diff options
author | Thesourtimes <cckhmck@gmail.com> | 2021-12-24 21:10:24 +0300 |
---|---|---|
committer | Thesourtimes <cckhmck@gmail.com> | 2021-12-24 21:10:24 +0300 |
commit | 9ee4729ee0eb2dddbd6bd6e195077b0f3dd4fe41 (patch) | |
tree | 171c5981f9bf9b039b9946e06759e49ebf74ac90 /api/src/routes/guilds/#guild_id | |
parent | Fix people not being able to create issues (diff) | |
download | server-9ee4729ee0eb2dddbd6bd6e195077b0f3dd4fe41.tar.xz |
Fix IP leaks from bans route
Diffstat (limited to 'api/src/routes/guilds/#guild_id')
-rw-r--r-- | api/src/routes/guilds/#guild_id/bans.ts | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index e7d46898..e128df09 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -12,7 +12,14 @@ const router: Router = Router(); router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { const { guild_id } = req.params; - var bans = await Ban.find({ guild_id: guild_id }); + let bans = await Ban.find({ guild_id: guild_id }); + + /* Filter secret from database registry.*/ + + bans.forEach((registry) => { + delete regitry.ip; + }); + return res.json(bans); }); @@ -20,7 +27,12 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, const { guild_id } = req.params; const user_id = req.params.ban; - var ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }); + let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }); + + /* Filter secret from registry. */ + + delete ban.ip + return res.json(ban); }); |