Replies: 1 comment 1 reply
-
Thanks for your questions. I think most of what you're looking for is possible, just not necessarily in the UI. Let's see.
Can be achieved like this:
With the lightning-terminal/accounts/checkers.go Line 113 in 666f19c
Same as above, but the URIs would just be those for creating invoices (e.g.
Yes. As long as you ignore/discard the macaroon created in the
I think that would be amazingly helpful as a document to have in the repo. A PR to do that would be highly appreciated 🙏
The permissions of a session is just the macaroon that is passed to the client during the LNC handshake. But it looks like (at least with Base example from https://github.com/lightninglabs/lnc-web, see https://github.com/lightninglabs/lnc-web/blob/main/lib/lnc.ts for not-yet-examplified functions like import LNC from ‘@lightninglabs/lnc-web’;
const pairingPhrase = ‘artefact morning piano photo consider light’;
const password = 'u*E0F?gU\d($N&Ckh8u)tLm';
// default connection using WASM from CDN
// WASM loaded on object creation
// default host: mailbox.terminal.lightning.today:443
// password used for encrypting credentials
const lnc = new LNC({
pairingPhrase,
password
});
let readOnly = lnc.isReadOnly();
// Note the slightly different format for the URI here, it's `package.Service.Method` instead of `/package.Service/Method` as is used for the `litcli ... --uri` parameter.
let sendPermission = lnc.hasPerms('lnrpc.Lightning.SendPayment') || lnc.hasPerms('lnrpc.Lightning.SendPaymentSync')
Not from the macaroon itself, as that info isn't encoded in the macaroon. But if you call into Hope those answers are helpful (feel free to incorporate this into a document/PR if you like). |
Beta Was this translation helpful? Give feedback.
-
I'm implementing LNC for stacker news. We'd like to do the following:
I'm beginning to think about how we'd instruct someone to use LNC and have some questions.
A. It appears (1) is mostly possible from the GUI through the 'custodial' option. From the GUI, it requires also permitting receives and there's no way around that afaict. Is that correct?
B. For (2), is there a way to reuse the account in (1) but not be granted spending permissions from the GUI? For context, we don't want spending permissions stored on our servers.
Are we thinking about this right? Does anyone have any recommendations? Should we just write a CLI walkthrough?
Also, maybe a question for another repo, but is there an easy way to check session permissions? For receiving via macaroon-based auth, we decode the macaroon in the browser then validate it only has the ability to read/write invoices. Is there a way to list all the permissions on an LNC session? And, is there a way to check it has a sane budget?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions