From e6b9dc6d8e42ede3e50f730d97afd2da29027184 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=A1=E5=9D=8212456?= Date: Sun, 10 Apr 2022 21:23:18 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E8=87=B30.3.1(=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=E4=BA=86=E4=B8=80=E4=BA=9B=E5=AE=89=E5=85=A8=E6=80=A7?= =?UTF-8?q?=E9=97=AE=E9=A2=98)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. 修复了一些安全性的问题 2. 修复了初始化时fixed_properties表中无属性设定数据的bug --- .../Startup.cs | 1 - ...am123it.Arcaea.MarveCube.Standalone.csproj | 6 +- .../Bots/Backgrounds.cs | 92 ++++---- .../Controllers/BotController.cs | 198 +++++------------- .../Controllers/UserController.cs | 16 +- .../Core/BotAPIExceptions.cs | 47 +---- Team123it.Arcaea.MarveCube/Core/Event.cs | 86 -------- Team123it.Arcaea.MarveCube/Core/PlayerInfo.cs | 143 ------------- .../Core/SingleScore.cs | 54 ++++- .../FirstStart/FirstStart.cs | 4 +- .../FirstStartData/Initialization.sql | 8 +- .../GlobalProperties.cs | 1 - .../Processors/Background/FixedDatas.cs | 1 - .../Processors/Background/LeaderBoard.cs | 34 +-- .../Processors/Background/World.cs | 16 +- .../Processors/Front/Auth.cs | 6 +- .../Processors/Front/Compose.cs | 1 - .../Processors/Front/Score.cs | 1 - .../Processors/Front/Serve.cs | 2 +- .../Processors/Front/User.cs | 26 ++- Team123it.Arcaea.MarveCube/Program.cs | 3 - Team123it.Arcaea.MarveCube/Startup.cs | 1 - .../System.Enhance.MySql.Data.cs | 4 +- .../System.Enhance.Security.Cryptography.cs | 2 +- .../Team123it.Arcaea.MarveCube.csproj | 6 +- 25 files changed, 225 insertions(+), 534 deletions(-) delete mode 100644 Team123it.Arcaea.MarveCube/Core/Event.cs diff --git a/Team123it.Arcaea.MarveCube.Standalone/Startup.cs b/Team123it.Arcaea.MarveCube.Standalone/Startup.cs index eade7f5..c034bb9 100644 --- a/Team123it.Arcaea.MarveCube.Standalone/Startup.cs +++ b/Team123it.Arcaea.MarveCube.Standalone/Startup.cs @@ -1,6 +1,5 @@ using Microsoft.AspNetCore.Http.Features; using Microsoft.AspNetCore.HttpOverrides; -using System.Enhance.AspNetCore; namespace Team123it.Arcaea.MarveCube.Standalone { diff --git a/Team123it.Arcaea.MarveCube.Standalone/Team123it.Arcaea.MarveCube.Standalone.csproj b/Team123it.Arcaea.MarveCube.Standalone/Team123it.Arcaea.MarveCube.Standalone.csproj index 297a6c7..94884b2 100644 --- a/Team123it.Arcaea.MarveCube.Standalone/Team123it.Arcaea.MarveCube.Standalone.csproj +++ b/Team123it.Arcaea.MarveCube.Standalone/Team123it.Arcaea.MarveCube.Standalone.csproj @@ -3,11 +3,11 @@ net6.0 MarveCube.Standalone - 0.3.0 + 0.3.1 123 Open-Source Organization Arcaea Server 2(123 Marvelous Cube) Standalone Version - 0.3.0 - 0.3.0 + 0.3.1 + 0.3.1 (C)Copyright 2015-2022 123 Open-Source Organization. All rights reserved. 123 Marvelous Cube Standalone Version x64;ARM64 diff --git a/Team123it.Arcaea.MarveCube/Bots/Backgrounds.cs b/Team123it.Arcaea.MarveCube/Bots/Backgrounds.cs index 2110a07..fd6fbe2 100644 --- a/Team123it.Arcaea.MarveCube/Bots/Backgrounds.cs +++ b/Team123it.Arcaea.MarveCube/Bots/Backgrounds.cs @@ -1,60 +1,46 @@ -using Microsoft.AspNetCore.Http; using MySql.Data.MySqlClient; -using Team123it.Arcaea.MarveCube.Controllers; using Team123it.Arcaea.MarveCube.Core; using static Team123it.Arcaea.MarveCube.GlobalProperties; - namespace Team123it.Arcaea.MarveCube.Bots { - public static class Background - { - /// - /// 检查Apikey的有效性。 - /// - /// - public static void CheckApiKey(string apikey) - { - var conn = new MySqlConnection(DatabaseConnectURL); - try - { - conn.Open(); - var cmd = conn.CreateCommand(); - cmd.CommandText = "SELECT COUNT(*),is_banned FROM bots WHERE apikey=?apikey;"; - cmd.Parameters.Add(new MySqlParameter("?apikey", apikey)); - var rd = cmd.ExecuteReader(); - rd.Read(); - if (rd.GetInt32(0) == 1) - { - if (rd.GetBoolean(1)) - { - throw new BotAPIException(BotAPIException.APIExceptionType.BotIsBlocked,null); - } - } - else - { - throw new BotAPIException(BotAPIException.APIExceptionType.InvalidApiKey,null); - } - } - catch (BotAPIException) - { - throw; - } - finally - { - conn.Close(); - } - } - - public static bool IsSafeArgument(this HttpRequest req) - { - foreach (var queryStr in req.Query) - { - if (!BotController.IsSafeArgument(queryStr.Key)) return false; - if (!BotController.IsSafeArgument(queryStr.Value)) return false; - continue; - } - return true; - } - } + public static class Background + { + /// + /// 检查Apikey的有效性。 + /// + /// + public static void CheckApiKey(string apikey) + { + var conn = new MySqlConnection(DatabaseConnectURL); + try + { + conn.Open(); + var cmd = conn.CreateCommand(); + cmd.CommandText = "SELECT COUNT(*),is_banned FROM bots WHERE apikey=?apikey;"; + cmd.Parameters.Add(new MySqlParameter("?apikey", apikey)); + var rd = cmd.ExecuteReader(); + rd.Read(); + if (rd.GetInt32(0) == 1) + { + if (rd.GetBoolean(1)) + { + throw new BotAPIException(BotAPIException.APIExceptionType.BotIsBlocked,null); + } + } + else + { + throw new BotAPIException(BotAPIException.APIExceptionType.InvalidApiKey,null); + } + } + catch (BotAPIException) + { + throw; + } + finally + { + conn.Close(); + } + } + } } \ No newline at end of file diff --git a/Team123it.Arcaea.MarveCube/Controllers/BotController.cs b/Team123it.Arcaea.MarveCube/Controllers/BotController.cs index 509193f..6117261 100644 --- a/Team123it.Arcaea.MarveCube/Controllers/BotController.cs +++ b/Team123it.Arcaea.MarveCube/Controllers/BotController.cs @@ -1,13 +1,11 @@ #nullable enable using System; -using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.AspNetCore.Mvc; using Team123it.Arcaea.MarveCube.Core; using Team123it.Arcaea.MarveCube.Bots; using Newtonsoft.Json.Linq; using static Team123it.Arcaea.MarveCube.Core.BotAPIException; -using System.Text.RegularExpressions; using Team123it.Arcaea.MarveCube.Processors.Front; using System.Enhance.Web.Json; @@ -27,36 +25,23 @@ public Task GetPlayerInfo([FromQuery] string? apikey,[FromQuery]s return Task.Run(new Func(() => { if (apikey == null) return new BotAPIException(APIExceptionType.InvalidApiKey, null); - if (!Request.DoQueryLimit(apikey)) return new BotAPIException(APIExceptionType.QueryTooFrequently, null); - if (IsSafeArgument(apikey) && IsSafeArgument(user)) + try { - try - { - Background.CheckApiKey(apikey); - var r = new JObject() + Background.CheckApiKey(apikey); + var r = new JObject() { {"status",0 }, {"value", Bot.PlayerInfo(user)} }; - return new JObjectResult(r); - } - catch (BotAPIException ex) - { - return ex; - } - catch - { - return new BotAPIException(APIExceptionType.Others, null); - } + return new JObjectResult(r); } - else + catch (BotAPIException ex) { - var arguments = new Dictionary(); - foreach (var arg in Request.Query) - { - arguments.Add(arg.Key, arg.Value); - } - return new BotAPIException(APIExceptionType.DangerousArguments, new KeyValuePair>(apikey, arguments)); + return ex; + } + catch + { + return new BotAPIException(APIExceptionType.Others, null); } })); } @@ -67,40 +52,27 @@ public Task GetPlayerSongBest([FromQuery] string? apikey,[FromQue return Task.Run(new Func(() => { if (apikey == null) return new BotAPIException(APIExceptionType.InvalidApiKey, null); - if (!Request.DoQueryLimit(apikey)) return new BotAPIException(APIExceptionType.QueryTooFrequently, null); - if (Request.IsSafeArgument()) + try { - try - { - Background.CheckApiKey(apikey); - int diff; - if (!difficulty.HasValue) diff = 2; - else if (difficulty!.Value != 0 && difficulty!.Value != 1 && difficulty!.Value != 2 && difficulty!.Value != 3) throw new BotAPIException(APIExceptionType.DifficultyIsNotExist, null); - else diff = difficulty!.Value; - var r = new JObject() + Background.CheckApiKey(apikey); + int diff; + if (!difficulty.HasValue) diff = 2; + else if (difficulty!.Value != 0 && difficulty!.Value != 1 && difficulty!.Value != 2 && difficulty!.Value != 3) throw new BotAPIException(APIExceptionType.DifficultyIsNotExist, null); + else diff = difficulty!.Value; + var r = new JObject() { {"status",0 }, {"value",Bot.QueryPlayerBestScore(user,songid,(SongDifficulty)diff)} }; - return new JObjectResult(r); - } - catch (BotAPIException ex) - { - return ex; - } - catch - { - return new BotAPIException(APIExceptionType.Others, null); - } + return new JObjectResult(r); + } + catch (BotAPIException ex) + { + return ex; } - else + catch { - var arguments = new Dictionary(); - foreach (var arg in Request.Query) - { - arguments.Add(arg.Key, (string)arg.Value); - } - return new BotAPIException(APIExceptionType.DangerousArguments, new KeyValuePair>(apikey, arguments)); + return new BotAPIException(APIExceptionType.Others, null); } })); } @@ -111,36 +83,23 @@ public Task GetPlayerRecentScore([FromQuery] string? apikey,[From return Task.Run(new Func(() => { if (apikey == null) return new BotAPIException(APIExceptionType.InvalidApiKey, null); - if (!Request.DoQueryLimit(apikey)) return new BotAPIException(APIExceptionType.QueryTooFrequently, null); - if (Request.IsSafeArgument()) + try { - try - { - Background.CheckApiKey(apikey); - var r = new JObject() + Background.CheckApiKey(apikey); + var r = new JObject() { {"status",0 }, {"value",Bot.QueryPlayerRecentScore(user)} }; - return new JObjectResult(r); - } - catch (BotAPIException ex) - { - return ex; - } - catch - { - return new BotAPIException(APIExceptionType.Others, null); - } + return new JObjectResult(r); } - else + catch (BotAPIException ex) { - var arguments = new Dictionary(); - foreach (var arg in Request.Query) - { - arguments.Add(arg.Key, (string)arg.Value); - } - return new BotAPIException(APIExceptionType.DangerousArguments, new KeyValuePair>(apikey, arguments)); + return ex; + } + catch + { + return new BotAPIException(APIExceptionType.Others, null); } })); } @@ -151,37 +110,24 @@ public Task GetPlayerBest30([FromForm]string? apikey,[FromForm]st return Task.Run(new Func(() => { if (apikey == null) return new BotAPIException(APIExceptionType.InvalidApiKey, null); - if (!Request.DoQueryLimit(apikey)) return new BotAPIException(APIExceptionType.QueryTooFrequently, null); - if (Request.IsSafeArgument()) + try { - try - { - Background.CheckApiKey(apikey); - var r = new JObject() + Background.CheckApiKey(apikey); + var r = new JObject() { {"status",0 }, {"value",Bot.QueryPlayerBest30(user)} }; - return new JObjectResult(r); - } - catch (BotAPIException ex) - { - return ex; - } - catch(Exception ex) - { - Console.WriteLine(ex.ToString()); - return new BotAPIException(APIExceptionType.Others, null); - } + return new JObjectResult(r); + } + catch (BotAPIException ex) + { + return ex; } - else + catch (Exception ex) { - var arguments = new Dictionary(); - foreach (var arg in Request.Query) - { - arguments.Add(arg.Key, (string)arg.Value); - } - return new BotAPIException(APIExceptionType.DangerousArguments, new KeyValuePair>(apikey, arguments)); + Console.WriteLine(ex.ToString()); + return new BotAPIException(APIExceptionType.Others, null); } })); } @@ -192,58 +138,26 @@ public Task GetSongDetails([FromQuery]string? apikey, [FromQuery] return Task.Run(new Func(() => { if (apikey == null) return new BotAPIException(APIExceptionType.InvalidApiKey, null); - if (!Request.DoQueryLimit(apikey)) return new BotAPIException(APIExceptionType.QueryTooFrequently, null); - if (Request.IsSafeArgument()) + try { - try - { - Background.CheckApiKey(apikey); - var r = new JObject() + Background.CheckApiKey(apikey); + var r = new JObject() { {"status",0 }, {"value", Bot.SongInfo(songid) } }; - return new JObjectResult(r); - } - catch (BotAPIException ex) - { - return ex; - } - catch (Exception ex) - { - Console.WriteLine(ex.ToString()); - return new BotAPIException(APIExceptionType.Others, null); - } + return new JObjectResult(r); + } + catch (BotAPIException ex) + { + return ex; } - else + catch (Exception ex) { - var arguments = new Dictionary(); - foreach (var arg in Request.Query) - { - arguments.Add(arg.Key, (string)arg.Value); - } - return new BotAPIException(APIExceptionType.DangerousArguments, new KeyValuePair>(apikey, arguments)); + Console.WriteLine(ex.ToString()); + return new BotAPIException(APIExceptionType.Others, null); } })); } - public static bool IsSafeArgument(string arg) - { - if (arg.Contains(';') || arg.Contains('"') || arg.Contains('\'') - || arg.ToLower().Contains("insert") || arg.ToLower().Contains("update") - || arg.ToLower().Contains("select") || arg.ToLower().Contains("delete") - || arg.ToLower().Contains("chr") || arg.ToLower().Contains("mid") - || arg.ToLower().Contains("master") || arg.ToLower().Contains("truncate") - || arg.ToLower().Contains("char") || arg.ToLower().Contains("declare") - || arg.ToLower().Contains("join") || arg.ToLower().Contains("and") - || arg.ToLower().Contains("exec") || arg.ToLower().Contains("drop")) - { - return false; - } - else - { - var regex = new Regex("[^0-9a-zA-Z]"); - return !regex.IsMatch(arg); - } - } } } \ No newline at end of file diff --git a/Team123it.Arcaea.MarveCube/Controllers/UserController.cs b/Team123it.Arcaea.MarveCube/Controllers/UserController.cs index c4e4e9d..731ae46 100644 --- a/Team123it.Arcaea.MarveCube/Controllers/UserController.cs +++ b/Team123it.Arcaea.MarveCube/Controllers/UserController.cs @@ -185,15 +185,13 @@ public Task cloudSave([FromHeader] string Authorization, [FromFor { try { - Console.WriteLine(form["scores_data"]); - string scores_data = HttpUtility.UrlDecode(form["scores_data"], Encoding.UTF8); - string clearlamps_data = HttpUtility.UrlDecode(form["clearlamps_data"], Encoding.UTF8); - string clearedsongs_data = HttpUtility.UrlDecode(form["clearedsongs_data"], Encoding.UTF8); - string unlocklist_data = HttpUtility.UrlDecode(form["unlocklist_data"], Encoding.UTF8); - string story_data = HttpUtility.UrlDecode(form["story_data"], Encoding.UTF8); - string installid_data = HttpUtility.UrlDecode(form["installid_data"], Encoding.UTF8); - string devicemodelname_data = HttpUtility.UrlDecode(form["devicemodelname_data"], Encoding.UTF8); - File2.WriteAllText(Path2.Combine(AppContext.BaseDirectory, "data", "test.txt"), scores_data, Encoding.UTF8); + string scores_data = form["scores_data"]; + string clearlamps_data = form["clearlamps_data"]; + string clearedsongs_data = form["clearedsongs_data"]; + string unlocklist_data = form["unlocklist_data"]; + string story_data = form["story_data"]; + string installid_data = form["installid_data"]; + string devicemodelname_data = form["devicemodelname_data"]; var scores = JObject.Parse(scores_data).Value(""); var clearLamps = JObject.Parse(clearlamps_data).Value(""); var clearedSongs = JObject.Parse(clearedsongs_data).Value(""); diff --git a/Team123it.Arcaea.MarveCube/Core/BotAPIExceptions.cs b/Team123it.Arcaea.MarveCube/Core/BotAPIExceptions.cs index ef4fbb3..8cc2350 100644 --- a/Team123it.Arcaea.MarveCube/Core/BotAPIExceptions.cs +++ b/Team123it.Arcaea.MarveCube/Core/BotAPIExceptions.cs @@ -2,17 +2,13 @@ using System; using System.ComponentModel; using System.Enhance; -using System.Net; -using System.Net.Mail; using System.Collections.Generic; -using static Team123it.Arcaea.MarveCube.GlobalProperties; -using System.Text; using System.Enhance.Web.Json; namespace Team123it.Arcaea.MarveCube.Core { /// - /// 表示Arcaea Bot API返回的异常。 + /// 表示Arcaea Server 2 BotAPI返回的异常。 /// 异常对应id请参考 枚举的注释。 /// public class BotAPIException : Exception @@ -35,35 +31,6 @@ public BotAPIException(APIExceptionType type,KeyValuePair") - .Append("If this is the vistor who mistyped the query string, ask s/he to correct the query string.
") - .Append("If the visitor is unknown visitor and/or this keeps happening, it is recommended to ban the api key of the bot.
") - .Append("Details:
") - .Append("Time: ").Append(DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff")).Append("
") - .Append("Bot Api Key: ").Append(tag!.Value.Key).Append("
") - .Append("Attempt query api url: ").Append(tag!.Value.Value["url"]).Append("
") - .Append("Query strings:
"); - foreach(var queryStr in tag!.Value.Value) - { - if (queryStr.Key != "url") - { - body.Append(queryStr.Key).Append("=").Append(queryStr.Value).Append("
"); - } - } - body.Append($"
(C)Copyright 2015-{DateTime.Now.Year} 123 Open-Source Organization(Team123it). All rights reserved."); - msg.Body = body.ToString(); - using var client = new SmtpClient(ReportEmailSmtp!.Split(':')[0], int.Parse(ReportEmailSmtp!.Split(':')[1])); - client.Credentials = new NetworkCredential(ReportEmail!, ReportEmailPswd!); - client.EnableSsl = true; - client.Send(msg); - } } /// @@ -172,17 +139,7 @@ public enum APIExceptionType /// Bot账号被封禁 /// [Description("Your bot account is blocked. Please contact Lowiro to get more details or to appeal misblock action.")] - BotIsBlocked = -401, - /// - /// 查询频率(QPS)过高 - /// - [Description("You queried too frequently, please slow down your query frequency, or you may be blocked.")] - QueryTooFrequently = -402, - /// - /// 危险的参数(试图进行SQL注入攻击等) - /// - [Description("You tried to execute api with dangerous argument(s). Please do not execute with dangerous argument(s), or you may be blocked.")] - DangerousArguments = -403 + BotIsBlocked = -401 } } } \ No newline at end of file diff --git a/Team123it.Arcaea.MarveCube/Core/Event.cs b/Team123it.Arcaea.MarveCube/Core/Event.cs deleted file mode 100644 index b6add77..0000000 --- a/Team123it.Arcaea.MarveCube/Core/Event.cs +++ /dev/null @@ -1,86 +0,0 @@ -using Newtonsoft.Json; -using Newtonsoft.Json.Linq; -using System; - -namespace Team123it.Arcaea.MarveCube.Core -{ - /// - /// 表示一个增值活动。 - /// - public struct Event - { - /// - /// 活动的名称。 - /// - [JsonProperty("name")] - public string Name { get; } - - /// - /// 活动是否为限时。 - /// - [JsonProperty("isTimeLimited")] - public bool IsTimeLimited { get; } - - /// - /// 限时活动的开始日期,若非限时活动则为 。 - /// - [JsonIgnore] - public DateTime? StartTime - { - get - { - if (StartTimeStamp.HasValue) - { - return DateTime.UnixEpoch.AddSeconds(StartTimeStamp.Value); - } - else - { - return null; - } - } - } - - /// - /// 限时活动的结束日期,若非限时活动则为 。 - /// - [JsonIgnore] - public DateTime? EndTime - { - get - { - if (EndTimeStamp.HasValue) - { - return DateTime.UnixEpoch.AddSeconds(EndTimeStamp.Value); - } - else - { - return null; - } - } - } - - /// - /// 限时活动开始日期的时间戳,若非限时活动则为 。 - /// - [JsonProperty("startTime")] - private long? StartTimeStamp { get; } - - /// - /// 限时活动结束日期的时间戳,若非限时活动则为 。 - /// - [JsonProperty("endTime",NullValueHandling = NullValueHandling.Include)] - private long? EndTimeStamp { get; } - - /// - /// 活动的奖励数据数组。 - /// - [JsonProperty("rewards")] - public JArray Rewards { get; } - - /// - /// 完成活动需满足的条件数据数组。 - /// - [JsonProperty("conditions")] - public JArray Conditions { get; } - } -} diff --git a/Team123it.Arcaea.MarveCube/Core/PlayerInfo.cs b/Team123it.Arcaea.MarveCube/Core/PlayerInfo.cs index 4b5a19a..03d2196 100644 --- a/Team123it.Arcaea.MarveCube/Core/PlayerInfo.cs +++ b/Team123it.Arcaea.MarveCube/Core/PlayerInfo.cs @@ -5,14 +5,9 @@ using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; - -using System.IO; using Team123it.Arcaea.MarveCube.Processors.Background; -using System.Text; using Team123it.Arcaea.MarveCube.Processors.Front; using World = Team123it.Arcaea.MarveCube.Processors.Background.World; -using Org.BouncyCastle.Crypto.Agreement; -using Org.BouncyCastle.Asn1.Esf; namespace Team123it.Arcaea.MarveCube.Core { @@ -381,75 +376,6 @@ public int? CreditPoint public JArray? ClaimedPresentsList { get; set; } - public JArray UnlockList - { - get - { - var unlocks = JObject.Parse(File.ReadAllText(Path.Combine(AppContext.BaseDirectory, "data", "static", "unlocks.json"))).Value("unlocks"); - var r = new JArray(); - using var conn = new MySqlConnection(DatabaseConnectURL); - conn.Open(); - var cmd = conn.CreateCommand(); - foreach (JObject song in unlocks) - { - string sid = song.Value("songId"); - int diff = song.Value("ratingClass"); - bool isUnlocked = false; - cmd.CommandText = $"SELECT COUNT(score) FROM bests WHERE user_id={UserId!.Value} AND song_id='{sid}' " + - $"AND difficulty={diff} AND clear_type > 0;"; - if (Convert.ToInt32(cmd.ExecuteScalar()) == 1) isUnlocked = true; - var conditions = song.Value("conditions"); - foreach (JObject condition in conditions) - { - var unlockKey = new StringBuilder(); - unlockKey.Append(sid).Append(@"|").Append(diff).Append(@"|"); - bool isUnlockNeedStore = true; - switch (condition.Value("type")) - { - case 0: - // sid|2|0 - unlockKey.Append("0"); - break; - case 3: - // sid|2|3|preposition|2 - unlockKey.Append(@"3|").Append(condition.Value("song_id")).Append(@"|").Append(condition.Value("song_difficulty")); - break; - case 4: - var subConditions = condition.Value("conditions"); - string subConditionSid = string.Empty; - int subConditionDiff = 0; - foreach (JObject subCondition in subConditions) - { - subConditionSid = subCondition.Value("song_id"); - subConditionDiff = subCondition.Value("song_difficulty"); - break; - } - // sid|2|3|subcondition_preposition|2 - unlockKey.Append(@"3|").Append(subConditionSid).Append(@"|").Append(subConditionDiff); - break; - case 101: - // sid|2|101 - unlockKey.Append("101"); - break; - default: - isUnlockNeedStore = false; - break; - } - if (isUnlockNeedStore) - { - r.Add(new JObject() - { - { "complete",isUnlocked ? 1 : 0 }, - { "unlock_key", unlockKey.ToString() } - }); - } - } - } - conn.Close(); - return r; - } - } - /// /// 玩家的个人潜力值(API/数据库版)。 /// 常规潜力值格式: 潜力值 12.76 实际 12.76(浮点数) @@ -983,74 +909,5 @@ public static bool IsDuringAprilFools() var now = DateTime.Now; return now >= AprilFoolsStartTime && now <= new DateTime(now.Year, 4, 2, 0, 0, 0); } - - #region "Unused Codes" -#pragma warning disable CS8602, CS8629 - /// - /// 玩家的Best30数据。 - /// - [Obsolete("不再支持读取Best30数据(系统将自动通过Best29+Recent1计算个人潜力值)。", true)] - public List? Best30 { get; set; } - - /// - /// 玩家的Recent10数据。 - /// - [Obsolete("不再支持读取Recent10数据(系统将自动通过Best29+Recent1计算个人潜力值)。", true)] - public List? Recent10 { get; set; } - - /// - /// 使用当前 实例的 刷新当前玩家的个人潜力值。 - /// - /// 刷新成功与否的结果。 - [Obsolete("不再支持Best30+Recent10算法计算个人潜力值。请改用 RefreshPotential() 方法。",true)] - public bool BestRecentRefreshPotential() - { - /* - try - { - Best30 = (from singleBest in Best30 orderby singleBest.ScoreRating descending select singleBest).ToList(); - var conn = new MySqlConnection(DatabaseConnectURL); - conn.Open(); - var cmd = conn.CreateCommand(); - cmd.CommandText = $"DELETE FROM best30 WHERE user_id={UserId};"; //移除现有Best30数据 - cmd.ExecuteNonQuery(); - - cmd.CommandText = $"DELETE FROM recent10 WHERE user_id={UserId};"; //移除现有Recent10数据 - cmd.ExecuteNonQuery(); - - StringBuilder b30 = new StringBuilder(); - StringBuilder b30_values = new StringBuilder(); - for (int i = 0; i < Best30.Count; i++) - { - b30.Append($",'b{i}','song_id{i}','song_diff{i}'"); - b30_values.Append($",{Best30[i].ScoreRating.Value},'{Best30[i].SongId}',{(int)Best30[i].Difficulty}"); - } - cmd.CommandText = $"INSERT INTO best30 ('user_id'{b30}) VALUES ({UserId}{b30_values})"; - cmd.ExecuteNonQuery(); - - StringBuilder r10 = new StringBuilder(); - StringBuilder r10_values = new StringBuilder(); - for (int i = 0; i < Recent10.Count; i++) - { - r10.Append($",'r{i}','song_id{i}','song_diff{i}'"); - r10_values.Append($",{Recent10[i].ScoreRating.Value},'{Recent10[i].SongId}',{(int)Recent10[i].Difficulty}"); - } - cmd.CommandText = $"INSERT INTO recent10 ('user_id'{r10}) VALUES ({UserId}{r10_values})"; - cmd.ExecuteNonQuery(); - _potentialint = Player.CalculatePotentialInt(Best30,Recent10); //按照B30均值:R10均值为3:1比例计算新的个人潜力值 - - cmd.CommandText = $"UPDATE users SET user_rating={PotentialInt} WHERE user_id={UserId}"; - cmd.ExecuteNonQuery(); - conn.Close(); - return true; - //} - //catch - //{ - // return false; - //} - */ - return false; - } - #endregion } } diff --git a/Team123it.Arcaea.MarveCube/Core/SingleScore.cs b/Team123it.Arcaea.MarveCube/Core/SingleScore.cs index 06199cf..560f578 100644 --- a/Team123it.Arcaea.MarveCube/Core/SingleScore.cs +++ b/Team123it.Arcaea.MarveCube/Core/SingleScore.cs @@ -469,7 +469,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Past: #region "Past" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(sid),rating_pst FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = "SELECT COUNT(sid),rating_pst FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_pst = cmd.ExecuteReader(); r_pst.Read(); if (r_pst.GetInt32(0) == 1) @@ -502,7 +506,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Present: #region "Present" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(sid),rating_prs FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = "SELECT COUNT(sid),rating_prs FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_prs = cmd.ExecuteReader(); r_prs.Read(); if (r_prs.GetInt32(0) == 1) @@ -535,7 +543,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Future: #region "Future" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(sid),rating_ftr FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = $"SELECT COUNT(sid),rating_ftr FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_ftr = cmd.ExecuteReader(); r_ftr.Read(); if (r_ftr.GetInt32(0) == 1) @@ -568,7 +580,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Beyond: #region "Beyond" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(sid),rating_byd FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = $"SELECT COUNT(sid),rating_byd FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_byd = cmd.ExecuteReader(); r_byd.Read(); if (r_byd.GetInt32(0) == 1) @@ -653,7 +669,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Past: #region "Past" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(*),rating_pst FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_pst FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_pst = cmd.ExecuteReader(); r_pst.Read(); if (r_pst.GetInt32(0) == 1) @@ -686,7 +706,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Present: #region "Present" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(*),rating_prs FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_prs FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_prs = cmd.ExecuteReader(); r_prs.Read(); if (r_prs.GetInt32(0) == 1) @@ -719,7 +743,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Future: #region "Future" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(*),rating_ftr FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_ftr FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_ftr = cmd.ExecuteReader(); r_ftr.Read(); if (r_ftr.GetInt32(0) == 1) @@ -752,7 +780,11 @@ public SingleScore(string songId, SongDifficulty songDiff, uint score, ClearType case SongDifficulty.Beyond: #region "Beyond" Difficulty = songDiff; - cmd.CommandText = $"SELECT COUNT(*),rating_byd FROM fixed_songs WHERE sid='{songId}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_byd FROM fixed_songs WHERE sid=?sid"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var r_byd = cmd.ExecuteReader(); r_byd.Read(); if (r_byd.GetInt32(0) == 1) @@ -878,7 +910,11 @@ public static JObject GetBestScoreJson(uint userid,string songId,SongDifficulty using var conn = new MySqlConnection(DatabaseConnectURL); conn.Open(); var cmd = conn.CreateCommand(); - cmd.CommandText = $"SELECT * FROM {tableName} WHERE user_id={userid} AND song_id='{songId}' AND difficulty={(int)difficulty};"; + cmd.CommandText = $"SELECT * FROM {tableName} WHERE user_id={userid} AND song_id=?sid AND difficulty={(int)difficulty};"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songId + }); var rd = cmd.ExecuteReader(); if (rd.HasRows) //存在最好成绩 { diff --git a/Team123it.Arcaea.MarveCube/FirstStart/FirstStart.cs b/Team123it.Arcaea.MarveCube/FirstStart/FirstStart.cs index cbda04d..bc7481c 100644 --- a/Team123it.Arcaea.MarveCube/FirstStart/FirstStart.cs +++ b/Team123it.Arcaea.MarveCube/FirstStart/FirstStart.cs @@ -41,12 +41,12 @@ public static void FastInitialize() MysqlExecutor.ExecuteSqlFileData(DatabaseConnectURL, initSQLCodes); c.WriteLine("数据库初始化成功完成"); } - catch (MySqlException ex) + catch (MySqlException) { c.WriteLine("无法连接到数据库, 请检查配置信息是否填写有误后单击任意键继续"); goto DoInitialize; } - catch (JsonException ex) + catch (JsonException) { c.WriteLine("配置信息填写有误, 请重新填写, 注意一定要删除所有注释"); c.WriteLine("完成后单击任意键继续"); diff --git a/Team123it.Arcaea.MarveCube/FirstStartData/Initialization.sql b/Team123it.Arcaea.MarveCube/FirstStartData/Initialization.sql index 70ce2c4..6970966 100644 --- a/Team123it.Arcaea.MarveCube/FirstStartData/Initialization.sql +++ b/Team123it.Arcaea.MarveCube/FirstStartData/Initialization.sql @@ -291,4 +291,10 @@ CREATE TABLE `bots` ( `is_banned` tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (`id`) USING BTREE, UNIQUE INDEX `UniqueApikey`(`apikey`) USING BTREE -) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic; \ No newline at end of file +) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic; +INSERT INTO `fixed_properties` (`key`, `value`) VALUES ('core_exp', '250'); +INSERT INTO `fixed_properties` (`key`, `value`) VALUES ('is_byd_chapter_unlocked', '1'); +INSERT INTO `fixed_properties` (`key`, `value`) VALUES ('level_steps', '[50,100,150,200,250,300,400,500,800,1000,2000,3000,5000,7000,10000,12000,14000,16000,18000,20000,21000,22000,23000,24000,25000,26000,27000,28000,29000,30000]'); +INSERT INTO `fixed_properties` (`key`, `value`) VALUES ('max_stamina', '12'); +INSERT INTO `fixed_properties` (`key`, `value`) VALUES ('stamina_recover_tick', '1800000'); +INSERT INTO `fixed_properties` (`key`, `value`) VALUES ('world_ranking_enabled', '1'); \ No newline at end of file diff --git a/Team123it.Arcaea.MarveCube/GlobalProperties.cs b/Team123it.Arcaea.MarveCube/GlobalProperties.cs index cee607e..694f251 100644 --- a/Team123it.Arcaea.MarveCube/GlobalProperties.cs +++ b/Team123it.Arcaea.MarveCube/GlobalProperties.cs @@ -5,7 +5,6 @@ using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; -using System.Globalization; using System.IO; using System.Text; diff --git a/Team123it.Arcaea.MarveCube/Processors/Background/FixedDatas.cs b/Team123it.Arcaea.MarveCube/Processors/Background/FixedDatas.cs index db34ef5..a41c107 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Background/FixedDatas.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Background/FixedDatas.cs @@ -1,7 +1,6 @@ using static Team123it.Arcaea.MarveCube.GlobalProperties; using Newtonsoft.Json.Linq; using MySql.Data.MySqlClient; -using System.Linq; namespace Team123it.Arcaea.MarveCube.Processors.Background { diff --git a/Team123it.Arcaea.MarveCube/Processors/Background/LeaderBoard.cs b/Team123it.Arcaea.MarveCube/Processors/Background/LeaderBoard.cs index aaef932..9d2f27e 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Background/LeaderBoard.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Background/LeaderBoard.cs @@ -3,8 +3,6 @@ using MySql.Data.MySqlClient; using Newtonsoft.Json.Linq; using Team123it.Arcaea.MarveCube.Core; -using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel; -using Microsoft.CodeAnalysis.CSharp.Syntax; namespace Team123it.Arcaea.MarveCube.Processors.Background { @@ -43,18 +41,22 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, switch (difficulty) { case SongDifficulty.Past: //Past - cmd.CommandText = $"SELECT COUNT(*),rating_pst,pakset FROM fixed_songs WHERE sid='{songid}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_pst,pakset FROM fixed_songs WHERE sid=?sid;"; break; case SongDifficulty.Present: //Present - cmd.CommandText = $"SELECT COUNT(*),rating_prs,pakset FROM fixed_songs WHERE sid='{songid}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_prs,pakset FROM fixed_songs WHERE sid=?sid;"; break; case SongDifficulty.Future: //Future - cmd.CommandText = $"SELECT COUNT(*),rating_ftr,pakset FROM fixed_songs WHERE sid='{songid}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_ftr,pakset FROM fixed_songs WHERE sid=?sid;"; break; case SongDifficulty.Beyond: //Beyond - cmd.CommandText = $"SELECT COUNT(*),rating_byd,pakset FROM fixed_songs WHERE sid='{songid}'"; + cmd.CommandText = $"SELECT COUNT(*),rating_byd,pakset FROM fixed_songs WHERE sid=?sid;"; break; } + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songid + }); #endregion var rd = cmd.ExecuteReader(); rd.Read(); @@ -79,7 +81,7 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, { case LeaderBoardType.World: //世界排行 #region "世界排行" - cmd.CommandText = $"SELECT user_id,score,time_played FROM {tableName} WHERE song_id='{songid}' AND difficulty={(int)difficulty} ORDER BY score DESC, time_played DESC LIMIT {limit}"; + cmd.CommandText = $"SELECT user_id,score,time_played FROM {tableName} WHERE song_id=?sid AND difficulty={(int)difficulty} ORDER BY score DESC, time_played DESC LIMIT {limit}"; rd = cmd.ExecuteReader(); long rank = 0; while (rd.Read()) //遍历同一曲目同一难度的所有最佳成绩 @@ -105,12 +107,12 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, } else { - cmd.CommandText = $"SELECT COUNT(*) FROM {tableName} WHERE user_id={userid} AND song_id='{songid}' and difficulty={(int)difficulty}"; + cmd.CommandText = $"SELECT COUNT(*) FROM {tableName} WHERE user_id={userid} AND song_id=?sid and difficulty={(int)difficulty}"; if ((long)cmd.ExecuteScalar() == 1) //如果存在当前玩家对应曲目的最佳成绩 { - cmd.CommandText = $"SELECT COUNT(*) FROM {tableName} WHERE song_id='{songid}' AND difficulty={(int)difficulty} " + - $"AND (score>(SELECT score FROM {tableName} WHERE user_id={userid} AND song_id='{songid}' AND difficulty={(int)difficulty}) " + - $"AND time_played > (SELECT time_played FROM {tableName} WHERE user_id={userid} and song_id='{songid}' AND difficulty={(int)difficulty})" + + cmd.CommandText = $"SELECT COUNT(*) FROM {tableName} WHERE song_id=?sid AND difficulty={(int)difficulty} " + + $"AND (score>(SELECT score FROM {tableName} WHERE user_id={userid} AND song_id=?sid AND difficulty={(int)difficulty}) " + + $"AND time_played > (SELECT time_played FROM {tableName} WHERE user_id={userid} and song_id=?sid AND difficulty={(int)difficulty})" + $")"; rd = cmd.ExecuteReader(); rd.Read(); @@ -119,7 +121,7 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, { rd.Close(); #region "世界模式排行" - cmd.CommandText = $"SELECT user_id FROM {tableName} WHERE song_id='{songid}' AND difficulty={(int)difficulty} ORDER BY score DESC, time_played DESC LIMIT {limit.Value}"; + cmd.CommandText = $"SELECT user_id FROM {tableName} WHERE song_id=?sid AND difficulty={(int)difficulty} ORDER BY score DESC, time_played DESC LIMIT {limit.Value}"; rd = cmd.ExecuteReader(); long rank1 = 0; while (rd.Read()) //遍历同一曲目同一难度的所有最佳成绩 @@ -138,7 +140,7 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, } else if (myRank >= 5 && myRank <= 9983) //排名5-9983 { rd.Close(); - cmd.CommandText = $"SELECT user_id,score,time_played FROM {tableName} WHERE song_id='{songid}' AND difficulty={(int)difficulty} ORDER BY score DESC,time_played DESC limit {limit.Value} offset {myRank - 5L};"; + cmd.CommandText = $"SELECT user_id,score,time_played FROM {tableName} WHERE song_id=?sid AND difficulty={(int)difficulty} ORDER BY score DESC,time_played DESC limit {limit.Value} offset {myRank - 5L};"; rd = cmd.ExecuteReader(); long rank1 = myRank - 5; while (rd.Read()) @@ -155,7 +157,7 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, } else if (myRank >= 9984 && myRank <= 9999) //排名9984-9999 { rd.Close(); - cmd.CommandText = $"SELECT user_id FROM {tableName} WHERE song_id='{songid}' AND difficulty={(int)difficulty} ORDER BY score DESC,time_played DESC limit {limit.Value} offset {9998 - limit.Value};"; + cmd.CommandText = $"SELECT user_id FROM {tableName} WHERE song_id=?sid AND difficulty={(int)difficulty} ORDER BY score DESC,time_played DESC limit {limit.Value} offset {9998 - limit.Value};"; rd = cmd.ExecuteReader(); long rank1 = 9998 - limit.Value; while(rd.Read()) @@ -172,7 +174,7 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, } else //排名1w+ { rd.Close(); - cmd.CommandText = $"SELECT user_id FROM {tableName} WHERE song_id='{songid}' AND difficulty={(int)difficulty} ORDER BY score DESC,time_played DESC limit {limit.Value} offset {9999 - limit.Value};"; + cmd.CommandText = $"SELECT user_id FROM {tableName} WHERE song_id=?sid AND difficulty={(int)difficulty} ORDER BY score DESC,time_played DESC limit {limit.Value} offset {9999 - limit.Value};"; rd = cmd.ExecuteReader(); long rank1 = 9999 - limit.Value; while (rd.Read()) @@ -211,7 +213,7 @@ public static JArray GetSongLeaderBoard(string songid,SongDifficulty difficulty, { cmd.CommandText = $"SELECT user_id,score,time_played FROM {tableName} WHERE user_id IN " + $"(SELECT {userid} UNION SELECT user_id_other FROM friend WHERE user_id_me={userid}) " + - $"AND song_id='{songid}' AND difficulty={(int)difficulty} " + + $"AND song_id=?sid AND difficulty={(int)difficulty} " + $"ORDER BY score DESC, time_played DESC limit {limit}"; var rd1 = cmd.ExecuteReader(); long rank2 = 0; diff --git a/Team123it.Arcaea.MarveCube/Processors/Background/World.cs b/Team123it.Arcaea.MarveCube/Processors/Background/World.cs index f0f46ff..1999f68 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Background/World.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Background/World.cs @@ -164,7 +164,11 @@ public static JObject GetUserMap(uint userid,string mapid,out bool success) using var conn = new MySqlConnection(DatabaseConnectURL); conn.Open(); var cmd = conn.CreateCommand(); - cmd.CommandText = $"SELECT * FROM user_world WHERE user_id={userid} AND map_id='{mapid}'"; + cmd.CommandText = $"SELECT * FROM user_world WHERE user_id={userid} AND map_id=?mapId"; + cmd.Parameters.Add(new MySqlParameter("?mapId", MySqlDbType.VarChar) + { + Value = mapid + }); var rd = cmd.ExecuteReader(); r.Add("user_id", userid); r.Add("map_id", mapid); @@ -178,7 +182,7 @@ public static JObject GetUserMap(uint userid,string mapid,out bool success) else //如果玩家没有该地图数据 { rd.Close(); - cmd.CommandText = $"INSERT INTO user_world (user_id,map_id,is_locked) VALUES ({userid},'{mapid}',1);"; + cmd.CommandText = $"INSERT INTO user_world (user_id,map_id,is_locked) VALUES ({userid},?mapId,1);"; cmd.ExecuteNonQuery(); r.Add("curr_position", 0); r.Add("curr_capture", 0m); @@ -320,9 +324,13 @@ public static int StartWorldPlay(uint userid, string songid, SongDifficulty diff if (stamina_multiply.HasValue) stamina_mtp = stamina_multiply.Value; if (fragment_multiply.HasValue) frag_mtp = fragment_multiply.Value; if (prog_boost_multiply.HasValue) prog_boost_mtp = prog_boost_multiply.Value; - cmd.CommandText = $"DELETE FROM world_songplay WHERE user_id={userid} AND song_id='{songid}' AND difficulty={(int)difficulty};"; + cmd.CommandText = $"DELETE FROM world_songplay WHERE user_id={userid} AND song_id=?sid AND difficulty={(int)difficulty};"; + cmd.Parameters.Add(new MySqlParameter("?sid", MySqlDbType.VarChar) + { + Value = songid + }); cmd.ExecuteNonQuery(); //删除上次世界(World)模式游玩的占位数据(如果存在) - cmd.CommandText = $"INSERT INTO world_songplay VALUES ({userid},'{songid}',{(int)difficulty},{stamina_mtp},{frag_mtp},{prog_boost_mtp});"; + cmd.CommandText = $"INSERT INTO world_songplay VALUES ({userid},?sid,{(int)difficulty},{stamina_mtp},{frag_mtp},{prog_boost_mtp});"; cmd.ExecuteNonQuery(); //添加本次世界(World)模式游玩的占位数据 cmd.CommandText = $"UPDATE users SET world_time_fullrecharged='{fullRechargedTime:yyyy-M-d H:mm:ss.fff}' , overflow_staminas={overflowStaminas} WHERE user_id={userid}"; cmd.ExecuteNonQuery(); //更新时间戳 diff --git a/Team123it.Arcaea.MarveCube/Processors/Front/Auth.cs b/Team123it.Arcaea.MarveCube/Processors/Front/Auth.cs index 338cd43..9155cf6 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Front/Auth.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Front/Auth.cs @@ -31,7 +31,11 @@ public static string Login(HttpRequest req,string username,string password) { conn.Open(); string passEncrypted = BitConverter.ToString(SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(password))).Replace("-","").ToLower(); - var cmd = new MySqlCommand($"SELECT COUNT(*),user_id FROM users WHERE name='{username}' AND password='{passEncrypted}'", conn); + var cmd = new MySqlCommand($"SELECT COUNT(*),user_id FROM users WHERE name=?username AND password='{passEncrypted}'", conn); + cmd.Parameters.Add(new MySqlParameter("?username", MySqlDbType.VarChar) + { + Value = username + }); var data = cmd.ExecuteReader(); data.Read(); int result = data.GetInt32(0); diff --git a/Team123it.Arcaea.MarveCube/Processors/Front/Compose.cs b/Team123it.Arcaea.MarveCube/Processors/Front/Compose.cs index 3c09087..7d41bab 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Front/Compose.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Front/Compose.cs @@ -6,7 +6,6 @@ using Team123it.Arcaea.MarveCube.Core; using Team123it.Arcaea.MarveCube.Processors.Background; using World2 = Team123it.Arcaea.MarveCube.Processors.Background.World; -using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel; using System.Linq; namespace Team123it.Arcaea.MarveCube.Processors.Front diff --git a/Team123it.Arcaea.MarveCube/Processors/Front/Score.cs b/Team123it.Arcaea.MarveCube/Processors/Front/Score.cs index c029c40..bb0dc99 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Front/Score.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Front/Score.cs @@ -9,7 +9,6 @@ using World2 = Team123it.Arcaea.MarveCube.Processors.Background.World; using static Team123it.Arcaea.MarveCube.Processors.Background.LeaderBoard; using System.Text; -using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel; using System.Security.Cryptography; namespace Team123it.Arcaea.MarveCube.Processors.Front diff --git a/Team123it.Arcaea.MarveCube/Processors/Front/Serve.cs b/Team123it.Arcaea.MarveCube/Processors/Front/Serve.cs index cd46f0f..f37c1ac 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Front/Serve.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Front/Serve.cs @@ -19,7 +19,7 @@ namespace Team123it.Arcaea.MarveCube.Processors.Front /// public static class Serve { - private static readonly string[] SongFileList = { "0.aff", "1.aff", "2.aff", "3.aff", "base.ogg" }; + private static readonly string[] SongFileList = { "0.aff", "1.aff", "2.aff", "3.aff", "0.ogg", "1.ogg", "2.ogg", "3.ogg", "base.ogg" }; public static JObject GetDownloadAvailableSongs(uint userId, IEnumerable? customSongIds = null, bool isUrlMode = true) { if (isUrlMode) diff --git a/Team123it.Arcaea.MarveCube/Processors/Front/User.cs b/Team123it.Arcaea.MarveCube/Processors/Front/User.cs index 3123a55..7c1c947 100644 --- a/Team123it.Arcaea.MarveCube/Processors/Front/User.cs +++ b/Team123it.Arcaea.MarveCube/Processors/Front/User.cs @@ -30,14 +30,23 @@ public static JObject Register(string name,string password,string email) using var conn = new MySqlConnection(DatabaseConnectURL); conn.Open(); var cmd = conn.CreateCommand(); - cmd.CommandText = $"SELECT COUNT(*) FROM users WHERE name='{name}'"; + cmd.CommandText = $"SELECT COUNT(*) FROM users WHERE name=?name"; + cmd.Parameters.Add(new MySqlParameter("?name", MySqlDbType.VarChar) + { + Value = name + }); bool isNameDuplicated = ((long)cmd.ExecuteScalar() == 1) ? true : false; //检查是否用户名重复 if (isNameDuplicated) { conn.Close(); throw new ArcaeaAPIException(ArcaeaAPIException.APIExceptionType.UsernameExists); } - cmd.CommandText = $"SELECT COUNT(*) FROM users WHERE email='{email}'"; + cmd.Parameters.Clear(); + cmd.CommandText = $"SELECT COUNT(*) FROM users WHERE email=?email"; + cmd.Parameters.Add(new MySqlParameter("?email", MySqlDbType.VarChar) + { + Value = email + }); bool isEmailDuplicated = ((long)cmd.ExecuteScalar() == 1) ? true : false; //检查是否E-mail重复 if (isEmailDuplicated) { @@ -54,9 +63,18 @@ public static JObject Register(string name,string password,string email) user_code = "0" + user_code; } cmd.CommandText = $"INSERT INTO users (user_code,name,email,password,join_date,favorite_character) VALUES " + - $"('{user_code}','{name}','{email}','{passSHA256}',{(long)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalMilliseconds},-1)"; + $"('{user_code}',?name,?email,'{passSHA256}',{(long)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalMilliseconds},-1)"; + cmd.Parameters.Add(new MySqlParameter("?name", MySqlDbType.VarChar) + { + Value = name + }); cmd.ExecuteNonQuery(); - cmd.CommandText = $"SELECT user_id FROM users WHERE name='{name}'"; + cmd.Parameters.Clear(); + cmd.CommandText = $"SELECT user_id FROM users WHERE name=?name"; + cmd.Parameters.Add(new MySqlParameter("?name", MySqlDbType.VarChar) + { + Value = name + }); int user_id = (int)cmd.ExecuteScalar(); cmd.CommandText = $"INSERT INTO user_chars (user_id,character_id,level,exp,level_exp,frag,prog,overdrive,skill_id) VALUES ({user_id},0,1,0,50,50,50,50,'gauge_easy');"; cmd.ExecuteNonQuery(); diff --git a/Team123it.Arcaea.MarveCube/Program.cs b/Team123it.Arcaea.MarveCube/Program.cs index c6e5ea7..0750722 100644 --- a/Team123it.Arcaea.MarveCube/Program.cs +++ b/Team123it.Arcaea.MarveCube/Program.cs @@ -7,9 +7,6 @@ using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; -using Team123it.Arcaea.MarveCube.FirstStart; -using System.Text; -using MySql.Data.MySqlClient; namespace Team123it.Arcaea.MarveCube { diff --git a/Team123it.Arcaea.MarveCube/Startup.cs b/Team123it.Arcaea.MarveCube/Startup.cs index 04800a1..c2f306a 100644 --- a/Team123it.Arcaea.MarveCube/Startup.cs +++ b/Team123it.Arcaea.MarveCube/Startup.cs @@ -10,7 +10,6 @@ using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; -using Team123it.Arcaea.MarveCube.Core; namespace Team123it.Arcaea.MarveCube { diff --git a/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.MySql.Data.cs b/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.MySql.Data.cs index cf7dd65..31d5e28 100644 --- a/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.MySql.Data.cs +++ b/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.MySql.Data.cs @@ -42,7 +42,7 @@ public static bool ExecuteSqlFileData(string sqlConnString, string varData) ExecuteCommand(sqlConnString, alSql); return true; } - catch (Exception ex) + catch (Exception) { throw; } @@ -60,7 +60,7 @@ private static void ExecuteCommand(string sqlConnString, ArrayList varSqlList) cmd.ExecuteNonQuery(); } } - catch (Exception ex) + catch (Exception) { throw; } diff --git a/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.Security.Cryptography.cs b/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.Security.Cryptography.cs index cd969d0..d45cdb9 100644 --- a/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.Security.Cryptography.cs +++ b/Team123it.Arcaea.MarveCube/System.Enhance (Part)/System.Enhance.Security.Cryptography.cs @@ -31,7 +31,7 @@ public static class AESHelper /// /// 默认密钥-密钥的长度必须是32 /// - private const string PublicKey = "87d80b0614d7cf369c22967ff82aacf5"; + private const string PublicKey = "r5wdvxchtfi07oqmy1j3skba849p2z65"; /// /// 默认向量 diff --git a/Team123it.Arcaea.MarveCube/Team123it.Arcaea.MarveCube.csproj b/Team123it.Arcaea.MarveCube/Team123it.Arcaea.MarveCube.csproj index 7954338..d6dfd1e 100644 --- a/Team123it.Arcaea.MarveCube/Team123it.Arcaea.MarveCube.csproj +++ b/Team123it.Arcaea.MarveCube/Team123it.Arcaea.MarveCube.csproj @@ -3,11 +3,11 @@ net6.0 MarveCube - 0.3.0 + 0.3.1 123 Open-Source Organization Arcaea Server 2(123 Marvelous Cube Open-Source Version) - 0.3.0 - 0.3.0 + 0.3.1 + 0.3.1 (C)Copyright 2015-2022 123 Open-Source Organization. All rights reserved. Arcaea Server 2 - High-Speed Protable Arcaea API Server x64;ARM64