session: add RevokedAt field

ellemouton · ellemouton · commit 7e8837756f8d · 2023-01-10T10:26:24.000+02:00
This commit adds a RevokedAt field to the Session structure and sets the
value of the field to the current time when RevokeSession is called.
diff --git a/session/interface.go b/session/interface.go
@@ -47,6 +47,7 @@ type Session struct {
 	Type            Type
 	Expiry          time.Time
 	CreatedAt       time.Time
+	RevokedAt       time.Time
 	ServerAddr      string
 	DevServer       bool
 	MacaroonRootKey uint64
diff --git a/session/store.go b/session/store.go
@@ -3,6 +3,7 @@ package session
 import (
 	"bytes"
 	"errors"
+	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
 	"go.etcd.io/bbolt"
@@ -100,5 +101,7 @@ func (db *DB) RevokeSession(key *btcec.PublicKey) error {
 	}
 
 	session.State = StateRevoked
+	session.RevokedAt = time.Now()
+
 	return db.StoreSession(session)
 }
diff --git a/session/tlv.go b/session/tlv.go
@@ -25,6 +25,7 @@ const (
 	typeRemotePublicKey tlv.Type = 11
 	typeMacaroonRecipe  tlv.Type = 12
 	typeCreatedAt       tlv.Type = 13
+	typeRevokedAt       tlv.Type = 14
 
 	// typeMacaroon is no longer used, but we leave it defined for backwards
 	// compatibility.
@@ -58,8 +59,13 @@ func SerializeSession(w io.Writer, session *Session) error {
 		pairingSecret = session.PairingSecret[:]
 		privateKey    = session.LocalPrivateKey.Serialize()
 		createdAt     = uint64(session.CreatedAt.Unix())
+		revokedAt     uint64
 	)
 
+	if !session.RevokedAt.IsZero() {
+		revokedAt = uint64(session.RevokedAt.Unix())
+	}
+
 	if session.DevServer {
 		devServer = 1
 	}
@@ -105,6 +111,10 @@ func SerializeSession(w io.Writer, session *Session) error {
 		tlvRecords, tlv.MakePrimitiveRecord(typeCreatedAt, &createdAt),
 	)
 
+	tlvRecords = append(
+		tlvRecords, tlv.MakePrimitiveRecord(typeRevokedAt, &revokedAt),
+	)
+
 	tlvStream, err := tlv.NewStream(tlvRecords...)
 	if err != nil {
 		return err
@@ -117,12 +127,12 @@ func SerializeSession(w io.Writer, session *Session) error {
 // the data to be encoded in the tlv format.
 func DeserializeSession(r io.Reader) (*Session, error) {
 	var (
-		session                   = &Session{}
-		label, serverAddr         []byte
-		pairingSecret, privateKey []byte
-		state, typ, devServer     uint8
-		expiry, createdAt         uint64
-		macRecipe                 MacaroonRecipe
+		session                      = &Session{}
+		label, serverAddr            []byte
+		pairingSecret, privateKey    []byte
+		state, typ, devServer        uint8
+		expiry, createdAt, revokedAt uint64
+		macRecipe                    MacaroonRecipe
 	)
 	tlvStream, err := tlv.NewStream(
 		tlv.MakePrimitiveRecord(typeLabel, &label),
@@ -144,6 +154,7 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 			macaroonRecipeEncoder, macaroonRecipeDecoder,
 		),
 		tlv.MakePrimitiveRecord(typeCreatedAt, &createdAt),
+		tlv.MakePrimitiveRecord(typeRevokedAt, &revokedAt),
 	)
 	if err != nil {
 		return nil, err
@@ -162,6 +173,10 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 	session.ServerAddr = string(serverAddr)
 	session.DevServer = devServer == 1
 
+	if revokedAt != 0 {
+		session.RevokedAt = time.Unix(int64(revokedAt), 0)
+	}
+
 	if t, ok := parsedTypes[typeMacaroonRecipe]; ok && t == nil {
 		session.MacaroonRecipe = &macRecipe
 	}
diff --git a/session/tlv_test.go b/session/tlv_test.go
@@ -51,14 +51,18 @@ var (
 // and deserialized from and to the tlv binary format successfully.
 func TestSerializeDeserializeSession(t *testing.T) {
 	tests := []struct {
-		name     string
-		sessType Type
-		perms    []bakery.Op
-		caveats  []macaroon.Caveat
+		name      string
+		sessType  Type
+		revokedAt time.Time
+		perms     []bakery.Op
+		caveats   []macaroon.Caveat
 	}{
 		{
 			name:     "session 1",
 			sessType: TypeMacaroonCustom,
+			revokedAt: time.Date(
+				2023, 1, 10, 10, 10, 0, 0, time.UTC,
+			),
 		},
 		{
 			name:     "session 2",
@@ -78,6 +82,8 @@ func TestSerializeDeserializeSession(t *testing.T) {
 			)
 			require.NoError(t, err)
 
+			session.RevokedAt = test.revokedAt
+
 			_, remotePubKey := btcec.PrivKeyFromBytes(testRootKey)
 			session.RemotePublicKey = remotePubKey
 
@@ -95,10 +101,16 @@ func TestSerializeDeserializeSession(t *testing.T) {
 				t, session.Expiry.Unix(),
 				deserializedSession.Expiry.Unix(),
 			)
+			require.Equal(
+				t, session.RevokedAt.Unix(),
+				deserializedSession.RevokedAt.Unix(),
+			)
 			session.Expiry = time.Time{}
 			deserializedSession.Expiry = time.Time{}
 			session.CreatedAt = time.Time{}
 			deserializedSession.CreatedAt = time.Time{}
+			session.RevokedAt = time.Time{}
+			deserializedSession.RevokedAt = time.Time{}
 
 			require.Equal(t, session, deserializedSession)
 		})

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package session`
`3`	`3`	`import (`
`4`	`4`	`"bytes"`
`5`	`5`	`"errors"`
	`6`	`+ "time"`
`6`	`7`
`7`	`8`	`"github.com/btcsuite/btcd/btcec/v2"`
`8`	`9`	`"go.etcd.io/bbolt"`
`@@ -100,5 +101,7 @@ func (db DB) RevokeSession(key btcec.PublicKey) error {`
`100`	`101`	`}`
`101`	`102`
`102`	`103`	`session.State = StateRevoked`
	`104`	`+ session.RevokedAt = time.Now()`
	`105`	`+`
`103`	`106`	`return db.StoreSession(session)`
`104`	`107`	`}`