Playlist upload rate-limits and icon validation (#986)

Playlist creation requests from both LBP1 and 3 are now rate-limited to
discourage spamming empty unedited playlists, which has already happened
multiple times since Patchwork 1.3 released, so it might become a
problem soon. Update requests are also rate-limited but less tightly.
Also, both LBP1 playlist upload (create and update) endpoints will now
set the request's icon to blank if it is invalid or missing, and I've
finally added a few unit tests for playlists, mostly to test icon
validation.

Author: Toastbrot236

Refresh.Core/RateLimits/PlaylistEndpointLimits.cs

@@ -0,0 +1,15 @@
+namespace Refresh.Core.RateLimits;
+
+/// <summary>
+/// Shared rate limit parameters for game and API playlist endpoints
+/// </summary>
+public static class PlaylistEndpointLimits
+{
+    // rate-limits
+    public const int UploadTimeoutDuration = 450;
+    public const int MaxCreateAmount = 8; // should be enough
+    public const int MaxUpdateAmount = 12;
+    public const int UploadBlockDuration = 300;
+    public const string CreateBucket = "playlist-create";
+    public const string UpdateBucket = "playlist-update";
+}

Refresh.Interfaces.Game/Endpoints/Playlists/Lbp1PlaylistEndpoints.cs

@@ -1,5 +1,6 @@
 using Bunkum.Core;
 using Bunkum.Core.Endpoints;
+using Bunkum.Core.RateLimit;
 using Bunkum.Core.Responses;
 using Bunkum.Listener.Protocol;
 using Bunkum.Protocols.Http;
@@ -11,6 +12,7 @@
 using Refresh.Database.Models.Levels;
 using Refresh.Database.Models.Playlists;
 using Refresh.Database.Models.Users;
+using static Refresh.Core.RateLimits.PlaylistEndpointLimits;
 using Refresh.Interfaces.Game.Types.Levels;
 using Refresh.Interfaces.Game.Types.Lists;
 using Refresh.Interfaces.Game.Types.Playlists;
@@ -19,9 +21,38 @@ namespace Refresh.Interfaces.Game.Endpoints.Playlists;
 
 public class Lbp1PlaylistEndpoints : EndpointGroup
 {
+    /// <summary>
+    /// Validate the playlist icon. If it's blank, an invalid GUID or a remote asset which doesn't exist on the server, reset to blank hash
+    /// and do not return an error to not upset the game in certain cases (also because the user cannot choose the icon when creating a playlist).
+    /// </summary>
+    private string ValidateIconHash(string iconHash, DataContext dataContext)
+    {
+        if (iconHash.IsBlankHash()) 
+        {
+            return "0";
+        }
+        else if (iconHash.StartsWith('g'))
+        {
+            //Parse out the GUID
+            long guid = long.Parse(iconHash.AsSpan()[1..]);
+            
+            if (!dataContext.GuidChecker.IsTextureGuid(dataContext.Game, guid))
+            {
+                return "0";
+            }
+        }
+        else if (!dataContext.DataStore.ExistsInStore(iconHash))
+        {
+            return "0";
+        }
+
+        return iconHash;
+    }
+
     // Creates a playlist, with an optional parent ID
     [GameEndpoint("createPlaylist", HttpMethods.Post, ContentType.Xml)]
     [RequireEmailVerified]
+    [RateLimitSettings(UploadTimeoutDuration, MaxCreateAmount, UploadBlockDuration, CreateBucket)]
     public Response CreatePlaylist(RequestContext context, DataContext dataContext, GameServerConfig config, SerializedLbp1Playlist body)
     {
         GameUser user = dataContext.User!;
@@ -57,6 +88,9 @@ public Response CreatePlaylist(RequestContext context, DataContext dataContext,
         if (body.Description.Length > UgcLimits.DescriptionLimit)
             body.Description = body.Description[..UgcLimits.DescriptionLimit];
 
+        // Validate icon
+        body.Icon = this.ValidateIconHash(body.Icon, dataContext);
+
         // Create the playlist, marking it as the root playlist if the user does not have one set already
         GamePlaylist playlist = dataContext.Database.CreatePlaylist(user, body, rootPlaylist == null);
 
@@ -150,12 +184,13 @@ public Response CreatePlaylist(RequestContext context, DataContext dataContext,
 
     [GameEndpoint("setPlaylistMetaData/{id}", HttpMethods.Post, ContentType.Xml)]
     [RequireEmailVerified]
-    public Response UpdatePlaylistMetadata(RequestContext context, GameServerConfig config, GameDatabaseContext database, GameUser user, int id, SerializedLbp1Playlist body)
+    [RateLimitSettings(UploadTimeoutDuration, MaxUpdateAmount, UploadBlockDuration, UpdateBucket)]
+    public Response UpdatePlaylistMetadata(RequestContext context, GameServerConfig config, DataContext dataContext, GameUser user, int id, SerializedLbp1Playlist body)
     {
         if (user.IsWriteBlocked(config))
             return Unauthorized;
 
-        GamePlaylist? playlist = database.GetPlaylistById(id);
+        GamePlaylist? playlist = dataContext.Database.GetPlaylistById(id);
         if (playlist == null)
             return NotFound;
 
@@ -170,7 +205,10 @@ public Response UpdatePlaylistMetadata(RequestContext context, GameServerConfig
         if (body.Description.Length > UgcLimits.DescriptionLimit)
             body.Description = body.Description[..UgcLimits.DescriptionLimit];
 
-        database.UpdatePlaylist(playlist, body);
+        // Validate icon
+        body.Icon = this.ValidateIconHash(body.Icon, dataContext);
+        
+        dataContext.Database.UpdatePlaylist(playlist, body);
         return OK;
     }
 

Refresh.Interfaces.Game/Endpoints/Playlists/Lbp3PlaylistEndpoints.cs

@@ -1,5 +1,6 @@
 using Bunkum.Core;
 using Bunkum.Core.Endpoints;
+using Bunkum.Core.RateLimit;
 using Bunkum.Core.Responses;
 using Bunkum.Listener.Protocol;
 using Bunkum.Protocols.Http;
@@ -11,6 +12,7 @@
 using Refresh.Database.Models.Levels;
 using Refresh.Database.Models.Playlists;
 using Refresh.Database.Models.Users;
+using static Refresh.Core.RateLimits.PlaylistEndpointLimits;
 using Refresh.Interfaces.Game.Types.Levels;
 using Refresh.Interfaces.Game.Types.Lists;
 using Refresh.Interfaces.Game.Types.Playlists;
@@ -21,6 +23,7 @@ public class Lbp3PlaylistEndpoints : EndpointGroup
 {
     [GameEndpoint("playlists", HttpMethods.Post, ContentType.Xml)]
     [RequireEmailVerified]
+    [RateLimitSettings(UploadTimeoutDuration, MaxCreateAmount, UploadBlockDuration, CreateBucket)]
     public Response CreatePlaylist(RequestContext context, GameServerConfig config, DataContext dataContext, GameUser user, SerializedLbp3Playlist body)
     {
         if (user.IsWriteBlocked(config))
@@ -48,6 +51,7 @@ public Response CreatePlaylist(RequestContext context, GameServerConfig config,
 
     [GameEndpoint("playlists/{playlistId}", HttpMethods.Post, ContentType.Xml)]
     [RequireEmailVerified]
+    [RateLimitSettings(UploadTimeoutDuration, MaxUpdateAmount, UploadBlockDuration, UpdateBucket)]
     public Response UpdatePlaylist(RequestContext context, GameServerConfig config, DataContext dataContext, GameUser user, SerializedLbp3Playlist body, int playlistId)
     {
         if (user.IsWriteBlocked(config))