From 02da4adf9ae6b477376bb27a092feec06a3f2b91 Mon Sep 17 00:00:00 2001
From: Nathanael Sensfelder <SpamShield0@MultiAgentSystems.org>
Date: Tue, 28 Nov 2017 22:19:38 +0100
Subject: Fixes timed caches.

Allowing a refresh of the timer opened the door to exploits.
---
 src/io/database_shim.erl | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/io/database_shim.erl')

diff --git a/src/io/database_shim.erl b/src/io/database_shim.erl
index 5ae6a62..0b9ea1c 100644
--- a/src/io/database_shim.erl
+++ b/src/io/database_shim.erl
@@ -12,7 +12,8 @@
    [
       generate_db/1,
       fetch/2,
-      commit/3
+      commit/3,
+      assert_session_is_valid/2
    ]
 ).
 
@@ -100,3 +101,10 @@ fetch (DB, ObjectID) ->
 commit (DB, ObjectID, Value) ->
    add_to_db({DB, ObjectID}, Value),
    timed_cache:invalidate(DB, ObjectID).
+
+assert_session_is_valid (_PlayerID, _SessionToken) ->
+   % Ask PlayerID's login server if SessionToken is correct.
+   % If so, update last login time to prevent relogin within
+   % (database_timeout * 2).
+   % If not, crash.
+   ok.
-- 
cgit v1.2.3-70-g09d2