aiolabs/nsecbunkerd
8
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity Actions

Check if existing signing conditions belong to a revoked user

Browse source
This commit is contained in:
pablof7z 2023-07-08 12:34:51 +02:00
commit c7f546add1
2 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Dockerfile
View file

@ -5,6 +5,7 @@ COPY package.json package-lock.json .
RUN npm i RUN npm i
COPY src/ src/ COPY src/ src/
COPY scripts scripts/
COPY prisma/schema.prisma prisma/ COPY prisma/schema.prisma prisma/
COPY tsconfig.json . COPY tsconfig.json .
@ -17,5 +18,5 @@ RUN npm run build
RUN npm i RUN npm i
RUN npx prisma migrate deploy RUN npx prisma migrate deploy
ENTRYPOINT [ "node", "dist/index.js" ] ENTRYPOINT [ "node", "scripts/start.js" ]
CMD ["start"] CMD ["start"]

14
src/daemon/lib/acl/index.ts
View file

@ -46,6 +46,20 @@ export async function checkIfPubkeyAllowed(
const allowed = signingCondition.allowed; const allowed = signingCondition.allowed;
// Check if the key user has been revoked
if (allowed) {
const revoked = await prisma.keyUser.findFirst({
where: {
id: keyUser.id,
revokedAt: { not: null },
}
});
if (revoked) {
return false;
}
}
if (allowed === true || allowed === false) { if (allowed === true || allowed === false) {
console.log(`found signing condition`, signingCondition); console.log(`found signing condition`, signingCondition);
return allowed; return allowed;