From 4b7097ac164fa4eabe3bef7e012cb9f287fdf1f2 Mon Sep 17 00:00:00 2001
From: benthecarman <benthecarman@live.com>
Date: Thu, 19 Dec 2024 13:28:02 -0600
Subject: [PATCH] prevent auth if banned

---
 src/auth.rs | 2 +-
 src/main.rs | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/auth.rs b/src/auth.rs
index a7e2a98..55303ef 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -94,7 +94,7 @@ fn get_banned_users() -> Vec<String> {
     banned_users
 }
 
-fn is_banned(email: &String) -> bool {
+pub fn is_banned(email: &String) -> bool {
     let domains = banned_domains();
     let user_host = email.split('@').last().unwrap_or("");
     if domains.contains(&user_host.to_lowercase()) {
diff --git a/src/main.rs b/src/main.rs
index 01d0f06..56cf4c0 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -230,6 +230,11 @@ async fn github_callback(
         .find(|email| email.primary && email.verified)
         .ok_or(StatusCode::INTERNAL_SERVER_ERROR)?;
 
+    // Check if user is banned
+    if auth::is_banned(&primary_email.email) {
+        return Err(StatusCode::INTERNAL_SERVER_ERROR);
+    }
+
     // Create JWT
     let claims = auth::TokenClaims {
         sub: primary_email.email,