looprpc: authorize recovery restore calls

Grant the manual recovery RPC the auth-write and static-address loop-in
permissions it needs so loopd can restore local L402 material and
static-address state through the authenticated client connection.

Author: hieblmi

looprpc/client.pb.go

@@ -102,6 +102,12 @@ service SwapClient {
     */
     rpc FetchL402Token (FetchL402TokenRequest) returns (FetchL402TokenResponse);
 
+    /* loop: `recover`
+    Recover restores the local static-address and L402 state from an encrypted
+    local backup file.
+    */
+    rpc Recover (RecoverRequest) returns (RecoverResponse);
+
     /* loop: `getinfo`
     GetInfo gets basic information about the loop daemon.
     */
@@ -1060,6 +1066,48 @@ message FetchL402TokenRequest {
 message FetchL402TokenResponse {
 }
 
+message RecoverRequest {
+    /*
+    Optional path to the encrypted backup file. If omitted, loopd restores from
+    the most recent immutable L402 recovery backup in the active network data
+    directory.
+    */
+    string backup_file = 1;
+}
+
+message RecoverResponse {
+    /*
+    The backup file that was restored.
+    */
+    string backup_file = 1;
+
+    /*
+    Whether a paid L402 token was restored into the local token store.
+    */
+    bool restored_l402 = 2;
+
+    /*
+    Whether static-address state was restored into loopd and lnd.
+    */
+    bool restored_static_address = 3;
+
+    /*
+    The restored static address, if any.
+    */
+    string static_address = 4;
+
+    /*
+    The number of deposits found during best-effort reconciliation.
+    */
+    uint32 num_deposits_found = 5;
+
+    /*
+    Best-effort deposit reconciliation error text, if reconciliation failed
+    after state restore completed.
+    */
+    string deposit_reconciliation_error = 6;
+}
+
 message L402Token {
     /*
     The base macaroon that was baked by the auth server.

looprpc/client.pb.gw.go

@@ -868,6 +868,39 @@
         ]
       }
     },
+    "/v1/recover": {
+      "post": {
+        "summary": "loop: `recover`\nRecover restores the local static-address and L402 state from an encrypted\nlocal backup file.",
+        "operationId": "SwapClient_Recover",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/looprpcRecoverResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/looprpcRecoverRequest"
+            }
+          }
+        ],
+        "tags": [
+          "SwapClient"
+        ]
+      }
+    },
     "/v1/staticaddr": {
       "post": {
         "summary": "loop: `static newstaticaddress`\nNewStaticAddress requests a new static address for loop-ins from the server.",
@@ -2599,6 +2632,45 @@
       "type": "object",
       "description": "PublishSucceeded is returned by SweepHtlc if publishing was requested in\nSweepHtlcRequest and it succeeded."
     },
+    "looprpcRecoverRequest": {
+      "type": "object",
+      "properties": {
+        "backup_file": {
+          "type": "string",
+          "description": "Optional path to the encrypted backup file. If omitted, loopd restores from\nthe most recent immutable L402 recovery backup in the active network data\ndirectory."
+        }
+      }
+    },
+    "looprpcRecoverResponse": {
+      "type": "object",
+      "properties": {
+        "backup_file": {
+          "type": "string",
+          "description": "The backup file that was restored."
+        },
+        "restored_l402": {
+          "type": "boolean",
+          "description": "Whether a paid L402 token was restored into the local token store."
+        },
+        "restored_static_address": {
+          "type": "boolean",
+          "description": "Whether static-address state was restored into loopd and lnd."
+        },
+        "static_address": {
+          "type": "string",
+          "description": "The restored static address, if any."
+        },
+        "num_deposits_found": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The number of deposits found during best-effort reconciliation."
+        },
+        "deposit_reconciliation_error": {
+          "type": "string",
+          "description": "Best-effort deposit reconciliation error text, if reconciliation failed\nafter state restore completed."
+        }
+      }
+    },
     "looprpcRouteHint": {
       "type": "object",
       "properties": {

looprpc/client.proto

@@ -33,6 +33,9 @@ http:
       get: "/v1/l402/tokens"
       additional_bindings:
         - get: "/v1/lsat/tokens"
+    - selector: looprpc.SwapClient.Recover
+      post: "/v1/recover"
+      body: "*"
     - selector: looprpc.SwapClient.GetLiquidityParams
       get: "/v1/liquidity/params"
     - selector: looprpc.SwapClient.SetLiquidityParams

looprpc/client.swagger.json

@@ -151,6 +151,13 @@ var RequiredPermissions = map[string][]bakery.Op{
 		Entity: "auth",
 		Action: "write",
 	}},
+	"/looprpc.SwapClient/Recover": {{
+		Entity: "auth",
+		Action: "write",
+	}, {
+		Entity: "loop",
+		Action: "in",
+	}},
 	"/looprpc.SwapClient/SuggestSwaps": {{
 		Entity: "suggestions",
 		Action: "read",