Merge pull request #1 from ajayyy/experimental

Ratelimits and per-user logging
2025-12-06 11:36:58 +03:00 · 2019-07-12 22:56:36 -04:00
parent 19bcd82dc5 9b812721ad
commit a41e6a9172
1 changed files with 39 additions and 3 deletions
--- a/index.js
+++ b/index.js
@@ -7,6 +7,9 @@ var app = express();
 //uuid service
 var uuidv1 = require('uuid/v1');

+//hashing service
+var crypto = require('crypto');
+
 //load database
 var sqlite3 = require('sqlite3').verbose();
 var db = new sqlite3.Database('./databases/sponsorTimes.db');
@@ -14,6 +17,10 @@ var db = new sqlite3.Database('./databases/sponsorTimes.db');
 // Create an HTTP service.
 http.createServer(app).listen(80);

+//global salt that is added to every ip before hashing to
+//  make it even harder for someone to decode the ip
+var globalSalt = "49cb0d52-1aec-4b89-85fc-fab2c53062fb";
+
 //setup CORS correctly
 app.use(function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
@@ -53,21 +60,50 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
    let videoID = req.query.videoID;
    let startTime = req.query.startTime;
    let endTime = req.query.endTime;
+    let userID = req.query.userID;

-    if (typeof videoID != 'string' || startTime == undefined || endTime == undefined) {
+    if (typeof videoID != 'string' || startTime == undefined || endTime == undefined || userID == undefined) {
        //invalid request
        res.sendStatus(400);
        return;
    }

+    //x-forwarded-for if this server is behind a proxy
+    let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
+
+    //hash the ip so no one can get it from the database
+    let hashCreator = crypto.createHash('sha256');
+    let hashedIP = hashCreator.update(ip + globalSalt).digest('hex');
+
    startTime = parseFloat(startTime);
    endTime = parseFloat(endTime);

    let UUID = uuidv1();

-    db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?)").run(videoID, startTime, endTime, UUID);
+    //get current time
+    let timeSubmitted = Date.now();

-    res.sendStatus(200);
+    //check to see if the user has already submitted sponsors for this video
+    db.prepare("SELECT UUID FROM sponsorTimes WHERE userID = ? and videoID = ?").all([userID, videoID], function(err, rows) {
+        if (rows.length >= 4) {
+            //too many sponsors for the same video from the same user
+            res.sendStatus(429);
+        } else {
+            //check if this info has already been submitted first
+            db.prepare("SELECT UUID FROM sponsorTimes WHERE startTime = ? and endTime = ? and videoID = ?").get([startTime, endTime, videoID], function(err, row) {
+                if (err) console.log(err);
+                
+                if (row == null) {
+                    //not a duplicate, execute query
+                    db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, UUID, userID, hashedIP, timeSubmitted);
+
+                    res.sendStatus(200);
+                } else {
+                    res.sendStatus(409);
+                }
+            });
+        }
+    });
 });

 app.get('/database.db', function (req, res) {