From 42d212dc95898f520ac04685a1e8ff06feb93957 Mon Sep 17 00:00:00 2001
From: Pig Fang <g-plane@hotmail.com>
Date: Tue, 4 Jun 2019 22:45:57 +0800
Subject: [PATCH] Allow to customize HTTP code For rejecting accessing private
 texture

---
 app/Http/Controllers/AdminController.php   | 4 ++++
 app/Http/Controllers/SkinlibController.php | 2 +-
 config/options.php                         | 1 +
 resources/lang/en/options.yml              | 2 ++
 resources/lang/zh_CN/options.yml           | 2 ++
 resources/misc/changelogs/en/4.3.0.md      | 1 +
 resources/misc/changelogs/zh_CN/4.3.0.md   | 1 +
 tests/AdminControllerTest.php              | 2 ++
 tests/SkinlibControllerTest.php            | 6 ++++++
 9 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php
index 387272ad..83ab1007 100644
--- a/app/Http/Controllers/AdminController.php
+++ b/app/Http/Controllers/AdminController.php
@@ -222,6 +222,10 @@ class AdminController extends Controller
 
             $form->checkbox('allow_downloading_texture')->label();
 
+            $form->select('status_code_for_private')
+                ->option('403', '403 Forbidden')
+                ->option('404', '404 Not Found');
+
             $form->text('texture_name_regexp')->hint()->placeholder();
 
             $form->textarea('content_policy')->rows(3)->description();
diff --git a/app/Http/Controllers/SkinlibController.php b/app/Http/Controllers/SkinlibController.php
index 97d2b1cc..d0b24117 100644
--- a/app/Http/Controllers/SkinlibController.php
+++ b/app/Http/Controllers/SkinlibController.php
@@ -134,7 +134,7 @@ class SkinlibController extends Controller
 
         if (! $texture->public) {
             if (! Auth::check() || ($user->uid != $texture->uploader && ! $user->isAdmin())) {
-                abort(403, trans('skinlib.show.private'));
+                abort(option('status_code_for_private'), trans('skinlib.show.private'));
             }
         }
 
diff --git a/config/options.php b/config/options.php
index 11bf1876..ac872a0f 100644
--- a/config/options.php
+++ b/config/options.php
@@ -57,4 +57,5 @@ return [
     'reporter_reward_score'     => '0',
     'content_policy'            => '',
     'transparent_navbar'        => 'false',
+    'status_code_for_private'   => '403',
 ];
diff --git a/resources/lang/en/options.yml b/resources/lang/en/options.yml
index 17afdc2c..47b70ea7 100644
--- a/resources/lang/en/options.yml
+++ b/resources/lang/en/options.yml
@@ -133,6 +133,8 @@ general:
   allow_downloading_texture:
    title: Downloading Textures
    label: Allow users to directly download the source file of a skinlib item.
+  status_code_for_private:
+    title: HTTP Code for Rejecting Accessing Private Textures
   texture_name_regexp:
     title: Texture Name Rules
     hint: The RegExp for validating name of uploaded textures. Leave empty to allow any character except single, double quote and backslash.
diff --git a/resources/lang/zh_CN/options.yml b/resources/lang/zh_CN/options.yml
index 75864b2a..729b6ad5 100644
--- a/resources/lang/zh_CN/options.yml
+++ b/resources/lang/zh_CN/options.yml
@@ -133,6 +133,8 @@ general:
   allow_downloading_texture:
     title: 直接下载材质
     label: 允许用户直接下载皮肤库中材质的原始文件
+  status_code_for_private:
+    title: 拒绝访问私密材质时的 HTTP 代码
   texture_name_regexp:
     title: 材质名称规则
     hint: 皮肤库上传材质时名称的正则表达式。留空表示允许使用除半角单双引号、反斜杠以外的任意字符。
diff --git a/resources/misc/changelogs/en/4.3.0.md b/resources/misc/changelogs/en/4.3.0.md
index f9c21345..24348446 100644
--- a/resources/misc/changelogs/en/4.3.0.md
+++ b/resources/misc/changelogs/en/4.3.0.md
@@ -1,6 +1,7 @@
 ## Added
 
 - Supported Chrome's `theme-color`.
+- Allowed to customize HTTP status code for rejecting accessing private texture.
 
 ## Tweaked
 
diff --git a/resources/misc/changelogs/zh_CN/4.3.0.md b/resources/misc/changelogs/zh_CN/4.3.0.md
index b614f603..1e798871 100644
--- a/resources/misc/changelogs/zh_CN/4.3.0.md
+++ b/resources/misc/changelogs/zh_CN/4.3.0.md
@@ -1,6 +1,7 @@
 ## 新增
 
 - 支持 Chrome 的 `theme-color` 属性
+- 允许自定义拒绝访问私有材质时返回的 HTTP 状态码
 
 ## 调整
 
diff --git a/tests/AdminControllerTest.php b/tests/AdminControllerTest.php
index bf90094d..1ba9cb03 100644
--- a/tests/AdminControllerTest.php
+++ b/tests/AdminControllerTest.php
@@ -132,6 +132,7 @@ class AdminControllerTest extends BrowserKitTestCase
             ->select('1', 'api_type')
             ->check('auto_del_invalid_texture')
             ->uncheck('allow_downloading_texture')
+            ->select('404', 'status_code_for_private')
             ->type('abc', 'texture_name_regexp')
             ->type('policy', 'content_policy')
             ->type('code', 'comment_script')
@@ -148,6 +149,7 @@ class AdminControllerTest extends BrowserKitTestCase
         $this->assertEquals('1', option('api_type'));
         $this->assertTrue(option('auto_del_invalid_texture'));
         $this->assertFalse(option('allow_downloading_texture'));
+        $this->assertEquals('404', option('status_code_for_private'));
         $this->assertEquals('abc', option('texture_name_regexp'));
         $this->assertEquals('policy', option_localized('content_policy'));
         $this->assertEquals('code', option('comment_script'));
diff --git a/tests/SkinlibControllerTest.php b/tests/SkinlibControllerTest.php
index 6e910196..ca6bee91 100644
--- a/tests/SkinlibControllerTest.php
+++ b/tests/SkinlibControllerTest.php
@@ -302,6 +302,12 @@ class SkinlibControllerTest extends TestCase
         ]);
         Storage::disk('textures')->put($texture->hash, '');
         $this->get('/skinlib/show/'.$texture->tid)
+            ->assertForbidden()
+            ->assertSee(trans('skinlib.show.private'));
+
+        option(['status_code_for_private' => 404]);
+        $this->get('/skinlib/show/'.$texture->tid)
+            ->assertNotFound()
             ->assertSee(trans('skinlib.show.private'));
 
         // Other user should not see private texture