! Copyright (c) 2021 Approximatrix, LLC ! ! Permission is hereby granted, free of charge, to any person obtaining a copy ! of this software and associated documentation files (the "Software"), to deal ! in the Software without restriction, including without limitation the rights ! to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ! copies of the Software, and to permit persons to whom the Software is ! furnished to do so, subject to the following conditions: ! ! The above copyright notice and this permission notice shall be included in ! all copies or substantial portions of the Software. ! ! The Software shall be used for Good, not Evil. ! ! THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ! IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ! FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ! AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ! LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ! OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ! SOFTWARE. module security implicit none contains function validate_titan_token(token_string, player_name) use captain_db use logging implicit none character(*), intent(in)::token_string character(*), intent(in), optional::player_name logical::validate_titan_token character(len=:), pointer::dbtoken, internal_player integer::player_id, i, j validate_titan_token = .false. i = index(token_string, ":") j = len_trim(token_string) if(present(player_name)) then allocate(character(len=len_trim(player_name)) :: internal_player) internal_player = player_name else if(i > 0) then allocate(character(len=i-1) :: internal_player) internal_player = token_string(1:i-1) end if end if if(associated(internal_player)) then player_id = get_player_id(internal_player) if(player_id >= 0) then if(.not. player_has_token_db(internal_player)) then validate_titan_token = .true. else allocate(character(len=(len_trim(token_string) + 1)) :: dbtoken) dbtoken = " " call get_player_token_db(internal_player, dbtoken) if(i <= 0) then i = 1 else i = i + 1 end if call write_log("Tokens '"//trim(dbtoken)//"' vs. '"//token_string(i:j)//"'") validate_titan_token = (trim(dbtoken) == token_string(i:j)) deallocate(dbtoken) end if end if if(validate_titan_token) then call write_log("Titan token valid for "//trim(internal_player)) else call write_log("Titan token FAILURE for "//trim(internal_player)) end if deallocate(internal_player) else call write_log("Titan token did not include a player - REJECTED") end if end function validate_titan_token ! NOTE: A null() token can be passed, and it might even validate! function validate_query_token(token, player) use captain_db implicit none character(len=:), pointer::token character(len=*), intent(in)::player logical::validate_query_token character(len=:), pointer::dbtoken validate_query_token = .false. if(associated(token)) then allocate(character(len=len(token))::dbtoken) else allocate(character(len=64)::dbtoken) end if dbtoken = ' ' call get_player_token_db(player, dbtoken) ! If no token is provided and none is in the db, then we're okay if((.not. associated(token)) .and. len_trim(dbtoken) == 0) then validate_query_token = .true. else if(associated(token)) then validate_query_token = (trim(token) == trim(dbtoken)) end if deallocate(dbtoken) end function validate_query_token end module security