diff options
| author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-02-02 23:27:54 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-02 23:27:54 +0300 |
| commit | 3e0f568ba480fd963f91405e15359383ea3bf3e5 (patch) | |
| tree | 93b6144c3348cde7d34bfd3c89022f2e8d971464 /api/src/routes/guilds/#guild_id/bans.ts | |
| parent | Better protection against self-bans (diff) | |
| download | server-3e0f568ba480fd963f91405e15359383ea3bf3e5.tar.xz | |
Extend the pretense of non-existence of self-bans to API view route too
Diffstat (limited to 'api/src/routes/guilds/#guild_id/bans.ts')
| -rw-r--r-- | api/src/routes/guilds/#guild_id/bans.ts | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index c73cc3e6..5a425680 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -27,6 +27,8 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: let bans = await Ban.find({ guild_id: guild_id }); /* Filter secret from database registry.*/ + if (banned_user.user_id === banned_user.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; + // hide self-bans from view to prevent victim chasing bans.forEach((registry: BanRegistrySchema) => { delete registry.ip; |