check if user is enabled

frontend doesn't handle this state yet, nothing will work as api routes will fail
7 months ago · 4454a0451b
2 changed files with 8 additions and 1 deletions
--- a/src/server/middleware/auth.ts
+++ b/src/server/middleware/auth.ts
@ -25,7 +25,7 @@ export default defineEventHandler(async (event) => {
    if (!user) {
      return sendRedirect(event, '/login', 302);
    }
-    if (!user.enabled || user.role !== 'ADMIN') {
+    if (user.role !== 'ADMIN') {
      throw createError({
        statusCode: 403,
        statusMessage: 'Not allowed to access Admin Panel',
--- a/src/server/middleware/session.ts
+++ b/src/server/middleware/session.ts
@ -78,6 +78,13 @@ export default defineEventHandler(async (event) => {
    });
  }
  if (!user.enabled) {
    throw createError({
      statusCode: 403,
      statusMessage: 'Account is disabled',
    });
  }
  if (url.pathname.startsWith('/api/admin')) {
    if (user.role !== 'ADMIN') {
      throw createError({