From d8354871a44a9ac2f887f4016e909284dfd0a1cf Mon Sep 17 00:00:00 2001
From: netkas <netkas.nosial@gmail.com>
Date: Wed, 4 Jun 2025 13:34:27 -0400
Subject: [PATCH] Add ListEvidence method and improve error handling in
 UploadAttachment

---
 .../Methods/Attachments/UploadAttachment.php  | 23 +++-----
 .../Methods/Evidence/ListEvidence.php         | 52 +++++++++++++++++++
 2 files changed, 58 insertions(+), 17 deletions(-)
 create mode 100644 src/FederationServer/Methods/Evidence/ListEvidence.php

diff --git a/src/FederationServer/Methods/Attachments/UploadAttachment.php b/src/FederationServer/Methods/Attachments/UploadAttachment.php
index f97a507..45fe435 100644
--- a/src/FederationServer/Methods/Attachments/UploadAttachment.php
+++ b/src/FederationServer/Methods/Attachments/UploadAttachment.php
@@ -19,9 +19,6 @@
 
     class UploadAttachment extends RequestHandler
     {
-        // Maximum number of files allowed in the storage directory
-        private const MAX_FILES = 10000;
-
         /**
          * @inheritDoc
          * @throws RequestException
@@ -87,8 +84,7 @@
             // Validate file upload status
             if (!isset($file['error']) || $file['error'] !== UPLOAD_ERR_OK)
             {
-                $errorMessage = self::getUploadErrorMessage($file['error'] ?? -1);
-                throw new RequestException($errorMessage);
+                throw new RequestException(self::getUploadErrorMessage($file['error'] ?? -1), 400);
             }
 
             // Validate file exists and is readable
@@ -103,7 +99,7 @@
             // Check for symlinks/hardlinks in tmp_name
             if (is_link($file['tmp_name']))
             {
-                throw new RequestException('Invalid file upload (symbolic link detected)');
+                throw new RequestException('Invalid file upload (symbolic link detected)', 400);
             }
 
             // Additional check for path traversal attempts
@@ -119,21 +115,14 @@
             {
                 if (!mkdir($storagePath, 0750, true))
                 {
-                    throw new RequestException('Storage directory could not be created');
+                    throw new RequestException('Storage directory could not be created', 500);
                 }
             }
 
             // Verify storage directory permissions
             if (!is_writable($storagePath))
             {
-                throw new RequestException('Storage directory is not writable');
-            }
-
-            // Limit number of files in storage directory (prevent DoS)
-            $fileCount = iterator_count(new FilesystemIterator($storagePath, FilesystemIterator::SKIP_DOTS));
-            if ($fileCount >= self::MAX_FILES)
-            {
-                throw new RequestException('Storage limit reached');
+                throw new RequestException('Storage directory is not writable', 500);
             }
 
             // Generate a strong random UUID for the file
@@ -147,7 +136,7 @@
 
             if (!move_uploaded_file($file['tmp_name'], $tempDestination))
             {
-                throw new RequestException('Failed to move uploaded file');
+                throw new RequestException('Failed to move uploaded file', 500);
             }
 
             try
@@ -158,7 +147,7 @@
                 // Move to final destination
                 if (!rename($tempDestination, $destinationPath))
                 {
-                    throw new RequestException('Failed to finalize file upload');
+                    throw new RequestException('Failed to finalize file upload', 500);
                 }
 
                 // Create a record in the database
diff --git a/src/FederationServer/Methods/Evidence/ListEvidence.php b/src/FederationServer/Methods/Evidence/ListEvidence.php
new file mode 100644
index 0000000..48605a6
--- /dev/null
+++ b/src/FederationServer/Methods/Evidence/ListEvidence.php
@@ -0,0 +1,52 @@
+<?php
+
+    namespace FederationServer\Methods\Evidence;
+
+    use FederationServer\Classes\Configuration;
+    use FederationServer\Classes\Managers\EvidenceManager;
+    use FederationServer\Classes\Managers\OperatorManager;
+    use FederationServer\Classes\RequestHandler;
+    use FederationServer\Exceptions\DatabaseOperationException;
+    use FederationServer\Exceptions\RequestException;
+    use FederationServer\FederationServer;
+
+    class ListEvidence extends RequestHandler
+    {
+        /**
+         * @inheritDoc
+         */
+        public static function handleRequest(): void
+        {
+            $authenticatedOperator = FederationServer::getAuthenticatedOperator(false);
+            if(!Configuration::getServerConfiguration()->isPublicEvidence() && $authenticatedOperator === null)
+            {
+                throw new RequestException('Unauthorized: You must be authenticated to list evidence', 401);
+            }
+
+            $limit = (int) (FederationServer::getParameter('limit') ?? Configuration::getServerConfiguration()->getListEvidenceMaxItems());
+            $page = (int) (FederationServer::getParameter('page') ?? 1);
+
+            if($limit < 1 || $limit > Configuration::getServerConfiguration()->getListEvidenceMaxItems())
+            {
+                $limit = Configuration::getServerConfiguration()->getListEvidenceMaxItems();
+            }
+
+            if($page < 1)
+            {
+                $page = 1;
+            }
+
+            try
+            {
+                $operators = EvidenceManager::getEvidenceRecords($limit, $page);
+            }
+            catch (DatabaseOperationException $e)
+            {
+                throw new RequestException('Internal Server Error: Unable to retrieve operators', 500, $e);
+            }
+
+            $result = array_map(fn($op) => $op->toArray(), $operators);
+            self::successResponse($result);
+        }
+    }
+