gRPC Operator: Macaroon Authentication

[tiero]

although we plan to add an encrypted transport on the trader interface (BOTD#2), we need to secure the operator interface, so remote CLIs or GUIs could be built.

We could implement some gRPC interceptors with very basic user and password (or API Key bearer token) or more advanced solutions like macaroons.
https://pkg.go.dev/github.com/lightningnetwork/lnd/macaroons
https://github.com/lightningnetwork/lnd/blob/master/macaroons/README.md

A bit of history on this choice by lnd to use macaroons lightningnetwork/lnd#20

[tiero]

I'm more oriented in going with simple perRPC authentication like API KEY

[tiero]

A requirement we had is that we should not have a single "master" API key for doing everything, from critical stuff like managing wallet funds or withdrawing from market to basic stuff like updating the market price or getting fee report.

[tiero]

We decided to go with macaroons, since it seems to fit our requirements:

• Declare perRPC authentication based on hardcoded policies
• There are package already done either https://github.com/lightningnetwork/lnd/tree/master/macaroons or https://github.com/go-macaroon/macaroon

The flow is the following:

1. tdex-daemon starts and look into the datadir (maybe a specific folder). If no macaroons are in there, it will generate some from scratch using a root key. If the root key does not exist yet, 32 bytes of pseudo-random data is generated and used.
2. the operator will copy/backup the macaroons created and provisionto clients (webapp, CLI, lambdas)
3. There should be the following hardcoded policies: admin (can do everythig), price (shoudl only call the UpdateMarketPrice), market can only call the Market related RPCs like OpenMarket/CloseMarket/UpdateMarketStrategy and so on) and readonly (should only be able to access non-mutating calls and non critical, mostly used by analytics)