server+rules: add known map to RealToPseudo

bitromortac · bitromortac · commit e9cfa4b278eb · 2023-08-29T10:01:28.000+02:00
We want to add channel and peer restrictions for each feature
individually. Without this change, if we would have the same peer or
channel id in different feature restrictions, we would create duplicate
mappings from a key to multiple values.
diff --git a/rules/chan_policy_bounds.go b/rules/chan_policy_bounds.go
@@ -329,6 +329,8 @@ func (f *ChanPolicyBounds) PseudoToReal(_ firewalldb.PrivacyMapDB) (Values,
 // that should be persisted. This is a no-op for the ChanPolicyBounds rule.
 //
 // NOTE: this is part of the Values interface.
-func (f *ChanPolicyBounds) RealToPseudo() (Values, map[string]string, error) {
+func (f *ChanPolicyBounds) RealToPseudo(map[string]string) (Values,
+	map[string]string, error) {
+
 	return f, nil, nil
 }
diff --git a/rules/channel_restrictions.go b/rules/channel_restrictions.go
@@ -363,9 +363,17 @@ func (c *ChannelRestrict) PseudoToReal(db firewalldb.PrivacyMapDB) (Values,
 // RealToPseudo converts all the channel IDs into pseudo IDs.
 //
 // NOTE: this is part of the Values interface.
-func (c *ChannelRestrict) RealToPseudo() (Values, map[string]string, error) {
+func (c *ChannelRestrict) RealToPseudo(knownMappings map[string]string) (Values,
+	map[string]string, error) {
+
 	pseudoIDs := make([]uint64, len(c.DenyList))
-	privMapPairs := make(map[string]string)
+
+	// We unify with the already known mappings to avoid duplicates.
+	privMapPairs := make(map[string]string, len(knownMappings))
+	for k, v := range knownMappings {
+		privMapPairs[k] = v
+	}
+
 	for i, c := range c.DenyList {
 		// TODO(elle): check that this channel actually exists
 
diff --git a/rules/history_limit.go b/rules/history_limit.go
@@ -266,6 +266,8 @@ func (h *HistoryLimit) PseudoToReal(_ firewalldb.PrivacyMapDB) (Values,
 // that should be persisted. This is a no-op for the HistoryLimit rule.
 //
 // NOTE: this is part of the Values interface.
-func (h *HistoryLimit) RealToPseudo() (Values, map[string]string, error) {
+func (h *HistoryLimit) RealToPseudo(_ map[string]string) (Values,
+	map[string]string, error) {
+
 	return h, nil, nil
 }
diff --git a/rules/interfaces.go b/rules/interfaces.go
@@ -59,9 +59,10 @@ type Values interface {
 	ToProto() *litrpc.RuleValue
 
 	// RealToPseudo converts the rule Values to a new one that uses pseudo
-	// keys, channel IDs, channel points etc. It returns a map of real to
-	// pseudo strings that should be persisted.
-	RealToPseudo() (Values, map[string]string, error)
+	// keys, channel IDs, channel points etc. A map with already known
+	// mappings can be passed. It returns a map of real to pseudo strings
+	// that should be persisted.
+	RealToPseudo(map[string]string) (Values, map[string]string, error)
 
 	// PseudoToReal attempts to convert any appropriate pseudo fields in
 	// the rule Values to their corresponding real values. It uses the
diff --git a/rules/peer_restrictions.go b/rules/peer_restrictions.go
@@ -370,9 +370,17 @@ func (c *PeerRestrict) PseudoToReal(db firewalldb.PrivacyMapDB) (Values,
 // RealToPseudo converts all the real peer IDs into pseudo IDs.
 //
 // NOTE: this is part of the Values interface.
-func (c *PeerRestrict) RealToPseudo() (Values, map[string]string, error) {
+func (c *PeerRestrict) RealToPseudo(knownMappings map[string]string) (Values,
+	map[string]string, error) {
+
 	pseudoIDs := make([]string, len(c.DenyList))
-	privMapPairs := make(map[string]string)
+
+	// We unify with the already known mappings to avoid duplicates.
+	privMapPairs := make(map[string]string, len(knownMappings))
+	for k, v := range knownMappings {
+		privMapPairs[k] = v
+	}
+
 	for i, id := range c.DenyList {
 		// TODO(elle): check that this peer is actually one of our
 		//  channel peers.
diff --git a/rules/rate_limit.go b/rules/rate_limit.go
@@ -277,6 +277,8 @@ func (r *RateLimit) PseudoToReal(_ firewalldb.PrivacyMapDB) (Values,
 // that should be persisted. This is a no-op for the RateLimit rule.
 //
 // NOTE: this is part of the Values interface.
-func (r *RateLimit) RealToPseudo() (Values, map[string]string, error) {
+func (r *RateLimit) RealToPseudo(_ map[string]string) (Values,
+	map[string]string, error) {
+
 	return r, nil, nil
 }
diff --git a/session_rpcserver.go b/session_rpcserver.go
@@ -850,7 +850,9 @@ func (s *sessionRpcServer) AddAutopilotSession(ctx context.Context,
 
 				if privacy {
 					var privMapPairs map[string]string
-					v, privMapPairs, err = v.RealToPseudo()
+					v, privMapPairs, err = v.RealToPseudo(
+						privacyMapPairs,
+					)
 					if err != nil {
 						return nil, err
 					}
