public async Task <IActionResult> AssetUploadServlet([FromForm] AssetUploadForm formAsset) { Console.WriteLine($"/pollinator/public-interface/AssetUploadServlet{Request.QueryString}"); // the game client always sends the slurp query // and it's always either 0 or 1 if (!Request.Query.ContainsKey("slurp") || !int.TryParse(Request.Query["slurp"], out int slurpValue) || (slurpValue != 0 && slurpValue != 1)) { return(Ok()); } Int64 parentId = 0; // the game sometimes sends a parent id, // make sure we can parse it if (Request.Query.ContainsKey("parent") && !Int64.TryParse(Request.Query["parent"], out parentId)) { return(Ok()); } SporeServerAsset parentAsset = null; // when parentId is not 0, // try to find parent asset if (parentId != 0) { parentAsset = await _assetManager.FindByIdAsync(parentId); } // the game always sends the type id // make sure we can parse it // and that's it a valid id if (!Int64.TryParse(formAsset.TypeId.TrimStart('0', 'x'), NumberStyles.HexNumber, null, out Int64 typeId) || !Enum.IsDefined(typeof(SporeAssetType), typeId)) { Console.WriteLine($"invalid type id: {typeId}"); return(Ok()); } var user = await _userManager.GetUserAsync(User); // make sure the requested assetId is the user's nextAssetId if (user.NextAssetId != formAsset.AssetId) { return(Ok()); } var asset = await _assetManager.FindByIdAsync(formAsset.AssetId); // make sure the asset exists and // make sure it isn't already used if (asset == null || asset.Used) { return(Ok()); } // make sure the asset doesn't go over any limits if ((formAsset.Description != null && formAsset.Description.Length > 256) || (formAsset.ModelData != null && formAsset.ModelData.FileName.Length > 32) || (formAsset.Tags != null && formAsset.Tags.Length > 256)) { return(Ok()); } // save the asset if (!await _assetManager.AddAsync(formAsset, asset, parentAsset, (slurpValue == 1), (SporeAssetType)typeId)) { return(StatusCode(500)); } return(Ok()); }