X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fmodels%2FGame.js;h=5e1c79903e98f7b5f847001d0891609809dc065f;hb=41c80bb63b85b2696d3925c10784c3d7bb5d2aa3;hp=0ac822e85e28a71ea4330a538f8db1bf0bf20318;hpb=3837d4f7885a3c3cdb468da2f3fa3fa1e5a1415a;p=vchess.git

diff --git a/server/models/Game.js b/server/models/Game.js
index 0ac822e8..5e1c7990 100644
--- a/server/models/Game.js
+++ b/server/models/Game.js
@@ -1,4 +1,5 @@
 var db = require("../utils/database");
+const UserModel = require("./User");
 
 /*
  * Structure table Games:
@@ -8,7 +9,9 @@ var db = require("../utils/database");
  *   fen: varchar (current position)
  *   timeControl: string
  *   score: varchar (result)
+ *   scoreMsg: varchar ("Time", "Mutual agreement"...)
  *   created: datetime
+ *   drawOffer: boolean
  *
  * Structure table Players:
  *   gid: ref game id
@@ -25,12 +28,27 @@ var db = require("../utils/database");
  *   gid: game id (int)
  *   msg: varchar
  *   name: varchar
- *   sid: varchar (socket ID when sending message)
  *   added: datetime
  */
 
 const GameModel =
 {
+  checkGameInfo: function(g) {
+    if (!g.vid.toString().match(/^[0-9]+$/))
+      return "Wrong variant ID";
+    if (!g.vname.match(/^[a-zA-Z0-9]+$/))
+      return "Wrong variant name";
+    if (!g.timeControl.match(/^[0-9dhms +]+$/))
+      return "Wrong characters in time control";
+    if (!g.fen.match(/^[a-zA-Z0-9, /-]*$/))
+      return "Bad FEN string";
+    if (g.players.length != 2)
+      return "Need exactly 2 players";
+    if (g.players.some(p => !p.id.toString().match(/^[0-9]+$/)))
+      return "Wrong characters in player ID";
+    return "";
+  },
+
 	create: function(vid, fen, timeControl, players, cb)
 	{
 		db.serialize(function() {
@@ -60,8 +78,10 @@ const GameModel =
 		db.serialize(function() {
       // TODO: optimize queries?
 			let query =
+        // NOTE: g.scoreMsg can be NULL
+        // (in this case score = "*" and no reason to look at it)
 				"SELECT g.id, g.vid, g.fen, g.fenStart, g.timeControl, g.score, " +
-          "v.name AS vname " +
+          "g.scoreMsg, v.name AS vname " +
 				"FROM Games g " +
         "JOIN Variants v " +
         "  ON g.vid = v.id " +
@@ -86,7 +106,7 @@ const GameModel =
 						if (!!err3)
 							return cb(err3);
 			      query =
-              "SELECT msg, name, sid, added " +
+              "SELECT msg, name, added " +
               "FROM Chats " +
               "WHERE gid = " + id;
 			      db.all(query, (err4,chats) => {
@@ -149,6 +169,27 @@ const GameModel =
     });
   },
 
+  checkGameUpdate: function(obj)
+  {
+    // Check all that is possible (required) in obj:
+    if (!!obj.move)
+    {
+      if (!obj.move.played.toString().match(/^[0-9]+$/))
+        return "Wrong move played time";
+      if (!obj.move.idx.toString().match(/^[0-9]+$/))
+        return "Wrong move index";
+    }
+    if (!!obj.fen && !obj.fen.match(/^[a-zA-Z0-9, /-]*$/))
+      return "Wrong FEN string";
+    if (!!obj.score && !obj.score.match(/^[012?*\/-]+$/))
+      return "Wrong characters in score";
+    if (!!obj.scoreMsg && !obj.scoreMsg.match(/^[a-zA-Z ]+$/))
+      return "Wrong characters in score message";
+    if (!!obj.chat)
+      return UserModel.checkNameEmail({name: obj.chat.name});
+    return "";
+  },
+
   // obj can have fields move, chat, fen, drawOffer and/or score
   update: function(id, obj)
   {
@@ -159,12 +200,14 @@ const GameModel =
       let modifs = "";
       if (!!obj.message)
         modifs += "message = message || ' ' || '" + obj.message + "',";
-      if (!!obj.drawOffer)
+      if ([true,false].includes(obj.drawOffer))
         modifs += "drawOffer = " + obj.drawOffer + ",";
       if (!!obj.fen)
         modifs += "fen = '" + obj.fen + "',";
       if (!!obj.score)
         modifs += "score = '" + obj.score + "',";
+      if (!!obj.scoreMsg)
+        modifs += "scoreMsg = '" + obj.scoreMsg + "',";
       modifs = modifs.slice(0,-1); //remove last comma
       if (modifs.length > 0)
       {
@@ -176,17 +219,15 @@ const GameModel =
         const m = obj.move;
         query =
           "INSERT INTO Moves (gid, squares, played, idx) VALUES " +
-          "(" + id + ",'" + JSON.stringify(m.squares) + "',"
-            + m.played + "," + m.idx + ")";
-        db.run(query);
+          "(" + id + ",?," + m.played + "," + m.idx + ")";
+        db.run(query, JSON.stringify(m.squares));
       }
       if (!!obj.chat)
       {
 			  query =
-	        "INSERT INTO Chats (gid, msg, name, sid, added) VALUES " +
-            "(" + id + ",'" + obj.chat.msg + "','" + obj.chat.name +
-            "','" + obj.chat.sid + "'," + Date.now() + ")";
-        db.run(query);
+	        "INSERT INTO Chats (gid, msg, name, added) VALUES ("
+            + id + ",?,'" + obj.chat.name + "'," + Date.now() + ")";
+        db.run(query, obj.chat.msg);
       }
     });
   },