From 2e212cc788e5102f9b060bb0f748bbcfefa87a39 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Tue, 4 Oct 2022 15:55:52 -0400
Subject: [PATCH] Add port constraint for all server creation & api

---
 app/classes/shared/main_controller.py         |  1 +
 app/classes/web/panel_handler.py              |  6 ++++++
 app/classes/web/routes/api/servers/index.py   | 19 +++++++++++++++++--
 app/classes/web/server_handler.py             | 12 ++++++++++++
 .../templates/server/bedrock_wizard.html      |  6 +++---
 app/frontend/templates/server/wizard.html     |  8 ++++----
 6 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/app/classes/shared/main_controller.py b/app/classes/shared/main_controller.py
index 68645b86..f61941ca 100644
--- a/app/classes/shared/main_controller.py
+++ b/app/classes/shared/main_controller.py
@@ -420,6 +420,7 @@ class Controller:
             and root_create_data["create_type"] == "download_jar"
         ):
             self.server_jars.download_jar(
+                create_data["category"],
                 create_data["type"],
                 create_data["version"],
                 full_jar_path,
diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index d8c8b5c4..9111d358 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -1501,6 +1501,12 @@ class PanelHandler(BaseHandler):
                 execution_command = self.get_argument("execution_command", None)
                 server_ip = self.get_argument("server_ip", None)
                 server_port = self.get_argument("server_port", None)
+                if int(server_port) < 1 or int(server_port) > 65535:
+                    self.redirect(
+                        "/panel/error?error=Constraint Error: "
+                        "Port must be greater than 0 and less than 65535"
+                    )
+                    return
                 executable_update_url = self.get_argument("executable_update_url", "")
                 show_status = int(float(self.get_argument("show_status", "0")))
             else:
diff --git a/app/classes/web/routes/api/servers/index.py b/app/classes/web/routes/api/servers/index.py
index b94b4c01..a68e845b 100644
--- a/app/classes/web/routes/api/servers/index.py
+++ b/app/classes/web/routes/api/servers/index.py
@@ -648,7 +648,7 @@ class ApiServersIndexHandler(BaseApiHandler):
 
         try:
             data = orjson.loads(self.request.body)
-        except orjson.decoder.JSONDecodeError as e:
+        except orjson.JSONDecodeError as e:
             return self.finish_json(
                 400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
             )
@@ -664,7 +664,22 @@ class ApiServersIndexHandler(BaseApiHandler):
                     "error_data": str(e),
                 },
             )
-
+        # Check to make sure port is allowable
+        if data["monitoring_type"] == "minecraft_java":
+            try:
+                port = data["minecraft_java_monitoring_data"]["port"]
+            except:
+                port = 25565
+        else:
+            try:
+                port = data["minecraft_bedrock_monitoring_data"]["port"]
+            except:
+                port = 19132
+        if port > 65535 or port < 1:
+            self.finish_json(
+                405, {"status": "error", "error": "DATA CONSTRAINT FAILED"}
+            )
+            return
         new_server_id, new_server_uuid = self.controller.create_api_server(
             data, user["user_id"]
         )
diff --git a/app/classes/web/server_handler.py b/app/classes/web/server_handler.py
index b2419905..d60ce2a2 100644
--- a/app/classes/web/server_handler.py
+++ b/app/classes/web/server_handler.py
@@ -311,6 +311,12 @@ class ServerHandler(BaseHandler):
             min_mem = bleach.clean(self.get_argument("min_memory", ""))
             max_mem = bleach.clean(self.get_argument("max_memory", ""))
             port = bleach.clean(self.get_argument("port", ""))
+            if int(port) < 1 or int(port) > 65535:
+                self.redirect(
+                    "/panel/error?error=Constraint Error: "
+                    "Port must be greater than 0 and less than 65535"
+                )
+                return
             import_type = bleach.clean(self.get_argument("create_type", ""))
             import_server_path = bleach.clean(self.get_argument("server_path", ""))
             import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
@@ -451,6 +457,12 @@ class ServerHandler(BaseHandler):
             server = bleach.clean(self.get_argument("server", ""))
             server_name = bleach.clean(self.get_argument("server_name", ""))
             port = bleach.clean(self.get_argument("port", ""))
+            if int(port) < 1 or int(port) > 65535:
+                self.redirect(
+                    "/panel/error?error=Constraint Error: "
+                    "Port must be greater than 0 and less than 65535"
+                )
+                return
             import_type = bleach.clean(self.get_argument("create_type", ""))
             import_server_path = bleach.clean(self.get_argument("server_path", ""))
             import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
diff --git a/app/frontend/templates/server/bedrock_wizard.html b/app/frontend/templates/server/bedrock_wizard.html
index 2ec6f4e8..8b9839e1 100644
--- a/app/frontend/templates/server/bedrock_wizard.html
+++ b/app/frontend/templates/server/bedrock_wizard.html
@@ -131,7 +131,7 @@
                   <label for="port2">{{ translate('serverWizard', 'serverPort', data['lang']) }}
                     <small></small></label>
                   <input type="number" class="form-control" id="port2" name="port" value="19132" step="1" min="1"
-                    required>
+                    max="65535" required>
                 </div>
               </div>
               <div class="col-sm-12">
@@ -241,7 +241,7 @@
                     <label for="port3">{{ translate('serverWizard', 'serverPort', data['lang']) }}
                       <small></small></label>
                     <input type="number" class="form-control" id="port3" name="port" value="19132" step="1" min="1"
-                      required>
+                      max="65535" required>
                   </div>
                 </div>
 
@@ -387,7 +387,7 @@
                         <label for="port3">{{ translate('serverWizard', 'serverPort', data['lang']) }} <small> - {{
                             translate('serverWizard', 'defaultPort', data['lang']) }}</small></label>
                         <input type="number" class="form-control" id="port4" name="port" value="19132" step="1" min="1"
-                          required>
+                          max="65535" required>
                       </div>
                     </div>
 
diff --git a/app/frontend/templates/server/wizard.html b/app/frontend/templates/server/wizard.html
index 319dff65..8346ca92 100644
--- a/app/frontend/templates/server/wizard.html
+++ b/app/frontend/templates/server/wizard.html
@@ -109,7 +109,7 @@
                   <label for="port1">{{ translate('serverWizard', 'serverPort', data['lang']) }} <small> - {{
                       translate('serverWizard', 'defaultPort', data['lang']) }}</small></label>
                   <input type="number" class="form-control" id="port1" name="port" value="25565" step="1" min="1"
-                    required>
+                    max="65535 " required>
                 </div>
               </div>
               <div class="col-sm-12">
@@ -224,7 +224,7 @@
                   <label for="port2">{{ translate('serverWizard', 'serverPort', data['lang']) }} <small> - {{
                       translate('serverWizard', 'defaultPort', data['lang']) }}</small></label>
                   <input type="number" class="form-control" id="port2" name="port" value="25565" step="1" min="1"
-                    required>
+                    max="65535" required>
                 </div>
               </div>
               <div class="col-sm-12">
@@ -351,7 +351,7 @@
                     <label for="port3">{{ translate('serverWizard', 'serverPort', data['lang']) }} <small> - {{
                         translate('serverWizard', 'defaultPort', data['lang']) }}</small></label>
                     <input type="number" class="form-control" id="port3" name="port" value="25565" step="1" min="1"
-                      required>
+                      max="65535" required>
                   </div>
                 </div>
 
@@ -515,7 +515,7 @@
                         <label for="port3">{{ translate('serverWizard', 'serverPort', data['lang']) }} <small> - {{
                             translate('serverWizard', 'defaultPort', data['lang']) }}</small></label>
                         <input type="number" class="form-control" id="port3" name="port" value="25565" step="1" min="1"
-                          required>
+                          max="65535" required>
                       </div>
                     </div>