From 874e9e18564650bcedd33d63b5cdbb3ba86f5541 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Wed, 18 Mar 2026 16:17:45 -0500
Subject: [PATCH] Update API Key jwtAuthCheck to check user active status

---
 server/auth/TokenManager.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/server/auth/TokenManager.js b/server/auth/TokenManager.js
index faa6774a3..5efeb7a64 100644
--- a/server/auth/TokenManager.js
+++ b/server/auth/TokenManager.js
@@ -234,6 +234,13 @@ class TokenManager {
       }
 
       const user = await Database.userModel.getUserById(apiKey.userId)
+
+      if (!user?.isActive) {
+        // deny login
+        done(null, null)
+        return
+      }
+
       done(null, user)
     } else {
       // JWT based authentication