fix: tony mail exploit

build-number.txt

@@ -1 +1 @@
-3479
+3480

src/main/java/me/chayapak1/chomens_bot/commands/MailCommand.java

@@ -6,6 +6,7 @@ import me.chayapak1.chomens_bot.command.Command;
 import me.chayapak1.chomens_bot.command.CommandContext;
 import me.chayapak1.chomens_bot.command.CommandException;
 import me.chayapak1.chomens_bot.command.TrustLevel;
+import me.chayapak1.chomens_bot.data.chat.ChatPacketType;
 import me.chayapak1.chomens_bot.data.mail.Mail;
 import me.chayapak1.chomens_bot.data.player.PlayerEntry;
 import me.chayapak1.chomens_bot.plugins.DatabasePlugin;
@@ -28,7 +29,9 @@ public class MailCommand extends Command {
                 "mail",
                 new String[] { "send <player> <message>", "sendselecteditem <player>", "read" },
                 new String[] {},
-                TrustLevel.PUBLIC
+                TrustLevel.PUBLIC,
+                false,
+                new ChatPacketType[] { ChatPacketType.SYSTEM, ChatPacketType.DISGUISED }
         );
     }
 

src/main/java/me/chayapak1/chomens_bot/plugins/MailPlugin.java

@@ -2,6 +2,7 @@ package me.chayapak1.chomens_bot.plugins;
 
 import me.chayapak1.chomens_bot.Bot;
 import me.chayapak1.chomens_bot.Main;
+import me.chayapak1.chomens_bot.command.CommandException;
 import me.chayapak1.chomens_bot.data.listener.Listener;
 import me.chayapak1.chomens_bot.data.mail.Mail;
 import me.chayapak1.chomens_bot.data.player.PlayerEntry;
@@ -74,7 +75,18 @@ public class MailPlugin implements Listener {
         });
     }
 
-    public void send (final Mail mail) {
+    public void send (final Mail mail) throws CommandException {
+        final List<Mail> mails = list();
+
+        int count = 0;
+        for (final Mail eachMail : mails) {
+            if (!eachMail.sentBy().equals(mail.sentBy())) continue;
+
+            if (count > 50) throw new CommandException(Component.translatable("commands.mail.error.spam"));
+
+            count++;
+        }
+
         try {
             final PreparedStatement statement = Main.database.connection.prepareStatement(INSERT_MAIL);
 

src/main/resources/language-en_us.json

@@ -158,6 +158,7 @@
   "commands.mail.read.hover_more_info": "[Hover here for more info]",
   "commands.mail.read.hover_info": "Time sent: %s\nServer: %s",
   "commands.mail.read.mails_text": "Mails ",
+  "commands.mail.error.spam": "Too many mails are being sent from you!",
 
   "commands.music.description": "Plays music",
   "commands.music.error.locked": "Managing music is currently locked",