Description
With the account store sorted, next up is the session store which once normalised will look as follows with an optional reference to the accounts table since a session might be linked to an account:
Context
A couple of points to keep in mind for this sub-project:
Session DB level ID vs Code/User level Alias:
- Similarly to
accountswhich now has a DB level ID along with a code level 8 byte alias which is calledAccountIDin the code base, for sessions, we have asession.ID(4 bytes) in the code base but we will now have a DB level int ID for sessions too. And just like for accounts, we want to continue being able to reference sessions using the alias for backwards compatibility.
- Note: I'll probably open PRs to rename these variables to beaccounts.Aliasandsessions.Aliasto remove confusion.
The link from a session to an account:
- Today, an account can be tied to a session but this is done implicitly by embedding the account ID in the session's macaroon caveat. In SQL land, however, we would want this link to be explicit via a foreign key. We'll then want to have tests that cover that we cant add a session linked to an account if that account doesnt exist yet - but to do this, we first need to make sure that the existing KVDB code also does not allow this. So there will be some prep work to add these checks for the existing logic before adding SQL stuff.
Session Creation flow
-
Today, a session is created as follows:
1) Lock Lit'ssessRegMumutex to ensure only one thread is trying to create a session at a time
2) call the session store'sdb.GetUnusedIDAndKeyPairmethod to find an unused alias & private key pair.
3) call theNewSessionfunction to construct a newSessionsobject (note: this does not touch the DB yet) .
4) Finally, call the store'sdb.CreateSessionmethod to actually go persist the new store.
5) unlocksessRegMu.
6) (For linked sessions: we also use theCheckSessionGroupPredicateto ensure any linked sessions are inactive.) -
How the above flow came about: For Autopilot sessions, we wanted to make sure we could successfully register a session with
Autopilotbefore actually going and persisting it to our DB. But at the time of registration, we already want to know the ID/Local pub key pair we will use for the session. This is why we would do all this in-memory only work before actually persisting the session. This is also why we needed to lock the mutex to ensure only one thread callsdb.GetUnusedIDAndKeyPairat a time. -
For a clean interface though, all the above should really happen atomically under a single database read transaction & we should not need to expose things like
db.GetUnusedIDAndKeyPairanddb.CheckSessionGroupPredicate. -
What we will instead do is:
- Add a newsession.State:SessionReserved, which will be the new first state of a session.
- Then, we will changeNewSessionto instead be a method on theStoreinterface. This will
- take care of finding a unique ID/Local key pair (so we can remove that from the interface).
- insert the new session but under theReservedstate.
- if a group is linked, here is where we will check that all other sessions are revoked. SoCheckSessionGroupPredicatecan also be removed from the interface.
-CreateSessionwill then only move a session fromReservedtoCreated.
- On DB startup, we make sure to delete all sessions in theReservedstate.
Planed Moulding/Massaging Work:
- Rename
accounts.AccountIDtoaccounts.Alias - Add checks to existing code to ensure that an account exists before creating a session linked to it. With this, we will also include an
AccountID fn.Option[accounts.Alias]member in theSessionstruct. - Add a new
Reservedsession state & ensure to delete allReservedsessions on startup (ie, all sessions that did not make it to theCreatedstate. - Move the
CheckSessionGroupPredicatefunctionality to insideCreateSession - Move
NewSessionto be a method on theStoreinterface, move logic fromCreateSessionto there and then letCreateSessiononly change the state of a session toCreated