Merge pull request #475 from ellemouton/storeRevokedAt

multi: add RevokedAt field to Session

Author: ellemouton

litrpc/lit-sessions.pb.go

@@ -92,6 +92,16 @@ message Session {
     MacaroonRecipe macaroon_recipe = 12;
 
     string account_id = 13;
+
+    /*
+    The unix timestamp indicating the time at which the session was revoked.
+    Note that this field has not been around since the beginning and so it
+    could be the case that a session has been revoked but that this field
+    will not have been set for that session. Therefore, it is suggested that
+    readers should not assume that if this field is zero that the session is
+    not revoked. Readers should instead first check the session_state field.
+    */
+    uint64 revoked_at = 14 [jstype = JS_STRING];
 }
 
 message MacaroonRecipe {

litrpc/lit-sessions.proto

@@ -47,6 +47,7 @@ type Session struct {
 	Type            Type
 	Expiry          time.Time
 	CreatedAt       time.Time
+	RevokedAt       time.Time
 	ServerAddr      string
 	DevServer       bool
 	MacaroonRootKey uint64

session/interface.go

@@ -3,6 +3,7 @@ package session
 import (
 	"bytes"
 	"errors"
+	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
 	"go.etcd.io/bbolt"
@@ -100,5 +101,7 @@ func (db *DB) RevokeSession(key *btcec.PublicKey) error {
 	}
 
 	session.State = StateRevoked
+	session.RevokedAt = time.Now()
+
 	return db.StoreSession(session)
 }

session/store.go

@@ -25,6 +25,7 @@ const (
 	typeRemotePublicKey tlv.Type = 11
 	typeMacaroonRecipe  tlv.Type = 12
 	typeCreatedAt       tlv.Type = 13
+	typeRevokedAt       tlv.Type = 14
 
 	// typeMacaroon is no longer used, but we leave it defined for backwards
 	// compatibility.
@@ -58,8 +59,13 @@ func SerializeSession(w io.Writer, session *Session) error {
 		pairingSecret = session.PairingSecret[:]
 		privateKey    = session.LocalPrivateKey.Serialize()
 		createdAt     = uint64(session.CreatedAt.Unix())
+		revokedAt     uint64
 	)
 
+	if !session.RevokedAt.IsZero() {
+		revokedAt = uint64(session.RevokedAt.Unix())
+	}
+
 	if session.DevServer {
 		devServer = 1
 	}
@@ -103,6 +109,7 @@ func SerializeSession(w io.Writer, session *Session) error {
 
 	tlvRecords = append(
 		tlvRecords, tlv.MakePrimitiveRecord(typeCreatedAt, &createdAt),
+		tlv.MakePrimitiveRecord(typeRevokedAt, &revokedAt),
 	)
 
 	tlvStream, err := tlv.NewStream(tlvRecords...)
@@ -117,12 +124,12 @@ func SerializeSession(w io.Writer, session *Session) error {
 // the data to be encoded in the tlv format.
 func DeserializeSession(r io.Reader) (*Session, error) {
 	var (
-		session                   = &Session{}
-		label, serverAddr         []byte
-		pairingSecret, privateKey []byte
-		state, typ, devServer     uint8
-		expiry, createdAt         uint64
-		macRecipe                 MacaroonRecipe
+		session                      = &Session{}
+		label, serverAddr            []byte
+		pairingSecret, privateKey    []byte
+		state, typ, devServer        uint8
+		expiry, createdAt, revokedAt uint64
+		macRecipe                    MacaroonRecipe
 	)
 	tlvStream, err := tlv.NewStream(
 		tlv.MakePrimitiveRecord(typeLabel, &label),
@@ -144,6 +151,7 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 			macaroonRecipeEncoder, macaroonRecipeDecoder,
 		),
 		tlv.MakePrimitiveRecord(typeCreatedAt, &createdAt),
+		tlv.MakePrimitiveRecord(typeRevokedAt, &revokedAt),
 	)
 	if err != nil {
 		return nil, err
@@ -162,6 +170,10 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 	session.ServerAddr = string(serverAddr)
 	session.DevServer = devServer == 1
 
+	if revokedAt != 0 {
+		session.RevokedAt = time.Unix(int64(revokedAt), 0)
+	}
+
 	if t, ok := parsedTypes[typeMacaroonRecipe]; ok && t == nil {
 		session.MacaroonRecipe = &macRecipe
 	}

session/tlv.go

@@ -51,14 +51,18 @@ var (
 // and deserialized from and to the tlv binary format successfully.
 func TestSerializeDeserializeSession(t *testing.T) {
 	tests := []struct {
-		name     string
-		sessType Type
-		perms    []bakery.Op
-		caveats  []macaroon.Caveat
+		name      string
+		sessType  Type
+		revokedAt time.Time
+		perms     []bakery.Op
+		caveats   []macaroon.Caveat
 	}{
 		{
 			name:     "session 1",
 			sessType: TypeMacaroonCustom,
+			revokedAt: time.Date(
+				2023, 1, 10, 10, 10, 0, 0, time.UTC,
+			),
 		},
 		{
 			name:     "session 2",
@@ -78,6 +82,8 @@ func TestSerializeDeserializeSession(t *testing.T) {
 			)
 			require.NoError(t, err)
 
+			session.RevokedAt = test.revokedAt
+
 			_, remotePubKey := btcec.PrivKeyFromBytes(testRootKey)
 			session.RemotePublicKey = remotePubKey
 
@@ -95,10 +101,16 @@ func TestSerializeDeserializeSession(t *testing.T) {
 				t, session.Expiry.Unix(),
 				deserializedSession.Expiry.Unix(),
 			)
+			require.Equal(
+				t, session.RevokedAt.Unix(),
+				deserializedSession.RevokedAt.Unix(),
+			)
 			session.Expiry = time.Time{}
 			deserializedSession.Expiry = time.Time{}
 			session.CreatedAt = time.Time{}
 			deserializedSession.CreatedAt = time.Time{}
+			session.RevokedAt = time.Time{}
+			deserializedSession.RevokedAt = time.Time{}
 
 			require.Equal(t, session, deserializedSession)
 		})

session/tlv_test.go

@@ -519,6 +519,11 @@ func marshalRPCSession(sess *session.Session) (*litrpc.Session, error) {
 
 	macRecipe := marshalRPCMacaroonRecipe(sess.MacaroonRecipe)
 
+	var revokedAt uint64
+	if !sess.RevokedAt.IsZero() {
+		revokedAt = uint64(sess.RevokedAt.Unix())
+	}
+
 	return &litrpc.Session{
 		Label:                  sess.Label,
 		SessionState:           rpcState,
@@ -531,6 +536,7 @@ func marshalRPCSession(sess *session.Session) (*litrpc.Session, error) {
 		LocalPublicKey:         sess.LocalPublicKey.SerializeCompressed(),
 		RemotePublicKey:        remotePubKey,
 		CreatedAt:              uint64(sess.CreatedAt.Unix()),
+		RevokedAt:              revokedAt,
 		MacaroonRecipe:         macRecipe,
 	}, nil
 }