Merge branch 'main' into announcements

Author: Toastbrot236

Refresh.Core/Configuration/GameServerConfig.cs

@@ -1,61 +1,116 @@
 using System.Diagnostics.CodeAnalysis;
 using Bunkum.Core.Configuration;
 using Microsoft.CSharp.RuntimeBinder;
-using Refresh.Database.Models.Assets;
-using Refresh.Database.Models.Users;
 
 namespace Refresh.Core.Configuration;
 
 [SuppressMessage("ReSharper", "AutoPropertyCanBeMadeGetOnly.Global")]
 [SuppressMessage("ReSharper", "RedundantDefaultMemberInitializer")]
 public class GameServerConfig : Config
 {
-    public override int CurrentConfigVersion => 26;
+    public override int CurrentConfigVersion => 27;
     public override int Version { get; set; } = 0;
 
     protected override void Migrate(int oldVer, dynamic oldConfig)
     {
-        if (oldVer < 18)
+        // In version 27, various (mostly already role-specific) perms, like blocked assets and read-only mode, were moved to dedicated child objects,
+        // to more cleanly split the perms between certain roles, and to make their enforcement easier.
+        if (oldVer < 27)
         {
-            // Asset safety level was added in config version 2, so dont try to migrate if we are coming from an older version than that
-            if (oldVer >= 2)
+            this.NormalUserPermissions = new();
+            this.TrustedUserPermissions = new();
+
+            // filesize quota limit was added during version 11, but the version wasn't bumped, so catch error to be safe
+            if (oldVer >= 11)
             {
-                int oldSafetyLevel = (int)oldConfig.MaximumAssetSafetyLevel;
-                this.BlockedAssetFlags = new ConfigAssetFlags
+                try
+                {
+                    this.NormalUserPermissions.UserFilesizeQuota = (int)oldConfig.UserFilesizeQuota;
+                    this.TrustedUserPermissions.UserFilesizeQuota = (int)oldConfig.UserFilesizeQuota;
+                }
+                catch (RuntimeBinderException)
                 {
-                    Dangerous = oldSafetyLevel < 3,
-                    Modded = oldSafetyLevel < 2,
-                    Media = oldSafetyLevel < 1,
-                };
+                    // do nothing
+                }
             }
 
-            // Asset safety level for trusted users was added in config version 12, so dont try to migrate if we are coming from a version older than that
-            if (oldVer >= 12)
+            if (oldVer >= 18)
             {
-                // There was no version bump for trusted users being added, so we just have to catch this error :/
-                try
+                this.NormalUserPermissions.BlockedAssetFlags.Dangerous = (bool)oldConfig.BlockedAssetFlags.Dangerous;
+                this.NormalUserPermissions.BlockedAssetFlags.Media = (bool)oldConfig.BlockedAssetFlags.Media;
+                this.NormalUserPermissions.BlockedAssetFlags.Modded = (bool)oldConfig.BlockedAssetFlags.Modded;
+
+                this.TrustedUserPermissions.BlockedAssetFlags.Dangerous = (bool)oldConfig.BlockedAssetFlagsForTrustedUsers.Dangerous;
+                this.TrustedUserPermissions.BlockedAssetFlags.Media = (bool)oldConfig.BlockedAssetFlagsForTrustedUsers.Media;
+                this.TrustedUserPermissions.BlockedAssetFlags.Modded = (bool)oldConfig.BlockedAssetFlagsForTrustedUsers.Modded;
+            }
+            else
+            {
+                // Asset safety level was added in config version 2, so dont try to migrate if we are coming from an older version than that
+                if (oldVer >= 2)
                 {
-                    int oldTrustedSafetyLevel = (int)oldConfig.MaximumAssetSafetyLevelForTrustedUsers;
-                    this.BlockedAssetFlagsForTrustedUsers = new ConfigAssetFlags
+                    int oldSafetyLevel = (int)oldConfig.MaximumAssetSafetyLevel;
+                    this.NormalUserPermissions.BlockedAssetFlags = new ConfigAssetFlags
                     {
-                        Dangerous = oldTrustedSafetyLevel < 3,
-                        Modded = oldTrustedSafetyLevel < 2,
-                        Media = oldTrustedSafetyLevel < 1,
+                        Dangerous = oldSafetyLevel < 3,
+                        Modded = oldSafetyLevel < 2,
+                        Media = oldSafetyLevel < 1,
                     };
                 }
-                catch (RuntimeBinderException)
+
+                // Asset safety level for trusted users was added in config version 12, so dont try to migrate if we are coming from a version older than that
+                if (oldVer >= 12)
                 {
-                    this.BlockedAssetFlagsForTrustedUsers = this.BlockedAssetFlags;
+                    // There was no version bump for trusted users being added, so we just have to catch this error :/
+                    try
+                    {
+                        int oldTrustedSafetyLevel = (int)oldConfig.MaximumAssetSafetyLevelForTrustedUsers;
+                        this.TrustedUserPermissions.BlockedAssetFlags = new ConfigAssetFlags
+                        {
+                            Dangerous = oldTrustedSafetyLevel < 3,
+                            Modded = oldTrustedSafetyLevel < 2,
+                            Media = oldTrustedSafetyLevel < 1,
+                        };
+                    }
+                    catch (RuntimeBinderException)
+                    {
+                        this.TrustedUserPermissions.BlockedAssetFlags = this.NormalUserPermissions.BlockedAssetFlags;
+                    }
                 }
             }
+
+            // Timed level upload limits were added in version 19.
+            if (oldVer >= 19)
+            {
+                this.NormalUserPermissions.TimedLevelUploadLimits.Enabled = (bool)oldConfig.TimedLevelUploadLimits.Enabled;
+                this.NormalUserPermissions.TimedLevelUploadLimits.TimeSpanHours = (int)oldConfig.TimedLevelUploadLimits.TimeSpanHours;
+                this.NormalUserPermissions.TimedLevelUploadLimits.LevelQuota = (int)oldConfig.TimedLevelUploadLimits.LevelQuota;
+
+                this.TrustedUserPermissions.TimedLevelUploadLimits.Enabled = (bool)oldConfig.TimedLevelUploadLimits.Enabled;
+                this.TrustedUserPermissions.TimedLevelUploadLimits.TimeSpanHours = (int)oldConfig.TimedLevelUploadLimits.TimeSpanHours;
+                this.TrustedUserPermissions.TimedLevelUploadLimits.LevelQuota = (int)oldConfig.TimedLevelUploadLimits.LevelQuota;
+            }
+
+            // Read-only mode was added for both normal and trusted users in version 20.
+            if (oldVer >= 20)
+            {
+                this.NormalUserPermissions.ReadOnlyMode = (bool)oldConfig.ReadOnlyMode;
+                this.TrustedUserPermissions.ReadOnlyMode = (bool)oldConfig.ReadonlyModeForTrustedUsers;
+            }
         }
     }
 
     public string LicenseText { get; set; } = "Welcome to Refresh!";
 
-    public ConfigAssetFlags BlockedAssetFlags { get; set; } = new(AssetFlags.Dangerous | AssetFlags.Modded);
-    /// <seealso cref="GameUserRole.Trusted"/>
-    public ConfigAssetFlags BlockedAssetFlagsForTrustedUsers { get; set; } = new(AssetFlags.Dangerous | AssetFlags.Modded);
+    /// <summary>
+    /// Role-specific permissions for normal users and below
+    /// </summary>
+    public RolePermissions NormalUserPermissions = new();
+    /// <summary>
+    /// Role-specific permissions for trusted users and above
+    /// </summary>
+    public RolePermissions TrustedUserPermissions = new();
+
     public bool AllowUsersToUseIpAuthentication { get; set; } = false;
     public bool PermitPsnLogin { get; set; } = true;
     public bool PermitRpcnLogin { get; set; } = true;
@@ -97,20 +152,6 @@ protected override void Migrate(int oldVer, dynamic oldConfig)
     /// </summary>
     public string GameConfigStorageUrl { get; set; } = "https://refresh.example.com/lbp";
     public bool AllowInvalidTextureGuids { get; set; } = false;
-    public bool ReadOnlyMode { get; set; } = false;
-    /// <seealso cref="GameUserRole.Trusted"/>
-    public bool ReadonlyModeForTrustedUsers { get; set; } = false;
-    /// <summary>
-    /// The amount of data the user is allowed to upload before all resource uploads get blocked, defaults to 100mb.
-    /// </summary>
-    public int UserFilesizeQuota { get; set; } = 100 * 1_048_576;
-
-    public TimedLevelUploadLimitProperties TimedLevelUploadLimits { get; set; } = new()
-    {
-        Enabled = false,
-        TimeSpanHours = 24,
-        LevelQuota = 10,
-    };
 
     /// <summary>
     /// Whether to print the room state whenever a `FindBestRoom` match returns no results

Refresh.Core/Configuration/RolePermissions.cs

@@ -0,0 +1,22 @@
+using Refresh.Database.Models.Assets;
+
+namespace Refresh.Core.Configuration;
+
+public class RolePermissions
+{
+    public RolePermissions() {}
+
+    public bool ReadOnlyMode { get; set; } = false;
+    public ConfigAssetFlags BlockedAssetFlags { get; set; } = new(AssetFlags.Dangerous | AssetFlags.Modded);
+    public TimedLevelUploadLimitProperties TimedLevelUploadLimits = new()
+    {
+        Enabled = false,
+        TimeSpanHours = 24,
+        LevelQuota = 10,
+    };
+
+    /// <summary>
+    /// The amount of data the user is allowed to upload before all resource uploads get blocked, defaults to 100mb.
+    /// </summary>
+    public int UserFilesizeQuota { get; set; } = 100 * 1_048_576;
+}

Refresh.Core/Extensions/GameUserExtensions.cs

@@ -7,12 +7,8 @@ public static class GameUserExtensions
 {
     public static bool IsWriteBlocked(this GameUser user, GameServerConfig config)
     {
-        if (config.ReadOnlyMode && user.Role != GameUserRole.Admin)
-        {
-            return user.Role < GameUserRole.Trusted || config.ReadonlyModeForTrustedUsers;
-        }
-
-        return false;
+        if (user.Role == GameUserRole.Admin) return false;
+        return GetRolePermissionsForUser(user, config).ReadOnlyMode;
     }
 
     public static bool MayModifyUser(this GameUser user, GameUser targetUser)
@@ -27,4 +23,12 @@ public static bool MayModifyUser(this GameUser user, GameUser targetUser)
 
         return true;
     }
+
+    public static RolePermissions GetRolePermissionsForUser(this GameUser user, GameServerConfig config)
+    {
+        if (user.Role >= GameUserRole.Trusted)
+            return config.TrustedUserPermissions;
+        
+        return config.NormalUserPermissions;
+    }
 }

Refresh.Database/GameDatabaseContext.Pins.cs

@@ -169,6 +169,9 @@ private IEnumerable<PinProgressRelation> GetPinProgressesByUser(GameUser user, b
     public DatabaseList<PinProgressRelation> GetPinProgressesByUser(GameUser user, bool isBeta, TokenPlatform platform, int skip, int count)
         => new(this.GetPinProgressesByUser(user, isBeta, platform), skip, count);
 
+    public IQueryable<PinProgressRelation> GetAllPinProgressesByUserAndId(GameUser user, long pinId)
+        => this.PinProgressRelations.Where(p => p.PublisherId == user.UserId && p.PinId == pinId);
+
     public PinProgressRelation? GetUserPinProgress(long pinId, GameUser user, bool isBeta, TokenPlatform platform)
         => this.PinProgressRelations.FirstOrDefault(p => p.PinId == pinId && p.PublisherId == user.UserId 
             && (p.IsBeta == isBeta && p.Platform == platform || p.Platform == TokenPlatform.Website));

Refresh.Database/GameDatabaseContext.Registration.cs

@@ -115,7 +115,7 @@ public bool IsEmailTaken(string emailAddress)
     {
         return this.GameUsers.Any(u => u.EmailAddress == emailAddress) ||
                this.QueuedRegistrations.Any(r => r.EmailAddress == emailAddress) ||
-               this.IsEmailDisallowed(emailAddress);
+               this.IsEmailAddressDisallowed(emailAddress);
     }
 
     public void AddRegistrationToQueue(string username, string emailAddress, string passwordBcrypt)
@@ -253,34 +253,71 @@ public bool IsUserDisallowed(string username)
         return this.DisallowedUsers.FirstOrDefault(u => u.Username == username) != null;
     }
 
-    public bool DisallowEmail(string email)
+    public bool DisallowEmailAddress(string emailAddress)
     {
-        if (this.IsEmailDisallowed(email)) 
+        if (this.IsEmailAddressDisallowed(emailAddress)) 
             return false;
 
-        this.DisallowedEmails.Add(new()
+        this.DisallowedEmailAddresses.Add(new()
         {
-            Email = email,
+            Address = emailAddress,
         });
         this.SaveChanges();
 
         return true;
     }
 
-    public bool ReallowEmail(string email)
+    public bool ReallowEmailAddress(string emailAddress)
     {
-        DisallowedEmail? disallowedEmail = this.DisallowedEmails.FirstOrDefault(u => u.Email == email);
-        if (disallowedEmail == null) 
+        DisallowedEmailAddress? DisallowedEmailAddress = this.DisallowedEmailAddresses.FirstOrDefault(u => u.Address == emailAddress);
+        if (DisallowedEmailAddress == null) 
             return false;
 
-        this.DisallowedEmails.Remove(disallowedEmail);
+        this.DisallowedEmailAddresses.Remove(DisallowedEmailAddress);
         this.SaveChanges();
 
         return true;
     }
 
-    public bool IsEmailDisallowed(string email)
+    public bool IsEmailAddressDisallowed(string emailAddress)
     {
-        return this.DisallowedEmails.Any(u => u.Email == email);
+        return this.DisallowedEmailAddresses.Any(u => u.Address == emailAddress);
+    }
+
+    private string GetEmailDomainFromAddress(string emailAddress)
+        => emailAddress.Split('@').Last();
+
+    public bool DisallowEmailDomain(string emailAddress)
+    {
+        string emailDomain = this.GetEmailDomainFromAddress(emailAddress);
+        if (this.IsEmailDomainDisallowed(emailDomain)) 
+            return false;
+        
+        this.DisallowedEmailDomains.Add(new()
+        {
+            Domain = emailDomain,
+        });
+        this.SaveChanges();
+        
+        return true;
+    }
+
+    public bool ReallowEmailDomain(string emailAddress)
+    {
+        string emailDomain = this.GetEmailDomainFromAddress(emailAddress);
+        DisallowedEmailDomain? disallowedDomain = this.DisallowedEmailDomains.FirstOrDefault(u => u.Domain == emailDomain);
+        if (disallowedDomain == null) 
+            return false;
+        
+        this.DisallowedEmailDomains.Remove(disallowedDomain);
+        this.SaveChanges();
+        
+        return true;
+    }
+
+    public bool IsEmailDomainDisallowed(string emailAddress)
+    {
+        string emailDomain = this.GetEmailDomainFromAddress(emailAddress);
+        return this.DisallowedEmailDomains.Any(u => u.Domain == emailDomain);
     }
 }

Refresh.Database/GameDatabaseContext.cs

@@ -64,7 +64,8 @@ public partial class GameDatabaseContext : DbContext, IDatabaseContext
     internal DbSet<AssetDependencyRelation> AssetDependencyRelations { get; set; }
     internal DbSet<GameReview> GameReviews { get; set; }
     internal DbSet<DisallowedUser> DisallowedUsers { get; set; }
-    internal DbSet<DisallowedEmail> DisallowedEmails { get; set; }
+    internal DbSet<DisallowedEmailAddress> DisallowedEmailAddresses { get; set; }
+    internal DbSet<DisallowedEmailDomain> DisallowedEmailDomains { get; set; }
     internal DbSet<RateReviewRelation> RateReviewRelations { get; set; }
     internal DbSet<TagLevelRelation> TagLevelRelations { get; set; }
     internal DbSet<GamePlaylist> GamePlaylists { get; set; }

Refresh.Database/Migrations/20260331143640_AddAbilityToDisallowEmailDomains.cs

@@ -0,0 +1,45 @@
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Refresh.Database.Migrations
+{
+    /// <inheritdoc />
+    [DbContext(typeof(GameDatabaseContext))]
+    [Migration("20260331143640_AddAbilityToDisallowEmailDomains")]
+    public partial class AddAbilityToDisallowEmailDomains : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.RenameTable(name: "DisallowedEmails", newName: "DisallowedEmailAddresses");
+            migrationBuilder.DropPrimaryKey(name: "PK_DisallowedEmails", table: "DisallowedEmailAddresses");
+            migrationBuilder.RenameColumn(name: "Email", table: "DisallowedEmailAddresses", newName: "Address");
+            migrationBuilder.AddPrimaryKey(name: "PK_DisallowedEmailAddresses", table: "DisallowedEmailAddresses", column: "Address");
+
+            migrationBuilder.CreateTable(
+                name: "DisallowedEmailDomains",
+                columns: table => new
+                {
+                    Domain = table.Column<string>(type: "text", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_DisallowedEmailDomains", x => x.Domain);
+                });
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "DisallowedEmailDomains");
+
+            migrationBuilder.RenameTable(name: "DisallowedEmailAddresses", newName: "DisallowedEmails");
+            migrationBuilder.DropPrimaryKey(name: "PK_DisallowedEmailAddresses", table: "DisallowedEmails");
+            migrationBuilder.RenameColumn(name: "Address", table: "DisallowedEmails", newName: "Email");
+            migrationBuilder.AddPrimaryKey(name: "PK_DisallowedEmails", table: "DisallowedEmails", column: "Email");
+        }
+    }
+}