Update PlayerName encoding for the API to protect special characters in names and chat messages. Allowed for non-base64 strings for API compatibility. Will remove in Version 2.0.

Author: Matthew Bate

BHD-ServerManager/API/Controllers/ChatController.cs

@@ -2,6 +2,7 @@
 using HawkSyncShared.DTOs;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using HawkSyncShared.SupportClasses;
 
 [ApiController]
 [Route("api/[controller]")]
@@ -12,9 +13,12 @@ public class ChatController : ControllerBase
     public ActionResult<CommandResult> SendMessage([FromBody] SendChatCommand command)
     {
         if (!HasPermission("chat")) return Forbid();
+
         if (command.Channel < 0 || command.Channel > 3)
             return BadRequest(new CommandResult { Success = false, Message = "Invalid channel." });
 
+        string chatMessage = Func.FB64(command.Message);
+
         var result = chatInstanceManager.SendChatMessage(command.Message, command.Channel);
         return Ok(new CommandResult { Success = result.Success, Message = result.Message });
     }

BHD-ServerManager/API/Controllers/PlayerController.cs

@@ -4,6 +4,7 @@
 using HawkSyncShared.DTOs;
 using System.Net;
 using HawkSyncShared;
+using HawkSyncShared.SupportClasses;
 
 namespace BHD_ServerManager.API.Controllers;
 
@@ -18,7 +19,9 @@ public ActionResult<CommandResult> ArmPlayer([FromBody] ArmPlayerCommand command
     {
         if(!HasPermission("players")) return Forbid();
 
-        var result = playerInstanceManager.ArmPlayer(command.PlayerSlot, command.PlayerName);
+        string playerName = Func.FB64(command.PlayerName);
+
+        var result = playerInstanceManager.ArmPlayer(command.PlayerSlot, playerName);
 
         return Ok(new CommandResult
         {
@@ -31,7 +34,9 @@ public ActionResult<CommandResult> DisarmPlayer([FromBody] DisarmPlayerCommand c
     {
         if(!HasPermission("players")) return Forbid();
 
-        var result = playerInstanceManager.DisarmPlayer(command.PlayerSlot, command.PlayerName);
+        string playerName = Func.FB64(command.PlayerName);
+
+        var result = playerInstanceManager.DisarmPlayer(command.PlayerSlot, playerName);
 
         return Ok(new CommandResult
         {
@@ -47,7 +52,9 @@ public ActionResult<CommandResult> ToggleGodMode([FromBody] GodModePlayerCommand
 
         bool IsGod = CommonCore.instancePlayers!.PlayerList[command.PlayerSlot].IsGod;
 
-        var result = playerInstanceManager.ToggleGodMode(command.PlayerSlot, command.PlayerName, !IsGod);
+        string playerName = Func.FB64(command.PlayerName);
+
+        var result = playerInstanceManager.ToggleGodMode(command.PlayerSlot, playerName, !IsGod);
 
         return Ok(new CommandResult
         {
@@ -60,7 +67,9 @@ public ActionResult<CommandResult> SwitchTeamPlayer([FromBody] SwitchTeamPlayerC
     {
         if(!HasPermission("players")) return Forbid();
 
-        var result = playerInstanceManager.SwitchPlayerTeam(command.PlayerSlot, command.PlayerName, command.TeamNum);
+        string playerName = Func.FB64(command.PlayerName);
+
+        var result = playerInstanceManager.SwitchPlayerTeam(command.PlayerSlot, playerName, command.TeamNum);
 
         return Ok(new CommandResult
         {
@@ -73,8 +82,8 @@ public ActionResult<CommandResult> SwitchTeamPlayer([FromBody] SwitchTeamPlayerC
     public ActionResult<CommandResult> KickPlayer([FromBody] KickPlayerCommand command)
     {
         if(!HasPermission("players")) return Forbid();
-
-        var result = playerInstanceManager.KickPlayer(command.PlayerSlot, command.PlayerName);
+        var PlayerName = Func.FB64(command.PlayerName);
+        var result = playerInstanceManager.KickPlayer(command.PlayerSlot, PlayerName);
 
         return Ok(new CommandResult
         {
@@ -88,7 +97,7 @@ public async Task<ActionResult<CommandResult>> BanPlayer([FromBody] BanPlayerCom
     {
         if(!HasPermission("players")) return Forbid();
 
-        string playerName = command.PlayerName;
+        string playerName = Func.FB64(command.PlayerName);
         string playerIP = command.PlayerIP;
         int playerSlot = command.PlayerSlot;
         bool banIP = command.BanIP;
@@ -163,9 +172,11 @@ public ActionResult<CommandResult> WarnPlayer([FromBody] WarnPlayerCommand comma
     {
         if(!HasPermission("players")) return Forbid();
 
+        string playerName = Func.FB64(command.PlayerName);
+
         var result = playerInstanceManager.WarnPlayer(
             command.PlayerSlot,
-            command.PlayerName,
+            playerName,
             command.Message);
 
         return Ok(new CommandResult
@@ -180,7 +191,9 @@ public ActionResult<CommandResult> KillPlayer([FromBody] KillPlayerCommand comma
     {
         if(!HasPermission("players")) return Forbid();
 
-        var result = playerInstanceManager.KillPlayer(command.PlayerSlot, command.PlayerName);
+        string playerName = Func.FB64(command.PlayerName);
+
+        var result = playerInstanceManager.KillPlayer(command.PlayerSlot, playerName);
 
         return Ok(new CommandResult
         {

HawkSyncShared/SupportClasses/Func.cs

@@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace HawkSyncShared.SupportClasses
+{
+    public static class Func
+    {
+        private const string Base64Marker = "__B64__";
+
+        public static string TB64(string input)
+        {
+            if (input == null) return string.Empty;
+            var bytes = Encoding.GetEncoding(1252).GetBytes(input);
+            return Base64Marker + Convert.ToBase64String(bytes);
+        }
+
+        public static string FB64(string input)
+        {
+            if (input == null) return string.Empty;
+            if (input.StartsWith(Base64Marker))
+            {
+                var base64Part = input.Substring(Base64Marker.Length);
+                var bytes = Convert.FromBase64String(base64Part);
+                return Encoding.GetEncoding(1252).GetString(bytes);
+            }
+            // Not marked as Base64, return as-is
+            return input;
+        }
+
+        public static bool IsMarkedBase64(string input)
+        {
+            return input != null && input.StartsWith(Base64Marker);
+        }
+    }
+}

RemoteClient/Services/ApiClient.cs

@@ -1,6 +1,8 @@
 using HawkSyncShared.DTOs;
+using HawkSyncShared.SupportClasses;
 using System.Net.Http.Headers;
 using System.Net.Http.Json;
+using System.Security.Cryptography;
 using System.Threading.Channels;
 using System.Windows.Forms;
 
@@ -107,47 +109,55 @@ public async Task<LoginResponse> LoginAsync(string username, string password)
 
     public async Task<CommandResult> KickPlayerAsync(int playerSlot, string playerName)
     {
-        var command = new KickPlayerCommand(playerSlot, playerName);
+        var PlayerName = Func.TB64(playerName);
+        var command = new KickPlayerCommand(playerSlot, PlayerName);
         return await SendCommandAsync("/api/player/kick", command);
     }
 
     public async Task<CommandResult> BanPlayerAsync(int playerSlot, string playerName, string playerIP, bool banIP)
     {
-        var command = new BanPlayerCommand(playerSlot, playerName, playerIP, banIP);
+        var PlayerName = Func.TB64(playerName);
+        var command = new BanPlayerCommand(playerSlot, PlayerName, playerIP, banIP);
         return await SendCommandAsync("/api/player/ban", command);
     }
 
     public async Task<CommandResult> WarnPlayerAsync(int playerSlot, string playerName, string message)
     {
-        var command = new WarnPlayerCommand(playerSlot, playerName, message);
+        var PlayerName = Func.TB64(playerName);
+        var command = new WarnPlayerCommand(playerSlot, PlayerName, message);
         return await SendCommandAsync("/api/player/warn", command);
     }
 
     public async Task<CommandResult> KillPlayerAsync(int playerSlot, string playerName)
     {
-        var command = new KillPlayerCommand(playerSlot, playerName);
+        var PlayerName = Func.TB64(playerName);
+        var command = new KillPlayerCommand(playerSlot, PlayerName);
         return await SendCommandAsync("/api/player/kill", command);
     }
 
     public async Task<CommandResult> ArmPlayerAsync(int playerSlot, string playerName)
     {
-        var command = new ArmPlayerCommand(playerSlot, playerName);
+        var PlayerName = Func.TB64(playerName);
+        var command = new ArmPlayerCommand(playerSlot, PlayerName);
         return await SendCommandAsync("/api/player/arm", command);
     }
 
     public async Task<CommandResult> DisarmPlayerAsync(int playerSlot, string playerName)
     {
-        var command = new DisarmPlayerCommand(playerSlot, playerName);
+        var PlayerName = Func.TB64(playerName);
+        var command = new DisarmPlayerCommand(playerSlot, PlayerName);
         return await SendCommandAsync("/api/player/disarm", command);
     }
     public async Task<CommandResult> ToggleGodPlayerAsync(int playerSlot, string playerName)
     {
-        var command = new GodModePlayerCommand(playerSlot, playerName);
+        var PlayerName = Func.TB64(playerName);
+        var command = new GodModePlayerCommand(playerSlot, PlayerName);
         return await SendCommandAsync("/api/player/togglegodmode", command);
     }
     public async Task<CommandResult> SwitchTeamPlayerAsync(int playerSlot, string playerName, int teamNum)
     {
-        var command = new SwitchTeamPlayerCommand(playerSlot, playerName, teamNum);
+        var PlayerName = Func.TB64(playerName);
+        var command = new SwitchTeamPlayerCommand(playerSlot, PlayerName, teamNum);
         return await SendCommandAsync("/api/player/switchteam", command);
     }
 
@@ -157,7 +167,8 @@ public async Task<CommandResult> SwitchTeamPlayerAsync(int playerSlot, string pl
 
     public async Task<CommandResult> SendChatAsync(string message, int channel = 1)
     {
-        var command = new SendChatCommand(message, channel);
+        var Message = Func.TB64(message);
+        var command = new SendChatCommand(Message, channel);
         return await SendCommandAsync("/api/chat/send", command);
     }