Match trainer and secret ID on update for data integrity
Flashfyre
parent
849bc601f0
commit
2f8c2d3f07
|
|
@ -203,6 +203,43 @@ func handleSaveData(w http.ResponseWriter, r *http.Request) {
|
|||
httpError(w, r, fmt.Errorf("session out of date"), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
var trainerId = 0
|
||||
var secretId = 0
|
||||
|
||||
if r.URL.Path != "/savedata/update" || datatype == 1 {
|
||||
if r.URL.Query().Has("trainerId") && r.URL.Query().Has("secretId") {
|
||||
trainerId, err = strconv.Atoi(r.URL.Query().Get("trainerId"))
|
||||
if err != nil {
|
||||
httpError(w, r, err, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
secretId, err = strconv.Atoi(r.URL.Query().Get("secretId"))
|
||||
if err != nil {
|
||||
httpError(w, r, err, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
}
|
||||
} else {
|
||||
trainerId = save.(defs.SystemSaveData).TrainerId
|
||||
secretId = save.(defs.SystemSaveData).SecretId
|
||||
}
|
||||
|
||||
storedTrainerId, storedSecretId, err := db.FetchTrainerIds(uuid)
|
||||
if err != nil {
|
||||
httpError(w, r, err, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if storedTrainerId > 0 || storedSecretId > 0 {
|
||||
if trainerId != storedTrainerId || secretId != storedSecretId {
|
||||
httpError(w, r, fmt.Errorf("session out of date"), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
db.UpdateTrainerIds(trainerId, secretId, uuid)
|
||||
}
|
||||
}
|
||||
|
||||
switch r.URL.Path {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ func Update(uuid []byte, slot int, save any) error {
|
|||
return fmt.Errorf("invalid system data")
|
||||
}
|
||||
|
||||
if save.GameVersion != "1.0.2" {
|
||||
if save.GameVersion != "1.0.3" {
|
||||
return fmt.Errorf("client version out of date")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -175,6 +175,24 @@ func FetchAccountKeySaltFromUsername(username string) ([]byte, []byte, error) {
|
|||
return key, salt, nil
|
||||
}
|
||||
|
||||
func FetchTrainerIds(uuid []byte) (trainerId int, secretId int, err error) {
|
||||
err = handle.QueryRow("SELECT trainerId, secretId FROM accounts WHERE uuid = ?", uuid).Scan(&trainerId, &secretId)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
|
||||
return trainerId, secretId, nil
|
||||
}
|
||||
|
||||
func UpdateTrainerIds(trainerId int, secretId int, uuid []byte) error {
|
||||
_, err := handle.Exec("UPDATE accounts SET trainerId = ?, secretId = ? WHERE uuid = ?", trainerId, secretId, uuid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func IsActiveSession(token []byte) (bool, error) {
|
||||
var active int
|
||||
err := handle.QueryRow("SELECT `active` FROM sessions WHERE token = ?", token).Scan(&active)
|
||||
|
|
|
|||
Loading…
Reference in New Issue