From 2d57b945f21f4f47733cb6176710d4214925c291 Mon Sep 17 00:00:00 2001 From: Quaternions Date: Sat, 5 Apr 2025 17:11:10 -0700 Subject: [PATCH 1/3] submissions: what??? how did this ever work? --- pkg/service_internal/script_policy.go | 2 +- pkg/service_internal/scripts.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/service_internal/script_policy.go b/pkg/service_internal/script_policy.go index d61955d..b7fda34 100644 --- a/pkg/service_internal/script_policy.go +++ b/pkg/service_internal/script_policy.go @@ -4,7 +4,7 @@ import ( "context" "git.itzana.me/strafesnet/maps-service/pkg/datastore" - "git.itzana.me/strafesnet/maps-service/pkg/internal" + api "git.itzana.me/strafesnet/maps-service/pkg/internal" "git.itzana.me/strafesnet/maps-service/pkg/model" ) diff --git a/pkg/service_internal/scripts.go b/pkg/service_internal/scripts.go index 2b964f1..cd4983d 100644 --- a/pkg/service_internal/scripts.go +++ b/pkg/service_internal/scripts.go @@ -4,7 +4,7 @@ import ( "context" "git.itzana.me/strafesnet/maps-service/pkg/datastore" - "git.itzana.me/strafesnet/maps-service/pkg/internal" + api "git.itzana.me/strafesnet/maps-service/pkg/internal" "git.itzana.me/strafesnet/maps-service/pkg/model" ) -- 2.49.1 From 7e881e6ac574400817609fb68fd9cff1fde5ddf4 Mon Sep 17 00:00:00 2001 From: Quaternions Date: Sat, 5 Apr 2025 17:12:19 -0700 Subject: [PATCH 2/3] submissions: omit user info check --- pkg/service/script_policy.go | 7 ------- pkg/service/scripts.go | 7 ------- 2 files changed, 14 deletions(-) diff --git a/pkg/service/script_policy.go b/pkg/service/script_policy.go index 9471736..a1a2711 100644 --- a/pkg/service/script_policy.go +++ b/pkg/service/script_policy.go @@ -121,13 +121,6 @@ func (svc *Service) DeleteScriptPolicy(ctx context.Context, params api.DeleteScr // // GET /script-policy/{ScriptPolicyID} func (svc *Service) GetScriptPolicy(ctx context.Context, params api.GetScriptPolicyParams) (*api.ScriptPolicy, error) { - _, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return nil, ErrUserInfo - } - - // Read permission for script policy only requires you to be logged in - policy, err := svc.DB.ScriptPolicy().Get(ctx, params.ScriptPolicyID) if err != nil { return nil, err diff --git a/pkg/service/scripts.go b/pkg/service/scripts.go index c8907f4..75a03c0 100644 --- a/pkg/service/scripts.go +++ b/pkg/service/scripts.go @@ -122,13 +122,6 @@ func (svc *Service) DeleteScript(ctx context.Context, params api.DeleteScriptPar // // GET /scripts/{ScriptID} func (svc *Service) GetScript(ctx context.Context, params api.GetScriptParams) (*api.Script, error) { - _, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return nil, ErrUserInfo - } - - // Read permission for scripts only requires you to be logged in - script, err := svc.DB.Scripts().Get(ctx, params.ScriptID) if err != nil { return nil, err -- 2.49.1 From d42e89fcb4ff8b2cd8f37ea070204130a3621dc2 Mon Sep 17 00:00:00 2001 From: Quaternions Date: Sat, 5 Apr 2025 17:08:03 -0700 Subject: [PATCH 3/3] submissions: switch to unsigned integers in database and nats messages --- pkg/model/mapfix.go | 14 ++++----- pkg/model/nats.go | 40 ++++++++++++------------ pkg/model/submission.go | 14 ++++----- pkg/service/mapfixes.go | 15 ++++++--- pkg/service/service.go | 1 + pkg/service/submissions.go | 17 +++++++--- pkg/service_internal/mapfixes.go | 24 +++++++++++--- pkg/service_internal/service_internal.go | 4 +++ pkg/service_internal/submissions.go | 20 +++++++++--- 9 files changed, 97 insertions(+), 52 deletions(-) diff --git a/pkg/model/mapfix.go b/pkg/model/mapfix.go index f351ddc..a64c71e 100644 --- a/pkg/model/mapfix.go +++ b/pkg/model/mapfix.go @@ -25,16 +25,16 @@ type Mapfix struct { ID int64 `gorm:"primaryKey"` DisplayName string Creator string - GameID int32 + GameID uint32 CreatedAt time.Time UpdatedAt time.Time - Submitter int64 // UserID - AssetID int64 - AssetVersion int64 - ValidatedAssetID int64 - ValidatedAssetVersion int64 + Submitter uint64 // UserID + AssetID uint64 + AssetVersion uint64 + ValidatedAssetID uint64 + ValidatedAssetVersion uint64 Completed bool // Has this version of the map been completed at least once on maptest - TargetAssetID int64 // where to upload map fix. if the TargetAssetID is 0, it's a new map. + TargetAssetID uint64 // where to upload map fix. if the TargetAssetID is 0, it's a new map. StatusID MapfixStatus StatusMessage string } diff --git a/pkg/model/nats.go b/pkg/model/nats.go index 832c340..7a69450 100644 --- a/pkg/model/nats.go +++ b/pkg/model/nats.go @@ -7,42 +7,42 @@ package model type CreateSubmissionRequest struct { // operation_id is passed back in the response message - OperationID int32 - ModelID int64 + OperationID int32 + ModelID uint64 } type CreateMapfixRequest struct { - OperationID int32 - ModelID int64 - TargetAssetID int64 + OperationID int32 + ModelID uint64 + TargetAssetID uint64 } type ValidateSubmissionRequest struct { // submission_id is passed back in the response message - SubmissionID int64 - ModelID int64 - ModelVersion int64 - ValidatedModelID *int64 // optional value + SubmissionID int64 + ModelID uint64 + ModelVersion uint64 + ValidatedModelID *uint64 // optional value } type ValidateMapfixRequest struct { - MapfixID int64 - ModelID int64 - ModelVersion int64 - ValidatedModelID *int64 // optional value + MapfixID int64 + ModelID uint64 + ModelVersion uint64 + ValidatedModelID *uint64 // optional value } // Create a new map type UploadSubmissionRequest struct { - SubmissionID int64 - ModelID int64 - ModelVersion int64 + SubmissionID int64 + ModelID uint64 + ModelVersion uint64 ModelName string } type UploadMapfixRequest struct { - MapfixID int64 - ModelID int64 - ModelVersion int64 - TargetAssetID int64 + MapfixID int64 + ModelID uint64 + ModelVersion uint64 + TargetAssetID uint64 } diff --git a/pkg/model/submission.go b/pkg/model/submission.go index 6e20459..1bf2130 100644 --- a/pkg/model/submission.go +++ b/pkg/model/submission.go @@ -26,16 +26,16 @@ type Submission struct { ID int64 `gorm:"primaryKey"` DisplayName string Creator string - GameID int32 + GameID uint32 CreatedAt time.Time UpdatedAt time.Time - Submitter int64 // UserID - AssetID int64 - AssetVersion int64 - ValidatedAssetID int64 - ValidatedAssetVersion int64 + Submitter uint64 // UserID + AssetID uint64 + AssetVersion uint64 + ValidatedAssetID uint64 + ValidatedAssetVersion uint64 Completed bool // Has this version of the map been completed at least once on maptest - UploadedAssetID int64 // where to upload map fix. if the TargetAssetID is 0, it's a new map. + UploadedAssetID uint64 // where to upload map fix. if the TargetAssetID is 0, it's a new map. StatusID SubmissionStatus StatusMessage string } diff --git a/pkg/service/mapfixes.go b/pkg/service/mapfixes.go index ff276d8..448457f 100644 --- a/pkg/service/mapfixes.go +++ b/pkg/service/mapfixes.go @@ -41,6 +41,13 @@ var ( // POST /mapfixes func (svc *Service) CreateMapfix(ctx context.Context, request *api.MapfixTriggerCreate) (*api.OperationID, error) { + // sanitization + if request.AssetID<0 || request.TargetAssetID<0{ + return nil, ErrNegativeID + } + var ModelID=uint64(request.AssetID); + var TargetAssetID=uint64(request.TargetAssetID); + userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) if !ok { return nil, ErrUserInfo @@ -105,8 +112,8 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *api.MapfixTrigger create_request := model.CreateMapfixRequest{ OperationID: operation.ID, - ModelID: request.AssetID, - TargetAssetID: request.TargetAssetID, + ModelID: ModelID, + TargetAssetID: TargetAssetID, } j, err := json.Marshal(create_request) @@ -135,7 +142,7 @@ func (svc *Service) GetMapfix(ctx context.Context, params api.GetMapfixParams) ( ID: mapfix.ID, DisplayName: mapfix.DisplayName, Creator: mapfix.Creator, - GameID: mapfix.GameID, + GameID: int32(mapfix.GameID), CreatedAt: mapfix.CreatedAt.Unix(), UpdatedAt: mapfix.UpdatedAt.Unix(), Submitter: int64(mapfix.Submitter), @@ -182,7 +189,7 @@ func (svc *Service) ListMapfixes(ctx context.Context, params api.ListMapfixesPar ID: item.ID, DisplayName: item.DisplayName, Creator: item.Creator, - GameID: item.GameID, + GameID: int32(item.GameID), CreatedAt: item.CreatedAt.Unix(), UpdatedAt: item.UpdatedAt.Unix(), Submitter: int64(item.Submitter), diff --git a/pkg/service/service.go b/pkg/service/service.go index 1815060..6c6f3e7 100644 --- a/pkg/service/service.go +++ b/pkg/service/service.go @@ -24,6 +24,7 @@ var ( ErrPermissionDeniedNeedRoleMapDownload = fmt.Errorf("%w: Need Role MapDownload", ErrPermissionDenied) ErrPermissionDeniedNeedRoleScriptWrite = fmt.Errorf("%w: Need Role ScriptWrite", ErrPermissionDenied) ErrPermissionDeniedNeedRoleMaptest = fmt.Errorf("%w: Need Role Maptest", ErrPermissionDenied) + ErrNegativeID = errors.New("A negative ID was provided") ) type Service struct { diff --git a/pkg/service/submissions.go b/pkg/service/submissions.go index bf7e9d5..f8a9641 100644 --- a/pkg/service/submissions.go +++ b/pkg/service/submissions.go @@ -43,6 +43,12 @@ var ( // POST /submissions func (svc *Service) CreateSubmission(ctx context.Context, request *api.SubmissionTriggerCreate) (*api.OperationID, error) { + // sanitization + if request.AssetID<0{ + return nil, ErrNegativeID + } + var ModelID=uint64(request.AssetID); + userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) if !ok { return nil, ErrUserInfo @@ -96,7 +102,7 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *api.Submissio create_request := model.CreateSubmissionRequest{ OperationID: operation.ID, - ModelID: request.AssetID, + ModelID: ModelID, } j, err := json.Marshal(create_request) @@ -125,7 +131,7 @@ func (svc *Service) GetSubmission(ctx context.Context, params api.GetSubmissionP ID: submission.ID, DisplayName: submission.DisplayName, Creator: submission.Creator, - GameID: submission.GameID, + GameID: int32(submission.GameID), CreatedAt: submission.CreatedAt.Unix(), UpdatedAt: submission.UpdatedAt.Unix(), Submitter: int64(submission.Submitter), @@ -172,7 +178,7 @@ func (svc *Service) ListSubmissions(ctx context.Context, params api.ListSubmissi ID: item.ID, DisplayName: item.DisplayName, Creator: item.Creator, - GameID: item.GameID, + GameID: int32(item.GameID), CreatedAt: item.CreatedAt.Unix(), UpdatedAt: item.UpdatedAt.Unix(), Submitter: int64(item.Submitter), @@ -647,12 +653,13 @@ func (svc *Service) ReleaseSubmissions(ctx context.Context, request []api.Releas for i,submission := range submissions{ date := request[i].Date.Unix() + var GameID = int32(submission.GameID) // create each map with go-grpc _, err := svc.Client.Create(ctx, &maps.MapRequest{ - ID: submission.UploadedAssetID, + ID: int64(submission.UploadedAssetID), DisplayName: &submission.DisplayName, Creator: &submission.Creator, - GameID: &submission.GameID, + GameID: &GameID, Date: &date, }) if err != nil { diff --git a/pkg/service_internal/mapfixes.go b/pkg/service_internal/mapfixes.go index e0f7375..f270021 100644 --- a/pkg/service_internal/mapfixes.go +++ b/pkg/service_internal/mapfixes.go @@ -82,6 +82,20 @@ func (svc *Service) ActionMapfixUploaded(ctx context.Context, params internal.Ac // POST /mapfixes func (svc *Service) CreateMapfix(ctx context.Context, request *internal.MapfixCreate) (*internal.MapfixID, error) { + // sanitization + if request.GameID<0|| + request.AssetOwner<0|| + request.AssetID<0|| + request.AssetVersion<0|| + request.TargetAssetID<0{ + return nil, ErrNegativeID + } + var GameID=uint32(request.GameID); + var Submitter=uint64(request.AssetOwner); + var AssetID=uint64(request.AssetID); + var AssetVersion=uint64(request.AssetVersion); + var TargetAssetID=uint64(request.TargetAssetID); + // Check if an active mapfix with the same asset id exists { filter := datastore.Optional() @@ -115,12 +129,12 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *internal.MapfixCr ID: 0, DisplayName: request.DisplayName, Creator: request.Creator, - GameID: request.GameID, - Submitter: request.AssetOwner, - AssetID: request.AssetID, - AssetVersion: request.AssetVersion, + GameID: GameID, + Submitter: Submitter, + AssetID: AssetID, + AssetVersion: AssetVersion, Completed: false, - TargetAssetID: request.TargetAssetID, + TargetAssetID: TargetAssetID, StatusID: model.MapfixStatusUnderConstruction, }) if err != nil { diff --git a/pkg/service_internal/service_internal.go b/pkg/service_internal/service_internal.go index 7826495..6b4d94f 100644 --- a/pkg/service_internal/service_internal.go +++ b/pkg/service_internal/service_internal.go @@ -9,6 +9,10 @@ import ( "github.com/nats-io/nats.go" ) +var ( + ErrNegativeID = errors.New("A negative ID was provided") +) + type Service struct { DB datastore.Datastore Nats nats.JetStreamContext diff --git a/pkg/service_internal/submissions.go b/pkg/service_internal/submissions.go index 555ea86..0100189 100644 --- a/pkg/service_internal/submissions.go +++ b/pkg/service_internal/submissions.go @@ -82,6 +82,18 @@ func (svc *Service) ActionSubmissionUploaded(ctx context.Context, params interna // POST /submissions func (svc *Service) CreateSubmission(ctx context.Context, request *internal.SubmissionCreate) (*internal.SubmissionID, error) { + // sanitization + if request.GameID<0|| + request.AssetOwner<0|| + request.AssetID<0|| + request.AssetVersion<0{ + return nil, ErrNegativeID + } + var GameID=uint32(request.GameID); + var Submitter=uint64(request.AssetOwner); + var AssetID=uint64(request.AssetID); + var AssetVersion=uint64(request.AssetVersion); + // Check if an active submission with the same asset id exists { filter := datastore.Optional() @@ -115,10 +127,10 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *internal.Subm ID: 0, DisplayName: request.DisplayName, Creator: request.Creator, - GameID: request.GameID, - Submitter: request.AssetOwner, - AssetID: request.AssetID, - AssetVersion: request.AssetVersion, + GameID: GameID, + Submitter: Submitter, + AssetID: AssetID, + AssetVersion: AssetVersion, Completed: false, StatusID: model.SubmissionStatusUnderConstruction, }) -- 2.49.1