Fix IP leaks from bans route

author: Thesourtimes <cckhmck@gmail.com> 2021-12-24 21:10:24 +0300
committer: Thesourtimes <cckhmck@gmail.com> 2021-12-24 21:10:24 +0300
commit: 9ee4729ee0eb2dddbd6bd6e195077b0f3dd4fe41 (patch)
tree: 171c5981f9bf9b039b9946e06759e49ebf74ac90
parent: Fix people not being able to create issues (diff)
download: server-9ee4729ee0eb2dddbd6bd6e195077b0f3dd4fe41.tar.xz
1 files changed, 14 insertions, 2 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts
index e7d46898..e128df09 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -12,7 +12,14 @@ const router: Router = Router();
 router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 
-	var bans = await Ban.find({ guild_id: guild_id });
+	let bans = await Ban.find({ guild_id: guild_id });
+
+	/* Filter secret from database registry.*/
+	
+	bans.forEach((registry) => {
+	delete regitry.ip;
+	});
+
 	return res.json(bans);
 });
 
@@ -20,7 +27,12 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request,
 	const { guild_id } = req.params;
 	const user_id = req.params.ban;
 
-	var ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id });
+	let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id });
+	
+	/* Filter secret from registry. */
+
+	delete ban.ip
+
 	return res.json(ban);
 });
author	Thesourtimes <cckhmck@gmail.com>	2021-12-24 21:10:24 +0300
committer	Thesourtimes <cckhmck@gmail.com>	2021-12-24 21:10:24 +0300
commit	9ee4729ee0eb2dddbd6bd6e195077b0f3dd4fe41 (patch)
tree	171c5981f9bf9b039b9946e06759e49ebf74ac90
parent	Fix people not being able to create issues (diff)
download	server-9ee4729ee0eb2dddbd6bd6e195077b0f3dd4fe41.tar.xz