added ban redirect correctly

middleware/auth.js

@@ -105,25 +105,41 @@ export const authenticate = async (request, reply) => {
 
     // Check if user is banned
     if (user.ban && user.ban.banned) {
-      if (user.ban.expires && new Date(user.ban.expires) > new Date()) {
+      // Check if ban has expired
-        return reply.status(403).send({
+      if (user.ban.expires && new Date(user.ban.expires) <= new Date()) {
-          error: "Forbidden",
-          message: "Your account is banned",
-          reason: user.ban.reason,
-          expires: user.ban.expires,
-        });
-      } else if (!user.ban.expires) {
-        return reply.status(403).send({
-          error: "Forbidden",
-          message: "Your account is permanently banned",
-          reason: user.ban.reason,
-        });
-      } else {
         // Ban expired, clear it
         user.ban.banned = false;
         user.ban.reason = null;
         user.ban.expires = null;
         await user.save();
+      } else {
+        // User is currently banned
+        // Allow access to /api/auth/me so frontend can get ban info and redirect
+        const url = request.url || "";
+        const routeUrl = request.routeOptions?.url || "";
+        const isAuthMeEndpoint =
+          url.includes("/auth/me") ||
+          routeUrl === "/me" ||
+          routeUrl.endsWith("/me");
+
+        if (!isAuthMeEndpoint) {
+          // Block access to all other endpoints
+          if (user.ban.expires) {
+            return reply.status(403).send({
+              error: "Forbidden",
+              message: "Your account is banned",
+              reason: user.ban.reason,
+              expires: user.ban.expires,
+            });
+          } else {
+            return reply.status(403).send({
+              error: "Forbidden",
+              message: "Your account is permanently banned",
+              reason: user.ban.reason,
+            });
+          }
+        }
+        // If it's /api/auth/me, continue and attach user with ban info
       }
     }