Add blacklist system #96

New issue

Closed

opened 2025-10-28 14:36:38 -04:00 by sirdog3355 · 1 comment

sirdog3355 commented

2025-10-28 14:36:38 -04:00

(Migrated from github.com)

Now that EnduraBot is getting more mature and beginning to interact with a DB and external APIs something that needs to be considered is people misusing the bot.

Perhaps it's not even malicious, but API rate limits and DB interactions are a thing, and I am by no means a developer with professional knowledge to properly harden or log to mitigate against this. Sometimes people take a joke too far because they are human. In this case, I don't think it's necessary or healthy to force them to be timed out, kicked, or banned.

I'll just revoke their access to use the bot and call it a day.

I had considered in my head whether to make this restriction for the entire bot, or just commands that hit APIs, and I've settled on the former. It would be a lot more work to perform the latter, and I shouldn't be catering to someone who is being enough of a menace to warrant me considering blacklisting.

So, desired functionality is that a command exists which allows the blacklisting of individuals from using EnduraBot. If such a user attempts to execute any command it should fail. The list of blacklisted users will be on a DB table and a class will be made for blacklist management.

Now that EnduraBot is getting more mature and beginning to interact with a DB and external APIs something that needs to be considered is people misusing the bot. Perhaps it's not even malicious, but API rate limits and DB interactions are a thing, and I am by no means a developer with professional knowledge to properly harden or log to mitigate against this. Sometimes people take a joke too far because they are human. In this case, I don't think it's necessary or healthy to force them to be timed out, kicked, or banned. I'll just revoke their access to use the bot and call it a day. I had considered in my head whether to make this restriction for the entire bot, or just commands that hit APIs, and I've settled on the former. It would be a lot more work to perform the latter, and I shouldn't be catering to someone who is being enough of a menace to warrant me considering blacklisting. So, desired functionality is that a command exists which allows the blacklisting of individuals from using EnduraBot. If such a user attempts to execute any command it should fail. The list of blacklisted users will be on a DB table and a class will be made for blacklist management.

sirdog3355 commented

2025-10-28 14:38:29 -04:00

(Migrated from github.com)

This I need to remember:

The method to check if a user is blacklisted should compare against a list in the class object's constructor, and then the list is populated on bot start and updated whenever methods are called to add and remove users. This way a DB query isn't being made per command execution.
I should probably make it so blacklisting mods and administrators isn't possible. If such users are misusing the bot they need to lose the associated privileges.

This I need to remember: - The method to check if a user is blacklisted should compare against a list in the class object's constructor, and then the list is populated on bot start and updated whenever methods are called to add and remove users. This way a DB query isn't being made per command execution. - I should probably make it so blacklisting mods and administrators isn't possible. If such users are misusing the bot they need to lose the associated privileges.