session: assert account exists before linking a session to it

In this commit, we more tightly & explicitly link a session to an
account. At a persitance layer, we have always only linked a session to
an account by encoding the AccountID within the macaroon caveat that we
store with the session. We still keep this persistence the same but now
we first ensure that the account exists and we also add an AccountID
field to the Session struct.

Author: ellemouton

session/interface.go

@@ -6,7 +6,9 @@ import (
 
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightninglabs/lightning-node-connect/mailbox"
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightninglabs/lightning-terminal/macaroons"
+	"github.com/lightningnetwork/lnd/fn"
 	"gopkg.in/macaroon-bakery.v2/bakery"
 	"gopkg.in/macaroon.v2"
 )
@@ -116,14 +118,18 @@ type Session struct {
 	// group of sessions. If this is the very first session in the group
 	// then this will be the same as ID.
 	GroupID ID
+
+	// AccountID is an optional account that the session has been linked to.
+	AccountID fn.Option[accounts.AccountID]
 }
 
 // buildSession creates a new session with the given user-defined parameters.
 func buildSession(id ID, localPrivKey *btcec.PrivateKey, label string, typ Type,
 	created, expiry time.Time, serverAddr string, devServer bool,
 	perms []bakery.Op, caveats []macaroon.Caveat,
 	featureConfig FeaturesConfig, privacy bool, linkedGroupID *ID,
-	flags PrivacyFlags) (*Session, error) {
+	flags PrivacyFlags, account fn.Option[accounts.AccountID]) (*Session,
+	error) {
 
 	_, pairingSecret, err := mailbox.NewPassphraseEntropy()
 	if err != nil {
@@ -158,6 +164,7 @@ func buildSession(id ID, localPrivKey *btcec.PrivateKey, label string, typ Type,
 		WithPrivacyMapper: privacy,
 		PrivacyFlags:      flags,
 		GroupID:           groupID,
+		AccountID:         account,
 	}
 
 	if perms != nil || caveats != nil {
@@ -193,7 +200,8 @@ type Store interface {
 	NewSession(label string, typ Type, expiry time.Time, serverAddr string,
 		devServer bool, perms []bakery.Op, caveats []macaroon.Caveat,
 		featureConfig FeaturesConfig, privacy bool, linkedGroupID *ID,
-		flags PrivacyFlags) (*Session, error)
+		flags PrivacyFlags,
+		account fn.Option[accounts.AccountID]) (*Session, error)
 
 	// GetSession fetches the session with the given key.
 	GetSession(key *btcec.PublicKey) (*Session, error)

session/kvdb_store.go

@@ -2,6 +2,7 @@ package session
 
 import (
 	"bytes"
+	"context"
 	"encoding/binary"
 	"errors"
 	"fmt"
@@ -13,6 +14,7 @@ import (
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightningnetwork/lnd/clock"
+	"github.com/lightningnetwork/lnd/fn"
 	"go.etcd.io/bbolt"
 	"gopkg.in/macaroon-bakery.v2/bakery"
 	"gopkg.in/macaroon.v2"
@@ -196,7 +198,10 @@ func getSessionKey(session *Session) []byte {
 func (db *BoltStore) NewSession(label string, typ Type, expiry time.Time,
 	serverAddr string, devServer bool, perms []bakery.Op,
 	caveats []macaroon.Caveat, featureConfig FeaturesConfig, privacy bool,
-	linkedGroupID *ID, flags PrivacyFlags) (*Session, error) {
+	linkedGroupID *ID, flags PrivacyFlags,
+	account fn.Option[accounts.AccountID]) (*Session, error) {
+
+	ctx := context.TODO()
 
 	var session *Session
 	err := db.Update(func(tx *bbolt.Tx) error {
@@ -213,14 +218,24 @@ func (db *BoltStore) NewSession(label string, typ Type, expiry time.Time,
 		session, err = buildSession(
 			id, localPrivKey, label, typ, db.clock.Now(), expiry,
 			serverAddr, devServer, perms, caveats, featureConfig,
-			privacy, linkedGroupID, flags,
+			privacy, linkedGroupID, flags, account,
 		)
 		if err != nil {
 			return err
 		}
 
 		sessionKey := getSessionKey(session)
 
+		// If an account is being linked, we first need to check that
+		// it exists.
+		account.WhenSome(func(account accounts.AccountID) {
+			session.AccountID = fn.Some(account)
+			_, err = db.accounts.Account(ctx, account)
+		})
+		if err != nil {
+			return err
+		}
+
 		if len(sessionBucket.Get(sessionKey)) != 0 {
 			return fmt.Errorf("session with local public key(%x) "+
 				"already exists",

session/store_test.go

@@ -1,12 +1,19 @@
 package session
 
 import (
+	"context"
+	"fmt"
 	"testing"
 	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightningnetwork/lnd/clock"
+	"github.com/lightningnetwork/lnd/fn"
+	"github.com/lightningnetwork/lnd/macaroons"
 	"github.com/stretchr/testify/require"
+	"gopkg.in/macaroon-bakery.v2/bakery/checkers"
+	"gopkg.in/macaroon.v2"
 )
 
 var testTime = time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)
@@ -324,9 +331,49 @@ func TestStateShift(t *testing.T) {
 	require.ErrorContains(t, err, "illegal session state transition")
 }
 
+// TestLinkedAccount tests that linking a session to an account works as
+// expected.
+func TestLinkedAccount(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+	clock := clock.NewTestClock(testTime)
+
+	accts := accounts.NewTestDB(t, clock)
+	db := NewTestDBWithAccounts(t, clock, accts)
+
+	// Reserve a session. Link it to an account that does not yet exist.
+	// This should fail.
+	acctID := accounts.AccountID{1, 2, 3, 4}
+	_, err := reserveSession(db, "session 1", withAccount(acctID))
+	require.ErrorIs(t, err, accounts.ErrAccNotFound)
+
+	// Now, add a new account
+	acct, err := accts.NewAccount(ctx, 1234, clock.Now().Add(time.Hour), "")
+	require.NoError(t, err)
+
+	// Reserve a session. Link it to the account that was just created.
+	// This should succeed.
+
+	s1, err := reserveSession(db, "session 1", withAccount(acct.ID))
+	require.NoError(t, err)
+	require.True(t, s1.AccountID.IsSome())
+	s1.AccountID.WhenSome(func(id accounts.AccountID) {
+		require.Equal(t, acct.ID, id)
+	})
+
+	// Make sure that a fetched session includes the account ID.
+	s1, err = db.GetSessionByID(s1.ID)
+	require.NoError(t, err)
+	require.True(t, s1.AccountID.IsSome())
+	s1.AccountID.WhenSome(func(id accounts.AccountID) {
+		require.Equal(t, acct.ID, id)
+	})
+}
+
 type testSessionOpts struct {
 	groupID  *ID
 	sessType Type
+	account  fn.Option[accounts.AccountID]
 }
 
 func defaultTestSessOpts() *testSessionOpts {
@@ -352,6 +399,12 @@ func withType(t Type) testSessionModifier {
 	}
 }
 
+func withAccount(alias accounts.AccountID) testSessionModifier {
+	return func(s *testSessionOpts) {
+		s.account = fn.Some(alias)
+	}
+}
+
 func reserveSession(db Store, label string,
 	mods ...testSessionModifier) (*Session, error) {
 
@@ -360,10 +413,25 @@ func reserveSession(db Store, label string,
 		mod(opts)
 	}
 
-	return db.NewSession(label, opts.sessType,
+	var caveats []macaroon.Caveat
+	opts.account.WhenSome(func(id accounts.AccountID) {
+		// For now, we manually add the account caveat for bbolt
+		// compatibility.
+		accountCaveat := checkers.Condition(
+			macaroons.CondLndCustom,
+			fmt.Sprintf("%s %x", accounts.CondAccount, id[:]),
+		)
+
+		caveats = append(caveats, macaroon.Caveat{
+			Id: []byte(accountCaveat),
+		})
+	})
+
+	return db.NewSession(
+		label, opts.sessType,
 		time.Date(99999, 1, 1, 0, 0, 0, 0, time.UTC),
-		"foo.bar.baz:1234", true, nil, nil, nil, true, opts.groupID,
-		[]PrivacyFlag{ClearPubkeys},
+		"foo.bar.baz:1234", true, nil, caveats, nil, true, opts.groupID,
+		[]PrivacyFlag{ClearPubkeys}, opts.account,
 	)
 }
 

session/tlv.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightningnetwork/lnd/tlv"
 	"gopkg.in/macaroon-bakery.v2/bakery"
 	"gopkg.in/macaroon.v2"
@@ -278,6 +279,18 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 		session.GroupID = session.ID
 	}
 
+	// For any sessions stored in the BBolt store, a coupled account (if
+	// any) is linked implicitly via the macaroon recipe caveat. So we
+	// need to extract it from there.
+	if session.MacaroonRecipe != nil {
+		session.AccountID, err = accounts.IDFromCaveats(
+			session.MacaroonRecipe.Caveats,
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return session, nil
 }
 

session/tlv_test.go

@@ -6,6 +6,8 @@ import (
 	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/lightninglabs/lightning-terminal/accounts"
+	"github.com/lightningnetwork/lnd/fn"
 	"github.com/lightningnetwork/lnd/tlv"
 	"github.com/stretchr/testify/require"
 	"gopkg.in/macaroon-bakery.v2/bakery"
@@ -137,6 +139,7 @@ func TestSerializeDeserializeSession(t *testing.T) {
 				test.caveats, test.featureConfig, true,
 				test.linkedGroupID,
 				[]PrivacyFlag{ClearPubkeys},
+				fn.None[accounts.AccountID](),
 			)
 			require.NoError(t, err)
 
@@ -189,7 +192,7 @@ func TestGroupIDForOlderSessions(t *testing.T) {
 		time.Now(),
 		time.Date(99999, 1, 1, 0, 0, 0, 0, time.UTC),
 		"foo.bar.baz:1234", true, nil, nil, nil, false, nil,
-		PrivacyFlags{},
+		PrivacyFlags{}, fn.None[accounts.AccountID](),
 	)
 	require.NoError(t, err)
 
@@ -225,7 +228,7 @@ func TestGroupID(t *testing.T) {
 		time.Now(),
 		time.Date(99999, 1, 1, 0, 0, 0, 0, time.UTC),
 		"foo.bar.baz:1234", true, nil, nil, nil, false, nil,
-		PrivacyFlags{},
+		PrivacyFlags{}, fn.None[accounts.AccountID](),
 	)
 	require.NoError(t, err)
 
@@ -241,6 +244,7 @@ func TestGroupID(t *testing.T) {
 		time.Date(99999, 1, 1, 0, 0, 0, 0, time.UTC),
 		"foo.bar.baz:1234", true, nil, nil, nil, false,
 		&session1.GroupID, PrivacyFlags{},
+		fn.None[accounts.AccountID](),
 	)
 	require.NoError(t, err)
 

session_rpcserver.go

@@ -22,6 +22,7 @@ import (
 	"github.com/lightninglabs/lightning-terminal/perms"
 	"github.com/lightninglabs/lightning-terminal/rules"
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightningnetwork/lnd/fn"
 	"github.com/lightningnetwork/lnd/macaroons"
 	"google.golang.org/grpc"
 	"gopkg.in/macaroon-bakery.v2/bakery"
@@ -212,7 +213,10 @@ func (s *sessionRpcServer) AddSession(ctx context.Context,
 		permissions[entity][action] = struct{}{}
 	}
 
-	var caveats []macaroon.Caveat
+	var (
+		caveats   []macaroon.Caveat
+		accountID fn.Option[accounts.AccountID]
+	)
 	switch typ {
 	// For the default session types we use empty caveats and permissions,
 	// the macaroons are baked correctly when creating the session.
@@ -232,6 +236,7 @@ func (s *sessionRpcServer) AddSession(ctx context.Context,
 		caveats = append(caveats, macaroon.Caveat{
 			Id: []byte(cav),
 		})
+		accountID = fn.Some(*id)
 
 	// For the custom macaroon type, we use the custom permissions specified
 	// in the request. For the time being, the caveats list will be empty
@@ -311,7 +316,7 @@ func (s *sessionRpcServer) AddSession(ctx context.Context,
 	sess, err := s.cfg.db.NewSession(
 		req.Label, typ, expiry, req.MailboxServerAddr,
 		req.DevServer, uniquePermissions, caveats, nil, false, nil,
-		session.PrivacyFlags{},
+		session.PrivacyFlags{}, accountID,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error creating new session: %v", err)
@@ -1124,6 +1129,7 @@ func (s *sessionRpcServer) AddAutopilotSession(ctx context.Context,
 		req.Label, session.TypeAutopilot, expiry,
 		req.MailboxServerAddr, req.DevServer, perms, caveats,
 		clientConfig, privacy, linkedGroupID, privacyFlags,
+		fn.None[accounts.AccountID](),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error creating new session: %v", err)