From f148598a214943e72f0b23ef3051b615907c6c12 Mon Sep 17 00:00:00 2001
From: benbierens <thatbenbierens@gmail.com>
Date: Wed, 25 Oct 2023 10:38:21 +0200
Subject: [PATCH] Restrict admin commands to admin channel

---
 .../DiscordBotContainerRecipe.cs                      |  1 +
 .../CodexDiscordBotPlugin/DiscordBotStartupConfig.cs  |  8 ++++----
 Tools/BiblioTech/AdminChecker.cs                      |  5 +++++
 Tools/BiblioTech/BaseCommand.cs                       |  5 +++++
 Tools/BiblioTech/Commands/AdminCommand.cs             |  7 +++++++
 Tools/BiblioTech/Configuration.cs                     |  3 +++
 Tools/CodexNetDeployer/Configuration.cs               | 11 +++++++++++
 Tools/CodexNetDeployer/Deployer.cs                    |  3 ++-
 Tools/CodexNetDeployer/deploy-public-testnet.sh       |  3 ++-
 9 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotContainerRecipe.cs b/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotContainerRecipe.cs
index 9fc07d8..9d1ba0a 100644
--- a/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotContainerRecipe.cs
+++ b/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotContainerRecipe.cs
@@ -14,6 +14,7 @@ namespace CodexDiscordBotPlugin
             AddEnvVar("TOKEN", config.Token);
             AddEnvVar("SERVERNAME", config.ServerName);
             AddEnvVar("ADMINROLE", config.AdminRoleName);
+            AddEnvVar("ADMINCHANNELNAME", config.AdminChannelName);
         }
     }
 }
diff --git a/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotStartupConfig.cs b/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotStartupConfig.cs
index e38a264..3d769a1 100644
--- a/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotStartupConfig.cs
+++ b/ProjectPlugins/CodexDiscordBotPlugin/DiscordBotStartupConfig.cs
@@ -1,20 +1,20 @@
-using CodexPlugin;
-
-namespace CodexDiscordBotPlugin
+namespace CodexDiscordBotPlugin
 {
     public class DiscordBotStartupConfig
     {
-        public DiscordBotStartupConfig(string name, string token, string serverName, string adminRoleName)
+        public DiscordBotStartupConfig(string name, string token, string serverName, string adminRoleName, string adminChannelName)
         {
             Name = name;
             Token = token;
             ServerName = serverName;
             AdminRoleName = adminRoleName;
+            AdminChannelName = adminChannelName;
         }
 
         public string Name { get; }
         public string Token { get; }
         public string ServerName { get; }
         public string AdminRoleName { get; }
+        public string AdminChannelName { get; }
     }
 }
diff --git a/Tools/BiblioTech/AdminChecker.cs b/Tools/BiblioTech/AdminChecker.cs
index 684721d..4701520 100644
--- a/Tools/BiblioTech/AdminChecker.cs
+++ b/Tools/BiblioTech/AdminChecker.cs
@@ -20,6 +20,11 @@ namespace BiblioTech
             return adminIds.Contains(userId);
         }
 
+        public bool IsAdminChannel(ISocketMessageChannel channel)
+        {
+            return channel.Name == Program.Config.AdminChannelName;
+        }
+
         private bool ShouldUpdate()
         {
             return !adminIds.Any() || (DateTime.UtcNow - lastUpdate) > TimeSpan.FromMinutes(10);
diff --git a/Tools/BiblioTech/BaseCommand.cs b/Tools/BiblioTech/BaseCommand.cs
index 57c6658..144d29f 100644
--- a/Tools/BiblioTech/BaseCommand.cs
+++ b/Tools/BiblioTech/BaseCommand.cs
@@ -39,6 +39,11 @@ namespace BiblioTech
             return Program.AdminChecker.IsUserAdmin(command.User.Id);
         }
 
+        protected bool IsInAdminChannel(SocketSlashCommand command)
+        {
+            return Program.AdminChecker.IsAdminChannel(command.Channel);
+        }
+
         protected ulong GetUserId(UserOption userOption, CommandContext context)
         {
             var targetUser = userOption.GetOptionUserId(context);
diff --git a/Tools/BiblioTech/Commands/AdminCommand.cs b/Tools/BiblioTech/Commands/AdminCommand.cs
index 62f3255..e9434ac 100644
--- a/Tools/BiblioTech/Commands/AdminCommand.cs
+++ b/Tools/BiblioTech/Commands/AdminCommand.cs
@@ -1,5 +1,6 @@
 using BiblioTech.Options;
 using CodexPlugin;
+using Discord.WebSocket;
 
 namespace BiblioTech.Commands
 {
@@ -41,6 +42,12 @@ namespace BiblioTech.Commands
                 return;
             }
 
+            if (!IsInAdminChannel(context.Command))
+            {
+                await context.Command.FollowupAsync("Please use admin commands only in the admin channel.");
+                return;
+            }
+
             await clearCommand.CommandHandler(context);
             await reportCommand.CommandHandler(context);
             await deployListCommand.CommandHandler(context);
diff --git a/Tools/BiblioTech/Configuration.cs b/Tools/BiblioTech/Configuration.cs
index decf006..adebc8b 100644
--- a/Tools/BiblioTech/Configuration.cs
+++ b/Tools/BiblioTech/Configuration.cs
@@ -18,5 +18,8 @@ namespace BiblioTech
 
         [Uniform("admin-role", "a", "ADMINROLE", true, "Name of the Discord server admin role")]
         public string AdminRoleName { get; set; } = string.Empty;
+
+        [Uniform("admin-channel-name", "ac", "ADMINCHANNELNAME", true, "Name of the Discord server channel where admin commands are allowed.")]
+        public string AdminChannelName { get; set; } = "admin-channel";
     }
 }
diff --git a/Tools/CodexNetDeployer/Configuration.cs b/Tools/CodexNetDeployer/Configuration.cs
index 46c57e8..e09cf2b 100644
--- a/Tools/CodexNetDeployer/Configuration.cs
+++ b/Tools/CodexNetDeployer/Configuration.cs
@@ -113,6 +113,9 @@ namespace CodexNetDeployer
         [Uniform("dbot-adminrolename", "dbotarn", "DBOTADMINROLENAME", false, "Required if discord-bot is true. Name of the Discord role which will have access to admin features.")]
         public string DiscordBotAdminRoleName { get; set; } = string.Empty;
 
+        [Uniform("dbot-adminchannelname", "dbotacn", "DBOTADMINCHANNELNAME", false, "Required if discord-bot is true. Name of the Discord channel in which admin commands are allowed.")]
+        public string DiscordBotAdminChannelName { get; set; } = string.Empty;
+
         public List<string> Validate()
         {
             var errors = new List<string>();
@@ -147,6 +150,14 @@ namespace CodexNetDeployer
                 if (PublicGethDiscPort == 0) errors.Add("Geth public discovery port is not set.");
             }
 
+            if (DeployDiscordBot)
+            {
+                StringIsSet(nameof(DiscordBotToken), DiscordBotToken, errors);
+                StringIsSet(nameof(DiscordBotServerName), DiscordBotServerName, errors);
+                StringIsSet(nameof(DiscordBotAdminRoleName), DiscordBotAdminRoleName, errors);
+                StringIsSet(nameof(DiscordBotAdminChannelName), DiscordBotAdminChannelName, errors);
+            }
+
             return errors;
         }
 
diff --git a/Tools/CodexNetDeployer/Deployer.cs b/Tools/CodexNetDeployer/Deployer.cs
index 51edaab..73625cc 100644
--- a/Tools/CodexNetDeployer/Deployer.cs
+++ b/Tools/CodexNetDeployer/Deployer.cs
@@ -129,7 +129,8 @@ namespace CodexNetDeployer
                 name: "discordbot-" + config.DeploymentName,
                 token: config.DiscordBotToken,
                 serverName: config.DiscordBotServerName,
-                adminRoleName: config.DiscordBotAdminRoleName));
+                adminRoleName: config.DiscordBotAdminRoleName,
+                adminChannelName: config.DiscordBotAdminChannelName));
 
             Log("Discord bot deployed.");
             return rc;
diff --git a/Tools/CodexNetDeployer/deploy-public-testnet.sh b/Tools/CodexNetDeployer/deploy-public-testnet.sh
index 2184379..d30cbf5 100644
--- a/Tools/CodexNetDeployer/deploy-public-testnet.sh
+++ b/Tools/CodexNetDeployer/deploy-public-testnet.sh
@@ -25,4 +25,5 @@ dotnet run \
     --discord-bot=1 \
     --dbot-token=tokenhere \
     --dbot-servername=namehere \
-    --dbot-adminrolename=alsonamehere
+    --dbot-adminrolename=alsonamehere \
+    --dbot-adminchannelname=channelname