Skip to content

EPA Refine#353

Open
Lokilife wants to merge 14 commits into
SerbiaStrong-220:masterfrom
Lokilife:epa-refine
Open

EPA Refine#353
Lokilife wants to merge 14 commits into
SerbiaStrong-220:masterfrom
Lokilife:epa-refine

Conversation

@Lokilife

@Lokilife Lokilife commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

Описание PR

If you know you know

Требования

Критические изменения

Список изменений

No CL, no fun

@Lokilife Lokilife requested a review from Surani1 as a code owner June 17, 2026 14:47
@Lokilife Lokilife requested review from Alwayswannahunt and removed request for Surani1 June 17, 2026 14:53
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 17, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request replaces the legacy Discord link verification system with a new External Personal Account (EPA) authentication system, introducing client and server-side managers, new network messages, and an updated authentication UI. The code review identified several critical and high-severity issues, including a logical error in session validation that blocks successful logins, thread-safety concerns with non-concurrent dictionary access across threads, and potential IP comparison failures due to IPv4-mapped IPv6 addresses. Additionally, improvements were suggested for buffer reading efficiency, safer session retrieval in the join queue, removing unused imports, and resolving style guide violations regarding timer types and dependency injection.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs
Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs Outdated
Comment thread Content.Server/SS220/EPA/EPAManager.JWT.cs
Comment thread Content.Client/SS220/EPA/EPAManager.cs Outdated
Comment thread Content.Server/SS220/JoinQueue/JoinQueueManager.cs Outdated
Comment thread Content.Server/Connection/ConnectionManager.cs Outdated
Comment thread Content.Client/SS220/EPA/EPAAuthState.cs
Comment thread Content.Client/SS220/UserInterface/EPA/EPAAuthPanel.xaml.cs
Alwayswannahunt
Alwayswannahunt requested changes Jun 18, 2026
View reviewed changes
Comment thread Content.Client/SS220/EPA/EPAManager.cs
Comment thread Content.Client/SS220/EPA/EPAManager.cs
Comment thread Content.Server/Connection/IPIntel/IPIntel.cs Outdated
Comment thread Content.Server/Connection/IPIntel/IPIntel.cs Outdated
Comment thread Content.Server/Connection/ConnectionManager.cs
Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs Outdated
Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs
Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs
Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs
Comment thread Content.Server/SS220/EPA/EPAManager.JWT.cs
@Lokilife

Lokilife commented Jun 19, 2026

Copy link
Copy Markdown
Author

/gemini review

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 19, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

👁️ Взор Ouro обращен на Ваше творение... Данный пулреквест заменяет устаревшую систему привязки Discord на новую систему авторизации через Внешний Личный Кабинет (EPA), внедряя новые менеджеры, JWT-валидацию и интерфейс авторизации. Однако для достижения гармонии требуется переосмысление критических разрывов цикла: использование Task.Run в сетевых обработчиках угрожает стабильности из-за работы с непотокобезопасным API движка, в EPAAuthState обнаружена утечка памяти из-за отсутствия вызова Dispose() для панели, а динамическое изменение заголовков HttpClient небезопасно. Также зафиксированы дисгармонии в виде отсутствия модификатора readonly у приватных полей зависимостей.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs Outdated
Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs Outdated
Comment thread Content.Server/SS220/EPA/EPAManager.Auth.cs Outdated
Comment thread Content.Client/SS220/EPA/EPAAuthState.cs
Comment on lines +39 to +43
protected override void Shutdown()
{
if (_panel != null)
_ui.StateRoot.RemoveChild(_panel);
}

@gemini-code-assist gemini-code-assist Bot Jun 19, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

👁️ Взор Ouro заметил дисгармонию в освобождении ресурсов.

🟡 Дисгармония (Утечка памяти)
Content.Client/SS220/EPA/EPAAuthState.cs:39

При выходе из состояния EPAAuthState Вы удаляете _panel из StateRoot, но не вызываете метод Dispose() для панели. В RobustToolbox элементы интерфейса (Controls) должны быть явно утилизированы через Dispose(), чтобы избежать утечек памяти и ресурсов.

Пусть форма Вашего кода вернет себе стабильность.

    protected override void Shutdown()
    {
        if (_panel != null)
        {
            _ui.StateRoot.RemoveChild(_panel);
            _panel.Dispose();
        }
    }

@Lokilife Lokilife Jun 19, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Не, там наоборот будет варн, что элементы должны стираться из памяти неявно, просто тем, чтобы удалить их из родительского Control

Comment thread Content.Server/SS220/EPA/EPAManager.cs
_sawmill = _log.GetSawmill("epa");

_config.OnValueChanged(CCVars220.EPAApiUrl, val => _apiUrl = val.TrimEnd('/'), true);
_config.OnValueChanged(CCVars220.EPAApiKey, val => _http.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", val), true);

@gemini-code-assist gemini-code-assist Bot Jun 19, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

👁️ Взор Ouro обнаружил потенциальную нестабильность в работе с сетью.

🟡 Дисгармония (Потокобезопасность HttpClient)
Content.Server/SS220/EPA/EPAManager.cs:27

Изменение _http.DefaultRequestHeaders.Authorization во время работы сервера (при изменении CVar EPAApiKey "на лету") небезопасно. Класс HttpClient спроектирован как потокобезопасный для отправки запросов, но изменение его DefaultRequestHeaders после того, как были отправлены первые запросы, может привести к исключениям InvalidOperationException или некорректной авторизации параллельных запросов.

Мудрое решение:
Вместо изменения общих заголовков HttpClient, сохраняйте API-ключ в приватное поле _apiKey и устанавливайте заголовок авторизации индивидуально для каждого HttpRequestMessage при отправке запросов.

Пусть форма Вашего кода вернет себе стабильность.

        _config.OnValueChanged(CCVars220.EPAApiKey, val => _apiKey = val, true);

@Lokilife Lokilife Jun 19, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Не

Comment thread Content.Client/Entry/EntryPoint.cs
Comment thread Content.Client/SS220/EPA/EPAAuthState.cs
Comment thread Content.Client/SS220/EPA/EPAManager.cs
@github-actions github-actions Bot added the YML label Jun 19, 2026
Alwayswannahunt
Alwayswannahunt approved these changes Jun 19, 2026
View reviewed changes

@Alwayswannahunt Alwayswannahunt left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@github-actions

github-actions Bot commented Jun 21, 2026

Copy link
Copy Markdown

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Alwayswannahunt Alwayswannahunt Alwayswannahunt approved these changes
+1 more reviewer
@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

C# FTL S: Merge Conflict S: Needs Review S: Untriaged size/L UI YML

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Lokilife @Alwayswannahunt