From fccaa87852129f8f27c66a9d3b626f91868109c8 Mon Sep 17 00:00:00 2001 From: Benjamin Auder Date: Sun, 24 May 2020 00:42:22 +0200 Subject: [PATCH] Fix Koopa chess + select only required fields in userMode.getOne() --- client/src/variants/Koopa.js | 16 +++++------ server/models/User.js | 6 ++-- server/routes/challenges.js | 25 +++++++++-------- server/routes/users.js | 51 +++++++++++++++++----------------- server/utils/access.js | 28 ++++++++++--------- server/utils/mailer.js | 2 +- server/utils/tokenGenerator.js | 2 +- 7 files changed, 67 insertions(+), 63 deletions(-) diff --git a/client/src/variants/Koopa.js b/client/src/variants/Koopa.js index 27c147a9..8d4f0e97 100644 --- a/client/src/variants/Koopa.js +++ b/client/src/variants/Koopa.js @@ -219,14 +219,14 @@ export class KoopaRules extends ChessRules { // Forbid kicking own king out const color = this.turn; return moves.filter(m => { - const kingAppear = m.appear.some(a => a.c == color && a.p == V.KING); - return m.vanish.every(v => { - return ( - v.c != color || - !["k", "l"].includes(v.p) || - (v.p == "k" && kingAppear) - ); - }); + const kingVanish = + m.vanish.some(v => v.c == color && ['k', 'l'].includes(v.p)); + if (kingVanish) { + const kingAppear = + m.appear.some(a => a.c == color && ['k', 'l'].includes(a.p)); + return kingAppear; + } + return true; }); } diff --git a/server/models/User.js b/server/models/User.js index c50cdb79..c193d6db 100644 --- a/server/models/User.js +++ b/server/models/User.js @@ -37,11 +37,11 @@ const UserModel = { }, // Find one user by id, name, email, or token - getOne: function(by, value, cb) { + getOne: function(by, value, fields, cb) { const delimiter = (typeof value === "string" ? "'" : ""); db.serialize(function() { const query = - "SELECT * " + + "SELECT " + fields + " " + "FROM Users " + "WHERE " + by + " = " + delimiter + value + delimiter; db.get(query, cb); @@ -139,7 +139,7 @@ const UserModel = { }, tryNotify: function(id, message) { - UserModel.getOne("id", id, (err,user) => { + UserModel.getOne("id", id, "name, email", (err, user) => { if (!err && user.notify) UserModel.notify(user, message); }); }, diff --git a/server/routes/challenges.js b/server/routes/challenges.js index 4c2d5b40..a0b4b770 100644 --- a/server/routes/challenges.js +++ b/server/routes/challenges.js @@ -20,18 +20,21 @@ router.post("/challenges", access.logged, access.ajax, (req,res) => { }); }; if (req.body.chall.to) { - UserModel.getOne("name", challenge.to, (err,user) => { - if (err || !user) - res.json(err || {errmsg: "Typo in player name"}); - else { - challenge.to = user.id; //ready now to insert challenge - insertChallenge(); - if (user.notify) - UserModel.notify( - user, - "New challenge : " + params.siteURL + "/#/?disp=corr"); + UserModel.getOne( + "name", challenge.to, "id, name, email, notify", + (err, user) => { + if (err || !user) res.json(err || {errmsg: "Typo in player name"}); + else { + challenge.to = user.id; //ready now to insert challenge + insertChallenge(); + if (user.notify) { + UserModel.notify( + user, + "New challenge : " + params.siteURL + "/#/?disp=corr"); + } + } } - }); + ); } else insertChallenge(); } }); diff --git a/server/routes/users.js b/server/routes/users.js index 38c5d744..51c3063e 100644 --- a/server/routes/users.js +++ b/server/routes/users.js @@ -73,9 +73,10 @@ router.get("/whoami", access.ajax, (req,res) => { }; if (!req.cookies.token) callback(anonymous); else if (req.cookies.token.match(/^[a-z0-9]+$/)) { - UserModel.getOne("sessionToken", req.cookies.token, (err, user) => { - callback(user || anonymous); - }); + UserModel.getOne( + "sessionToken", req.cookies.token, "name, email, id, notify", + (err, user) => callback(user || anonymous) + ); } }); @@ -126,7 +127,7 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { const nameOrEmail = decodeURIComponent(req.query.nameOrEmail); const type = (nameOrEmail.indexOf('@') >= 0 ? "email" : "name"); if (UserModel.checkNameEmail({ [type]: nameOrEmail })) { - UserModel.getOne(type, nameOrEmail, (err,user) => { + UserModel.getOne(type, nameOrEmail, "id, name, email", (err, user) => { access.checkRequest(res, err, user, "Unknown user", () => { setAndSendLoginToken("Token for " + params.siteURL, user); res.json({}); @@ -138,29 +139,27 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => { router.get('/authenticate', access.unlogged, access.ajax, (req,res) => { if (!req.query.token.match(/^[a-z0-9]+$/)) return res.json({ errmsg: "Bad token" }); - UserModel.getOne("loginToken", req.query.token, (err,user) => { - access.checkRequest(res, err, user, "Invalid token", () => { - // If token older than params.tokenExpire, do nothing - if (Date.now() > user.loginTime + params.token.expire) - res.json({ errmsg: "Token expired" }); - else { - // Generate session token (if not exists) + destroy login token - UserModel.trySetSessionToken(user.id, (token) => { - res.cookie("token", token, { - httpOnly: true, - secure: !!params.siteURL.match(/^https/), - maxAge: params.cookieExpire, - }); - res.json({ - id: user.id, - name: user.name, - email: user.email, - notify: user.notify + UserModel.getOne( + "loginToken", req.query.token, "id, name, email, notify", + (err,user) => { + access.checkRequest(res, err, user, "Invalid token", () => { + // If token older than params.tokenExpire, do nothing + if (Date.now() > user.loginTime + params.token.expire) + res.json({ errmsg: "Token expired" }); + else { + // Generate session token (if not exists) + destroy login token + UserModel.trySetSessionToken(user.id, (token) => { + res.cookie("token", token, { + httpOnly: true, + secure: !!params.siteURL.match(/^https/), + maxAge: params.cookieExpire, + }); + res.json(user); }); - }); - } - }); - }); + } + }); + } + ); }); router.get('/logout', access.logged, access.ajax, (req,res) => { diff --git a/server/utils/access.js b/server/utils/access.js index 66ff9520..bf6430ca 100644 --- a/server/utils/access.js +++ b/server/utils/access.js @@ -1,7 +1,6 @@ var UserModel = require("../models/User"); -module.exports = -{ +module.exports = { // Prevent access to "users pages" logged: function(req, res, next) { const callback = () => { @@ -14,17 +13,20 @@ module.exports = loggedIn = false; callback(); } else { - UserModel.getOne("sessionToken", req.cookies.token, (err, user) => { - if (!!user) { - req.userId = user.id; - loggedIn = true; - } else { - // Token in cookies presumably wrong: erase it - res.clearCookie("token"); - loggedIn = false; + UserModel.getOne( + "sessionToken", req.cookies.token, "id", + (err, user) => { + if (!!user) { + req.userId = user.id; + loggedIn = true; + } else { + // Token in cookies presumably wrong: erase it + res.clearCookie("token"); + loggedIn = false; + } + callback(); } - callback(); - }); + ); } }, @@ -53,4 +55,4 @@ module.exports = res.json({ errmsg: msg }); } else cb(); } -} +}; diff --git a/server/utils/mailer.js b/server/utils/mailer.js index df60e699..96fa75cf 100644 --- a/server/utils/mailer.js +++ b/server/utils/mailer.js @@ -43,4 +43,4 @@ module.exports = function(from, to, subject, body, cb) { //console.log('Message sent: %s', info.messageId); cb(error); }); -} +}; diff --git a/server/utils/tokenGenerator.js b/server/utils/tokenGenerator.js index d89b4ccf..a3c5abc4 100644 --- a/server/utils/tokenGenerator.js +++ b/server/utils/tokenGenerator.js @@ -8,4 +8,4 @@ module.exports = function(tokenLength) { const nbRands = Math.ceil(tokenLength/10); for (let i = 0; i < nbRands; i++) res += randString(); return res.substr(0, tokenLength); -} +}; -- 2.44.0