File size: 830 Bytes
e14bacb |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
const jwt = require('jsonwebtoken');
const User = require('../models/User'); // Import User model
module.exports = async function (req, res, next) {
const token = req.header('auth-token');
if (!token) return res.status(401).send('Access Denied');
try {
const verified = jwt.verify(token, process.env.JWT_SECRET);
req.user = verified;
// --- BAN CHECK ---
// We fetch the user to check their strike count
const user = await User.findById(req.user._id);
if (user && user.ban_strikes >= 3) {
return res.status(403).json({
error: "ACCOUNT_BANNED",
message: "Your account is permanently suspended due to repeated invalid UTR submissions."
});
}
// -----------------
next();
} catch (err) {
res.status(400).send('Invalid Token');
}
}; |