external/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2024-11-10 09:07:47 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #29 from ajayyy/experimental

Browse source 
Admin can change usernames + Config file
This commit is contained in:
Ajay Ramachandran 2019-09-04 13:21:06 -04:00 committed by GitHub
commit 62095b2847
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitignore vendored
View file

@ -89,4 +89,7 @@ typings/
# Databases # Databases
databases/sponsorTimes.db databases/sponsorTimes.db
databases/private.db databases/private.db
# Config files
config.json

5
config.json.example Normal file
View file

@ -0,0 +1,5 @@
{
"globalSalt": "[global salt (pepper) that is added to every ip before hashing to make it even harder for someone to decode the ip]",
"adminUserID": "[the hashed id of the user who can perform admin actions]",
"behindProxy": true
}

29
index.js
View file

@ -1,4 +1,5 @@
var express = require('express'); var express = require('express');
var fs = require('fs');
var http = require('http'); var http = require('http');
// Create a service (the app object is just a callback). // Create a service (the app object is just a callback).
var app = express(); var app = express();
@ -15,14 +16,13 @@ var privateDB = new sqlite3.Database('./databases/private.db');
// Create an HTTP service. // Create an HTTP service.
http.createServer(app).listen(80); http.createServer(app).listen(80);
//global salt that is added to every ip before hashing to let config = JSON.parse(fs.readFileSync('config.json'));
// make it even harder for someone to decode the ip
var globalSalt = "49cb0d52-1aec-4b89-85fc-fab2c53062fb"; var globalSalt = config.globalSalt;
//this is the user that can add shadow bans var adminUserID = config.adminUserID;
var adminUserID = "7b89ea26f77bda8176e655eee86029f28c1e6514b6d6e3450bce362b5b126ca3";
//if so, it will use the x-forwarded header instead of the ip address of the connection //if so, it will use the x-forwarded header instead of the ip address of the connection
var behindProxy = true; var behindProxy = config.behindProxy;
//setup CORS correctly //setup CORS correctly
app.use(function(req, res, next) { app.use(function(req, res, next) {
@ -291,14 +291,27 @@ app.post('/api/setUsername', function (req, res) {
let userID = req.query.userID; let userID = req.query.userID;
let userName = req.query.username; let userName = req.query.username;
let adminUserIDInput = req.query.adminUserID;
if (userID == undefined || userName == undefined || userID === "undefined") { if (userID == undefined || userName == undefined || userID === "undefined") {
//invalid request //invalid request
res.sendStatus(400); res.sendStatus(400);
return; return;
} }
//hash the userID if (adminUserIDInput != undefined) {
userID = getHash(userID); //this is the admin controlling the other users account, don't hash the controling account's ID
adminUserIDInput = getHash(adminUserIDInput);
if (adminUserIDInput != adminUserID) {
//they aren't the admin
res.sendStatus(403);
return;
}
} else {
//hash the userID
userID = getHash(userID);
}
//check if username is already set //check if username is already set
db.prepare("SELECT count(*) as count FROM userNames WHERE userID = ?").get(userID, function(err, row) { db.prepare("SELECT count(*) as count FROM userNames WHERE userID = ?").get(userID, function(err, row) {