mirror of
https://github.com/ajayyy/SponsorBlockServer.git
synced 2025-12-25 17:08:35 +03:00
hook up extra functions to the request validator
This commit is contained in:
mini-bomba
@@ -63,13 +63,15 @@ export async function postBranding(req: Request, res: Response) {
|
||||
userAgent,
|
||||
userAgentHeader: req.headers["user-agent"],
|
||||
videoDuration,
|
||||
videoID,
|
||||
userID,
|
||||
service,
|
||||
dearrow: {
|
||||
title,
|
||||
thumbnail,
|
||||
downvote,
|
||||
}
|
||||
},
|
||||
endpoint: "dearrow-postBranding",
|
||||
})) {
|
||||
Logger.warn(`Rejecting submission based on invalid data: ${hashedUserID} ${videoID} ${videoDuration} ${userAgent} ${req.headers["user-agent"]} ${title.title} ${thumbnail.timestamp}`);
|
||||
res.status(200).send("OK");
|
||||
|
||||
@@ -14,6 +14,8 @@ import { QueryCacher } from "../utils/queryCacher";
|
||||
import { acquireLock } from "../utils/redisLock";
|
||||
import { checkBanStatus } from "../utils/checkBan";
|
||||
import { canSubmitDeArrow } from "../utils/permissions";
|
||||
import { isRequestInvalid } from "../utils/requestValidator";
|
||||
import { parseUserAgent } from "../utils/userAgent";
|
||||
|
||||
interface ExistingVote {
|
||||
UUID: BrandingUUID;
|
||||
@@ -22,6 +24,7 @@ interface ExistingVote {
|
||||
|
||||
export async function postCasual(req: Request, res: Response) {
|
||||
const { videoID, userID, downvote } = req.body as CasualVoteSubmission;
|
||||
const userAgent = req.body.userAgent ?? parseUserAgent(req.get("user-agent")) ?? "";
|
||||
let categories = req.body.categories as CasualCategory[];
|
||||
const title = (req.body.title as string)?.toLowerCase();
|
||||
const service = getService(req.body.service);
|
||||
@@ -36,6 +39,19 @@ export async function postCasual(req: Request, res: Response) {
|
||||
return res.status(400).send("Bad Request");
|
||||
}
|
||||
|
||||
if (isRequestInvalid({
|
||||
userID,
|
||||
videoID,
|
||||
userAgent,
|
||||
userAgentHeader: req.headers["user-agent"],
|
||||
casualCategories: categories,
|
||||
service,
|
||||
endpoint: "dearrow-postCasual",
|
||||
})) {
|
||||
Logger.warn(`Casual vote rejected by request validator: ${userAgent} ${req.headers["user-agent"]} ${categories} ${service} ${videoID}`);
|
||||
return res.status(200).send("OK");
|
||||
}
|
||||
|
||||
try {
|
||||
const hashedUserID = await getHashCache(userID);
|
||||
const hashedVideoID = await getHashCache(videoID, 1);
|
||||
@@ -134,4 +150,4 @@ async function handleExistingVotes(videoID: VideoID, service: Service, titleID:
|
||||
[videoID, service, titleID, hashedUserID, hashedIP, category, now]);
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -514,9 +514,11 @@ export async function postSkipSegments(req: Request, res: Response): Promise<Res
|
||||
userAgent,
|
||||
userAgentHeader: req.headers["user-agent"],
|
||||
videoDuration,
|
||||
videoID,
|
||||
userID: paramUserID,
|
||||
service,
|
||||
segments,
|
||||
endpoint: "sponsorblock-postSkipSegments"
|
||||
})) {
|
||||
Logger.warn(`Rejecting submission based on invalid data: ${userID} ${videoID} ${videoDurationParam} ${userAgent} ${req.headers["user-agent"]}`);
|
||||
return res.status(200).send("OK");
|
||||
|
||||
@@ -5,6 +5,7 @@ import { getHashCache } from "../utils/getHashCache";
|
||||
import { Request, Response } from "express";
|
||||
import { isUserBanned } from "../utils/checkBan";
|
||||
import { HashedUserID } from "../types/user.model";
|
||||
import { isRequestInvalid } from "../utils/requestValidator";
|
||||
|
||||
function logUserNameChange(userID: string, newUserName: string, oldUserName: string, updatedByAdmin: boolean): Promise<Response> {
|
||||
return privateDB.prepare("run",
|
||||
@@ -15,7 +16,7 @@ function logUserNameChange(userID: string, newUserName: string, oldUserName: str
|
||||
|
||||
export async function setUsername(req: Request, res: Response): Promise<Response> {
|
||||
const userIDInput = req.query.userID as string;
|
||||
const adminUserIDInput = req.query.adminUserID as string;
|
||||
const adminUserIDInput = req.query.adminUserID as string | undefined;
|
||||
let userName = req.query.username as string;
|
||||
let hashedUserID: HashedUserID;
|
||||
|
||||
@@ -29,16 +30,22 @@ export async function setUsername(req: Request, res: Response): Promise<Response
|
||||
return res.sendStatus(200);
|
||||
}
|
||||
|
||||
const timings = [Date.now()];
|
||||
|
||||
// remove unicode control characters from username (example: \n, \r, \t etc.)
|
||||
// source: https://en.wikipedia.org/wiki/Control_character#In_Unicode
|
||||
// eslint-disable-next-line no-control-regex
|
||||
userName = userName.replace(/[\u0000-\u001F\u007F-\u009F]/g, "");
|
||||
|
||||
try {
|
||||
timings.push(Date.now());
|
||||
if (isRequestInvalid({
|
||||
userAgentHeader: req.headers["user-agent"],
|
||||
userID: adminUserIDInput ?? userIDInput,
|
||||
newUsername: userName,
|
||||
endpoint: "setUsername",
|
||||
})) {
|
||||
Logger.warn(`Username change rejected by request validator: ${userName} ${req.headers["user-agent"]}`);
|
||||
return res.sendStatus(200);
|
||||
}
|
||||
|
||||
try {
|
||||
if (adminUserIDInput != undefined) {
|
||||
//this is the admin controlling the other users account, don't hash the controling account's ID
|
||||
hashedUserID = userIDInput as HashedUserID;
|
||||
@@ -55,15 +62,11 @@ export async function setUsername(req: Request, res: Response): Promise<Response
|
||||
//hash the userID
|
||||
hashedUserID = await getHashCache(userIDInput) as HashedUserID;
|
||||
|
||||
timings.push(Date.now());
|
||||
|
||||
const row = await db.prepare("get", `SELECT count(*) as "userCount" FROM "userNames" WHERE "userID" = ? AND "locked" = 1`, [hashedUserID]);
|
||||
if (row.userCount > 0) {
|
||||
return res.sendStatus(200);
|
||||
}
|
||||
|
||||
timings.push(Date.now());
|
||||
|
||||
if (await isUserBanned(hashedUserID)) {
|
||||
return res.sendStatus(200);
|
||||
}
|
||||
@@ -80,8 +83,6 @@ export async function setUsername(req: Request, res: Response): Promise<Response
|
||||
const locked = adminUserIDInput === undefined ? 0 : 1;
|
||||
let oldUserName = "";
|
||||
|
||||
timings.push(Date.now());
|
||||
|
||||
if (row?.userName !== undefined) {
|
||||
//already exists, update this row
|
||||
oldUserName = row.userName;
|
||||
@@ -95,14 +96,9 @@ export async function setUsername(req: Request, res: Response): Promise<Response
|
||||
await db.prepare("run", `INSERT INTO "userNames"("userID", "userName", "locked") VALUES(?, ?, ?)`, [hashedUserID, userName, locked]);
|
||||
}
|
||||
|
||||
timings.push(Date.now());
|
||||
|
||||
await logUserNameChange(hashedUserID, userName, oldUserName, adminUserIDInput !== undefined);
|
||||
|
||||
timings.push(Date.now());
|
||||
|
||||
|
||||
return res.status(200).send(timings.join(", "));
|
||||
return res.sendStatus(200);
|
||||
} catch (err) /* istanbul ignore next */ {
|
||||
Logger.error(err as string);
|
||||
return res.sendStatus(500);
|
||||
|
||||
Reference in New Issue
Block a user