From 69258587bcd371697de59907073aeb3daa6fc941 Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Mon, 19 Aug 2019 20:42:25 -0400 Subject: [PATCH 1/7] Raised stats limit to 100. --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index 474104b..bbe94bf 100644 --- a/index.js +++ b/index.js @@ -374,7 +374,7 @@ app.get('/api/getTopUsers', function (req, res) { let totalSubmissions = []; let minutesSaved = []; - db.prepare("SELECT sponsorTimes.userID as userID, COUNT(*) as totalSubmissions, SUM(views) as viewCount, SUM((sponsorTimes.endTime - sponsorTimes.startTime) / 60 * sponsorTimes.views) as minutesSaved, userNames.userName as userName FROM sponsorTimes LEFT JOIN userNames ON sponsorTimes.userID=userNames.userID WHERE sponsorTimes.votes > -1 GROUP BY sponsorTimes.userID ORDER BY " + sortBy + " DESC LIMIT 50").all(function(err, rows) { + db.prepare("SELECT sponsorTimes.userID as userID, COUNT(*) as totalSubmissions, SUM(views) as viewCount, SUM((sponsorTimes.endTime - sponsorTimes.startTime) / 60 * sponsorTimes.views) as minutesSaved, userNames.userName as userName FROM sponsorTimes LEFT JOIN userNames ON sponsorTimes.userID=userNames.userID WHERE sponsorTimes.votes > -1 GROUP BY sponsorTimes.userID ORDER BY " + sortBy + " DESC LIMIT 100").all(function(err, rows) { for (let i = 0; i < rows.length; i++) { if (rows[i].userName != null) { userNames[i] = rows[i].userName; From a6b166588f085f79979bf70bb2d2d78afec9fae0 Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Wed, 21 Aug 2019 17:05:08 -0400 Subject: [PATCH 2/7] Added sql schemas --- .gitignore | 3 ++- databases/_private.db.sql | 13 +++++++++++++ databases/_sponsorTimes.db.sql | 21 +++++++++++++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 databases/_private.db.sql create mode 100644 databases/_sponsorTimes.db.sql diff --git a/.gitignore b/.gitignore index 17f0a3d..d50513a 100644 --- a/.gitignore +++ b/.gitignore @@ -88,4 +88,5 @@ typings/ .dynamodb/ # Databases -databases \ No newline at end of file +databases/sponsorTimes.db +databases/private.db \ No newline at end of file diff --git a/databases/_private.db.sql b/databases/_private.db.sql new file mode 100644 index 0000000..b8f6089 --- /dev/null +++ b/databases/_private.db.sql @@ -0,0 +1,13 @@ +BEGIN TRANSACTION; +CREATE TABLE IF NOT EXISTS "votes" ( + "UUID" TEXT NOT NULL, + "userID" INTEGER NOT NULL, + "hashedIP" INTEGER NOT NULL, + "type" INTEGER NOT NULL +); +CREATE TABLE IF NOT EXISTS "sponsorTimes" ( + "videoID" TEXT NOT NULL, + "hashedIP" TEXT NOT NULL, + "timeSubmitted" INTEGER NOT NULL +); +COMMIT; diff --git a/databases/_sponsorTimes.db.sql b/databases/_sponsorTimes.db.sql new file mode 100644 index 0000000..0965c2c --- /dev/null +++ b/databases/_sponsorTimes.db.sql @@ -0,0 +1,21 @@ +BEGIN TRANSACTION; +CREATE TABLE IF NOT EXISTS "userNames" ( + "userID" TEXT NOT NULL, + "userName" TEXT NOT NULL +); +CREATE TABLE IF NOT EXISTS "sponsorTimes" ( + "videoID" TEXT NOT NULL, + "startTime" REAL NOT NULL, + "endTime" REAL NOT NULL, + "votes" INTEGER NOT NULL, + "UUID" TEXT NOT NULL UNIQUE, + "userID" TEXT NOT NULL, + "timeSubmitted" INTEGER NOT NULL, + "views" INTEGER NOT NULL +); +CREATE TABLE IF NOT EXISTS "votes" ( + "userID" TEXT NOT NULL, + "UUID" TEXT NOT NULL, + "type" INTEGER NOT NULL +); +COMMIT; From 4ceb7f3b47292c242b8a01316f9cc01138756caf Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Wed, 21 Aug 2019 17:06:22 -0400 Subject: [PATCH 3/7] Removed unneeded table from schema --- databases/_sponsorTimes.db.sql | 5 ----- 1 file changed, 5 deletions(-) diff --git a/databases/_sponsorTimes.db.sql b/databases/_sponsorTimes.db.sql index 0965c2c..461272d 100644 --- a/databases/_sponsorTimes.db.sql +++ b/databases/_sponsorTimes.db.sql @@ -13,9 +13,4 @@ CREATE TABLE IF NOT EXISTS "sponsorTimes" ( "timeSubmitted" INTEGER NOT NULL, "views" INTEGER NOT NULL ); -CREATE TABLE IF NOT EXISTS "votes" ( - "userID" TEXT NOT NULL, - "UUID" TEXT NOT NULL, - "type" INTEGER NOT NULL -); COMMIT; From 49af7dd65d7677dde7887627c1c4171d43885d4e Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Thu, 22 Aug 2019 00:01:27 -0400 Subject: [PATCH 4/7] Added new shadowHidden variable that only lets it get sent out to submitters. --- databases/_private.db.sql | 3 +++ databases/_sponsorTimes.db.sql | 11 ++++++----- index.js | 20 +++++++++++++++++++- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/databases/_private.db.sql b/databases/_private.db.sql index b8f6089..dfd672a 100644 --- a/databases/_private.db.sql +++ b/databases/_private.db.sql @@ -1,4 +1,7 @@ BEGIN TRANSACTION; +CREATE TABLE IF NOT EXISTS "shadowBannedUsers" ( + "userID" TEXT NOT NULL +); CREATE TABLE IF NOT EXISTS "votes" ( "UUID" TEXT NOT NULL, "userID" INTEGER NOT NULL, diff --git a/databases/_sponsorTimes.db.sql b/databases/_sponsorTimes.db.sql index 461272d..ec45877 100644 --- a/databases/_sponsorTimes.db.sql +++ b/databases/_sponsorTimes.db.sql @@ -1,8 +1,4 @@ BEGIN TRANSACTION; -CREATE TABLE IF NOT EXISTS "userNames" ( - "userID" TEXT NOT NULL, - "userName" TEXT NOT NULL -); CREATE TABLE IF NOT EXISTS "sponsorTimes" ( "videoID" TEXT NOT NULL, "startTime" REAL NOT NULL, @@ -11,6 +7,11 @@ CREATE TABLE IF NOT EXISTS "sponsorTimes" ( "UUID" TEXT NOT NULL UNIQUE, "userID" TEXT NOT NULL, "timeSubmitted" INTEGER NOT NULL, - "views" INTEGER NOT NULL + "views" INTEGER NOT NULL, + "shadowHidden" INTEGER NOT NULL +); +CREATE TABLE IF NOT EXISTS "userNames" ( + "userID" TEXT NOT NULL, + "userName" TEXT NOT NULL ); COMMIT; diff --git a/index.js b/index.js index bbe94bf..b0117aa 100644 --- a/index.js +++ b/index.js @@ -37,7 +37,9 @@ app.get('/api/getVideoSponsorTimes', function (req, res) { let votes = [] let UUIDs = []; - db.prepare("SELECT startTime, endTime, votes, UUID FROM sponsorTimes WHERE videoID = ? ORDER BY startTime").all(videoID, function(err, rows) { + let hashedIP = getHash(getIP(req) + globalSalt); + + db.prepare("SELECT startTime, endTime, votes, UUID, shadowHidden FROM sponsorTimes WHERE videoID = ? ORDER BY startTime").all(videoID, async function(err, rows) { if (err) console.log(err); for (let i = 0; i < rows.length; i++) { @@ -46,6 +48,22 @@ app.get('/api/getVideoSponsorTimes', function (req, res) { //too untrustworthy, just ignore it continue; } + + //check if shadowHidden + //this means it is hidden to everyone but the original ip that submitted it + if (rows[i].shadowHidden == 1) { + //get the ip + //await the callback + let result = await new Promise((resolve, reject) => { + privateDB.prepare("SELECT hashedIP FROM sponsorTimes WHERE videoID = ?").all(videoID, (err, rows) => resolve({err, rows})); + }); + + if (result.rows.length == 0 || !result.rows.includes({hashedIP})) { + //this isn't their ip, don't send it to them + continue; + } + } + sponsorTimes.push([]); let index = sponsorTimes.length - 1; From 58d3699a06cb266382c76429f53fe1a9c16cdba6 Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Thu, 22 Aug 2019 14:18:31 -0400 Subject: [PATCH 5/7] Fixed includes check --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index b0117aa..ca7dab7 100644 --- a/index.js +++ b/index.js @@ -58,7 +58,7 @@ app.get('/api/getVideoSponsorTimes', function (req, res) { privateDB.prepare("SELECT hashedIP FROM sponsorTimes WHERE videoID = ?").all(videoID, (err, rows) => resolve({err, rows})); }); - if (result.rows.length == 0 || !result.rows.includes({hashedIP})) { + if (!result.rows.some((e) => e.hashedIP === hashedIP)) { //this isn't their ip, don't send it to them continue; } From 1b4767cd389251afb0bae5d1ce531b61926e2cc8 Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Thu, 22 Aug 2019 16:15:13 -0400 Subject: [PATCH 6/7] Locked the username for undefined. --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index ca7dab7..1c2573c 100644 --- a/index.js +++ b/index.js @@ -282,7 +282,7 @@ app.post('/api/setUsername', function (req, res) { let userID = req.query.userID; let userName = req.query.username; - if (userID == undefined || userName == undefined) { + if (userID == undefined || userName == undefined || userID === "undefined") { //invalid request res.sendStatus(400); return; From d79921f2d6b4f9642cf719cbac5300cf73af0136 Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Sat, 24 Aug 2019 16:24:39 -0400 Subject: [PATCH 7/7] Added shadow banning and unshadow banning users. --- index.js | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 74 insertions(+), 4 deletions(-) diff --git a/index.js b/index.js index 1c2573c..f02f23f 100644 --- a/index.js +++ b/index.js @@ -18,6 +18,8 @@ http.createServer(app).listen(80); //global salt that is added to every ip before hashing to // make it even harder for someone to decode the ip var globalSalt = "49cb0d52-1aec-4b89-85fc-fab2c53062fb"; // Should not be global +//this is the user that can add shadow bans +var adminUserID = "7b89ea26f77bda8176e655eee86029f28c1e6514b6d6e3450bce362b5b126ca3"; //if so, it will use the x-forwarded header instead of the ip address of the connection var behindProxy = true; @@ -146,7 +148,7 @@ app.get('/api/postVideoSponsorTimes', function (req, res) { let timeSubmitted = Date.now(); let yesterday = timeSubmitted - 86400000; - + //check to see if this ip has submitted too many sponsors today privateDB.prepare("SELECT COUNT(*) as count FROM sponsorTimes WHERE hashedIP = ? AND videoID = ? AND timeSubmitted > ?").get([hashedIP, videoID, yesterday], function(err, row) { if (row.count >= 10) { @@ -160,12 +162,19 @@ app.get('/api/postVideoSponsorTimes', function (req, res) { res.sendStatus(429); } else { //check if this info has already been submitted first - db.prepare("SELECT UUID FROM sponsorTimes WHERE startTime = ? and endTime = ? and videoID = ?").get([startTime, endTime, videoID], function(err, row) { + db.prepare("SELECT UUID FROM sponsorTimes WHERE startTime = ? and endTime = ? and videoID = ?").get([startTime, endTime, videoID], async function(err, row) { if (err) console.log(err); - + + //check to see if this user is shadowbanned + let result = await new Promise((resolve, reject) => { + privateDB.prepare("SELECT count(*) as userCount FROM shadowBannedUsers WHERE userID = ?").get(userID, (err, row) => resolve({err, row})); + }); + + let shadowBanned = result.row.userCount; + if (row == null) { //not a duplicate, execute query - db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, timeSubmitted, 0); + db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, timeSubmitted, 0, shadowBanned); //add to private db as well privateDB.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?)").run(videoID, hashedIP, timeSubmitted); @@ -336,6 +345,67 @@ app.get('/api/getUsername', function (req, res) { }); }); +//Endpoint used to hide a certain user's data +app.get('/api/shadowBanUser', async function (req, res) { + let userID = req.query.userID; + let shadowUserID = req.query.shadowUserID; + + let enabled = req.query.enabled; + if (enabled === undefined){ + enabled = true; + } else { + enabled = enabled === "true"; + } + + //if enabled is false and the old submissions should be made visible again + let unHideOldSubmissions = req.query.unHideOldSubmissions; + if (enabled === undefined){ + unHideOldSubmissions = true; + } else { + unHideOldSubmissions = unHideOldSubmissions === "true"; + } + + if (userID == undefined || shadowUserID == undefined) { + //invalid request + res.sendStatus(400); + return; + } + + //hash the userIDs + userID = getHash(userID); + + if (userID !== adminUserID) { + //not authorized + res.sendStatus(403); + return; + } + + //check to see if this user is already shadowbanned + let result = await new Promise((resolve, reject) => { + privateDB.prepare("SELECT count(*) as userCount FROM shadowBannedUsers WHERE userID = ?").get(shadowUserID, (err, row) => resolve({err, row})); + }); + + if (enabled && result.row.userCount == 0) { + //add them to the shadow ban list + + //add it to the table + privateDB.prepare("INSERT INTO shadowBannedUsers VALUES(?)").run(shadowUserID); + + //find all previous submissions and hide them + db.prepare("UPDATE sponsorTimes SET shadowHidden = 1 WHERE userID = ?").run(shadowUserID); + } else if (!enabled && result.row.userCount > 0) { + //remove them from the shadow ban list + privateDB.prepare("DELETE FROM shadowBannedUsers WHERE userID = ?").run(shadowUserID); + + //find all previous submissions and unhide them + if (unHideOldSubmissions) { + db.prepare("UPDATE sponsorTimes SET shadowHidden = 0 WHERE userID = ?").run(shadowUserID); + } + } + + res.sendStatus(200); +}); + //Gets all the views added up for one userID //Useful to see how much one user has contributed app.get('/api/getViewsForUser', function (req, res) {