From 9d06bda4f8d93942e39ec6aa1c7eb2f6eeedfdcd Mon Sep 17 00:00:00 2001
From: Ajay Ramachandran <dev@ajay.app>
Date: Sat, 17 Apr 2021 16:37:39 -0400
Subject: [PATCH] Don't allow downvoting dead submissions

---
 src/routes/voteOnSponsorTime.ts | 12 +++++++++---
 test/cases/voteOnSponsorTime.ts | 19 +++++++++++++++++--
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/src/routes/voteOnSponsorTime.ts b/src/routes/voteOnSponsorTime.ts
index 240baf9..4cb7690 100644
--- a/src/routes/voteOnSponsorTime.ts
+++ b/src/routes/voteOnSponsorTime.ts
@@ -286,13 +286,19 @@ export async function voteOnSponsorTime(req: Request, res: Response) {
         return categoryVote(UUID, nonAnonUserID, isVIP, isOwnSubmission, category, hashedIP, finalResponse, res);
     }
 
-    if (type == 1 && !isVIP && !isOwnSubmission) {
+    if (type !== undefined && !isVIP && !isOwnSubmission) {
         // Check if upvoting hidden segment
         const voteInfo = await db.prepare('get', `SELECT votes FROM "sponsorTimes" WHERE "UUID" = ?`, [UUID]);
 
         if (voteInfo && voteInfo.votes <= -2) {
-            res.status(403).send("Not allowed to upvote segment with too many downvotes unless you are VIP.");
-            return;
+            if (type == 1) {
+                res.status(403).send("Not allowed to upvote segment with too many downvotes unless you are VIP.");
+                return;
+            } else if (type == 0) {
+                // Already downvoted enough, ignore
+                res.status(200).send();
+                return;
+            }
         }
     }
 
diff --git a/test/cases/voteOnSponsorTime.ts b/test/cases/voteOnSponsorTime.ts
index 2aae65f..86c3233 100644
--- a/test/cases/voteOnSponsorTime.ts
+++ b/test/cases/voteOnSponsorTime.ts
@@ -368,10 +368,25 @@ describe('voteOnSponsorTime', () => {
         fetch(getbaseURL()
             + "/api/voteOnSponsorTime?userID=randomID2&UUID=vote-uuid-5&type=1")
         .then(async res => {
-            if (res.status === 403) {
+            let row = await db.prepare('get', `SELECT "votes" FROM "sponsorTimes" WHERE "UUID" = ?`, ["vote-uuid-5"]);
+            if (res.status === 403 && row.votes === -3) {
                 done();
             } else {
-                done("Status code was " + res.status + " instead of 403");
+                done("Status code was " + res.status + ", row is " + JSON.stringify(row));
+            }
+        })
+        .catch(err => done(err));
+    });
+
+    it('Non-VIP should not be able to downvote "dead" submission', (done: Done) => {
+        fetch(getbaseURL()
+            + "/api/voteOnSponsorTime?userID=randomID2&UUID=vote-uuid-5&type=0")
+        .then(async res => {
+            let row = await db.prepare('get', `SELECT "votes" FROM "sponsorTimes" WHERE "UUID" = ?`, ["vote-uuid-5"]);
+            if (res.status === 200 && row.votes === -3) {
+                done();
+            } else {
+                done("Status code was " + res.status + ", row is " + JSON.stringify(row));
             }
         })
         .catch(err => done(err));