fix: add authorization checks on management outfit endpoints + widen SQL columns#2
Open
sudorest wants to merge 1 commit intoBluecoastroleplay:mainfrom
Open
Conversation
…SQL columns Addresses three issues reported in Bluecoastroleplay#1: 1. deleteManagementOutfit now verifies the player belongs to the outfit's job/gang AND holds a boss-level rank before allowing deletion. Previously any connected player could delete any management outfit by ID. 2. saveManagementOutfit now checks job.isboss in addition to the existing job name check, ensuring only boss/manager-rank players can create management outfits for their organization. 3. props and components columns in both player_outfits and management_outfits SQL schemas changed from VARCHAR(1000)/VARCHAR(1500) to TEXT, preventing silent truncation of DLC collection data that can exceed the old limits. Also adds Database.ManagementOutfits.GetByID helper used by the delete authorization logic.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #1 — addresses the two critical authorization bypasses and the SQL truncation risk reported in the security issue.
Changes
1.
deleteManagementOutfit— missing authorization (Critical)Before: Any connected player who knows a management outfit ID could delete any job/gang outfit from the database. The handler only checked that
idwas a number.After: The handler now:
mTypeparameter ('Job'or'Gang')Database.ManagementOutfits.GetByID()helperjob.name == outfit.job_name)job.isboss)2.
saveManagementOutfit— insufficient authorization (Critical)Before: Any employee of a job (even the lowest rank) could create management outfits for their organization. The handler only checked that the player's job name matched
outfitData.JobName.After: Added
job.isbosscheck so only boss/manager-rank players can create management outfits.3. SQL
VARCHARcolumns silently truncating DLC outfit dataBefore:
props VARCHAR(1000)andcomponents VARCHAR(1500)in bothplayer_outfitsandmanagement_outfitstables. DLC collection metadata (e.g.collectionHashstrings) can push JSON payloads beyond these limits, causing silent truncation and corrupted outfit saves.After: Both columns changed to
TEXTin the schema definitions, matching how theplayerskinstable already handles variable-length JSON (skin TEXT).4. New
Database.ManagementOutfits.GetByID()helperAdded to
server/database/managementoutfits.luato support the delete authorization logic — fetches a single management outfit row by its primary key.Files Changed
server/main.luajob.isbosscheck tosaveManagementOutfit; rewrotedeleteManagementOutfitwith full job membership + boss rank validationserver/database/managementoutfits.luaGetByID(id)functionsql/player_outfits.sqlpropsandcomponentscolumns:VARCHAR→TEXTsql/management_outfits.sqlpropsandcomponentscolumns:VARCHAR→TEXT