From 6cc56cf1267696349adb67e4b29ece267ac222e2 Mon Sep 17 00:00:00 2001
From: Christopher Aitken <chris@heythisischris.com>
Date: Wed, 11 Sep 2024 01:10:45 -0500
Subject: [PATCH] Only permitting validated accounts to perform sitemap scans

---
 src/routes/addScans.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/routes/addScans.ts b/src/routes/addScans.ts
index 058b1ed..b3f5a5e 100644
--- a/src/routes/addScans.ts
+++ b/src/routes/addScans.ts
@@ -14,6 +14,14 @@ export const addScans = async ({ request, reply }) => {
     await db.connect();
     for (const propertyId of request.body.propertyIds ?? []) {
         const property = (await db.query(`SELECT "id", "discovery", "property_url" FROM "properties" WHERE "id"=$1`, [propertyId])).rows?.[0];
+        const userIsValidated = (await db.query(`SELECT "validated" FROM "users" WHERE "id"=$1`, [jwtClaims.sub])).rows?.[0]?.validated;
+        if (!userIsValidated && property.discovery === 'sitemap') {
+            return {
+                status: 'user_not_validated',
+                message: 'We must validate your account before permitting sitemap scans.',
+            }
+        }
+
         if (!property.discovery) {
             return {
                 status: 'error',