Prevent logging into accounts from different games (#13)

[Originally authored by AlanMoonbase](1e9ca7e19c (diff-bb10d4643a2fa54d983a574662f579e09c056f29837397a10cd9300a98fbcc7cR171))

src/Controllers/Common/AuthenticationController.cs

@@ -168,7 +168,7 @@ public class AuthenticationController : Controller {
     [Route("AuthenticationWebService.asmx/LoginChild")]
     [DecryptRequest("childUserID")]
     [EncryptResponse]
-    public IActionResult LoginChild([FromForm] Guid parentApiToken) {
+    public IActionResult LoginChild([FromForm] Guid parentApiToken, [FromForm] string apiKey) {
         User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == parentApiToken)?.User;
         if (user is null) {
             return Unauthorized();
@@ -181,6 +181,19 @@ public class AuthenticationController : Controller {
             return Unauthorized();
         }
 
+        uint gameVersion = ClientVersion.GetVersion(apiKey);
+        if (viking.GameVersion is null)
+            viking.GameVersion = gameVersion;
+        if (
+            (viking.GameVersion != gameVersion) &&
+            !(viking.GameVersion >= ClientVersion.Min_SoD && gameVersion >= ClientVersion.Min_SoD) &&
+            !(viking.GameVersion >= ClientVersion.WoJS && gameVersion >= ClientVersion.WoJS && viking.GameVersion < ClientVersion.WoJS_NewAvatar && gameVersion < ClientVersion.WoJS_NewAvatar)
+        )
+            return Unauthorized();
+            // do not let players log into users from other games, exceptions:
+            //   1) different version of SoD
+            //   2) WoJS with old avatar and lands
+
         // Check if user is viking parent
         if (user != viking.User) {
             return Unauthorized();

src/Model/Viking.cs

@@ -44,4 +44,5 @@ public class Viking {
     public DateTime? CreationDate { get; set; }
     public DateTime? BirthDate { get; set; }
     public Gender? Gender { get; set; }
+    public uint? GameVersion { get; set; }
 }