From cfd61dc8dda7cfd2f520693f57be3a438ea5ee15 Mon Sep 17 00:00:00 2001
From: Ajay <dev@ajay.app>
Date: Mon, 21 Apr 2025 19:26:42 -0400
Subject: [PATCH] Validity check

---
 src/config.ts                  | 3 +++
 src/routes/postBranding.ts     | 8 +++++++-
 src/routes/postSkipSegments.ts | 7 ++++++-
 src/types/config.model.ts      | 3 +++
 src/utils/permissions.ts       | 8 ++++++++
 5 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/config.ts b/src/config.ts
index 072b23f..8fe1ed1 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -69,6 +69,9 @@ addDefaults(config, {
             message: "OK",
         }
     },
+    validityCheck: {
+        userAgent: null,
+    },
     userCounterURL: null,
     userCounterRatio: 10,
     newLeafURLs: null,
diff --git a/src/routes/postBranding.ts b/src/routes/postBranding.ts
index ea75570..bed298b 100644
--- a/src/routes/postBranding.ts
+++ b/src/routes/postBranding.ts
@@ -18,7 +18,7 @@ import { checkBanStatus } from "../utils/checkBan";
 import axios from "axios";
 import { getMaxResThumbnail } from "../utils/youtubeApi";
 import { getVideoDetails } from "../utils/getVideoDetails";
-import { canSubmitDeArrow } from "../utils/permissions";
+import { canSubmitDeArrow, validSubmittedData } from "../utils/permissions";
 import { parseUserAgent } from "../utils/userAgent";
 
 enum BrandingType {
@@ -58,6 +58,12 @@ export async function postBranding(req: Request, res: Response) {
         const hashedIP = await getHashCache(getIP(req) + config.globalSalt as IPAddress);
         const isBanned = await checkBanStatus(hashedUserID, hashedIP);
 
+        if (!validSubmittedData(userAgent)) {
+            Logger.warn(`Rejecting submission based on invalid data: ${hashedUserID} ${videoID} ${videoDuration} ${userAgent} ${req.headers["user-agent"]}`);
+            res.status(200).send("OK");
+            return;
+        }
+
         const permission = await canSubmitDeArrow(hashedUserID);
         if (!permission.canSubmit) {
             Logger.warn(`New user trying to submit dearrow: ${hashedUserID} ${videoID} ${videoDuration} ${title} ${req.headers["user-agent"]}`);
diff --git a/src/routes/postSkipSegments.ts b/src/routes/postSkipSegments.ts
index 1e645e9..0050dd7 100644
--- a/src/routes/postSkipSegments.ts
+++ b/src/routes/postSkipSegments.ts
@@ -20,7 +20,7 @@ import { parseUserAgent } from "../utils/userAgent";
 import { getService } from "../utils/getService";
 import axios from "axios";
 import { vote } from "./voteOnSponsorTime";
-import { canSubmit, canSubmitGlobal } from "../utils/permissions";
+import { canSubmit, canSubmitGlobal, validSubmittedData } from "../utils/permissions";
 import { getVideoDetails, videoDetails } from "../utils/getVideoDetails";
 import * as youtubeID from "../utils/youtubeID";
 import { acquireLock } from "../utils/redisLock";
@@ -509,6 +509,11 @@ export async function postSkipSegments(req: Request, res: Response): Promise<Res
     }
     const userID: HashedUserID = await getHashCache(paramUserID);
 
+    if (!validSubmittedData(userAgent)) {
+        Logger.warn(`Rejecting submission based on invalid data: ${userID} ${videoID} ${videoDurationParam} ${userAgent} ${req.headers["user-agent"]}`);
+        return res.status(200).send("OK");
+    }
+
     const permission = await canSubmitGlobal(userID);
     if (!permission.canSubmit) {
         Logger.warn(`New user trying to submit: ${userID} ${videoID} ${videoDurationParam} ${userAgent} ${req.headers["user-agent"]}`);
diff --git a/src/types/config.model.ts b/src/types/config.model.ts
index 9fbeddb..0ffc136 100644
--- a/src/types/config.model.ts
+++ b/src/types/config.model.ts
@@ -85,6 +85,9 @@ export interface SBSConfig {
         vote: RateLimitConfig;
         view: RateLimitConfig;
     };
+    validityCheck: {
+        userAgent: string | null;
+    }
     minimumPrefix?: string;
     maximumPrefix?: string;
     redis?: RedisConfig;
diff --git a/src/utils/permissions.ts b/src/utils/permissions.ts
index 84d5544..6561a45 100644
--- a/src/utils/permissions.ts
+++ b/src/utils/permissions.ts
@@ -108,6 +108,14 @@ export async function canSubmit(userID: HashedUserID, category: Category): Promi
     }
 }
 
+export function validSubmittedData(userAgent: string): boolean {
+    if (!config.validityCheck.userAgent) {
+        return true;
+    }
+
+    return new RegExp(config.validityCheck.userAgent).test(userAgent);
+}
+
 export async function canSubmitGlobal(userID: HashedUserID): Promise<CanSubmitGlobalResult> {
     const oldSubmitterOrAllowedPromise = oldSubmitterOrAllowed(userID);