Merge pull request #556 from Thesourtimes/master

(Finally) make a temporary fix for IP leak

1 files changed, 15 insertions, 3 deletions

diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts

index 4d12ae46..1e09a38d 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -6,9 +6,21 @@ import { getIpAdress, route } from "@fosscord/api";
 export interface BanCreateSchema {
 	delete_message_days?: string;
 	reason?: string;
-}
+};
+
+export interface BanRegistrySchema {
+	id: string;
+	user_id: string;
+	guild_id: string;
+	executor_id: string;
+	ip?: string;
+	reason?: string | undefined;
+};
 
 const router: Router = Router();
+
+/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */
+
 router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 
@@ -16,7 +28,7 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
 
 	/* Filter secret from database registry.*/
 	
-	bans.forEach((registry) => {
+	bans.forEach((registry: BanRegistrySchema) => {
 	delete registry.ip;
 	});
 
@@ -27,7 +39,7 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request,
 	const { guild_id } = req.params;
 	const user_id = req.params.ban;
 
-	let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id });
+	let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema;
 	
 	/* Filter secret from registry. */