Merge remote-tracking branch 'origin/master' into score-legacy-toggle-ui

ppy · Jan 29, 2024 · e7ed418 · e7ed418
2 parents 9457af8 + c696378
commit e7ed418
Show file tree

Hide file tree

Showing 318 changed files with 4,383 additions and 2,990 deletions.
diff --git a/.env.dusk.local.example b/.env.dusk.local.example
@@ -1,8 +1,8 @@
 APP_KEY=
 APP_ENV=testing
 
-APP_URL=http://localhost:8000
-NOTIFICATION_ENDPOINT=ws://notification-server-dusk:2345
+APP_URL=http://nginx:8008
+NOTIFICATION_ENDPOINT=ws://nginx:8008/home/notifications/feed
 
 DB_DATABASE=osu_test
 DB_DATABASE_CHAT=osu_chat_test

diff --git a/.env.example b/.env.example
@@ -307,6 +307,7 @@ CLIENT_CHECK_VERSION=false
 # SCORES_ES_CACHE_DURATION=
 # SCORES_EXPERIMENTAL_RANK_AS_DEFAULT=false
 # SCORES_EXPERIMENTAL_RANK_AS_EXTRA=false
+# SCORES_PROCESSING_QUEUE=osu-queue:score-statistics
 # SCORES_RANK_CACHE_LOCAL_SERVER=0
 # SCORES_RANK_CACHE_MIN_USERS=35000
 # SCORES_RANK_CACHE_SERVER_URL=

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -49,7 +49,7 @@ jobs:
       - name: Install js dependencies
         run: yarn --frozen-lockfile
 
-      - run: 'yarn lint --max-warnings 94 > /dev/null'
+      - run: 'yarn lint --max-warnings 89 > /dev/null'
 
       - run: ./bin/update_licence.sh -nf
 

diff --git a/.gitignore b/.gitignore
@@ -10,6 +10,9 @@ _ide_helper.php
 /vendor
 composer.phar
 
+# docker related local files
+/compose.override.yml
+
 # OS-specific crud
 .DS_Store
 Thumbs.db

diff --git a/SETUP.md b/SETUP.md
@@ -157,8 +157,6 @@ Start docker in background:
 
 ```
 bin/docker_dev.sh -d
-# alternatively
-# docker compose up -d
 ```
 
 Start single docker service:
@@ -188,13 +186,9 @@ docker compose run --rm php mysql
 Docker images need to be occasionally updated to make sure they're running latest version of the packages.
 
 ```
-docker compose down --rmi all
-docker compose pull
-docker compose build --pull
+docker compose build --no-cache
 ```
 
-(don't use `build --no-cache` as it'll end up rebuilding `php` image multiple times)
-
 #### Faster php commands
 
 When frequently running commands, doing `docker compose run` may feel a little bit slow. An alternative is by running the command in existing instance instead. For example to run `artisan tinker`:

diff --git a/app/Enums/ScoreRank.php b/app/Enums/ScoreRank.php
@@ -0,0 +1,19 @@
+<?php
+
+// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
+// See the LICENCE file in the repository root for full licence text.
+
+namespace App\Enums;
+
+enum ScoreRank: string
+{
+    case A = 'A';
+    case B = 'B';
+    case C = 'C';
+    case D = 'D';
+    case F = 'F';
+    case S = 'S';
+    case SH = 'SH';
+    case X = 'X';
+    case XH = 'XH';
+}
diff --git a/app/Http/Controllers/BeatmapsController.php b/app/Http/Controllers/BeatmapsController.php
@@ -399,7 +399,7 @@ public function soloScores($id)
             'type' => $type,
             'user' => $currentUser,
         ]);
-        $scores = $esFetch->all()->loadMissing(['beatmap', 'performance', 'user.country', 'user.userProfileCustomization']);
+        $scores = $esFetch->all()->loadMissing(['beatmap', 'user.country', 'user.userProfileCustomization']);
         $userScore = $esFetch->userBest();
         $scoreTransformer = new ScoreTransformer(ScoreTransformer::TYPE_SOLO);
 

diff --git a/app/Http/Controllers/Multiplayer/Rooms/Playlist/ScoresController.php b/app/Http/Controllers/Multiplayer/Rooms/Playlist/ScoresController.php
@@ -202,15 +202,13 @@ public function update($roomId, $playlistItemId, $tokenId)
         });
 
         $score = $scoreLink->score;
-        $transformer = ScoreTransformer::newSolo();
         if ($score->wasRecentlyCreated) {
-            $scoreJson = json_item($score, $transformer);
-            $score::queueForProcessing($scoreJson);
+            $score->queueForProcessing();
         }
 
         return json_item(
             $scoreLink,
-            $transformer,
+            ScoreTransformer::newSolo(),
             [
                 ...ScoreTransformer::MULTIPLAYER_BASE_INCLUDES,
                 'position',

diff --git a/app/Http/Controllers/PasswordResetController.php b/app/Http/Controllers/PasswordResetController.php
@@ -11,6 +11,7 @@
 use App\Libraries\User\PasswordResetData;
 use App\Models\User;
 use App\Models\UserAccountHistory;
+use Carbon\CarbonImmutable;
 
 class PasswordResetController extends Controller
 {
@@ -124,6 +125,7 @@ public function update()
         }
 
         $user->validatePasswordConfirmation();
+        $params['user']['user_lastvisit'] = CarbonImmutable::now();
         if ($user->update($params['user'])) {
             $user->resetSessions();
             $this->login($user);

diff --git a/app/Http/Controllers/SessionsController.php b/app/Http/Controllers/SessionsController.php
@@ -79,6 +79,11 @@ public function store()
             if ($forceReactivation->isRequired()) {
                 $forceReactivation->run();
 
+                \Session::flash('password_reset_start', [
+                    'reason' => $forceReactivation->getReason(),
+                    'username' => $username,
+                ]);
+
                 return ujs_redirect(route('password-reset'));
             }
 

diff --git a/app/Http/Controllers/Solo/ScoresController.php b/app/Http/Controllers/Solo/ScoresController.php
@@ -41,11 +41,10 @@ public function store($beatmapId, $tokenId)
             return $score;
         });
 
-        $scoreJson = json_item($score, new ScoreTransformer(ScoreTransformer::TYPE_SOLO));
         if ($score->wasRecentlyCreated) {
-            $score::queueForProcessing($scoreJson);
+            $score->queueForProcessing();
         }
 
-        return $scoreJson;
+        return json_item($score, new ScoreTransformer(ScoreTransformer::TYPE_SOLO));
     }
 }
diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
@@ -540,6 +540,7 @@ public function scores($_userId, $type)
      *
      * See [Get User](#get-user).
      *
+     * `session_verified` attribute is included.
      * Additionally, `statistics_rulesets` is included, containing statistics for all rulesets.
      *
      * @urlParam mode string [Ruleset](#ruleset). User default mode will be used if not specified. Example: osu
@@ -548,7 +549,7 @@ public function scores($_userId, $type)
      */
     public function me($mode = null)
     {
-        $user = auth()->user();
+        $user = \Auth::user();
         $currentMode = $mode ?? $user->playmode;
 
         if (!Beatmap::isModeValid($currentMode)) {
@@ -561,6 +562,7 @@ public function me($mode = null)
             $user,
             (new UserTransformer())->setMode($currentMode),
             [
+                'session_verified',
                 ...$this->showUserIncludes(),
                 ...array_map(
                     fn (string $ruleset) => "statistics_rulesets.{$ruleset}",

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -24,6 +24,7 @@ class Kernel extends HttpKernel
             Middleware\SetLocaleApi::class,
             Middleware\CheckUserBanStatus::class,
             Middleware\UpdateUserLastvisit::class,
+            Middleware\VerifyUserAlways::class,
         ],
         'web' => [
             Middleware\StripCookies::class,

diff --git a/app/Http/Middleware/AuthApi.php b/app/Http/Middleware/AuthApi.php
@@ -5,6 +5,7 @@
 
 namespace App\Http\Middleware;
 
+use App\Libraries\SessionVerification;
 use Closure;
 use Illuminate\Auth\AuthenticationException;
 use Laravel\Passport\ClientRepository;
@@ -95,10 +96,14 @@ private function validTokenFromRequest($psr)
         }
 
         if ($user !== null) {
-            auth()->setUser($user);
+            \Auth::setUser($user);
             $user->withAccessToken($token);
-            // this should match osu-notification-server OAuthVerifier
-            $user->markSessionVerified();
+
+            if ($token->isVerified()) {
+                $user->markSessionVerified();
+            } else {
+                SessionVerification\Helper::issue($token, $user, true);
+            }
         }
 
         return $token;

diff --git a/app/Http/Middleware/UpdateUserLastvisit.php b/app/Http/Middleware/UpdateUserLastvisit.php
@@ -5,6 +5,7 @@
 
 namespace App\Http\Middleware;
 
+use App\Libraries\SessionVerification;
 use App\Models\Country;
 use Carbon\Carbon;
 use Closure;
@@ -30,7 +31,7 @@ public function handle($request, Closure $next)
             if ($shouldUpdate) {
                 $isInactive = $user->isInactive();
                 if ($isInactive) {
-                    $isVerified = $user->isSessionVerified();
+                    $isVerified = SessionVerification\Helper::currentSession()->isVerified();
                 }
 
                 if (!$isInactive || $isVerified) {

diff --git a/app/Http/Middleware/VerifyUser.php b/app/Http/Middleware/VerifyUser.php
@@ -20,6 +20,7 @@ class VerifyUser
         'notifications_controller@endpoint' => true,
         'sessions_controller@destroy' => true,
         'sessions_controller@store' => true,
+        'users_controller@me' => true,
         'wiki_controller@image' => true,
         'wiki_controller@show' => true,
         'wiki_controller@sitemap' => true,

diff --git a/app/Jobs/RemoveBeatmapsetSoloScores.php b/app/Jobs/RemoveBeatmapsetSoloScores.php
@@ -11,7 +11,6 @@
 use App\Models\Beatmap;
 use App\Models\Beatmapset;
 use App\Models\Solo\Score;
-use App\Models\Solo\ScorePerformance;
 use DB;
 use Illuminate\Bus\Queueable;
 use Illuminate\Contracts\Queue\ShouldQueue;
@@ -68,7 +67,6 @@ private function deleteScores(Collection $scores): void
         $scoresQuery->update(['preserve' => false]);
         $this->scoreSearch->queueForIndex($this->schemas, $ids);
         DB::transaction(function () use ($ids, $scoresQuery): void {
-            ScorePerformance::whereKey($ids)->delete();
             $scoresQuery->delete();
         });
     }

diff --git a/app/Libraries/OAuth/EncodeToken.php b/app/Libraries/OAuth/EncodeToken.php
@@ -0,0 +1,45 @@
+<?php
+
+// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
+// See the LICENCE file in the repository root for full licence text.
+
+declare(strict_types=1);
+
+namespace App\Libraries\OAuth;
+
+use App\Models\OAuth\Token;
+use Defuse\Crypto\Crypto;
+use Firebase\JWT\JWT;
+use Laravel\Passport\Passport;
+use Laravel\Passport\RefreshToken;
+
+class EncodeToken
+{
+    public static function encodeAccessToken(Token $token): string
+    {
+        $privateKey = $GLOBALS['cfg']['passport']['private_key']
+            ?? file_get_contents(Passport::keyPath('oauth-private.key'));
+
+        return JWT::encode([
+            'aud' => $token->client_id,
+            'exp' => $token->expires_at->timestamp,
+            'iat' => $token->created_at->timestamp, // issued at
+            'jti' => $token->getKey(),
+            'nbf' => $token->created_at->timestamp, // valid after
+            'sub' => $token->user_id,
+            'scopes' => $token->scopes,
+        ], $privateKey, 'RS256');
+    }
+
+    public static function encodeRefreshToken(RefreshToken $refreshToken, Token $accessToken): string
+    {
+        return Crypto::encryptWithPassword(json_encode([
+            'client_id' => (string) $accessToken->client_id,
+            'refresh_token_id' => $refreshToken->getKey(),
+            'access_token_id' => $accessToken->getKey(),
+            'scopes' => $accessToken->scopes,
+            'user_id' => $accessToken->user_id,
+            'expire_time' => $refreshToken->expires_at->timestamp,
+        ]), \Crypt::getKey());
+    }
+}
diff --git a/app/Libraries/OAuth/RefreshTokenGrant.php b/app/Libraries/OAuth/RefreshTokenGrant.php
@@ -0,0 +1,40 @@
+<?php
+
+// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
+// See the LICENCE file in the repository root for full licence text.
+
+declare(strict_types=1);
+
+namespace App\Libraries\OAuth;
+
+use App\Models\OAuth\Token;
+use League\OAuth2\Server\Grant\RefreshTokenGrant as BaseRefreshTokenGrant;
+use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class RefreshTokenGrant extends BaseRefreshTokenGrant
+{
+    private ?array $oldRefreshToken = null;
+
+    public function respondToAccessTokenRequest(
+        ServerRequestInterface $request,
+        ResponseTypeInterface $responseType,
+        \DateInterval $accessTokenTTL
+    ) {
+        $refreshTokenData = parent::respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
+
+        // Copy previous verification state
+        $accessToken = (new \ReflectionProperty($refreshTokenData, 'accessToken'))->getValue($refreshTokenData);
+        Token::where('id', $accessToken->getIdentifier())->update([
+            'verified' => Token::select('verified')->find($this->oldRefreshToken['access_token_id'])->verified,
+        ]);
+        $this->oldRefreshToken = null;
+
+        return $refreshTokenData;
+    }
+
+    protected function validateOldRefreshToken(ServerRequestInterface $request, $clientId)
+    {
+        return $this->oldRefreshToken = parent::validateOldRefreshToken($request, $clientId);
+    }
+}
diff --git a/app/Libraries/ScoreRank.php b/app/Libraries/ScoreRank.php
diff --git a/app/Libraries/Search/ScoreSearch.php b/app/Libraries/Search/ScoreSearch.php
@@ -68,8 +68,8 @@ public function getQuery(): BoolQuery
         $beforeTotalScore = $this->params->beforeTotalScore;
         if ($beforeTotalScore === null && $this->params->beforeScore !== null) {
             $beforeTotalScore = $this->params->beforeScore->isLegacy()
-                ? $this->params->beforeScore->data->legacyTotalScore
-                : $this->params->beforeScore->data->totalScore;
+                ? $this->params->beforeScore->legacy_total_score
+                : $this->params->beforeScore->total_score;
         }
         if ($beforeTotalScore !== null) {
             $scoreQuery = (new BoolQuery())->shouldMatch(1);

diff --git a/app/Libraries/Search/ScoreSearchParams.php b/app/Libraries/Search/ScoreSearchParams.php
@@ -54,9 +54,14 @@ public static function fromArray(array $rawParams): static
         return $params;
     }
 
-    public static function showLegacyForUser(?User $user): bool
+    /**
+     * This returns value for isLegacy based on user preference
+     */
+    public static function showLegacyForUser(?User $user): null | true
     {
-        return $user?->userProfileCustomization?->legacy_score_only ?? UserProfileCustomization::DEFAULT_LEGACY_ONLY_ATTRIBUTE;
+        return $user?->userProfileCustomization?->legacy_score_only ?? UserProfileCustomization::DEFAULT_LEGACY_ONLY_ATTRIBUTE
+            ? true
+            : null;
     }
 
     public function getCountryCode(): string