db.all(query, (err2,players) => {
if (light)
{
- const game = Object.assign({},
- gameInfo,
- {players: players}
- );
- cb(null, game);
+ query =
+ "SELECT COUNT(*) AS nbMoves " +
+ "FROM Moves " +
+ "WHERE gid = " + id;
+ db.get(query, (err,ret) => {
+ const game = Object.assign({},
+ gameInfo,
+ {players: players},
+ {movesCount: ret.nbMoves}
+ );
+ cb(null, game);
+ });
}
else
{
return (
(
!obj.move || (
- obj.move.played.toString().match(/^[0-9]+$/) &&
- obj.move.idx.toString().match(/^[0-9]+$/)
+ !!(obj.move.played.toString().match(/^[0-9]+$/)) &&
+ !!(obj.move.idx.toString().match(/^[0-9]+$/))
)
) && (
- !obj.drawOffer || obj.drawOffer.match(/^[wbtn]$/)
+ !obj.drawOffer || !!(obj.drawOffer.match(/^[wbtn]$/))
) && (
- !obj.fen || obj.fen.match(/^[a-zA-Z0-9, /-]*$/)
+ !obj.fen || !!(obj.fen.match(/^[a-zA-Z0-9, /-]*$/))
) && (
- !obj.score || obj.score.match(/^[012?*\/-]+$/)
+ !obj.score || !!(obj.score.match(/^[012?*\/-]+$/))
) && (
- !obj.scoreMsg || obj.scoreMsg.match(/^[a-zA-Z ]+$/)
+ !obj.scoreMsg || !!(obj.scoreMsg.match(/^[a-zA-Z ]+$/))
) && (
!obj.chat || UserModel.checkNameEmail({name: obj.chat.name})
)
},
// obj can have fields move, chat, fen, drawOffer and/or score + message
- update: function(id, obj)
+ update: function(id, obj, cb)
{
db.parallelize(function() {
let query =
query += modifs + " WHERE id = " + id;
db.run(query);
}
- if (obj.move)
+ // NOTE: move, chat and delchat are mutually exclusive
+ if (!!obj.move)
{
- const m = obj.move;
+ // Security: only update moves if index is right
query =
- "INSERT INTO Moves (gid, squares, played, idx) VALUES " +
- "(" + id + ",?," + m.played + "," + m.idx + ")";
- db.run(query, JSON.stringify(m.squares));
+ "SELECT MAX(idx) AS maxIdx " +
+ "FROM Moves " +
+ "WHERE gid = " + id;
+ db.get(query, (err,ret) => {
+ const m = obj.move;
+ if (!ret.maxIdx || ret.maxIdx + 1 == m.idx) {
+ query =
+ "INSERT INTO Moves (gid, squares, played, idx) VALUES " +
+ "(" + id + ",?," + m.played + "," + m.idx + ")";
+ db.run(query, JSON.stringify(m.squares));
+ cb(null);
+ }
+ else cb({errmsg:"Wrong move index"});
+ });
}
+ else cb(null);
if (obj.chat)
{
query =
+ id + ",?,'" + obj.chat.name + "'," + Date.now() + ")";
db.run(query, obj.chat.msg);
}
+ else if (obj.delchat)
+ {
+ query =
+ "DELETE " +
+ "FROM Chats " +
+ "WHERE gid = " + id;
+ db.run(query);
+ }
});
},