ppy
diff --git a/Diff for: ‎.env.example
+13-11 b/Diff for: ‎.env.example
+13-11
diff --git a/Diff for: ‎app/Exceptions/ImageProcessorServiceException.php
+1-1 b/Diff for: ‎app/Exceptions/ImageProcessorServiceException.php
+1-1
diff --git a/Diff for: ‎app/Http/Controllers/BeatmapDiscussionsController.php
+5-1 b/Diff for: ‎app/Http/Controllers/BeatmapDiscussionsController.php
+5-1
diff --git a/Diff for: ‎app/Http/Controllers/BeatmapsController.php
+1-1 b/Diff for: ‎app/Http/Controllers/BeatmapsController.php
+1-1
diff --git a/Diff for: ‎app/Http/Controllers/Forum/TopicsController.php
+3-1 b/Diff for: ‎app/Http/Controllers/Forum/TopicsController.php
+3-1
diff --git a/Diff for: ‎app/Http/Controllers/RankingController.php
+1-7 b/Diff for: ‎app/Http/Controllers/RankingController.php
+1-7
diff --git a/Diff for: ‎app/Http/Controllers/ScorePinsController.php
+34-34 b/Diff for: ‎app/Http/Controllers/ScorePinsController.php
+34-34
diff --git a/Diff for: ‎app/Http/Controllers/ScoresController.php
+34-20 b/Diff for: ‎app/Http/Controllers/ScoresController.php
+34-20
diff --git a/Diff for: ‎app/Http/Controllers/SessionsController.php
+2 b/Diff for: ‎app/Http/Controllers/SessionsController.php
+2
@@ -246,7 +246,6 @@ CLIENT_CHECK_VERSION=false
 
 # USER_MAX_SCORE_PINS=10
 # USER_MAX_SCORE_PINS_SUPPORTER=50
-# USER_HIDE_PINNED_SOLO_SCORES=true
 
 # the content is in markdown format
 # USER_PROFILE_SCORES_NOTICE=
@@ -265,7 +264,7 @@ CLIENT_CHECK_VERSION=false
 # NOTIFICATION_CLEANUP_MAX_DELETE=50000
 
 # The open source bounty info page/form url
-#OS_BOUNTY_URL=http://example.com/bounty_form
+# OS_BOUNTY_URL=http://example.com/bounty_form
 
 # OAUTH_MAX_USER_CLIENTS=1
 
@@ -292,16 +291,16 @@ CLIENT_CHECK_VERSION=false
 # PAGINATION_MAX_COUNT=10000
 
 ## Limits for the allowed number of simultaneous beatmapset uploads (displayed on the support page: /home/support)
-#BEATMAPSET_UPLOAD_ALLOWED=4
-#BEATMAPSET_UPLOAD_BONUS_PER_RANKED=1
-#BEATMAPSET_UPLOAD_BONUS_PER_RANKED_MAX=2
-#BEATMAPSET_UPLOAD_ALLOWED_SUPPORTER=8
-#BEATMAPSET_UPLOAD_BONUS_PER_RANKED_SUPPORTER=1
-#BEATMAPSET_UPLOAD_BONUS_PER_RANKED_MAX_SUPPORTER=12
+# BEATMAPSET_UPLOAD_ALLOWED=4
+# BEATMAPSET_UPLOAD_BONUS_PER_RANKED=1
+# BEATMAPSET_UPLOAD_BONUS_PER_RANKED_MAX=2
+# BEATMAPSET_UPLOAD_ALLOWED_SUPPORTER=8
+# BEATMAPSET_UPLOAD_BONUS_PER_RANKED_SUPPORTER=1
+# BEATMAPSET_UPLOAD_BONUS_PER_RANKED_MAX_SUPPORTER=12
 
-#RECAPTCHA_SECRET=
-#RECAPTCHA_SITEKEY=
-#RECAPTCHA_THRESHOLD=
+# RECAPTCHA_SECRET=
+# RECAPTCHA_SITEKEY=
+# RECAPTCHA_THRESHOLD=
 
 # TWITCH_CLIENT_ID=
 # TWITCH_CLIENT_SECRET=
@@ -336,3 +335,6 @@ CLIENT_CHECK_VERSION=false
 
 # USER_COUNTRY_CHANGE_MAX_MIXED_MONTHS=2
 # USER_COUNTRY_CHANGE_MIN_MONTHS=6
+
+# USER_INACTIVE_DAYS_VERIFICATION=180
+# USER_INACTIVE_FORCE_PASSWORD_RESET=false
@@ -9,5 +9,5 @@
 
 class ImageProcessorServiceException extends Exception
 {
-    // doesn't really contain anything
+    const INVALID_IMAGE = 1;
 }
@@ -120,7 +120,11 @@ public function index()
 
     public function mediaUrl()
     {
-        $url = get_string(request('url'));
+        $url = presence(get_string(request('url')));
+
+        if (!isset($url)) {
+            return response('Missing url parameter', 422);
+        }
 
         // Tell browser not to request url for a while.
         return redirect(proxy_media($url))->header('Cache-Control', 'max-age=600');
 
@@ -75,7 +75,7 @@ private static function beatmapScores(string $id, ?string $scoreTransformerType,
             'type' => $type,
             'user' => $currentUser,
         ]);
-        $scores = $esFetch->all()->loadMissing(['beatmap', 'user.country', 'user.userProfileCustomization']);
+        $scores = $esFetch->all()->loadMissing(['beatmap', 'user.country']);
         $userScore = $esFetch->userBest();
         $scoreTransformer = new ScoreTransformer($scoreTransformerType);
 
 
@@ -16,6 +16,7 @@
 use App\Models\Forum\TopicCover;
 use App\Models\Forum\TopicPoll;
 use App\Models\Forum\TopicWatch;
+use App\Models\UserProfileCustomization;
 use App\Transformers\Forum\TopicCoverTransformer;
 use Auth;
 use DB;
@@ -427,6 +428,7 @@ public function show($id)
 
         $pollSummary = PollOption::summary($topic, $currentUser);
 
+        $topic->incrementViewCount($currentUser, \Request::ip());
         $posts->last()->markRead($currentUser);
 
         $coverModel = $topic->cover ?? new TopicCover();
@@ -625,7 +627,7 @@ private function getIndexParams($topic, $currentUser, $userCanModerate)
         $params['limit'] = clamp($params['limit'] ?? 20, 1, 50);
 
         if ($userCanModerate) {
-            $params['with_deleted'] = $params['with_deleted'] ?? $currentUser->profileCustomization()->forum_posts_show_deleted;
+            $params['with_deleted'] ??= ($currentUser->userProfileCustomization ?? UserProfileCustomization::DEFAULTS)['forum_posts_show_deleted'];
         } else {
             $params['with_deleted'] = false;
         }
 
@@ -197,10 +197,6 @@ public function index($mode, $type)
             if (isset($forceIndex)) {
                 $stats->from(DB::raw("{$table} FORCE INDEX ($forceIndex)"));
             }
-
-            if (is_api_request()) {
-                $stats->with(['user.userProfileCustomization']);
-            }
         }
 
         $maxResults = $this->maxResults($modeInt, $stats);
@@ -304,13 +300,11 @@ public function spotlight($mode)
             }
 
             if (is_api_request()) {
-                $scores = $scores->with(['user.userProfileCustomization'])->get();
-
                 return [
                     // transformer can't do nested includes with params properly.
                     // https://github.com/thephpleague/fractal/issues/239
                     'beatmapsets' => json_collection($beatmapsets, 'Beatmapset', ['beatmaps']),
-                    'ranking' => json_collection($scores, 'UserStatistics', ['user', 'user.cover', 'user.country']),
+                    'ranking' => json_collection($scores->get(), 'UserStatistics', ['user', 'user.cover', 'user.country']),
                     'spotlight' => json_item($spotlight, 'Spotlight', ["participant_count:mode({$mode})"]),
                 ];
             } else {
 
@@ -6,8 +6,6 @@
 namespace App\Http\Controllers;
 
 use App\Jobs\RenumberUserScorePins;
-use App\Libraries\MorphMap;
-use App\Models\Beatmap;
 use App\Models\ScorePin;
 use App\Models\Solo;
 use Exception;
@@ -23,29 +21,31 @@ public function __construct()
 
     public function destroy()
     {
-        auth()->user()->scorePins()->where($this->getScoreParams(request()->all()))->delete();
+        \Auth::user()->scorePins()->whereKey(get_int(request('score_id')))->delete();
 
         return response()->noContent();
     }
 
     public function reorder()
     {
-        $rawParams = request()->all();
-        $targetParams = $this->getScoreParams($rawParams);
+        $rawParams = \Request::all();
+        $targetId = get_int($rawParams['score_id'] ?? null);
 
-        $pinsQuery = auth()->user()->scorePins();
-        $target = $pinsQuery->clone()->where($targetParams)->firstOrFail();
+        $pinsQuery = \Auth::user()->scorePins();
+        $target = $pinsQuery->clone()->findOrFail($targetId);
+        $rulesetId = $target->ruleset_id;
+        $pinsQuery->where('ruleset_id', $rulesetId);
 
         $adjacentScores = [];
         foreach (['order1', 'order3'] as $position) {
-            $adjacentScores[$position] = $this->getScoreParams(get_arr($rawParams[$position] ?? null) ?? []);
+            $adjacentScoreIds[$position] = get_int($rawParams[$position]['score_id'] ?? null);
         }
 
-        $order1Item = isset($adjacentScores['order1']['score_id'])
-            ? $pinsQuery->clone()->where($adjacentScores['order1'])->first()
+        $order1Item = isset($adjacentScoreIds['order1'])
+            ? $pinsQuery->clone()->find($adjacentScoreIds['order1'])
             : null;
-        $order3Item = $order1Item === null && isset($adjacentScores['order3']['score_id'])
-            ? $pinsQuery->clone()->where($adjacentScores['order3'])->first()
+        $order3Item = $order1Item === null && isset($adjacentScoreIds['order3'])
+            ? $pinsQuery->clone()->find($adjacentScoreIds['order3'])
             : null;
 
         abort_if($order1Item === null && $order3Item === null, 422, 'no valid pinned score reference is specified');
@@ -63,7 +63,7 @@ public function reorder()
         $order2 = ($order1 + $order3) / 2;
 
         if ($order3 - $order1 < 0.1) {
-            dispatch(new RenumberUserScorePins($target->user_id, $target->score_type));
+            dispatch(new RenumberUserScorePins($target->user_id, $target->ruleset_id));
         }
 
         $target->update(['display_order' => $order2]);
@@ -73,27 +73,37 @@ public function reorder()
 
     public function store()
     {
-        $params = $this->getScoreParams(request()->all());
-
-        abort_if(!ScorePin::isValidType($params['score_type']), 422, 'invalid score_type');
-
-        $score = MorphMap::getClass($params['score_type'])::find($params['score_id']);
+        $id = get_int(request('score_id'));
+        $score = Solo\Score::find($id);
 
         abort_if($score === null, 422, "specified score couldn't be found");
 
-        $user = auth()->user();
+        $user = \Auth::user();
 
-        $pin = ScorePin::where(['user_id' => $user->getKey()])->whereMorphedTo('score', $score)->first();
+        $pin = $user->scorePins()->find($id);
 
         if ($pin === null) {
             priv_check('ScorePin', $score)->ensureCan();
 
-            $rulesetId = Beatmap::MODES[$score->getMode()];
+            $rulesetId = $score->ruleset_id;
             $currentMinDisplayOrder = $user->scorePins()->where('ruleset_id', $rulesetId)->min('display_order') ?? 2500;
 
             try {
-                (new ScorePin(['display_order' => $currentMinDisplayOrder - 100, 'ruleset_id' => $rulesetId]))
-                    ->user()->associate($user)
+                (new ScorePin([
+                    'display_order' => $currentMinDisplayOrder - 100,
+                    'ruleset_id' => $rulesetId,
+
+                    /**
+                     * TODO:
+                     * 1. update score_id = new_score_id
+                     * 2. remove duplicated score_id
+                     * 3. use score_id as primary key (both model and database)
+                     * 4. remove setting score_type below
+                     * 5. remove new_score_id and score_type columns
+                     */
+                    'score_id' => $score->getKey(),
+                    'score_type' => $score->getMorphClass(),
+                ]))->user()->associate($user)
                     ->score()->associate($score)
                     ->saveOrExplode();
             } catch (Exception $ex) {
@@ -102,19 +112,9 @@ public function store()
                 }
             }
 
-            if ($score instanceof Solo\Score) {
-                $score->update(['preserve' => true]);
-            }
+            $score->update(['preserve' => true]);
         }
 
         return response()->noContent();
     }
-
-    private function getScoreParams(array $form)
-    {
-        return get_params($form, null, [
-            'score_type:string',
-            'score_id:int',
-        ], ['null_missing' => true]);
-    }
 }
@@ -5,15 +5,16 @@
 
 namespace App\Http\Controllers;
 
+use App\Enums\Ruleset;
 use App\Models\Score\Best\Model as ScoreBest;
 use App\Models\Solo\Score as SoloScore;
-use App\Models\UserCountryHistory;
 use App\Transformers\ScoreTransformer;
 use App\Transformers\UserCompactTransformer;
-use Carbon\CarbonImmutable;
 
 class ScoresController extends Controller
 {
+    const REPLAY_DOWNLOAD_COUNT_INTERVAL = 86400; // 1 day
+
     public function __construct()
     {
         parent::__construct();
@@ -52,20 +53,30 @@ public function download($rulesetOrSoloId, $id = null)
             abort(404);
         }
 
-        if (\Auth::user()->getKey() !== $score->user_id) {
-            $score->user->statistics($score->getMode(), true)->increment('replay_popularity');
-
-            $month = CarbonImmutable::now();
-            $currentMonth = UserCountryHistory::formatDate($month);
-
-            $score->user->replaysWatchedCounts()
-                ->firstOrCreate(['year_month' => $currentMonth], ['count' => 0])
-                ->incrementInstance('count');
-
-            if ($score instanceof ScoreBest) {
-                $score->replayViewCount()
-                    ->firstOrCreate([], ['play_count' => 0])
-                    ->incrementInstance('play_count');
+        $currentUser = \Auth::user();
+        if (
+            !$currentUser->isRestricted()
+            && $currentUser->getKey() !== $score->user_id
+            && ($currentUser->token()?->client->password_client ?? false)
+        ) {
+            $countLock = \Cache::lock(
+                "view:score_replay:{$score->getKey()}:{$currentUser->getKey()}",
+                static::REPLAY_DOWNLOAD_COUNT_INTERVAL,
+            );
+
+            if ($countLock->get()) {
+                $score->user->statistics($score->getMode(), true)->increment('replay_popularity');
+
+                $currentMonth = format_month_column(new \DateTime());
+                $score->user->replaysWatchedCounts()
+                    ->firstOrCreate(['year_month' => $currentMonth], ['count' => 0])
+                    ->incrementInstance('count');
+
+                if ($score instanceof ScoreBest) {
+                    $score->replayViewCount()
+                        ->firstOrCreate([], ['play_count' => 0])
+                        ->incrementInstance('play_count');
+                }
             }
         }
 
@@ -80,10 +91,13 @@ public function download($rulesetOrSoloId, $id = null)
 
     public function show($rulesetOrSoloId, $legacyId = null)
     {
-        [$scoreClass, $id] = $legacyId === null
-            ? [SoloScore::class, $rulesetOrSoloId]
-            : [ScoreBest::getClass($rulesetOrSoloId), $legacyId];
-        $score = $scoreClass::whereHas('beatmap.beatmapset')->visibleUsers()->findOrFail($id);
+        $scoreQuery = $legacyId === null
+            ? SoloScore::whereKey($rulesetOrSoloId)
+            : SoloScore::where([
+                'ruleset_id' => Ruleset::tryFromName($rulesetOrSoloId) ?? abort(404, 'unknown ruleset name'),
+                'legacy_score_id' => $legacyId,
+            ]);
+        $score = $scoreQuery->whereHas('beatmap.beatmapset')->visibleUsers()->firstOrFail();
 
         $userIncludes = array_map(function ($include) {
             return "user.{$include}";
 
@@ -77,6 +77,7 @@ public function store()
             $forceReactivation = new ForceReactivation($user, $request);
 
             if ($forceReactivation->isRequired()) {
+                DatadogLoginAttempt::log('password_reset');
                 $forceReactivation->run();
 
                 \Session::flash('password_reset_start', [
@@ -87,6 +88,7 @@ public function store()
                 return ujs_redirect(route('password-reset'));
             }
 
+            DatadogLoginAttempt::log(null);
             $this->login($user, $remember);
 
             return [
Original file line number	Diff line number	Diff line change
`@@ -9,5 +9,5 @@`
`9`	`9`
`10`	`10`	`class ImageProcessorServiceException extends Exception`
`11`	`11`	`{`
`12`		`- // doesn't really contain anything`
	`12`	`+ const INVALID_IMAGE = 1;`
`13`	`13`	`}`