diff --git a/src/routes/postBranding.ts b/src/routes/postBranding.ts index 1c5af13..1be7572 100644 --- a/src/routes/postBranding.ts +++ b/src/routes/postBranding.ts @@ -18,6 +18,7 @@ import { checkBanStatus } from "../utils/checkBan"; import axios from "axios"; import { getMaxResThumbnail } from "../utils/youtubeApi"; import { getVideoDetails } from "../utils/getVideoDetails"; +import { canVote } from "../utils/permissions"; enum BrandingType { Title, @@ -55,6 +56,10 @@ export async function postBranding(req: Request, res: Response) { const hashedIP = await getHashCache(getIP(req) + config.globalSalt as IPAddress); const isBanned = await checkBanStatus(hashedUserID, hashedIP); + if (!await canVote(hashedUserID)) { + res.status(200).send("OK"); + } + if (videoDuration && thumbnail && await checkForWrongVideoDuration(videoID, videoDuration)) { res.status(403).send("YouTube is currently testing a new anti-adblock technique called server-side ad-injection. This causes skips and submissions to be offset by the duration of the ad. It seems that you are affected by this A/B test, so until a fix is developed, we cannot accept submissions from your device due to them potentially being inaccurate."); return; diff --git a/src/routes/postCasual.ts b/src/routes/postCasual.ts index 4e83d27..9a356c2 100644 --- a/src/routes/postCasual.ts +++ b/src/routes/postCasual.ts @@ -13,6 +13,7 @@ import crypto from "crypto"; import { QueryCacher } from "../utils/queryCacher"; import { acquireLock } from "../utils/redisLock"; import { checkBanStatus } from "../utils/checkBan"; +import { canVote } from "../utils/permissions"; interface ExistingVote { UUID: BrandingUUID; @@ -41,6 +42,10 @@ export async function postCasual(req: Request, res: Response) { const hashedIP = await getHashCache(getIP(req) + config.globalSalt as IPAddress); const isBanned = await checkBanStatus(hashedUserID, hashedIP); + if (!await canVote(hashedUserID)) { + res.status(200).send("OK"); + } + const lock = await acquireLock(`postCasual:${videoID}.${hashedUserID}`); if (!lock.status) { res.status(429).send("Vote already in progress"); diff --git a/src/routes/voteOnSponsorTime.ts b/src/routes/voteOnSponsorTime.ts index 42fc54d..215119d 100644 --- a/src/routes/voteOnSponsorTime.ts +++ b/src/routes/voteOnSponsorTime.ts @@ -17,6 +17,7 @@ import { getVideoDetails, videoDetails } from "../utils/getVideoDetails"; import { deleteLockCategories } from "./deleteLockCategories"; import { acquireLock } from "../utils/redisLock"; import { checkBanStatus } from "../utils/checkBan"; +import { canVote } from "../utils/permissions"; const voteTypes = { normal: 0, @@ -342,6 +343,10 @@ export async function vote(ip: IPAddress, UUID: SegmentUUID, paramUserID: UserID const nonAnonUserID = await getHashCache(paramUserID); const userID = await getHashCache(paramUserID + UUID); + if (!await canVote(nonAnonUserID)) { + return { status: 200 }; + } + //hash the ip 5000 times so no one can get it from the database const hashedIP: HashedIP = await getHashCache((ip + config.globalSalt) as IPAddress); diff --git a/src/utils/permissions.ts b/src/utils/permissions.ts index 330a41c..35a5ecd 100644 --- a/src/utils/permissions.ts +++ b/src/utils/permissions.ts @@ -45,4 +45,13 @@ export async function canSubmit(userID: HashedUserID, category: Category): Promi reason: "We are currently experiencing a mass spam attack" }; } +} + +export async function canVote(userID: HashedUserID): Promise { + return { + canSubmit: await oneOf([isUserVIP(userID), + oldSubmitter(userID) + ]), + reason: "We are currently experiencing a mass spam attack" + }; } \ No newline at end of file