Flask Relay

This is the relay server component for the system, serving as the download point for .ogg files generated by the flite-flask synthesiser component. It represents the other publicly-facing container, besides the Godot engine game-server instance itself.

Issues

Security

This is currently very insecure, e.g.:

• The root POST method is available to the wider internet, potentially allowing an attacker to replace a file with a malicious payload, given prior knowledge of the UUID access point using which other players will download.
• The secure filename facility is untested, and may (potentially) allow a path traversal attack

(Lack of) Testing

Tests need to be added, prefarably with a CI/CD solution.

Performance

• Ogg files are never deleted once uploaded - they can be a maximum of 1MB in size, but this will eventually add up
  • This could hypothetically be fixed using a system like Redis for cache