From 8b722f2075d5cd794179f66dfd547a1ea826c810 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Sat, 24 Sep 2022 16:34:33 -0700
Subject: [PATCH] don't leak usernames with deflectors (#372)

cope marsey xd
---
 files/routes/awards.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/files/routes/awards.py b/files/routes/awards.py
index ee67da8c9..3909bf555 100644
--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@@ -176,11 +176,13 @@ def award_thing(v, thing_type, id):
 		return {"error": "User is already permanently marsified!"}, 403
 
 	if v.id != author.id:
+		safe_username = if thing.ghost then "The post's author" else f"@{author.username}"
+		
 		if author.deflector and v.deflector:
 			msg = f"@{v.username} has tried to give your [{thing_type}]({thing.shortlink}) the {AWARDS[kind]['title']} Award but it was deflected on them, they also had a deflector up, so it bounced back and forth until it vaporized!"
 			send_repeatable_notification(author.id, msg)
 
-			msg = f"@{author.username} is under the effect of a deflector award; your {AWARDS[kind]['title']} Award has been deflected back to you but your deflector protected you, the award bounced back and forth until it vaporized!"
+			msg = f"{safe_username} is under the effect of a deflector award; your {AWARDS[kind]['title']} Award has been deflected back to you but your deflector protected you, the award bounced back and forth until it vaporized!"
 			send_repeatable_notification(v.id, msg)
 
 			g.db.delete(award)
@@ -193,7 +195,7 @@ def award_thing(v, thing_type, id):
 		if author.deflector and v.id != AEVANN_ID and (AWARDS[kind]['price'] > 500 or kind == 'marsify' or kind.istitle()) and kind not in ('pin','unpin','benefactor'):
 			msg = f"@{v.username} has tried to give your [{thing_type}]({thing.shortlink}) the {AWARDS[kind]['title']} Award but it was deflected and applied to them :marseytroll:"
 			send_repeatable_notification(author.id, msg)
-			msg = f"@{author.username} is under the effect of a deflector award; your {AWARDS[kind]['title']} Award has been deflected back to you :marseytroll:"
+			msg = f"{safe_username} is under the effect of a deflector award; your {AWARDS[kind]['title']} Award has been deflected back to you :marseytroll:"
 			send_repeatable_notification(v.id, msg)
 			author = v
 		elif kind != 'spider':