From 091cb9a4dbb7b5308d77f519feff01d5a59fdc89 Mon Sep 17 00:00:00 2001
From: multipleof4 <planetrenox@protonmail.com>
Date: Fri, 28 Nov 2025 08:01:07 -0800
Subject: [PATCH] Fix: Add ban check

---
 functions/api/signin.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/functions/api/signin.js b/functions/api/signin.js
index 557c508..5c5c1a3 100644
--- a/functions/api/signin.js
+++ b/functions/api/signin.js
@@ -30,12 +30,17 @@ export async function onRequestPost({ request, env }) {
       return new Response("Missing fields",{ status:400 });
 
     const user = await env.D1_EV
-      .prepare("SELECT pass_hash FROM users WHERE username = ?")
+      .prepare("SELECT pass_hash, banned_until FROM users WHERE username = ?")
       .bind(username)
       .first();
     if (user?.pass_hash !== pass_hash)
       return new Response("Invalid credentials",{ status:401 });
 
+    if (user.banned_until && user.banned_until > Date.now()) {
+      const days = Math.ceil((user.banned_until - Date.now()) / 86400000);
+      return new Response(`Account banned for ${days} more days.`, { status: 403 });
+    }
+
     await ntfy(
       env,
       "auth-login",