fix(rank-battle): inherit BaseRequest so auth fields survive translation roundtrip
The translation middleware decrypts + msgpack-decodes the request body into the action's first-parameter type, then re-serializes that DTO to JSON for the auth handler to read. Phase 3's DoMatchingRequestDto and RankBattleFinishRequestDto didn't inherit BaseRequest, so viewer_id / steam_id / steam_session_ticket were dropped during the msgpack → DTO → JSON pivot — the auth handler then saw a body with no auth fields and 401'd every request. Fixed by making both DTOs extend BaseRequest, mirroring the Phase 2 TK2 DoMatchingRequest pattern. Also added [FromBody] BaseRequest parameters to the previously body-less actions (AiStart × 2, ForceFinish, AddClientLog, GetLatestMasterPoint). The translation middleware explicitly requires at least one parameter to bind the decrypted msgpack body (see L130-136 of the middleware); without it the request would throw InvalidOperationException at runtime. Tests updated to post viewer_id / steam_id / steam_session_ticket placeholder values in the request body, matching the existing TK2 test pattern. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
gamer147
@@ -5,6 +5,7 @@ using SVSim.Database.Enums;
|
||||
using SVSim.EmulatedEntrypoint.Constants;
|
||||
using SVSim.EmulatedEntrypoint.Matching;
|
||||
using SVSim.EmulatedEntrypoint.Models.Dtos.RankBattle;
|
||||
using SVSim.EmulatedEntrypoint.Models.Dtos.Requests;
|
||||
using SVSim.EmulatedEntrypoint.Security.SteamSessionAuthentication;
|
||||
using SVSim.EmulatedEntrypoint.Services;
|
||||
|
||||
@@ -56,12 +57,15 @@ public sealed class RankBattleController : ControllerBase
|
||||
public Task<IActionResult> DoMatchingUnlimited([FromBody] DoMatchingRequestDto req, CancellationToken ct)
|
||||
=> DoMatchingInternal("unlimited_rank_battle", Format.Unlimited, req, ct);
|
||||
|
||||
// AIBattleStartTask has no SetParameter override, so the body is just the inherited
|
||||
// PostParams (viewer_id / steam_id / steam_session_ticket) — but the translation
|
||||
// middleware requires at least one parameter to bind the decrypted body. Use BaseRequest.
|
||||
[HttpPost("/ai_rotation_rank_battle/start")]
|
||||
public Task<IActionResult> AiStartRotation(CancellationToken ct)
|
||||
public Task<IActionResult> AiStartRotation([FromBody] BaseRequest _, CancellationToken ct)
|
||||
=> AiStartInternal(Format.Rotation, ct);
|
||||
|
||||
[HttpPost("/ai_unlimited_rank_battle/start")]
|
||||
public Task<IActionResult> AiStartUnlimited(CancellationToken ct)
|
||||
public Task<IActionResult> AiStartUnlimited([FromBody] BaseRequest _, CancellationToken ct)
|
||||
=> AiStartInternal(Format.Unlimited, ct);
|
||||
|
||||
/// <summary>
|
||||
@@ -84,26 +88,28 @@ public sealed class RankBattleController : ControllerBase
|
||||
});
|
||||
}
|
||||
|
||||
// BaseRequest parameter on every body-less action so the translation middleware can
|
||||
// bind the decrypted msgpack body (it explicitly requires at least one parameter).
|
||||
[HttpPost("/rank_battle/force_finish")]
|
||||
public IActionResult ForceFinish()
|
||||
public IActionResult ForceFinish([FromBody] BaseRequest _)
|
||||
{
|
||||
if (!TryGetViewerId(out var _)) return Unauthorized();
|
||||
if (!TryGetViewerId(out var _u)) return Unauthorized();
|
||||
return Ok(new { });
|
||||
}
|
||||
|
||||
[HttpPost("/rank_battle/add_client_log")]
|
||||
[HttpPost("/rank_battle/add_all_client_log")]
|
||||
[HttpPost("/rank_battle/add_last_turn_log")]
|
||||
public IActionResult AddClientLog()
|
||||
public IActionResult AddClientLog([FromBody] BaseRequest _)
|
||||
{
|
||||
if (!TryGetViewerId(out var _)) return Unauthorized();
|
||||
if (!TryGetViewerId(out var _u)) return Unauthorized();
|
||||
return Ok(new { });
|
||||
}
|
||||
|
||||
[HttpPost("/rank_battle/get_latest_master_point")]
|
||||
public IActionResult GetLatestMasterPoint()
|
||||
public IActionResult GetLatestMasterPoint([FromBody] BaseRequest _)
|
||||
{
|
||||
if (!TryGetViewerId(out var _)) return Unauthorized();
|
||||
if (!TryGetViewerId(out var _u)) return Unauthorized();
|
||||
return Ok(new { });
|
||||
}
|
||||
|
||||
|
||||
@@ -1,10 +1,17 @@
|
||||
using System.Text.Json.Serialization;
|
||||
using MessagePack;
|
||||
using SVSim.EmulatedEntrypoint.Models.Dtos.Requests;
|
||||
|
||||
namespace SVSim.EmulatedEntrypoint.Models.Dtos.RankBattle;
|
||||
|
||||
[MessagePackObject(keyAsPropertyName: true)]
|
||||
public sealed class DoMatchingRequestDto
|
||||
/// <summary>
|
||||
/// Standard DoMatchingParam shape for rank battle (rotation/unlimited). Inherits viewer_id /
|
||||
/// steam_id / steam_session_ticket from <see cref="BaseRequest"/> so the auth fields survive
|
||||
/// the translation-middleware msgpack → DTO → JSON round-trip (otherwise the
|
||||
/// SteamSessionAuthenticationHandler sees a body without auth fields and 401s).
|
||||
/// </summary>
|
||||
[MessagePackObject]
|
||||
public sealed class DoMatchingRequestDto : BaseRequest
|
||||
{
|
||||
[JsonPropertyName("deck_no")]
|
||||
[Key("deck_no")]
|
||||
@@ -20,7 +27,7 @@ public sealed class DoMatchingRequestDto
|
||||
|
||||
[JsonPropertyName("log")]
|
||||
[Key("log")]
|
||||
public string? Log { get; set; }
|
||||
public int Log { get; set; }
|
||||
|
||||
[JsonPropertyName("use_stage_select")]
|
||||
[Key("use_stage_select")]
|
||||
@@ -28,7 +35,7 @@ public sealed class DoMatchingRequestDto
|
||||
|
||||
[JsonPropertyName("excluded_field_id_list")]
|
||||
[Key("excluded_field_id_list")]
|
||||
public int[]? ExcludedFieldIdList { get; set; }
|
||||
public List<long> ExcludedFieldIdList { get; set; } = new();
|
||||
|
||||
[JsonPropertyName("is_default_skin")]
|
||||
[Key("is_default_skin")]
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Text.Json.Serialization;
|
||||
using MessagePack;
|
||||
using SVSim.EmulatedEntrypoint.Models.Dtos.Requests;
|
||||
|
||||
namespace SVSim.EmulatedEntrypoint.Models.Dtos.RankBattle;
|
||||
|
||||
@@ -7,9 +8,12 @@ namespace SVSim.EmulatedEntrypoint.Models.Dtos.RankBattle;
|
||||
/// Standard BattleFinishParam shape — see docs/api-spec/common/types.ts.md and
|
||||
/// docs/api-spec/endpoints/post-login/rank-battle/finish.md. Future: promote to
|
||||
/// a shared common DTO when a second finish endpoint reuses this.
|
||||
///
|
||||
/// Inherits viewer_id / steam_id / steam_session_ticket from <see cref="BaseRequest"/>
|
||||
/// so the auth fields survive the translation-middleware round-trip.
|
||||
/// </summary>
|
||||
[MessagePackObject(keyAsPropertyName: true)]
|
||||
public sealed class RankBattleFinishRequestDto
|
||||
[MessagePackObject]
|
||||
public sealed class RankBattleFinishRequestDto : BaseRequest
|
||||
{
|
||||
[JsonPropertyName("battle_result")]
|
||||
[Key("battle_result")]
|
||||
|
||||
@@ -10,6 +10,40 @@ namespace SVSim.UnitTests.Controllers;
|
||||
[TestFixture]
|
||||
public class RankBattleControllerTests
|
||||
{
|
||||
// BaseRequest fields (viewer_id / steam_id / steam_session_ticket) are required by the
|
||||
// request DTOs — the ApiController's auto-validation rejects bodies missing them. We
|
||||
// post placeholder values here; the TestAuthHandler injects the real viewer-id via the
|
||||
// X-Test-Viewer-Id header set by CreateAuthenticatedClient, so these body values are
|
||||
// ignored by auth.
|
||||
private static readonly object DoMatchingBody = new
|
||||
{
|
||||
deck_no = 1,
|
||||
need_init = 1,
|
||||
log = 0,
|
||||
viewer_id = "0",
|
||||
steam_id = 0,
|
||||
steam_session_ticket = "",
|
||||
};
|
||||
|
||||
private static object FinishBody(int battleResult, int classId = 3) => new
|
||||
{
|
||||
battle_result = battleResult,
|
||||
is_retire = 0,
|
||||
recovery_data = "{}",
|
||||
class_id = classId,
|
||||
total_turn = 5,
|
||||
viewer_id = "0",
|
||||
steam_id = 0,
|
||||
steam_session_ticket = "",
|
||||
};
|
||||
|
||||
private static readonly object EmptyAuthedBody = new
|
||||
{
|
||||
viewer_id = "0",
|
||||
steam_id = 0,
|
||||
steam_session_ticket = "",
|
||||
};
|
||||
|
||||
[Test]
|
||||
public async Task DoMatching_rotation_first_poll_returns_3002_RETRY_with_empty_node_server_url()
|
||||
{
|
||||
@@ -19,9 +53,7 @@ public class RankBattleControllerTests
|
||||
await factory.SeedDeckAsync(viewerId, Format.Rotation, 1);
|
||||
var client = factory.CreateAuthenticatedClient(viewerId);
|
||||
|
||||
var resp = await client.PostAsJsonAsync(
|
||||
"/rotation_rank_battle/do_matching",
|
||||
new { deck_no = 1, need_init = 1 });
|
||||
var resp = await client.PostAsJsonAsync("/rotation_rank_battle/do_matching", DoMatchingBody);
|
||||
|
||||
Assert.That(resp.IsSuccessStatusCode, Is.True, $"Expected 2xx, got {resp.StatusCode}");
|
||||
var raw = await resp.Content.ReadAsStringAsync();
|
||||
@@ -44,23 +76,20 @@ public class RankBattleControllerTests
|
||||
|
||||
// Alice polls first → parks.
|
||||
var c1 = factory.CreateAuthenticatedClient(v1);
|
||||
var r1 = await c1.PostAsJsonAsync(
|
||||
"/rotation_rank_battle/do_matching", new { deck_no = 1, need_init = 1 });
|
||||
var r1 = await c1.PostAsJsonAsync("/rotation_rank_battle/do_matching", DoMatchingBody);
|
||||
var j1 = JsonDocument.Parse(await r1.Content.ReadAsStringAsync()).RootElement;
|
||||
Assert.That(j1.GetProperty("matching_state").GetInt32(), Is.EqualTo(3002));
|
||||
|
||||
// Bob polls — pairs, returns joiner (3004).
|
||||
var c2 = factory.CreateAuthenticatedClient(v2);
|
||||
var r2 = await c2.PostAsJsonAsync(
|
||||
"/rotation_rank_battle/do_matching", new { deck_no = 1, need_init = 1 });
|
||||
var r2 = await c2.PostAsJsonAsync("/rotation_rank_battle/do_matching", DoMatchingBody);
|
||||
var j2 = JsonDocument.Parse(await r2.Content.ReadAsStringAsync()).RootElement;
|
||||
Assert.That(j2.GetProperty("matching_state").GetInt32(), Is.EqualTo(3004), "Joiner = 3004.");
|
||||
Assert.That(j2.GetProperty("battle_id").GetString(), Is.Not.Null.And.Not.Empty);
|
||||
Assert.That(j2.GetProperty("node_server_url").GetString(), Is.Not.Empty);
|
||||
|
||||
// Alice polls again — gets cached match, owner role (3007).
|
||||
var r3 = await c1.PostAsJsonAsync(
|
||||
"/rotation_rank_battle/do_matching", new { deck_no = 1, need_init = 0 });
|
||||
var r3 = await c1.PostAsJsonAsync("/rotation_rank_battle/do_matching", DoMatchingBody);
|
||||
var j3 = JsonDocument.Parse(await r3.Content.ReadAsStringAsync()).RootElement;
|
||||
Assert.That(j3.GetProperty("matching_state").GetInt32(), Is.EqualTo(3007), "Owner = 3007.");
|
||||
Assert.That(j3.GetProperty("battle_id").GetString(), Is.EqualTo(j2.GetProperty("battle_id").GetString()));
|
||||
@@ -75,7 +104,7 @@ public class RankBattleControllerTests
|
||||
await factory.SeedDeckAsync(viewerId, Format.Rotation, 1);
|
||||
var client = factory.CreateAuthenticatedClient(viewerId);
|
||||
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/start", new { });
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/start", EmptyAuthedBody);
|
||||
var raw = await resp.Content.ReadAsStringAsync();
|
||||
|
||||
using var doc = JsonDocument.Parse(raw);
|
||||
@@ -111,7 +140,7 @@ public class RankBattleControllerTests
|
||||
await factory.SeedDeckAsync(viewerId, Format.Rotation, 1);
|
||||
var client = factory.CreateAuthenticatedClient(viewerId);
|
||||
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/start", new { });
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/start", EmptyAuthedBody);
|
||||
using var doc = JsonDocument.Parse(await resp.Content.ReadAsStringAsync());
|
||||
var selfInfo = doc.RootElement.GetProperty("self_info");
|
||||
|
||||
@@ -127,7 +156,7 @@ public class RankBattleControllerTests
|
||||
await factory.SeedDeckAsync(viewerId, Format.Rotation, 1);
|
||||
var client = factory.CreateAuthenticatedClient(viewerId);
|
||||
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/start", new { });
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/start", EmptyAuthedBody);
|
||||
using var doc = JsonDocument.Parse(await resp.Content.ReadAsStringAsync());
|
||||
var oppoInfo = doc.RootElement.GetProperty("oppo_info");
|
||||
|
||||
@@ -143,14 +172,7 @@ public class RankBattleControllerTests
|
||||
var viewerId = await factory.SeedViewerAsync();
|
||||
var client = factory.CreateAuthenticatedClient(viewerId);
|
||||
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/finish", new
|
||||
{
|
||||
battle_result = 1, // win
|
||||
is_retire = 0,
|
||||
recovery_data = "{}",
|
||||
class_id = 3,
|
||||
total_turn = 5,
|
||||
});
|
||||
var resp = await client.PostAsJsonAsync("/ai_rotation_rank_battle/finish", FinishBody(battleResult: 1));
|
||||
|
||||
Assert.That(resp.IsSuccessStatusCode, Is.True);
|
||||
using var doc = JsonDocument.Parse(await resp.Content.ReadAsStringAsync());
|
||||
@@ -168,11 +190,7 @@ public class RankBattleControllerTests
|
||||
var viewerId = await factory.SeedViewerAsync();
|
||||
var client = factory.CreateAuthenticatedClient(viewerId);
|
||||
|
||||
var resp = await client.PostAsJsonAsync("/rotation_rank_battle/finish", new
|
||||
{
|
||||
battle_result = 2, // consistency error
|
||||
class_id = 3,
|
||||
});
|
||||
var resp = await client.PostAsJsonAsync("/rotation_rank_battle/finish", FinishBody(battleResult: 2));
|
||||
|
||||
using var doc = JsonDocument.Parse(await resp.Content.ReadAsStringAsync());
|
||||
Assert.That(doc.RootElement.GetProperty("battle_result").GetInt32(), Is.EqualTo(2));
|
||||
|
||||
Reference in New Issue
Block a user