diff --git a/src/routes/getSkipSegments.ts b/src/routes/getSkipSegments.ts index af322ad..08618e5 100644 --- a/src/routes/getSkipSegments.ts +++ b/src/routes/getSkipSegments.ts @@ -275,6 +275,10 @@ async function chooseSegments(segments: DBSegment[], max: number): Promise { const videoID = req.query.videoID as VideoID; + if (!videoID) { + res.status(400).send("videoID not specified"); + return false; + } // Default to sponsor // If using params instead of JSON, only one category can be pulled const categories: Category[] = req.query.categories diff --git a/src/routes/getSkipSegmentsByHash.ts b/src/routes/getSkipSegmentsByHash.ts index eb2c99c..1518f09 100644 --- a/src/routes/getSkipSegmentsByHash.ts +++ b/src/routes/getSkipSegmentsByHash.ts @@ -5,7 +5,7 @@ import { ActionType, Category, SegmentUUID, Service, VideoIDHash } from '../type export async function getSkipSegmentsByHash(req: Request, res: Response): Promise { let hashPrefix = req.params.prefix as VideoIDHash; - if (!hashPrefixTester(req.params.prefix)) { + if (!req.params.prefix || !hashPrefixTester(req.params.prefix)) { return res.status(400).send("Hash prefix does not match format requirements."); // Exit early on faulty prefix } hashPrefix = hashPrefix.toLowerCase() as VideoIDHash; diff --git a/src/routes/postWarning.ts b/src/routes/postWarning.ts index 015a9f8..583fbe2 100644 --- a/src/routes/postWarning.ts +++ b/src/routes/postWarning.ts @@ -6,6 +6,8 @@ import {getHash} from '../utils/getHash'; import { HashedUserID, UserID } from '../types/user.model'; export async function postWarning(req: Request, res: Response): Promise { + // exit early if no body passed in + if (!req.body.userID && !req.body.issuerUserID) return res.status(400).json({"message": "Missing parameters"}); // Collect user input data const issuerUserID: HashedUserID = getHash( req.body.issuerUserID); const userID: UserID = req.body.userID; diff --git a/test/cases/getLockCategoriesByHash.ts b/test/cases/getLockCategoriesByHash.ts index 7734e58..dca9060 100644 --- a/test/cases/getLockCategoriesByHash.ts +++ b/test/cases/getLockCategoriesByHash.ts @@ -4,7 +4,6 @@ import {getHash} from '../../src/utils/getHash'; import {db} from '../../src/databases/databases'; import assert from 'assert'; - describe('getLockCategoriesByHash', () => { before(async () => { const insertVipUserQuery = 'INSERT INTO "vipUsers" ("userID") VALUES (?)'; @@ -144,4 +143,22 @@ describe('getLockCategoriesByHash', () => { }) .catch(err => done(err)); }); + + it('should return 400 if hash too short', (done: Done) => { + fetch(getbaseURL() + '/api/lockCategories/00') + .then(res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); + + it('should return 400 if no hash specified', (done: Done) => { + fetch(getbaseURL() + '/api/lockCategories/') + .then(res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); diff --git a/test/cases/getSkipSegments.ts b/test/cases/getSkipSegments.ts index a48fb62..1116191 100644 --- a/test/cases/getSkipSegments.ts +++ b/test/cases/getSkipSegments.ts @@ -340,4 +340,13 @@ describe('getSkipSegments', () => { }) .catch(err => done(err)); }); + + it('Should get 400 if no videoID passed in', (done: Done) => { + fetch(getbaseURL() + '/api/skipSegments') + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); diff --git a/test/cases/getSkipSegmentsByHash.ts b/test/cases/getSkipSegmentsByHash.ts index e4112ae..a32c208 100644 --- a/test/cases/getSkipSegmentsByHash.ts +++ b/test/cases/getSkipSegmentsByHash.ts @@ -11,7 +11,7 @@ const mockManager = ImportMock.mockStaticClass(YouTubeAPIModule, 'YouTubeAPI'); const sinonStub = mockManager.mock('listVideos'); sinonStub.callsFake(YouTubeApiMock.listVideos); -describe('getSegmentsByHash', () => { +describe('getSkipSegmentsByHash', () => { before(async () => { const query = 'INSERT INTO "sponsorTimes" ("videoID", "startTime", "endTime", "votes", "UUID", "userID", "timeSubmitted", views, category, "actionType", "service", "hidden", "shadowHidden", "hashedVideoID") VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'; await db.prepare("run", query, ['getSegmentsByHash-0', 1, 10, 2, 'getSegmentsByHash-0-0', 'testman', 0, 50, 'sponsor', 'skip', 'YouTube', 0, 0, 'fdaff4dee1043451faa7398324fb63d8618ebcd11bddfe0491c488db12c6c910']); @@ -106,10 +106,10 @@ describe('getSegmentsByHash', () => { .catch(err => done(err)); }); - it('Should return 404 for no hash', (done: Done) => { + it('Should return 400 for no hash', (done: Done) => { fetch(getbaseURL() + '/api/skipSegments/?categories=["shilling"]') .then(res => { - assert.strictEqual(res.status, 404); + assert.strictEqual(res.status, 400); done(); }) .catch(err => done(err)); diff --git a/test/cases/getUserID.ts b/test/cases/getUserID.ts index 64863f9..7959ea1 100644 --- a/test/cases/getUserID.ts +++ b/test/cases/getUserID.ts @@ -313,4 +313,13 @@ describe('getUserID', () => { }) .catch(err => done(err)); }); + + it('should return 400 if no username parameter specified', (done: Done) => { + fetch(getbaseURL() + '/api/userID') + .then(res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(() => ("couldn't call endpoint")); + }); }); diff --git a/test/cases/postPurgeAllSegments.ts b/test/cases/postPurgeAllSegments.ts index a900893..9bc20c1 100644 --- a/test/cases/postPurgeAllSegments.ts +++ b/test/cases/postPurgeAllSegments.ts @@ -81,4 +81,18 @@ describe('postPurgeAllSegments', function () { }) .catch(err => done(err)); }); + + it('Should return 400 if missing body', function (done: Done) { + fetch(`${baseURL}${route}`, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + } + }) + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); diff --git a/test/cases/postWarning.ts b/test/cases/postWarning.ts index 0e6d3dc..f954fe1 100644 --- a/test/cases/postWarning.ts +++ b/test/cases/postWarning.ts @@ -102,4 +102,19 @@ describe('postWarning', () => { }) .catch(err => done(err)); }); + + it('Should return 400 if missing body', (done: Done) => { + fetch(getbaseURL() + + "/api/warnUser", { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + } + }) + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); });