Merge pull request #15 from NighterDevelopment/copilot/fix-d9d382cb-d31c-49a0-8329-c4975c12be77

ptthanh02 · web-flow · commit 6ad045c9b013 · 2025-09-15T13:31:55.000+07:00
Fix duplication exploit by force-closing filter GUI viewers when spawner is destroyed
diff --git a/core/src/main/java/github/nighter/smartspawner/SmartSpawner.java b/core/src/main/java/github/nighter/smartspawner/SmartSpawner.java
@@ -371,6 +371,10 @@ public SpawnerStorageUI getSpawnerStorageUI() {
         return spawnerStorageUI;
     }
 
+    public FilterConfigUI getFilterConfigUI() {
+        return filterConfigUI;
+    }
+
     public GuiLayoutConfig getGuiLayoutConfig() {
         return guiLayoutConfig;
     }
diff --git a/core/src/main/java/github/nighter/smartspawner/spawner/gui/synchronization/SpawnerGuiViewManager.java b/core/src/main/java/github/nighter/smartspawner/spawner/gui/synchronization/SpawnerGuiViewManager.java
@@ -3,6 +3,7 @@
 import github.nighter.smartspawner.SmartSpawner;
 import github.nighter.smartspawner.spawner.gui.main.SpawnerMenuHolder;
 import github.nighter.smartspawner.spawner.gui.storage.StoragePageHolder;
+import github.nighter.smartspawner.spawner.gui.storage.filter.FilterConfigHolder;
 import github.nighter.smartspawner.spawner.gui.main.SpawnerMenuUI;
 import github.nighter.smartspawner.spawner.gui.storage.SpawnerStorageUI;
 import github.nighter.smartspawner.spawner.gui.layout.GuiLayout;
@@ -63,6 +64,9 @@ public class SpawnerGuiViewManager implements Listener {
     private final Map<UUID, SpawnerViewerInfo> playerToSpawnerMap;
     private final Map<String, Set<UUID>> spawnerToPlayersMap;
     private final Set<Class<? extends InventoryHolder>> validHolderTypes;
+    
+    // Additional tracking for filter GUI viewers to prevent duplication exploits
+    private final Map<String, Set<UUID>> spawnerToFilterViewersMap;
 
     // NEW: Separate tracking for main menu viewers only (for timer updates)
     private final Map<UUID, SpawnerViewerInfo> mainMenuViewers = new ConcurrentHashMap<>();
@@ -102,7 +106,8 @@ private static class SpawnerViewerInfo {
     // Enum to track different viewer types
     private enum ViewerType {
         MAIN_MENU,    // SpawnerMenuHolder - needs timer updates
-        STORAGE       // StoragePageHolder - no timer updates needed
+        STORAGE,      // StoragePageHolder - no timer updates needed
+        FILTER        // FilterConfigHolder - no timer updates needed
     }
 
     public SpawnerGuiViewManager(SmartSpawner plugin) {
@@ -112,10 +117,12 @@ public SpawnerGuiViewManager(SmartSpawner plugin) {
         this.spawnerMenuUI = plugin.getSpawnerMenuUI();
         this.playerToSpawnerMap = new ConcurrentHashMap<>();
         this.spawnerToPlayersMap = new ConcurrentHashMap<>();
+        this.spawnerToFilterViewersMap = new ConcurrentHashMap<>();
         this.isTaskRunning = false;
         this.validHolderTypes = Set.of(
                 SpawnerMenuHolder.class,
-                StoragePageHolder.class
+                StoragePageHolder.class,
+                FilterConfigHolder.class
         );
 
         // Preload commonly used strings to avoid repeated lookups
@@ -257,6 +264,12 @@ public void trackViewer(UUID playerId, SpawnerData spawner, ViewerType viewerTyp
             spawnerToMainMenuViewers.computeIfAbsent(spawner.getSpawnerId(), k -> ConcurrentHashMap.newKeySet())
                     .add(playerId);
         }
+        
+        // Separately track filter GUI viewers to prevent duplication exploits
+        if (viewerType == ViewerType.FILTER) {
+            spawnerToFilterViewersMap.computeIfAbsent(spawner.getSpawnerId(), k -> ConcurrentHashMap.newKeySet())
+                    .add(playerId);
+        }
 
         // Start update task if we have any viewers (for pending updates processing)
         if (!isTaskRunning && !playerToSpawnerMap.isEmpty()) {
@@ -295,6 +308,18 @@ public void untrackViewer(UUID playerId) {
                 }
             }
         }
+        
+        // Also remove from filter viewer tracking if present
+        if (info != null) {
+            String spawnerId = info.spawnerData.getSpawnerId();
+            Set<UUID> filterViewers = spawnerToFilterViewersMap.get(spawnerId);
+            if (filterViewers != null) {
+                filterViewers.remove(playerId);
+                if (filterViewers.isEmpty()) {
+                    spawnerToFilterViewersMap.remove(spawnerId);
+                }
+            }
+        }
 
         // Also remove from pending updates and performance tracking
         pendingUpdates.remove(playerId);
@@ -335,6 +360,7 @@ public void clearAllTrackedGuis() {
         spawnerToPlayersMap.clear();
         mainMenuViewers.clear();
         spawnerToMainMenuViewers.clear();
+        spawnerToFilterViewersMap.clear();
         pendingUpdates.clear();
         updateFlags.clear();
         lastTimerUpdate.clear();
@@ -437,6 +463,9 @@ public void onInventoryOpen(InventoryOpenEvent event) {
         } else if (holder instanceof StoragePageHolder storageHolder) {
             spawnerData = storageHolder.getSpawnerData();
             viewerType = ViewerType.STORAGE;
+        } else if (holder instanceof FilterConfigHolder filterHolder) {
+            spawnerData = filterHolder.getSpawnerData();
+            viewerType = ViewerType.FILTER;
         }
 
         if (spawnerData != null && viewerType != null) {
@@ -1347,6 +1376,25 @@ public void closeAllViewersInventory(SpawnerData spawner) {
                 }
             }
         }
+        
+        // Force close filter GUI viewers to prevent duplication exploits
+        Set<UUID> filterViewers = spawnerToFilterViewersMap.get(spawnerId);
+        if (filterViewers != null && !filterViewers.isEmpty()) {
+            // Create a copy to avoid concurrent modification
+            Set<UUID> filterViewersCopy = new HashSet<>(filterViewers);
+            for (UUID viewerId : filterViewersCopy) {
+                Player viewer = Bukkit.getPlayer(viewerId);
+                if (viewer != null && viewer.isOnline()) {
+                    // Check if they actually have a filter GUI open for this spawner
+                    Inventory openInventory = viewer.getOpenInventory().getTopInventory();
+                    if (openInventory != null && openInventory.getHolder(false) instanceof FilterConfigHolder filterHolder) {
+                        if (filterHolder.getSpawnerData().getSpawnerId().equals(spawnerId)) {
+                            viewer.closeInventory();
+                        }
+                    }
+                }
+            }
+        }
 
         // Check for stacker viewers if that functionality exists
         if (plugin.getSpawnerStackerHandler() != null) {

Original file line number	Diff line number	Diff line change
`@@ -371,6 +371,10 @@ public SpawnerStorageUI getSpawnerStorageUI() {`
`371`	`371`	`return spawnerStorageUI;`
`372`	`372`	`}`
`373`	`373`
	`374`	`+ public FilterConfigUI getFilterConfigUI() {`
	`375`	`+ return filterConfigUI;`
	`376`	`+ }`
	`377`	`+`
`374`	`378`	`public GuiLayoutConfig getGuiLayoutConfig() {`
`375`	`379`	`return guiLayoutConfig;`
`376`	`380`	`}`