From c13bc6cfbdc72092c5175b7348f946ac4f536f40 Mon Sep 17 00:00:00 2001
From: Michael C <michael@mchang.name>
Date: Fri, 18 Jun 2021 17:46:18 -0400
Subject: [PATCH] added tests and route

---
 src/app.ts                   |  4 ++
 src/routes/postClearCache.ts |  6 +--
 test/cases/postClearCache.ts | 72 ++++++++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+), 3 deletions(-)
 create mode 100644 test/cases/postClearCache.ts

diff --git a/src/app.ts b/src/app.ts
index 44a59f6..589f352 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -29,6 +29,7 @@ import {apiCspMiddleware} from './middleware/apiCsp';
 import {rateLimitMiddleware} from './middleware/requestRateLimit';
 import dumpDatabase, {redirectLink} from './routes/dumpDatabase';
 import {endpoint as getSegmentInfo} from './routes/getSegmentInfo';
+import {postClearCache} from './routes/postClearCache';
 
 export function createServer(callback: () => void) {
     // Create a service (the app object is just a callback).
@@ -136,6 +137,9 @@ function setupRoutes(app: Express) {
     //get segment info
     app.get('/api/segmentInfo', getSegmentInfo);
 
+    //clear cache as VIP
+    app.post('/api/clearCache', postClearCache)
+
     if (config.postgres) {
         app.get('/database', (req, res) => dumpDatabase(req, res, true));
         app.get('/database.json', (req, res) => dumpDatabase(req, res, false));
diff --git a/src/routes/postClearCache.ts b/src/routes/postClearCache.ts
index a4c3c21..c6f6232 100644
--- a/src/routes/postClearCache.ts
+++ b/src/routes/postClearCache.ts
@@ -9,7 +9,9 @@ import { UserID } from '../types/user.model';
 export async function postClearCache(req: Request, res: Response) {
     const videoID = req.query.videoID as VideoID;
     let userID = req.query.userID as UserID;
-    let service = req.query.service as Service ?? Service.YouTube;
+    const service = req.query.service as Service ?? Service.YouTube;
+    // hash the userID as early as possible
+    userID = getHash(userID);
 
     const invalidFields = [];
     if (typeof videoID !== 'string') {
@@ -26,8 +28,6 @@ export async function postClearCache(req: Request, res: Response) {
       return false;
     }
 
-    // hash the userID
-    userID = getHash(userID);
     // hash videoID
     const hashedVideoID = getHash(videoID, 1);
 
diff --git a/test/cases/postClearCache.ts b/test/cases/postClearCache.ts
new file mode 100644
index 0000000..ffedaae
--- /dev/null
+++ b/test/cases/postClearCache.ts
@@ -0,0 +1,72 @@
+import fetch from 'node-fetch';
+import {Done, getbaseURL} from '../utils';
+import {db} from '../../src/databases/databases';
+import {getHash} from '../../src/utils/getHash';
+
+describe('postClearCache', () => {
+    before(async () => {
+        await db.prepare("run", `INSERT INTO "vipUsers" ("userID") VALUES ('` + getHash("clearing-vip") + "')");
+        let startOfQuery = 'INSERT INTO "sponsorTimes" ("videoID", "startTime", "endTime", "votes", "UUID", "userID", "timeSubmitted", views, category, "shadowHidden", "hashedVideoID") VALUES';
+        await db.prepare("run", startOfQuery + "('clear-test', 0, 1, 2, 'clear-uuid', 'testman', 0, 50, 'sponsor', 0, '" + getHash('clear-test', 1) + "')");
+    });
+
+    it('Should be able to clear cache for existing video', (done: Done) => {
+        fetch(getbaseURL()
+            + "/api/clearCache?userID=clearing-vip&videoID=clear-test", {
+            method: 'POST'
+        })
+        .then(res => {
+            if (res.status === 200) done();
+            else done("Status code was " + res.status);
+        })
+        .catch(err => done(err));
+    });
+
+    it('Should be able to clear cache for nonexistent video', (done: Done) => {
+        fetch(getbaseURL()
+            + "/api/clearCache?userID=clearing-vip&videoID=dne-video", {
+            method: 'POST'
+        })
+        .then(res => {
+            if (res.status === 200) done();
+            else done("Status code was " + res.status);
+        })
+        .catch(err => done(err));
+    });
+
+    it('Should get 403 as non-vip', (done: Done) => {
+        fetch(getbaseURL()
+            + "/api/clearCache?userID=regular-user&videoID=clear-tes", {
+            method: 'POST'
+        })
+        .then(async res => {
+            if (res.status !== 403) done('non 403 (' + res.status + ')');
+            else done(); // pass
+        })
+        .catch(err => done(err));
+    });
+
+    it('Should give 400 with missing videoID', (done: Done) => {
+        fetch(getbaseURL()
+            + "/api/clearCache?userID=clearing-vip", {
+            method: 'POST'
+        })
+        .then(async res => {
+            if (res.status !== 400) done('non 400 (' + res.status + ')');
+            else done(); // pass
+        })
+        .catch(err => done(err));
+    });
+
+    it('Should give 400 with missing userID', (done: Done) => {
+        fetch(getbaseURL()
+            + "/api/clearCache?userID=clearing-vip", {
+            method: 'POST'
+        })
+        .then(async res => {
+            if (res.status !== 400) done('non 400 (' + res.status + ')');
+            else done(); // pass
+        })
+        .catch(err => done(err));
+    });
+});