mirror of
https://github.com/ajayyy/SponsorBlockServer.git
synced 2025-12-06 11:36:58 +03:00
Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1148803671 | ||
|
|
4379660b01 | ||
|
|
51efb9a5c1 | ||
|
|
abfbba2ad0 | ||
|
|
7e041e5b49 | ||
|
|
d7dec47de7 | ||
|
|
71527cc4b1 | ||
|
|
5fbe580c08 |
44
index.js
44
index.js
@@ -92,6 +92,9 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
|
||||
return;
|
||||
}
|
||||
|
||||
//hash the userID
|
||||
userID = getHashedUserID(userID);
|
||||
|
||||
//x-forwarded-for if this server is behind a proxy
|
||||
let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
|
||||
|
||||
@@ -99,14 +102,30 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
|
||||
let hashedIP = ip + globalSalt;
|
||||
//hash it 5000 times, this makes it very hard to brute force
|
||||
for (let i = 0; i < 5000; i++) {
|
||||
let hashCreator = crypto.createHash('sha512');
|
||||
let hashCreator = crypto.createHash('sha256');
|
||||
hashedIP = hashCreator.update(hashedIP).digest('hex');
|
||||
}
|
||||
|
||||
startTime = parseFloat(startTime);
|
||||
endTime = parseFloat(endTime);
|
||||
|
||||
let UUID = uuidv1();
|
||||
if (startTime == NaN || endTime == NaN) {
|
||||
//invalid request
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
if (startTime > endTime) {
|
||||
//time can't go backwards
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
//this can just be a hash of the data
|
||||
//it's better than generating an actual UUID like what was used before
|
||||
//also better for duplication checking
|
||||
let hashCreator = crypto.createHash('sha256');
|
||||
let UUID = hashCreator.update(videoID + startTime + endTime + userID).digest('hex');
|
||||
|
||||
//get current time
|
||||
let timeSubmitted = Date.now();
|
||||
@@ -156,6 +175,9 @@ app.get('/api/voteOnSponsorTime', function (req, res) {
|
||||
return;
|
||||
}
|
||||
|
||||
//hash the userID
|
||||
userID = getHashedUserID(userID);
|
||||
|
||||
//check if vote has already happened
|
||||
db.prepare("SELECT type FROM votes WHERE userID = ? AND UUID = ?").get(userID, UUID, function(err, row) {
|
||||
if (err) console.log(err);
|
||||
@@ -236,16 +258,19 @@ app.get('/api/getViewsForUser', function (req, res) {
|
||||
return;
|
||||
}
|
||||
|
||||
//hash the userID
|
||||
userID = getHashedUserID(userID);
|
||||
|
||||
//up the view count by one
|
||||
db.prepare("SELECT SUM(views) as viewCount FROM sponsorTimes WHERE userID = ?").get(userID, function(err, row) {
|
||||
if (err) console.log(err);
|
||||
|
||||
if (row != null) {
|
||||
if (row.viewCount != null) {
|
||||
res.send({
|
||||
viewCount: row.viewCount
|
||||
});
|
||||
} else {
|
||||
res.send(404);
|
||||
res.sendStatus(404);
|
||||
}
|
||||
});
|
||||
});
|
||||
@@ -254,6 +279,17 @@ app.get('/database.db', function (req, res) {
|
||||
res.sendFile("./databases/sponsorTimes.db", { root: __dirname });
|
||||
});
|
||||
|
||||
function getHashedUserID(userID) {
|
||||
//hash the userID so no one can get it from the database
|
||||
let hashedUserID = userID;
|
||||
//hash it 5000 times, this makes it very hard to brute force
|
||||
for (let i = 0; i < 5000; i++) {
|
||||
let hashCreator = crypto.createHash('sha256');
|
||||
hashedUserID = hashCreator.update(hashedUserID).digest('hex');
|
||||
}
|
||||
|
||||
return hashedUserID;
|
||||
}
|
||||
|
||||
//This function will find sponsor times that are contained inside of eachother, called similar sponsor times
|
||||
//Only one similar time will be returned, randomly generated based on the sqrt of votes.
|
||||
|
||||
Reference in New Issue
Block a user