fix(http): inherit BaseRequest on all TK2 + Colosseum request DTOs

MessagePack [Key("...")]-keyed contracts reject unknown fields, so request DTOs that omit BaseRequest's envelope (viewer_id, steam_id, steam_session_ticket) fail deserialization on the real msgpack wire path. Routing smoke + JSON-direct tests didn't catch this because S.T.J. tolerates extra keys and the routing smoke uses ValidBaseRequestJson, but anything sent via the actual client encrypted=True path threw MessagePackSerializationException. Fix: every Arena*Request now inherits BaseRequest. Also updates the JSON controller tests + e2e to include the envelope so the [ApiController] auto-400 validation passes. Discovered via /arena_colosseum/get_fee_info crash on the in-game arena screen. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-31 12:06:50 -04:00
parent f8ca4a0ae9
commit 668779e8a4
12 changed files with 37 additions and 18 deletions
--- a/SVSim.UnitTests/Controllers/ArenaTwoPickBattleControllerTests.cs
+++ b/SVSim.UnitTests/Controllers/ArenaTwoPickBattleControllerTests.cs
@@ -12,7 +12,10 @@ public class ArenaTwoPickBattleControllerTests
        using var factory = new SVSimTestFactory();
        var viewerId = await factory.SeedViewerAsync();
        using var client = factory.CreateAuthenticatedClient(viewerId);
-        var req = new { deck_no = 1L, need_init = 1, log = 1, excluded_field_id_list = new long[] { }, use_stage_select = 1, is_default_skin = 0 };
+        var req = new {
+            deck_no = 1L, need_init = 1, log = 1, excluded_field_id_list = new long[] { }, use_stage_select = 1, is_default_skin = 0,
+            viewer_id = "0", steam_id = 0, steam_session_ticket = "",
+        };
        var resp = await client.PostAsync("/arena_two_pick_battle/do_matching", JsonContent.Create(req));

        Assert.That(resp.StatusCode, Is.EqualTo(HttpStatusCode.OK));
--- a/SVSim.UnitTests/Controllers/ArenaTwoPickControllerTests.cs
+++ b/SVSim.UnitTests/Controllers/ArenaTwoPickControllerTests.cs
@@ -6,12 +6,18 @@ namespace SVSim.UnitTests.Controllers;

 public class ArenaTwoPickControllerTests
 {
+    // Every request DTO inherits BaseRequest; the [ApiController] auto-400 path rejects
+    // bodies missing the envelope fields. Spread this into JSON bodies in addition to per-
+    // endpoint payload.
+    private static readonly object Envelope = new { viewer_id = "0", steam_id = 0, steam_session_ticket = "" };
+
    [Test]
    public async Task Top_unauthenticated_returns_401()
    {
        using var factory = new SVSimTestFactory();
        using var client = factory.CreateClient();
-        var resp = await client.PostAsync("/arena_two_pick/top", JsonContent.Create(new { mode = 0 }));
+        var resp = await client.PostAsync("/arena_two_pick/top",
+            JsonContent.Create(new { mode = 0, viewer_id = "0", steam_id = 0, steam_session_ticket = "" }));
        Assert.That(resp.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
    }

@@ -21,7 +27,8 @@ public class ArenaTwoPickControllerTests
        using var factory = new SVSimTestFactory();
        var viewerId = await factory.SeedViewerAsync();
        using var client = factory.CreateAuthenticatedClient(viewerId);
-        var resp = await client.PostAsync("/arena_two_pick/top", JsonContent.Create(new { mode = 0 }));
+        var resp = await client.PostAsync("/arena_two_pick/top",
+            JsonContent.Create(new { mode = 0, viewer_id = "0", steam_id = 0, steam_session_ticket = "" }));
        Assert.That(resp.StatusCode, Is.EqualTo(HttpStatusCode.OK));
        var body = await resp.Content.ReadAsStringAsync();
        StringAssert.Contains("\"entry_info\":null", body);
--- a/SVSim.UnitTests/Integration/ArenaTwoPickEndToEndTests.cs
+++ b/SVSim.UnitTests/Integration/ArenaTwoPickEndToEndTests.cs
@@ -79,14 +79,21 @@ public class ArenaTwoPickEndToEndTests

        using var client = factory.CreateAuthenticatedClient(viewerId);

+        // Every TK2 request DTO inherits BaseRequest; the [ApiController] auto-400 path
+        // rejects bodies missing the envelope fields. Each PostAsync below carries them.
+        const string Vid = "0";
+        const int Sid = 0;
+        const string Stk = "";
+
        // 1) /top → entry_info:null (no active run).
-        var top = await client.PostAsync("/arena_two_pick/top", JsonContent.Create(new { mode = 0 }));
+        var top = await client.PostAsync("/arena_two_pick/top",
+            JsonContent.Create(new { mode = 0, viewer_id = Vid, steam_id = Sid, steam_session_ticket = Stk }));
        Assert.That(top.StatusCode, Is.EqualTo(HttpStatusCode.OK));
        StringAssert.Contains("\"entry_info\":null", await top.Content.ReadAsStringAsync());

        // 2) /entry → deducts 1 ticket (post-state = 4), returns 3 candidate class ids.
        var entry = await client.PostAsync("/arena_two_pick/entry",
-            JsonContent.Create(new { consume_item_type = 3 }));
+            JsonContent.Create(new { consume_item_type = 3, viewer_id = Vid, steam_id = Sid, steam_session_ticket = Stk }));
        Assert.That(entry.StatusCode, Is.EqualTo(HttpStatusCode.OK),
            $"/entry failed: {await entry.Content.ReadAsStringAsync()}");
        using var entryDoc = JsonDocument.Parse(await entry.Content.ReadAsStringAsync());
@@ -96,7 +103,7 @@ public class ArenaTwoPickEndToEndTests

        // 3) /class_choose with first candidate → returns candidate_card_list.
        var classChoose = await client.PostAsync("/arena_two_pick/class_choose",
-            JsonContent.Create(new { class_id = candidates[0] }));
+            JsonContent.Create(new { class_id = candidates[0], viewer_id = Vid, steam_id = Sid, steam_session_ticket = Stk }));
        Assert.That(classChoose.StatusCode, Is.EqualTo(HttpStatusCode.OK),
            $"/class_choose failed: {await classChoose.Content.ReadAsStringAsync()}");
        using var classDoc = JsonDocument.Parse(await classChoose.Content.ReadAsStringAsync());
@@ -109,7 +116,7 @@ public class ArenaTwoPickEndToEndTests
        for (int turn = 1; turn <= 15; turn++)
        {
            var cc = await client.PostAsync("/arena_two_pick/card_choose",
-                JsonContent.Create(new { selected_id = pickId }));
+                JsonContent.Create(new { selected_id = pickId, viewer_id = Vid, steam_id = Sid, steam_session_ticket = Stk }));
            Assert.That(cc.StatusCode, Is.EqualTo(HttpStatusCode.OK),
                $"turn {turn} /card_choose failed: {await cc.Content.ReadAsStringAsync()}");

@@ -124,7 +131,8 @@ public class ArenaTwoPickEndToEndTests

        // 5) /retire at 0 wins → 1 ticket + 100 rupies from the seed table.
        //    Post-state: ticket = 4 (after debit) + 1 (grant) = 5; rupies = 0 + 100 = 100.
-        var retire = await client.PostAsync("/arena_two_pick/retire", JsonContent.Create(new { }));
+        var retire = await client.PostAsync("/arena_two_pick/retire",
+            JsonContent.Create(new { viewer_id = Vid, steam_id = Sid, steam_session_ticket = Stk }));
        Assert.That(retire.StatusCode, Is.EqualTo(HttpStatusCode.OK),
            $"/retire failed: {await retire.Content.ReadAsStringAsync()}");
        using var retDoc = JsonDocument.Parse(await retire.Content.ReadAsStringAsync());
@@ -146,7 +154,8 @@ public class ArenaTwoPickEndToEndTests
            "post-state ticket = 4 (after debit) + 1 (grant) = 5");

        // 6) /top → entry_info:null again (run was deleted by /retire).
-        var topAgain = await client.PostAsync("/arena_two_pick/top", JsonContent.Create(new { mode = 0 }));
+        var topAgain = await client.PostAsync("/arena_two_pick/top",
+            JsonContent.Create(new { mode = 0, viewer_id = Vid, steam_id = Sid, steam_session_ticket = Stk }));
        Assert.That(topAgain.StatusCode, Is.EqualTo(HttpStatusCode.OK));
        StringAssert.Contains("\"entry_info\":null", await topAgain.Content.ReadAsStringAsync());
    }