Fix: Add ban check and update ntfy actions

2026-01-13 16:18:05 +00:00 · 2025-11-28 08:00:51 -08:00
parent b061587156
commit 1fed0a503d
1 changed files with 23 additions and 15 deletions
--- a/functions/api/links/create.js
+++ b/functions/api/links/create.js
@@ -6,19 +6,21 @@ const RESERVED = new Set([
  "settings","profile","password","user","users","link","links","url","urls",
  "robots","sitemap","favicon","well-known","assets","static","img","js","css","public"
 ]);
-const ntfy = (env,title,msg,act,p=3) =>
-  env.NTFY_TOPIC
-    ? fetch(`https://ntfy.sh/${env.NTFY_TOPIC}`,{
-        method:"POST",
-        headers:{
-          "Title":`🔔 ${title}`,
-          "Priority":String(p),
-          "Content-Type":"text/plain",
-          ...(act?{"Actions":`view, Seize, ${act}`}:{})
-        },
-        body:msg
-      }).catch(()=>{})
-    : Promise.resolve();
+const ntfy = (env,title,msg,slug,user,p=3) => {
+  if(!env.NTFY_TOPIC) return Promise.resolve();
+  const origin = "https://4ev.link"; // Hardcoded or derived from env if needed
+  const actions = `view, Seize, ${origin}/admin?slug=${slug}; view, Ban User, ${origin}/admin?user=${user}`;
+  return fetch(`https://ntfy.sh/${env.NTFY_TOPIC}`,{
+    method:"POST",
+    headers:{
+      "Title":`🔔 ${title}`,
+      "Priority":String(p),
+      "Content-Type":"text/plain",
+      "Actions": actions
+    },
+    body:msg
+  }).catch(()=>{});
+};

 export async function onRequestPost({ request, env }) {
  try {
@@ -39,11 +41,16 @@ export async function onRequestPost({ request, env }) {
      return new Response("Missing fields",{ status:400 });

    const user = await env.D1_EV
-      .prepare("SELECT pass_hash, custom_slugs FROM users WHERE username = ?")
+      .prepare("SELECT pass_hash, custom_slugs, banned_until FROM users WHERE username = ?")
      .bind(username)
      .first();
    if (user?.pass_hash !== pass_hash)
      return new Response("Invalid credentials",{ status:401 });
+    
+    if (user.banned_until && user.banned_until > Date.now()) {
+      const days = Math.ceil((user.banned_until - Date.now()) / 86400000);
+      return new Response(`Account banned for ${days} more days.`, { status: 403 });
+    }

    let finalSlug = slug;
    if (finalSlug) {
@@ -79,7 +86,8 @@ export async function onRequestPost({ request, env }) {
        env,
        "link-create",
        `event=create\nuser=${username}\nslug=${finalSlug}\ndestination=${dest_no_proto}`,
-        `${new URL(request.url).origin}/admin?slug=${finalSlug}`,
+        finalSlug,
+        username,
        3
      )
    ]);