mirror of
https://github.com/ajayyy/SponsorBlockServer.git
synced 2025-12-07 20:17:02 +03:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1148803671 | ||
|
|
4379660b01 | ||
|
|
51efb9a5c1 | ||
|
|
abfbba2ad0 | ||
|
|
7e041e5b49 | ||
|
|
d7dec47de7 | ||
|
|
71527cc4b1 | ||
|
|
5fbe580c08 | ||
|
|
c59372dd62 | ||
|
|
ab0631ff63 | ||
|
|
db8c2e76e5 | ||
|
|
11c099c3dc |
87
index.js
87
index.js
@@ -84,12 +84,17 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
|
||||
let endTime = req.query.endTime;
|
||||
let userID = req.query.userID;
|
||||
|
||||
if (videoID == undefined || startTime == undefined || endTime == undefined || userID == undefined) {
|
||||
//check if all correct inputs are here and the length is 1 second or more
|
||||
if (videoID == undefined || startTime == undefined || endTime == undefined || userID == undefined
|
||||
|| Math.abs(startTime - endTime) < 1) {
|
||||
//invalid request
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
//hash the userID
|
||||
userID = getHashedUserID(userID);
|
||||
|
||||
//x-forwarded-for if this server is behind a proxy
|
||||
let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
|
||||
|
||||
@@ -97,14 +102,30 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
|
||||
let hashedIP = ip + globalSalt;
|
||||
//hash it 5000 times, this makes it very hard to brute force
|
||||
for (let i = 0; i < 5000; i++) {
|
||||
let hashCreator = crypto.createHash('sha512');
|
||||
let hashCreator = crypto.createHash('sha256');
|
||||
hashedIP = hashCreator.update(hashedIP).digest('hex');
|
||||
}
|
||||
|
||||
startTime = parseFloat(startTime);
|
||||
endTime = parseFloat(endTime);
|
||||
|
||||
let UUID = uuidv1();
|
||||
if (startTime == NaN || endTime == NaN) {
|
||||
//invalid request
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
if (startTime > endTime) {
|
||||
//time can't go backwards
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
//this can just be a hash of the data
|
||||
//it's better than generating an actual UUID like what was used before
|
||||
//also better for duplication checking
|
||||
let hashCreator = crypto.createHash('sha256');
|
||||
let UUID = hashCreator.update(videoID + startTime + endTime + userID).digest('hex');
|
||||
|
||||
//get current time
|
||||
let timeSubmitted = Date.now();
|
||||
@@ -129,7 +150,7 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
|
||||
|
||||
if (row == null) {
|
||||
//not a duplicate, execute query
|
||||
db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, hashedIP, timeSubmitted);
|
||||
db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, hashedIP, timeSubmitted, 0);
|
||||
|
||||
res.sendStatus(200);
|
||||
} else {
|
||||
@@ -154,6 +175,9 @@ app.get('/api/voteOnSponsorTime', function (req, res) {
|
||||
return;
|
||||
}
|
||||
|
||||
//hash the userID
|
||||
userID = getHashedUserID(userID);
|
||||
|
||||
//check if vote has already happened
|
||||
db.prepare("SELECT type FROM votes WHERE userID = ? AND UUID = ?").get(userID, UUID, function(err, row) {
|
||||
if (err) console.log(err);
|
||||
@@ -207,10 +231,65 @@ app.get('/api/voteOnSponsorTime', function (req, res) {
|
||||
});
|
||||
});
|
||||
|
||||
//Endpoint when a sponsorTime is used up
|
||||
app.get('/api/viewedVideoSponsorTime', function (req, res) {
|
||||
let UUID = req.query.UUID;
|
||||
|
||||
if (UUID == undefined) {
|
||||
//invalid request
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
//up the view count by one
|
||||
db.prepare("UPDATE sponsorTimes SET views = views + 1 WHERE UUID = ?").run(UUID);
|
||||
|
||||
res.sendStatus(200);
|
||||
});
|
||||
|
||||
//Gets all the views added up for one userID
|
||||
//Useful to see how much one user has contributed
|
||||
app.get('/api/getViewsForUser', function (req, res) {
|
||||
let userID = req.query.userID;
|
||||
|
||||
if (userID == undefined) {
|
||||
//invalid request
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
//hash the userID
|
||||
userID = getHashedUserID(userID);
|
||||
|
||||
//up the view count by one
|
||||
db.prepare("SELECT SUM(views) as viewCount FROM sponsorTimes WHERE userID = ?").get(userID, function(err, row) {
|
||||
if (err) console.log(err);
|
||||
|
||||
if (row.viewCount != null) {
|
||||
res.send({
|
||||
viewCount: row.viewCount
|
||||
});
|
||||
} else {
|
||||
res.sendStatus(404);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
app.get('/database.db', function (req, res) {
|
||||
res.sendFile("./databases/sponsorTimes.db", { root: __dirname });
|
||||
});
|
||||
|
||||
function getHashedUserID(userID) {
|
||||
//hash the userID so no one can get it from the database
|
||||
let hashedUserID = userID;
|
||||
//hash it 5000 times, this makes it very hard to brute force
|
||||
for (let i = 0; i < 5000; i++) {
|
||||
let hashCreator = crypto.createHash('sha256');
|
||||
hashedUserID = hashCreator.update(hashedUserID).digest('hex');
|
||||
}
|
||||
|
||||
return hashedUserID;
|
||||
}
|
||||
|
||||
//This function will find sponsor times that are contained inside of eachother, called similar sponsor times
|
||||
//Only one similar time will be returned, randomly generated based on the sqrt of votes.
|
||||
|
||||
Reference in New Issue
Block a user