firewall+firewalldb: extract Account ID and pass to AddActionReq

ellemouton · ellemouton · commit 26d028f4a5f4 · 2025-05-21T14:14:13.000+02:00
In this commit we add an optional AccountID to the RequestInfo type.
Then, we populate it if the caveat of the macaroon being used contains
an accounts caveat.

We also add an unused AccountID type to the AddActionReq and pass in the
value from the RequestLogger.
diff --git a/firewall/request_info.go b/firewall/request_info.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightninglabs/lightning-terminal/session"
 	"github.com/lightningnetwork/lnd/fn"
 	"github.com/lightningnetwork/lnd/lnrpc"
@@ -29,6 +30,7 @@ const (
 // request.
 type RequestInfo struct {
 	SessionID       fn.Option[session.ID]
+	AccountID       fn.Option[accounts.AccountID]
 	MsgID           uint64
 	RequestID       uint64
 	MWRequestType   string
@@ -140,6 +142,12 @@ func NewInfoFromRequest(req *lnrpc.RPCMiddlewareRequest) (*RequestInfo, error) {
 		}
 	}
 
+	ri.AccountID, err = accounts.IDFromCaveats(ri.Macaroon.Caveats())
+	if err != nil {
+		return nil, fmt.Errorf("error extracting account ID "+
+			"from macaroon: %v", err)
+	}
+
 	return ri, nil
 }
 
diff --git a/firewall/request_logger.go b/firewall/request_logger.go
@@ -195,6 +195,7 @@ func (r *RequestLogger) addNewAction(ctx context.Context, ri *RequestInfo,
 
 	actionReq := &firewalldb.AddActionReq{
 		SessionID:          ri.SessionID,
+		AccountID:          ri.AccountID,
 		MacaroonIdentifier: macaroonID,
 		RPCMethod:          ri.URI,
 	}
diff --git a/firewalldb/actions.go b/firewalldb/actions.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"
 
+	"github.com/lightninglabs/lightning-terminal/accounts"
 	"github.com/lightninglabs/lightning-terminal/session"
 	"github.com/lightningnetwork/lnd/fn"
 )
@@ -45,6 +46,13 @@ type AddActionReq struct {
 	// guaranteed to be linked to an existing session.
 	SessionID fn.Option[session.ID]
 
+	// AccountID holds the optional account ID of the account that this
+	// action was performed on.
+	//
+	// NOTE: for our BoltDB impl, this is not persisted in any way, and we
+	// do not populate it on reading from disk.
+	AccountID fn.Option[accounts.AccountID]
+
 	// ActorName is the name of the entity who performed the Action.
 	ActorName string
 

Original file line number	Diff line number	Diff line change
`@@ -195,6 +195,7 @@ func (r RequestLogger) addNewAction(ctx context.Context, ri RequestInfo,`
`195`	`195`
`196`	`196`	`actionReq := &firewalldb.AddActionReq{`
`197`	`197`	`SessionID: ri.SessionID,`
	`198`	`+ AccountID: ri.AccountID,`
`198`	`199`	`MacaroonIdentifier: macaroonID,`
`199`	`200`	`RPCMethod: ri.URI,`
`200`	`201`	`}`