X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fchallenges.js;h=4bbce8e22ccc97b7f0301dc32d7619be87057580;hb=8477e53d8e78606e4c4e4bf91c77b1011aab583c;hp=2ae1327a73573f8285e555eede96fdbc4f89e1e0;hpb=25996aedafba5e983f324ada3db1da59206bec0a;p=vchess.git

diff --git a/server/routes/challenges.js b/server/routes/challenges.js
index 2ae1327a..4bbce8e2 100644
--- a/server/routes/challenges.js
+++ b/server/routes/challenges.js
@@ -4,8 +4,11 @@ let router = require("express").Router();
 const access = require("../utils/access");
 const ChallengeModel = require("../models/Challenge");
 const UserModel = require("../models/User"); //for name check
+const params = require("../config/parameters");
 
 router.get("/challenges", (req,res) => {
+  if (!req.query["uid"].match(/^[0-9]+$/))
+    res.json({errmsg: "Bad user ID"});
   ChallengeModel.getByUser(req.query["uid"], (err,challenges) => {
     res.json(err || {challenges:challenges});
   });
@@ -18,25 +21,28 @@ router.post("/challenges", access.logged, access.ajax, (req,res) => {
   let challenge =
   {
     fen: req.body.chall.fen,
-    timeControl: req.body.chall.timeControl,
+    cadence: req.body.chall.cadence,
     vid: req.body.chall.vid,
     uid: req.userId,
     to: req.body.chall.to, //string: user name (may be empty)
   };
   const insertChallenge = () => {
-    ChallengeModel.create(challenge, (err) => {
-      if (!!err)
-        return res.json(err);
+    ChallengeModel.create(challenge, (err,ret) => {
+      return res.json(err || {cid:ret.cid});
     });
   };
   if (!!req.body.chall.to)
   {
     UserModel.getOne("name", challenge.to, (err,user) => {
       if (!!err || !user)
-        return res.json(err | {errmsg: "Typo in player name"});
+        return res.json(err || {errmsg: "Typo in player name"});
       challenge.to = user.id; //ready now to insert challenge
+      insertChallenge();
+      if (user.notify)
+        UserModel.notify(
+          user,
+          "New challenge: " + params.siteURL + "/#/?disp=corr");
     });
-    insertChallenge();
   }
   else
     insertChallenge();
@@ -44,7 +50,9 @@ router.post("/challenges", access.logged, access.ajax, (req,res) => {
 
 router.delete("/challenges", access.logged, access.ajax, (req,res) => {
   const cid = req.query.id;
-  ChallengeModel.remove(cid, req.userId, err => {
+  if (!cid.match(/^[0-9]+$/))
+    res.json({errmsg: "Bad challenge ID"});
+  ChallengeModel.safeRemove(cid, req.userId, err => {
     res.json(err || {}); //TODO: just "return err" because is empty if no errors
   });
 });