Experimental multi-tabs support (TODO: prevent multi-connect)

[vchess.git] / server / routes / games.js

diff --git a/server/routes/games.js b/server/routes/games.js
index 24bfc82..b5f59b0 100644 (file)
--- a/server/routes/games.js
+++ b/server/routes/games.js
@@ -1,16 +1,16 @@
-var router = require("express").Router();
-var UserModel = require("../models/User");
-var ChallengeModel = require('../models/Challenge');
-var GameModel = require('../models/Game');
-var VariantModel = require('../models/Variant');
-var access = require("../utils/access");
-var params = require("../config/parameters");
+let router = require("express").Router();
+const UserModel = require("../models/User");
+const ChallengeModel = require('../models/Challenge');
+const GameModel = require('../models/Game');
+const VariantModel = require('../models/Variant');
+const access = require("../utils/access");
+const params = require("../config/parameters");
 
 // From main hall, start game between players 0 and 1
 router.post("/games", access.logged, access.ajax, (req,res) => {
   const gameInfo = req.body.gameInfo;
   if (!Array.isArray(gameInfo.players) ||
-    !gameInfo.players.some(p => p.id == req.userId))
+    gameInfo.players.every(p => p.id != req.userId))
   {
     return res.json({errmsg: "Cannot start someone else's game"});
   }
@@ -26,7 +26,7 @@ router.post("/games", access.logged, access.ajax, (req,res) => {
     return res.json({errmsg:error});
   ChallengeModel.remove(cid);
   GameModel.create(
-    gameInfo.vid, gameInfo.fen, gameInfo.timeControl, gameInfo.players,
+    gameInfo.vid, gameInfo.fen, gameInfo.cadence, gameInfo.players,
     (err,ret) => {
       access.checkRequest(res, err, ret, "Cannot create game", () => {
         const oppIdx = (gameInfo.players[0].id == req.userId ? 1 : 0);
@@ -43,7 +43,9 @@ router.get("/games", access.ajax, (req,res) => {
   const gameId = req.query["gid"];
   if (!!gameId)
   {
-    GameModel.getOne(gameId, (err,game) => {
+    if (!gameId.match(/^[0-9]+$/))
+      return res.json({errmsg: "Wrong game ID"});
+    GameModel.getOne(gameId, false, (err,game) => {
       access.checkRequest(res, err, game, "Game not found", () => {
         res.json({game: game});
       });
@@ -53,6 +55,8 @@ router.get("/games", access.ajax, (req,res) => {
   {
     // Get by (non-)user ID:
     const userId = req.query["uid"];
+    if (!userId.match(/^[0-9]+$/))
+      return res.json({errmsg: "Wrong user ID"});
     const excluded = !!req.query["excluded"];
     GameModel.getByUser(userId, excluded, (err,games) => {
       if (!!err)
@@ -76,14 +80,23 @@ router.put("/games", access.logged, access.ajax, (req,res) => {
   GameModel.update(gid, obj, (err) => {
     if (!!err)
       return res.json(err);
-    // Notify opponent if he enabled notifications:
-    GameModel.getPlayers(gid, (err2,players) => {
-      if (!!err2)
-        return res.json(err);
-      const oppid = (players[0].id == req.userId ? players[1].id : players[0].id);
-      UserModel.tryNotify(oppid,
-        "New move in game: " + params.siteURL + "/game/" + gid);
-    });
+    if (!!obj.move || !!obj.score)
+    {
+      // Notify opponent if he enabled notifications:
+      GameModel.getPlayers(gid, (err2,players) => {
+        if (!err2)
+        {
+          const oppid = (players[0].id == req.userId
+            ? players[1].id
+            : players[0].id);
+          const messagePrefix = (!!obj.move
+            ? "New move in game: "
+            : "Game ended: ");
+          UserModel.tryNotify(oppid,
+            messagePrefix + params.siteURL + "/game/" + gid);
+        }
+      });
+    }
     res.json({});
   });
 });