Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-06 11:36:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix ad feature auth logic

Browse Source
This commit is contained in:
Ajay
2022-07-28 13:55:43 -04:00
parent b9354e44ae
commit af7634b498
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/routes/addFeature.ts
View File

@@ -3,7 +3,7 @@ import { db } from "../databases/databases";
import { config } from "../config";
import { Request, Response } from "express";
import { isUserVIP } from "../utils/isUserVIP";
import { Feature, HashedUserID } from "../types/user.model";
import { Feature, HashedUserID, UserID } from "../types/user.model";
import { Logger } from "../utils/logger";
import { QueryCacher } from "../utils/queryCacher";
@@ -38,11 +38,11 @@ export async function addFeature(req: AddFeatureRequest, res: Response): Promise
}
// hash the userID
const adminUserIDInput = await getHashCache(adminUserID);
const isAdmin = adminUserIDInput !== config.adminUserID;
const isVIP = (await isUserVIP(userID)) || isAdmin;
const adminUserIDInput = await getHashCache(adminUserID as UserID);
const isAdmin = adminUserIDInput === config.adminUserID;
const isVIP = (await isUserVIP(adminUserIDInput)) || isAdmin;
if (!isAdmin && !isVIP) {
if (!isVIP) {
// not authorized
return res.sendStatus(403);
}

2
src/utils/isUserVIP.ts
View File

@@ -2,6 +2,6 @@ import { db } from "../databases/databases";
import { HashedUserID } from "../types/user.model";
export async function isUserVIP(userID: HashedUserID): Promise<boolean> {
return (await db.prepare("get", `SELECT count(*) as "userCount" FROM "vipUsers" WHERE "userID" = ? LIMIT 1`,
return (await db.prepare("get", `SELECT count(*) as "userCount" FROM "vipUsers" WHERE "userID" = ? LIMIT 1`,
[userID], { useReplica: true }))?.userCount > 0;
}

6
test/cases/addFeatures.ts
View File

@@ -41,7 +41,7 @@ describe("addFeatures", () => {
it("can add features", async () => {
for (const feature of validFeatures) {
const result = await postAddFeatures(hashedUserID1, vipUserID, feature, "true");
const result = await postAddFeatures(hashedUserID1, privateVipUserID, feature, "true");
assert.strictEqual(result.status, 200);
assert.strictEqual(await hasFeature(hashedUserID1, feature), true);
@@ -51,7 +51,7 @@ describe("addFeatures", () => {
it("can remove features", async () => {
const feature = Feature.ChapterSubmitter;
const result = await postAddFeatures(hashedUserID2, vipUserID, feature, "false");
const result = await postAddFeatures(hashedUserID2, privateVipUserID, feature, "false");
assert.strictEqual(result.status, 200);
assert.strictEqual(await hasFeature(hashedUserID2, feature), false);
@@ -60,7 +60,7 @@ describe("addFeatures", () => {
it("can update features", async () => {
const feature = Feature.ChapterSubmitter;
const result = await postAddFeatures(hashedUserID3, vipUserID, feature, "true");
const result = await postAddFeatures(hashedUserID3, privateVipUserID, feature, "true");
assert.strictEqual(result.status, 200);
assert.strictEqual(await hasFeature(hashedUserID3, feature), true);