From 631788537c5283167bd63648db75e7b36205b3b7 Mon Sep 17 00:00:00 2001 From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com> Date: Wed, 5 Jun 2024 06:01:44 +0200 Subject: [PATCH] API /:guild_id/bans compat - Fix GET Ban using "ban"/"user" instead of "user_id" in params, making it unusable - Return a processed user object instead of the raw DB one - Silently ignore already banned users to prevent duplicate bans in the DB - Return HTTP 204 on successful bans instead of the raw DB ban object --- src/api/routes/guilds/#guild_id/bans.ts | 31 ++++++++++++++----------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/src/api/routes/guilds/#guild_id/bans.ts b/src/api/routes/guilds/#guild_id/bans.ts index d399e549..ab1b5cbd 100644 --- a/src/api/routes/guilds/#guild_id/bans.ts +++ b/src/api/routes/guilds/#guild_id/bans.ts @@ -1,17 +1,17 @@ /* Spacebar: A FOSS re-implementation and extension of the Discord.com backend. Copyright (C) 2023 Spacebar and Spacebar Contributors - + This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ @@ -19,7 +19,6 @@ import { getIpAdress, route } from "@spacebar/api"; import { Ban, - BanModeratorSchema, BanRegistrySchema, DiscordApiErrors, GuildBanAddEvent, @@ -82,7 +81,7 @@ router.get( ); router.get( - "/:user", + "/:user_id", route({ permission: "BAN_MEMBERS", responses: { @@ -98,8 +97,7 @@ router.get( }, }), async (req: Request, res: Response) => { - const { guild_id } = req.params; - const user_id = req.params.ban; + const { guild_id, user_id } = req.params; let ban = (await Ban.findOneOrFail({ where: { guild_id: guild_id, user_id: user_id }, @@ -108,13 +106,12 @@ router.get( if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; // pretend self-bans don't exist to prevent victim chasing - /* Filter secret from registry. */ + const banInfo = { + user: await User.getPublicUser(ban.user_id), + reason: ban.reason, + } - ban = ban as BanModeratorSchema; - - delete ban.ip; - - return res.json(ban); + return res.json(banInfo); }, ); @@ -151,6 +148,12 @@ router.put( if (req.permission?.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400); + const existingBan = await Ban.findOne({ + where: { guild_id: guild_id, user_id: banned_user_id }, + }); + // Bans on already banned users are silently ignored + if (existingBan) return res.status(204).send(); + const banned_user = await User.getPublicUser(banned_user_id); const ban = Ban.create({ @@ -174,7 +177,7 @@ router.put( } as GuildBanAddEvent), ]); - return res.json(ban); + return res.status(204).send(); }, );