Match trainer and secret ID on update for data integrity

pull/4/head
Flashfyre 8 months ago
parent 849bc601f0
commit 2f8c2d3f07

@ -203,6 +203,43 @@ func handleSaveData(w http.ResponseWriter, r *http.Request) {
httpError(w, r, fmt.Errorf("session out of date"), http.StatusBadRequest)
return
}
var trainerId = 0
var secretId = 0
if r.URL.Path != "/savedata/update" || datatype == 1 {
if r.URL.Query().Has("trainerId") && r.URL.Query().Has("secretId") {
trainerId, err = strconv.Atoi(r.URL.Query().Get("trainerId"))
if err != nil {
httpError(w, r, err, http.StatusBadRequest)
return
}
secretId, err = strconv.Atoi(r.URL.Query().Get("secretId"))
if err != nil {
httpError(w, r, err, http.StatusBadRequest)
return
}
}
} else {
trainerId = save.(defs.SystemSaveData).TrainerId
secretId = save.(defs.SystemSaveData).SecretId
}
storedTrainerId, storedSecretId, err := db.FetchTrainerIds(uuid)
if err != nil {
httpError(w, r, err, http.StatusInternalServerError)
return
}
if storedTrainerId > 0 || storedSecretId > 0 {
if trainerId != storedTrainerId || secretId != storedSecretId {
httpError(w, r, fmt.Errorf("session out of date"), http.StatusBadRequest)
return
}
} else {
db.UpdateTrainerIds(trainerId, secretId, uuid)
}
}
switch r.URL.Path {

@ -35,7 +35,7 @@ func Update(uuid []byte, slot int, save any) error {
return fmt.Errorf("invalid system data")
}
if save.GameVersion != "1.0.2" {
if save.GameVersion != "1.0.3" {
return fmt.Errorf("client version out of date")
}

@ -175,6 +175,24 @@ func FetchAccountKeySaltFromUsername(username string) ([]byte, []byte, error) {
return key, salt, nil
}
func FetchTrainerIds(uuid []byte) (trainerId int, secretId int, err error) {
err = handle.QueryRow("SELECT trainerId, secretId FROM accounts WHERE uuid = ?", uuid).Scan(&trainerId, &secretId)
if err != nil {
return 0, 0, err
}
return trainerId, secretId, nil
}
func UpdateTrainerIds(trainerId int, secretId int, uuid []byte) error {
_, err := handle.Exec("UPDATE accounts SET trainerId = ?, secretId = ? WHERE uuid = ?", trainerId, secretId, uuid)
if err != nil {
return err
}
return nil
}
func IsActiveSession(token []byte) (bool, error) {
var active int
err := handle.QueryRow("SELECT `active` FROM sessions WHERE token = ?", token).Scan(&active)

Loading…
Cancel
Save