diff options
author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-02-04 10:04:41 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-04 10:04:41 +0300 |
commit | 71e229dffcc8b3dcebb2c10129c358f46ac5c57a (patch) | |
tree | 4828a2e05a463834fb36ba6e8a13dbdca6dcda80 /api/src/routes/guilds/#guild_id | |
parent | remove pretense of nonexistence from main view route for now to make it compi... (diff) | |
download | server-71e229dffcc8b3dcebb2c10129c358f46ac5c57a.tar.xz |
Try to commit this one again, this time over the web
Diffstat (limited to 'api/src/routes/guilds/#guild_id')
-rw-r--r-- | api/src/routes/guilds/#guild_id/bans.ts | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index c73cc3e6..cc1dbda3 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -1,5 +1,5 @@ import { Request, Response, Router } from "express"; -import { emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util"; +import { DiscordApiErrors, emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { getIpAdress, route } from "@fosscord/api"; @@ -39,7 +39,10 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, const { guild_id } = req.params; const user_id = req.params.ban; - let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema; + let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanCreateSchema; + + if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; + // pretend self-bans don't exist to prevent victim chasing /* Filter secret from registry. */ @@ -118,11 +121,12 @@ router.put("/@me", route({ body: "BanCreateSchema"}), async (req: Request, res: router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { const { guild_id, user_id } = req.params; - const banned_user = await User.getPublicUser(user_id); + let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanCreateSchema; - if (banned_user.user_id === banned_user.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; + if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; // make self-bans irreversible and hide them from view to avoid victim chasing + await Promise.all([ Ban.delete({ user_id: user_id, |