From 57aaf59220b24d6bbdfa77d74b1f761ce38b405b Mon Sep 17 00:00:00 2001
From: Evan <evanpelle@gmail.com>
Date: Wed, 15 Apr 2026 12:37:21 -0700
Subject: [PATCH] Have game server reject banned players (#3683)

## Description:

The jwt now contains a "role" field, the game server checks if that role
=== "banned", and rejects them from connecting to games

## Please complete the following:

- [x] I have added screenshots for all UI updates
- [x] I process any text displayed to the user through translateText()
and I've added it to the en.json file
- [x] I have added relevant tests to the test directory
- [x] I confirm I have thoroughly tested these changes and take full
responsibility for any bugs introduced

## Please put your Discord username so you can be contacted if a bug or
regression is found:

evan
---
 src/core/ApiSchemas.ts | 5 +++++
 src/server/Worker.ts   | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/core/ApiSchemas.ts b/src/core/ApiSchemas.ts
index ca82eb1d9..9df891c16 100644
--- a/src/core/ApiSchemas.ts
+++ b/src/core/ApiSchemas.ts
@@ -30,6 +30,11 @@ export const TokenPayloadSchema = z.object({
   iss: z.string(),
   aud: z.string(),
   exp: z.number(),
+  role: z
+    .enum(["root", "admin", "mod", "flagged", "banned"])
+    // In case new roles are added in the future.
+    .or(z.string())
+    .optional(),
 });
 export type TokenPayload = z.infer<typeof TokenPayloadSchema>;
 
diff --git a/src/server/Worker.ts b/src/server/Worker.ts
index 497904334..14a380667 100644
--- a/src/server/Worker.ts
+++ b/src/server/Worker.ts
@@ -344,6 +344,11 @@ export async function startWorker() {
         }
         const { persistentId, claims } = result;
 
+        if (claims?.role === "banned") {
+          ws.close(1002, "Account Banned");
+          return;
+        }
+
         if (clientMsg.type === "rejoin") {
           log.info("rejoining game", {
             gameID: clientMsg.gameID,