aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkg/api/api0/accounts.go27
1 files changed, 23 insertions, 4 deletions
diff --git a/pkg/api/api0/accounts.go b/pkg/api/api0/accounts.go
index a19a908..76e47b6 100644
--- a/pkg/api/api0/accounts.go
+++ b/pkg/api/api0/accounts.go
@@ -115,9 +115,6 @@ func (h *Handler) handleAccountsWritePersistence(w http.ResponseWriter, r *http.
}
serverID := r.URL.Query().Get("serverId") // blank on listen server
- if serverID != "" {
- // TODO: check serverID
- }
raddr, err := netip.ParseAddrPort(r.RemoteAddr)
if err != nil {
@@ -162,7 +159,29 @@ func (h *Handler) handleAccountsWritePersistence(w http.ResponseWriter, r *http.
return
}
} else {
- // TODO: check if gameserver ip matches and that account is on it
+ srv := h.ServerList.GetServerByID(serverID)
+ if srv == nil {
+ respJSON(w, r, http.StatusForbidden, map[string]any{
+ "success": false,
+ "error": ErrorCode_UNAUTHORIZED_GAMESERVER,
+ "msg": ErrorCode_UNAUTHORIZED_GAMESERVER.Messagef("no such game server"),
+ })
+ return
+ }
+ if srv.Addr.Addr() != raddr.Addr() {
+ respJSON(w, r, http.StatusForbidden, map[string]any{
+ "success": false,
+ "error": ErrorCode_UNAUTHORIZED_GAMESERVER,
+ })
+ return
+ }
+ if acct.LastServerID != srv.ID {
+ respJSON(w, r, http.StatusForbidden, map[string]any{
+ "success": false,
+ "error": ErrorCode_UNAUTHORIZED_GAMESERVER,
+ })
+ return
+ }
}
if err := h.PdataStorage.SetPdata(uid, buf); err != nil {