From f71c4ceba9a373f70f076c0f9c053e34fb8932ed Mon Sep 17 00:00:00 2001 From: mini-bomba <55105495+mini-bomba@users.noreply.github.com> Date: Sun, 25 May 2025 22:46:23 +0200 Subject: [PATCH 1/3] don't send dearrow webhooks for banned users --- src/routes/postBranding.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/routes/postBranding.ts b/src/routes/postBranding.ts index d9ccbbd..b07fc24 100644 --- a/src/routes/postBranding.ts +++ b/src/routes/postBranding.ts @@ -74,7 +74,7 @@ export async function postBranding(req: Request, res: Response) { endpoint: "dearrow-postBranding", }); if (matchedRule !== null) { - sendNewUserWebhook(config.discordRejectedNewUserWebhookURL, hashedUserID, videoID, userAgent, req, videoDuration, title, matchedRule); + sendNewUserWebhook(config.discordRejectedNewUserWebhookURL, hashedUserID, videoID, userAgent, req, videoDuration, title, `Caught by rule: ${matchedRule}`); Logger.warn(`Dearrow submission rejected by request validator: ${hashedUserID} ${videoID} ${videoDuration} ${userAgent} ${req.headers["user-agent"]} ${title.title} ${thumbnail.timestamp}`); res.status(200).send("OK"); return; @@ -121,7 +121,7 @@ export async function postBranding(req: Request, res: Response) { const existingIsLocked = !!existingUUID && (await db.prepare("get", `SELECT "locked" from "titleVotes" where "UUID" = ?`, [existingUUID]))?.locked; if (existingUUID != undefined && isBanned) return; // ignore votes on existing details from banned users if (downvote && existingIsLocked && !isVip) { - sendWebhooks(videoID, existingUUID, voteType, wasWarned, shouldLock).catch((e) => Logger.error(e)); + if (!isBanned) sendWebhooks(videoID, existingUUID, voteType, wasWarned, shouldLock).catch((e) => Logger.error(e)); errorCode = 403; return; } @@ -150,7 +150,7 @@ export async function postBranding(req: Request, res: Response) { await db.prepare("run", `UPDATE "titleVotes" as tv SET "locked" = 0 FROM "titles" t WHERE tv."UUID" = t."UUID" AND tv."UUID" != ? AND t."videoID" = ?`, [UUID, videoID]); } - sendWebhooks(videoID, UUID, voteType, wasWarned, shouldLock).catch((e) => Logger.error(e)); + if (!isBanned) sendWebhooks(videoID, UUID, voteType, wasWarned, shouldLock).catch((e) => Logger.error(e)); } })(), (async () => { if (thumbnail) { @@ -211,7 +211,7 @@ export async function postBranding(req: Request, res: Response) { } } -function sendNewUserWebhook(webhookUrl: string, hashedUserID: HashedUserID, videoID: VideoID, userAgent: any, req: Request, videoDuration: number, title: TitleSubmission, ruleName: string | undefined) { +function sendNewUserWebhook(webhookUrl: string, hashedUserID: HashedUserID, videoID: VideoID, userAgent: any, req: Request, videoDuration: number, title: TitleSubmission, footerText: string | undefined) { if (!webhookUrl) return; axios.post(webhookUrl, { @@ -227,8 +227,8 @@ function sendNewUserWebhook(webhookUrl: string, hashedUserID: HashedUserID, vide "thumbnail": { "url": getMaxResThumbnail(videoID), }, - "footer": { - "text": ruleName === undefined ? `Caught by permission check` : `Caught by rule '${ruleName}'`, + "footer": footerText === undefined ? null : { + "text": footerText, }, }], }) From bce5385864bb60b3ed5d8ec994d6b72438429ef5 Mon Sep 17 00:00:00 2001 From: mini-bomba <55105495+mini-bomba@users.noreply.github.com> Date: Mon, 26 May 2025 16:41:55 +0200 Subject: [PATCH 2/3] shortcircuit the new user check for banned users --- src/routes/postBranding.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/routes/postBranding.ts b/src/routes/postBranding.ts index b07fc24..3f5ef35 100644 --- a/src/routes/postBranding.ts +++ b/src/routes/postBranding.ts @@ -80,7 +80,13 @@ export async function postBranding(req: Request, res: Response) { return; } - const permission = await canSubmitDeArrow(hashedUserID); + // treat banned users as existing users who "can submit" for the purposes of these checks + // this is to avoid their titles from being logged and them taking up "new user" slots with every submission + const permission = isBanned ? { + canSubmit: true, + newUser: false, + reason: "", + } : await canSubmitDeArrow(hashedUserID); if (!permission.canSubmit) { Logger.warn(`New user trying to submit dearrow: ${hashedUserID} ${videoID} ${videoDuration} ${Object.keys(req.body)} ${userAgent} ${title?.title} ${req.headers["user-agent"]}`); From 70ce320737ec320dcee576870548818c2d0dd78d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Jun 2025 09:19:22 +0000 Subject: [PATCH 3/3] Bump tar-fs from 2.1.2 to 2.1.3 Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.2 to 2.1.3. - [Commits](https://github.com/mafintosh/tar-fs/commits) --- updated-dependencies: - dependency-name: tar-fs dependency-version: 2.1.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 67d739e..f5d435d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5512,9 +5512,9 @@ } }, "node_modules/tar-fs": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz", - "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz", + "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==", "license": "MIT", "dependencies": { "chownr": "^1.1.1", @@ -10017,9 +10017,9 @@ } }, "tar-fs": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz", - "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz", + "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==", "requires": { "chownr": "^1.1.1", "mkdirp-classic": "^0.5.2",