Add player search API

[tudddorrr]

No description provided.

[claude]

Code Review: Add Player Search API

Security Concerns

URL Encoding Vulnerability: The search query is directly interpolated into the URL without proper encoding in PlayersAPI.cs:151. This creates potential security issues including URL injection attacks, malformed URLs causing exceptions, and query parameter pollution if user input contains additional parameters. Fix: Use proper URL encoding with Uri.EscapeDataString(query).

Potential Bugs & Issues

Null Reference Exception Risk: In SearchPlayers.cs:29-30, the code calls GetAlias() without null checking. If a player has no aliases, GetAlias() returns null, causing NullReferenceException. Fix: Add null checking with GetAlias()?.identifier and filter out nulls.

Missing Error Handling: The Search method in PlayersAPI.cs lacks error handling - network failures or API errors will bubble up as unhandled exceptions.

Code Quality Issues

Inconsistent Method Patterns: Other API methods follow a consistent pattern with try-catch blocks and specific error handling, but Search method doesn't follow this pattern.

Missing Input Validation: No validation for empty/whitespace-only queries in the API layer - validation only exists in UI layer.

Performance Considerations

Inefficient LINQ Usage: In SearchPlayers.cs, the ToArray() call forces immediate evaluation when the result is only used for string joining. Optimization: Remove unnecessary ToArray() call.

Summary

Priority fixes needed:

1. Critical: Fix URL encoding vulnerability in search query
2. High: Add null checking in SearchPlayers.cs to prevent crashes
3. Medium: Add consistent error handling in Search API method
4. Low: Minor performance optimization in LINQ usage

The feature implementation is functional but needs security hardening and error handling improvements before production use.

[claude]

🔍 Code Quality and Best Practices

---

Potential Issues to Address:

1. Null Reference Exceptions

• Player.GetAlias() in SearchPlayers.cs:28 can return null, but this isn't handled when building the identifiers string
• Consider using null-conditional operators or proper null checks

2. String Handling

• The query.Trim() in PlayersAPI.Search() could still result in an empty string after trimming whitespace-only input
• Consider validating the trimmed query length before proceeding

---

⚡ Performance Considerations

---

Areas for Optimization:

1. LINQ Operations

• SearchPlayers.cs:28 uses Select() followed by string.Join() - this creates an intermediate collection
• The GetAlias() call for each player could return null, causing issues in string concatenation

2. Memory Allocation

• Multiple string operations in the search result formatting could be optimized with StringBuilder for large result sets

---

🛡️ Security Concerns

---

Potential Security Issues:

1. Query Parameter Injection

• While Uri.EscapeDataString() is used, consider additional validation for malicious query patterns
• No length limits on the query parameter could potentially cause issues

2. Error Information Disclosure

• The search implementation doesn't appear to handle or sanitize error responses from the API that might leak sensitive information

---

🔄 Backwards Compatibility

---

Compatibility Issues:

1. New Player Properties

• Adding aliases array to Player class could break existing serialization/deserialization if not properly handled
• Existing code expecting Player objects might not handle the new aliases field gracefully

2. API Dependency

• The new Search method introduces a dependency on a new API endpoint (/search) that may not be available in older backend versions