From 05da836384fd0a883a9876c719c365d81286bd47 Mon Sep 17 00:00:00 2001
From: Ajay Ramachandran <dev@ajay.app>
Date: Wed, 10 Jul 2019 22:00:28 -0400
Subject: [PATCH] Made the server save a hash of their ip with the data.

---
 index.js | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 2632892..2ae4ab2 100644
--- a/index.js
+++ b/index.js
@@ -7,6 +7,10 @@ var app = express();
 //uuid service
 var uuidv1 = require('uuid/v1');
 
+//hashing service
+var crypto = require('crypto');
+var hash = crypto.createHash('sha256');
+
 //load database
 var sqlite3 = require('sqlite3').verbose();
 var db = new sqlite3.Database('./databases/sponsorTimes.db');
@@ -55,6 +59,12 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
     let endTime = req.query.endTime;
     let userID = req.query.userID;
 
+    //x-forwarded-for if this server is behind a proxy
+    let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
+
+    //hash the ip so no one can get it from the database
+    let hashedIP = hash.update(ip).digest('hex');
+
     if (typeof videoID != 'string' || startTime == undefined || endTime == undefined || userID == undefined) {
         //invalid request
         res.sendStatus(400);
@@ -66,7 +76,7 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
 
     let UUID = uuidv1();
 
-    db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?)").run(videoID, startTime, endTime, UUID, userID);
+    db.prepare("INSERT INTO sponsorTimes VALUES(?, ?, ?, ?, ?, ?)").run(videoID, startTime, endTime, UUID, userID, hashedIP);
 
     res.sendStatus(200);
 });