From 1fed0a503d745d9f7fb43dfced5ed8f7a935b91e Mon Sep 17 00:00:00 2001
From: multipleof4 <planetrenox@protonmail.com>
Date: Fri, 28 Nov 2025 08:00:51 -0800
Subject: [PATCH] Fix: Add ban check and update ntfy actions

---
 functions/api/links/create.js | 38 +++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/functions/api/links/create.js b/functions/api/links/create.js
index 772b02b..06c0b1a 100644
--- a/functions/api/links/create.js
+++ b/functions/api/links/create.js
@@ -6,19 +6,21 @@ const RESERVED = new Set([
   "settings","profile","password","user","users","link","links","url","urls",
   "robots","sitemap","favicon","well-known","assets","static","img","js","css","public"
 ]);
-const ntfy = (env,title,msg,act,p=3) =>
-  env.NTFY_TOPIC
-    ? fetch(`https://ntfy.sh/${env.NTFY_TOPIC}`,{
-        method:"POST",
-        headers:{
-          "Title":`🔔 ${title}`,
-          "Priority":String(p),
-          "Content-Type":"text/plain",
-          ...(act?{"Actions":`view, Seize, ${act}`}:{})
-        },
-        body:msg
-      }).catch(()=>{})
-    : Promise.resolve();
+const ntfy = (env,title,msg,slug,user,p=3) => {
+  if(!env.NTFY_TOPIC) return Promise.resolve();
+  const origin = "https://4ev.link"; // Hardcoded or derived from env if needed
+  const actions = `view, Seize, ${origin}/admin?slug=${slug}; view, Ban User, ${origin}/admin?user=${user}`;
+  return fetch(`https://ntfy.sh/${env.NTFY_TOPIC}`,{
+    method:"POST",
+    headers:{
+      "Title":`🔔 ${title}`,
+      "Priority":String(p),
+      "Content-Type":"text/plain",
+      "Actions": actions
+    },
+    body:msg
+  }).catch(()=>{});
+};
 
 export async function onRequestPost({ request, env }) {
   try {
@@ -39,11 +41,16 @@ export async function onRequestPost({ request, env }) {
       return new Response("Missing fields",{ status:400 });
 
     const user = await env.D1_EV
-      .prepare("SELECT pass_hash, custom_slugs FROM users WHERE username = ?")
+      .prepare("SELECT pass_hash, custom_slugs, banned_until FROM users WHERE username = ?")
       .bind(username)
       .first();
     if (user?.pass_hash !== pass_hash)
       return new Response("Invalid credentials",{ status:401 });
+    
+    if (user.banned_until && user.banned_until > Date.now()) {
+      const days = Math.ceil((user.banned_until - Date.now()) / 86400000);
+      return new Response(`Account banned for ${days} more days.`, { status: 403 });
+    }
 
     let finalSlug = slug;
     if (finalSlug) {
@@ -79,7 +86,8 @@ export async function onRequestPost({ request, env }) {
         env,
         "link-create",
         `event=create\nuser=${username}\nslug=${finalSlug}\ndestination=${dest_no_proto}`,
-        `${new URL(request.url).origin}/admin?slug=${finalSlug}`,
+        finalSlug,
+        username,
         3
       )
     ]);