diff options
Diffstat (limited to 'api/src/routes')
-rw-r--r-- | api/src/routes/guilds/#guild_id/bans.ts | 30 | ||||
-rw-r--r-- | api/src/routes/stop.ts | 25 |
2 files changed, 52 insertions, 3 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index e7d46898..1e09a38d 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -6,13 +6,32 @@ import { getIpAdress, route } from "@fosscord/api"; export interface BanCreateSchema { delete_message_days?: string; reason?: string; -} +}; + +export interface BanRegistrySchema { + id: string; + user_id: string; + guild_id: string; + executor_id: string; + ip?: string; + reason?: string | undefined; +}; const router: Router = Router(); + +/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */ + router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { const { guild_id } = req.params; - var bans = await Ban.find({ guild_id: guild_id }); + let bans = await Ban.find({ guild_id: guild_id }); + + /* Filter secret from database registry.*/ + + bans.forEach((registry: BanRegistrySchema) => { + delete registry.ip; + }); + return res.json(bans); }); @@ -20,7 +39,12 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, const { guild_id } = req.params; const user_id = req.params.ban; - var ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }); + let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema; + + /* Filter secret from registry. */ + + delete ban.ip + return res.json(ban); }); diff --git a/api/src/routes/stop.ts b/api/src/routes/stop.ts new file mode 100644 index 00000000..c6a3de50 --- /dev/null +++ b/api/src/routes/stop.ts @@ -0,0 +1,25 @@ +import { Router, Request, Response } from "express"; +import { route } from "@fosscord/api"; +import { User } from "@fosscord/util"; + +const router: Router = Router(); + +router.post("/", route({}), async (req: Request, res: Response) => { + //TODO: have an "OPERATOR" platform permission implemented for this API route + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["flags"] }); + if(user.flags == '4096') { + console.log("user that POSTed to the API was ALLOWED"); + console.log(user.flags); + res.sendStatus(200) + process.kill(process.pid, 'SIGTERM') + } + else { + console.log("operation failed"); + console.log(user.flags); + res.sendStatus(403) + } +}); + +export default router; + +//THIS API CAN ONLY BE USED BY USERS WITH THE 'SYSTEM' FLAG ONLY IF ANY OTHER FLAGS ARE ADDED THE REQUEST WILL RETURN 403 'FORBIDDEN' |