Check if existing signing conditions belong to a revoked user

Dockerfile

@@ -5,6 +5,7 @@ COPY package.json package-lock.json .
 RUN npm i
 
 COPY src/ src/
+COPY scripts scripts/
 COPY prisma/schema.prisma prisma/
 COPY tsconfig.json .
 
@@ -17,5 +18,5 @@ RUN npm run build
 RUN npm i
 RUN npx prisma migrate deploy
 
-ENTRYPOINT [ "node", "dist/index.js" ]
+ENTRYPOINT [ "node", "scripts/start.js" ]
 CMD ["start"]

src/daemon/lib/acl/index.ts

@@ -46,6 +46,20 @@ export async function checkIfPubkeyAllowed(
 
     const allowed = signingCondition.allowed;
 
+    // Check if the key user has been revoked
+    if (allowed) {
+        const revoked = await prisma.keyUser.findFirst({
+            where: {
+                id: keyUser.id,
+                revokedAt: { not: null },
+            }
+        });
+
+        if (revoked) {
+            return false;
+        }
+    }
+
     if (allowed === true || allowed === false) {
         console.log(`found signing condition`, signingCondition);
         return allowed;