From dec0971c14e3308d786626a8355eb1b9e5a7e4b1 Mon Sep 17 00:00:00 2001
From: Nanobyte <nanobyte@ymail.com>
Date: Wed, 9 Sep 2020 16:40:13 +0200
Subject: [PATCH] Adding check to only allow a list of categories

---
 config.json.example             | 3 ++-
 src/routes/postSkipSegments.js  | 5 +++++
 src/routes/voteOnSponsorTime.js | 5 +++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/config.json.example b/config.json.example
index befb39e..337c317 100644
--- a/config.json.example
+++ b/config.json.example
@@ -19,5 +19,6 @@
     "privateDBSchema": "./databases/_private.db.sql",
     "mode": "development",
     "readOnly": false,
-    "webhooks": []
+    "webhooks": [],
+    "categoryList": ["sponsor", "intro", "outro", "interaction", "selfpromo", "music_offtopic"] // List of supported categories any other category will be rejected
 }
diff --git a/src/routes/postSkipSegments.js b/src/routes/postSkipSegments.js
index 91ae71e..40a1b5f 100644
--- a/src/routes/postSkipSegments.js
+++ b/src/routes/postSkipSegments.js
@@ -194,6 +194,11 @@ module.exports = async function postSkipSegments(req, res) {
             res.sendStatus(400);
             return;
         }
+        
+        if (!config.categoryList.includes(segments[i].category)) {
+          res.status("400").send("Category doesn't exist.");
+          return;
+        }
 
         let startTime = parseFloat(segments[i].segment[0]);
         let endTime = parseFloat(segments[i].segment[1]);
diff --git a/src/routes/voteOnSponsorTime.js b/src/routes/voteOnSponsorTime.js
index f3be68b..7fe4f18 100644
--- a/src/routes/voteOnSponsorTime.js
+++ b/src/routes/voteOnSponsorTime.js
@@ -150,6 +150,11 @@ function categoryVote(UUID, userID, isVIP, category, hashedIP, res) {
         res.status("400").send("Submission doesn't exist.");
         return;
     }
+    
+    if (!config.categoryList.includes(category)) {
+      res.status("400").send("Category doesn't exist.");
+      return;
+    }
 
     let timeSubmitted = Date.now();