multi: allow client to link autopilot sessions

Author: ellemouton

cmd/litcli/autopilot.go

@@ -65,6 +65,11 @@ var addAutopilotSessionCmd = cli.Command{
 				"perform actions on. In the " +
 				"form of: peerID1,peerID2,...",
 		},
+		cli.StringFlag{
+			Name: "prev_sess_id",
+			Usage: "The hex encoded session ID of a previous " +
+				"session to link this one to",
+		},
 	},
 }
 
@@ -224,13 +229,22 @@ func initAutopilotSession(ctx *cli.Context) error {
 		}
 	}
 
+	var prevSessID []byte
+	if ctx.IsSet("prev_sess_id") {
+		prevSessID, err = hex.DecodeString(ctx.String("prev_sess_id"))
+		if err != nil {
+			return err
+		}
+	}
+
 	resp, err := client.AddAutopilotSession(
 		ctxb, &litrpc.AddAutopilotSessionRequest{
 			Label:                  ctx.String("label"),
 			ExpiryTimestampSeconds: uint64(sessionExpiry),
 			MailboxServerAddr:      ctx.String("mailboxserveraddr"),
 			DevServer:              ctx.Bool("devserver"),
 			Features:               featureMap,
+			PrevSessId:             prevSessID,
 		},
 	)
 	if err != nil {

session_rpcserver.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/btcsuite/btcd/btcec/v2/ecdsa"
 	"github.com/lightninglabs/lightning-node-connect/mailbox"
 	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightninglabs/lightning-terminal/autopilotserver"
@@ -997,16 +998,53 @@ func (s *sessionRpcServer) AddAutopilotSession(ctx context.Context,
 		caveats = append(caveats, firewall.MetaPrivacyCaveat)
 	}
 
+	// If a previous session ID has been set to link this new one to, we
+	// first check if we have the referenced session, and we make sure it
+	// has been revoked.
+	var prevSess *session.Session
+	if len(req.PrevSessId) != 0 {
+		var prevSessID session.ID
+		copy(prevSessID[:], req.PrevSessId)
+
+		// Make sure that the previous session does actually exist.
+		prevSess, err = s.cfg.db.GetSessionByID(prevSessID)
+		if errors.Is(err, session.ErrSessionNotFound) {
+			return nil, fmt.Errorf("linked session(%x) not found",
+				req.PrevSessId)
+		} else if err != nil {
+			return nil, err
+		}
+
+		// Now we need to check that the linked session is no longer
+		// active.
+		if prevSess.State != session.StateRevoked &&
+			prevSess.State != session.StateExpired {
+
+			return nil, fmt.Errorf("linked session(%x) "+
+				"still active", req.PrevSessId)
+		}
+	}
+
 	sess, err := session.NewSession(
 		req.Label, session.TypeAutopilot, expiry, req.MailboxServerAddr,
-		req.DevServer, perms, caveats, featureConfig, privacy, nil,
+		req.DevServer, perms, caveats, featureConfig, privacy, prevSess,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error creating new session: %v", err)
 	}
 
+	// If this session is being linked to a previous one, then we need to
+	// use the previous session's local private key to sign the new
+	// session's public key in order to prove to the Autopilot server that
+	// the two session's belong to the same owner.
+	var linkSig []byte
+	if prevSess != nil {
+		msg := sess.LocalPublicKey.SerializeCompressed()
+		linkSig = ecdsa.Sign(prevSess.LocalPrivateKey, msg).Serialize()
+	}
+
 	// Register all the privacy map pairs for this session ID.
-	privDB := s.cfg.privMap(sess.ID)
+	privDB := s.cfg.privMap(sess.GroupID)
 	err = privDB.Update(func(tx firewalldb.PrivacyMapTx) error {
 		for r, p := range privacyMapPairs {
 			err := tx.NewPair(r, p)
@@ -1023,7 +1061,7 @@ func (s *sessionRpcServer) AddAutopilotSession(ctx context.Context,
 	// Attempt to register the session with the Autopilot server.
 	remoteKey, err := s.cfg.autopilot.RegisterSession(
 		ctx, sess.LocalPublicKey, sess.ServerAddr, sess.DevServer,
-		featureConfig, nil, nil,
+		featureConfig, sess.LocalPublicKey, linkSig,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error registering session with "+