xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add remote image validation for screenshot URLs

Browse Source
This commit is contained in:
Frank Tovar
2026-01-29 01:43:02 +01:00
parent 5b62640b76
commit f713756ece
3 changed files with 92 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Endpoints/SuggestEndpoints.cs
View File

@@ -40,7 +40,7 @@ public static class SuggestEndpoints
return Results.Ok(ordered);
});
app.MapPost("/api/suggestions", async ([FromBody] SuggestionRequest request, HttpContext ctx, AppDbContext db) =>
app.MapPost("/api/suggestions", async ([FromBody] SuggestionRequest request, HttpContext ctx, AppDbContext db, IHttpClientFactory http) =>
{
var phase = await EndpointHelpers.GetPhase(db);
if (phase != Phase.Suggest)
@@ -55,6 +55,10 @@ public static class SuggestEndpoints
{
return Results.BadRequest(new { error = "Screenshot URL must be http(s) and end with an image file extension." });
}
if (!await EndpointHelpers.IsReachableImageAsync(request.ScreenshotUrl, http))
{
return Results.BadRequest(new { error = "Screenshot URL could not be validated as an image." });
}
var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);
if (player is null) return Results.Unauthorized();
@@ -104,7 +108,7 @@ public static class SuggestEndpoints
return Results.NoContent();
});
app.MapPut("/api/suggestions/{id:int}", async (int id, [FromBody] SuggestionRequest request, HttpContext ctx, AppDbContext db, IConfiguration config) =>
app.MapPut("/api/suggestions/{id:int}", async (int id, [FromBody] SuggestionRequest request, HttpContext ctx, AppDbContext db, IConfiguration config, IHttpClientFactory http) =>
{
var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);
var isAdmin = await EndpointHelpers.IsAdmin(ctx, db, config);
@@ -127,6 +131,10 @@ public static class SuggestEndpoints
{
return Results.BadRequest(new { error = "Screenshot URL must be http(s) and end with an image file extension." });
}
if (!await EndpointHelpers.IsReachableImageAsync(request.ScreenshotUrl, http))
{
return Results.BadRequest(new { error = "Screenshot URL could not be validated as an image." });
}
var suggestion = await db.Suggestions.FirstOrDefaultAsync(s => s.Id == id);
if (suggestion == null) return Results.NotFound(new { error = "Suggestion not found." });