If there's one thing I learned in this exercise, it's that letting
people add random python scripts to the repo like gpltext.py that
promise to be easier than find and replace is a bad idea.
There are two occasions in the codebase when Utils.Reload is called and
we're competent enough that we can just call the event when the reload
happens. Unrelated note, but shouldn't this event be called prior to
reloading? I've kept it the same to preserve existing behavior, but I
think it should probably happen before the reload event takes place.
Either way, I think this is fine.
Some anti-cheat calls were changed to "You have been Bounced." I don't
think we need to tell clients why they were disconnected so they can
tune their hacks better.
Frontend still doesn't work properly. In particular:
1. Need a way to list bans by account name.
2. Need a way to unban by account name.
3. Really need a way to change the IP on a ban lol.
Ban system still needs to be be rebuilt fully, but at least this
doesn't necessarily character ban someone if you were going for an IP
ban.
Fixes#1412
Rest.cs got a lot of commenting at last.
Redirects and upgrades can now be easily added for REST routes via the `Rest.RegisterRedirect(base, target, upgrade)` method.
Redirects added for all routes. Upgrades added for `/world/bloodmoon` and `/v2/world/autosave`, as they both use old-style REST verbs.
See #1361
It looks like we're setting spawnMeteor before executing WorldGen.dropMeteor()
in the command but not in the REST API. This makes the two code paths
behave the same.
`/status` is now a root endpoint and will always point to `/v2/server/status` with an added `upgrade` field describing the route to the latest status endpoint.
Closes#1358. Closes#1348
Added token bucket and timer to degrade token bucket
Modified REST API rate limiting
Changed limiting to only be on token create and v2 token create
Added config options to choose time limits
Passed HttpContext to the execute method of endpoints
Made blocking failed API logins optional
Changed error codes on failed login to be ambiguous
Added config to decide whether all or failed logins are limited
Changed config variable names
Cleaned up duplicate code in REST rate limiting
Fixed my typo
Changed error 431 to 403
