Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-15 07:57:05 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from ajayyy/experimental

Browse Source 
Added hashing to userIDs and changed up how the UUID is created
This commit is contained in:
Ajay Ramachandran
2019-07-25 16:59:36 -04:00
committed by GitHub
parent c59372dd62 abfbba2ad0
commit 51efb9a5c1
1 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
index.js
View File

@@ -92,6 +92,9 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
return; return;
} }
//hash the userID
userID = getHashedUserID(userID);
//x-forwarded-for if this server is behind a proxy //x-forwarded-for if this server is behind a proxy
let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
@@ -99,14 +102,24 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
let hashedIP = ip + globalSalt; let hashedIP = ip + globalSalt;
//hash it 5000 times, this makes it very hard to brute force //hash it 5000 times, this makes it very hard to brute force
for (let i = 0; i < 5000; i++) { for (let i = 0; i < 5000; i++) {
let hashCreator = crypto.createHash('sha512'); let hashCreator = crypto.createHash('sha256');
hashedIP = hashCreator.update(hashedIP).digest('hex'); hashedIP = hashCreator.update(hashedIP).digest('hex');
} }
startTime = parseFloat(startTime); startTime = parseFloat(startTime);
endTime = parseFloat(endTime); endTime = parseFloat(endTime);
let UUID = uuidv1(); if (startTime > endTime) {
//time can't go backwards
res.sendStatus(400);
return;
}
//this can just be a hash of the data
//it's better than generating an actual UUID like what was used before
//also better for duplication checking
let hashCreator = crypto.createHash('sha256');
let UUID = hashCreator.update(videoID + startTime + endTime + userID).digest('hex');
//get current time //get current time
let timeSubmitted = Date.now(); let timeSubmitted = Date.now();
@@ -156,6 +169,9 @@ app.get('/api/voteOnSponsorTime', function (req, res) {
return; return;
} }
//hash the userID
userID = getHashedUserID(userID);
//check if vote has already happened //check if vote has already happened
db.prepare("SELECT type FROM votes WHERE userID = ? AND UUID = ?").get(userID, UUID, function(err, row) { db.prepare("SELECT type FROM votes WHERE userID = ? AND UUID = ?").get(userID, UUID, function(err, row) {
if (err) console.log(err); if (err) console.log(err);
@@ -236,16 +252,19 @@ app.get('/api/getViewsForUser', function (req, res) {
return; return;
} }
//hash the userID
userID = getHashedUserID(userID);
//up the view count by one //up the view count by one
db.prepare("SELECT SUM(views) as viewCount FROM sponsorTimes WHERE userID = ?").get(userID, function(err, row) { db.prepare("SELECT SUM(views) as viewCount FROM sponsorTimes WHERE userID = ?").get(userID, function(err, row) {
if (err) console.log(err); if (err) console.log(err);
if (row != null) { if (row.viewCount != null) {
res.send({ res.send({
viewCount: row.viewCount viewCount: row.viewCount
}); });
} else { } else {
res.send(404); res.sendStatus(404);
} }
}); });
}); });
@@ -254,6 +273,17 @@ app.get('/database.db', function (req, res) {
res.sendFile("./databases/sponsorTimes.db", { root: __dirname }); res.sendFile("./databases/sponsorTimes.db", { root: __dirname });
}); });
function getHashedUserID(userID) {
//hash the userID so no one can get it from the database
let hashedUserID = userID;
//hash it 5000 times, this makes it very hard to brute force
for (let i = 0; i < 5000; i++) {
let hashCreator = crypto.createHash('sha256');
hashedUserID = hashCreator.update(hashedUserID).digest('hex');
}
return hashedUserID;
}
//This function will find sponsor times that are contained inside of eachother, called similar sponsor times //This function will find sponsor times that are contained inside of eachother, called similar sponsor times
//Only one similar time will be returned, randomly generated based on the sqrt of votes. //Only one similar time will be returned, randomly generated based on the sqrt of votes.