invoice macaroon - missing permissions

[ottosuess]

Background

I want to use the invoice macaroon in an application that only allows to receive payments.
Those are the current permissions for the invoice macaroon:

invoicePermissions = []bakery.Op{
	{
		Entity: "invoices",
		Action: "read",
	},
	{
		Entity: "invoices",
		Action: "write",
	},
	{
		Entity: "address",
		Action: "read",
	},
	{
		Entity: "address",
		Action: "write",
	},
}

It is possible to create new addresses, but to check whether a payment was received we also need permissions for "onchain read":

"/lnrpc.Lightning/SubscribeTransactions": {{
	Entity: "onchain",
	Action: "read",
}},
"/lnrpc.Lightning/GetTransactions": {{
	Entity: "onchain",
	Action: "read",
}},

The "info read" permission could also be useful to check whether or not the node is synced or not.

If this is an actual issue I'm happy to make a PR to fix this. Or should i rather try to make my own custom macaroons to address this?

[wpaulino]

Custom macaroons are something we definitely plan to include at some point, there are just other higher priority items at the moment. @guggero has done some work on this in #1160.

Also, FWIW, GetTransactions and SubscribeTransactions are RPCs for on-chain transactions. If you're interested in seeing off-chain payments received (invoices paid to you), see ListInvoices and SubscribeInvoices.

[ottosuess]

I know I can create and check off-chain payments with the macaroon.

But I can also call newAddress to create a new address for on-chain payments. And with on-chain payments I can not verify if I actually received a payment.

This inconsistency is why I opened the issue.

[wpaulino]

Ah I see that you mean now. Yes, this should definitely be addressed.

[ottosuess]

ok, cool. and what do you think about the invoice macaroon being able to access the getinfo call?
otherwise it's not very useful, because we can't even check if the node is synced to chain.

it could be made a superset of the readonly macaroon. so it can read everything and in addition create addresses and invoices.

[wpaulino]

it could be made a superset of the readonly macaroon. so it can read everything and in addition create addresses and invoices.

In that case, why not just hand over both the readonly and invoice macaroons? Would prefer to not bloat the default macaroons with unnecessary permissions.