Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-06 11:36:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

hook up extra functions to the request validator

Browse Source
This commit is contained in:
mini-bomba
2025-04-25 21:10:24 +02:00
parent b2cd048909
commit 4db4e9458e
6 changed files with 102 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/postBranding.ts
View File

@@ -63,13 +63,15 @@ export async function postBranding(req: Request, res: Response) {
userAgent,
userAgentHeader: req.headers["user-agent"],
videoDuration,
videoID,
userID,
service,
dearrow: {
title,
thumbnail,
downvote,
}
},
endpoint: "dearrow-postBranding",
})) {
Logger.warn(`Rejecting submission based on invalid data: ${hashedUserID} ${videoID} ${videoDuration} ${userAgent} ${req.headers["user-agent"]} ${title.title} ${thumbnail.timestamp}`);
res.status(200).send("OK");

18
src/routes/postCasual.ts
View File

@@ -14,6 +14,8 @@ import { QueryCacher } from "../utils/queryCacher";
import { acquireLock } from "../utils/redisLock";
import { checkBanStatus } from "../utils/checkBan";
import { canSubmitDeArrow } from "../utils/permissions";
import { isRequestInvalid } from "../utils/requestValidator";
import { parseUserAgent } from "../utils/userAgent";
interface ExistingVote {
UUID: BrandingUUID;
@@ -22,6 +24,7 @@ interface ExistingVote {
export async function postCasual(req: Request, res: Response) {
const { videoID, userID, downvote } = req.body as CasualVoteSubmission;
const userAgent = req.body.userAgent ?? parseUserAgent(req.get("user-agent")) ?? "";
let categories = req.body.categories as CasualCategory[];
const title = (req.body.title as string)?.toLowerCase();
const service = getService(req.body.service);
@@ -36,6 +39,19 @@ export async function postCasual(req: Request, res: Response) {
return res.status(400).send("Bad Request");
}
if (isRequestInvalid({
userID,
videoID,
userAgent,
userAgentHeader: req.headers["user-agent"],
casualCategories: categories,
service,
endpoint: "dearrow-postCasual",
})) {
Logger.warn(`Casual vote rejected by request validator: ${userAgent} ${req.headers["user-agent"]} ${categories} ${service} ${videoID}`);
return res.status(200).send("OK");
}
try {
const hashedUserID = await getHashCache(userID);
const hashedVideoID = await getHashCache(videoID, 1);
@@ -134,4 +150,4 @@ async function handleExistingVotes(videoID: VideoID, service: Service, titleID:
[videoID, service, titleID, hashedUserID, hashedIP, category, now]);
return false;
}
}

2
src/routes/postSkipSegments.ts
View File

@@ -514,9 +514,11 @@ export async function postSkipSegments(req: Request, res: Response): Promise<Res
userAgent,
userAgentHeader: req.headers["user-agent"],
videoDuration,
videoID,
userID: paramUserID,
service,
segments,
endpoint: "sponsorblock-postSkipSegments"
})) {
Logger.warn(`Rejecting submission based on invalid data: ${userID} ${videoID} ${videoDurationParam} ${userAgent} ${req.headers["user-agent"]}`);
return res.status(200).send("OK");

30
src/routes/setUsername.ts
View File

@@ -5,6 +5,7 @@ import { getHashCache } from "../utils/getHashCache";
import { Request, Response } from "express";
import { isUserBanned } from "../utils/checkBan";
import { HashedUserID } from "../types/user.model";
import { isRequestInvalid } from "../utils/requestValidator";
function logUserNameChange(userID: string, newUserName: string, oldUserName: string, updatedByAdmin: boolean): Promise<Response> {
return privateDB.prepare("run",
@@ -15,7 +16,7 @@ function logUserNameChange(userID: string, newUserName: string, oldUserName: str
export async function setUsername(req: Request, res: Response): Promise<Response> {
const userIDInput = req.query.userID as string;
const adminUserIDInput = req.query.adminUserID as string;
const adminUserIDInput = req.query.adminUserID as string | undefined;
let userName = req.query.username as string;
let hashedUserID: HashedUserID;
@@ -29,16 +30,22 @@ export async function setUsername(req: Request, res: Response): Promise<Response
return res.sendStatus(200);
}
const timings = [Date.now()];
// remove unicode control characters from username (example: \n, \r, \t etc.)
// source: https://en.wikipedia.org/wiki/Control_character#In_Unicode
// eslint-disable-next-line no-control-regex
userName = userName.replace(/[\u0000-\u001F\u007F-\u009F]/g, "");
try {
timings.push(Date.now());
if (isRequestInvalid({
userAgentHeader: req.headers["user-agent"],
userID: adminUserIDInput ?? userIDInput,
newUsername: userName,
endpoint: "setUsername",
})) {
Logger.warn(`Username change rejected by request validator: ${userName} ${req.headers["user-agent"]}`);
return res.sendStatus(200);
}
try {
if (adminUserIDInput != undefined) {
//this is the admin controlling the other users account, don't hash the controling account's ID
hashedUserID = userIDInput as HashedUserID;
@@ -55,15 +62,11 @@ export async function setUsername(req: Request, res: Response): Promise<Response
//hash the userID
hashedUserID = await getHashCache(userIDInput) as HashedUserID;
timings.push(Date.now());
const row = await db.prepare("get", `SELECT count(*) as "userCount" FROM "userNames" WHERE "userID" = ? AND "locked" = 1`, [hashedUserID]);
if (row.userCount > 0) {
return res.sendStatus(200);
}
timings.push(Date.now());
if (await isUserBanned(hashedUserID)) {
return res.sendStatus(200);
}
@@ -80,8 +83,6 @@ export async function setUsername(req: Request, res: Response): Promise<Response
const locked = adminUserIDInput === undefined ? 0 : 1;
let oldUserName = "";
timings.push(Date.now());
if (row?.userName !== undefined) {
//already exists, update this row
oldUserName = row.userName;
@@ -95,14 +96,9 @@ export async function setUsername(req: Request, res: Response): Promise<Response
await db.prepare("run", `INSERT INTO "userNames"("userID", "userName", "locked") VALUES(?, ?, ?)`, [hashedUserID, userName, locked]);
}
timings.push(Date.now());
await logUserNameChange(hashedUserID, userName, oldUserName, adminUserIDInput !== undefined);
timings.push(Date.now());
return res.status(200).send(timings.join(", "));
return res.sendStatus(200);
} catch (err) /* istanbul ignore next */ {
Logger.error(err as string);
return res.sendStatus(500);

12
src/types/config.model.ts
View File

@@ -43,24 +43,30 @@ export interface CustomPostgresReadOnlyConfig extends CustomPostgresConfig {
export type ValidatorPattern = string | [string, string];
export interface RequestValidatorRule {
// universal
// mostly universal
userAgent?: ValidatorPattern;
userAgentHeader?: ValidatorPattern;
videoDuration?: ValidatorPattern;
videoID?: ValidatorPattern;
userID?: ValidatorPattern;
service?: ValidatorPattern;
// sb
endpoint?: ValidatorPattern;
// sb postSkipSegments
startTime?: ValidatorPattern;
endTime?: ValidatorPattern;
category?: ValidatorPattern;
actionType?: ValidatorPattern;
description?: ValidatorPattern;
// dearrow
// dearrow postBranding
title?: ValidatorPattern;
titleOriginal?: boolean;
thumbnailTimestamp?: ValidatorPattern;
thumbnailOriginal?: boolean;
dearrowDownvote?: boolean;
// postCasual
casualCategory?: ValidatorPattern;
// setUsername
newUsername?: ValidatorPattern;
}
export interface SBSConfig {

71
src/utils/requestValidator.ts
View File

@@ -1,5 +1,9 @@
import { config } from "../config";
import { ThumbnailSubmission, TitleSubmission } from "../types/branding.model";
import {
CasualCategory,
ThumbnailSubmission,
TitleSubmission,
} from "../types/branding.model";
import { ValidatorPattern, RequestValidatorRule } from "../types/config.model";
import { IncomingSegment } from "../types/segments.model";
@@ -7,6 +11,7 @@ export interface RequestValidatorInput {
userAgent?: string;
userAgentHeader?: string;
videoDuration?: string | number;
videoID?: string;
userID?: string;
service?: string;
segments?: IncomingSegment[];
@@ -15,10 +20,15 @@ export interface RequestValidatorInput {
thumbnail?: ThumbnailSubmission;
downvote: boolean;
};
casualCategories?: CasualCategory[];
newUsername?: string;
endpoint?: string;
}
export type CompiledValidityCheck = (input: RequestValidatorInput) => boolean;
type CompiledSegmentCheck = (input: IncomingSegment) => boolean;
type InputExtractor = (input: RequestValidatorInput) => string | number | undefined | null;
type InputExtractor = (
input: RequestValidatorInput,
) => string | number | undefined | null;
type SegmentExtractor = (input: IncomingSegment) => string | undefined | null;
type BooleanRules = "titleOriginal" | "thumbnailOriginal" | "dearrowDownvote";
type RuleEntry =
@@ -27,14 +37,17 @@ type RuleEntry =
let compiledRules: CompiledValidityCheck;
function patternToRegex(pattern: ValidatorPattern): RegExp {
return typeof pattern === "string"
? new RegExp(pattern, "i")
: new RegExp(...pattern);
}
function compilePattern(
pattern: ValidatorPattern,
extractor: InputExtractor,
): CompiledValidityCheck {
const regex =
typeof pattern === "string"
? new RegExp(pattern, "i")
: new RegExp(...pattern);
const regex = patternToRegex(pattern);
return (input: RequestValidatorInput) => {
const field = extractor(input);
@@ -47,10 +60,7 @@ function compileSegmentPattern(
pattern: ValidatorPattern,
extractor: SegmentExtractor,
): CompiledSegmentCheck {
const regex =
typeof pattern === "string"
? new RegExp(pattern, "i")
: new RegExp(...pattern);
const regex = patternToRegex(pattern);
return (input: IncomingSegment) => {
const field = extractor(input);
@@ -93,6 +103,11 @@ export function compileRules(
),
);
break;
case "videoID":
ruleComponents.push(
compilePattern(rulePattern, (input) => input.videoID),
);
break;
case "userID":
ruleComponents.push(
compilePattern(rulePattern, (input) => input.userID),
@@ -153,7 +168,8 @@ export function compileRules(
break;
case "titleOriginal":
ruleComponents.push(
(input) => input.dearrow?.title?.original === rulePattern,
(input) =>
input.dearrow?.title?.original === rulePattern,
);
break;
case "thumbnailTimestamp":
@@ -172,10 +188,39 @@ export function compileRules(
break;
case "dearrowDownvote":
ruleComponents.push(
(input) =>
input.dearrow?.downvote === rulePattern,
(input) => input.dearrow?.downvote === rulePattern,
);
break;
case "newUsername":
ruleComponents.push(
compilePattern(
rulePattern,
(input) => input.newUsername,
),
);
break;
case "endpoint":
ruleComponents.push(
compilePattern(rulePattern, (input) => input.endpoint),
);
break;
case "casualCategory": {
const regex = patternToRegex(rulePattern);
ruleComponents.push((input) => {
if (input.casualCategories === undefined) {
return false;
}
for (const category of input.casualCategories) {
if (regex.test(category)) return true;
}
return false;
});
break;
}
default: {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const _exhaustive: never = ruleKey;
}
}
}
if (segmentRuleComponents.length > 0) {