Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-07-24 14:11:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix Koko suggestions

Browse source
This commit is contained in:
FeTetra 2025-02-20 21:12:34 -05:00
parent 3fb1441ac1
commit 40a4d5e239
10 changed files with 40 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs
View file

@ -97,7 +97,8 @@ public class CommentController : ControllerBase
.ApplyPagination(pageData)
.ToListAsync()).ToSerializableList(c => GameComment.CreateFromEntity(c, token.UserId));
if (type == CommentType.Level && slotType == "developer" && user.IsModerator && pageData.PageStart == 1) {
if (type == CommentType.Level && slotType == "developer" && user.IsModerator && pageData.PageStart == 1)
{
comments.Insert(0, new GameComment
{
CommentId = 0,

3
ProjectLighthouse.Servers.GameServer/Controllers/MessageController.cs
View file

@ -56,6 +56,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.";
GameTokenEntity token = this.GetToken();
UserEntity? user = await this.database.UserFromGameToken(token);
if (user == null) return this.BadRequest();
StringBuilder announceText = new(ServerConfiguration.Instance.AnnounceText);
@ -67,7 +68,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.";
announceText.Append(BaseLayoutStrings.ReadOnlyWarn.Translate(LocalizationManager.DefaultLang) + "\n\n");
}
if (EmailEnforcementConfiguration.Instance.EnableEmailEnforcement)
if (ServerConfiguration.Instance.EmailEnforcement.EnableEmailEnforcement)
{
announceText.Append("\n\n" + BaseLayoutStrings.EmailEnforcementWarnMain.Translate(LocalizationManager.DefaultLang) + "\n\n");

2
ProjectLighthouse.Servers.GameServer/Controllers/Resources/PhotosController.cs
View file

@ -216,7 +216,7 @@ public class PhotosController : ControllerBase
[HttpGet("photos/with")]
public async Task<IActionResult> UserPhotosWith(string user)
{
{
int targetUserId = await this.database.UserIdFromUsername(user);
if (targetUserId == 0) return this.NotFound();

8
ProjectLighthouse.Servers.GameServer/Controllers/Resources/ResourcesController.cs
View file

@ -35,18 +35,18 @@ public class ResourcesController : ControllerBase
}
[HttpGet("r/{hash}")]
public async Task<IActionResult> GetResource(string hash)
public Task<IActionResult> GetResource(string hash)
{
string path = FileHelper.GetResourcePath(hash);
string fullPath = Path.GetFullPath(path);
// Prevent directory traversal attacks
if (!fullPath.StartsWith(FileHelper.FullResourcePath)) return this.BadRequest();
if (!fullPath.StartsWith(FileHelper.FullResourcePath)) return Task.FromResult<IActionResult>(this.BadRequest());
if (FileHelper.ResourceExists(hash)) return this.File(IOFile.OpenRead(path), "application/octet-stream");
if (FileHelper.ResourceExists(hash)) return Task.FromResult<IActionResult>(this.File(IOFile.OpenRead(path), "application/octet-stream"));
return this.NotFound();
return Task.FromResult<IActionResult>(this.NotFound());
}
[HttpPost("upload/{hash}/unattributed")]

2
ProjectLighthouse.Servers.GameServer/Controllers/UserController.cs
View file

@ -29,8 +29,6 @@ public class UserController : ControllerBase
{
private readonly DatabaseContext database;
private static readonly bool emailEnforcementEnabled = EmailEnforcementConfiguration.Instance.EnableEmailEnforcement;
public UserController(DatabaseContext database)
{
this.database = database;

4
ProjectLighthouse.Servers.GameServer/Middlewares/EmailEnforcementMiddleware.cs
View file

@ -8,14 +8,14 @@ namespace LBPUnion.ProjectLighthouse.Servers.GameServer.Middlewares;
public class EmailEnforcementMiddleware : MiddlewareDBContext
{
private static readonly HashSet<string> enforcedPaths = EmailEnforcementConfiguration.Instance.BlockedEndpoints;
private static readonly HashSet<string> enforcedPaths = ServerConfiguration.Instance.EmailEnforcement.BlockedEndpoints;
public EmailEnforcementMiddleware(RequestDelegate next) : base(next)
{ }
public override async Task InvokeAsync(HttpContext context, DatabaseContext database)
{
if (EmailEnforcementConfiguration.Instance.EnableEmailEnforcement)
if (ServerConfiguration.Instance.EmailEnforcement.EnableEmailEnforcement)
{
// Split path into segments
string[] pathSegments = context.Request.Path.ToString().Split("/", StringSplitOptions.RemoveEmptyEntries);

4
ProjectLighthouse.Servers.Website/Pages/UserSettingsPage.cshtml.cs
View file

@ -64,8 +64,8 @@ public class UserSettingsPage : BaseLayout
}
}
if (ServerConfiguration.Instance.Mail.MailEnabled &&
SMTPHelper.IsValidEmail(this.Database, email) &&
if (ServerConfiguration.Instance.Mail.MailEnabled &&
email != null && SMTPHelper.IsValidEmail(this.Database, email) &&
(this.User == this.ProfileUser || this.User.IsAdmin))
{
if (this.ProfileUser.EmailAddress != email)

9
ProjectLighthouse/Configuration/EmailEnforcementConfiguration.cs
View file

@ -1,6 +1,5 @@
#nullable enable
using System.Collections.Generic;
using System.IO;
using YamlDotNet.Serialization;
namespace LBPUnion.ProjectLighthouse.Configuration;
@ -13,15 +12,15 @@ public class EmailEnforcementConfiguration : ConfigurationBase<EmailEnforcementC
public override bool NeedsConfiguration { get; set; } = false;
public bool EnableEmailEnforcement { get; set; } = false;
public bool EnableEmailBlacklist { get; set; } = false;
public bool EnableEmailEnforcement => false;
public bool EnableEmailBlacklist => false;
// No blacklist by default, add path to blacklist
public string BlacklistFilePath { get; set; } = "";
public string BlacklistFilePath => "";
// Endpoints to be blocked
// This is kind of a random list so some may need to be added or removed
public HashSet<string> BlockedEndpoints { get; set; } = new()
public HashSet<string> BlockedEndpoints => new()
{
// Comments
"rateUserComment",

4
ProjectLighthouse/Configuration/ServerConfiguration.cs
View file

@ -11,7 +11,7 @@ public class ServerConfiguration : ConfigurationBase<ServerConfiguration>
// This is so Lighthouse can properly identify outdated configurations and update them with newer settings accordingly.
// If you are modifying anything here, this value MUST be incremented.
// Thanks for listening~
public override int ConfigVersion { get; set; } = 27;
public override int ConfigVersion { get; set; } = 28;
public override string ConfigName { get; set; } = "lighthouse.yml";
public string WebsiteListenUrl { get; set; } = "http://localhost:10060";
@ -46,5 +46,7 @@ public class ServerConfiguration : ConfigurationBase<ServerConfiguration>
public RichPresenceConfiguration RichPresenceConfiguration { get; set; } = new();
public NotificationConfiguration NotificationConfiguration { get; set; } = new();
public EmailEnforcementConfiguration EmailEnforcement { get; set; } = new();
public override ConfigurationBase<ServerConfiguration> Deserialize(IDeserializer deserializer, string text) => deserializer.Deserialize<ServerConfiguration>(text);
}

43
ProjectLighthouse/Helpers/EmailHelper.cs
View file

@ -6,7 +6,7 @@ using System.ComponentModel.DataAnnotations;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using LBPUnion.ProjectLighthouse.Configuration;
using LBPUnion.ProjectLighthouse.Configuration;
using LBPUnion.ProjectLighthouse.Database;
using LBPUnion.ProjectLighthouse.Extensions;
using LBPUnion.ProjectLighthouse.Logging;
@ -20,15 +20,16 @@ namespace LBPUnion.ProjectLighthouse.Helpers;
public static class SMTPHelper
{
private static readonly string blacklistFilePath = ServerConfiguration.Instance.EmailEnforcement.BlacklistFilePath;
// Null check blacklistFilePath and read into array
private static readonly string[] blacklistFile =
!string.IsNullOrWhiteSpace(blacklistFilePath) ? File.ReadAllLines(blacklistFilePath) : [];
// (User id, timestamp of last request + 30 seconds)
private static readonly ConcurrentDictionary<int, long> recentlySentMail = new();
private const long emailCooldown = 1000 * 30;
// To prevent ReadAllLines() exception when BlacklistFilePath is empty
private static readonly string[] blacklistFile =
!string.IsNullOrWhiteSpace(EmailEnforcementConfiguration.Instance.BlacklistFilePath)
? File.ReadAllLines(EmailEnforcementConfiguration.Instance.BlacklistFilePath) : [];
private static readonly HashSet<string> blacklistedDomains = new(blacklistFile);
@ -84,28 +85,24 @@ public static class SMTPHelper
public static bool IsValidEmail(DatabaseContext database, string email)
{
// Email should not be empty, should be an actual email, and shouldn't already be used by an account
if (!string.IsNullOrWhiteSpace(email) && emailValidator.IsValid(email) && !EmailIsUsed(database, email).Result)
if (string.IsNullOrWhiteSpace(email) || !emailValidator.IsValid(email) || EmailIsUsed(database, email).Result)
return false;
// Don't even bother if there are no domains in blacklist (AKA file path is empty/invalid, or file itself is empty)
if (ServerConfiguration.Instance.EmailEnforcement.EnableEmailBlacklist && blacklistedDomains.Count > 0)
{
// Don't even bother if there are no domains in blacklist (AKA file path is empty/invalid, or file itself is empty)
if (EmailEnforcementConfiguration.Instance.EnableEmailBlacklist && blacklistedDomains.Count > 0)
// Get domain by splitting at '@' character
string domain = email.Split('@')[1];
// Return false if domain is found in blacklist
if (blacklistedDomains.Contains(domain))
{
// Get domain by splitting at '@' character
string domain = email.Split('@')[1];
// Return false if domain is found in blacklist
if (blacklistedDomains.Contains(domain))
{
Logger.Info($"Invalid email address {email} submitted by user.", LogArea.Email);
return false;
}
return true;
Logger.Info($"Invalid email address {email} submitted by user.", LogArea.Email);
return false;
}
return true;
}
return false;
return true;
}
// Don't want to allocate every single time we call EmailAddressAttribute.IsValidEmail()