Ratstail91/kingdombattles
Archived
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HOTFIX: Added credentials to the combat log

Browse Source
This commit is contained in:
Kayne Ruse
2019-06-04 13:34:21 +10:00
parent a9e6c88f45
commit 06b8a99b5b
4 changed files with 88 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/news/2019-06-04-01.md
+1
View File
@@ -7,4 +7,5 @@ _4 June 2019_
* Added credentials to attack status requests (others can't spoof to see who you're attacking anymore - my bad!) * Added credentials to attack status requests (others can't spoof to see who you're attacking anymore - my bad!)
* Began work on spying infrastructure. * Began work on spying infrastructure.
* Made the attack button more generic - can reuse a lot of attack code for spying code. * Made the attack button more generic - can reuse a lot of attack code for spying code.
* Added credentials to the combat logs (How did I miss TWO credential requirements?)
* More coming later today... * More coming later today...
server/combat.js
+20 -2
View File
@@ -104,12 +104,30 @@ const attackStatusRequest = (connection) => (req, res) => {
}; };
const combatLogRequest = (connection) => (req, res) => { const combatLogRequest = (connection) => (req, res) => {
//verify the user's credentials
let query = 'SELECT COUNT(*) AS total FROM sessions WHERE accountId = ? AND token = ?;';
connection.query(query, [req.body.id, req.body.token], (err, results) => {
if (err) throw err;
if (results[0].total !== 1) {
res.status(400).write(log('Invalid combat log credentials', req.body.id, req.body.token));
res.end();
return;
}
//grab the username based on the ID
let query = 'SELECT username FROM accounts WHERE id = ?;';
connection.query(query, [req.body.id], (err, results) => {
if (err) throw err;
let query = 'SELECT pastCombat.*, atk.username AS attacker, def.username AS defender FROM pastCombat JOIN accounts AS atk ON pastCombat.attackerId = atk.id JOIN accounts AS def ON pastCombat.defenderId = def.id WHERE atk.username = ? OR def.username = ? ORDER BY eventTime DESC LIMIT ?, ?;'; let query = 'SELECT pastCombat.*, atk.username AS attacker, def.username AS defender FROM pastCombat JOIN accounts AS atk ON pastCombat.attackerId = atk.id JOIN accounts AS def ON pastCombat.defenderId = def.id WHERE atk.username = ? OR def.username = ? ORDER BY eventTime DESC LIMIT ?, ?;';
connection.query(query, [req.body.username, req.body.username, req.body.start, req.body.length], (err, results) => { connection.query(query, [results[0].username, results[0].username, req.body.start, req.body.length], (err, results) => {
if (err) throw err; if (err) throw err;
res.status(200).json(results); res.status(200).json(results);
log('Combat log sent', req.body.username, req.body.start, req.body.length); log('Combat log sent', results[0].username, req.body.id, req.body.token, req.body.start, req.body.length);
});
});
}); });
}; };
server/spying.js
+63 -2
View File
@@ -11,9 +11,70 @@ let { log } = require('../common/utilities.js');
let { isSpying } = require('./utilities.js'); let { isSpying } = require('./utilities.js');
const spyRequest = (connection) => (req, res) => { const spyRequest = (connection) => (req, res) => {
//TODO //verify the attacker's credentials (only the attacker can launch an attack)
res.status(400).write(log('Not yet implemented', 'spyRequest')); let query = 'SELECT COUNT(*) AS total FROM sessions WHERE accountId = ? AND accountId IN (SELECT id FROM accounts WHERE username = ?) AND token = ?;';
connection.query(query, [req.body.id, req.body.attacker, req.body.token], (err, results) => {
if (err) throw err;
if (results[0].total !== 1) {
res.status(400).write(log('Invalid spying credentials', req.body.id, req.body.attacker, req.body.defender, req.body.token));
res.end(); res.end();
return;
}
//verify that the defender's profile exists
let query = 'SELECT accountId FROM profiles WHERE accountId IN (SELECT id FROM accounts WHERE username = ?);';
connection.query(query, [req.body.defender], (err, results) => {
if (err) throw err;
if (results.length !== 1) {
res.status(400).write(log('Invalid defender spying credentials', req.body.id, req.body.attacker, req.body.defender, req.body.token));
res.end();
return;
}
let defenderId = results[0].accountId;
//verify that the attacker has enough spies
let query = 'SELECT spies FROM profiles WHERE accountId = ?;';
connection.query(query, [req.body.id], (err, results) => {
if (err) throw err;
if (results[0].spies <= 0) {
res.status(400).write(log('Not enough spies', req.body.attacker, req.body.defender, results[0].spies));
res.end();
return;
}
let attackingUnits = results[0].spies;
//verify that the attacker is not already spying on someone
isSpying(connection, req.body.attacker, (err, spying) => {
if (err) throw err;
if (spying) {
res.status(400).write(log('You are already spying on someone', req.body.id, req.body.attacker, req.body.token));
res.end();
return;
}
//create the pending spy record
let query = 'INSERT INTO pendingSpying (eventTime, attackerId, defenderId, attackingUnits) VALUES (DATE_ADD(CURRENT_TIMESTAMP(), INTERVAL 10 * ? MINUTE), ?, ?, ?);';
connection.query(query, [attackingUnits, req.body.id, defenderId, attackingUnits], (err) => {
if (err) throw err;
res.status(200).json({
status: 'spying',
attacker: req.body.attacker,
defender: req.body.defender,
msg: log('Spying', req.body.attacker, req.body.defender) //TODO: am I using this msg parameter anywhere?
});
res.end();
});
});
});
});
});
}; };
const spyStatusRequest = (connection) => (req, res) => { const spyStatusRequest = (connection) => (req, res) => {
src/components/panels/paged_combat_log.jsx
+1 -1
View File
@@ -14,7 +14,7 @@ class PagedCombatLog extends React.Component {
}; };
if (props.getFetch) { if (props.getFetch) {
props.getFetch(() => this.sendRequest('/combatlogrequest', {username: props.username, start: props.start, length: props.length})); props.getFetch(() => this.sendRequest('/combatlogrequest', {start: props.start, length: props.length}));
} }
} }