Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-06 19:47:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirror:v1.0.1
Branches Tags
Mirror:master Mirror:revert-566-dependabot/npm_and_yarn/axios-1.6.0 Mirror:debug Mirror:clickbait Mirror:k8s-test Mirror:js
Mirror:1.0.34 Mirror:1.0.31 Mirror:v1.0.21 Mirror:v1.0.13 Mirror:v1.0.5 Mirror:v1.0.3 Mirror:v1.0.1 Mirror:v0.3 Mirror:v0.2 Mirror:v0.1
...
compare: Mirror:v1.0.13
Branches Tags
Mirror:master Mirror:revert-566-dependabot/npm_and_yarn/axios-1.6.0 Mirror:debug Mirror:clickbait Mirror:k8s-test Mirror:js
Mirror:1.0.34 Mirror:1.0.31 Mirror:v1.0.21 Mirror:v1.0.13 Mirror:v1.0.5 Mirror:v1.0.3 Mirror:v1.0.1 Mirror:v0.3 Mirror:v0.2 Mirror:v0.1

14 Commits
v1.0.1 ... v1.0.13

Author SHA1 Message Date
Ajay Ramachandran
9c132c5089 Merge pull request #9 from ajayyy/experimental 
Privacy + Security Additions
 2019-07-28 23:01:35 -04:00
Ajay Ramachandran
4e732b6367 Made votes anonymous. 2019-07-28 23:00:54 -04:00
Ajay Ramachandran
3720681f84 Made IP addresses private. 2019-07-28 22:58:20 -04:00
Ajay Ramachandran
2b16872936 Merge pull request #8 from ajayyy/experimental 
Fixed NaN check not correct
 2019-07-28 16:06:00 -04:00
Ajay Ramachandran
dadbf8026e Fixed NaN check not correct. 2019-07-28 16:05:23 -04:00
Ajay Ramachandran
fd6071f8d6 Removed extra comment. 2019-07-26 17:15:42 -04:00
Ajay Ramachandran
1148803671 Merge pull request #7 from ajayyy/experimental 
Fixed NaN crashing the server
 2019-07-26 15:20:56 -04:00
Ajay Ramachandran
4379660b01 Fixed NaN crashing the server. 2019-07-26 15:20:34 -04:00
Ajay Ramachandran
51efb9a5c1 Merge pull request #6 from ajayyy/experimental 
Added hashing to userIDs and changed up how the UUID is created
 2019-07-25 16:59:36 -04:00
Ajay Ramachandran
abfbba2ad0 Fixed server crash. 2019-07-25 16:56:06 -04:00
Ajay Ramachandran
7e041e5b49 Prevented backwards sponsor times. 2019-07-25 16:54:43 -04:00
Ajay Ramachandran
d7dec47de7 Made the UUID a hash of the input instead of random. 2019-07-25 16:48:13 -04:00
Ajay Ramachandran
71527cc4b1 Switched back to sha256, sha512 is just too long. 2019-07-25 16:36:53 -04:00
Ajay Ramachandran
5fbe580c08 Hash the userIDs 2019-07-25 16:35:08 -04:00
1 changed files with 61 additions and 11 deletions
Expand all files Collapse all files

72
index.js
View File

@@ -13,6 +13,8 @@ var crypto = require('crypto');
//load database
var sqlite3 = require('sqlite3').verbose();
var db = new sqlite3.Database('./databases/sponsorTimes.db');
//where the more sensitive data such as IP addresses are stored
var privateDB = new sqlite3.Database('./databases/private.db');
// Create an HTTP service.
http.createServer(app).listen(80);
@@ -92,6 +94,9 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
return;
}
//hash the userID
userID = getHashedUserID(userID);
//x-forwarded-for if this server is behind a proxy
let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
@@ -99,14 +104,30 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
let hashedIP = ip + globalSalt;
//hash it 5000 times, this makes it very hard to brute force
for (let i = 0; i < 5000; i++) {
let hashCreator = crypto.createHash('sha512');
let hashCreator = crypto.createHash('sha256');
hashedIP = hashCreator.update(hashedIP).digest('hex');
}
startTime = parseFloat(startTime);
endTime = parseFloat(endTime);
let UUID = uuidv1();
if (isNaN(startTime) || isNaN(endTime)) {
//invalid request
res.sendStatus(400);
return;
}
if (startTime > endTime) {
//time can't go backwards
res.sendStatus(400);
return;
}
//this can just be a hash of the data
//it's better than generating an actual UUID like what was used before
//also better for duplication checking
let hashCreator = crypto.createHash('sha256');
let UUID = hashCreator.update(videoID + startTime + endTime + userID).digest('hex');
//get current time
let timeSubmitted = Date.now();
@@ -114,7 +135,7 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
let yesterday = timeSubmitted - 86400000;
//check to see if this ip has submitted too many sponsors today
db.prepare("SELECT COUNT(*) as count FROM sponsorTimes WHERE hashedIP = ? AND videoID = ? AND timeSubmitted > ?").get([hashedIP, videoID, yesterday], function(err, row) {
privateDB.prepare("SELECT COUNT(*) as count FROM sponsorTimes WHERE hashedIP = ? AND videoID = ? AND timeSubmitted > ?").get([hashedIP, videoID, yesterday], function(err, row) {
if (row.count >= 10) {
//too many sponsors for the same video from the same ip address
res.sendStatus(429);
@@ -131,7 +152,10 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
if (row == null) {
//not a duplicate, execute query
db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, hashedIP, timeSubmitted, 0);
db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, 0, UUID, userID, timeSubmitted, 0);
//add to private db as well
privateDB.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?)").run(videoID, hashedIP, timeSubmitted);
res.sendStatus(200);
} else {
@@ -156,8 +180,22 @@ app.get('/api/voteOnSponsorTime', function (req, res) {
return;
}
//hash the userID
userID = getHashedUserID(userID + UUID);
//x-forwarded-for if this server is behind a proxy
let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
//hash the ip so no one can get it from the database
let hashedIP = ip + globalSalt;
//hash it 5000 times, this makes it very hard to brute force
for (let i = 0; i < 5000; i++) {
let hashCreator = crypto.createHash('sha256');
hashedIP = hashCreator.update(hashedIP).digest('hex');
}
//check if vote has already happened
db.prepare("SELECT type FROM votes WHERE userID = ? AND UUID = ?").get(userID, UUID, function(err, row) {
privateDB.prepare("SELECT type FROM votes WHERE userID = ? AND UUID = ?").get(userID, UUID, function(err, row) {
if (err) console.log(err);
if (row != undefined && row.type == type) {
@@ -193,17 +231,15 @@ app.get('/api/voteOnSponsorTime', function (req, res) {
//update the votes table
if (row != undefined) {
db.prepare("UPDATE votes SET type = ? WHERE userID = ? AND UUID = ?").run(type, userID, UUID);
privateDB.prepare("UPDATE votes SET type = ? WHERE userID = ? AND UUID = ?").run(type, userID, UUID);
} else {
db.prepare("INSERT INTO votes VALUES(?, ?, ?)").run(userID, UUID, type);
privateDB.prepare("INSERT INTO votes VALUES(?, ?, ?, ?)").run(UUID, userID, hashedIP, type);
}
//update the vote count on this sponsorTime
//oldIncrementAmount will be zero is row is null
db.prepare("UPDATE sponsorTimes SET votes = votes + ? WHERE UUID = ?").run(incrementAmount - oldIncrementAmount, UUID);
//update the votes table
//added to db
res.sendStatus(200);
});
@@ -236,16 +272,19 @@ app.get('/api/getViewsForUser', function (req, res) {
return;
}
//hash the userID
userID = getHashedUserID(userID);
//up the view count by one
db.prepare("SELECT SUM(views) as viewCount FROM sponsorTimes WHERE userID = ?").get(userID, function(err, row) {
if (err) console.log(err);
if (row != null) {
if (row.viewCount != null) {
res.send({
viewCount: row.viewCount
});
} else {
res.send(404);
res.sendStatus(404);
}
});
});
@@ -254,6 +293,17 @@ app.get('/database.db', function (req, res) {
res.sendFile("./databases/sponsorTimes.db", { root: __dirname });
});
function getHashedUserID(userID) {
//hash the userID so no one can get it from the database
let hashedUserID = userID;
//hash it 5000 times, this makes it very hard to brute force
for (let i = 0; i < 5000; i++) {
let hashCreator = crypto.createHash('sha256');
hashedUserID = hashCreator.update(hashedUserID).digest('hex');
}
return hashedUserID;
}
//This function will find sponsor times that are contained inside of eachother, called similar sponsor times
//Only one similar time will be returned, randomly generated based on the sqrt of votes.