mirror of
https://github.com/ajayyy/SponsorBlockServer.git
synced 2025-12-25 00:48:22 +03:00
128 lines
5.5 KiB
TypeScript
128 lines
5.5 KiB
TypeScript
import { config } from "../config";
|
|
import { Logger } from "../utils/logger";
|
|
import { db, privateDB } from "../databases/databases";
|
|
import { getHashCache } from "../utils/getHashCache";
|
|
import { Request, Response } from "express";
|
|
import { isUserBanned } from "../utils/checkBan";
|
|
import { HashedUserID } from "../types/user.model";
|
|
import { isRequestInvalid } from "../utils/requestValidator";
|
|
|
|
function logUserNameChange(userID: string, newUserName: string, oldUserName: string, updatedByAdmin: boolean): Promise<void> {
|
|
return privateDB.prepare("run",
|
|
`INSERT INTO "userNameLogs"("userID", "newUserName", "oldUserName", "updatedByAdmin", "updatedAt") VALUES(?, ?, ?, ?, ?)`,
|
|
[userID, newUserName, oldUserName, + updatedByAdmin, new Date().getTime()]
|
|
);
|
|
}
|
|
|
|
export async function setUsername(req: Request, res: Response): Promise<Response> {
|
|
const userIDInput = req.query.userID as string;
|
|
const adminUserIDInput = req.query.adminUserID as string | undefined;
|
|
let userName = req.query.username as string;
|
|
let hashedUserID: HashedUserID;
|
|
|
|
if (userIDInput == undefined || userName == undefined || userIDInput === "undefined" || userName.length > 64) {
|
|
//invalid request
|
|
return res.sendStatus(400);
|
|
}
|
|
|
|
if (userName.includes("discord")) {
|
|
// Don't allow
|
|
return res.sendStatus(200);
|
|
}
|
|
|
|
// remove unicode control characters from username (example: \n, \r, \t etc.)
|
|
// source: https://en.wikipedia.org/wiki/Control_character#In_Unicode
|
|
// eslint-disable-next-line no-control-regex
|
|
userName = userName.replace(/[\u0000-\u001F\u007F-\u009F]/g, "");
|
|
|
|
if (isRequestInvalid({
|
|
userAgentHeader: req.headers["user-agent"],
|
|
userID: adminUserIDInput ?? userIDInput,
|
|
newUsername: userName,
|
|
endpoint: "setUsername",
|
|
})) {
|
|
Logger.warn(`Username change rejected by request validator: ${userName} ${req.headers["user-agent"]}`);
|
|
return res.sendStatus(200);
|
|
}
|
|
|
|
try {
|
|
if (adminUserIDInput != undefined) {
|
|
//this is the admin controlling the other users account, don't hash the controling account's ID
|
|
hashedUserID = userIDInput as HashedUserID;
|
|
|
|
if (await getHashCache(adminUserIDInput) != config.adminUserID) {
|
|
//they aren't the admin
|
|
return res.sendStatus(403);
|
|
}
|
|
} else {
|
|
// check privateID against publicID
|
|
if (!await checkPrivateUsername(userName, userIDInput)) {
|
|
return res.sendStatus(400);
|
|
}
|
|
//hash the userID
|
|
hashedUserID = await getHashCache(userIDInput) as HashedUserID;
|
|
|
|
const row = await db.prepare("get", `SELECT count(*) as "userCount" FROM "userNames" WHERE "userID" = ? AND "locked" = 1`, [hashedUserID]);
|
|
if (row.userCount > 0) {
|
|
return res.sendStatus(200);
|
|
}
|
|
|
|
if (await isUserBanned(hashedUserID)) {
|
|
return res.sendStatus(200);
|
|
}
|
|
|
|
const [segments, titles, thumbs] = await Promise.all([
|
|
db.prepare("get", `SELECT count(*) AS "count" FROM "sponsorTimes" WHERE "userID" = ? LIMIT 1`, [hashedUserID]),
|
|
db.prepare("get", `SELECT count(*) AS "count" FROM "titles" WHERE "userID" = ? LIMIT 1`, [hashedUserID]),
|
|
db.prepare("get", `SELECT count(*) AS "count" FROM "thumbnails" WHERE "userID" = ? LIMIT 1`, [hashedUserID]),
|
|
]) as {count: number}[];
|
|
|
|
if (segments.count === 0 && titles.count === 0 && thumbs.count === 0) {
|
|
return res.sendStatus(200);
|
|
}
|
|
}
|
|
}
|
|
catch (error) /* istanbul ignore next */ {
|
|
Logger.error(error as string);
|
|
return res.sendStatus(500);
|
|
}
|
|
|
|
try {
|
|
//check if username is already set
|
|
const row = await db.prepare("get", `SELECT "userName" FROM "userNames" WHERE "userID" = ? LIMIT 1`, [hashedUserID]);
|
|
const locked = adminUserIDInput === undefined ? 0 : 1;
|
|
let oldUserName = "";
|
|
|
|
if (row?.userName !== undefined) {
|
|
//already exists, update this row
|
|
oldUserName = row.userName;
|
|
if (userName == hashedUserID && !locked) {
|
|
await db.prepare("run", `DELETE FROM "userNames" WHERE "userID" = ?`, [hashedUserID]);
|
|
} else {
|
|
await db.prepare("run", `UPDATE "userNames" SET "userName" = ?, "locked" = ? WHERE "userID" = ?`, [userName, locked, hashedUserID]);
|
|
}
|
|
} else if (userName === hashedUserID) {
|
|
return res.sendStatus(200);
|
|
} else {
|
|
//add to the db
|
|
await db.prepare("run", `INSERT INTO "userNames"("userID", "userName", "locked") VALUES(?, ?, ?)`, [hashedUserID, userName, locked]);
|
|
}
|
|
|
|
await logUserNameChange(hashedUserID, userName, oldUserName, adminUserIDInput !== undefined);
|
|
|
|
return res.sendStatus(200);
|
|
} catch (err) /* istanbul ignore next */ {
|
|
Logger.error(err as string);
|
|
return res.sendStatus(500);
|
|
}
|
|
}
|
|
|
|
async function checkPrivateUsername(username: string, userID: string): Promise<boolean> {
|
|
if (username == userID) return false;
|
|
if (username.length <= config.minUserIDLength) return true; // don't check for cross matches <= 30 characters
|
|
const userNameHash = await getHashCache(username);
|
|
const userNameRow = await db.prepare("get", `SELECT "userID" FROM "userNames" WHERE "userID" = ? LIMIT 1`, [userNameHash]);
|
|
if (userNameRow?.userID) return false;
|
|
return true;
|
|
}
|