From 4392961dd95582b91e173f9ae40ac510b9afe7d4 Mon Sep 17 00:00:00 2001
From: Jeffrey Armstrong <jeff@approximatrix.com>
Date: Mon, 11 Apr 2022 16:28:43 -0400
Subject: Added token validation to all api calls, esp. checkins.  Changed
 status reports to use better query structure.  Added query derived types to
 the request derived types directly.  Requires testing of actual builds.

---
 captain/security.f90 | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'captain/security.f90')

diff --git a/captain/security.f90 b/captain/security.f90
index 2f5fa4c..44d40a6 100644
--- a/captain/security.f90
+++ b/captain/security.f90
@@ -104,4 +104,43 @@ contains
     
     end function validate_titan_token
 
+    ! NOTE: A null() token can be passed, and it might even validate!
+    function validate_query_token(token, player)
+    use captain_db
+    implicit none
+        
+        character(len=:), pointer::token
+        character(len=*), intent(in)::player
+        
+        logical::validate_query_token
+        
+        character(len=:), pointer::dbtoken
+        
+        validate_query_token = .false.
+        
+        if(associated(token)) then
+            allocate(character(len=len(token))::dbtoken)
+        else
+            allocate(character(len=64)::dbtoken)
+        end if
+        
+        dbtoken = ' '
+        
+        call get_player_token_db(player, dbtoken)
+        
+        ! If no token is provided and none is in the db, then we're okay
+        if((.not. associated(token)) .and. len_trim(dbtoken) == 0) then
+            
+            validate_query_token = .true.
+            
+        else if(associated(token)) then
+            
+            validate_query_token = (trim(token) == trim(dbtoken))
+            
+        end if
+        
+        deallocate(dbtoken)
+        
+    end function validate_query_token
+
 end module security
\ No newline at end of file
-- 
cgit v1.2.3