summary refs log tree commit diff
path: root/api/src/routes/guilds
diff options
context:
space:
mode:
authorErkin Alp Güney <erkinalp9035@gmail.com>2022-02-02 23:21:38 +0300
committerGitHub <noreply@github.com>2022-02-02 23:21:38 +0300
commitf9c371f01f3f1a2d29443270d4999b233ac279cb (patch)
tree2c0ff70600076553f2d9b59404c7e8dfe561268c /api/src/routes/guilds
parentMake self-bans irreversible (diff)
downloadserver-f9c371f01f3f1a2d29443270d4999b233ac279cb.tar.xz
Better protection against self-bans
Diffstat (limited to 'api/src/routes/guilds')
-rw-r--r--api/src/routes/guilds/#guild_id/bans.ts5
1 files changed, 3 insertions, 2 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts
index d9f62961..c73cc3e6 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -120,8 +120,9 @@ router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Req
 
 	const banned_user = await User.getPublicUser(user_id);
 	
-	if (banned_user.user_id === banned_user.executor_id) throw new HTTPError("Self-bans are irreversible", 400);
-
+	if (banned_user.user_id === banned_user.executor_id) throw DiscordApiErrors.UNKNOWN_BAN;
+	// make self-bans irreversible and hide them from view to avoid victim chasing
+	
 	await Promise.all([
 		Ban.delete({
 			user_id: user_id,