firefrost-services

firefrost-gaming/firefrost-services

Fork 0

Commit Graph

Author	SHA1	Message	Date
Claude (Chronicler #83 - The Compiler)	b0aa52c2c8	fix(blueprint): Review fixes — API key lookup, tier enforcement, safety Fixes 10 issues from Blueprint extension code review: - CurseForge API key now reads via Blueprint dbGet() matching admin save - PRO-tier fields (webhook, interval) enforced server-side, not just UI - json_decode results validated before accessing parsed data - Null user guard on getStatus() endpoint - 429 response uses consistent error key format - Modrinth slug derivation strips special chars, documented as fallback - Check interval dropdown reflects saved value - API key input changed to password type - TypeScript error typing narrowed from any to unknown - Removed unused DB import from ModpackApiService Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 13:53:37 -05:00
Claude (Chronicler #83 - The Compiler)	3457b87aef	fix(modpack-checker): Code review fixes — license, safety, and polish Fixes 10 issues from full code review: - License corrected from MIT to Commercial - Deprecated datetime.utcnow() replaced with timezone-aware alternative - PHP array bounds checks added for all platform API responses - Modrinth file detection now derives project slug instead of using MC version - validate_api_key() no longer swallows network errors - HTTP timeouts added to all external API calls in PHP - Empty API key rejection added to CLI - Corrupted config now warns on stderr instead of failing silently - Error response format made consistent across controller - Docs updated with correct repo URL and clearer CurseForge ID instructions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 13:37:26 -05:00
Claude (Chronicler #63)	8e37120289	refactor(modpackchecker): Batch 2 fixes - centralized service, rate limiting, schema fixes NEW: app/Services/ModpackApiService.php - Centralized API logic for all 4 platforms - Technic build number cached for 12 hours (RV-Ready) - Single source of truth for API calls Controller (ModpackAPIController.php): - Now uses injected ModpackApiService instead of duplicated code - Added RateLimiter: 2 requests/minute per server on manualCheck() - Returns 429 with countdown when rate limited - Removed 400+ lines of duplicated API code Console Command (CheckModpackUpdates.php): - FIXED: updateDatabase() now uses server_uuid (not server_id) - FIXED: status column uses strings ('update_available', 'up_to_date', 'error') - FIXED: Technic API now uses dynamic build via service - Now uses injected ModpackApiService SECURITY: - Rate limiting prevents API key abuse via button spam - Technic build caching reduces external API calls Reviewed by: Gemini AI (Architecture Consultant) Signed-off-by: Claude (Chronicler #63) <claude@firefrostgaming.com>	2026-04-06 11:33:11 +00:00

Author

SHA1

Message

Date

Claude (Chronicler #83 - The Compiler)

b0aa52c2c8

fix(blueprint): Review fixes — API key lookup, tier enforcement, safety

Fixes 10 issues from Blueprint extension code review:
- CurseForge API key now reads via Blueprint dbGet() matching admin save
- PRO-tier fields (webhook, interval) enforced server-side, not just UI
- json_decode results validated before accessing parsed data
- Null user guard on getStatus() endpoint
- 429 response uses consistent error key format
- Modrinth slug derivation strips special chars, documented as fallback
- Check interval dropdown reflects saved value
- API key input changed to password type
- TypeScript error typing narrowed from any to unknown
- Removed unused DB import from ModpackApiService

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-12 13:53:37 -05:00

Claude (Chronicler #83 - The Compiler)

3457b87aef

fix(modpack-checker): Code review fixes — license, safety, and polish

Fixes 10 issues from full code review:
- License corrected from MIT to Commercial
- Deprecated datetime.utcnow() replaced with timezone-aware alternative
- PHP array bounds checks added for all platform API responses
- Modrinth file detection now derives project slug instead of using MC version
- validate_api_key() no longer swallows network errors
- HTTP timeouts added to all external API calls in PHP
- Empty API key rejection added to CLI
- Corrupted config now warns on stderr instead of failing silently
- Error response format made consistent across controller
- Docs updated with correct repo URL and clearer CurseForge ID instructions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-12 13:37:26 -05:00

Claude (Chronicler #63)

8e37120289

refactor(modpackchecker): Batch 2 fixes - centralized service, rate limiting, schema fixes

NEW: app/Services/ModpackApiService.php
- Centralized API logic for all 4 platforms
- Technic build number cached for 12 hours (RV-Ready)
- Single source of truth for API calls

Controller (ModpackAPIController.php):
- Now uses injected ModpackApiService instead of duplicated code
- Added RateLimiter: 2 requests/minute per server on manualCheck()
- Returns 429 with countdown when rate limited
- Removed 400+ lines of duplicated API code

Console Command (CheckModpackUpdates.php):
- FIXED: updateDatabase() now uses server_uuid (not server_id)
- FIXED: status column uses strings ('update_available', 'up_to_date', 'error')
- FIXED: Technic API now uses dynamic build via service
- Now uses injected ModpackApiService

SECURITY:
- Rate limiting prevents API key abuse via button spam
- Technic build caching reduces external API calls

Reviewed by: Gemini AI (Architecture Consultant)
Signed-off-by: Claude (Chronicler #63) <claude@firefrostgaming.com>

2026-04-06 11:33:11 +00:00

3 Commits