summary refs log tree commit diff
path: root/api/src
diff options
context:
space:
mode:
Diffstat (limited to 'api/src')
-rw-r--r--api/src/routes/guilds/#guild_id/bans.ts30
-rw-r--r--api/src/routes/stop.ts25
2 files changed, 52 insertions, 3 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts

index e7d46898..1e09a38d 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -6,13 +6,32 @@ import { getIpAdress, route } from "@fosscord/api";
 export interface BanCreateSchema {
 	delete_message_days?: string;
 	reason?: string;
-}
+};
+
+export interface BanRegistrySchema {
+	id: string;
+	user_id: string;
+	guild_id: string;
+	executor_id: string;
+	ip?: string;
+	reason?: string | undefined;
+};
 
 const router: Router = Router();
+
+/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */
+
 router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 
-	var bans = await Ban.find({ guild_id: guild_id });
+	let bans = await Ban.find({ guild_id: guild_id });
+
+	/* Filter secret from database registry.*/
+	
+	bans.forEach((registry: BanRegistrySchema) => {
+	delete registry.ip;
+	});
+
 	return res.json(bans);
 });
 
@@ -20,7 +39,12 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request,
 	const { guild_id } = req.params;
 	const user_id = req.params.ban;
 
-	var ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id });
+	let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema;
+	
+	/* Filter secret from registry. */
+
+	delete ban.ip
+
 	return res.json(ban);
 });
 
diff --git a/api/src/routes/stop.ts b/api/src/routes/stop.ts
new file mode 100644

index 00000000..c6a3de50
--- /dev/null
+++ b/api/src/routes/stop.ts
@@ -0,0 +1,25 @@
+import { Router, Request, Response } from "express";
+import { route } from "@fosscord/api";
+import { User } from "@fosscord/util";
+
+const router: Router = Router();
+
+router.post("/", route({}), async (req: Request, res: Response) => {
+	//TODO: have an "OPERATOR" platform permission implemented for this API route
+	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["flags"] });
+	if(user.flags == '4096') {
+		console.log("user that POSTed to the API was ALLOWED");
+		console.log(user.flags);
+		res.sendStatus(200)
+		process.kill(process.pid, 'SIGTERM')
+	}
+	else {
+		console.log("operation failed");
+		console.log(user.flags);
+		res.sendStatus(403)
+	}
+});
+
+export default router;
+
+//THIS API CAN ONLY BE USED BY USERS WITH THE 'SYSTEM' FLAG ONLY IF ANY OTHER FLAGS ARE ADDED THE REQUEST WILL RETURN 403 'FORBIDDEN'
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-06-30 13:53:23 +0000