1 changed files with 4 additions and 28 deletions
refactor(acl)(#27 review): remove dead reject-all sentinel
Some checks failed
Docker image / build-and-push-image (push) Has been cancelled
Some checks failed
Docker image / build-and-push-image (push) Has been cancelled
PR #27 review finding #3: step 3a queried SigningCondition method='*' and the docstring attributed it to rejectAllRequestsFromKey — but that function writes method=null (never '*') and has zero callers, so the 'reject all' branch could never match. Subject-level reject is already KeyUser.revokedAt (step 2, via the revoke_user admin command). Drop the dead step-3a branch and the orphaned rejectAllRequestsFromKey so the code matches reality. Per-(method,kind) denies (step 3, written by add_signing_condition) are unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
commit
7dcf97a296
|
|
@ -13,7 +13,6 @@ export { grantIsLive } from './lifecycle.js';
|
||||||
* 1. fetch KeyUser; if missing → undefined (no binding exists)
|
* 1. fetch KeyUser; if missing → undefined (no binding exists)
|
||||||
* 2. KeyUser.revokedAt set → false (subject-level ban beats everything)
|
* 2. KeyUser.revokedAt set → false (subject-level ban beats everything)
|
||||||
* 3. manual-override layer (LIVE SigningConditions only):
|
* 3. manual-override layer (LIVE SigningConditions only):
|
||||||
* - live explicit reject (method='*', allowed=false) → false
|
|
||||||
* - live matching per-(method,kind) deny → false
|
* - live matching per-(method,kind) deny → false
|
||||||
* - live matching per-(method,kind) grant → true
|
* - live matching per-(method,kind) grant → true
|
||||||
* 4. live token grant: a redeemed Token bound to this KeyUser that is
|
* 4. live token grant: a redeemed Token bound to this KeyUser that is
|
||||||
|
|
@ -56,16 +55,10 @@ export async function checkIfPubkeyAllowed(
|
||||||
|
|
||||||
const live = liveWhere(now);
|
const live = liveWhere(now);
|
||||||
|
|
||||||
// Step 3a: live explicit reject.
|
// Step 3: live matching per-(method, kind) override — deny beats grant.
|
||||||
const explicitReject = await prisma.signingCondition.findFirst({
|
// (Subject-level "reject all from this user" is KeyUser.revokedAt, applied
|
||||||
where: { keyUserId: keyUser.id, method: '*', allowed: false, ...live },
|
// at step 2 via the revoke_user admin command. There is no method='*'
|
||||||
});
|
// SigningCondition sentinel — nothing writes one.)
|
||||||
|
|
||||||
if (explicitReject) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Step 3b: live matching per-(method, kind) override — deny beats grant.
|
|
||||||
const signingConditionQuery = requestToSigningConditionQuery(method, payload);
|
const signingConditionQuery = requestToSigningConditionQuery(method, payload);
|
||||||
|
|
||||||
const liveDeny = await prisma.signingCondition.findFirst({
|
const liveDeny = await prisma.signingCondition.findFirst({
|
||||||
|
|
@ -223,20 +216,3 @@ export async function allowAllRequestsFromKey(
|
||||||
console.log('allowAllRequestsFromKey', e);
|
console.log('allowAllRequestsFromKey', e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function rejectAllRequestsFromKey(remotePubkey: string, keyName: string): Promise<void> {
|
|
||||||
// Upsert the KeyUser with the given remotePubkey
|
|
||||||
const upsertedUser = await prisma.keyUser.upsert({
|
|
||||||
where: { unique_key_user: { keyName, userPubkey: remotePubkey } },
|
|
||||||
update: { },
|
|
||||||
create: { keyName, userPubkey: remotePubkey },
|
|
||||||
});
|
|
||||||
|
|
||||||
// Create a new SigningCondition for the given KeyUser and set allowed to false
|
|
||||||
await prisma.signingCondition.create({
|
|
||||||
data: {
|
|
||||||
allowed: false,
|
|
||||||
keyUserId: upsertedUser.id,
|
|
||||||
},
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue