Better challenge link in emails, better text on 'social' button

[vchess.git] / server / routes / challenges.js

diff --git a/server/routes/challenges.js b/server/routes/challenges.js
index 28103fc..5d0068d 100644 (file)
--- a/server/routes/challenges.js
+++ b/server/routes/challenges.js
@@ -7,6 +7,8 @@ const UserModel = require("../models/User"); //for name check
 const params = require("../config/parameters");
 
 router.get("/challenges", (req,res) => {
+  if (!req.query["uid"].match(/^[0-9]+$/))
+    res.json({errmsg: "Bad user ID"});
   ChallengeModel.getByUser(req.query["uid"], (err,challenges) => {
     res.json(err || {challenges:challenges});
   });
@@ -19,7 +21,7 @@ router.post("/challenges", access.logged, access.ajax, (req,res) => {
   let challenge =
   {
     fen: req.body.chall.fen,
-    timeControl: req.body.chall.timeControl,
+    cadence: req.body.chall.cadence,
     vid: req.body.chall.vid,
     uid: req.userId,
     to: req.body.chall.to, //string: user name (may be empty)
@@ -37,7 +39,9 @@ router.post("/challenges", access.logged, access.ajax, (req,res) => {
       challenge.to = user.id; //ready now to insert challenge
       insertChallenge();
       if (user.notify)
-        UserModel.notify(user, "New challenge: " + params.siteURL + "/");
+        UserModel.notify(
+          user,
+          "New challenge: " + params.siteURL + "/#/?disp=corr");
     });
   }
   else
@@ -46,6 +50,8 @@ router.post("/challenges", access.logged, access.ajax, (req,res) => {
 
 router.delete("/challenges", access.logged, access.ajax, (req,res) => {
   const cid = req.query.id;
+  if (!cid.match(/^[0-9]+$/))
+    res.json({errmsg: "Bad challenge ID"});
   ChallengeModel.safeRemove(cid, req.userId, err => {
     res.json(err || {}); //TODO: just "return err" because is empty if no errors
   });