Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-08 20:47:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix ad feature auth logic

Browse Source
This commit is contained in:
Ajay
2022-07-28 13:55:43 -04:00
parent b9354e44ae
commit af7634b498
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/routes/addFeature.ts
View File

@@ -3,7 +3,7 @@ import { db } from "../databases/databases";
import { config } from "../config"; import { config } from "../config";
import { Request, Response } from "express"; import { Request, Response } from "express";
import { isUserVIP } from "../utils/isUserVIP"; import { isUserVIP } from "../utils/isUserVIP";
import { Feature, HashedUserID } from "../types/user.model"; import { Feature, HashedUserID, UserID } from "../types/user.model";
import { Logger } from "../utils/logger"; import { Logger } from "../utils/logger";
import { QueryCacher } from "../utils/queryCacher"; import { QueryCacher } from "../utils/queryCacher";
@@ -38,11 +38,11 @@ export async function addFeature(req: AddFeatureRequest, res: Response): Promise
} }
// hash the userID // hash the userID
const adminUserIDInput = await getHashCache(adminUserID); const adminUserIDInput = await getHashCache(adminUserID as UserID);
const isAdmin = adminUserIDInput !== config.adminUserID; const isAdmin = adminUserIDInput === config.adminUserID;
const isVIP = (await isUserVIP(userID)) || isAdmin; const isVIP = (await isUserVIP(adminUserIDInput)) || isAdmin;
if (!isAdmin && !isVIP) { if (!isVIP) {
// not authorized // not authorized
return res.sendStatus(403); return res.sendStatus(403);
} }

6
test/cases/addFeatures.ts
View File

@@ -41,7 +41,7 @@ describe("addFeatures", () => {
it("can add features", async () => { it("can add features", async () => {
for (const feature of validFeatures) { for (const feature of validFeatures) {
const result = await postAddFeatures(hashedUserID1, vipUserID, feature, "true"); const result = await postAddFeatures(hashedUserID1, privateVipUserID, feature, "true");
assert.strictEqual(result.status, 200); assert.strictEqual(result.status, 200);
assert.strictEqual(await hasFeature(hashedUserID1, feature), true); assert.strictEqual(await hasFeature(hashedUserID1, feature), true);
@@ -51,7 +51,7 @@ describe("addFeatures", () => {
it("can remove features", async () => { it("can remove features", async () => {
const feature = Feature.ChapterSubmitter; const feature = Feature.ChapterSubmitter;
const result = await postAddFeatures(hashedUserID2, vipUserID, feature, "false"); const result = await postAddFeatures(hashedUserID2, privateVipUserID, feature, "false");
assert.strictEqual(result.status, 200); assert.strictEqual(result.status, 200);
assert.strictEqual(await hasFeature(hashedUserID2, feature), false); assert.strictEqual(await hasFeature(hashedUserID2, feature), false);
@@ -60,7 +60,7 @@ describe("addFeatures", () => {
it("can update features", async () => { it("can update features", async () => {
const feature = Feature.ChapterSubmitter; const feature = Feature.ChapterSubmitter;
const result = await postAddFeatures(hashedUserID3, vipUserID, feature, "true"); const result = await postAddFeatures(hashedUserID3, privateVipUserID, feature, "true");
assert.strictEqual(result.status, 200); assert.strictEqual(result.status, 200);
assert.strictEqual(await hasFeature(hashedUserID3, feature), true); assert.strictEqual(await hasFeature(hashedUserID3, feature), true);