Merge pull request #274 from mchangrh/getUserID

GET api/userID
2025-12-24 08:28:27 +03:00 · 2021-06-27 18:10:35 -04:00
parent 07ab48da1f 33a45ce0a2
commit 98b5fa7bce
4 changed files with 476 additions and 14 deletions
--- a/src/app.ts
+++ b/src/app.ts
@@ -32,6 +32,7 @@ import {endpoint as getSegmentInfo} from './routes/getSegmentInfo';
 import {postClearCache} from './routes/postClearCache';
 import { addUnlistedVideo } from './routes/addUnlistedVideo';
 import {postPurgeAllSegments} from './routes/postPurgeAllSegments';
+import {getUserID} from './routes/getUserID';

 export function createServer(callback: () => void) {
    // Create a service (the app object is just a callback).
@@ -146,6 +147,9 @@ function setupRoutes(app: Express) {
    app.post('/api/purgeAllSegments', postPurgeAllSegments);

    app.post('/api/unlistedVideo', addUnlistedVideo);
+    
+    // get userID from username
+    app.get('/api/userID', getUserID);

    if (config.postgres) {
        app.get('/database', (req, res) => dumpDatabase(req, res, true));
--- a/src/routes/getUserID.ts
+++ b/src/routes/getUserID.ts
@@ -0,0 +1,55 @@
+import {db} from '../databases/databases';
+import {Request, Response} from 'express';
+import {UserID} from '../types/user.model';
+
+function getFuzzyUserID(userName: String): Promise<{userName: String, userID: UserID }[]>  {
+    // escape [_ % \] to avoid ReDOS
+    userName = userName.replace(/\\/g, '\\\\')
+        .replace(/_/g, '\\_')
+        .replace(/%/g, '\\%');
+    userName = `%${userName}%`; // add wildcard to username
+    // LIMIT to reduce overhead | ESCAPE to escape LIKE wildcards
+    try {
+        return db.prepare('all', `SELECT "userName", "userID" FROM "userNames" WHERE "userName"
+        LIKE ? ESCAPE '\\' LIMIT 10`, [userName])
+    } catch (err) {
+        return null;
+    }
+}
+
+function getExactUserID(userName: String): Promise<{userName: String, userID: UserID }[]>  {
+    try {
+        return db.prepare('all', `SELECT "userName", "userID" from "userNames" WHERE "userName" = ? LIMIT 10`, [userName]);
+    } catch (err) {
+        return null;
+    }
+}
+
+export async function getUserID(req: Request, res: Response) {
+    let userName = req.query.username as string;
+    const exactSearch = req.query.exact
+        ? req.query.exact == "true"
+        : false as Boolean;
+    
+    // if not exact and length is 1, also skip
+    if (userName == undefined || userName.length > 64 ||
+        (!exactSearch && userName.length < 3)) {
+        // invalid request
+        res.sendStatus(400);
+        return false;
+    }
+    const results = exactSearch
+        ? await getExactUserID(userName)
+        : await getFuzzyUserID(userName);
+
+    if (results === undefined || results === null) {
+        res.sendStatus(500);
+        return false;
+    } else if (results.length === 0) {
+        res.sendStatus(404);
+        return false;
+    } else {
+        res.send(results);
+        return false;
+    }
+}