From 9e38ccccbc4384fc7901abee19ea92bdffe812c0 Mon Sep 17 00:00:00 2001
From: Flashfyre <flashfireex@gmail.com>
Date: Wed, 14 Feb 2024 17:12:10 -0500
Subject: [PATCH] Add system data integrity check

---
 api/savedata.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/api/savedata.go b/api/savedata.go
index e2f296a..2f4abad 100644
--- a/api/savedata.go
+++ b/api/savedata.go
@@ -120,6 +120,11 @@ func (s *Server) HandleSavedataUpdate(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
+		if system.TrainerId == 0 && system.SecretId == 0 {
+			http.Error(w, "invalid system data", http.StatusInternalServerError)
+			return
+		}
+
 		var gobBuffer bytes.Buffer
 		err = gob.NewEncoder(&gobBuffer).Encode(system)
 		if err != nil {
@@ -201,16 +206,16 @@ func (s *Server) HandleSavedataDelete(w http.ResponseWriter, r *http.Request) {
 
 	switch r.URL.Query().Get("datatype") {
 	case "0": // System
-		err := os.Remove("userdata/"+hexUuid+"/system.pzs")
+		err := os.Remove("userdata/" + hexUuid + "/system.pzs")
 		if err != nil && !os.IsNotExist(err) {
 			http.Error(w, fmt.Sprintf("failed to delete save file: %s", err), http.StatusInternalServerError)
-			return 
+			return
 		}
 	case "1": // Session
-		err := os.Remove("userdata/"+hexUuid+"/session.pzs")
+		err := os.Remove("userdata/" + hexUuid + "/session.pzs")
 		if err != nil && !os.IsNotExist(err) {
 			http.Error(w, fmt.Sprintf("failed to delete save file: %s", err), http.StatusInternalServerError)
-			return 
+			return
 		}
 	default:
 		http.Error(w, "invalid data type", http.StatusBadRequest)