From 3dd20d86f17a30f6cf64598bf58fae8a32a33ca5 Mon Sep 17 00:00:00 2001
From: Erkin Alp Güney <erkinalp9035@gmail.com>
Date: Wed, 2 Feb 2022 23:27:54 +0300
Subject: Extend the pretense of non-existence of self-bans to API view route
 too

---
 api/src/routes/guilds/#guild_id/bans.ts | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'api/src/routes/guilds/#guild_id/bans.ts')

diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts
index c73cc3e6..5a425680 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -27,6 +27,8 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
 	let bans = await Ban.find({ guild_id: guild_id });
 
 	/* Filter secret from database registry.*/
+	if (banned_user.user_id === banned_user.executor_id) throw DiscordApiErrors.UNKNOWN_BAN;
+	// hide self-bans from view to prevent victim chasing	
 	
 	bans.forEach((registry: BanRegistrySchema) => {
 	delete registry.ip;
-- 
cgit 1.4.1