Forgot to actually restrict the report page to admins only

2025-08-02 10:08:39 +00:00 · 2022-02-12 02:57:12 -06:00 · 2022-02-12 02:57:12 -06:00 · 146acc4d66
commit 146acc4d66
parent 93a5a00a18
5 changed files with 66 additions and 3 deletions
--- a/ProjectLighthouse/Controllers/GameApi/ReportController.cs
+++ b/ProjectLighthouse/Controllers/GameApi/ReportController.cs
@ -43,7 +43,7 @@ public class ReportController : ControllerBase

        report.Bounds = JsonSerializer.Serialize(report.XmlBounds.Rect, typeof(Rectangle));
        report.Players = JsonSerializer.Serialize(report.XmlPlayers, typeof(ReportPlayer[]));
-        report.VisiblePlayers = JsonSerializer.Serialize(report.XmlVisiblePlayers, typeof(VisiblePlayer[]));
+        // report.VisiblePlayers = JsonSerializer.Serialize(report.XmlVisiblePlayers, typeof(VisiblePlayer[]));
        report.Timestamp = TimeHelper.UnixTimeMilliseconds();
        report.ReportingPlayerId = user.UserId;

--- a/ProjectLighthouse/Controllers/Website/Admin/AdminReportController.cs
+++ b/ProjectLighthouse/Controllers/Website/Admin/AdminReportController.cs
@ -0,0 +1,55 @@
+#nullable enable
+using System.Collections.Generic;
+using System.IO;
+using System.Threading.Tasks;
+using LBPUnion.ProjectLighthouse.Types;
+using LBPUnion.ProjectLighthouse.Types.Reports;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace LBPUnion.ProjectLighthouse.Controllers.Website.Admin;
+
+[ApiController]
+[Route("admin/report/{id:int}")]
+public class AdminReportController : ControllerBase
+{
+    private readonly Database database;
+
+    public AdminReportController(Database database)
+    {
+        this.database = database;
+    }
+
+    [HttpGet("remove")]
+    public async Task<IActionResult> DeleteReport([FromRoute] int id)
+    {
+        User? user = this.database.UserFromWebRequest(this.Request);
+        if (user == null || !user.IsAdmin) return this.StatusCode(403, "");
+
+        GriefReport? report = await this.database.Reports.FirstOrDefaultAsync(r => r.ReportId == id);
+        if (report == null) return this.NotFound();
+
+        List<string> hashes = new()
+        {
+            report.JpegHash,
+            report.GriefStateHash,
+            report.InitialStateHash,
+        };
+        foreach (string hash in hashes)
+        {
+            if (System.IO.File.Exists($"png{Path.DirectorySeparatorChar}{hash}"))
+            {
+                System.IO.File.Delete($"png{Path.DirectorySeparatorChar}{hash}");
+            }
+            if (System.IO.File.Exists($"r{Path.DirectorySeparatorChar}{hash}"))
+            {
+                System.IO.File.Delete($"r{Path.DirectorySeparatorChar}{hash}");
+            }
+        }
+        this.database.Reports.Remove(report);
+
+        await this.database.SaveChangesAsync();
+
+        return this.Redirect("~/reports/0");
+    }
+}
--- a/ProjectLighthouse/Pages/ReportsPage.cshtml
+++ b/ProjectLighthouse/Pages/ReportsPage.cshtml
@ -46,6 +46,9 @@
        <div><b>Level type:</b> @report.LevelType</div>
        <div><b>Level owner:</b> @report.LevelOwner</div>
        <div id="hover-bounds-@report.ReportId" class="hover-region"><b>Hover to see reported region</b></div>
+        <a class="ui red tiny button" href="/admin/report/@report.ReportId/remove" title="Delete">
+            <i class="trash icon" style="margin: 0"></i>
+        </a>
    </div>
    <script>
        subjects[@report.ReportId] = @Html.Raw(report.Players)
--- a/ProjectLighthouse/Pages/ReportsPage.cshtml.cs
+++ b/ProjectLighthouse/Pages/ReportsPage.cshtml.cs
@ -6,6 +6,7 @@ using System.Text.Json;
 using System.Threading.Tasks;
 using JetBrains.Annotations;
 using LBPUnion.ProjectLighthouse.Pages.Layouts;
+using LBPUnion.ProjectLighthouse.Types;
 using LBPUnion.ProjectLighthouse.Types.Reports;
 using LBPUnion.ProjectLighthouse.Types.Settings;
 using Microsoft.AspNetCore.Mvc;
@ -31,6 +32,10 @@ public class ReportsPage : BaseLayout

    public async Task<IActionResult> OnGet([FromRoute] int pageNumber, [FromQuery] string? name)
    {
+        User? user = this.Database.UserFromWebRequest(this.Request);
+        if (user == null) return this.Redirect("~/login");
+        if (!user.IsAdmin) return this.NotFound();
+
        if (string.IsNullOrWhiteSpace(name)) name = "";

        this.SearchValue = name.Replace(" ", string.Empty);
--- a/ProjectLighthouse/Types/Reports/GriefReport.cs
+++ b/ProjectLighthouse/Types/Reports/GriefReport.cs
@ -16,8 +16,8 @@ public class GriefReport
    public long Timestamp { get; set; }

    [NotMapped]
-    [XmlElement("visibleBadge")]
-    public VisiblePlayer[] XmlVisiblePlayers { get; set; }
+    // [XmlElement("visibleBadge")]
+    // public VisiblePlayer[] XmlVisiblePlayers { get; set; }

    public string VisiblePlayers { get; set; }