Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-18 05:28:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

more lenient privateIDUsername checks

Browse Source 
- disallow username = privateID
- disallow username = other privateID on username table if length > minLength
This commit is contained in:
Michael C
2023-02-17 22:28:23 -05:00
parent b855eea349
commit a384079562
3 changed files with 125 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/routes/setUsername.ts
View File

@@ -33,14 +33,9 @@ export async function setUsername(req: Request, res: Response): Promise<Response
userName = userName.replace(/[\u0000-\u001F\u007F-\u009F]/g, "");
// check privateID against publicID
/*
if (!await checkPrivateUsername(userName, userID)) {
return res.sendStatus(400);
}
*/
if (userName == userID) {
return res.sendStatus(400);
}
if (adminUserIDInput != undefined) {
//this is the admin controlling the other users account, don't hash the controling account's ID
@@ -100,11 +95,10 @@ export async function setUsername(req: Request, res: Response): Promise<Response
}
async function checkPrivateUsername(username: string, userID: string): Promise<boolean> {
const userIDHash = await getHashCache(userID);
if (username == userID) return false;
if (username.length <= config.minUserIDLength) return true; // don't check for cross matches <= 30 characters
const userNameHash = await getHashCache(username);
if (userIDHash == userNameHash) return false;
const sponsorTimeRow = await db.prepare("get", `SELECT "userID" FROM "sponsorTimes" WHERE "userID" = ? LIMIT 1`, [userNameHash]);
const userNameRow = await db.prepare("get", `SELECT "userID" FROM "userNames" WHERE "userID" = ? LIMIT 1`, [userNameHash]);
if ((sponsorTimeRow || userNameRow)?.userID) return false;
if (userNameRow?.userID) return false;
return true;
}