fix(webui): ensure that all requests using authz revalidate it (#1911)

Closes #1907 Reviewed-on: OpenWF/SpaceNinjaServer#1911 Co-authored-by: Sainan <63328889+Sainan@users.noreply.github.com> Co-committed-by: Sainan <63328889+Sainan@users.noreply.github.com>
2025-04-29 12:27:38 -07:00 · 2025-04-29 12:27:38 -07:00 · de1e2a25f2
commit de1e2a25f2
parent 1cf7b41d3f
1 changed files with 147 additions and 134 deletions
--- a/static/webui/script.js
+++ b/static/webui/script.js
@ -375,6 +375,7 @@ function fetchItemList() {
 }
 fetchItemList();

+// Assumes that caller revalidates authz
 function updateInventory() {
    const req = $.get("/api/inventory.php?" + window.authz + "&xpBasedLevelCapDisabled=1");
    req.done(data => {
@ -487,6 +488,7 @@ function updateInventory() {
                            a.href = "#";
                            a.onclick = function (event) {
                                event.preventDefault();
+                                revalidateAuthz(() => {
                                    if (item.XP < maxXP) {
                                        addGearExp(category, item.ItemId.$oid, maxXP - item.XP);
                                    }
@ -506,6 +508,7 @@ function updateInventory() {
                                            }
                                        }
                                    }
+                                });
                            };
                            a.title = loc("code_maxRank");
                            a.innerHTML = `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><!--!Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M214.6 41.4c-12.5-12.5-32.8-12.5-45.3 0l-160 160c-12.5 12.5-12.5 32.8 0 45.3s32.8 12.5 45.3 0L160 141.2V448c0 17.7 14.3 32 32 32s32-14.3 32-32V141.2L329.4 246.6c12.5 12.5 32.8 12.5 45.3 0s12.5-32.8 0-45.3l-160-160z"/></svg>`;
@ -1229,8 +1232,8 @@ function addMissingEvolutionProgress() {
 }

 function maxRankAllEvolutions() {
+    revalidateAuthz(() => {
        const req = $.get("/api/inventory.php?" + window.authz + "&xpBasedLevelCapDisabled=1");
-
        req.done(data => {
            const requests = [];

@ -1249,11 +1252,12 @@ function maxRankAllEvolutions() {

            toast(loc("code_noEquipmentToRankUp"));
        });
+    });
 }

 function maxRankAllEquipment(categories) {
+    revalidateAuthz(() => {
        const req = $.get("/api/inventory.php?" + window.authz + "&xpBasedLevelCapDisabled=1");
-
        req.done(data => {
            window.itemListPromise.then(itemMap => {
                const batchData = {};
@ -1282,7 +1286,8 @@ function maxRankAllEquipment(categories) {
                                for (const exaltedType of itemMap[item.ItemType].exalted) {
                                    const exaltedItem = data["SpecialItems"].find(x => x.ItemType == exaltedType);
                                    if (exaltedItem) {
-                                    const exaltedCap = itemMap[exaltedType]?.type == "weapons" ? 800_000 : 1_600_000;
+                                        const exaltedCap =
+                                            itemMap[exaltedType]?.type == "weapons" ? 800_000 : 1_600_000;
                                        if (exaltedItem.XP < exaltedCap) {
                                            batchData["SpecialItems"] ??= [];
                                            batchData["SpecialItems"].push({
@ -1304,8 +1309,10 @@ function maxRankAllEquipment(categories) {
                toast(loc("code_noEquipmentToRankUp"));
            });
        });
+    });
 }

+// Assumes that caller revalidates authz
 function addGearExp(category, oid, xp) {
    const data = {};
    data[category] = [
@ -1314,7 +1321,6 @@ function addGearExp(category, oid, xp) {
            XP: xp
        }
    ];
-    revalidateAuthz(() => {
    $.post({
        url: "/custom/addXp?" + window.authz,
        contentType: "application/json",
@ -1324,7 +1330,6 @@ function addGearExp(category, oid, xp) {
            updateInventory();
        }
    });
-    });
 }

 function sendBatchGearExp(data) {
@ -1598,6 +1603,7 @@ function doAcquireMod() {
 const uiConfigs = [...$("#server-settings input[id]")].map(x => x.id);

 function doChangeSettings() {
+    revalidateAuthz(() => {
        fetch("/custom/config?" + window.authz)
            .then(response => response.json())
            .then(json => {
@ -1624,6 +1630,7 @@ function doChangeSettings() {
                    updateInventory();
                });
            });
+    });
 }

 // Cheats route
@ -1876,6 +1883,7 @@ function doChangeSupportedSyndicate() {
 }

 function doAddCurrency(currency) {
+    revalidateAuthz(() => {
        $.post({
            url: "/custom/addCurrency?" + window.authz,
            contentType: "application/json",
@ -1886,24 +1894,29 @@ function doAddCurrency(currency) {
        }).then(function () {
            updateInventory();
        });
+    });
 }

 function doQuestUpdate(operation, itemType) {
+    revalidateAuthz(() => {
        $.post({
            url: "/custom/manageQuests?" + window.authz + "&operation=" + operation + "&itemType=" + itemType,
            contentType: "application/json"
        }).then(function () {
            updateInventory();
        });
+    });
 }

 function doBulkQuestUpdate(operation) {
+    revalidateAuthz(() => {
        $.post({
            url: "/custom/manageQuests?" + window.authz + "&operation=" + operation,
            contentType: "application/json"
        }).then(function () {
            updateInventory();
        });
+    });
 }

 function toast(text) {