From: Benjamin Auder Date: Tue, 4 Feb 2020 15:12:24 +0000 (+0100) Subject: Fixes on login/logout + challenges sending X-Git-Url: https://git.auder.net/app_dev.php/_configurator?a=commitdiff_plain;h=5ea8d11307ef9e50bdd0b93708570976f3f6012e;p=vchess.git Fixes on login/logout + challenges sending --- diff --git a/client/src/components/UpsertUser.vue b/client/src/components/UpsertUser.vue index 64616574..51edba33 100644 --- a/client/src/components/UpsertUser.vue +++ b/client/src/components/UpsertUser.vue @@ -26,7 +26,7 @@ div i.material-icons send button(v-if="stage!='Update'" @click="toggleStage()") span {{ stage=="Login" ? "Register" : "Login" }} - button(v-else @click="doLogout()") + button#logoutBtn(v-else @click="doLogout()") span Logout #dialog(:style="{display: displayInfo}") {{ infoMsg }} @@ -155,18 +155,24 @@ export default { ); }, doLogout: function() { - ajax( - "/logout", - "GET", - () => { - this.user.id = 0; - this.user.name = ""; - this.user.email = ""; - this.user.notify = false; - delete localStorage["myid"]; - delete localStorage["myname"]; - } - ); + let logoutBtn = document.getElementById("logoutBtn"); + logoutBtn.disabled = true; + // NOTE: this local cleaning would logically happen when we're sure + // that token is erased. But in the case a user clear the cookies, + // it would lead to situations where he cannot ("locally") log out. + // At worst, if token deletion fails the user can erase cookie manually. + this.user.id = 0; + this.user.name = ""; + this.user.email = ""; + this.user.notify = false; + localStorage.removeItem("myid"); + localStorage.removeItem("myname"); + ajax("/logout", "GET", () => { + logoutBtn.disabled = false; //for symmetry, but not very useful... + document.getElementById("modalUser").checked = false; + // this.$router.push("/") will fail if logout from Hall, so: + document.location.reload(true); + }); }, }, }; diff --git a/client/src/store.js b/client/src/store.js index 94dcb065..0234807f 100644 --- a/client/src/store.js +++ b/client/src/store.js @@ -22,6 +22,7 @@ export const store = mysid = getRandString(); localStorage["mysid"] = mysid; //done only once (unless user clear browser data) } + // Quick user setup using local storage: this.state.user = { id: localStorage["myid"] || 0, name: localStorage["myname"] || "", //"" for "anonymous" @@ -29,13 +30,14 @@ export const store = notify: false, //email notifications sid: mysid, }; - if (this.state.user.id > 0) - { - ajax("/whoami", "GET", res => { - this.state.user.email = res.email; - this.state.user.notify = res.notify; - }); - } + // Slow verification through the server: + // NOTE: still superficial identity usurpation possible, but difficult. + ajax("/whoami", "GET", res => { + this.state.user.id = res.id; + this.state.user.name = res.name; + this.state.user.email = res.email; + this.state.user.notify = res.notify; + }); this.state.conn = new WebSocket(params.socketUrl + "/?sid=" + mysid + "&page=" + encodeURIComponent(page)); // Settings initialized with values from localStorage diff --git a/client/src/views/Hall.vue b/client/src/views/Hall.vue index ee7e01b5..7697e1b5 100644 --- a/client/src/views/Hall.vue +++ b/client/src/views/Hall.vue @@ -240,7 +240,6 @@ export default { sendSomethingTo: function(to, code, obj, warnDisconnected) { const doSend = (code, obj, sid) => { this.st.conn.send(JSON.stringify(Object.assign( - {}, {code: code}, obj, {target: sid} @@ -254,19 +253,21 @@ export default { if (!targetSid) { if (!!warnDisconnected) - alert("Warning: " + pname + " is not connected"); + alert("Warning: " + to + " is not connected"); + return false; } else doSend(code, obj, targetSid); } else { - // Open challenge: send to all connected players (except us) + // Open challenge: send to all connected players (me excepted) Object.keys(this.people).forEach(sid => { if (sid != this.st.user.sid) doSend(code, obj, sid); }); } + return true; }, // Messaging center: socketMessageListener: function(msg) { @@ -314,11 +315,19 @@ export default { case "askchallenge": { // Send my current live challenge (if any) - const cIdx = this.challenges - .findIndex(c => c.from.sid == this.st.user.sid && c.type == "live"); + const cIdx = this.challenges.findIndex(c => + c.from.sid == this.st.user.sid && c.type == "live"); if (cIdx >= 0) { const c = this.challenges[cIdx]; + if (!!c.to) + { + // Only share targeted challenges to the targets: + const toSid = Object.keys(this.people).find(k => + this.people[k].name == c.to); + if (toSid != data.from) + return; + } const myChallenge = { // Minimal challenge informations: (from not required) @@ -326,7 +335,7 @@ export default { to: c.to, fen: c.fen, vid: c.vid, - timeControl: c.timeControl + timeControl: c.timeControl, }; this.st.conn.send(JSON.stringify({code:"challenge", chall:myChallenge, target:data.from})); @@ -380,8 +389,8 @@ export default { } case "refusechallenge": { - alert(this.people[data.from].name + " declined your challenge"); ArrayFun.remove(this.challenges, c => c.id == data.cid); + alert(this.people[data.from].name + " declined your challenge"); break; } case "deletechallenge": @@ -449,7 +458,29 @@ export default { const finishAddChallenge = (cid,warnDisconnected) => { chall.id = cid || "c" + getRandString(); // Send challenge to peers (if connected) - this.sendSomethingTo(chall.to, "challenge", {chall:chall}, !!warnDisconnected); + const isSent = this.sendSomethingTo(chall.to, "challenge", + {chall:chall}, !!warnDisconnected); + if (!isSent) + return; + // Remove old challenge if any (only one at a time): + const cIdx = this.challenges.findIndex(c => + c.from.sid == this.st.user.sid && c.type == ctype); + if (cIdx >= 0) + { + // Delete current challenge (will be replaced now) + this.sendSomethingTo(this.challenges[cIdx].to, + "deletechallenge", {cid:this.challenges[cIdx].id}); + if (ctype == "corr") + { + ajax( + "/challenges", + "DELETE", + {id: this.challenges[cIdx].id} + ); + } + this.challenges.splice(cIdx, 1); + } + // Add new challenge: chall.added = Date.now(); // NOTE: vname and type are redundant (can be deduced from timeControl + vid) chall.type = ctype; @@ -464,23 +495,6 @@ export default { localStorage.setItem("challenge", JSON.stringify(chall)); document.getElementById("modalNewgame").checked = false; }; - const cIdx = this.challenges.findIndex( - c => c.from.sid == this.st.user.sid && c.type == ctype); - if (cIdx >= 0) - { - // Delete current challenge (will be replaced now) - this.sendSomethingTo(this.challenges[cIdx].to, - "deletechallenge", {cid:this.challenges[cIdx].id}); - if (ctype == "corr") - { - ajax( - "/challenges", - "DELETE", - {id: this.challenges[cIdx].id} - ); - } - this.challenges.splice(cIdx, 1); - } if (ctype == "live") { // Live challenges have a random ID @@ -525,6 +539,7 @@ export default { code: "refusechallenge", cid: c.id, target: c.from.sid})); } + this.sendSomethingTo((!!c.to ? c.from : null), "deletechallenge", {cid:c.id}); } else //my challenge { @@ -538,11 +553,10 @@ export default { } else //live localStorage.removeItem("challenge"); + this.sendSomethingTo(c.to, "deletechallenge", {cid:c.id}); } - // In (almost) all cases, the challenge is consumed: + // In all cases, the challenge is consumed: ArrayFun.remove(this.challenges, ch => ch.id == c.id); - // NOTE: deletechallenge event might be redundant (but it's easier this way) - this.sendSomethingTo((!!c.to ? c.from : null), "deletechallenge", {cid:c.id}); }, // NOTE: when launching game, the challenge is already deleted launchGame: async function(c) { @@ -558,17 +572,17 @@ export default { vname: c.vname, //theoretically vid is enough, but much easier with vname timeControl: c.timeControl, }; - let target = c.from.sid; //may not be defined if corr + offline opp - if (!target) + let oppsid = c.from.sid; //may not be defined if corr + offline opp + if (!oppsid) { - target = Object.keys(this.people).find(sid => + oppsid = Object.keys(this.people).find(sid => this.people[sid].id == c.from.id); } const tryNotifyOpponent = () => { - if (!!target) //opponent is online + if (!!oppsid) //opponent is online { this.st.conn.send(JSON.stringify({code:"newgame", - gameInfo:gameInfo, target:target, cid:c.id})); + gameInfo:gameInfo, target:oppsid, cid:c.id})); } }; if (c.type == "live") @@ -590,14 +604,20 @@ export default { ); } // Send game info to everyone except opponent (and me) - this.st.conn.send(JSON.stringify({code:"game", - game: { //minimal game info: - id: gameInfo.id, - players: gameInfo.players.map(p => p.name), - vid: gameInfo.vid, - timeControl: gameInfo.timeControl, - }, - oppsid: target})); + const playersNames = gameInfo.players.map(p => {name: p.name}); + Object.keys(this.people).forEach(sid => { + if (![this.st.user.sid,target].includes(sid)) + { + this.st.conn.send(JSON.stringify({code:"game", + game: { //minimal game info: + id: gameInfo.id, + players: playersNames, + vid: gameInfo.vid, + timeControl: gameInfo.timeControl, + }, + target: sid})); + } + }); }, // NOTE: for live games only (corr games start on the server) startNewGame: function(gameInfo) { diff --git a/server/utils/access.js b/server/utils/access.js index 11753a0a..2e2fa92d 100644 --- a/server/utils/access.js +++ b/server/utils/access.js @@ -28,8 +28,6 @@ module.exports = { // Token in cookies presumably wrong: erase it res.clearCookie("token"); - res.clearCookie("id"); - res.clearCookie("name"); loggedIn = false; } callback();