/// <summary>
/// Verifies that the provided <see cref="characterId"/>
/// is owned by the current User claim.
/// </summary>
/// <param name="characterId"></param>
/// <returns></returns>
public async Task <bool> VerifyCharacterOwnedByAccount(int characterId)
{
int accountId = ClaimsReader.GetUserIdInt(User);
//TODO: Do we want to expose this to non-controlers?
//First we should validate that the account that is authorized owns the character it is requesting session data from
return((await CharacterRepository.CharacterIdsForAccountId(accountId).ConfigureAwait(false))
.Contains(characterId));
}
private async Task<CharacterSessionDataResponse> RetrieveSessionDataIfAvailable(int characterId, int accountId)
{
if(!(await CharacterRepository.CharacterIdsForAccountId(accountId).ConfigureAwaitFalse())
.Contains(characterId))
{
//Requesting session data about an unowned character.
return new CharacterSessionDataResponse(CharacterSessionDataResponseCode.Unauthorized);
}
//Active sessions don't matter, we just want session data for this character.
if(await CharacterSessionRepository.ContainsAsync(characterId).ConfigureAwaitFalse())
{
//If there is a session, we should just send the zone. Maybe in the future we want to send more data but we only need the zone at the moment.
return new CharacterSessionDataResponse((await CharacterSessionRepository.RetrieveAsync(characterId).ConfigureAwaitFalse()).ZoneId, characterId);
}
else
return new CharacterSessionDataResponse(CharacterSessionDataResponseCode.NoSessionAvailable);
}