Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-14 23:47:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bugs where normal users could cirumvent vip locks by changing categories

Browse Source
This commit is contained in:
FlorianZahn
2021-10-02 05:04:18 +02:00
parent bb2a007ed1
commit aacd297b3b
2 changed files with 5 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/voteOnSponsorTime.ts
View File

@@ -180,14 +180,14 @@ async function categoryVote(UUID: SegmentUUID, userID: UserID, isVIP: boolean, i
const nextCategoryLocked = await db.prepare("get", `SELECT "videoID", "category" FROM "lockCategories" WHERE "videoID" = ? AND "category" = ?`, [videoInfo.videoID, category]); const nextCategoryLocked = await db.prepare("get", `SELECT "videoID", "category" FROM "lockCategories" WHERE "videoID" = ? AND "category" = ?`, [videoInfo.videoID, category]);
if (nextCategoryLocked) { if (nextCategoryLocked) {
if (!isVIP) { if (!isVIP) {
return res.status(200); return res.sendStatus(200);
} // In an else statement, add a warning in the future for VIPs, that the next category is locked } // In an else statement, add a warning in the future for VIPs, that the next category is locked
} }
// Ignore vote if the segment is locked // Ignore vote if the segment is locked
if (!isVIP && videoInfo.locked === 1) { if (!isVIP && videoInfo.locked === 1) {
console.log("dalfäkjsdöfbsdfoöjasdökjb"); console.log("dalfäkjsdöfbsdfoöjasdökjb");
return res.status(200); return res.sendStatus(200);
} }
const nextCategoryInfo = await db.prepare("get", `select votes from "categoryVotes" where "UUID" = ? and category = ?`, [UUID, category]); const nextCategoryInfo = await db.prepare("get", `select votes from "categoryVotes" where "UUID" = ? and category = ?`, [UUID, category]);

35
test/cases/voteOnSponsorTime.ts
View File

@@ -33,7 +33,7 @@ describe("voteOnSponsorTime", () => {
await db.prepare("run", insertSponsorTimeQuery, ["vote-testtesttest,test", 1, 11, 100, 0, "vote-uuid-3", "testman", 0, 50, "sponsor", 0, 0]); await db.prepare("run", insertSponsorTimeQuery, ["vote-testtesttest,test", 1, 11, 100, 0, "vote-uuid-3", "testman", 0, 50, "sponsor", 0, 0]);
await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 1, 11, 2, 0, "vote-uuid-4", "testman", 0, 50, "sponsor", 0, 0]); await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 1, 11, 2, 0, "vote-uuid-4", "testman", 0, 50, "sponsor", 0, 0]);
await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 7, 22, -3, 0, "vote-uuid-5", "testman", 0, 50, "intro", 0, 0]); await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 7, 22, -3, 0, "vote-uuid-5", "testman", 0, 50, "intro", 0, 0]);
await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 7, 22, -3, 0, "vote-uuid-5_1", "testman", 0, 50, "intro", 0, 0]); //await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 7, 22, -3, 0, "vote-uuid-5_1", getHash("testman"), 0, 50, "intro", 0, 0]);
await db.prepare("run", insertSponsorTimeQuery, ["vote-multiple", 1, 11, 2, 0, "vote-uuid-6", "testman", 0, 50, "intro", 0, 0]); await db.prepare("run", insertSponsorTimeQuery, ["vote-multiple", 1, 11, 2, 0, "vote-uuid-6", "testman", 0, 50, "intro", 0, 0]);
await db.prepare("run", insertSponsorTimeQuery, ["vote-multiple", 20, 33, 2, 0, "vote-uuid-7", "testman", 0, 50, "intro", 0, 0]); await db.prepare("run", insertSponsorTimeQuery, ["vote-multiple", 20, 33, 2, 0, "vote-uuid-7", "testman", 0, 50, "intro", 0, 0]);
await db.prepare("run", insertSponsorTimeQuery, ["voter-submitter", 1, 11, 2, 0, "vote-uuid-8", getHash("randomID"), 0, 50, "sponsor", 0, 0]); await db.prepare("run", insertSponsorTimeQuery, ["voter-submitter", 1, 11, 2, 0, "vote-uuid-8", getHash("randomID"), 0, 50, "sponsor", 0, 0]);
@@ -292,33 +292,6 @@ describe("voteOnSponsorTime", () => {
}); });
}); });
/*
it("VIP should be able to vote for a category and it should immediately change", (done) => {
const UUID = "vote-uuid-5";
postVoteCategory(vipUser, UUID, "outro")
.then(async res => {
assert.strictEqual(res.status, 200);
const row = await getSegmentCategory(UUID);
const row2 = await db.prepare("get", `SELECT votes FROM "categoryVotes" WHERE "UUID" = ? and category = ?`, [UUID, "outro"]);
assert.strictEqual(row.category, "outro");
assert.strictEqual(row2.votes, 500);
done();
})
.catch(err => done(err));
});
// old test
it("Submitter should be able to vote for a category and it should immediately change", (done) => {
const UUID = "vote-uuid-5_1";
postVoteCategory("testman", UUID, "outro")
.then(async res => {
assert.strictEqual(res.status, 200);
const row = await getSegmentCategory("vote-uuid-5");
assert.strictEqual(row.category, "outro");
done();
})
.catch(err => done(err));
});*/
it("Submitter should be able to vote for a category and it should immediately change (segment unlocked, nextCatgeory unlocked, notVip)", (done) => { it("Submitter should be able to vote for a category and it should immediately change (segment unlocked, nextCatgeory unlocked, notVip)", (done) => {
const userID = categoryChangeUser; const userID = categoryChangeUser;
const UUID = "category-change-uuid-1"; const UUID = "category-change-uuid-1";
@@ -327,7 +300,7 @@ describe("voteOnSponsorTime", () => {
.then(async res => { .then(async res => {
assert.strictEqual(res.status, 200); assert.strictEqual(res.status, 200);
const row = await getSegmentCategory(UUID); const row = await getSegmentCategory(UUID);
console.log(row.category) console.log(row.category);
assert.strictEqual(row.category, category); assert.strictEqual(row.category, category);
done(); done();
}) })
@@ -342,7 +315,7 @@ describe("voteOnSponsorTime", () => {
.then(async res => { .then(async res => {
assert.strictEqual(res.status, 200); assert.strictEqual(res.status, 200);
const row = await getSegmentCategory(UUID); const row = await getSegmentCategory(UUID);
console.log(row.category) console.log(row.category);
assert.strictEqual(row.category, "intro"); assert.strictEqual(row.category, "intro");
done(); done();
}) })
@@ -357,7 +330,6 @@ describe("voteOnSponsorTime", () => {
.then(async res => { .then(async res => {
assert.strictEqual(res.status, 200); assert.strictEqual(res.status, 200);
const row = await getSegmentCategory(UUID); const row = await getSegmentCategory(UUID);
console.log(row.category)
assert.strictEqual(row.category, "intro"); assert.strictEqual(row.category, "intro");
done(); done();
}) })
@@ -372,7 +344,6 @@ describe("voteOnSponsorTime", () => {
.then(async res => { .then(async res => {
assert.strictEqual(res.status, 200); assert.strictEqual(res.status, 200);
const row = await getSegmentCategory(UUID); const row = await getSegmentCategory(UUID);
console.log(row.category)
assert.strictEqual(row.category, "intro"); assert.strictEqual(row.category, "intro");
done(); done();
}) })