Merge pull request #621 from fosscord/origin/dev/erkinalp/self-bans
Allow self-banning
This commit is contained in:
Erkin Alp Güney
GitHub
commit
d5a37aadce
@ -1,5 +1,5 @@
|
|||||||
import { Request, Response, Router } from "express";
|
import { Request, Response, Router } from "express";
|
||||||
import { emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util";
|
import { DiscordApiErrors, emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util";
|
||||||
import { HTTPError } from "lambert-server";
|
import { HTTPError } from "lambert-server";
|
||||||
import { getIpAdress, route } from "@fosscord/api";
|
import { getIpAdress, route } from "@fosscord/api";
|
||||||
|
|
||||||
@ -17,6 +17,14 @@ export interface BanRegistrySchema {
|
|||||||
reason?: string | undefined;
|
reason?: string | undefined;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export interface BanModeratorSchema {
|
||||||
|
id: string;
|
||||||
|
user_id: string;
|
||||||
|
guild_id: string;
|
||||||
|
executor_id: string;
|
||||||
|
reason?: string | undefined;
|
||||||
|
};
|
||||||
|
|
||||||
const router: Router = Router();
|
const router: Router = Router();
|
||||||
|
|
||||||
/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */
|
/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */
|
||||||
@ -28,6 +36,9 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
|
|||||||
|
|
||||||
/* Filter secret from database registry.*/
|
/* Filter secret from database registry.*/
|
||||||
|
|
||||||
|
bans.filter(ban => ban.user_id !== ban.executor_id);
|
||||||
|
// pretend self-bans don't exist to prevent victim chasing
|
||||||
|
|
||||||
bans.forEach((registry: BanRegistrySchema) => {
|
bans.forEach((registry: BanRegistrySchema) => {
|
||||||
delete registry.ip;
|
delete registry.ip;
|
||||||
});
|
});
|
||||||
@ -41,8 +52,13 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request,
|
|||||||
|
|
||||||
let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema;
|
let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema;
|
||||||
|
|
||||||
|
if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN;
|
||||||
|
// pretend self-bans don't exist to prevent victim chasing
|
||||||
|
|
||||||
/* Filter secret from registry. */
|
/* Filter secret from registry. */
|
||||||
|
|
||||||
|
ban = ban as BanModeratorSchema;
|
||||||
|
|
||||||
delete ban.ip
|
delete ban.ip
|
||||||
|
|
||||||
return res.json(ban);
|
return res.json(ban);
|
||||||
@ -52,11 +68,13 @@ router.put("/:user_id", route({ body: "BanCreateSchema", permission: "BAN_MEMBER
|
|||||||
const { guild_id } = req.params;
|
const { guild_id } = req.params;
|
||||||
const banned_user_id = req.params.user_id;
|
const banned_user_id = req.params.user_id;
|
||||||
|
|
||||||
const banned_user = await User.getPublicUser(banned_user_id);
|
if ( (req.user_id === banned_user_id) && (banned_user_id === req.permission!.cache.guild?.owner_id))
|
||||||
|
throw new HTTPError("You are the guild owner, hence can't ban yourself", 403);
|
||||||
|
|
||||||
if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400);
|
|
||||||
if (req.permission!.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400);
|
if (req.permission!.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400);
|
||||||
|
|
||||||
|
const banned_user = await User.getPublicUser(banned_user_id);
|
||||||
|
|
||||||
const ban = new Ban({
|
const ban = new Ban({
|
||||||
user_id: banned_user_id,
|
user_id: banned_user_id,
|
||||||
guild_id: guild_id,
|
guild_id: guild_id,
|
||||||
@ -81,9 +99,46 @@ router.put("/:user_id", route({ body: "BanCreateSchema", permission: "BAN_MEMBER
|
|||||||
return res.json(ban);
|
return res.json(ban);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
router.put("/@me", route({ body: "BanCreateSchema"}), async (req: Request, res: Response) => {
|
||||||
|
const { guild_id } = req.params;
|
||||||
|
|
||||||
|
const banned_user = await User.getPublicUser(req.params.user_id);
|
||||||
|
|
||||||
|
if (req.permission!.cache.guild?.owner_id === req.params.user_id)
|
||||||
|
throw new HTTPError("You are the guild owner, hence can't ban yourself", 403);
|
||||||
|
|
||||||
|
const ban = new Ban({
|
||||||
|
user_id: req.params.user_id,
|
||||||
|
guild_id: guild_id,
|
||||||
|
ip: getIpAdress(req),
|
||||||
|
executor_id: req.params.user_id,
|
||||||
|
reason: req.body.reason // || otherwise empty
|
||||||
|
});
|
||||||
|
|
||||||
|
await Promise.all([
|
||||||
|
Member.removeFromGuild(req.user_id, guild_id),
|
||||||
|
ban.save(),
|
||||||
|
emitEvent({
|
||||||
|
event: "GUILD_BAN_ADD",
|
||||||
|
data: {
|
||||||
|
guild_id: guild_id,
|
||||||
|
user: banned_user
|
||||||
|
},
|
||||||
|
guild_id: guild_id
|
||||||
|
} as GuildBanAddEvent)
|
||||||
|
]);
|
||||||
|
|
||||||
|
return res.json(ban);
|
||||||
|
});
|
||||||
|
|
||||||
router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
|
router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
|
||||||
const { guild_id, user_id } = req.params;
|
const { guild_id, user_id } = req.params;
|
||||||
|
|
||||||
|
let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id });
|
||||||
|
|
||||||
|
if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN;
|
||||||
|
// make self-bans irreversible and hide them from view to avoid victim chasing
|
||||||
|
|
||||||
const banned_user = await User.getPublicUser(user_id);
|
const banned_user = await User.getPublicUser(user_id);
|
||||||
|
|
||||||
await Promise.all([
|
await Promise.all([
|
||||||
|
|||||||
12
bundle/package-lock.json
generated
12
bundle/package-lock.json
generated
@ -4892,6 +4892,17 @@
|
|||||||
"integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==",
|
"integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==",
|
||||||
"dev": true
|
"dev": true
|
||||||
},
|
},
|
||||||
|
"node_modules/dashdash": {
|
||||||
|
"version": "1.14.1",
|
||||||
|
"integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
|
||||||
|
"optional": true,
|
||||||
|
"dependencies": {
|
||||||
|
"assert-plus": "^1.0.0"
|
||||||
|
},
|
||||||
|
"engines": {
|
||||||
|
"node": ">=0.10"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/data-urls": {
|
"node_modules/data-urls": {
|
||||||
"version": "2.0.0",
|
"version": "2.0.0",
|
||||||
"integrity": "sha512-X5eWTSXO/BJmpdIKCRuKUgSCgAN0OwliVK3yPKbwIWU1Tdw5BRajxlzMidvh+gwko9AfQ9zIj52pzF91Q3YAvQ==",
|
"integrity": "sha512-X5eWTSXO/BJmpdIKCRuKUgSCgAN0OwliVK3yPKbwIWU1Tdw5BRajxlzMidvh+gwko9AfQ9zIj52pzF91Q3YAvQ==",
|
||||||
@ -9470,7 +9481,6 @@
|
|||||||
"integrity": "sha512-roEOz41hxui2Q7uYnWsjMOTry6TcNUNmp8audCx18gF10P2NknwdpF+E+HKvz/F2NvPKGGBF4NGc+ZPQ+AABwg==",
|
"integrity": "sha512-roEOz41hxui2Q7uYnWsjMOTry6TcNUNmp8audCx18gF10P2NknwdpF+E+HKvz/F2NvPKGGBF4NGc+ZPQ+AABwg==",
|
||||||
"hasInstallScript": true,
|
"hasInstallScript": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"nan": "^2.12.1",
|
|
||||||
"node-pre-gyp": "^0.11.0"
|
"node-pre-gyp": "^0.11.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user