[sql-37] firewalldb: more preparations for SQL actions store

config_dev.go

@@ -108,7 +108,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 
 		acctStore := accounts.NewSQLStore(sqlStore.BaseDB, clock)
 		sessStore := session.NewSQLStore(sqlStore.BaseDB, clock)
-		firewallStore := firewalldb.NewSQLDB(sqlStore.BaseDB)
+		firewallStore := firewalldb.NewSQLDB(sqlStore.BaseDB, clock)
 
 		stores.accounts = acctStore
 		stores.sessions = sessStore
@@ -123,7 +123,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 
 		acctStore := accounts.NewSQLStore(sqlStore.BaseDB, clock)
 		sessStore := session.NewSQLStore(sqlStore.BaseDB, clock)
-		firewallStore := firewalldb.NewSQLDB(sqlStore.BaseDB)
+		firewallStore := firewalldb.NewSQLDB(sqlStore.BaseDB, clock)
 
 		stores.accounts = acctStore
 		stores.sessions = sessStore
@@ -154,7 +154,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 	}
 
 	firewallBoltDB, err := firewalldb.NewBoltDB(
-		networkDir, firewalldb.DBFilename, stores.sessions,
+		networkDir, firewalldb.DBFilename, stores.sessions, clock,
 	)
 	if err != nil {
 		return stores, fmt.Errorf("error creating firewall BoltDB: %v",

config_prod.go

@@ -56,7 +56,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 	stores.closeFns["sessions"] = sessStore.Close
 
 	firewallDB, err := firewalldb.NewBoltDB(
-		networkDir, firewalldb.DBFilename, sessStore,
+		networkDir, firewalldb.DBFilename, sessStore, clock,
 	)
 	if err != nil {
 		return stores, fmt.Errorf("error creating firewall DB: %v", err)

firewall/request_logger.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/lightninglabs/lightning-terminal/firewalldb"
 	mid "github.com/lightninglabs/lightning-terminal/rpcmiddleware"
@@ -183,21 +182,20 @@ func (r *RequestLogger) addNewAction(ctx context.Context, ri *RequestInfo,
 	withPayloadData bool) error {
 
 	// If no macaroon is provided, then an empty 4-byte array is used as the
-	// session ID. Otherwise, the macaroon is used to derive a session ID.
-	var sessionID [4]byte
+	// macaroon ID. Otherwise, the last 4 bytes of the macaroon's root key
+	// ID are used.
+	var macaroonID [4]byte
 	if ri.Macaroon != nil {
 		var err error
-		sessionID, err = session.IDFromMacaroon(ri.Macaroon)
+		macaroonID, err = session.IDFromMacaroon(ri.Macaroon)
 		if err != nil {
 			return fmt.Errorf("could not extract ID from macaroon")
 		}
 	}
 
-	action := &firewalldb.Action{
-		SessionID:   sessionID,
-		RPCMethod:   ri.URI,
-		AttemptedAt: time.Now(),
-		State:       firewalldb.ActionStateInit,
+	actionReq := &firewalldb.AddActionReq{
+		MacaroonIdentifier: macaroonID,
+		RPCMethod:          ri.URI,
 	}
 
 	if withPayloadData {
@@ -211,19 +209,19 @@ func (r *RequestLogger) addNewAction(ctx context.Context, ri *RequestInfo,
 			return fmt.Errorf("unable to decode response: %v", err)
 		}
 
-		action.RPCParamsJson = jsonBytes
+		actionReq.RPCParamsJson = jsonBytes
 
 		meta := ri.MetaInfo
 		if meta != nil {
-			action.ActorName = meta.ActorName
-			action.FeatureName = meta.Feature
-			action.Trigger = meta.Trigger
-			action.Intent = meta.Intent
-			action.StructuredJsonData = meta.StructuredJsonData
+			actionReq.ActorName = meta.ActorName
+			actionReq.FeatureName = meta.Feature
+			actionReq.Trigger = meta.Trigger
+			actionReq.Intent = meta.Intent
+			actionReq.StructuredJsonData = meta.StructuredJsonData
 		}
 	}
 
-	locator, err := r.actionsDB.AddAction(ctx, action)
+	locator, err := r.actionsDB.AddAction(ctx, actionReq)
 	if err != nil {
 		return err
 	}

firewalldb/actions.go

@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightningnetwork/lnd/fn"
 )
 
 // ActionState represents the state of an action.
@@ -28,12 +29,21 @@ const (
 	ActionStateError ActionState = 3
 )
 
-// Action represents an RPC call made through the firewall.
-type Action struct {
-	// SessionID is the ID of the session that this action belongs to.
-	// Note that this is not serialized on persistence since the action is
-	// already stored under a bucket identified by the session ID.
-	SessionID session.ID
+// AddActionReq is the request that is used to add a new Action to the database.
+// It contains all the information that is needed to create a new Action in the
+// ActionStateInit State.
+type AddActionReq struct {
+	// MacaroonIdentifier is a 4 byte identifier created from the last 4
+	// bytes of the root key ID of the macaroon used to perform the action.
+	MacaroonIdentifier [4]byte
+
+	// SessionID holds the optional session ID of the session that this
+	// action was performed with.
+	//
+	// NOTE: for our BoltDB impl, this is not persisted in any way, and we
+	// populate it by casting the macaroon ID to a session.ID and so is not
+	// guaranteed to be linked to an existing session.
+	SessionID fn.Option[session.ID]
 
 	// ActorName is the name of the entity who performed the Action.
 	ActorName string
@@ -59,6 +69,11 @@ type Action struct {
 
 	// RPCParams is the method parameters of the request in JSON form.
 	RPCParamsJson []byte
+}
+
+// Action represents an RPC call made through the firewall.
+type Action struct {
+	AddActionReq
 
 	// AttemptedAt is the time at which this action was created.
 	AttemptedAt time.Time
@@ -181,7 +196,7 @@ func WithActionState(state ActionState) ListActionOption {
 // ActionsWriteDB is an abstraction over the Actions DB that will allow a
 // caller to add new actions as well as change the values of an existing action.
 type ActionsWriteDB interface {
-	AddAction(ctx context.Context, action *Action) (ActionLocator, error)
+	AddAction(ctx context.Context, req *AddActionReq) (ActionLocator, error)
 	SetActionState(ctx context.Context, al ActionLocator,
 		state ActionState, errReason string) error
 }

firewalldb/actions_kvdb.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightningnetwork/lnd/fn"
 	"github.com/lightningnetwork/lnd/tlv"
 	"go.etcd.io/bbolt"
 )
@@ -53,8 +54,14 @@ var (
 )
 
 // AddAction serialises and adds an Action to the DB under the given sessionID.
-func (db *BoltDB) AddAction(_ context.Context, action *Action) (ActionLocator,
-	error) {
+func (db *BoltDB) AddAction(_ context.Context,
+	req *AddActionReq) (ActionLocator, error) {
+
+	action := &Action{
+		AddActionReq: *req,
+		AttemptedAt:  db.clock.Now().UTC(),
+		State:        ActionStateInit,
+	}
 
 	var buf bytes.Buffer
 	if err := SerializeAction(&buf, action); err != nil {
@@ -74,7 +81,7 @@ func (db *BoltDB) AddAction(_ context.Context, action *Action) (ActionLocator,
 		}
 
 		sessBucket, err := actionsBucket.CreateBucketIfNotExists(
-			action.SessionID[:],
+			action.MacaroonIdentifier[:],
 		)
 		if err != nil {
 			return err
@@ -103,7 +110,7 @@ func (db *BoltDB) AddAction(_ context.Context, action *Action) (ActionLocator,
 		}
 
 		locator = kvdbActionLocator{
-			sessionID: action.SessionID,
+			sessionID: action.MacaroonIdentifier,
 			actionID:  nextActionIndex,
 		}
 
@@ -543,7 +550,8 @@ func DeserializeAction(r io.Reader, sessionID session.ID) (*Action, error) {
 		return nil, err
 	}
 
-	action.SessionID = sessionID
+	action.MacaroonIdentifier = sessionID
+	action.SessionID = fn.Some(sessionID)
 	action.ActorName = string(actor)
 	action.FeatureName = string(featureName)
 	action.Trigger = string(trigger)