Add another validity filter

2025-05-11 18:36:17 +02:00 · 2025-04-25 12:55:44 -04:00 · 2025-04-25 12:55:44 -04:00 · 0d005c23bf
commit 0d005c23bf
parent 9f745d3a8b
5 changed files with 26 additions and 4 deletions
--- a/src/config.ts
+++ b/src/config.ts
@ -71,6 +71,7 @@ addDefaults(config, {
    },
    validityCheck: {
        userAgent: null,
+        userAgentR: null,
    },
    userCounterURL: null,
    userCounterRatio: 10,
--- a/src/routes/postBranding.ts
+++ b/src/routes/postBranding.ts
@ -58,7 +58,7 @@ export async function postBranding(req: Request, res: Response) {
        const hashedIP = await getHashCache(getIP(req) + config.globalSalt as IPAddress);
        const isBanned = await checkBanStatus(hashedUserID, hashedIP);

-        if (!validSubmittedData(userAgent)) {
+        if (!validSubmittedData(userAgent, req.headers["user-agent"])) {
            Logger.warn(`Rejecting submission based on invalid data: ${hashedUserID} ${videoID} ${videoDuration} ${userAgent} ${req.headers["user-agent"]}`);
            res.status(200).send("OK");
            return;
--- a/src/routes/postSkipSegments.ts
+++ b/src/routes/postSkipSegments.ts
@ -509,7 +509,7 @@ export async function postSkipSegments(req: Request, res: Response): Promise<Res
    }
    const userID: HashedUserID = await getHashCache(paramUserID);

-    if (!validSubmittedData(userAgent)) {
+    if (!validSubmittedData(userAgent, req.headers["user-agent"])) {
        Logger.warn(`Rejecting submission based on invalid data: ${userID} ${videoID} ${videoDurationParam} ${userAgent} ${req.headers["user-agent"]}`);
        return res.status(200).send("OK");
    }
--- a/src/types/config.model.ts
+++ b/src/types/config.model.ts
@ -87,6 +87,7 @@ export interface SBSConfig {
    };
    validityCheck: {
        userAgent: string | null;
+        userAgentR: string | null;
    }
    minimumPrefix?: string;
    maximumPrefix?: string;
--- a/src/utils/permissions.ts
+++ b/src/utils/permissions.ts
@ -108,12 +108,32 @@ export async function canSubmit(userID: HashedUserID, category: Category): Promi
    }
 }

-export function validSubmittedData(userAgent: string): boolean {
+export function validSubmittedData(userAgent: string, userAgentR: string): boolean {
    if (!config.validityCheck.userAgent) {
        return true;
    }

-    return !new RegExp(config.validityCheck.userAgent).test(userAgent);
+    for (const key of Object.keys(config.validityCheck)) {
+        const check = (config.validityCheck as Record<string, string | null>)[key];
+        if (check === null) {
+            continue;
+        } else {
+            switch (key) {
+                case "userAgent":
+                    if (!userAgent.match(check)) {
+                        return false;
+                    }
+                    break;
+                case "userAgentR":
+                    if (!userAgentR.match(new RegExp(check))) {
+                        return false;
+                    }
+                    break;
+            }
+        }
+    }
+
+    return true;
 }

 export async function canSubmitGlobal(userID: HashedUserID): Promise<CanSubmitGlobalResult> {