Implement read-only mode (#1001)

* Implement read-only mode

* Use localized string under default language for announce text

* Redirect to user page rather than returning blank 400

* Protect call to `ParseBase64Image`

* Add protections to SlotSettingsPage and nitpick format

* Display the latest announcement (if any) on the landing page

* Fix a kokoism

Accidentally tried to use markdown within the landing page... I'm rather smart aren't I

* Prevent possible XSS

* Separate truncated announcement text and link with "..."

* Apply suggestion from code review

* Add read-only check to /postComment in slot page controller

* Fix inconsistent tabbing

ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs

@@ -119,6 +119,9 @@ public class CommentController : ControllerBase
     {
         GameTokenEntity token = this.GetToken();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         GameComment? comment = await this.DeserializeBody<GameComment>();
         if (comment?.Message == null) return this.BadRequest();
 
@@ -159,6 +162,9 @@ public class CommentController : ControllerBase
     {
         GameTokenEntity token = this.GetToken();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest();
 
         CommentEntity? comment = await this.database.Comments.FirstOrDefaultAsync(c => c.CommentId == commentId);

ProjectLighthouse.Servers.GameServer/Controllers/MessageController.cs

@@ -3,6 +3,8 @@ using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
 using LBPUnion.ProjectLighthouse.Extensions;
 using LBPUnion.ProjectLighthouse.Helpers;
+using LBPUnion.ProjectLighthouse.Localization;
+using LBPUnion.ProjectLighthouse.Localization.StringLists;
 using LBPUnion.ProjectLighthouse.Logging;
 using LBPUnion.ProjectLighthouse.Serialization;
 using LBPUnion.ProjectLighthouse.Types.Entities.Notifications;
@@ -59,6 +61,11 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.";
         announceText.Replace("%user", username);
         announceText.Replace("%id", token.UserId.ToString());
 
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode)
+        {
+            announceText.Insert(0, BaseLayoutStrings.ReadOnlyWarn.Translate(LocalizationManager.DefaultLang));
+        }
+
         #if DEBUG
         announceText.Append("\n\n---DEBUG INFO---\n" +
                                   $"user.UserId: {token.UserId}\n" +

ProjectLighthouse.Servers.GameServer/Controllers/Resources/PhotosController.cs

@@ -37,6 +37,9 @@ public class PhotosController : ControllerBase
     {
         GameTokenEntity token = this.GetToken();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         int photoCount = await this.database.Photos.CountAsync(p => p.CreatorId == token.UserId);
         if (photoCount >= ServerConfiguration.Instance.UserGeneratedContentLimits.PhotosQuota) return this.BadRequest();
 
@@ -90,7 +93,7 @@ public class PhotosController : ControllerBase
                 case SlotType.Developer:
                 {
                     SlotEntity? slot = await this.database.Slots.FirstOrDefaultAsync(s => s.Type == photoSlot.SlotType && s.InternalSlotId == photoSlot.SlotId);
-                    if (slot != null) 
+                    if (slot != null)
                         photoSlot.SlotId = slot.SlotId;
                     else
                         photoSlot.SlotId = await SlotHelper.GetPlaceholderSlotId(this.database, photoSlot.SlotId, photoSlot.SlotType);

ProjectLighthouse.Servers.GameServer/Controllers/Resources/ResourcesController.cs

@@ -1,5 +1,6 @@
 #nullable enable
 using System.Text;
+using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Extensions;
 using LBPUnion.ProjectLighthouse.Files;
 using LBPUnion.ProjectLighthouse.Logging;
@@ -58,10 +59,14 @@ public class ResourcesController : ControllerBase
         string fullPath = Path.GetFullPath(path);
 
         FileHelper.EnsureDirectoryCreated(assetsDirectory);
-        // lbp treats code 409 as success and as an indicator that the file is already present
+
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
+        // LBP treats code 409 as success and as an indicator that the file is already present
         if (FileHelper.ResourceExists(hash)) return this.Conflict();
 
-        // theoretically shouldn't be possible because of hash check but handle anyways
+        // Theoretically shouldn't be possible because of hash check but handle anyways
         if (!fullPath.StartsWith(FileHelper.FullResourcePath)) return this.BadRequest();
 
         Logger.Info($"Processing resource upload (hash: {hash})", LogArea.Resources);

ProjectLighthouse.Servers.GameServer/Controllers/Slots/PublishController.cs

@@ -43,6 +43,9 @@ public class PublishController : ControllerBase
         UserEntity? user = await this.database.UserFromGameToken(token);
         if (user == null) return this.Forbid();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         GameUserSlot? slot = await this.DeserializeBody<GameUserSlot>();
         if (slot == null)
         {
@@ -116,6 +119,9 @@ public class PublishController : ControllerBase
         UserEntity? user = await this.database.UserFromGameToken(token);
         if (user == null) return this.Forbid();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         GameUserSlot? slot = await this.DeserializeBody<GameUserSlot>();
 
         if (slot == null)
@@ -335,6 +341,9 @@ public class PublishController : ControllerBase
     {
         GameTokenEntity token = this.GetToken();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         SlotEntity? slot = await this.database.Slots.FirstOrDefaultAsync(s => s.SlotId == id);
         if (slot == null) return this.NotFound();
 

ProjectLighthouse.Servers.GameServer/Controllers/Slots/ReviewController.cs

@@ -1,4 +1,5 @@
 #nullable enable
+using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
 using LBPUnion.ProjectLighthouse.Extensions;
 using LBPUnion.ProjectLighthouse.Helpers;
@@ -92,6 +93,9 @@ public class ReviewController : ControllerBase
     {
         GameTokenEntity token = this.GetToken();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         GameReview? newReview = await this.DeserializeBody<GameReview>();
         if (newReview == null) return this.BadRequest();
 
@@ -115,7 +119,7 @@ public class ReviewController : ControllerBase
         }
         review.Thumb = Math.Clamp(newReview.Thumb, -1, 1);
         review.LabelCollection = LabelHelper.RemoveInvalidLabels(newReview.LabelCollection);
-        
+
         review.Text = newReview.Text;
         review.Deleted = false;
         review.Timestamp = TimeHelper.TimestampMillis;
@@ -239,6 +243,9 @@ public class ReviewController : ControllerBase
     {
         GameTokenEntity token = this.GetToken();
 
+        // Deny request if in read-only mode
+        if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
         int creatorId = await this.database.Slots.Where(s => s.SlotId == slotId).Select(s => s.CreatorId).FirstOrDefaultAsync();
         if (creatorId == 0) return this.BadRequest();
 

ProjectLighthouse.Servers.GameServer/Controllers/UserController.cs

@@ -1,4 +1,5 @@
 using System.Text.Json;
+using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Database;
 using LBPUnion.ProjectLighthouse.Extensions;
 using LBPUnion.ProjectLighthouse.Files;
@@ -73,6 +74,9 @@ public class UserController : ControllerBase
 
         if (update.Biography != null)
         {
+            // Deny request if in read-only mode
+            if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
             if (update.Biography.Length > 512) return this.BadRequest();
 
             user.Biography = update.Biography;
@@ -85,6 +89,9 @@ public class UserController : ControllerBase
         {
             if (string.IsNullOrWhiteSpace(resource)) continue;
 
+            // Deny request if in read-only mode
+            if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
+
             if (!FileHelper.ResourceExists(resource) && !resource.StartsWith('g')) return this.BadRequest();
 
             if (!GameResourceHelper.IsValidTexture(resource)) return this.BadRequest();