Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-06 19:47:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add permission check in more places

Browse Source
This commit is contained in:
Ajay
2025-04-07 00:36:01 -04:00
parent b69f050b44
commit 550339db41
4 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/routes/postBranding.ts
View File

@@ -18,6 +18,7 @@ import { checkBanStatus } from "../utils/checkBan";
import axios from "axios";
import { getMaxResThumbnail } from "../utils/youtubeApi";
import { getVideoDetails } from "../utils/getVideoDetails";
import { canVote } from "../utils/permissions";
enum BrandingType {
Title,
@@ -55,6 +56,10 @@ export async function postBranding(req: Request, res: Response) {
const hashedIP = await getHashCache(getIP(req) + config.globalSalt as IPAddress);
const isBanned = await checkBanStatus(hashedUserID, hashedIP);
if (!await canVote(hashedUserID)) {
res.status(200).send("OK");
}
if (videoDuration && thumbnail && await checkForWrongVideoDuration(videoID, videoDuration)) {
res.status(403).send("YouTube is currently testing a new anti-adblock technique called server-side ad-injection. This causes skips and submissions to be offset by the duration of the ad. It seems that you are affected by this A/B test, so until a fix is developed, we cannot accept submissions from your device due to them potentially being inaccurate.");
return;

5
src/routes/postCasual.ts
View File

@@ -13,6 +13,7 @@ import crypto from "crypto";
import { QueryCacher } from "../utils/queryCacher";
import { acquireLock } from "../utils/redisLock";
import { checkBanStatus } from "../utils/checkBan";
import { canVote } from "../utils/permissions";
interface ExistingVote {
UUID: BrandingUUID;
@@ -41,6 +42,10 @@ export async function postCasual(req: Request, res: Response) {
const hashedIP = await getHashCache(getIP(req) + config.globalSalt as IPAddress);
const isBanned = await checkBanStatus(hashedUserID, hashedIP);
if (!await canVote(hashedUserID)) {
res.status(200).send("OK");
}
const lock = await acquireLock(`postCasual:${videoID}.${hashedUserID}`);
if (!lock.status) {
res.status(429).send("Vote already in progress");

5
src/routes/voteOnSponsorTime.ts
View File

@@ -17,6 +17,7 @@ import { getVideoDetails, videoDetails } from "../utils/getVideoDetails";
import { deleteLockCategories } from "./deleteLockCategories";
import { acquireLock } from "../utils/redisLock";
import { checkBanStatus } from "../utils/checkBan";
import { canVote } from "../utils/permissions";
const voteTypes = {
normal: 0,
@@ -342,6 +343,10 @@ export async function vote(ip: IPAddress, UUID: SegmentUUID, paramUserID: UserID
const nonAnonUserID = await getHashCache(paramUserID);
const userID = await getHashCache(paramUserID + UUID);
if (!await canVote(nonAnonUserID)) {
return { status: 200 };
}
//hash the ip 5000 times so no one can get it from the database
const hashedIP: HashedIP = await getHashCache((ip + config.globalSalt) as IPAddress);

9
src/utils/permissions.ts
View File

@@ -46,3 +46,12 @@ export async function canSubmit(userID: HashedUserID, category: Category): Promi
};
}
}
export async function canVote(userID: HashedUserID): Promise<CanSubmitResult> {
return {
canSubmit: await oneOf([isUserVIP(userID),
oldSubmitter(userID)
]),
reason: "We are currently experiencing a mass spam attack"
};
}