From b0f557eedc8ffd5145a254b68fccdb32f87675a5 Mon Sep 17 00:00:00 2001
From: multipleof4 <planetrenox@protonmail.com>
Date: Fri, 28 Nov 2025 08:01:03 -0800
Subject: [PATCH] Fix: Add ban check

---
 functions/api/links/list.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/functions/api/links/list.js b/functions/api/links/list.js
index f706d32..ca61eb4 100644
--- a/functions/api/links/list.js
+++ b/functions/api/links/list.js
@@ -3,9 +3,14 @@ export async function onRequestPost({ request, env }) {
         const { username, pass_hash } = await request.json();
         if (!username || !pass_hash) return new Response("Missing fields", { status: 400 });
 
-        const user = await env.D1_EV.prepare("SELECT pass_hash, custom_slugs FROM users WHERE username = ?").bind(username).first();
+        const user = await env.D1_EV.prepare("SELECT pass_hash, custom_slugs, banned_until FROM users WHERE username = ?").bind(username).first();
         if (user?.pass_hash !== pass_hash) return new Response("Invalid credentials", { status: 401 });
 
+        if (user.banned_until && user.banned_until > Date.now()) {
+            const days = Math.ceil((user.banned_until - Date.now()) / 86400000);
+            return new Response(`Account banned for ${days} more days.`, { status: 403 });
+        }
+
         let slugs = [];
         try {
             const parsed = JSON.parse(user.custom_slugs);
@@ -17,5 +22,3 @@ export async function onRequestPost({ request, env }) {
         return new Response(e.message, { status: 500 });
     }
 }
-
-