Harden minecraft-server-play analytics (#5484)

* Harden minecraft-server-play analytics * Verify based on mc token * Fail for non-server projects * Nitpicks and factor out HTTP client * Allow passing old minecraft_uuid field for clients * Remove server play analytics test since it relies on auth against Minecraft API which I don't want to mock :( * Switch to using hasJoined for uuid validation * Fix formatting * Fix sessionserver status code * Ensure profile name and queried username matches * replace some wrap_request_errs with internal errs * add HTTP client into web::Data * short timeout on client-side session join query * further fixes * sqlx prepare * fix clippy --------- Co-authored-by: Creeperkatze <178587183+Creeperkatze@users.noreply.github.com> Co-authored-by: aecsocket <aecsocket@tutanota.com>
2026-03-09 17:26:15 +01:00
parent 4a0c610fc5
commit 73abe272d1
18 changed files with 310 additions and 89 deletions
--- a/apps/labrinth/src/routes/v2/project_creation.rs
+++ b/apps/labrinth/src/routes/v2/project_creation.rs
@@ -12,6 +12,7 @@ use crate::queue::session::AuthQueue;
 use crate::routes::v3::project_creation::default_project_type;
 use crate::routes::v3::project_creation::{CreateError, NewGalleryItem};
 use crate::routes::{v2_reroute, v3};
+use crate::util::http::HttpClient;
 use actix_multipart::Multipart;
 use actix_web::web::Data;
 use actix_web::{HttpRequest, HttpResponse, post};
@@ -141,6 +142,7 @@ pub async fn project_create(
    redis: Data<RedisPool>,
    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
    session_queue: Data<AuthQueue>,
+    http: Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
    // Convert V2 multipart payload to V3 multipart payload
    let payload = v2_reroute::alter_actix_multipart(
@@ -252,6 +254,7 @@ pub async fn project_create(
        redis.clone(),
        file_host,
        session_queue,
+        http,
    )
    .await?;

--- a/apps/labrinth/src/routes/v2/version_creation.rs
+++ b/apps/labrinth/src/routes/v2/version_creation.rs
@@ -13,6 +13,7 @@ use crate::queue::session::AuthQueue;
 use crate::routes::v3::project_creation::CreateError;
 use crate::routes::v3::version_creation;
 use crate::routes::{v2_reroute, v3};
+use crate::util::http::HttpClient;
 use actix_multipart::Multipart;
 use actix_web::http::header::ContentDisposition;
 use actix_web::web::Data;
@@ -83,6 +84,7 @@ pub async fn version_create(
    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
    session_queue: Data<AuthQueue>,
    moderation_queue: Data<AutomatedModerationQueue>,
+    http: Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
    let payload = v2_reroute::alter_actix_multipart(
        payload,
@@ -237,6 +239,7 @@ pub async fn version_create(
        file_host,
        session_queue,
        moderation_queue,
+        http,
    )
    .await?;

@@ -286,6 +289,7 @@ pub async fn upload_file_to_version(
    redis: Data<RedisPool>,
    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
    session_queue: web::Data<AuthQueue>,
+    http: web::Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
    // Returns NoContent, so no need to convert to V2
    let response = v3::version_creation::upload_file_to_version(
@@ -296,6 +300,7 @@ pub async fn upload_file_to_version(
        redis.clone(),
        file_host,
        session_queue,
+        http,
    )
    .await?;
    Ok(response)