Security fixes, UI improvements, and game balance updates

- Fixed critical security vulnerabilities in shop targeting system - Fixed admin authentication bypass issues - Fixed auto-rearm feature config path (duck_spawning.rearm_on_duck_shot) - Updated duck spawn timing to 20-60 minutes for better game balance - Enhanced inventory display formatting with proper spacing - Added comprehensive admin security documentation
2025-09-26 19:06:26 +01:00
parent 5484548c30
commit f3a9c5b611
21 changed files with 1162 additions and 256 deletions
--- a/ADMIN_SECURITY.md
+++ b/ADMIN_SECURITY.md
@@ -0,0 +1,46 @@
+# Enhanced Admin Configuration
+
+For better security, update your `config.json` to use hostmask-based admin authentication:
+
+## Current (Less Secure) - Nick Only:
+```json
+{
+    "admins": [
+        "peorth",
+        "computertech", 
+        "colby"
+    ]
+}
+```
+
+## Recommended (More Secure) - Hostmask Based:
+```json
+{
+    "admins": [
+        {
+            "nick": "peorth",
+            "hostmask": "peorth!*@trusted.domain.com"
+        },
+        {
+            "nick": "computertech", 
+            "hostmask": "computertech!*@*.isp.net"
+        },
+        {
+            "nick": "colby",
+            "hostmask": "colby!user@192.168.*.*"
+        }
+    ]
+}
+```
+
+## Migration Notes:
+- The bot supports both formats for backward compatibility
+- Nick-only authentication generates security warnings in logs
+- Hostmask patterns use shell-style wildcards (* and ?)
+- Consider using registered nick services for additional security
+
+## Security Benefits:
+- Prevents nick spoofing attacks
+- Allows IP/hostname restrictions
+- Provides audit logging of admin access
+- Maintains backward compatibility during migration