X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fmodels%2FGame.js;h=d72f51a18dc2458ed30bd3eca04e8516012c0e4a;hb=23ecf00824691b5622b468e0409fc543c87d75dc;hp=ae91ac94954397ce67c608de8d7bcbc921b9d272;hpb=866842c3c310524c034922870234120ed2a16cbf;p=vchess.git

diff --git a/server/models/Game.js b/server/models/Game.js
index ae91ac94..d72f51a1 100644
--- a/server/models/Game.js
+++ b/server/models/Game.js
@@ -91,11 +91,18 @@ const GameModel =
         db.all(query, (err2,players) => {
           if (light)
           {
-            const game = Object.assign({},
-              gameInfo,
-              {players: players}
-            );
-            cb(null, game);
+            query =
+              "SELECT COUNT(*) AS nbMoves " +
+              "FROM Moves " +
+              "WHERE gid = " + id;
+            db.get(query, (err,ret) => {
+              const game = Object.assign({},
+                gameInfo,
+                {players: players},
+                {movesCount: ret.nbMoves}
+              );
+              cb(null, game);
+            });
           }
           else
           {
@@ -208,7 +215,7 @@ const GameModel =
   },
 
   // obj can have fields move, chat, fen, drawOffer and/or score + message
-  update: function(id, obj)
+  update: function(id, obj, cb)
   {
     db.parallelize(function() {
       let query =
@@ -235,14 +242,27 @@ const GameModel =
         query += modifs + " WHERE id = " + id;
         db.run(query);
       }
+      // NOTE: move, chat and delchat are mutually exclusive
       if (obj.move)
       {
-        const m = obj.move;
+        // Security: only update moves if index is right
         query =
-          "INSERT INTO Moves (gid, squares, played, idx) VALUES " +
-          "(" + id + ",?," + m.played + "," + m.idx + ")";
-        db.run(query, JSON.stringify(m.squares));
+          "SELECT MAX(idx) AS maxIdx " +
+          "FROM Moves " +
+          "WHERE gid = " + id;
+        db.get(query, (err,ret) => {
+          const m = obj.move;
+          if (!ret.maxIdx || ret.maxIdx + 1 == m.idx) {
+            query =
+              "INSERT INTO Moves (gid, squares, played, idx) VALUES " +
+              "(" + id + ",?," + m.played + "," + m.idx + ")";
+            db.run(query, JSON.stringify(m.squares));
+            cb(null);
+          }
+          else cb({errmsg:"Wrong move index"});
+        });
       }
+      else cb(null);
       if (obj.chat)
       {
         query =
@@ -250,6 +270,14 @@ const GameModel =
             + id + ",?,'" + obj.chat.name + "'," + Date.now() + ")";
         db.run(query, obj.chat.msg);
       }
+      else if (obj.delchat)
+      {
+        query =
+          "DELETE " +
+          "FROM Chats " +
+          "WHERE gid = " + id;
+        db.run(query);
+      }
     });
   },