zack3d/OAI-Proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix disabled users being able to get to info page

Browse Source
This commit is contained in:
reanon
2025-06-22 10:17:24 -08:00
parent 317ef03ab4
commit 0c0dc09020
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/info-page.ts
+10 -1
View File
@@ -362,10 +362,19 @@ infoPageRouter.post(LOGIN_ROUTE, (req, res) => {
// Token-based authentication (using any valid user token) // Token-based authentication (using any valid user token)
const token = (req.body.token || "").trim(); const token = (req.body.token || "").trim();
const user = getUser(token); // returns undefined if invalid const user = getUser(token); // returns undefined if invalid
if (user) {
if (user && !user.disabledAt) {
// Only allow access if user exists AND is not disabled
req.session!.infoPageAuthed = true; req.session!.infoPageAuthed = true;
return res.redirect("/"); return res.redirect("/");
} else if (user && user.disabledAt) {
// User exists but is disabled
const reason = user.disabledReason || "Your account has been disabled";
return res
.status(401)
.send(renderLoginPage(res.locals.csrfToken, `Access denied: ${reason}`));
} else { } else {
// User doesn't exist
return res return res
.status(401) .status(401)
.send(renderLoginPage(res.locals.csrfToken, "Invalid token. Please try again.")); .send(renderLoginPage(res.locals.csrfToken, "Invalid token. Please try again."));