terminal: separate session RPC server init & start

ViktorTigerstrom · ViktorTigerstrom · commit f93d0aedcf8c · 2025-08-06T15:07:49.000+02:00
In the upcoming actions migration, we need fetch LNDs macaroons prior to
initializing the stores, as the macaroons will be required during the
migration.

This requires that we setup the connection to LND before we initialize
the stores, as we can only fetch the macaroons after the LND connection
is established.

In preparation of doing so, we cannot reference the stores when
initializing/creating the sessions RPC server object, as we do so prior
to setting up the LND connection.

This commit therefore refactors the sessions RPC server so that we
separate the initializing from the starting of the RPC server, and only
require the store reference during the actual startup of the RPC server.

Note that while this commit adds an `active atomic int32` to the RPC
server which must be set toggled before the server will process
requests, the RPC proxy and status manager will ensure that no requests
get sent to the RPC prior to LiT's subserver being set to running. This
is added to ensure that we dont introduce any nil pointer panics in
future updates though, as the RPC server would panic in requests were
actually processed prior to it having the dependencies injected during
the `Start` function.

Also note that we still keep the init of the sessions RPC server
reference prior to setting up the LND connection, as not doing so would
require that we'd refactor the registering of `GrpcSubserver`s in a more
complex and in a less elegant way.
diff --git a/session_rpcserver.go b/session_rpcserver.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/btcsuite/btcd/btcec/v2"
@@ -40,8 +41,17 @@ import (
 // other special cases.
 const readOnlyAction = "***readonly***"
 
+var (
+	// ErrServerNotActive indicates that the server has started but hasn't
+	// fully finished the startup process.
+	ErrServerNotActive = errors.New("session server is still in the " +
+		"process of starting")
+)
+
 // sessionRpcServer is the gRPC server for the Session RPC interface.
 type sessionRpcServer struct {
+	active int32 // atomic
+
 	litrpc.UnimplementedSessionsServer
 	litrpc.UnimplementedFirewallServer
 	litrpc.UnimplementedAutopilotServer
@@ -70,41 +80,10 @@ type sessionRpcServerConfig struct {
 	privMap                 firewalldb.PrivacyMapper
 }
 
-// newSessionRPCServer creates a new sessionRpcServer using the passed config.
-func newSessionRPCServer(cfg *sessionRpcServerConfig) (*sessionRpcServer,
-	error) {
-
-	// Create the gRPC server that handles adding/removing sessions and the
-	// actual mailbox server that spins up the Terminal Connect server
-	// interface.
-	server := session.NewServer(
-		func(id session.ID, opts ...grpc.ServerOption) *grpc.Server {
-			// Add the session ID injector interceptors first so
-			// that the session ID is available in the context of
-			// all interceptors that come after.
-			allOpts := []grpc.ServerOption{
-				addSessionIDToStreamCtx(id),
-				addSessionIDToUnaryCtx(id),
-			}
-
-			allOpts = append(allOpts, cfg.grpcOptions...)
-			allOpts = append(allOpts, opts...)
-
-			// Construct the gRPC server with the options.
-			grpcServer := grpc.NewServer(allOpts...)
-
-			// Register various grpc servers with the LNC session
-			// server.
-			cfg.registerGrpcServers(grpcServer)
-
-			return grpcServer
-		},
-	)
-
+// newSessionRPCServer creates a new sessionRpcServer.
+func newSessionRPCServer() (*sessionRpcServer, error) {
 	return &sessionRpcServer{
-		cfg:           cfg,
-		sessionServer: server,
-		quit:          make(chan struct{}),
+		quit: make(chan struct{}),
 	}, nil
 }
 
@@ -164,9 +143,52 @@ func addSessionIDToUnaryCtx(id session.ID) grpc.ServerOption {
 	})
 }
 
-// start all the components necessary for the sessionRpcServer to start serving
-// requests. This includes resuming all non-revoked sessions.
-func (s *sessionRpcServer) start(ctx context.Context) error {
+// started returns true if the server has been started, and false otherwise.
+// NOTE: This function is safe for concurrent access.
+func (s *sessionRpcServer) started() bool {
+	return atomic.LoadInt32(&s.active) != 0
+}
+
+// start starts a new sessionRpcServer using the passed config, and adds all
+// components necessary for the sessionRpcServer to start serving requests. This
+// includes resuming all non-revoked sessions.
+func (s *sessionRpcServer) start(ctx context.Context,
+	cfg *sessionRpcServerConfig) error {
+
+	if s.started() {
+		return errors.New("session rpc server is already started")
+	}
+
+	// Create the gRPC server that handles adding/removing sessions and the
+	// actual mailbox server that spins up the Terminal Connect server
+	// interface.
+	server := session.NewServer(
+		func(id session.ID, opts ...grpc.ServerOption) *grpc.Server {
+			// Add the session ID injector interceptors first so
+			// that the session ID is available in the context of
+			// all interceptors that come after.
+			allOpts := []grpc.ServerOption{
+				addSessionIDToStreamCtx(id),
+				addSessionIDToUnaryCtx(id),
+			}
+
+			allOpts = append(allOpts, cfg.grpcOptions...)
+			allOpts = append(allOpts, opts...)
+
+			// Construct the gRPC server with the options.
+			grpcServer := grpc.NewServer(allOpts...)
+
+			// Register various grpc servers with the LNC session
+			// server.
+			cfg.registerGrpcServers(grpcServer)
+
+			return grpcServer
+		},
+	)
+
+	s.cfg = cfg
+	s.sessionServer = server
+
 	// Delete all sessions in the Reserved state.
 	err := s.cfg.db.DeleteReservedSessions(ctx)
 	if err != nil {
@@ -248,14 +270,18 @@ func (s *sessionRpcServer) start(ctx context.Context) error {
 		}
 	}
 
+	atomic.StoreInt32(&s.active, 1)
+
 	return nil
 }
 
 // stop cleans up any sessionRpcServer resources.
 func (s *sessionRpcServer) stop() error {
 	var returnErr error
 	s.stopOnce.Do(func() {
-		s.sessionServer.Stop()
+		if s.sessionServer != nil {
+			s.sessionServer.Stop()
+		}
 
 		close(s.quit)
 		s.wg.Wait()
@@ -268,6 +294,10 @@ func (s *sessionRpcServer) stop() error {
 func (s *sessionRpcServer) AddSession(ctx context.Context,
 	req *litrpc.AddSessionRequest) (*litrpc.AddSessionResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	expiry := time.Unix(int64(req.ExpiryTimestampSeconds), 0)
 	if time.Now().After(expiry) {
 		return nil, fmt.Errorf("expiry must be in the future")
@@ -618,6 +648,10 @@ func (s *sessionRpcServer) resumeSession(ctx context.Context,
 func (s *sessionRpcServer) ListSessions(ctx context.Context,
 	_ *litrpc.ListSessionsRequest) (*litrpc.ListSessionsResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	sessions, err := s.cfg.db.ListAllSessions(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching sessions: %v", err)
@@ -642,6 +676,10 @@ func (s *sessionRpcServer) ListSessions(ctx context.Context,
 func (s *sessionRpcServer) RevokeSession(ctx context.Context,
 	req *litrpc.RevokeSessionRequest) (*litrpc.RevokeSessionResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	pubKey, err := btcec.ParsePubKey(req.LocalPublicKey)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing public key: %v", err)
@@ -676,6 +714,10 @@ func (s *sessionRpcServer) PrivacyMapConversion(ctx context.Context,
 	req *litrpc.PrivacyMapConversionRequest) (
 	*litrpc.PrivacyMapConversionResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	var (
 		groupID session.ID
 		err     error
@@ -733,6 +775,10 @@ func (s *sessionRpcServer) PrivacyMapConversion(ctx context.Context,
 func (s *sessionRpcServer) ListActions(ctx context.Context,
 	req *litrpc.ListActionsRequest) (*litrpc.ListActionsResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	// If no maximum number of actions is given, use a default of 100.
 	if req.MaxNumActions == 0 {
 		req.MaxNumActions = 100
@@ -841,6 +887,10 @@ func (s *sessionRpcServer) ListAutopilotFeatures(ctx context.Context,
 	_ *litrpc.ListAutopilotFeaturesRequest) (
 	*litrpc.ListAutopilotFeaturesResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	fs, err := s.cfg.autopilot.ListFeatures(ctx)
 	if err != nil {
 		return nil, err
@@ -884,6 +934,10 @@ func (s *sessionRpcServer) AddAutopilotSession(ctx context.Context,
 	req *litrpc.AddAutopilotSessionRequest) (
 	*litrpc.AddAutopilotSessionResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	if len(req.Features) == 0 {
 		return nil, fmt.Errorf("must include at least one feature")
 	}
@@ -1325,6 +1379,10 @@ func (s *sessionRpcServer) ListAutopilotSessions(ctx context.Context,
 	_ *litrpc.ListAutopilotSessionsRequest) (
 	*litrpc.ListAutopilotSessionsResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	sessions, err := s.cfg.db.ListSessionsByType(ctx, session.TypeAutopilot)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching sessions: %v", err)
@@ -1349,6 +1407,10 @@ func (s *sessionRpcServer) RevokeAutopilotSession(ctx context.Context,
 	req *litrpc.RevokeAutopilotSessionRequest) (
 	*litrpc.RevokeAutopilotSessionResponse, error) {
 
+	if !s.started() {
+		return nil, ErrServerNotActive
+	}
+
 	pubKey, err := btcec.ParsePubKey(req.LocalPublicKey)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing public key: %v", err)
diff --git a/terminal.go b/terminal.go
@@ -463,14 +463,6 @@ func (g *LightningTerminal) start(ctx context.Context) error {
 		return fmt.Errorf("error creating account service: %v", err)
 	}
 
-	superMacBaker := func(ctx context.Context, rootKeyID uint64,
-		perms []bakery.Op, caveats []macaroon.Caveat) (string, error) {
-
-		return litmac.BakeSuperMacaroon(
-			ctx, g.basicClient, rootKeyID, perms, caveats,
-		)
-	}
-
 	g.accountRpcServer = accounts.NewRPCServer()
 
 	g.ruleMgrs = rules.NewRuleManagerSet()
@@ -504,35 +496,7 @@ func (g *LightningTerminal) start(ctx context.Context) error {
 		}
 	}
 
-	g.sessionRpcServer, err = newSessionRPCServer(&sessionRpcServerConfig{
-		db:        g.stores.sessions,
-		basicAuth: g.rpcProxy.basicAuth,
-		grpcOptions: []grpc.ServerOption{
-			grpc.CustomCodec(grpcProxy.Codec()), // nolint: staticcheck,
-			grpc.ChainStreamInterceptor(
-				g.rpcProxy.StreamServerInterceptor,
-			),
-			grpc.ChainUnaryInterceptor(
-				g.rpcProxy.UnaryServerInterceptor,
-			),
-			grpc.UnknownServiceHandler(
-				grpcProxy.TransparentHandler(
-					// Don't allow calls to litrpc.
-					g.rpcProxy.makeDirector(false),
-				),
-			),
-		},
-		registerGrpcServers: func(server *grpc.Server) {
-			g.registerSubDaemonGrpcServers(server, true)
-		},
-		superMacBaker:           superMacBaker,
-		firstConnectionDeadline: g.cfg.FirstLNCConnDeadline,
-		permMgr:                 g.permsMgr,
-		actionsDB:               g.stores.firewall,
-		autopilot:               g.autopilotClient,
-		ruleMgrs:                g.ruleMgrs,
-		privMap:                 g.stores.firewall,
-	})
+	g.sessionRpcServer, err = newSessionRPCServer()
 	if err != nil {
 		return fmt.Errorf("could not create new session rpc "+
 			"server: %v", err)
@@ -1055,7 +1019,38 @@ func (g *LightningTerminal) startInternalSubServers(ctx context.Context,
 	}
 
 	log.Infof("Starting LiT session server")
-	if err = g.sessionRpcServer.start(ctx); err != nil {
+
+	sessionCfg := &sessionRpcServerConfig{
+		db:        g.stores.sessions,
+		basicAuth: g.rpcProxy.basicAuth,
+		grpcOptions: []grpc.ServerOption{
+			grpc.CustomCodec(grpcProxy.Codec()), // nolint: staticcheck,
+			grpc.ChainStreamInterceptor(
+				g.rpcProxy.StreamServerInterceptor,
+			),
+			grpc.ChainUnaryInterceptor(
+				g.rpcProxy.UnaryServerInterceptor,
+			),
+			grpc.UnknownServiceHandler(
+				grpcProxy.TransparentHandler(
+					// Don't allow calls to litrpc.
+					g.rpcProxy.makeDirector(false),
+				),
+			),
+		},
+		registerGrpcServers: func(server *grpc.Server) {
+			g.registerSubDaemonGrpcServers(server, true)
+		},
+		superMacBaker:           superMacBaker,
+		firstConnectionDeadline: g.cfg.FirstLNCConnDeadline,
+		permMgr:                 g.permsMgr,
+		actionsDB:               g.stores.firewall,
+		autopilot:               g.autopilotClient,
+		ruleMgrs:                g.ruleMgrs,
+		privMap:                 g.stores.firewall,
+	}
+
+	if err = g.sessionRpcServer.start(ctx, sessionCfg); err != nil {
 		return err
 	}
 	g.sessionRpcServerStarted = true
