firewalldb: add DB struct and Start/Stop methods

In this commit, we add a `DB` struct in the `firewalldb` package. This
struct will be responsible for housing abstract implementations of the
various stores in the `firewalldb`. For now, we start with just the
RulesDB. We also add Start&Stop methods for the struct in preparation
for future additions here - for now, these do nothing.

In the main LiT setup, we move the firewall.BoltDB and the new
firewalldb.DB to the `stores` struct and implement them in the two
`config_` files. For now, both varients create the Bbolt version of the
firewallDB and this is used to init the `firewalldb.DB` struct. This
will be changed in future commits where we will add a sql
implementation.

Author: ellemouton

config_dev.go

@@ -3,10 +3,12 @@
 package terminal
 
 import (
+	"fmt"
 	"path/filepath"
 
 	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightninglabs/lightning-terminal/db"
+	"github.com/lightninglabs/lightning-terminal/firewalldb"
 	"github.com/lightninglabs/lightning-terminal/session"
 	"github.com/lightningnetwork/lnd/clock"
 )
@@ -87,7 +89,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 		networkDir = filepath.Join(cfg.LitDir, cfg.Network)
 		acctStore  accounts.Store
 		sessStore  session.Store
-		closeFn    func() error
+		closeFn    []func() error
 	)
 
 	switch cfg.DatabaseBackend {
@@ -106,7 +108,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 
 		acctStore = accounts.NewSQLStore(sqlStore.BaseDB, clock)
 		sessStore = session.NewSQLStore(sqlStore.BaseDB, clock)
-		closeFn = sqlStore.BaseDB.Close
+		closeFn = append(closeFn, sqlStore.BaseDB.Close)
 
 	case DatabaseBackendPostgres:
 		sqlStore, err := db.NewPostgresStore(cfg.Postgres)
@@ -116,7 +118,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 
 		acctStore = accounts.NewSQLStore(sqlStore.BaseDB, clock)
 		sessStore = session.NewSQLStore(sqlStore.BaseDB, clock)
-		closeFn = sqlStore.BaseDB.Close
+		closeFn = append(closeFn, sqlStore.BaseDB.Close)
 
 	default:
 		accountStore, err := accounts.NewBoltStore(
@@ -136,7 +138,7 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 
 		acctStore = accountStore
 		sessStore = sessionStore
-		closeFn = func() error {
+		closeFn = append(closeFn, func() error {
 			var returnErr error
 			err = accountStore.Close()
 			if err != nil {
@@ -149,12 +151,33 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 			}
 
 			return returnErr
-		}
+		})
 	}
 
+	firewallBoltDB, err := firewalldb.NewBoltDB(
+		networkDir, firewalldb.DBFilename, sessStore,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("error creating firewall BoltDB: %v",
+			err)
+	}
+	closeFn = append(closeFn, firewallBoltDB.Close)
+
 	return &stores{
-		accounts: acctStore,
-		sessions: sessStore,
-		close:    closeFn,
+		accounts:     acctStore,
+		sessions:     sessStore,
+		firewall:     firewalldb.NewDB(firewallBoltDB),
+		firewallBolt: firewallBoltDB,
+		close: func() error {
+			var returnErr error
+			for _, fn := range closeFn {
+				err := fn()
+				if err != nil {
+					returnErr = err
+				}
+			}
+
+			return returnErr
+		},
 	}, nil
 }

config_prod.go

@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 
 	"github.com/lightninglabs/lightning-terminal/accounts"
+	"github.com/lightninglabs/lightning-terminal/firewalldb"
 	"github.com/lightninglabs/lightning-terminal/session"
 	"github.com/lightningnetwork/lnd/clock"
 )
@@ -46,9 +47,18 @@ func NewStores(cfg *Config, clock clock.Clock) (*stores, error) {
 			err)
 	}
 
+	firewallDB, err := firewalldb.NewBoltDB(
+		networkDir, firewalldb.DBFilename, sessStore,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("error creating firewall DB: %v", err)
+	}
+
 	return &stores{
-		accounts: acctStore,
-		sessions: sessStore,
+		accounts:     acctStore,
+		sessions:     sessStore,
+		firewallBolt: firewallDB,
+		firewall:     firewalldb.NewDB(firewallDB),
 		close: func() error {
 			var returnErr error
 			if err := acctStore.Close(); err != nil {

firewalldb/db.go

@@ -1,11 +1,54 @@
 package firewalldb
 
 import (
+	"context"
 	"fmt"
+	"sync/atomic"
+
+	"github.com/lightningnetwork/lnd/fn"
 )
 
 var (
 	// ErrNoSuchKeyFound is returned when there is no key-value pair found
 	// for the given key.
 	ErrNoSuchKeyFound = fmt.Errorf("no such key found")
 )
+
+// DB manages the firewall rules database.
+type DB struct {
+	started atomic.Bool
+	stopped atomic.Bool
+
+	RulesDB
+
+	cancel fn.Option[context.CancelFunc]
+}
+
+// NewDB creates a new firewall database. For now, it only contains the
+// underlying rules' database.
+func NewDB(kvdb RulesDB) *DB {
+	return &DB{
+		RulesDB: kvdb,
+	}
+}
+
+// Start starts the firewall database.
+func (db *DB) Start(ctx context.Context) error {
+	if !db.started.CompareAndSwap(false, true) {
+		return nil
+	}
+
+	ctx, cancel := context.WithCancel(ctx)
+	db.cancel = fn.Some(cancel)
+
+	return nil
+}
+
+// Stop stops the firewall database operations.
+func (db *DB) Stop() error {
+	if !db.started.CompareAndSwap(false, true) {
+		return nil
+	}
+
+	return nil
+}

firewalldb/kvstores.go

@@ -100,6 +100,8 @@ type KVStore interface {
 
 // RulesDB can be used to initialise a new rules.KVStores.
 type RulesDB interface {
+	// GetKVStores constructs a new rules.KVStores in a namespace defined
+	// by the rule name, group ID and feature name.
 	GetKVStores(rule string, groupID session.ID, feature string) KVStores
 }
 

terminal.go

@@ -223,8 +223,6 @@ type LightningTerminal struct {
 
 	stores *stores
 
-	firewallDB *firewalldb.BoltDB
-
 	restHandler http.Handler
 	restCancel  func()
 }
@@ -241,6 +239,9 @@ type stores struct {
 	accounts accounts.Store
 	sessions session.Store
 
+	firewall     *firewalldb.DB
+	firewallBolt *firewalldb.BoltDB
+
 	// close is a callback that can be used to close all the stores in the
 	// stores struct.
 	close func() error
@@ -436,6 +437,10 @@ func (g *LightningTerminal) start(ctx context.Context) error {
 		return fmt.Errorf("could not create stores: %v", err)
 	}
 
+	if err := g.stores.firewall.Start(ctx); err != nil {
+		return fmt.Errorf("could not start firewall DB: %v", err)
+	}
+
 	g.accountService, err = accounts.NewService(
 		g.stores.accounts, accountServiceErrCallback,
 	)
@@ -457,13 +462,6 @@ func (g *LightningTerminal) start(ctx context.Context) error {
 
 	g.ruleMgrs = rules.NewRuleManagerSet()
 
-	g.firewallDB, err = firewalldb.NewBoltDB(
-		networkDir, firewalldb.DBFilename, g.stores.sessions,
-	)
-	if err != nil {
-		return fmt.Errorf("error creating firewall DB: %v", err)
-	}
-
 	if !g.cfg.Autopilot.Disable {
 		if g.cfg.Autopilot.Address == "" &&
 			len(g.cfg.Autopilot.DialOpts) == 0 {
@@ -517,10 +515,10 @@ func (g *LightningTerminal) start(ctx context.Context) error {
 		superMacBaker:           superMacBaker,
 		firstConnectionDeadline: g.cfg.FirstLNCConnDeadline,
 		permMgr:                 g.permsMgr,
-		actionsDB:               g.firewallDB,
+		actionsDB:               g.stores.firewallBolt,
 		autopilot:               g.autopilotClient,
 		ruleMgrs:                g.ruleMgrs,
-		privMap:                 g.firewallDB.PrivacyDB,
+		privMap:                 g.stores.firewallBolt.PrivacyDB,
 	})
 	if err != nil {
 		return fmt.Errorf("could not create new session rpc "+
@@ -1079,14 +1077,14 @@ func (g *LightningTerminal) startInternalSubServers(ctx context.Context,
 	}
 
 	requestLogger, err := firewall.NewRequestLogger(
-		g.cfg.Firewall.RequestLogger, g.firewallDB,
+		g.cfg.Firewall.RequestLogger, g.stores.firewallBolt,
 	)
 	if err != nil {
 		return fmt.Errorf("error creating new request logger")
 	}
 
 	privacyMapper := firewall.NewPrivacyMapper(
-		g.firewallDB.PrivacyDB, firewall.CryptoRandIntn,
+		g.stores.firewallBolt.PrivacyDB, firewall.CryptoRandIntn,
 		g.stores.sessions,
 	)
 
@@ -1098,7 +1096,8 @@ func (g *LightningTerminal) startInternalSubServers(ctx context.Context,
 
 	if !g.cfg.Autopilot.Disable {
 		ruleEnforcer := firewall.NewRuleEnforcer(
-			g.firewallDB, g.firewallDB, g.stores.sessions,
+			g.stores.firewall, g.stores.firewallBolt,
+			g.stores.sessions,
 			g.autopilotClient.ListFeaturePerms,
 			g.permsMgr, g.lndClient.NodePubkey,
 			g.lndClient.Router,
@@ -1108,7 +1107,7 @@ func (g *LightningTerminal) startInternalSubServers(ctx context.Context,
 					reqID, firewalldb.ActionStateError,
 					reason,
 				)
-			}, g.firewallDB.PrivacyDB,
+			}, g.stores.firewallBolt.PrivacyDB,
 		)
 
 		mw = append(mw, ruleEnforcer)
@@ -1443,13 +1442,6 @@ func (g *LightningTerminal) shutdownSubServers() error {
 		g.middleware.Stop()
 	}
 
-	if g.firewallDB != nil {
-		if err := g.firewallDB.Close(); err != nil {
-			log.Errorf("Error closing rules DB: %v", err)
-			returnErr = err
-		}
-	}
-
 	if g.ruleMgrs != nil {
 		if err := g.ruleMgrs.Stop(); err != nil {
 			log.Errorf("Error stopping rule manager set: %v", err)
@@ -1458,6 +1450,11 @@ func (g *LightningTerminal) shutdownSubServers() error {
 	}
 
 	if g.stores != nil {
+		if err := g.stores.firewall.Stop(); err != nil {
+			log.Errorf("Error stoppint firewall DB: %v", err)
+			returnErr = err
+		}
+
 		err = g.stores.close()
 		if err != nil {
 			log.Errorf("Error closing stores: %v", err)