From 56aa677fe09b3618d29a90904fba1cb21ffae960 Mon Sep 17 00:00:00 2001 From: qwerinope Date: Sun, 14 Sep 2025 21:58:00 +0200 Subject: [PATCH] prompt injection fix --- src/events/message.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/events/message.ts b/src/events/message.ts index 80adda8..a78f457 100644 --- a/src/events/message.ts +++ b/src/events/message.ts @@ -1,5 +1,5 @@ import { EventSubChannelChatMessageEvent } from "@twurple/eventsub-base" -import { streamerId, eventSub, commandPrefix, streamerUsers } from "main"; +import { streamerId, eventSub, commandPrefix, streamerUsers, chatterId } from "main"; import User from "user"; import commands, { Command, sendMessage, specialAliasCommands } from "commands"; import { redis } from "bun"; @@ -27,7 +27,7 @@ async function parseChatMessage(msg: EventSubChannelChatMessageEvent) { // and both are usable to target the same user (id is the same) // The only problem would be if a user changed their name and someone else took their name right after - if (!await isInvuln(user?.id!)) user?.setVulnerable(); // Make the user vulnerable to explosions if not marked as invuln + if (msg.chatterId === chatterId) return; if (!await redis.exists(`user:${user?.id}:haschatted`) && !msg.sourceMessageId) { const message = await sendMessage(`Welcome ${user?.displayName}. Please note: This chat has PvP, if you get timed out that's part of the qwerinope experience. You have 10 minutes of invincibility. A full list of commands and items can be found here: https://github.com/qwerinope/qweribot/#qweribot`); @@ -37,6 +37,8 @@ async function parseChatMessage(msg: EventSubChannelChatMessageEvent) { if (!await isInvuln(msg.chatterId)) await setTemporaryInvuln(user?.id!); // This would set the invuln expiration lmao }; + if (!await isInvuln(user?.id!)) user?.setVulnerable(); // Make the user vulnerable to explosions if not marked as invuln + if (!msg.isCheer && !msg.isRedemption) await handleChatMessage(msg, user!) else if (msg.isCheer && !msg.isRedemption) await handleCheer(msg, msg.bits, user!); };