From fccaa87852129f8f27c66a9d3b626f91868109c8 Mon Sep 17 00:00:00 2001
From: Benjamin Auder <benjamin.auder@somewhere>
Date: Sun, 24 May 2020 00:42:22 +0200
Subject: [PATCH] Fix Koopa chess + select only required fields in
 userMode.getOne()

---
 client/src/variants/Koopa.js   | 16 +++++------
 server/models/User.js          |  6 ++--
 server/routes/challenges.js    | 25 +++++++++--------
 server/routes/users.js         | 51 +++++++++++++++++-----------------
 server/utils/access.js         | 28 ++++++++++---------
 server/utils/mailer.js         |  2 +-
 server/utils/tokenGenerator.js |  2 +-
 7 files changed, 67 insertions(+), 63 deletions(-)

diff --git a/client/src/variants/Koopa.js b/client/src/variants/Koopa.js
index 27c147a9..8d4f0e97 100644
--- a/client/src/variants/Koopa.js
+++ b/client/src/variants/Koopa.js
@@ -219,14 +219,14 @@ export class KoopaRules extends ChessRules {
     // Forbid kicking own king out
     const color = this.turn;
     return moves.filter(m => {
-      const kingAppear = m.appear.some(a => a.c == color && a.p == V.KING);
-      return m.vanish.every(v => {
-        return (
-          v.c != color ||
-          !["k", "l"].includes(v.p) ||
-          (v.p == "k" && kingAppear)
-        );
-      });
+      const kingVanish =
+        m.vanish.some(v => v.c == color && ['k', 'l'].includes(v.p));
+      if (kingVanish) {
+        const kingAppear =
+          m.appear.some(a => a.c == color && ['k', 'l'].includes(a.p));
+        return kingAppear;
+      }
+      return true;
     });
   }
 
diff --git a/server/models/User.js b/server/models/User.js
index c50cdb79..c193d6db 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -37,11 +37,11 @@ const UserModel = {
   },
 
   // Find one user by id, name, email, or token
-  getOne: function(by, value, cb) {
+  getOne: function(by, value, fields, cb) {
     const delimiter = (typeof value === "string" ? "'" : "");
     db.serialize(function() {
       const query =
-        "SELECT * " +
+        "SELECT " + fields + " " +
         "FROM Users " +
         "WHERE " + by + " = " + delimiter + value + delimiter;
       db.get(query, cb);
@@ -139,7 +139,7 @@ const UserModel = {
   },
 
   tryNotify: function(id, message) {
-    UserModel.getOne("id", id, (err,user) => {
+    UserModel.getOne("id", id, "name, email", (err, user) => {
       if (!err && user.notify) UserModel.notify(user, message);
     });
   },
diff --git a/server/routes/challenges.js b/server/routes/challenges.js
index 4c2d5b40..a0b4b770 100644
--- a/server/routes/challenges.js
+++ b/server/routes/challenges.js
@@ -20,18 +20,21 @@ router.post("/challenges", access.logged, access.ajax, (req,res) => {
       });
     };
     if (req.body.chall.to) {
-      UserModel.getOne("name", challenge.to, (err,user) => {
-        if (err || !user)
-          res.json(err || {errmsg: "Typo in player name"});
-        else {
-          challenge.to = user.id; //ready now to insert challenge
-          insertChallenge();
-          if (user.notify)
-            UserModel.notify(
-              user,
-              "New challenge : " + params.siteURL + "/#/?disp=corr");
+      UserModel.getOne(
+        "name", challenge.to, "id, name, email, notify",
+        (err, user) => {
+          if (err || !user) res.json(err || {errmsg: "Typo in player name"});
+          else {
+            challenge.to = user.id; //ready now to insert challenge
+            insertChallenge();
+            if (user.notify) {
+              UserModel.notify(
+                user,
+                "New challenge : " + params.siteURL + "/#/?disp=corr");
+            }
+          }
         }
-      });
+      );
     } else insertChallenge();
   }
 });
diff --git a/server/routes/users.js b/server/routes/users.js
index 38c5d744..51c3063e 100644
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -73,9 +73,10 @@ router.get("/whoami", access.ajax, (req,res) => {
   };
   if (!req.cookies.token) callback(anonymous);
   else if (req.cookies.token.match(/^[a-z0-9]+$/)) {
-    UserModel.getOne("sessionToken", req.cookies.token, (err, user) => {
-      callback(user || anonymous);
-    });
+    UserModel.getOne(
+      "sessionToken", req.cookies.token, "name, email, id, notify",
+      (err, user) => callback(user || anonymous)
+    );
   }
 });
 
@@ -126,7 +127,7 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
   const nameOrEmail = decodeURIComponent(req.query.nameOrEmail);
   const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name");
   if (UserModel.checkNameEmail({ [type]: nameOrEmail })) {
-    UserModel.getOne(type, nameOrEmail, (err,user) => {
+    UserModel.getOne(type, nameOrEmail, "id, name, email", (err, user) => {
       access.checkRequest(res, err, user, "Unknown user", () => {
         setAndSendLoginToken("Token for " + params.siteURL, user);
         res.json({});
@@ -138,29 +139,27 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
 router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
   if (!req.query.token.match(/^[a-z0-9]+$/))
     return res.json({ errmsg: "Bad token" });
-  UserModel.getOne("loginToken", req.query.token, (err,user) => {
-    access.checkRequest(res, err, user, "Invalid token", () => {
-      // If token older than params.tokenExpire, do nothing
-      if (Date.now() > user.loginTime + params.token.expire)
-        res.json({ errmsg: "Token expired" });
-      else {
-        // Generate session token (if not exists) + destroy login token
-        UserModel.trySetSessionToken(user.id, (token) => {
-          res.cookie("token", token, {
-            httpOnly: true,
-            secure: !!params.siteURL.match(/^https/),
-            maxAge: params.cookieExpire,
-          });
-          res.json({
-            id: user.id,
-            name: user.name,
-            email: user.email,
-            notify: user.notify
+  UserModel.getOne(
+    "loginToken", req.query.token, "id, name, email, notify",
+    (err,user) => {
+      access.checkRequest(res, err, user, "Invalid token", () => {
+        // If token older than params.tokenExpire, do nothing
+        if (Date.now() > user.loginTime + params.token.expire)
+          res.json({ errmsg: "Token expired" });
+        else {
+          // Generate session token (if not exists) + destroy login token
+          UserModel.trySetSessionToken(user.id, (token) => {
+            res.cookie("token", token, {
+              httpOnly: true,
+              secure: !!params.siteURL.match(/^https/),
+              maxAge: params.cookieExpire,
+            });
+            res.json(user);
           });
-        });
-      }
-    });
-  });
+        }
+      });
+    }
+  );
 });
 
 router.get('/logout', access.logged, access.ajax, (req,res) => {
diff --git a/server/utils/access.js b/server/utils/access.js
index 66ff9520..bf6430ca 100644
--- a/server/utils/access.js
+++ b/server/utils/access.js
@@ -1,7 +1,6 @@
 var UserModel = require("../models/User");
 
-module.exports =
-{
+module.exports = {
   // Prevent access to "users pages"
   logged: function(req, res, next) {
     const callback = () => {
@@ -14,17 +13,20 @@ module.exports =
       loggedIn = false;
       callback();
     } else {
-      UserModel.getOne("sessionToken", req.cookies.token, (err, user) => {
-        if (!!user) {
-          req.userId = user.id;
-          loggedIn = true;
-        } else {
-          // Token in cookies presumably wrong: erase it
-          res.clearCookie("token");
-          loggedIn = false;
+      UserModel.getOne(
+        "sessionToken", req.cookies.token, "id",
+        (err, user) => {
+          if (!!user) {
+            req.userId = user.id;
+            loggedIn = true;
+          } else {
+            // Token in cookies presumably wrong: erase it
+            res.clearCookie("token");
+            loggedIn = false;
+          }
+          callback();
         }
-        callback();
-      });
+      );
     }
   },
 
@@ -53,4 +55,4 @@ module.exports =
       res.json({ errmsg: msg });
     } else cb();
   }
-}
+};
diff --git a/server/utils/mailer.js b/server/utils/mailer.js
index df60e699..96fa75cf 100644
--- a/server/utils/mailer.js
+++ b/server/utils/mailer.js
@@ -43,4 +43,4 @@ module.exports = function(from, to, subject, body, cb) {
     //console.log('Message sent: %s', info.messageId);
     cb(error);
   });
-}
+};
diff --git a/server/utils/tokenGenerator.js b/server/utils/tokenGenerator.js
index d89b4ccf..a3c5abc4 100644
--- a/server/utils/tokenGenerator.js
+++ b/server/utils/tokenGenerator.js
@@ -8,4 +8,4 @@ module.exports = function(tokenLength) {
   const nbRands = Math.ceil(tokenLength/10);
   for (let i = 0; i < nbRands; i++) res += randString();
   return res.substr(0, tokenLength);
-}
+};
-- 
2.44.0