Closed toastxc closed 1 year ago
The output of this route is literally generic user data as shown in source, this information can be pulled by a bot by literally polling a user account
Result<Json<Vec<User>>>
I'm certain that this is not a security problem
Unrelated: The name of this route doesn't seem right
Servers have members, and Member
is a different data structure to what is return by this route.
Perhaps the route should be named channels/group_member_fetch.rs
and channels/group_member_fetch_all.rs
instead of channels/members_fetch.rs
I'm certain that this is not a security problem
i'm only concerned about whether or not this route is heavy on the backend and how much of a problem overuse could be. this being said, if you're not concerned, then i'm satisfied.
LGTM :+1:
Bots can already fetch server members (a much more expensive operation, involving more data and usually more people than a group); LGTM although I'm curious if @insertish had a specific reason for this check
no
Please make sure to check the following tasks before opening and submitting a PR