db.serialize(function() {
const query =
"INSERT INTO Challenges " +
- "(added, uid, " + (!!c.to ? "target, " : "") +
+ "(added, uid, " + (c.to ? "target, " : "") +
"vid, randomness, fen, cadence) " +
"VALUES " +
- "(" + Date.now() + "," + c.uid + "," + (!!c.to ? c.to + "," : "") +
+ "(" + Date.now() + "," + c.uid + "," + (c.to ? c.to + "," : "") +
c.vid + "," + c.randomness + ",'" + c.fen + "','" + c.cadence + "')";
db.run(query, function(err) {
cb(err, {cid: this.lastID});
const query =
"SELECT 1 " +
"FROM Challenges " +
- "WHERE id = " + id + " AND uid = " + uid;
+ "WHERE id = " + id + " " +
+ // Condition: I'm the sender or the target
+ "AND (uid = " + uid + " OR target = " + uid + ")";
db.get(query, (err,chall) => {
if (!err && chall)
ChallengeModel.remove(id);