diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/src/routes/guilds/#guild_id/bans.ts | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index 8c0bdee6..4c5ba48f 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -17,6 +17,14 @@ export interface BanRegistrySchema { reason?: string | undefined; }; +export interface BanModeratorSchema { + id: string; + user_id: string; + guild_id: string; + executor_id: string; + reason?: string | undefined; +}; + const router: Router = Router(); /* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */ @@ -39,12 +47,14 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, const { guild_id } = req.params; const user_id = req.params.ban; - let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }); + let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema; if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; // pretend self-bans don't exist to prevent victim chasing /* Filter secret from registry. */ + + ban = ban as BanModeratorSchema; delete ban.ip @@ -126,7 +136,7 @@ router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Req if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; // make self-bans irreversible and hide them from view to avoid victim chasing - const banned_user = await User.getPublicUser(banned_user_id); + const banned_user = await User.getPublicUser(user_id); await Promise.all([ Ban.delete({ |