From 7f00bc6f2bd398faa067e6a1c87a0171ca8f7905 Mon Sep 17 00:00:00 2001
From: John Li <john166@rocketmail.com>
Date: Fri, 20 Dec 2019 09:58:46 -0800
Subject: [PATCH] synced with up to date code

---
 backend/SQLQuery.js         |  7 ++++---
 backend/backend.js          | 16 ++++++++++------
 backend/config-example.json |  1 +
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/backend/SQLQuery.js b/backend/SQLQuery.js
index 7a0019c..9ab4b13 100644
--- a/backend/SQLQuery.js
+++ b/backend/SQLQuery.js
@@ -357,7 +357,7 @@ function addStreamerTable(channelId){
         });
         
         if(!toReturn){
-            connection.relase();
+            connection.release();
         }
 
     });
@@ -642,7 +642,7 @@ function updateGraphTable(channelId, times){
             return;
         }
 
-        pool.query("ALTER TABLE ? ADD \`?\` INT NOT NULL DEFAULT 0;",
+        connection.query("ALTER TABLE ? ADD \`?\` INT NOT NULL DEFAULT 0;",
                 [channelId, today], function(error){
          
            if(toReturn || _assertError(error, connection)){
@@ -653,7 +653,7 @@ function updateGraphTable(channelId, times){
            // On the same connection, update each person's time.
            for(let viewer in times){
 
-               pool.query("UPDATE ? SET \`?\`=? WHERE username=?;", 
+               connection.query("UPDATE ? SET \`?\`=? WHERE username=?;", 
                        [channelId, today, times[viewer], 
                        viewer], function(error){
                  
@@ -965,6 +965,7 @@ function _assertError(err, connection, res=undefined){
             connection.release();
         }
         catch(error){
+            logger.error("Connection already released.")
         }
         if(res != undefined){
             res.writeHead(json.badRequest);
diff --git a/backend/backend.js b/backend/backend.js
index 8e64253..7059e91 100644
--- a/backend/backend.js
+++ b/backend/backend.js
@@ -180,7 +180,7 @@ const server = https.createServer(options, function(req, res){
                         if(response != undefined){
                             response = response[0];
                             const displayName = response["display_name"];
-                            res.setHeader("name", displayName);
+                            res.setHeader("name", encodeURIComponent(displayName));
                         }
 
                         // Then we end and return because we don't want the 
@@ -202,7 +202,9 @@ const server = https.createServer(options, function(req, res){
 
                     // If viewer can't be found in the channel's trackers, add
                     // them to it and the SQL tables.
-                    if(!trackers[channelId].hasOwnProperty(displayName) && 
+                    if(trackers.hasOwnProperty(channelId) && 
+                            whitelisted.hasOwnProperty(channelId) &&
+                            !trackers[channelId].hasOwnProperty(displayName) && 
                             !whitelisted[channelId].hasOwnProperty(displayName)){
                         sql.addViewer(channelId, response["id"], displayName);
                         sql.addViewerGraphTable(channelId, response["id"], 
@@ -502,7 +504,7 @@ const server = https.createServer(options, function(req, res){
 
             const requestPayload = jwt.parse(req.headers["extension-jwt"]).
                     payloadObj;
-            const viewer = req.headers["viewerqueriedfor"];
+            const viewer = decodeURIComponent(req.headers["viewerqueriedfor"]);
             const channelId = requestPayload["channel_id"];
             let isWhitelisted = false;
             
@@ -519,7 +521,8 @@ const server = https.createServer(options, function(req, res){
 
             // Check if request from actualy from the client that's being 
             // paused.
-            if(trackers[channelId][viewer] != undefined){
+            if(trackers[channelId] != undefined 
+                    && trackers[channelId][viewer] != undefined){
                 if(requestPayload["user_id"] != 
                         trackers[channelId][viewer].user){
                     res.writeHead(json.forbidden, headers);
@@ -530,7 +533,8 @@ const server = https.createServer(options, function(req, res){
                 }
             }
 
-            else if(whitelisted[channelId][viewer] != undefined){
+            else if(whitelisted[channelId] != undefined 
+                    && whitelisted[channelId][viewer] != undefined){
                 if(requestPayload["user_id"] != 
                         whitelisted[channelId][viewer].user){
                     res.writeHead(json.forbidden, headers);
@@ -1017,7 +1021,7 @@ function _checkJWT(req, res){
             !jwt.verifyJWT(req.headers["extension-jwt"],
             {"b64": json.secret}, {alg: [json.alg]})){
             
-        res.writeHead(json.forbidden, headers);
+        res.writeHead(json.forbidden, json.headers);
         res.end();
         return false;
     }
diff --git a/backend/config-example.json b/backend/config-example.json
index c51a390..c786f3f 100644
--- a/backend/config-example.json
+++ b/backend/config-example.json
@@ -38,6 +38,7 @@
     "webhookPath": "/helix/webhooks/hub",
     "getWebhooksPath": "/helix/webhooks/subscriptions",
     "tokenPath": "/oauth2/token",
+    "tokenRefreshPath": "/oauth2/token--data-urlencode",
 
     "alg": "YOUR_PREFERRED_ENCRYPTION_ALGORITHM_HERE",