feat: add recommended install preset and input validation (#600)

Installer:
- Add Recommended install type as default (VDD + firewall + autostart)
- Add detailed en/zh component descriptions explaining each purpose
- Reorder types: Recommended > Full > Compact > Custom

Config validation (confighttp.cpp):
- saveApp: validate app name length (1-256 chars)
- saveConfig: validate sunshine_name and adapter_name length
- savePassword: validate username (max 128) and password (max 256)
- savePin: validate PIN format (4-8 numeric digits) and client name
- unpair: validate UUID length (max 64)

Author: qiin2333

cmake/packaging/sunshine.iss.in

@@ -74,9 +74,16 @@ english.ComponentFirewall=Add firewall exclusions
 english.ComponentGamepad=Virtual Gamepad (ViGEmBus)
 english.ComponentVmouse=Virtual Mouse Driver (UMDF)
 english.ComponentTools=Diagnostic tools (dxgi-info, audio-info)
-english.TypeFull=Full installation
-english.TypeCompact=Compact installation
+english.TypeRecommended=Recommended (virtual display + firewall + autostart)
+english.TypeFull=Full installation (all components)
+english.TypeCompact=Compact installation (core only)
 english.TypeCustom=Custom installation
+english.ComponentVDDDesc=Required for headless/remote streaming without a physical monitor. Enables HDR passthrough.
+english.ComponentFirewallDesc=Allows Moonlight clients to discover and connect to this PC over the network.
+english.ComponentAutostartDesc=Sunshine will start automatically when Windows boots. Recommended for always-on streaming.
+english.ComponentGamepadDesc=Emulates Xbox controller for games. Install only if you need gamepad input from the client.
+english.ComponentVmouseDesc=Provides smooth absolute mouse positioning. Install if cursor feels laggy.
+english.ComponentToolsDesc=dxgi-info, audio-info for troubleshooting display and audio issues.
 english.StatusResetPermissions=Resetting file permissions...
 english.StatusUpdatePath=Updating system PATH...
 english.StatusMigrateConfig=Migrating configuration files...
@@ -104,9 +111,16 @@ chinesesimplified.ComponentFirewall=添加防火墙规则
 chinesesimplified.ComponentGamepad=虚拟手柄（ViGEmBus）
 chinesesimplified.ComponentVmouse=虚拟鼠标驱动（UMDF）
 chinesesimplified.ComponentTools=诊断工具（dxgi-info、audio-info）
-chinesesimplified.TypeFull=完全安装
-chinesesimplified.TypeCompact=简洁安装
+chinesesimplified.TypeRecommended=推荐安装（虚拟显示器 + 防火墙 + 开机自启）
+chinesesimplified.TypeFull=完全安装（所有组件）
+chinesesimplified.TypeCompact=简洁安装（仅核心）
 chinesesimplified.TypeCustom=自定义安装
+chinesesimplified.ComponentVDDDesc=无头/远程串流必装。无需外接显示器即可串流，支持 HDR 直通。
+chinesesimplified.ComponentFirewallDesc=允许 Moonlight 客户端通过网络发现并连接本机。
+chinesesimplified.ComponentAutostartDesc=Windows 启动时自动运行 Sunshine。推荐常驻串流使用。
+chinesesimplified.ComponentGamepadDesc=模拟 Xbox 手柄。仅需要从客户端传入手柄输入时安装。
+chinesesimplified.ComponentVmouseDesc=提供平滑的绝对定位鼠标。如鼠标延迟可尝试安装。
+chinesesimplified.ComponentToolsDesc=dxgi-info、audio-info 等，用于排查显示和音频问题。
 chinesesimplified.StatusResetPermissions=正在重置文件权限...
 chinesesimplified.StatusUpdatePath=正在更新系统 PATH...
 chinesesimplified.StatusMigrateConfig=正在迁移配置文件...
@@ -126,19 +140,20 @@ chinesesimplified.StatusStoppingService=正在停止 Sunshine 服务...
 chinesesimplified.StatusStoppingProcesses=正在停止 Sunshine 进程...
 
 [Types]
+Name: "recommended"; Description: "{cm:TypeRecommended}"
 Name: "full"; Description: "{cm:TypeFull}"
 Name: "compact"; Description: "{cm:TypeCompact}"
 Name: "custom"; Description: "{cm:TypeCustom}"; Flags: iscustom
 
 [Components]
-Name: "application"; Description: "{cm:ComponentApplication}"; Types: full compact custom; Flags: fixed
-Name: "assets"; Description: "{cm:ComponentAssets}"; Types: full compact custom; Flags: fixed
-Name: "vdd"; Description: "{cm:ComponentVDD}"; Types: full
-Name: "autostart"; Description: "{cm:ComponentAutostart}"; Types: full
-Name: "firewall"; Description: "{cm:ComponentFirewall}"; Types: full compact
-Name: "gamepad"; Description: "{cm:ComponentGamepad}"; Types: full
-Name: "vmouse"; Description: "{cm:ComponentVmouse}"; Types: full
-Name: "tools"; Description: "{cm:ComponentTools}"; Types: full
+Name: "application"; Description: "{cm:ComponentApplication}"; Types: recommended full compact custom; Flags: fixed
+Name: "assets"; Description: "{cm:ComponentAssets}"; Types: recommended full compact custom; Flags: fixed
+Name: "vdd"; Description: "{cm:ComponentVDD} — {cm:ComponentVDDDesc}"; Types: recommended full; ExtraDiskSpaceRequired: 2097152
+Name: "firewall"; Description: "{cm:ComponentFirewall} — {cm:ComponentFirewallDesc}"; Types: recommended full compact
+Name: "autostart"; Description: "{cm:ComponentAutostart} — {cm:ComponentAutostartDesc}"; Types: recommended full
+Name: "gamepad"; Description: "{cm:ComponentGamepad} — {cm:ComponentGamepadDesc}"; Types: full
+Name: "vmouse"; Description: "{cm:ComponentVmouse} — {cm:ComponentVmouseDesc}"; Types: full
+Name: "tools"; Description: "{cm:ComponentTools} — {cm:ComponentToolsDesc}"; Types: full
 
 [Tasks]
 Name: "desktopicon"; Description: "{cm:CreateDesktopIcon}"; GroupDescription: "{cm:AdditionalIcons}"

src/confighttp.cpp

@@ -11,6 +11,7 @@
 #include <filesystem>
 #include <fstream>
 #include <iomanip>
+#include <algorithm>
 #include <atomic>
 #include <mutex>
 #include <stdexcept>
@@ -757,14 +758,23 @@ namespace confighttp {
     pt::ptree inputTree, fileTree;
 
     try {
-      // TODO: Input Validation
       pt::read_json(ss, inputTree);
       pt::read_json(config::stream.file_apps, fileTree);
 
       auto &apps_node = fileTree.get_child("apps"s);
       auto &input_apps_node = inputTree.get_child("apps"s);
       auto &input_edit_node = inputTree.get_child("editApp"s);
 
+      // Validate app name when editing a specific app
+      if (!input_edit_node.empty()) {
+        auto app_name = input_edit_node.get<std::string>("name", "");
+        if (app_name.empty() || app_name.size() > 256) {
+          outputTree.put("status", "false");
+          outputTree.put("error", "App name must be 1-256 characters");
+          return;
+        }
+      }
+
       if (input_edit_node.empty()) {
         fileTree.erase("apps");
         fileTree.push_back(std::make_pair("apps", input_apps_node));
@@ -1163,12 +1173,24 @@ namespace confighttp {
     pt::ptree inputTree;
 
     try {
-      // TODO: Input Validation
       pt::read_json(ss, inputTree);
       std::string resArray = inputTree.get<std::string>("resolutions", "[]");
       std::string fpsArray = inputTree.get<std::string>("fps", "[]");
       std::string gpu_name = inputTree.get<std::string>("adapter_name", "");
 
+      // Validate config field lengths to prevent abuse
+      auto sunshine_name = inputTree.get<std::string>("sunshine_name", "");
+      if (sunshine_name.size() > 256) {
+        outputTree.put("status", "false");
+        outputTree.put("error", "sunshine_name too long (max 256)");
+        return;
+      }
+      if (gpu_name.size() > 256) {
+        outputTree.put("status", "false");
+        outputTree.put("error", "adapter_name too long (max 256)");
+        return;
+      }
+
       saveVddSettings(resArray, fpsArray, gpu_name);
 
       // 将 inputTree 转换为 std::map（保证有序）
@@ -1249,13 +1271,25 @@ namespace confighttp {
     });
 
     try {
-      // TODO: Input Validation
       pt::read_json(ss, inputTree);
       auto username = inputTree.count("currentUsername") > 0 ? inputTree.get<std::string>("currentUsername") : "";
       auto newUsername = inputTree.get<std::string>("newUsername");
       auto password = inputTree.count("currentPassword") > 0 ? inputTree.get<std::string>("currentPassword") : "";
       auto newPassword = inputTree.count("newPassword") > 0 ? inputTree.get<std::string>("newPassword") : "";
       auto confirmPassword = inputTree.count("confirmNewPassword") > 0 ? inputTree.get<std::string>("confirmNewPassword") : "";
+
+      // Validate credential lengths
+      if (newUsername.size() > 128) {
+        outputTree.put("status", false);
+        outputTree.put("error", "Username too long (max 128)");
+        return;
+      }
+      if (newPassword.size() > 256) {
+        outputTree.put("status", false);
+        outputTree.put("error", "Password too long (max 256)");
+        return;
+      }
+
       if (newUsername.length() == 0) newUsername = username;
       if (newUsername.length() == 0) {
         outputTree.put("status", false);
@@ -1306,10 +1340,23 @@ namespace confighttp {
     });
 
     try {
-      // TODO: Input Validation
       pt::read_json(ss, inputTree);
       std::string pin = inputTree.get<std::string>("pin");
       std::string name = inputTree.get<std::string>("name");
+
+      // Validate PIN: must be numeric digits only, 4-8 characters
+      if (pin.size() < 4 || pin.size() > 8 || !std::all_of(pin.begin(), pin.end(), ::isdigit)) {
+        outputTree.put("status", false);
+        outputTree.put("error", "PIN must be 4-8 digits");
+        return;
+      }
+      // Validate client name
+      if (name.empty() || name.size() > 256) {
+        outputTree.put("status", false);
+        outputTree.put("error", "Client name must be 1-256 characters");
+        return;
+      }
+
       bool pin_result = nvhttp::pin(pin, name);
       outputTree.put("status", pin_result);
 
@@ -1528,9 +1575,16 @@ namespace confighttp {
     });
 
     try {
-      // TODO: Input Validation
       pt::read_json(ss, inputTree);
       std::string uuid = inputTree.get<std::string>("uuid");
+
+      // Validate UUID format (hex + hyphens, reasonable length)
+      if (uuid.empty() || uuid.size() > 64) {
+        outputTree.put("status", false);
+        outputTree.put("error", "Invalid client UUID");
+        return;
+      }
+
       outputTree.put("status", nvhttp::unpair_client(uuid));
     }
     catch (std::exception &e) {