diff --git a/src/Controllers/Common/AchievementController.cs b/src/Controllers/Common/AchievementController.cs index d846a20..a75e928 100644 --- a/src/Controllers/Common/AchievementController.cs +++ b/src/Controllers/Common/AchievementController.cs @@ -20,10 +20,10 @@ public class AchievementController : Controller { [HttpPost] [Produces("application/xml")] [Route("AchievementWebService.asmx/GetPetAchievementsByUserID")] - [VikingSession(UseLock=false)] - public IActionResult GetPetAchievementsByUserID(Viking viking, [FromForm] string userId) { + public IActionResult GetPetAchievementsByUserID([FromForm] string userId) { + // NOTE: this is public info (for mmo) - no session check List dragonsAchievement = new List(); - foreach (Dragon dragon in viking.Dragons) { + foreach (Dragon dragon in ctx.Dragons.Where(d => d.VikingId == userId)) { dragonsAchievement.Add( achievementService.CreateUserAchievementInfo(dragon.EntityId, dragon.PetXP, AchievementPointTypes.DragonXP) ); @@ -94,8 +94,7 @@ public class AchievementController : Controller { [Produces("application/xml")] [Route("AchievementWebService.asmx/GetAchievementsByUserID")] public IActionResult GetAchievementsByUserID([FromForm] string userId) { - // TODO: check session - + // NOTE: this is public info (for mmo) - no session check Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == userId); if (viking != null) { return Ok(new ArrayOfUserAchievementInfo { diff --git a/src/Controllers/Common/ContentController.cs b/src/Controllers/Common/ContentController.cs index fd3b051..068794f 100644 --- a/src/Controllers/Common/ContentController.cs +++ b/src/Controllers/Common/ContentController.cs @@ -374,10 +374,10 @@ public class ContentController : Controller { [HttpPost] [Produces("application/xml")] [Route("V2/ContentWebService.asmx/GetAllActivePetsByuserId")] - [VikingSession(UseLock=false)] - public RaisedPetData[]? GetAllActivePetsByuserId(Viking viking, [FromForm] string userId, [FromForm] bool active) { - RaisedPetData[] dragons = viking.Dragons // TODO (multiplayer) we should use userId ? - .Where(d => d.RaisedPetData is not null) + public RaisedPetData[]? GetAllActivePetsByuserId([FromForm] string userId, [FromForm] bool active) { + // NOTE: this is public info (for mmo) - no session check + RaisedPetData[] dragons = ctx.Dragons + .Where(d => d.VikingId == userId && d.RaisedPetData != null) .Select(GetRaisedPetDataFromDragon) .ToArray(); @@ -476,13 +476,12 @@ public class ContentController : Controller { [Produces("application/xml")] [Route("ContentWebService.asmx/GetImageByUserId")] public ImageData? GetImageByUserId([FromForm] string userId, [FromForm] string ImageType, [FromForm] int ImageSlot) { + // NOTE: this is public info (for mmo) - no session check Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == userId); if (viking is null || viking.Images is null) { return null; } - // TODO: should we restrict images to only those the caller owns? - return GetImageData(viking, ImageType, ImageSlot); } @@ -649,13 +648,16 @@ public class ContentController : Controller { [HttpPost] [Produces("application/xml")] [Route("ContentWebService.asmx/GetUserRoomItemPositions")] - [VikingSession(UseLock=false)] - public IActionResult GetUserRoomItemPositions(Viking viking, [FromForm] string roomID) { + public IActionResult GetUserRoomItemPositions([FromForm] string userId, [FromForm] string roomID) { + // NOTE: this is public info (for mmo) - no session check + Viking? viking = ctx.Vikings.FirstOrDefault(e => e.Id == userId); + if (roomID is null) roomID = ""; - Room? room = viking.Rooms.FirstOrDefault(x => x.RoomId == roomID); // TODO: this can break visiting farm of another viking's + Room? room = viking?.Rooms.FirstOrDefault(x => x.RoomId == roomID); if (room is null) return Ok(new UserItemPositionList { UserItemPosition = new UserItemPosition[0] }); + return Ok(roomService.GetUserItemPositionList(room)); }