X-Git-Url: https://git.auder.net/css/rpsls.css?a=blobdiff_plain;f=server%2Froutes%2Fgames.js;h=b5f59b0c380f6d5b9ad8f9238972128ece5671c7;hb=604b951e4dc4647da9b251c5fff4ecb4c7b1b298;hp=bef8bf5ed86f78d5f66deda0a1d43f9349a60269;hpb=fe4c7e67075416c48aafe9e307bef5afea7937bc;p=vchess.git diff --git a/server/routes/games.js b/server/routes/games.js index bef8bf5e..b5f59b0c 100644 --- a/server/routes/games.js +++ b/server/routes/games.js @@ -10,7 +10,7 @@ const params = require("../config/parameters"); router.post("/games", access.logged, access.ajax, (req,res) => { const gameInfo = req.body.gameInfo; if (!Array.isArray(gameInfo.players) || - !gameInfo.players.some(p => p.id == req.userId)) + gameInfo.players.every(p => p.id != req.userId)) { return res.json({errmsg: "Cannot start someone else's game"}); } @@ -26,7 +26,7 @@ router.post("/games", access.logged, access.ajax, (req,res) => { return res.json({errmsg:error}); ChallengeModel.remove(cid); GameModel.create( - gameInfo.vid, gameInfo.fen, gameInfo.timeControl, gameInfo.players, + gameInfo.vid, gameInfo.fen, gameInfo.cadence, gameInfo.players, (err,ret) => { access.checkRequest(res, err, ret, "Cannot create game", () => { const oppIdx = (gameInfo.players[0].id == req.userId ? 1 : 0); @@ -43,7 +43,9 @@ router.get("/games", access.ajax, (req,res) => { const gameId = req.query["gid"]; if (!!gameId) { - GameModel.getOne(gameId, (err,game) => { + if (!gameId.match(/^[0-9]+$/)) + return res.json({errmsg: "Wrong game ID"}); + GameModel.getOne(gameId, false, (err,game) => { access.checkRequest(res, err, game, "Game not found", () => { res.json({game: game}); }); @@ -53,6 +55,8 @@ router.get("/games", access.ajax, (req,res) => { { // Get by (non-)user ID: const userId = req.query["uid"]; + if (!userId.match(/^[0-9]+$/)) + return res.json({errmsg: "Wrong user ID"}); const excluded = !!req.query["excluded"]; GameModel.getByUser(userId, excluded, (err,games) => { if (!!err)