wip: completed

Author: positiveblue

itest/litd_node.go

@@ -24,6 +24,7 @@ import (
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/lightninglabs/faraday/frdrpc"
+	"github.com/lightninglabs/lightning-terminal/litrpc"
 	"github.com/lightninglabs/loop/looprpc"
 	"github.com/lightninglabs/pool/poolrpc"
 	"github.com/lightningnetwork/lnd/lnrpc"
@@ -228,9 +229,13 @@ type HarnessNode struct {
 	// methods SignMessage and VerifyMessage.
 	SignerClient signrpc.SignerClient
 
-	// conn is the underlying connection to the grpc endpoint of the node.
+	// conn is the underlying connection to the lnd grpc endpoint of the
+	// node.
 	conn *grpc.ClientConn
 
+	// litConn is the underlying connection to Lit's grpc endpoint.
+	litConn *grpc.ClientConn
+
 	// RouterClient, WalletKitClient, WatchtowerClient cannot be embedded,
 	// because a name collision would occur with LightningClient.
 	RouterClient     routerrpc.RouterClient
@@ -596,13 +601,24 @@ func (hn *HarnessNode) start(litdBinary string, litdError chan<- error,
 		return nil
 	}
 
+	// Also connect to Lit's RPC port for any Litd specific calls.
+	litConn, err := connectLitRPC(
+		context.Background(), hn.Cfg.LitAddr(), hn.Cfg.LitTLSCertPath,
+		hn.Cfg.LitMacPath,
+	)
+	if err != nil {
+		return err
+	}
+	hn.litConn = litConn
+
 	return hn.initLightningClient(conn)
 }
 
 // WaitUntilStarted waits until the wallet state flips from "WAITING_TO_START".
 func (hn *HarnessNode) WaitUntilStarted(conn grpc.ClientConnInterface,
 	timeout time.Duration) error {
 
+	// First wait for Litd state server to show that LND has started.
 	err := hn.waitForState(conn, timeout, func(s lnrpc.WalletState) bool {
 		return s >= lnrpc.WalletState_SERVER_ACTIVE
 	})
@@ -1106,6 +1122,21 @@ func (hn *HarnessNode) stop() error {
 		}
 	}
 
+	// If lit is running in remote mode, then calling LNDs StopDaemon
+	// method will not shut down Lit, and so we need to explicitly request
+	// lit to shut down.
+	if hn.Cfg.RemoteMode {
+		ctx, cancel := context.WithTimeout(
+			context.Background(), lntest.DefaultTimeout,
+		)
+		litConn := litrpc.NewLitServiceClient(hn.litConn)
+		_, err := litConn.StopDaemon(ctx, &litrpc.StopDaemonRequest{})
+		cancel()
+		if err != nil {
+			return err
+		}
+	}
+
 	// Wait for lnd process and other goroutines to exit.
 	select {
 	case <-hn.processExit:
@@ -1800,3 +1831,40 @@ func (hn *HarnessNode) getChannelPolicies(include bool) policyUpdateMap {
 
 	return policyUpdates
 }
+
+// connectLigRPC can be used to connect to the lit rpc server.
+func connectLitRPC(ctx context.Context, hostPort, tlsCertPath,
+	macPath string) (*grpc.ClientConn, error) {
+
+	tlsCreds, err := credentials.NewClientTLSFromFile(tlsCertPath, "")
+	if err != nil {
+		return nil, err
+	}
+
+	opts := []grpc.DialOption{
+		grpc.WithBlock(),
+		grpc.WithTransportCredentials(tlsCreds),
+	}
+
+	if macPath != "" {
+		macBytes, err := ioutil.ReadFile(macPath)
+		if err != nil {
+			return nil, err
+		}
+
+		mac := &macaroon.Macaroon{}
+		if err = mac.UnmarshalBinary(macBytes); err != nil {
+			return nil, fmt.Errorf("error unmarshalling macaroon "+
+				"file: %v", err)
+		}
+
+		macCred, err := macaroons.NewMacaroonCredential(mac)
+		if err != nil {
+			return nil, fmt.Errorf("error cloning mac: %v", err)
+		}
+
+		opts = append(opts, grpc.WithPerRPCCredentials(macCred))
+	}
+
+	return grpc.DialContext(ctx, hostPort, opts...)
+}

subservers/manager.go

@@ -27,14 +27,16 @@ var (
 
 // Manager manages a set of subServer objects.
 type Manager struct {
-	servers []*subServer
-	mu      sync.RWMutex
+	servers  []*subServer
+	permsMgr *PermissionsMgr
+	mu       sync.RWMutex
 }
 
 // NewManager constructs a new subServerMgr.
-func NewManager() *Manager {
+func NewManager(permsMgr *PermissionsMgr) *Manager {
 	return &Manager{
-		servers: []*subServer{},
+		servers:  []*subServer{},
+		permsMgr: permsMgr,
 	}
 }
 
@@ -128,7 +130,9 @@ func (s *Manager) GetRemoteConn(uri string) (bool, *grpc.ClientConn) {
 	defer s.mu.RUnlock()
 
 	for _, ss := range s.servers {
-		// TODO(positiveblue): check subserver permissions.
+		if !s.permsMgr.IsSubServerURI(ss.Name(), uri) {
+			continue
+		}
 
 		if !ss.Remote() {
 			return false, nil
@@ -152,7 +156,9 @@ func (s *Manager) ValidateMacaroon(ctx context.Context,
 	defer s.mu.RUnlock()
 
 	for _, ss := range s.servers {
-		// TODO(positiveblue): check subserver permissions.
+		if !s.permsMgr.IsSubServerURI(ss.Name(), uri) {
+			continue
+		}
 
 		if ss.Remote() {
 			return true, nil
@@ -178,7 +184,13 @@ func (s *Manager) HandledBy(uri string) (bool, SubServerName) {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 
-	// TODO(positiveblue): check subserver permissions.
+	for _, ss := range s.servers {
+		if !s.permsMgr.IsSubServerURI(ss.Name(), uri) {
+			continue
+		}
+
+		return true, ss.Name()
+	}
 
 	return false, ""
 }
@@ -190,7 +202,9 @@ func (s *Manager) MacaroonPath(uri string) (bool, string) {
 	defer s.mu.RUnlock()
 
 	for _, ss := range s.servers {
-		// TODO(positiveblue): check subserver permissions.
+		if !s.permsMgr.IsSubServerURI(ss.Name(), uri) {
+			continue
+		}
 
 		if ss.Remote() {
 			return true, ss.RemoteConfig().MacaroonPath
@@ -210,7 +224,9 @@ func (s *Manager) ReadRemoteMacaroon(uri string) (macaroonPath string) {
 	defer s.mu.RUnlock()
 
 	for _, ss := range s.servers {
-		// TODO(positiveblue): check subserver permissions.
+		if !s.permsMgr.IsSubServerURI(ss.Name(), uri) {
+			continue
+		}
 
 		if !ss.Remote() {
 			// return false, nil, nil