Allow to customize HTTP code

For rejecting accessing private texture

app/Http/Controllers/AdminController.php

@@ -222,6 +222,10 @@ class AdminController extends Controller
 
             $form->checkbox('allow_downloading_texture')->label();
 
+            $form->select('status_code_for_private')
+                ->option('403', '403 Forbidden')
+                ->option('404', '404 Not Found');
+
             $form->text('texture_name_regexp')->hint()->placeholder();
 
             $form->textarea('content_policy')->rows(3)->description();

app/Http/Controllers/SkinlibController.php

@@ -134,7 +134,7 @@ class SkinlibController extends Controller
 
         if (! $texture->public) {
             if (! Auth::check() || ($user->uid != $texture->uploader && ! $user->isAdmin())) {
-                abort(403, trans('skinlib.show.private'));
+                abort(option('status_code_for_private'), trans('skinlib.show.private'));
             }
         }
 

config/options.php

@@ -57,4 +57,5 @@ return [
     'reporter_reward_score'     => '0',
     'content_policy'            => '',
     'transparent_navbar'        => 'false',
+    'status_code_for_private'   => '403',
 ];

resources/lang/en/options.yml

@@ -133,6 +133,8 @@ general:
   allow_downloading_texture:
    title: Downloading Textures
    label: Allow users to directly download the source file of a skinlib item.
+  status_code_for_private:
+    title: HTTP Code for Rejecting Accessing Private Textures
   texture_name_regexp:
     title: Texture Name Rules
     hint: The RegExp for validating name of uploaded textures. Leave empty to allow any character except single, double quote and backslash.

resources/lang/zh_CN/options.yml

@@ -133,6 +133,8 @@ general:
   allow_downloading_texture:
     title: 直接下载材质
     label: 允许用户直接下载皮肤库中材质的原始文件
+  status_code_for_private:
+    title: 拒绝访问私密材质时的 HTTP 代码
   texture_name_regexp:
     title: 材质名称规则
     hint: 皮肤库上传材质时名称的正则表达式。留空表示允许使用除半角单双引号、反斜杠以外的任意字符。

resources/misc/changelogs/en/4.3.0.md

@@ -1,6 +1,7 @@
 ## Added
 
 - Supported Chrome's `theme-color`.
+- Allowed to customize HTTP status code for rejecting accessing private texture.
 
 ## Tweaked
 

resources/misc/changelogs/zh_CN/4.3.0.md

@@ -1,6 +1,7 @@
 ## 新增
 
 - 支持 Chrome 的 `theme-color` 属性
+- 允许自定义拒绝访问私有材质时返回的 HTTP 状态码
 
 ## 调整
 

tests/AdminControllerTest.php

@@ -132,6 +132,7 @@ class AdminControllerTest extends BrowserKitTestCase
             ->select('1', 'api_type')
             ->check('auto_del_invalid_texture')
             ->uncheck('allow_downloading_texture')
+            ->select('404', 'status_code_for_private')
             ->type('abc', 'texture_name_regexp')
             ->type('policy', 'content_policy')
             ->type('code', 'comment_script')
@@ -148,6 +149,7 @@ class AdminControllerTest extends BrowserKitTestCase
         $this->assertEquals('1', option('api_type'));
         $this->assertTrue(option('auto_del_invalid_texture'));
         $this->assertFalse(option('allow_downloading_texture'));
+        $this->assertEquals('404', option('status_code_for_private'));
         $this->assertEquals('abc', option('texture_name_regexp'));
         $this->assertEquals('policy', option_localized('content_policy'));
         $this->assertEquals('code', option('comment_script'));

tests/SkinlibControllerTest.php

@@ -302,6 +302,12 @@ class SkinlibControllerTest extends TestCase
         ]);
         Storage::disk('textures')->put($texture->hash, '');
         $this->get('/skinlib/show/'.$texture->tid)
+            ->assertForbidden()
+            ->assertSee(trans('skinlib.show.private'));
+
+        option(['status_code_for_private' => 404]);
+        $this->get('/skinlib/show/'.$texture->tid)
+            ->assertNotFound()
             ->assertSee(trans('skinlib.show.private'));
 
         // Other user should not see private texture