Extend the pretense of non-existence of self-bans to API view route too

author: Erkin Alp Güney <erkinalp9035@gmail.com> 2022-02-02 23:27:54 +0300
committer: GitHub <noreply@github.com> 2022-02-02 23:27:54 +0300
commit: 3dd20d86f17a30f6cf64598bf58fae8a32a33ca5 (patch)
tree: a261d87b8a7eb7170fa2e02f79e3120da864dcd5
parent: Better protection against self-bans (diff)
download: server-3dd20d86f17a30f6cf64598bf58fae8a32a33ca5.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts
index c73cc3e6..5a425680 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -27,6 +27,8 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
 	let bans = await Ban.find({ guild_id: guild_id });
 
 	/* Filter secret from database registry.*/
+	if (banned_user.user_id === banned_user.executor_id) throw DiscordApiErrors.UNKNOWN_BAN;
+	// hide self-bans from view to prevent victim chasing	
 	
 	bans.forEach((registry: BanRegistrySchema) => {
 	delete registry.ip;
author	Erkin Alp Güney <erkinalp9035@gmail.com>	2022-02-02 23:27:54 +0300
committer	GitHub <noreply@github.com>	2022-02-02 23:27:54 +0300
commit	3dd20d86f17a30f6cf64598bf58fae8a32a33ca5 (patch)
tree	a261d87b8a7eb7170fa2e02f79e3120da864dcd5
parent	Better protection against self-bans (diff)
download	server-3dd20d86f17a30f6cf64598bf58fae8a32a33ca5.tar.xz