From c3f7b29d449f9db3d08be7cecb8d2305de568ad8 Mon Sep 17 00:00:00 2001 From: Michael C Date: Tue, 24 Aug 2021 19:12:58 -0400 Subject: [PATCH 1/4] throw error 400 when start or endtime has colon --- src/routes/postSkipSegments.ts | 9 +++++++++ test/cases/postSkipSegments.ts | 22 ++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/src/routes/postSkipSegments.ts b/src/routes/postSkipSegments.ts index 492e5dc..e871c15 100644 --- a/src/routes/postSkipSegments.ts +++ b/src/routes/postSkipSegments.ts @@ -324,6 +324,15 @@ function checkInvalidFields(videoID: any, userID: any, segments: Array): Ch if (!Array.isArray(segments) || segments.length < 1) { invalidFields.push("segments"); } + // validate start and end times (no : marks) + for (const segmentPair of segments) { + const startTime = segmentPair.segment[0]; + const endTime = segmentPair.segment[1]; + if ((typeof startTime === "string" && startTime.includes(":")) || + (typeof endTime === "string" && endTime.includes(":"))) { + invalidFields.push("segment time"); + } + } if (invalidFields.length !== 0) { // invalid request diff --git a/test/cases/postSkipSegments.ts b/test/cases/postSkipSegments.ts index b6643c2..de502e1 100644 --- a/test/cases/postSkipSegments.ts +++ b/test/cases/postSkipSegments.ts @@ -987,4 +987,26 @@ describe("postSkipSegments", () => { }) .catch(err => done(err)); }); + + it("Should not be able to submit with colons in timestamps", (done: Done) => { + fetch(`${getbaseURL()}/api/postVideoSponsorTimes`, { + method: "POST", + headers: { + "Content-Type": "application/json" + }, + body: JSON.stringify({ + userID: "testtesttesttesttesttesttesttesttest", + videoID: "colon-1", + segments: [{ + segment: ["0:2.000", "3:10.392"], + category: "sponsor", + }] + }), + }) + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); From 265a01dcded19114353aff1d296600d3dde7cf84 Mon Sep 17 00:00:00 2001 From: Michael C Date: Wed, 25 Aug 2021 01:56:34 -0400 Subject: [PATCH 2/4] re-shadowban user if user is already shadowbanned but unhideOldSubmissions is true, sets all submissions to hidden. If not true, then return 409 duplicate --- src/routes/shadowBanUser.ts | 22 +++++++++++++++++++-- test/cases/shadowBanUser.ts | 38 +++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/src/routes/shadowBanUser.ts b/src/routes/shadowBanUser.ts index 3ecb653..b1196b0 100644 --- a/src/routes/shadowBanUser.ts +++ b/src/routes/shadowBanUser.ts @@ -49,8 +49,8 @@ export async function shadowBanUser(req: Request, res: Response): Promise `'${c}'`).join(",")}) - AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE - "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); + AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE + "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); // clear cache for all old videos (await db.prepare("all", `SELECT "videoID", "hashedVideoID", "service", "votes", "views" FROM "sponsorTimes" WHERE "userID" = ?`, [userID])) @@ -84,6 +84,24 @@ export async function shadowBanUser(req: Request, res: Response): Promise `'${c}'`).join(",")})`, [UUID]); })); } + // already shadowbanned + } else if (enabled && row.userCount > 0) { + // apply unHideOldSubmissions if applicable + if (unHideOldSubmissions) { + await db.prepare("run", `UPDATE "sponsorTimes" SET "shadowHidden" = 1 WHERE "userID" = ? AND "category" in (${categories.map((c) => `'${c}'`).join(",")}) + AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE + "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); + + // clear cache for all old videos + (await db.prepare("all", `SELECT "videoID", "hashedVideoID", "service", "votes", "views" FROM "sponsorTimes" WHERE "userID" = ?`, [userID])) + .forEach((videoInfo: {category: Category, videoID: VideoID, hashedVideoID: VideoIDHash, service: Service, userID: UserID}) => { + QueryCacher.clearVideoCache(videoInfo); + } + ); + return res.sendStatus(200); + } + // otherwise ban already exists, send 409 + return res.sendStatus(409); } } else if (hashedIP) { //check to see if this user is already shadowbanned diff --git a/test/cases/shadowBanUser.ts b/test/cases/shadowBanUser.ts index 419c324..56cf15f 100644 --- a/test/cases/shadowBanUser.ts +++ b/test/cases/shadowBanUser.ts @@ -18,7 +18,11 @@ describe("shadowBanUser", () => { await db.prepare("run", insertQuery, ["testtesttest", 1, 11, 2, 0, "shadow-3-uuid-0", "shadowBanned3", 0, 50, "sponsor", "YouTube", 100, 0, 1, getHash("testtesttest", 1)]); await db.prepare("run", insertQuery, ["testtesttest2", 1, 11, 2, 0, "shadow-3-uuid-0-1", "shadowBanned3", 0, 50, "sponsor", "PeerTube", 120, 0, 1, getHash("testtesttest2", 1)]); await db.prepare("run", insertQuery, ["testtesttest", 20, 33, 2, 0, "shadow-3-uuid-2", "shadowBanned3", 0, 50, "intro", "YouTube", 101, 0, 1, getHash("testtesttest", 1)]); + + await db.prepare("run", insertQuery, ["testtesttest", 21, 34, 2, 0, "shadow-4-uuid-1", "shadowBanned4", 0, 50, "sponsor", "YouTube", 101, 0, 0, getHash("testtesttest", 1)]); + await db.prepare("run", `INSERT INTO "shadowBannedUsers" ("userID") VALUES(?)`, ["shadowBanned3"]); + await db.prepare("run", `INSERT INTO "shadowBannedUsers" ("userID") VALUES(?)`, ["shadowBanned4"]); await db.prepare("run", `INSERT INTO "vipUsers" ("userID") VALUES(?)`, [getHash("shadow-ban-vip")]); }); @@ -106,4 +110,38 @@ describe("shadowBanUser", () => { .catch(err => done(err)); }); + it("Should get 409 when re-shadowbanning user", (done: Done) => { + fetch(`${getbaseURL() + }/api/shadowBanUser?userID=shadowBanned4&adminUserID=shadow-ban-vip&enabled=true&categories=["sponsor"]&unHideOldSubmissions=false`, { + method: "POST" + }) + .then(async res => { + assert.strictEqual(res.status, 409); + const videoRow = await db.prepare("all", `SELECT "shadowHidden", "category" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned4", 0]); + const shadowRow = await db.prepare("get", `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned4"]); + assert.ok(shadowRow); // ban still exists + assert.strictEqual(videoRow.length, 1); // videos should not be hidden + assert.strictEqual(videoRow[0].category, "sponsor"); + done(); + }) + .catch(err => done(err)); + }); + + it("Should be able to re-shadowban user to hide old submissions", (done: Done) => { + fetch(`${getbaseURL() + }/api/shadowBanUser?userID=shadowBanned4&adminUserID=shadow-ban-vip&enabled=true&categories=["sponsor"]&unHideOldSubmissions=true`, { + method: "POST" + }) + .then(async res => { + assert.strictEqual(res.status, 200); + const videoRow = await db.prepare("all", `SELECT "shadowHidden", "category" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned4", 1]); + const shadowRow = await db.prepare("get", `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned4"]); + assert.ok(shadowRow); // ban still exists + assert.strictEqual(videoRow.length, 1); // videos should be hidden + assert.strictEqual(videoRow[0].category, "sponsor"); + done(); + }) + .catch(err => done(err)); + }); + }); From 4f981c1229b0c18ea7c955bfa6f5df1a19edfa7e Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Wed, 25 Aug 2021 18:51:22 -0400 Subject: [PATCH 3/4] Clarify lock reason --- src/routes/postSkipSegments.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routes/postSkipSegments.ts b/src/routes/postSkipSegments.ts index 492e5dc..a77228e 100644 --- a/src/routes/postSkipSegments.ts +++ b/src/routes/postSkipSegments.ts @@ -362,7 +362,7 @@ async function checkEachSegmentValid(userID: string, videoID: VideoID errorCode: 403, errorMessage: `New submissions are not allowed for the following category: ` + - `'${segments[i].category}'. A moderator has decided that no new segments are needed and that all current segments of this category are timed perfectly.\n` + + `'${segments[i].category}'. A moderator has decided that no new segments are needed on this video and that all current segments of this category are timed perfectly.\n` + `${lockedCategoryList[lockIndex].reason?.length !== 0 ? `\nLock reason: '${lockedCategoryList[lockIndex].reason}'` : ""}\n` + `${(segments[i].category === "sponsor" ? "\nMaybe the segment you are submitting is a different category that you have not enabled and is not a sponsor. " + "Categories that aren't sponsor, such as self-promotion can be enabled in the options.\n" : "")}` + From c3a5b22dadd699b3f33aefe230ffc0355cb4d189 Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Sat, 28 Aug 2021 00:18:31 -0400 Subject: [PATCH 4/4] Move unHideSubmissions to helper function --- src/routes/shadowBanUser.ts | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/src/routes/shadowBanUser.ts b/src/routes/shadowBanUser.ts index b1196b0..bd04760 100644 --- a/src/routes/shadowBanUser.ts +++ b/src/routes/shadowBanUser.ts @@ -48,16 +48,7 @@ export async function shadowBanUser(req: Request, res: Response): Promise `'${c}'`).join(",")}) - AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE - "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); - - // clear cache for all old videos - (await db.prepare("all", `SELECT "videoID", "hashedVideoID", "service", "votes", "views" FROM "sponsorTimes" WHERE "userID" = ?`, [userID])) - .forEach((videoInfo: {category: Category, videoID: VideoID, hashedVideoID: VideoIDHash, service: Service, userID: UserID}) => { - QueryCacher.clearVideoCache(videoInfo); - } - ); + await unHideSubmissions(categories, userID); } } else if (!enabled && row.userCount > 0) { //remove them from the shadow ban list @@ -88,18 +79,10 @@ export async function shadowBanUser(req: Request, res: Response): Promise 0) { // apply unHideOldSubmissions if applicable if (unHideOldSubmissions) { - await db.prepare("run", `UPDATE "sponsorTimes" SET "shadowHidden" = 1 WHERE "userID" = ? AND "category" in (${categories.map((c) => `'${c}'`).join(",")}) - AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE - "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); - - // clear cache for all old videos - (await db.prepare("all", `SELECT "videoID", "hashedVideoID", "service", "votes", "views" FROM "sponsorTimes" WHERE "userID" = ?`, [userID])) - .forEach((videoInfo: {category: Category, videoID: VideoID, hashedVideoID: VideoIDHash, service: Service, userID: UserID}) => { - QueryCacher.clearVideoCache(videoInfo); - } - ); + await unHideSubmissions(categories, userID); return res.sendStatus(200); } + // otherwise ban already exists, send 409 return res.sendStatus(409); } @@ -133,3 +116,16 @@ export async function shadowBanUser(req: Request, res: Response): Promise `'${c}'`).join(",")}) + AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE + "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); + + // clear cache for all old videos + (await db.prepare("all", `SELECT "videoID", "hashedVideoID", "service", "votes", "views" FROM "sponsorTimes" WHERE "userID" = ?`, [userID])) + .forEach((videoInfo: { category: Category; videoID: VideoID; hashedVideoID: VideoIDHash; service: Service; userID: UserID; }) => { + QueryCacher.clearVideoCache(videoInfo); + } + ); //eslint-disable-line +} \ No newline at end of file