-// AJAX methods to get, create, update or delete a challenge
-
let router = require("express").Router();
const access = require("../utils/access");
const ChallengeModel = require("../models/Challenge");
+const UserModel = require("../models/User"); //for name check
+const params = require("../config/parameters");
+
+router.post("/challenges", access.logged, access.ajax, (req,res) => {
+ if (ChallengeModel.checkChallenge(req.body.chall)) {
+ let challenge = {
+ fen: req.body.chall.fen,
+ cadence: req.body.chall.cadence,
+ randomness: req.body.chall.randomness,
+ vid: req.body.chall.vid,
+ uid: req.userId,
+ to: req.body.chall.to, //string: user name (may be empty)
+ };
+ const insertChallenge = () => {
+ ChallengeModel.create(challenge, (err, ret) => {
+ res.json(err || ret);
+ });
+ };
+ if (req.body.chall.to) {
+ UserModel.getOne(
+ "name", challenge.to, "id, name, email, notify",
+ (err, user) => {
+ if (err || !user) res.json(err || {errmsg: "Typo in player name"});
+ else {
+ challenge.to = user.id; //ready now to insert challenge
+ insertChallenge();
+ if (user.notify) {
+ UserModel.notify(
+ user,
+ "New challenge : " + params.siteURL + "/#/?disp=corr");
+ }
+ }
+ }
+ );
+ }
+ else insertChallenge();
+ }
+});
-router.post("/challenges/:vid([0-9]+)", access.logged, access.ajax, (req,res) => {
- const vid = req.params["vid"];
- // TODO: check data req.body.chall (
- const error = ChallengeModel.checkChallenge(chall);
- ChallengeModel.create(chall, (err,lastId) => {
- res.json(err || {cid: lastId["rowid"]});
- });
+router.get("/challenges", access.ajax, (req,res) => {
+ const uid = req.query.uid;
+ if (uid.match(/^[0-9]+$/)) {
+ ChallengeModel.getByUser(uid, (err,challenges) => {
+ res.json(err || { challenges: challenges });
+ });
+ }
});
-//// index
-//router.get("/challenges", access.logged, access.ajax, (req,res) => {
-// if (req.query["uid"] != req.user._id)
-// return res.json({errmsg: "Not your challenges"});
-// let uid = ObjectID(req.query["uid"]);
-// ChallengeModel.getByPlayer(uid, (err, challengeArray) => {
-// res.json(err || {challenges: challengeArray});
-// });
-//});
-//
-//function createChallenge(vid, from, to, res)
-//{
-// ChallengeModel.create(vid, from, to, (err, chall) => {
-// res.json(err || {
-// // A challenge can be sent using only name, thus 'to' is returned
-// to: chall.to,
-// cid: chall._id
-// });
-// });
-//}
-//
-//// from[, to][,nameTo]
-//router.post("/challenges", access.logged, access.ajax, (req,res) => {
-// if (req.body.from != req.user._id)
-// return res.json({errmsg: "Identity usurpation"});
-// let from = ObjectID(req.body.from);
-// let to = !!req.body.to ? ObjectID(req.body.to) : undefined;
-// let nameTo = !!req.body.nameTo ? req.body.nameTo : undefined;
-// let vid = ObjectID(req.body.vid);
-// if (!to && !!nameTo)
-// {
-// UserModel.getByName(nameTo, (err,user) => {
-// access.checkRequest(res, err, user, "Opponent not found", () => {
-// createChallenge(vid, from, user._id, res);
-// });
-// });
-// }
-// else if (!!to)
-// createChallenge(vid, from, to, res);
-// else
-// createChallenge(vid, from, undefined, res); //automatch
-//});
-//
-//router.delete("/challenges", access.logged, access.ajax, (req,res) => {
-// let cid = ObjectID(req.query.cid);
-// ChallengeModel.getById(cid, (err,chall) => {
-// access.checkRequest(res, err, chall, "Challenge not found", () => {
-// if (!chall.from.equals(req.user._id) && !!chall.to && !chall.to.equals(req.user._id))
-// return res.json({errmsg: "Not your challenge"});
-// ChallengeModel.remove(cid, err => {
-// res.json(err || {});
-// });
-// });
-// });
-//});
+router.delete("/challenges", access.logged, access.ajax, (req,res) => {
+ const cid = req.query.id;
+ if (cid.match(/^[0-9]+$/)) {
+ ChallengeModel.safeRemove(cid, req.userId);
+ res.json({});
+ }
+});
module.exports = router;