diff --git a/src/routes/postSkipSegments.ts b/src/routes/postSkipSegments.ts index 492e5dc..c18e38b 100644 --- a/src/routes/postSkipSegments.ts +++ b/src/routes/postSkipSegments.ts @@ -324,6 +324,15 @@ function checkInvalidFields(videoID: any, userID: any, segments: Array): Ch if (!Array.isArray(segments) || segments.length < 1) { invalidFields.push("segments"); } + // validate start and end times (no : marks) + for (const segmentPair of segments) { + const startTime = segmentPair.segment[0]; + const endTime = segmentPair.segment[1]; + if ((typeof startTime === "string" && startTime.includes(":")) || + (typeof endTime === "string" && endTime.includes(":"))) { + invalidFields.push("segment time"); + } + } if (invalidFields.length !== 0) { // invalid request @@ -362,7 +371,7 @@ async function checkEachSegmentValid(userID: string, videoID: VideoID errorCode: 403, errorMessage: `New submissions are not allowed for the following category: ` + - `'${segments[i].category}'. A moderator has decided that no new segments are needed and that all current segments of this category are timed perfectly.\n` + + `'${segments[i].category}'. A moderator has decided that no new segments are needed on this video and that all current segments of this category are timed perfectly.\n` + `${lockedCategoryList[lockIndex].reason?.length !== 0 ? `\nLock reason: '${lockedCategoryList[lockIndex].reason}'` : ""}\n` + `${(segments[i].category === "sponsor" ? "\nMaybe the segment you are submitting is a different category that you have not enabled and is not a sponsor. " + "Categories that aren't sponsor, such as self-promotion can be enabled in the options.\n" : "")}` + diff --git a/src/routes/shadowBanUser.ts b/src/routes/shadowBanUser.ts index 3ecb653..bd04760 100644 --- a/src/routes/shadowBanUser.ts +++ b/src/routes/shadowBanUser.ts @@ -48,16 +48,7 @@ export async function shadowBanUser(req: Request, res: Response): Promise `'${c}'`).join(",")}) - AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE - "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); - - // clear cache for all old videos - (await db.prepare("all", `SELECT "videoID", "hashedVideoID", "service", "votes", "views" FROM "sponsorTimes" WHERE "userID" = ?`, [userID])) - .forEach((videoInfo: {category: Category, videoID: VideoID, hashedVideoID: VideoIDHash, service: Service, userID: UserID}) => { - QueryCacher.clearVideoCache(videoInfo); - } - ); + await unHideSubmissions(categories, userID); } } else if (!enabled && row.userCount > 0) { //remove them from the shadow ban list @@ -84,6 +75,16 @@ export async function shadowBanUser(req: Request, res: Response): Promise `'${c}'`).join(",")})`, [UUID]); })); } + // already shadowbanned + } else if (enabled && row.userCount > 0) { + // apply unHideOldSubmissions if applicable + if (unHideOldSubmissions) { + await unHideSubmissions(categories, userID); + return res.sendStatus(200); + } + + // otherwise ban already exists, send 409 + return res.sendStatus(409); } } else if (hashedIP) { //check to see if this user is already shadowbanned @@ -115,3 +116,16 @@ export async function shadowBanUser(req: Request, res: Response): Promise `'${c}'`).join(",")}) + AND NOT EXISTS ( SELECT "videoID", "category" FROM "lockCategories" WHERE + "sponsorTimes"."videoID" = "lockCategories"."videoID" AND "sponsorTimes"."category" = "lockCategories"."category")`, [userID]); + + // clear cache for all old videos + (await db.prepare("all", `SELECT "videoID", "hashedVideoID", "service", "votes", "views" FROM "sponsorTimes" WHERE "userID" = ?`, [userID])) + .forEach((videoInfo: { category: Category; videoID: VideoID; hashedVideoID: VideoIDHash; service: Service; userID: UserID; }) => { + QueryCacher.clearVideoCache(videoInfo); + } + ); //eslint-disable-line +} \ No newline at end of file diff --git a/test/cases/postSkipSegments.ts b/test/cases/postSkipSegments.ts index b6643c2..de502e1 100644 --- a/test/cases/postSkipSegments.ts +++ b/test/cases/postSkipSegments.ts @@ -987,4 +987,26 @@ describe("postSkipSegments", () => { }) .catch(err => done(err)); }); + + it("Should not be able to submit with colons in timestamps", (done: Done) => { + fetch(`${getbaseURL()}/api/postVideoSponsorTimes`, { + method: "POST", + headers: { + "Content-Type": "application/json" + }, + body: JSON.stringify({ + userID: "testtesttesttesttesttesttesttesttest", + videoID: "colon-1", + segments: [{ + segment: ["0:2.000", "3:10.392"], + category: "sponsor", + }] + }), + }) + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); diff --git a/test/cases/shadowBanUser.ts b/test/cases/shadowBanUser.ts index 419c324..56cf15f 100644 --- a/test/cases/shadowBanUser.ts +++ b/test/cases/shadowBanUser.ts @@ -18,7 +18,11 @@ describe("shadowBanUser", () => { await db.prepare("run", insertQuery, ["testtesttest", 1, 11, 2, 0, "shadow-3-uuid-0", "shadowBanned3", 0, 50, "sponsor", "YouTube", 100, 0, 1, getHash("testtesttest", 1)]); await db.prepare("run", insertQuery, ["testtesttest2", 1, 11, 2, 0, "shadow-3-uuid-0-1", "shadowBanned3", 0, 50, "sponsor", "PeerTube", 120, 0, 1, getHash("testtesttest2", 1)]); await db.prepare("run", insertQuery, ["testtesttest", 20, 33, 2, 0, "shadow-3-uuid-2", "shadowBanned3", 0, 50, "intro", "YouTube", 101, 0, 1, getHash("testtesttest", 1)]); + + await db.prepare("run", insertQuery, ["testtesttest", 21, 34, 2, 0, "shadow-4-uuid-1", "shadowBanned4", 0, 50, "sponsor", "YouTube", 101, 0, 0, getHash("testtesttest", 1)]); + await db.prepare("run", `INSERT INTO "shadowBannedUsers" ("userID") VALUES(?)`, ["shadowBanned3"]); + await db.prepare("run", `INSERT INTO "shadowBannedUsers" ("userID") VALUES(?)`, ["shadowBanned4"]); await db.prepare("run", `INSERT INTO "vipUsers" ("userID") VALUES(?)`, [getHash("shadow-ban-vip")]); }); @@ -106,4 +110,38 @@ describe("shadowBanUser", () => { .catch(err => done(err)); }); + it("Should get 409 when re-shadowbanning user", (done: Done) => { + fetch(`${getbaseURL() + }/api/shadowBanUser?userID=shadowBanned4&adminUserID=shadow-ban-vip&enabled=true&categories=["sponsor"]&unHideOldSubmissions=false`, { + method: "POST" + }) + .then(async res => { + assert.strictEqual(res.status, 409); + const videoRow = await db.prepare("all", `SELECT "shadowHidden", "category" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned4", 0]); + const shadowRow = await db.prepare("get", `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned4"]); + assert.ok(shadowRow); // ban still exists + assert.strictEqual(videoRow.length, 1); // videos should not be hidden + assert.strictEqual(videoRow[0].category, "sponsor"); + done(); + }) + .catch(err => done(err)); + }); + + it("Should be able to re-shadowban user to hide old submissions", (done: Done) => { + fetch(`${getbaseURL() + }/api/shadowBanUser?userID=shadowBanned4&adminUserID=shadow-ban-vip&enabled=true&categories=["sponsor"]&unHideOldSubmissions=true`, { + method: "POST" + }) + .then(async res => { + assert.strictEqual(res.status, 200); + const videoRow = await db.prepare("all", `SELECT "shadowHidden", "category" FROM "sponsorTimes" WHERE "userID" = ? AND "shadowHidden" = ?`, ["shadowBanned4", 1]); + const shadowRow = await db.prepare("get", `SELECT * FROM "shadowBannedUsers" WHERE "userID" = ?`, ["shadowBanned4"]); + assert.ok(shadowRow); // ban still exists + assert.strictEqual(videoRow.length, 1); // videos should be hidden + assert.strictEqual(videoRow[0].category, "sponsor"); + done(); + }) + .catch(err => done(err)); + }); + });