Skip to content

Commit 6dc33d6

Browse files
committed
Return additional info in authenticated pinfo requests
Real psql error messages will be sent (ephemeral bot side, so no user info can leak that mods cannot already leak) Hidden ban reason will be sent
1 parent c3063de commit 6dc33d6

File tree

6 files changed

+36
-21
lines changed

6 files changed

+36
-21
lines changed

api/ban.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -106,9 +106,9 @@ func handleBanImpl(r *http.Request) (*database.User, int, error) {
106106

107107
gpcm.KickPlayerCustomMessage(req.ProfileID, req.Reason, gpcm.WWFCMsgProfileRestrictedCustom)
108108

109-
user, success := database.GetProfile(pool, ctx, req.ProfileID)
109+
user, err := database.GetProfile(pool, ctx, req.ProfileID)
110110

111-
if !success {
111+
if err != nil {
112112
return nil, http.StatusInternalServerError, ErrUserQueryTransaction
113113
}
114114

api/kick.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,9 +78,9 @@ func handleKickImpl(r *http.Request) (*database.User, int, error) {
7878

7979
gpcm.KickPlayerCustomMessage(req.ProfileID, req.Reason, gpcm.WWFCMsgKickedCustom)
8080

81-
user, success := database.GetProfile(pool, ctx, req.ProfileID)
81+
user, err := database.GetProfile(pool, ctx, req.ProfileID)
8282

83-
if !success {
83+
if err != nil {
8484
return nil, http.StatusInternalServerError, ErrUserQueryTransaction
8585
}
8686

api/pinfo.go

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,14 +63,23 @@ func handlePinfoImpl(r *http.Request) (*database.User, int, error) {
6363
return nil, http.StatusBadRequest, ErrRequestBody
6464
}
6565

66-
realUser, success := database.GetProfile(pool, ctx, req.ProfileID)
66+
goodSecret := false
67+
if apiSecret != "" && req.Secret == apiSecret {
68+
goodSecret = true
69+
}
70+
71+
realUser, err := database.GetProfile(pool, ctx, req.ProfileID)
6772
var ret *database.User
6873

69-
if !success {
70-
return &database.User{}, http.StatusInternalServerError, ErrUserQuery
74+
if err != nil {
75+
if !goodSecret {
76+
err = ErrUserQuery
77+
}
78+
79+
return &database.User{}, http.StatusInternalServerError, err
7180
}
7281

73-
if apiSecret == "" || req.Secret != apiSecret {
82+
if !goodSecret {
7483
// Invalid secret, only report normal user info
7584
ret = &database.User{
7685
ProfileId: realUser.ProfileId,

api/unban.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -74,9 +74,9 @@ func handleUnbanImpl(r *http.Request) (*database.User, int, error) {
7474
return nil, http.StatusInternalServerError, ErrTransaction
7575
}
7676

77-
user, success := database.GetProfile(pool, ctx, req.ProfileID)
77+
user, err := database.GetProfile(pool, ctx, req.ProfileID)
7878

79-
if !success {
79+
if err != nil {
8080
return nil, http.StatusInternalServerError, ErrUserQueryTransaction
8181
}
8282

database/user.go

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ const (
1616
UpdateUserProfileID = `UPDATE users SET profile_id = $3 WHERE user_id = $1 AND gsbrcd = $2`
1717
UpdateUserNGDeviceID = `UPDATE users SET ng_device_id = $2 WHERE profile_id = $1`
1818
UpdateUserCsnum = `UPDATE users SET csnum = $2 WHERE profile_id = $1`
19-
GetUser = `SELECT user_id, gsbrcd, ng_device_id, email, unique_nick, firstname, lastname, has_ban, ban_reason, open_host, last_ingamesn, last_ip_address, csnum, ban_moderator, ban_issued, ban_expires FROM users WHERE profile_id = $1`
19+
GetUser = `SELECT user_id, gsbrcd, ng_device_id, email, unique_nick, firstname, lastname, has_ban, ban_reason, open_host, last_ingamesn, last_ip_address, csnum, ban_moderator, ban_reason_hidden, ban_issued, ban_expires FROM users WHERE profile_id = $1`
2020
ClearProfileQuery = `DELETE FROM users WHERE profile_id = $1 RETURNING user_id, gsbrcd, email, unique_nick, firstname, lastname, open_host, last_ip_address, last_ingamesn, csnum`
2121
DoesUserExist = `SELECT EXISTS(SELECT 1 FROM users WHERE user_id = $1 AND gsbrcd = $2)`
2222
IsProfileIDInUse = `SELECT EXISTS(SELECT 1 FROM users WHERE profile_id = $1)`
@@ -46,10 +46,11 @@ type User struct {
4646
LastInGameSn string
4747
LastIPAddress string
4848
Csnum []string
49-
// Two fields only used in GetUser query
50-
BanModerator string
51-
BanIssued *time.Time
52-
BanExpires *time.Time
49+
// Following fields only used in GetUser query
50+
BanModerator string
51+
BanReasonHidden string
52+
BanIssued *time.Time
53+
BanExpires *time.Time
5354
}
5455

5556
var (
@@ -135,7 +136,7 @@ func (user *User) UpdateProfile(pool *pgxpool.Pool, ctx context.Context, data ma
135136
}
136137
}
137138

138-
func GetProfile(pool *pgxpool.Pool, ctx context.Context, profileId uint32) (User, bool) {
139+
func GetProfile(pool *pgxpool.Pool, ctx context.Context, profileId uint32) (User, error) {
139140
user := User{}
140141
row := pool.QueryRow(ctx, GetUser, profileId)
141142

@@ -146,11 +147,12 @@ func GetProfile(pool *pgxpool.Pool, ctx context.Context, profileId uint32) (User
146147
var lastInGameSn *string
147148
var lastIPAddress *string
148149
var banModerator *string
150+
var banHiddenReason *string
149151

150-
err := row.Scan(&user.UserId, &user.GsbrCode, &user.NgDeviceId, &user.Email, &user.UniqueNick, &firstName, &lastName, &user.Restricted, &banReason, &user.OpenHost, &lastInGameSn, &lastIPAddress, &user.Csnum, &banModerator, &user.BanIssued, &user.BanExpires)
152+
err := row.Scan(&user.UserId, &user.GsbrCode, &user.NgDeviceId, &user.Email, &user.UniqueNick, &firstName, &lastName, &user.Restricted, &banReason, &user.OpenHost, &lastInGameSn, &lastIPAddress, &user.Csnum, &banModerator, &banHiddenReason, &user.BanIssued, &user.BanExpires)
151153

152154
if err != nil {
153-
return User{}, false
155+
return User{}, err
154156
}
155157

156158
user.ProfileId = profileId
@@ -179,7 +181,11 @@ func GetProfile(pool *pgxpool.Pool, ctx context.Context, profileId uint32) (User
179181
user.BanModerator = *banModerator
180182
}
181183

182-
return user, true
184+
if banHiddenReason != nil {
185+
user.BanReasonHidden = *banHiddenReason
186+
}
187+
188+
return user, nil
183189
}
184190

185191
func ClearProfile(pool *pgxpool.Pool, ctx context.Context, profileId uint32) (User, bool) {

gpcm/profile.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,8 @@ func (g *GameSpySession) getProfile(command common.GameSpyCommand) {
3131
mutex.Unlock()
3232
} else {
3333
mutex.Unlock()
34-
user, ok = database.GetProfile(pool, ctx, uint32(profileId))
35-
if !ok {
34+
user, err = database.GetProfile(pool, ctx, uint32(profileId))
35+
if err != nil {
3636
// The profile info was requested on is invalid.
3737
g.replyError(ErrGetProfileBadProfile)
3838
return

0 commit comments

Comments
 (0)