From efd1c5661106967fe1cb423c1e052daf832d04df Mon Sep 17 00:00:00 2001 From: Thesourtimes Date: Fri, 24 Dec 2021 21:55:34 +0300 Subject: (Finally) make a temporary fix for IP leak --- api/src/routes/guilds/#guild_id/bans.ts | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index 4d12ae46..75a50038 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -6,9 +6,19 @@ import { getIpAdress, route } from "@fosscord/api"; export interface BanCreateSchema { delete_message_days?: string; reason?: string; -} +}; + +export interface BanRegistrySchema { + id: string; + user_id: string; + guild_id: string; + executor_id: string; + ip?: string; + reason?: string | undefined; +}; const router: Router = Router(); + router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { const { guild_id } = req.params; @@ -16,7 +26,7 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: /* Filter secret from database registry.*/ - bans.forEach((registry) => { + bans.forEach((registry: BanRegistrySchema) => { delete registry.ip; }); @@ -27,7 +37,7 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, const { guild_id } = req.params; const user_id = req.params.ban; - let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }); + let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema; /* Filter secret from registry. */ -- cgit 1.4.1 From 20d20bcd66e4beb2733506d4ef798e2189caa8e1 Mon Sep 17 00:00:00 2001 From: Kuna <65683493+Thesourtimes@users.noreply.github.com> Date: Fri, 24 Dec 2021 19:08:24 +0000 Subject: Comment about the hotfix --- api/src/routes/guilds/#guild_id/bans.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index 75a50038..1e09a38d 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -19,6 +19,8 @@ export interface BanRegistrySchema { const router: Router = Router(); +/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */ + router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { const { guild_id } = req.params; -- cgit 1.4.1