Harden minecraft-server-play analytics (#5484)

* Harden minecraft-server-play analytics

* Verify based on mc token

* Fail for non-server projects

* Nitpicks and factor out HTTP client

* Allow passing old minecraft_uuid field for clients

* Remove server play analytics test since it relies on auth against Minecraft API which I don't want to mock :(

* Switch to using hasJoined for uuid validation

* Fix formatting

* Fix sessionserver status code

* Ensure profile name and queried username matches

* replace some wrap_request_errs with internal errs

* add HTTP client into web::Data

* short timeout on client-side session join query

* further fixes

* sqlx prepare

* fix clippy

---------

Co-authored-by: Creeperkatze <178587183+Creeperkatze@users.noreply.github.com>
Co-authored-by: aecsocket <aecsocket@tutanota.com>

apps/labrinth/src/util/http.rs

@@ -0,0 +1,32 @@
+use std::time::Duration;
+
+use derive_more::Deref;
+use reqwest::header::{HeaderMap, HeaderValue, USER_AGENT};
+
+/// Generic HTTP client used for anywhere you need to send an HTTP request, and
+/// do not care what headers or other parameters are used.
+#[derive(Debug, Clone, Deref)]
+pub struct HttpClient(pub reqwest::Client);
+
+impl HttpClient {
+    pub fn new() -> Self {
+        let client = reqwest::Client::builder()
+            .default_headers(HeaderMap::from_iter([(
+                USER_AGENT,
+                HeaderValue::from_static(concat!(
+                    "Labrinth/",
+                    env!("COMPILATION_DATE")
+                )),
+            )]))
+            .timeout(Duration::from_secs(30))
+            .build()
+            .unwrap();
+        Self(client)
+    }
+}
+
+impl Default for HttpClient {
+    fn default() -> Self {
+        Self::new()
+    }
+}

apps/labrinth/src/util/mod.rs

@@ -10,6 +10,7 @@ pub mod error;
 pub mod ext;
 pub mod gotenberg;
 pub mod guards;
+pub mod http;
 pub mod img;
 pub mod ip;
 pub mod ratelimit;