From e90570e2ae5ca626af6467f4f38cbbdcd66dd14f Mon Sep 17 00:00:00 2001
From: itzaname <me@sliving.io>
Date: Sat, 28 Jun 2025 00:08:23 -0400
Subject: [PATCH] Make requests read only when account disabled

---
 pkg/api/middleware/auth.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/api/middleware/auth.go b/pkg/api/middleware/auth.go
index eac1c6a..f6fb742 100644
--- a/pkg/api/middleware/auth.go
+++ b/pkg/api/middleware/auth.go
@@ -37,6 +37,12 @@ func UserSession(authService *authz.Service) gin.HandlerFunc {
 			return
 		}
 
+		// If the request is not GET and disabled, deny it
+		if ctx.Request.Method != "GET" && !user.Active {
+			ctx.JSON(http.StatusForbidden, gin.H{"error": "User is disabled"})
+			ctx.Abort()
+		}
+
 		// Get user session
 		userSession, err := authService.GetUserAuthProfile(ctx, sessionId)
 		if err != nil {