From ac945254d6169138680196d4173a60d84f8ee75f Mon Sep 17 00:00:00 2001
From: Nanobyte <nanobyte@ymail.com>
Date: Tue, 2 Mar 2021 01:22:02 +0100
Subject: [PATCH] Limit reward time for getSavedTimeForUser endpoint

---
 src/routes/getSavedTimeForUser.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/routes/getSavedTimeForUser.ts b/src/routes/getSavedTimeForUser.ts
index fbf28dc..9bcd420 100644
--- a/src/routes/getSavedTimeForUser.ts
+++ b/src/routes/getSavedTimeForUser.ts
@@ -1,6 +1,9 @@
 import {db} from '../databases/databases';
 import {Request, Response} from 'express';
 import {getHash} from '../utils/getHash';
+import {config} from '../config';
+
+const maxRewardTimePerSegmentInSeconds = config.maxRewardTimePerSegmentInSeconds ?? 86400;
 
 export function getSavedTimeForUser(req: Request, res: Response) {
     let userID = req.query.userID as string;
@@ -15,7 +18,7 @@ export function getSavedTimeForUser(req: Request, res: Response) {
     userID = getHash(userID);
 
     try {
-        let row = db.prepare("get", "SELECT SUM((endTime - startTime) / 60 * views) as minutesSaved FROM sponsorTimes WHERE userID = ? AND votes > -1 AND shadowHidden != 1 ", [userID]);
+        let row = db.prepare("get", "SELECT SUM(((CASE WHEN endTime - startTime > " + maxRewardTimePerSegmentInSeconds + " THEN " + maxRewardTimePerSegmentInSeconds + " ELSE endTime - startTime END) / 60) * views) as minutesSaved FROM sponsorTimes WHERE userID = ? AND votes > -1 AND shadowHidden != 1 ", [userID]);
 
         if (row.minutesSaved != null) {
             res.send({