From 8b641d099a516fc8d87b8c8ebcb725d230e12636 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erkin=20Alp=20G=C3=BCney?= Date: Wed, 2 Feb 2022 23:21:38 +0300 Subject: [PATCH] Better protection against self-bans --- api/src/routes/guilds/#guild_id/bans.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index d9f62961..c73cc3e6 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -120,8 +120,9 @@ router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Req const banned_user = await User.getPublicUser(user_id); - if (banned_user.user_id === banned_user.executor_id) throw new HTTPError("Self-bans are irreversible", 400); - + if (banned_user.user_id === banned_user.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; + // make self-bans irreversible and hide them from view to avoid victim chasing + await Promise.all([ Ban.delete({ user_id: user_id,