diff --git a/api/endpoints.go b/api/endpoints.go index 14569b1..5e0f51c 100644 --- a/api/endpoints.go +++ b/api/endpoints.go @@ -203,6 +203,43 @@ func handleSaveData(w http.ResponseWriter, r *http.Request) { httpError(w, r, fmt.Errorf("session out of date"), http.StatusBadRequest) return } + + var trainerId = 0 + var secretId = 0 + + if r.URL.Path != "/savedata/update" || datatype == 1 { + if r.URL.Query().Has("trainerId") && r.URL.Query().Has("secretId") { + trainerId, err = strconv.Atoi(r.URL.Query().Get("trainerId")) + if err != nil { + httpError(w, r, err, http.StatusBadRequest) + return + } + + secretId, err = strconv.Atoi(r.URL.Query().Get("secretId")) + if err != nil { + httpError(w, r, err, http.StatusBadRequest) + return + } + } + } else { + trainerId = save.(defs.SystemSaveData).TrainerId + secretId = save.(defs.SystemSaveData).SecretId + } + + storedTrainerId, storedSecretId, err := db.FetchTrainerIds(uuid) + if err != nil { + httpError(w, r, err, http.StatusInternalServerError) + return + } + + if storedTrainerId > 0 || storedSecretId > 0 { + if trainerId != storedTrainerId || secretId != storedSecretId { + httpError(w, r, fmt.Errorf("session out of date"), http.StatusBadRequest) + return + } + } else { + db.UpdateTrainerIds(trainerId, secretId, uuid) + } } switch r.URL.Path { diff --git a/api/savedata/update.go b/api/savedata/update.go index 7c75dbc..5d34e5b 100644 --- a/api/savedata/update.go +++ b/api/savedata/update.go @@ -35,7 +35,7 @@ func Update(uuid []byte, slot int, save any) error { return fmt.Errorf("invalid system data") } - if save.GameVersion != "1.0.2" { + if save.GameVersion != "1.0.3" { return fmt.Errorf("client version out of date") } diff --git a/db/account.go b/db/account.go index 21b7a32..614b667 100644 --- a/db/account.go +++ b/db/account.go @@ -175,6 +175,24 @@ func FetchAccountKeySaltFromUsername(username string) ([]byte, []byte, error) { return key, salt, nil } +func FetchTrainerIds(uuid []byte) (trainerId int, secretId int, err error) { + err = handle.QueryRow("SELECT trainerId, secretId FROM accounts WHERE uuid = ?", uuid).Scan(&trainerId, &secretId) + if err != nil { + return 0, 0, err + } + + return trainerId, secretId, nil +} + +func UpdateTrainerIds(trainerId int, secretId int, uuid []byte) error { + _, err := handle.Exec("UPDATE accounts SET trainerId = ?, secretId = ? WHERE uuid = ?", trainerId, secretId, uuid) + if err != nil { + return err + } + + return nil +} + func IsActiveSession(token []byte) (bool, error) { var active int err := handle.QueryRow("SELECT `active` FROM sessions WHERE token = ?", token).Scan(&active)