diff --git a/server/streams.ts b/server/streams.ts index 7298d73..0f7709f 100644 --- a/server/streams.ts +++ b/server/streams.ts @@ -151,7 +151,7 @@ export async function broadcastEvent(event: ApiEvent) { } else { let userType: ApiAccount["type"] | undefined; if (streamData.accountId !== undefined) { - userType = users.find(a => a.id === streamData.accountId)?.type + userType = users.find(a => !a.deleted && a.id === streamData.accountId)?.type } const data = encodeEvent(event, userType) sendMessage(stream, `id: ${id}\nevent: update\ndata: ${data}\n\n`); diff --git a/server/utils/session.ts b/server/utils/session.ts index 194e5c2..0aeeebe 100644 --- a/server/utils/session.ts +++ b/server/utils/session.ts @@ -74,7 +74,7 @@ export async function setServerSession(event: H3Event, account: ServerUser) { async function rotateSession(event: H3Event, sessions: ServerSession[], session: ServerSession) { const runtimeConfig = useRuntimeConfig(event); const users = await readUsers(); - const account = users.find(user => user.id === session.accountId); + const account = users.find(user => !user.deleted && user.id === session.accountId); const now = Date.now(); const newSession: ServerSession = { accountId: account?.id, @@ -137,7 +137,7 @@ export async function requireServerSessionWithUser(event: H3Event) { const session = await requireServerSession(event, message); const users = await readUsers(); const account = users.find(user => user.id === session.accountId); - if (session.accountId === undefined || !account) + if (session.accountId === undefined || !account || account.deleted) throw createError({ statusCode: 401, statusMessage: "Uauthorized", @@ -164,7 +164,7 @@ export async function requireServerSessionWithAdmin(event: H3Event) { export async function serverSessionToApi(event: H3Event, session: ServerSession): Promise { const users = await readUsers(); - const account = users.find(user => user.id === session.accountId); + const account = users.find(user => !user.deleted && user.id === session.accountId); const subscriptions = await readSubscriptions(); const push = Boolean( subscriptions.find(sub => sub.type === "push" && sub.sessionId === session.id)