X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=routes%2Fchallenge.js;fp=routes%2Fchallenge.js;h=47aaad63674c1ee86b08971d7e9979228d72a487;hb=8d7e2786f5a67a1b9a77c742d7951e0efbe8747d;hp=0000000000000000000000000000000000000000;hpb=7192f4711467ae73a0f813189f8a4d8cca252bf1;p=vchess.git

diff --git a/routes/challenge.js b/routes/challenge.js
new file mode 100644
index 00000000..47aaad63
--- /dev/null
+++ b/routes/challenge.js
@@ -0,0 +1,77 @@
+var router = require("express").Router();
+var ObjectID = require("bson-objectid");
+var ChallengeModel = require('../models/Challenge');
+var UserModel = require('../models/User');
+var ObjectID = require("bson-objectid");
+var access = require("../utils/access");
+
+// Only AJAX requests here (from variant page and index)
+
+// variant page
+router.get("/challengesbyvariant", access.logged, access.ajax, (req,res) => {
+	if (req.query["uid"] != req.user._id)
+		return res.json({errmsg: "Not your challenges"});
+	let uid = ObjectID(req.query["uid"]);
+	let vid = ObjectID(req.query["vid"]);
+	ChallengeModel.getByVariant(uid, vid, (err, challengeArray) => {
+		res.json(err || {challenges: challengeArray});
+	});
+});
+
+// index
+router.get("/challengesbyplayer", access.logged, access.ajax, (req,res) => {
+	if (req.query["uid"] != req.user._id)
+		return res.json({errmsg: "Not your challenges"});
+	let uid = ObjectID(req.query["uid"]);
+	ChallengeModel.getByPlayer(uid, (err, challengeArray) => {
+		res.json(err || {challenges: challengeArray});
+	});
+});
+
+function createChallenge(vid, from, to, res)
+{
+	ChallengeModel.create(vid, from, to, (err, chall) => {
+		res.json(err || {
+			// A challenge can be sent using only name, thus 'to' is returned
+			to: chall.to,
+			cid: chall._id
+		});
+	});
+}
+
+// from[, to][,nameTo]
+router.post("/challenges", access.logged, access.ajax, (req,res) => {
+	if (req.body.from != req.user._id)
+		return res.json({errmsg: "Identity usurpation"});
+	let from = ObjectID(req.body.from);
+	let to = !!req.body.to ? ObjectID(req.body.to) : undefined;
+	let nameTo = !!req.body.nameTo ? req.body.nameTo : undefined;
+	let vid = ObjectID(req.body.vid);
+	if (!to && !!nameTo)
+	{
+		UserModel.getByName(nameTo, (err,user) => {
+			access.checkRequest(res, err, user, "Opponent not found", () => {
+				createChallenge(vid, from, user._id, res);
+			});
+		});
+	}
+	else if (!!to)
+		createChallenge(vid, from, to, res);
+	else
+		createChallenge(vid, from, undefined, res); //automatch
+});
+
+router.delete("/challenges", access.logged, access.ajax, (req,res) => {
+	let cid = ObjectID(req.query.cid);
+	ChallengeModel.getById(cid, (err,chall) => {
+		access.checkRequest(res, err, chall, "Challenge not found", () => {
+			if (!chall.from.equals(req.user._id) && !!chall.to && !chall.to.equals(req.user._id))
+				return res.json({errmsg: "Not your challenge"});
+			ChallengeModel.remove(cid, err => {
+				res.json(err || {});
+			});
+		});
+	});
+});
+
+module.exports = router;