diff --git a/src/routes/shadowBanUser.ts b/src/routes/shadowBanUser.ts index 4ecfc45..17b9798 100644 --- a/src/routes/shadowBanUser.ts +++ b/src/routes/shadowBanUser.ts @@ -1,6 +1,7 @@ import {db, privateDB} from '../databases/databases'; import {getHash} from '../utils/getHash'; import {Request, Response} from 'express'; +import { config } from '../config'; export async function shadowBanUser(req: Request, res: Response) { const userID = req.query.userID as string; @@ -8,12 +9,15 @@ export async function shadowBanUser(req: Request, res: Response) { let adminUserIDInput = req.query.adminUserID as string; const enabled = req.query.enabled === undefined - ? false + ? true : req.query.enabled === 'true'; //if enabled is false and the old submissions should be made visible again const unHideOldSubmissions = req.query.unHideOldSubmissions !== "false"; + const categories: string[] = req.query.categories ? JSON.parse(req.query.categories as string) : config.categoryList; + categories.filter((category) => typeof category === "string" && !(/[^a-z|_|-]/.test(category))); + if (adminUserIDInput == undefined || (userID == undefined && hashedIP == undefined)) { //invalid request res.sendStatus(400); @@ -42,7 +46,7 @@ export async function shadowBanUser(req: Request, res: Response) { //find all previous submissions and hide them if (unHideOldSubmissions) { - await db.prepare('run', `UPDATE "sponsorTimes" SET "shadowHidden" = 1 WHERE "userID" = ? + await db.prepare('run', `UPDATE "sponsorTimes" SET "shadowHidden" = 1 WHERE "userID" = ? AND "category" in (${categories.map((c) => `'${c}'`).join(",")}) AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); } @@ -61,7 +65,7 @@ export async function shadowBanUser(req: Request, res: Response) { await Promise.all(allSegments.filter((item: {uuid: string}) => { return segmentsToIgnore.indexOf(item) === -1; }).map((UUID: string) => { - return db.prepare('run', `UPDATE "sponsorTimes" SET "shadowHidden" = 0 WHERE "UUID" = ?`, [UUID]); + return db.prepare('run', `UPDATE "sponsorTimes" SET "shadowHidden" = 0 WHERE "UUID" = ? AND "category" in (${categories.map((c) => `'${c}'`).join(",")})`, [UUID]); })); } } diff --git a/test/cases/shadowBanUser.ts b/test/cases/shadowBanUser.ts new file mode 100644 index 0000000..5d6af7e --- /dev/null +++ b/test/cases/shadowBanUser.ts @@ -0,0 +1,126 @@ +import fetch from 'node-fetch'; +import {db, privateDB} from '../../src/databases/databases'; +import {Done, getbaseURL} from '../utils'; +import {getHash} from '../../src/utils/getHash'; + +describe('shadowBanUser', () => { + before(() => { + let startOfQuery = 'INSERT INTO "sponsorTimes" ("videoID", "startTime", "endTime", "votes", "locked", "UUID", "userID", "timeSubmitted", views, category, "service", "videoDuration", "hidden", "shadowHidden", "hashedVideoID") VALUES'; + db.prepare("run", startOfQuery + "('testtesttest', 1, 11, 2, 0, 'shadow-1-uuid-0', 'shadowBanned', 0, 50, 'sponsor', 'YouTube', 100, 0, 0, '" + getHash('testtesttest', 1) + "')"); + db.prepare("run", startOfQuery + "('testtesttest2', 1, 11, 2, 0, 'shadow-1-uuid-0-1', 'shadowBanned', 0, 50, 'sponsor', 'PeerTube', 120, 0, 0, '" + getHash('testtesttest2', 1) + "')"); + db.prepare("run", startOfQuery + "('testtesttest', 20, 33, 2, 0, 'shadow-1-uuid-2', 'shadowBanned', 0, 50, 'intro', 'YouTube', 101, 0, 0, '" + getHash('testtesttest', 1) + "')"); + + db.prepare("run", startOfQuery + "('testtesttest', 1, 11, 2, 0, 'shadow-2-uuid-0', 'shadowBanned2', 0, 50, 'sponsor', 'YouTube', 100, 0, 0, '" + getHash('testtesttest', 1) + "')"); + db.prepare("run", startOfQuery + "('testtesttest2', 1, 11, 2, 0, 'shadow-2-uuid-0-1', 'shadowBanned2', 0, 50, 'sponsor', 'PeerTube', 120, 0, 0, '" + getHash('testtesttest2', 1) + "')"); + db.prepare("run", startOfQuery + "('testtesttest', 20, 33, 2, 0, 'shadow-2-uuid-2', 'shadowBanned2', 0, 50, 'intro', 'YouTube', 101, 0, 0, '" + getHash('testtesttest', 1) + "')"); + + db.prepare("run", startOfQuery + "('testtesttest', 1, 11, 2, 0, 'shadow-3-uuid-0', 'shadowBanned3', 0, 50, 'sponsor', 'YouTube', 100, 0, 1, '" + getHash('testtesttest', 1) + "')"); + db.prepare("run", startOfQuery + "('testtesttest2', 1, 11, 2, 0, 'shadow-3-uuid-0-1', 'shadowBanned3', 0, 50, 'sponsor', 'PeerTube', 120, 0, 1, '" + getHash('testtesttest2', 1) + "')"); + db.prepare("run", startOfQuery + "('testtesttest', 20, 33, 2, 0, 'shadow-3-uuid-2', 'shadowBanned3', 0, 50, 'intro', 'YouTube', 101, 0, 1, '" + getHash('testtesttest', 1) + "')"); + privateDB.prepare("run", `INSERT INTO "shadowBannedUsers" VALUES('shadowBanned3')`); + + db.prepare("run", `INSERT INTO "vipUsers" ("userID") VALUES ('` + getHash("shadow-ban-vip") + "')"); + }); + + + it('Should be able to ban user and hide submissions', (done: Done) => { + fetch(getbaseURL() + "/api/shadowBanUser?userID=shadowBanned&adminUserID=shadow-ban-vip", { + method: 'POST' + }) + .then(async res => { + if (res.status !== 200) done("Status code was: " + res.status); + else { + const videoRow = await db.prepare('all', `SELECT "shadowHidden" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned", 1]); + const shadowRow = await privateDB.prepare('get', `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned"]); + + if (shadowRow && videoRow?.length === 3) { + done(); + } else { + done("Ban failed " + JSON.stringify(videoRow) + " " + JSON.stringify(shadowRow)); + } + } + }) + .catch(err => done("Couldn't call endpoint")); + }); + + it('Should be able to unban user without unhiding submissions', (done: Done) => { + fetch(getbaseURL() + "/api/shadowBanUser?userID=shadowBanned&adminUserID=shadow-ban-vip&enabled=false&unHideOldSubmissions=false", { + method: 'POST' + }) + .then(async res => { + if (res.status !== 200) done("Status code was: " + res.status); + else { + const videoRow = await db.prepare('all', `SELECT "shadowHidden" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned", 1]); + const shadowRow = await privateDB.prepare('get', `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned"]); + + if (!shadowRow && videoRow?.length === 3) { + done(); + } else { + done("Unban failed " + JSON.stringify(videoRow) + " " + JSON.stringify(shadowRow)); + } + } + }) + .catch(err => done("Couldn't call endpoint")); + }); + + it('Should be able to ban user and hide submissions from only some categories', (done: Done) => { + fetch(getbaseURL() + '/api/shadowBanUser?userID=shadowBanned2&adminUserID=shadow-ban-vip&categories=["sponsor"]', { + method: 'POST' + }) + .then(async res => { + if (res.status !== 200) done("Status code was: " + res.status); + else { + const videoRow: {category: string, shadowHidden: number}[] = (await db.prepare('all', `SELECT "shadowHidden", "category" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned2", 1])); + const shadowRow = await privateDB.prepare('get', `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned2"]); + + if (shadowRow && 2 == videoRow?.length && 2 === videoRow?.filter((elem) => elem?.category === "sponsor")?.length) { + done(); + } else { + done("Ban failed " + JSON.stringify(videoRow) + " " + JSON.stringify(shadowRow)); + } + } + }) + .catch(err => done("Couldn't call endpoint")); + }); + + it('Should be able to unban user and unhide submissions', (done: Done) => { + fetch(getbaseURL() + "/api/shadowBanUser?userID=shadowBanned2&adminUserID=shadow-ban-vip&enabled=false", { + method: 'POST' + }) + .then(async res => { + if (res.status !== 200) done("Status code was: " + res.status); + else { + const videoRow = await db.prepare('all', `SELECT "shadowHidden" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned2", 1]); + const shadowRow = await privateDB.prepare('get', `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned2"]); + + if (!shadowRow && videoRow?.length === 0) { + done(); + } else { + done("Unban failed " + JSON.stringify(videoRow) + " " + JSON.stringify(shadowRow)); + } + } + }) + .catch(err => done("Couldn't call endpoint")); + }); + + it('Should be able to unban user and unhide some submissions', (done: Done) => { + fetch(getbaseURL() + `/api/shadowBanUser?userID=shadowBanned3&adminUserID=shadow-ban-vip&enabled=false&categories=["sponsor"]`, { + method: 'POST' + }) + .then(async res => { + if (res.status !== 200) done("Status code was: " + res.status); + else { + const videoRow = await db.prepare('all', `SELECT "shadowHidden", "category" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned3", 1]); + const shadowRow = await privateDB.prepare('get', `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned3"]); + + if (!shadowRow && videoRow?.length === 1 && videoRow[0]?.category === "intro") { + done(); + } else { + done("Unban failed " + JSON.stringify(videoRow) + " " + JSON.stringify(shadowRow)); + } + } + }) + .catch(err => done("Couldn't call endpoint")); + }); + +});