From 02fa66be203953afbca0b462875be163c17b9fb0 Mon Sep 17 00:00:00 2001
From: jvyden <jvyden@jvyden.xyz>
Date: Sun, 3 Apr 2022 17:31:50 -0400
Subject: [PATCH] Reject photo uploads that were taken in the future

---
 .../GameApi/Resources/PhotosController.cs     |  2 +
 .../CleanupBrokenPhotosMaintenanceJob.cs      | 43 +++++++++++--------
 2 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/ProjectLighthouse/Controllers/GameApi/Resources/PhotosController.cs b/ProjectLighthouse/Controllers/GameApi/Resources/PhotosController.cs
index c035c732..cee06cf8 100644
--- a/ProjectLighthouse/Controllers/GameApi/Resources/PhotosController.cs
+++ b/ProjectLighthouse/Controllers/GameApi/Resources/PhotosController.cs
@@ -57,6 +57,8 @@ public class PhotosController : ControllerBase
 
         if (photo.Subjects.Count > 4) return this.BadRequest();
 
+        if (photo.Timestamp > TimestampHelper.Timestamp) return this.BadRequest();
+
         foreach (PhotoSubject subject in photo.Subjects)
         {
             subject.User = await this.database.Users.FirstOrDefaultAsync(u => u.Username == subject.Username);
diff --git a/ProjectLighthouse/Maintenance/MaintenanceJobs/CleanupBrokenPhotosMaintenanceJob.cs b/ProjectLighthouse/Maintenance/MaintenanceJobs/CleanupBrokenPhotosMaintenanceJob.cs
index 8b607db9..7af922b2 100644
--- a/ProjectLighthouse/Maintenance/MaintenanceJobs/CleanupBrokenPhotosMaintenanceJob.cs
+++ b/ProjectLighthouse/Maintenance/MaintenanceJobs/CleanupBrokenPhotosMaintenanceJob.cs
@@ -25,6 +25,21 @@ public class CleanupBrokenPhotosMaintenanceJob : IMaintenanceJob
             bool largeHashIsInvalidFile = false;
             bool tooManyPhotoSubjects = false;
             bool duplicatePhotoSubjects = false;
+            bool takenInTheFuture = true;
+
+            // Checks should generally be ordered in least computationally expensive to most.
+
+            if (photo.Subjects.Count > 4)
+            {
+                tooManyPhotoSubjects = true;
+                goto removePhoto;
+            }
+
+            if (photo.Timestamp > TimestampHelper.Timestamp)
+            {
+                takenInTheFuture = true;
+                goto removePhoto;
+            }
 
             hashNullOrEmpty = string.IsNullOrEmpty
                                   (photo.LargeHash) ||
@@ -41,23 +56,6 @@ public class CleanupBrokenPhotosMaintenanceJob : IMaintenanceJob
                 photo.PlanHash,
             };
 
-            noHashesExist = FileHelper.ResourcesNotUploaded(hashes.ToArray()).Length != 0;
-            if (noHashesExist) goto removePhoto;
-
-            LbpFile? file = LbpFile.FromHash(photo.LargeHash);
-//                Console.WriteLine(file.FileType, );
-            if (file == null || file.FileType != LbpFileType.Jpeg && file.FileType != LbpFileType.Png)
-            {
-                largeHashIsInvalidFile = true;
-                goto removePhoto;
-            }
-
-            if (photo.Subjects.Count > 4)
-            {
-                tooManyPhotoSubjects = true;
-                goto removePhoto;
-            }
-
             List<int> subjectUserIds = new(4);
             foreach (PhotoSubject subject in photo.Subjects)
             {
@@ -69,6 +67,17 @@ public class CleanupBrokenPhotosMaintenanceJob : IMaintenanceJob
                 subjectUserIds.Add(subject.UserId);
             }
 
+            LbpFile? file = LbpFile.FromHash(photo.LargeHash);
+//                Console.WriteLine(file.FileType, );
+            if (file == null || file.FileType != LbpFileType.Jpeg && file.FileType != LbpFileType.Png)
+            {
+                largeHashIsInvalidFile = true;
+                goto removePhoto;
+            }
+
+            noHashesExist = FileHelper.ResourcesNotUploaded(hashes.ToArray()).Length != 0;
+            if (noHashesExist) goto removePhoto;
+
             continue;
 
             removePhoto: