diff options
| author | Jeffrey Armstrong <jeff@approximatrix.com> | 2022-04-11 16:28:43 -0400 |
|---|---|---|
| committer | Jeffrey Armstrong <jeff@approximatrix.com> | 2022-04-11 16:28:43 -0400 |
| commit | 4392961dd95582b91e173f9ae40ac510b9afe7d4 (patch) | |
| tree | 253e6d2b7ea70b21074575af94d194ed4ec48571 /captain/security.f90 | |
| parent | 26a936137f67843cb773bc9b9e8c360d5abff65f (diff) | |
| download | levitating-4392961dd95582b91e173f9ae40ac510b9afe7d4.tar.gz levitating-4392961dd95582b91e173f9ae40ac510b9afe7d4.zip | |
Added token validation to all api calls, esp. checkins. Changed status reports to use better query structure. Added query derived types to the request derived types directly. Requires testing of actual builds.
Diffstat (limited to 'captain/security.f90')
| -rw-r--r-- | captain/security.f90 | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/captain/security.f90 b/captain/security.f90 index 2f5fa4c..44d40a6 100644 --- a/captain/security.f90 +++ b/captain/security.f90 @@ -104,4 +104,43 @@ contains end function validate_titan_token + ! NOTE: A null() token can be passed, and it might even validate! + function validate_query_token(token, player) + use captain_db + implicit none + + character(len=:), pointer::token + character(len=*), intent(in)::player + + logical::validate_query_token + + character(len=:), pointer::dbtoken + + validate_query_token = .false. + + if(associated(token)) then + allocate(character(len=len(token))::dbtoken) + else + allocate(character(len=64)::dbtoken) + end if + + dbtoken = ' ' + + call get_player_token_db(player, dbtoken) + + ! If no token is provided and none is in the db, then we're okay + if((.not. associated(token)) .and. len_trim(dbtoken) == 0) then + + validate_query_token = .true. + + else if(associated(token)) then + + validate_query_token = (trim(token) == trim(dbtoken)) + + end if + + deallocate(dbtoken) + + end function validate_query_token + end module security
\ No newline at end of file |