lightninglabs
diff --git a/‎db/migrations.go
Lines changed: 1 addition & 1 deletion b/‎db/migrations.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎db/sqlc/migrations/000004_privacy_pairs.down.sql
Lines changed: 4 additions & 0 deletions b/‎db/sqlc/migrations/000004_privacy_pairs.down.sql
Lines changed: 4 additions & 0 deletions
diff --git a/‎db/sqlc/migrations/000004_privacy_pairs.up.sql
Lines changed: 23 additions & 0 deletions b/‎db/sqlc/migrations/000004_privacy_pairs.up.sql
Lines changed: 23 additions & 0 deletions
diff --git a/‎db/sqlc/models.go
Lines changed: 6 additions & 0 deletions b/‎db/sqlc/models.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎db/sqlc/privacy_paris.sql.go
Lines changed: 96 additions & 0 deletions b/‎db/sqlc/privacy_paris.sql.go
Lines changed: 96 additions & 0 deletions
diff --git a/‎db/sqlc/querier.go
Lines changed: 4 additions & 0 deletions b/‎db/sqlc/querier.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎db/sqlc/queries/privacy_paris.sql
Lines changed: 18 additions & 0 deletions b/‎db/sqlc/queries/privacy_paris.sql
Lines changed: 18 additions & 0 deletions
diff --git a/‎firewall/privacy_mapper.go
Lines changed: 5 additions & 5 deletions b/‎firewall/privacy_mapper.go
Lines changed: 5 additions & 5 deletions
diff --git a/‎firewall/privacy_mapper_test.go
Lines changed: 6 additions & 6 deletions b/‎firewall/privacy_mapper_test.go
Lines changed: 6 additions & 6 deletions
diff --git a/‎firewall/rule_enforcer.go
Lines changed: 4 additions & 4 deletions b/‎firewall/rule_enforcer.go
Lines changed: 4 additions & 4 deletions
@@ -22,7 +22,7 @@ const (
 	// daemon.
 	//
 	// NOTE: This MUST be updated when a new migration is added.
-	LatestMigrationVersion = 3
+	LatestMigrationVersion = 4
 )
 
 // MigrationTarget is a functional option that can be passed to applyMigrations
 
@@ -0,0 +1,4 @@
+DROP INDEX IF EXISTS privacy_pairs_group_id_idx;
+DROP INDEX IF EXISTS privacy_pairs_unique_real;
+DROP INDEX IF EXISTS privacy_pairs_unique_pseudo;
+DROP TABLE IF EXISTS privacy_pairs;
@@ -0,0 +1,23 @@
+-- privacy_pairs stores the privacy map pairs for a given session group.
+CREATE TABLE IF NOT EXISTS privacy_pairs (
+    -- The group ID of the session that this privacy pair is associated
+    -- with.
+    group_id BIGINT NOT NULL REFERENCES sessions(id) ON DELETE CASCADE,
+
+    -- The real value of the privacy pair.
+    real_val TEXT NOT NULL,
+
+    -- The pseudo value of the privacy pair.
+    pseudo_val TEXT NOT NULL
+);
+
+-- There should be no duplicate real values for a given group ID.
+CREATE UNIQUE INDEX privacy_pairs_unique_real ON privacy_pairs (
+    group_id, real_val
+);
+
+-- There should be no duplicate pseudo values for a given group ID.
+CREATE UNIQUE INDEX privacy_pairs_unique_pseudo ON privacy_pairs (
+    group_id, pseudo_val
+);
+
@@ -0,0 +1,18 @@
+-- name: InsertPrivacyPair :exec
+INSERT INTO privacy_pairs (group_id, real_val, pseudo_val)
+VALUES ($1, $2, $3);
+
+-- name: GetRealForPseudo :one
+SELECT real_val
+FROM privacy_pairs
+WHERE group_id = $1 AND pseudo_val = $2;
+
+-- name: GetPseudoForReal :one
+SELECT pseudo_val
+FROM privacy_pairs
+WHERE group_id = $1 AND real_val = $2;
+
+-- name: GetAllPrivacyPairs :many
+SELECT real_val, pseudo_val
+FROM privacy_pairs
+WHERE group_id = $1;
@@ -60,19 +60,19 @@ var _ mid.RequestInterceptor = (*PrivacyMapper)(nil)
 // PrivacyMapper is a RequestInterceptor that maps any pseudo names in certain
 // requests to their real values and vice versa for responses.
 type PrivacyMapper struct {
-	newDB     firewalldb.NewPrivacyMapDB
+	db        firewalldb.PrivacyMapper
 	randIntn  func(int) (int, error)
 	sessionDB firewalldb.SessionDB
 }
 
 // NewPrivacyMapper returns a new instance of PrivacyMapper. The randIntn
 // function is used to draw randomness for request field obfuscation.
-func NewPrivacyMapper(newDB firewalldb.NewPrivacyMapDB,
+func NewPrivacyMapper(newDB firewalldb.PrivacyMapper,
 	randIntn func(int) (int, error),
 	sessionDB firewalldb.SessionDB) *PrivacyMapper {
 
 	return &PrivacyMapper{
-		newDB:     newDB,
+		db:        newDB,
 		randIntn:  randIntn,
 		sessionDB: sessionDB,
 	}
@@ -195,7 +195,7 @@ func (p *PrivacyMapper) checkAndReplaceIncomingRequest(ctx context.Context,
 		return nil, err
 	}
 
-	db := p.newDB(session.GroupID)
+	db := p.db.PrivacyDB(session.GroupID)
 
 	// If we don't have a handler for the URI, we don't allow the request
 	// to go through.
@@ -225,7 +225,7 @@ func (p *PrivacyMapper) replaceOutgoingResponse(ctx context.Context, uri string,
 		return nil, err
 	}
 
-	db := p.newDB(session.GroupID)
+	db := p.db.PrivacyDB(session.GroupID)
 
 	// If we don't have a handler for the URI, we don't allow the response
 	// to go to avoid accidental leaks.
 
@@ -902,7 +902,7 @@ func TestPrivacyMapper(t *testing.T) {
 
 			// randIntn is used for deterministic testing.
 			randIntn := func(n int) (int, error) { return 100, nil }
-			p := NewPrivacyMapper(db.NewSessionDB, randIntn, pd)
+			p := NewPrivacyMapper(db, randIntn, pd)
 
 			rawMsg, err := proto.Marshal(test.msg)
 			require.NoError(t, err)
@@ -978,7 +978,7 @@ func TestPrivacyMapper(t *testing.T) {
 		rawMsg, err := proto.Marshal(msg)
 		require.NoError(t, err)
 
-		p := NewPrivacyMapper(db.NewSessionDB, CryptoRandIntn, pd)
+		p := NewPrivacyMapper(db, CryptoRandIntn, pd)
 		require.NoError(t, err)
 
 		// We test the independent outgoing amount (incoming amount
@@ -1071,7 +1071,7 @@ func newMockDB(t *testing.T, preloadRealToPseudo map[string]string,
 	sessID session.ID) mockDB {
 
 	db := mockDB{privDB: make(map[string]*mockPrivacyMapDB)}
-	sessDB := db.NewSessionDB(sessID)
+	sessDB := db.PrivacyDB(sessID)
 
 	_ = sessDB.Update(context.Background(), func(ctx context.Context,
 		tx firewalldb.PrivacyMapTx) error {
@@ -1085,14 +1085,14 @@ func newMockDB(t *testing.T, preloadRealToPseudo map[string]string,
 	return db
 }
 
-func (m mockDB) NewSessionDB(sessionID session.ID) firewalldb.PrivacyMapDB {
-	db, ok := m.privDB[string(sessionID[:])]
+func (m mockDB) PrivacyDB(groupID session.ID) firewalldb.PrivacyMapDB {
+	db, ok := m.privDB[string(groupID[:])]
 	if ok {
 		return db
 	}
 
 	newDB := newMockPrivacyMapDB()
-	m.privDB[string(sessionID[:])] = newDB
+	m.privDB[string(groupID[:])] = newDB
 
 	return newDB
 }
 
@@ -33,7 +33,7 @@ type RuleEnforcer struct {
 	actionsDB         firewalldb.ActionReadDBGetter
 	sessionDB         firewalldb.SessionDB
 	markActionErrored func(reqID uint64, reason string) error
-	newPrivMap        firewalldb.NewPrivacyMapDB
+	privMapDB         firewalldb.PrivacyMapper
 
 	permsMgr        *perms.Manager
 	getFeaturePerms featurePerms
@@ -64,7 +64,7 @@ func NewRuleEnforcer(ruleDB firewalldb.RulesDB,
 	lndClient lndclient.LightningClient, lndConnID string,
 	ruleMgrs rules.ManagerSet,
 	markActionErrored func(reqID uint64, reason string) error,
-	privMap firewalldb.NewPrivacyMapDB) *RuleEnforcer {
+	privMap firewalldb.PrivacyMapper) *RuleEnforcer {
 
 	return &RuleEnforcer{
 		ruleDB:            ruleDB,
@@ -76,7 +76,7 @@ func NewRuleEnforcer(ruleDB firewalldb.RulesDB,
 		lndClient:         lndClient,
 		ruleMgrs:          ruleMgrs,
 		markActionErrored: markActionErrored,
-		newPrivMap:        privMap,
+		privMapDB:         privMap,
 		sessionDB:         sessionIDIndex,
 		lndConnID:         lndConnID,
 	}
@@ -392,7 +392,7 @@ func (r *RuleEnforcer) initRule(ctx context.Context, reqID uint64, name string,
 	}
 
 	if privacy {
-		privMap := r.newPrivMap(session.GroupID)
+		privMap := r.privMapDB.PrivacyDB(session.GroupID)
 
 		ruleValues, err = ruleValues.PseudoToReal(
 			ctx, privMap, session.PrivacyFlags,
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ const (`
`22`	`22`	`// daemon.`
`23`	`23`	`//`
`24`	`24`	`// NOTE: This MUST be updated when a new migration is added.`
`25`		`- LatestMigrationVersion = 3`
	`25`	`+ LatestMigrationVersion = 4`
`26`	`26`	`)`
`27`	`27`
`28`	`28`	`// MigrationTarget is a functional option that can be passed to applyMigrations`