffix)
+	// Error out early if we are not in integrated mode and the
+	// stateless_init flag was set. Note that if we pass this check, we
+	// also know that LND is running in integrated mode
+	if req.StatelessInit && !p.cfg.statelessInitMode {
+		return nil, fmt.Errorf("LiT is not running in " +
+			"stateless-init mode")
+	}
+
+	var lndClient lnrpc.LightningClient
+	if !req.StatelessInit {
+		perms, ok := p.permsMgr.URIPermissions(bakeSuperMacURI)
+		if !ok {
+			return nil, fmt.Errorf("unknown perms for %s",
+				bakeSuperMacURI)
+		}
+
+		// Verify the macaroon using LiT's macaroon validator.
+		err := p.litMacValidator.ValidateMacaroon(
+			ctx, perms, bakeSuperMacURI,
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		// Use LiT's authenticated connection to LND to bake the
+		// macaroon.
+		lndClient = p.basicClient
+	} else {
+		// If we are in stateless Init mode, then this call was made
+		// unauthenticated into LiT. However, it should have an LND
+		// macaroon attached which can be used to bake the macaroon.
+		// So we create a new connection to LND using this macaroon.
+
+		// Extract the macaroon from the context. This should be an
+		// LND macaroon.
+		macHex, err := macaroons.RawMacaroonFromContext(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		// Create a new connection to LND using the macaroon provided
+		// in the context.
+		lndClient, err = lndclient.NewBasicClient(
+			p.cfg.lndDialAddr(), "", "", p.cfg.Network,
+			lndclient.MacaroonData(macHex),
+			lndclient.Insecure(),
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	superMac, err := p.bakeSuperMac(ctx, lndClient, req.RootKeyIdSuffix)
 	if err != nil {
 		return nil, err
 	}

terminal.go

@@ -251,6 +251,11 @@ func (g *LightningTerminal) Run() error {
 			err)
 	}
 
+	// We will check the BakeSuperMacaroon auth within the handler itself.
+	if err = g.permsMgr.ForceWhiteListURL(bakeSuperMacURI); err != nil {
+		return err
+	}
+
 	// The litcli status command will call the "/lnrpc.State/GetState" RPC.
 	// As the status command is available to the user before the macaroons
 	// have been loaded/created, and before the lnd clients have been