From 5dfd83c28fb3cdfb23e22abb0264b0a55085b943 Mon Sep 17 00:00:00 2001
From: markov <markov@uix.su>
Date: Thu, 26 Feb 2026 15:13:59 +0100
Subject: [PATCH] Fix #9: Validate sender exists and is active in WS chat.send

---
 src/tracker/ws/handler.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tracker/ws/handler.py b/src/tracker/ws/handler.py
index b035aa3..51fd0e2 100644
--- a/src/tracker/ws/handler.py
+++ b/src/tracker/ws/handler.py
@@ -295,9 +295,10 @@ async def _handle_chat_send(session_id: str, data: dict):
         return
 
     async with async_session() as db:
-        result = await db.execute(select(Member).where(Member.slug == slug))
+        result = await db.execute(select(Member).where(Member.slug == slug, Member.is_active == True))
         member = result.scalar_one_or_none()
         if not member:
+            await client.ws.send_json({"type": WSEventType.ERROR, "message": "Member not found or inactive"})
             return
 
         msg = Message(