From 241ef7e627869c84b555f55734d4231a97db9f19 Mon Sep 17 00:00:00 2001
From: Ivan Dalmet <ivan-dalmet@users.noreply.github.com>
Date: Mon, 9 Sep 2024 12:31:41 +0200
Subject: [PATCH] fix: don't create a session if user is not enabled (#518)

---
 src/server/config/auth.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/server/config/auth.ts b/src/server/config/auth.ts
index 845306179..0eabe63a5 100644
--- a/src/server/config/auth.ts
+++ b/src/server/config/auth.ts
@@ -34,6 +34,12 @@ export const getServerAuthSession = cache(async () => {
 
   const { user, session } = await lucia.validateSession(sessionId);
 
+  if (user?.accountStatus !== 'ENABLED')
+    return {
+      user: null,
+      session: null,
+    };
+
   try {
     if (session?.fresh) {
       const sessionCookie = lucia.createSessionCookie(session.id);