|
|
const jwt = require('jsonwebtoken'); |
|
|
const User = require('../models/User'); |
|
|
|
|
|
module.exports = async function (req, res, next) { |
|
|
const token = req.header('auth-token'); |
|
|
if (!token) return res.status(401).send('Access Denied'); |
|
|
|
|
|
try { |
|
|
const verified = jwt.verify(token, process.env.JWT_SECRET); |
|
|
req.user = verified; |
|
|
|
|
|
|
|
|
|
|
|
const user = await User.findById(req.user._id); |
|
|
|
|
|
if (user && user.ban_strikes >= 3) { |
|
|
return res.status(403).json({ |
|
|
error: "ACCOUNT_BANNED", |
|
|
message: "Your account is permanently suspended due to repeated invalid UTR submissions." |
|
|
}); |
|
|
} |
|
|
|
|
|
|
|
|
next(); |
|
|
} catch (err) { |
|
|
res.status(400).send('Invalid Token'); |
|
|
} |
|
|
}; |
