OpenWF/SpaceNinjaServer
28
29
Fork 36
Code Issues 29 Pull Requests 5 Actions Packages Projects Releases Activity

feat: profileStats endpoint for U8 #3003

Merged
Sainan merged 4 commits from AMelonInsideLemon/SpaceNinjaServer:view-stats-u8 into main 2025-11-06 00:17:52 -08:00
Conversation 6 Commits 4 Files Changed 3 +8 -7
AMelonInsideLemon commented 2025-11-05 08:18:36 -08:00
Member
Copy Link
No description provided.
AMelonInsideLemon added 1 commit 2025-11-05 08:18:38 -08:00
feat: profileStats endpoint for U8
All checks were successful
Build / build (pull_request) Successful in 1m58s
Details
d479ddd7a0
Sainan commented 2025-11-05 08:26:56 -08:00
Owner
Copy Link

Doesn't this introduce an authentication bypass?

Doesn't this introduce an authentication bypass?
AMelonInsideLemon added 2 commits 2025-11-05 09:17:00 -08:00
check for auth 3d8f931c25
getFriendsController support for U19.5 and below
All checks were successful
Build / build (pull_request) Successful in 1m11s
Details
0b81b6c68e
Sainan commented 2025-11-05 10:15:03 -08:00
Owner
Copy Link

I mean, stats/view.php is generally private information. You're not supposed to be able to view it for another player, right?

I mean, `stats/view.php` is generally **private information**. You're not supposed to be able to view it for another player, right?
AMelonInsideLemon commented 2025-11-05 10:28:47 -08:00
Author
Member
Copy Link

At least on U8 game uses /stats/profileStats.php to view friends profile, now game uses /dynamic/getProfileViewingData.php and it returns even more data, so I don't see a problem in that.

At least on U8 game uses `/stats/profileStats.php` to view friends profile, now game uses `/dynamic/getProfileViewingData.php` and it returns even more data, so I don't see a problem in that.
Sainan commented 2025-11-05 10:30:48 -08:00
Owner
Copy Link

Oh, I see, our getProfileViewingData implementation does not filter the exposed stats at all. I will track this in a separate issue.

Oh, I see, our `getProfileViewingData` implementation does not filter the exposed stats at all. I will track this in a separate issue.
Sainan reviewed 2025-11-05 10:31:12 -08:00
src/controllers/stats/viewController.ts Outdated
@@ -6,3 +6,3 @@
const viewController: RequestHandler = async (req, res) => {
const accountId = await getAccountIdForRequest(req);
await getAccountForRequest(req);
Sainan commented 2025-11-05 10:31:12 -08:00
Owner
Copy Link

You can remove this for the time being.

You can remove this for the time being.
Sainan marked this conversation as resolved
AMelonInsideLemon added 1 commit 2025-11-05 11:10:37 -08:00
Update viewController.ts
All checks were successful
Build / build (pull_request) Successful in 1m59s
Details
9e8292ad6a
Sainan approved these changes 2025-11-05 12:58:26 -08:00
Sainan merged commit e58655e3f4 into main 2025-11-06 00:17:52 -08:00
Sainan deleted branch view-stats-u8 2025-11-06 00:17:53 -08:00
Sign in to join this conversation.
Reviewers
No Reviewers
Sainan
Labels
Clear labels
bug
An existing implemention is incorrect
 dependencies
Pull requests that update a dependency file
 documentation
Improvements or additions to documentation
 enhancement
New feature or request specific to the emulator
 help wanted
Extra attention is needed
 improvement
missing data
part of more major rehaul
Can't be worked on right now without merge conflicts later
 pr'd for
Soon™
 question
Further information is requested
 unimplemented
you can do this
Considered easy enough for someone's first PR.
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
AMelonInsideLemon Ember OrdisPrime Sainan
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: OpenWF/SpaceNinjaServer#3003
Delete Branch "AMelonInsideLemon/SpaceNinjaServer:view-stats-u8"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?