Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-07-26 23:18:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Prevent access to GameServer features if email enforcement is enabled and email is unverified

Browse source
This commit is contained in:
FeTetra 2024-12-17 02:19:53 -05:00
commit 9e9c96e1a3
3 changed files with 36 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
ProjectLighthouse.Servers.GameServer/Controllers/CommentController.cs
View file

@ -22,6 +22,8 @@ namespace LBPUnion.ProjectLighthouse.Servers.GameServer.Controllers;
public class CommentController : ControllerBase
{
private readonly DatabaseContext database;
private static readonly bool emailEnforcementEnabled = EnforceEmailConfiguration.Instance.EnableEmailEnforcement;
public CommentController(DatabaseContext database)
{
this.database = database;
@ -33,9 +35,13 @@ public class CommentController : ControllerBase
{
GameTokenEntity token = this.GetToken();
UserEntity? user = await this.database.UserFromGameToken(token);
// Return bad request if both are true or both are false
if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest();
if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest();
bool success = await this.database.RateComment(token.UserId, commentId, rating);
if (!success) return this.BadRequest();
@ -53,6 +59,8 @@ public class CommentController : ControllerBase
if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest();
if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest();
int originalSlotId = slotId;
if (slotType == "developer") slotId = await SlotHelper.GetPlaceholderSlotId(this.database, slotId, SlotType.Developer);
@ -117,9 +125,13 @@ public class CommentController : ControllerBase
{
GameTokenEntity token = this.GetToken();
UserEntity? user = await this.database.UserFromGameToken(token);
// Deny request if in read-only mode
if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest();
GameComment? comment = await this.DeserializeBody<GameComment>();
if (comment?.Message == null) return this.BadRequest();
@ -156,11 +168,15 @@ public class CommentController : ControllerBase
{
GameTokenEntity token = this.GetToken();
UserEntity? user = await this.database.UserFromGameToken(token);
// Deny request if in read-only mode
if (ServerConfiguration.Instance.UserGeneratedContentLimits.ReadOnlyMode) return this.BadRequest();
if ((slotId == 0 || SlotHelper.IsTypeInvalid(slotType)) == (username == null)) return this.BadRequest();
if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest();
CommentEntity? comment = await this.database.Comments.FirstOrDefaultAsync(c => c.CommentId == commentId);
if (comment == null) return this.NotFound();