From cf16bc6cc7908f39127f7f4432b2c01c5f9c9c1d Mon Sep 17 00:00:00 2001
From: Nobody <git@n0bodysec.com>
Date: Tue, 8 Mar 2022 12:01:00 -0300
Subject: fix(api): working ban list

We should never use await inside loops
---
 api/src/routes/guilds/#guild_id/bans.ts | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

(limited to 'api/src')

diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts
index 7ccf34d7..1ce41936 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -33,17 +33,32 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
 	const { guild_id } = req.params;
 
 	let bans = await Ban.find({ guild_id: guild_id });
+	let promisesToAwait: object[] = [];
+	const bansObj: object[] = [];
 
-	/* Filter secret from database registry.*/
+	bans.filter((ban) => ban.user_id !== ban.executor_id); // pretend self-bans don't exist to prevent victim chasing
 
-	bans.filter(ban => ban.user_id !== ban.executor_id);
-	// pretend self-bans don't exist to prevent victim chasing
-	
-	bans.forEach((registry: BanRegistrySchema) => {
-	delete registry.ip;
+	bans.forEach((ban) => {
+		promisesToAwait.push(User.getPublicUser(ban.user_id));
 	});
-	
-	return res.json(bans);
+
+	const bannedUsers: object[] = await Promise.all(promisesToAwait);
+
+	bans.forEach((ban, index) => {
+		const user = bannedUsers[index] as User;
+		bansObj.push({
+			reason: ban.reason,
+			user: {
+				username: user.username,
+				discriminator: user.discriminator,
+				id: user.id,
+				avatar: user.avatar,
+				public_flags: user.public_flags
+			}
+		});
+	});
+
+	return res.json(bansObj);
 });
 
 router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
-- 
cgit 1.4.1