Refactor deserialization and authentication (#550)

* Refactor deserialization and more * Refactor authentication flow * Fix unit tests * Make deserialization better
2025-07-30 08:48:39 +00:00 · 2022-11-10 21:14:16 -06:00 · 2022-11-10 21:14:16 -06:00 · b3a00da554
commit b3a00da554
parent 505b5eb03b
48 changed files with 575 additions and 589 deletions
--- a/ProjectLighthouse.Servers.Website/Controllers/Admin/AdminReportController.cs
+++ b/ProjectLighthouse.Servers.Website/Controllers/Admin/AdminReportController.cs
@ -1,7 +1,6 @@
 #nullable enable
 using LBPUnion.ProjectLighthouse.Administration.Reports;
 using LBPUnion.ProjectLighthouse.PlayerData.Profiles;
-using LBPUnion.ProjectLighthouse.Types;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;

@ -32,7 +31,7 @@ public class AdminReportController : ControllerBase
            report.JpegHash,
            report.GriefStateHash,
        };
-        if(report.LevelType != "user")
+        if (report.LevelType != "user")
            hashes.Add(report.InitialStateHash);
        foreach (string hash in hashes)
        {
--- a/ProjectLighthouse.Servers.Website/Controllers/Admin/ModerationSlotController.cs
+++ b/ProjectLighthouse.Servers.Website/Controllers/Admin/ModerationSlotController.cs
@ -27,12 +27,14 @@ public class ModerationSlotController : ControllerBase

        Slot? slot = await this.database.Slots.Include(s => s.Creator).FirstOrDefaultAsync(s => s.SlotId == id);
        if (slot == null) return this.NotFound();
+
        slot.TeamPick = true;

        // Send webhook with slot.Name and slot.Creator.Username
        await WebhookHelper.SendWebhook("New Team Pick!", $"The level [**{slot.Name}**]({ServerConfiguration.Instance.ExternalUrl}/slot/{slot.SlotId}) by **{slot.Creator?.Username}** has been team picked");

        await this.database.SaveChangesAsync();
+
        return this.Redirect("~/slot/" + id);
    }

@ -44,9 +46,11 @@ public class ModerationSlotController : ControllerBase

        Slot? slot = await this.database.Slots.FirstOrDefaultAsync(s => s.SlotId == id);
        if (slot == null) return this.NotFound();
+
        slot.TeamPick = false;

        await this.database.SaveChangesAsync();
+
        return this.Redirect("~/slot/" + id);
    }

--- a/ProjectLighthouse.Servers.Website/Controllers/ResourcesController.cs
+++ b/ProjectLighthouse.Servers.Website/Controllers/ResourcesController.cs
@ -14,10 +14,9 @@ public class ResourcesController : ControllerBase
        string path = FileHelper.GetImagePath($"{hash}.png");

        string fullPath = Path.GetFullPath(path);
-        string basePath = Path.GetFullPath(FileHelper.ImagePath);

        // Prevent directory traversal attacks
-        if (!fullPath.StartsWith(basePath)) return this.BadRequest();
+        if (!fullPath.StartsWith(FileHelper.FullImagePath)) return this.BadRequest();

        if (IOFile.Exists(path)) return this.File(IOFile.OpenRead(path), "image/png");