From 3d082d0c540d333c688c1c9433a3c2f4fd1a0ddc Mon Sep 17 00:00:00 2001
From: multipleof4 <planetrenox@protonmail.com>
Date: Thu, 2 Oct 2025 13:46:11 -0700
Subject: [PATCH] Feat: Add ban check and expose user_id for mods

---
 functions/api/posts.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions/api/posts.js b/functions/api/posts.js
index c21acff..f04bf8c 100644
--- a/functions/api/posts.js
+++ b/functions/api/posts.js
@@ -2,7 +2,7 @@ const json=(d,o={},req)=>{const h=new Headers(o.headers);h.set('Content-Type','a
 const cookie=c=>(c.match(/auth_user=([^;]+)/)?.[1]||null);
 const hash=c=>(c.match(/auth_hash=([^;]+)/)?.[1]||null);
 const tsEq=(a,b)=>{if(!a||!b)return!1;let d=a.length^b.length;for(let i=0;i<a.length;i++)d|=a.charCodeAt(i)^b.charCodeAt(i);return d===0};
-const auth=async(req,db)=>{const c=req.headers.get('Cookie')||'',u=cookie(c),h=hash(c);if(!u||!h)return null;const user=await db.prepare('SELECT id,username,role,pass_hash FROM users WHERE username=?').bind(u).first();return user&&tsEq(user.pass_hash,h)?user:null};
+const auth=async(req,db)=>{const c=req.headers.get('Cookie')||'',u=cookie(c),h=hash(c);if(!u||!h)return null;const user=await db.prepare('SELECT id,username,role,pass_hash,banned_until FROM users WHERE username=?').bind(u).first();if(!user||!tsEq(user.pass_hash,h)||(user.banned_until&&new Date(user.banned_until.replace(' ','T')+'Z')>new Date()))return null;return user};
 
 export async function onRequest({request,env}){
   if(request.method==='OPTIONS'){
@@ -28,7 +28,7 @@ export async function onRequestGet({request,env}){
     if(!sub_row)return json({posts:[]},{},request);
     
     let order=sort==='new'?'ORDER BY p.created_at DESC':'ORDER BY (p.score/(CAST((julianday("now")-julianday(p.created_at))*24 AS REAL)+2)) DESC';
-    const{results}=await env.D1_SPCHCAP.prepare(`SELECT p.id,p.title,p.link,p.content,p.score,p.comment_count,p.created_at,u.username${user?',v.direction as voted':''} FROM posts p JOIN users u ON p.user_id=u.id ${user?'LEFT JOIN votes v ON v.post_id=p.id AND v.user_id=?':''} WHERE p.sub_id=? ${order} LIMIT 30`).bind(...(user?[user.id,sub_row.id]:[sub_row.id])).all();
+    const{results}=await env.D1_SPCHCAP.prepare(`SELECT p.id,p.user_id,p.title,p.link,p.content,p.score,p.comment_count,p.created_at,u.username${user?',v.direction as voted':''} FROM posts p JOIN users u ON p.user_id=u.id ${user?'LEFT JOIN votes v ON v.post_id=p.id AND v.user_id=?':''} WHERE p.sub_id=? ${order} LIMIT 30`).bind(...(user?[user.id,sub_row.id]:[sub_row.id])).all();
     return json({posts:results},{},request);
   }catch(e){return json({error:{message:e.message}},{status:500},request)}
 }