Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-26 01:18:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/ajayyy/SponsorBlockServer

Browse Source
This commit is contained in:
Ajay Ramachandran
2021-06-28 13:24:04 -04:00
parent 0ddde452e3 7dbd4a3150
commit 8b54e965a2
8 changed files with 558 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/routes/getUserID.ts Normal file
View File

@@ -0,0 +1,55 @@
import {db} from '../databases/databases';
import {Request, Response} from 'express';
import {UserID} from '../types/user.model';
function getFuzzyUserID(userName: String): Promise<{userName: String, userID: UserID }[]> {
// escape [_ % \] to avoid ReDOS
userName = userName.replace(/\\/g, '\\\\')
.replace(/_/g, '\\_')
.replace(/%/g, '\\%');
userName = `%${userName}%`; // add wildcard to username
// LIMIT to reduce overhead | ESCAPE to escape LIKE wildcards
try {
return db.prepare('all', `SELECT "userName", "userID" FROM "userNames" WHERE "userName"
LIKE ? ESCAPE '\\' LIMIT 10`, [userName])
} catch (err) {
return null;
}
}
function getExactUserID(userName: String): Promise<{userName: String, userID: UserID }[]> {
try {
return db.prepare('all', `SELECT "userName", "userID" from "userNames" WHERE "userName" = ? LIMIT 10`, [userName]);
} catch (err) {
return null;
}
}
export async function getUserID(req: Request, res: Response) {
let userName = req.query.username as string;
const exactSearch = req.query.exact
? req.query.exact == "true"
: false as Boolean;
// if not exact and length is 1, also skip
if (userName == undefined || userName.length > 64 ||
(!exactSearch && userName.length < 3)) {
// invalid request
res.sendStatus(400);
return false;
}
const results = exactSearch
? await getExactUserID(userName)
: await getFuzzyUserID(userName);
if (results === undefined || results === null) {
res.sendStatus(500);
return false;
} else if (results.length === 0) {
res.sendStatus(404);
return false;
} else {
res.send(results);
return false;
}
}

17
src/routes/setUsername.ts
View File

@@ -1,9 +1,16 @@
import {config} from '../config';
import {Logger} from '../utils/logger';
import {db} from '../databases/databases';
import {db, privateDB} from '../databases/databases';
import {getHash} from '../utils/getHash';
import {Request, Response} from 'express';
async function logUserNameChange(userID: string, newUserName: string, oldUserName: string, updatedByAdmin: boolean): Promise<void> {
return privateDB.prepare('run',
`INSERT INTO "userNameLogs"("userID", "newUserName", "oldUserName", "updatedByAdmin", "updatedAt") VALUES(?, ?, ?, ?, ?)`,
[userID, newUserName, oldUserName, + updatedByAdmin, new Date().getTime()]
);
}
export async function setUsername(req: Request, res: Response) {
let userID = req.query.userID as string;
let userName = req.query.username as string;
@@ -55,11 +62,13 @@ export async function setUsername(req: Request, res: Response) {
try {
//check if username is already set
const row = await db.prepare('get', `SELECT count(*) as count FROM "userNames" WHERE "userID" = ?`, [userID]);
const row = await db.prepare('get', `SELECT "userName" FROM "userNames" WHERE "userID" = ? LIMIT 1`, [userID]);
const locked = adminUserIDInput === undefined ? 0 : 1;
let oldUserName = '';
if (row.count > 0) {
if (row.userName && row.userName.length !== 0) {
//already exists, update this row
oldUserName = row.userName;
await db.prepare('run', `UPDATE "userNames" SET "userName" = ? WHERE "userID" = ?`, [userName, userID]);
await db.prepare('run', `UPDATE "userNames" SET "locked" = ? WHERE "userID" = ?`, [locked, userID]);
} else {
@@ -67,6 +76,8 @@ export async function setUsername(req: Request, res: Response) {
await db.prepare('run', `INSERT INTO "userNames"("userID", "userName", "locked") VALUES(?, ?, ?)`, [userID, userName, locked]);
}
await logUserNameChange(userID, userName, oldUserName, adminUserIDInput !== undefined);
res.sendStatus(200);
} catch (err) {
Logger.error(err);