From 930c0bc6a31501a8baa2036e566d7e62361f2127 Mon Sep 17 00:00:00 2001
From: Ajay Ramachandran <dev@ajay.app>
Date: Sun, 21 Jul 2019 22:06:01 -0400
Subject: [PATCH] Added rate limit per day per IP.

---
 index.js | 38 ++++++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/index.js b/index.js
index f46e2f2..6501d29 100644
--- a/index.js
+++ b/index.js
@@ -105,23 +105,33 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
     //get current time
     let timeSubmitted = Date.now();
 
-    //check to see if the user has already submitted sponsors for this video
-    db.prepare("SELECT UUID FROM sponsorTimes WHERE userID = ? and videoID = ?").all([userID, videoID], function(err, rows) {
-        if (rows.length >= 4) {
-            //too many sponsors for the same video from the same user
+    let yesterday = timeSubmitted - 86400000;
+    
+    //check to see if this ip has submitted too many sponsors today
+    db.prepare("SELECT COUNT(*) as count FROM sponsorTimes WHERE hashedIP = ? AND videoID = ? AND timeSubmitted > ?").get([hashedIP, videoID, yesterday], function(err, row) {
+        if (row.count >= 10) {
+            //too many sponsors for the same video from the same ip address
             res.sendStatus(429);
         } else {
-            //check if this info has already been submitted first
-            db.prepare("SELECT UUID FROM sponsorTimes WHERE startTime = ? and endTime = ? and videoID = ?").get([startTime, endTime, videoID], function(err, row) {
-                if (err) console.log(err);
-                
-                if (row == null) {
-                    //not a duplicate, execute query
-                    db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, hashedIP, timeSubmitted);
-
-                    res.sendStatus(200);
+            //check to see if the user has already submitted sponsors for this video
+            db.prepare("SELECT COUNT(*) as count FROM sponsorTimes WHERE userID = ? and videoID = ?").get([userID, videoID], function(err, row) {
+                if (row.count >= 4) {
+                    //too many sponsors for the same video from the same user
+                    res.sendStatus(429);
                 } else {
-                    res.sendStatus(409);
+                    //check if this info has already been submitted first
+                    db.prepare("SELECT UUID FROM sponsorTimes WHERE startTime = ? and endTime = ? and videoID = ?").get([startTime, endTime, videoID], function(err, row) {
+                        if (err) console.log(err);
+                        
+                        if (row == null) {
+                            //not a duplicate, execute query
+                            db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, hashedIP, timeSubmitted);
+
+                            res.sendStatus(200);
+                        } else {
+                            res.sendStatus(409);
+                        }
+                    });
                 }
             });
         }