session: assert account exists before linking a session to it

In this commit, we more tightly & explicitly link a session to an
account. At a persitance layer, we have always only linked a session to
an account by encoding the AccountID within the macaroon caveat that we
store with the session. We still keep this persistence the same but now
we first ensure that the account exists and we also add an AccountID
field to the Session struct.

Author: ellemouton

session/interface.go

@@ -6,7 +6,9 @@ import (
 
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightninglabs/lightning-node-connect/mailbox"
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightninglabs/lightning-terminal/macaroons"
+	"github.com/lightningnetwork/lnd/fn"
 	"gopkg.in/macaroon-bakery.v2/bakery"
 	"gopkg.in/macaroon.v2"
 )
@@ -116,6 +118,9 @@ type Session struct {
 	// group of sessions. If this is the very first session in the group
 	// then this will be the same as ID.
 	GroupID ID
+
+	// AccountID is an optional account that the session has been linked to.
+	AccountID fn.Option[accounts.AccountID]
 }
 
 // buildSession creates a new session with the given user-defined parameters.
@@ -162,6 +167,7 @@ func buildSession(id ID, localPrivKey *btcec.PrivateKey, label string, typ Type,
 		PrivacyFlags:      opts.privacyFlags,
 		GroupID:           groupID,
 		MacaroonRecipe:    opts.macaroonRecipe,
+		AccountID:         opts.accountID,
 	}
 
 	if len(opts.featureConfig) != 0 {
@@ -195,6 +201,9 @@ type sessionOptions struct {
 	// macaroonRecipe holds the permissions and caveats that should be used
 	// to bake the macaroon to be used with this session.
 	macaroonRecipe *MacaroonRecipe
+
+	// accountID is an optional account that the session has been linked to.
+	accountID fn.Option[accounts.AccountID]
 }
 
 // defaultSessionOptions returns a new sessionOptions struct with default
@@ -257,6 +266,13 @@ func WithMacaroonRecipe(caveats []macaroon.Caveat, perms []bakery.Op) Option {
 	}
 }
 
+// WithAccount can be used to link the session to an account.
+func WithAccount(id accounts.AccountID) Option {
+	return func(o *sessionOptions) {
+		o.accountID = fn.Some(id)
+	}
+}
+
 // IDToGroupIndex defines an interface for the session ID to group ID index.
 type IDToGroupIndex interface {
 	// GetGroupID will return the group ID for the given session ID.

session/kvdb_store.go

@@ -2,6 +2,7 @@ package session
 
 import (
 	"bytes"
+	"context"
 	"encoding/binary"
 	"errors"
 	"fmt"
@@ -13,6 +14,7 @@ import (
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightningnetwork/lnd/clock"
+	"github.com/lightningnetwork/lnd/fn"
 	"go.etcd.io/bbolt"
 )
 
@@ -194,6 +196,8 @@ func getSessionKey(session *Session) []byte {
 func (db *BoltStore) NewSession(label string, typ Type, expiry time.Time,
 	serverAddr string, opts ...Option) (*Session, error) {
 
+	ctx := context.TODO()
+
 	var session *Session
 	err := db.Update(func(tx *bbolt.Tx) error {
 		sessionBucket, err := getBucket(tx, sessionBucketKey)
@@ -216,6 +220,16 @@ func (db *BoltStore) NewSession(label string, typ Type, expiry time.Time,
 
 		sessionKey := getSessionKey(session)
 
+		// If an account is being linked, we first need to check that
+		// it exists.
+		session.AccountID.WhenSome(func(account accounts.AccountID) {
+			session.AccountID = fn.Some(account)
+			_, err = db.accounts.Account(ctx, account)
+		})
+		if err != nil {
+			return err
+		}
+
 		if len(sessionBucket.Get(sessionKey)) != 0 {
 			return fmt.Errorf("session with local public key(%x) "+
 				"already exists",

session/store_test.go

@@ -1,12 +1,19 @@
 package session
 
 import (
+	"context"
+	"fmt"
 	"testing"
 	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightningnetwork/lnd/clock"
+	"github.com/lightningnetwork/lnd/fn"
+	"github.com/lightningnetwork/lnd/macaroons"
 	"github.com/stretchr/testify/require"
+	"gopkg.in/macaroon-bakery.v2/bakery/checkers"
+	"gopkg.in/macaroon.v2"
 )
 
 var testTime = time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)
@@ -324,9 +331,49 @@ func TestStateShift(t *testing.T) {
 	require.ErrorContains(t, err, "illegal session state transition")
 }
 
+// TestLinkedAccount tests that linking a session to an account works as
+// expected.
+func TestLinkedAccount(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+	clock := clock.NewTestClock(testTime)
+
+	accts := accounts.NewTestDB(t, clock)
+	db := NewTestDBWithAccounts(t, clock, accts)
+
+	// Reserve a session. Link it to an account that does not yet exist.
+	// This should fail.
+	acctID := accounts.AccountID{1, 2, 3, 4}
+	_, err := reserveSession(db, "session 1", withAccount(acctID))
+	require.ErrorIs(t, err, accounts.ErrAccNotFound)
+
+	// Now, add a new account
+	acct, err := accts.NewAccount(ctx, 1234, clock.Now().Add(time.Hour), "")
+	require.NoError(t, err)
+
+	// Reserve a session. Link it to the account that was just created.
+	// This should succeed.
+
+	s1, err := reserveSession(db, "session 1", withAccount(acct.ID))
+	require.NoError(t, err)
+	require.True(t, s1.AccountID.IsSome())
+	s1.AccountID.WhenSome(func(id accounts.AccountID) {
+		require.Equal(t, acct.ID, id)
+	})
+
+	// Make sure that a fetched session includes the account ID.
+	s1, err = db.GetSessionByID(s1.ID)
+	require.NoError(t, err)
+	require.True(t, s1.AccountID.IsSome())
+	s1.AccountID.WhenSome(func(id accounts.AccountID) {
+		require.Equal(t, acct.ID, id)
+	})
+}
+
 type testSessionOpts struct {
 	groupID  *ID
 	sessType Type
+	account  fn.Option[accounts.AccountID]
 }
 
 func defaultTestSessOpts() *testSessionOpts {
@@ -352,6 +399,12 @@ func withType(t Type) testSessionModifier {
 	}
 }
 
+func withAccount(alias accounts.AccountID) testSessionModifier {
+	return func(s *testSessionOpts) {
+		s.account = fn.Some(alias)
+	}
+}
+
 func reserveSession(db Store, label string,
 	mods ...testSessionModifier) (*Session, error) {
 
@@ -360,12 +413,36 @@ func reserveSession(db Store, label string,
 		mod(opts)
 	}
 
-	return db.NewSession(label, opts.sessType,
-		time.Date(99999, 1, 1, 0, 0, 0, 0, time.UTC),
-		"foo.bar.baz:1234",
+	options := []Option{
 		WithDevServer(),
 		WithPrivacy(PrivacyFlags{ClearPubkeys}),
 		WithLinkedGroupID(opts.groupID),
+	}
+
+	var caveats []macaroon.Caveat
+	opts.account.WhenSome(func(id accounts.AccountID) {
+		// For now, we manually add the account caveat for bbolt
+		// compatibility.
+		accountCaveat := checkers.Condition(
+			macaroons.CondLndCustom,
+			fmt.Sprintf("%s %x", accounts.CondAccount, id[:]),
+		)
+
+		caveats = append(caveats, macaroon.Caveat{
+			Id: []byte(accountCaveat),
+		})
+
+		options = append(
+			options,
+			WithAccount(id),
+			WithMacaroonRecipe(caveats, nil),
+		)
+	})
+
+	return db.NewSession(
+		label, opts.sessType,
+		time.Date(99999, 1, 1, 0, 0, 0, 0, time.UTC),
+		"foo.bar.baz:1234", options...,
 	)
 }
 

session/tlv.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightningnetwork/lnd/tlv"
 	"gopkg.in/macaroon-bakery.v2/bakery"
 	"gopkg.in/macaroon.v2"
@@ -278,6 +279,18 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 		session.GroupID = session.ID
 	}
 
+	// For any sessions stored in the BBolt store, a coupled account (if
+	// any) is linked implicitly via the macaroon recipe caveat. So we
+	// need to extract it from there.
+	if session.MacaroonRecipe != nil {
+		session.AccountID, err = accounts.IDFromCaveats(
+			session.MacaroonRecipe.Caveats,
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return session, nil
 }
 

session_rpcserver.go

@@ -22,6 +22,7 @@ import (
 	"github.com/lightninglabs/lightning-terminal/perms"
 	"github.com/lightninglabs/lightning-terminal/rules"
 	"github.com/lightninglabs/lightning-terminal/session"
+	"github.com/lightningnetwork/lnd/fn"
 	"github.com/lightningnetwork/lnd/macaroons"
 	"google.golang.org/grpc"
 	"gopkg.in/macaroon-bakery.v2/bakery"
@@ -212,7 +213,10 @@ func (s *sessionRpcServer) AddSession(ctx context.Context,
 		permissions[entity][action] = struct{}{}
 	}
 
-	var caveats []macaroon.Caveat
+	var (
+		caveats   []macaroon.Caveat
+		accountID fn.Option[accounts.AccountID]
+	)
 	switch typ {
 	// For the default session types we use empty caveats and permissions,
 	// the macaroons are baked correctly when creating the session.
@@ -232,6 +236,7 @@ func (s *sessionRpcServer) AddSession(ctx context.Context,
 		caveats = append(caveats, macaroon.Caveat{
 			Id: []byte(cav),
 		})
+		accountID = fn.Some(*id)
 
 	// For the custom macaroon type, we use the custom permissions specified
 	// in the request. For the time being, the caveats list will be empty
@@ -316,6 +321,10 @@ func (s *sessionRpcServer) AddSession(ctx context.Context,
 		sessOpts = append(sessOpts, session.WithDevServer())
 	}
 
+	accountID.WhenSome(func(id accounts.AccountID) {
+		sessOpts = append(sessOpts, session.WithAccount(id))
+	})
+
 	sess, err := s.cfg.db.NewSession(
 		req.Label, typ, expiry, req.MailboxServerAddr, sessOpts...,
 	)