Send "disconnected" cmd if user failed cred check.

This (currently) does not apply to the actual login page, but just to
any other action that requires being logged in.

2 files changed, 32 insertions, 21 deletions

diff --git a/src/battle/query/btl_character_turn.erl b/src/battle/query/btl_character_turn.erl
index b23a02e..62d4b4b 100644
--- a/src/battle/query/btl_character_turn.erl
+++ b/src/battle/query/btl_character_turn.erl
@@ -25,17 +25,17 @@ decode_request (BinaryRequest) ->
    btl_character_turn_request:decode(JSONMap).
 
 %%%% USER AUTHENTICATION %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--spec authenticate_user (btl_character_turn_request:type()) -> 'ok'.
+-spec authenticate_user (btl_character_turn_request:type()) -> ('ok' | 'error').
 authenticate_user (Request) ->
    PlayerID = btl_character_turn_request:get_player_id(Request),
    SessionToken = btl_character_turn_request:get_session_token(Request),
 
    Player = shr_timed_cache:fetch(player_db, any, PlayerID),
 
-   shr_security:assert_identity(SessionToken, Player),
-   shr_security:lock_queries(PlayerID),
-
-   ok.
+   case shr_security:credentials_match(SessionToken, Player) of
+      true -> ok;
+      _ -> error
+   end.
 
 %%%% MAIN LOGIC %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -spec fetch_data
@@ -265,13 +265,19 @@ generate_reply (Update) ->
 -spec handle (binary()) -> binary().
 handle (EncodedRequest) ->
    Request = decode_request(EncodedRequest),
-   authenticate_user(Request),
-   Data = fetch_data(Request),
-   assert_user_permissions(Data, Request),
-   Update = update_data(Data, Request),
-   commit_update(Update, Request),
-   disconnect_user(Request),
-   generate_reply(Update).
+   case authenticate_user(Request) of
+      ok ->
+         PlayerID = btl_character_turn_request:get_player_id(Request),
+         shr_security:lock_queries(PlayerID),
+         Data = fetch_data(Request),
+         assert_user_permissions(Data, Request),
+         Update = update_data(Data, Request),
+         commit_update(Update, Request),
+         disconnect_user(Request),
+         generate_reply(Update);
+
+      error -> jiffy:encode([shr_disconnected:generate()])
+   end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% EXPORTED FUNCTIONS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
diff --git a/src/battle/query/btl_load.erl b/src/battle/query/btl_load.erl
index 35ad6f9..cbcc3b5 100644
--- a/src/battle/query/btl_load.erl
+++ b/src/battle/query/btl_load.erl
@@ -48,16 +48,17 @@ parse_input (Req) ->
       battle_id = BattleID
    }.
 
--spec authenticate_user (input()) -> 'ok'.
+-spec authenticate_user (input()) -> ('ok' | 'error').
 authenticate_user (Input) ->
    PlayerID = Input#input.player_id,
    SessionToken = Input#input.session_token,
 
    Player = shr_timed_cache:fetch(player_db, any, PlayerID),
 
-   shr_security:assert_identity(SessionToken, Player),
-
-   ok.
+   case shr_security:credentials_match(SessionToken, Player) of
+      true -> ok;
+      _ -> error
+   end.
 
 -spec fetch_data (input()) -> query_state().
 fetch_data (Input) ->
@@ -150,11 +151,15 @@ generate_reply (QueryState, Input) ->
 -spec handle (binary()) -> binary().
 handle (Req) ->
    Input = parse_input(Req),
-   authenticate_user(Input),
-   shr_security:lock_queries(Input#input.player_id),
-   QueryState = fetch_data(Input),
-   shr_security:unlock_queries(Input#input.player_id),
-   generate_reply(QueryState, Input).
+   case authenticate_user(Input) of
+      ok ->
+         shr_security:lock_queries(Input#input.player_id),
+         QueryState = fetch_data(Input),
+         shr_security:unlock_queries(Input#input.player_id),
+         generate_reply(QueryState, Input);
+
+      error -> jiffy:encode([shr_disconnected:generate()])
+   end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% EXPORTED FUNCTIONS %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%