HOTFIX: Added credentials to the combat log
This commit is contained in:
@@ -7,4 +7,5 @@ _4 June 2019_
|
||||
* Added credentials to attack status requests (others can't spoof to see who you're attacking anymore - my bad!)
|
||||
* Began work on spying infrastructure.
|
||||
* Made the attack button more generic - can reuse a lot of attack code for spying code.
|
||||
* Added credentials to the combat logs (How did I miss TWO credential requirements?)
|
||||
* More coming later today...
|
||||
+20
-2
@@ -104,12 +104,30 @@ const attackStatusRequest = (connection) => (req, res) => {
|
||||
};
|
||||
|
||||
const combatLogRequest = (connection) => (req, res) => {
|
||||
//verify the user's credentials
|
||||
let query = 'SELECT COUNT(*) AS total FROM sessions WHERE accountId = ? AND token = ?;';
|
||||
connection.query(query, [req.body.id, req.body.token], (err, results) => {
|
||||
if (err) throw err;
|
||||
|
||||
if (results[0].total !== 1) {
|
||||
res.status(400).write(log('Invalid combat log credentials', req.body.id, req.body.token));
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
//grab the username based on the ID
|
||||
let query = 'SELECT username FROM accounts WHERE id = ?;';
|
||||
connection.query(query, [req.body.id], (err, results) => {
|
||||
if (err) throw err;
|
||||
|
||||
let query = 'SELECT pastCombat.*, atk.username AS attacker, def.username AS defender FROM pastCombat JOIN accounts AS atk ON pastCombat.attackerId = atk.id JOIN accounts AS def ON pastCombat.defenderId = def.id WHERE atk.username = ? OR def.username = ? ORDER BY eventTime DESC LIMIT ?, ?;';
|
||||
connection.query(query, [req.body.username, req.body.username, req.body.start, req.body.length], (err, results) => {
|
||||
connection.query(query, [results[0].username, results[0].username, req.body.start, req.body.length], (err, results) => {
|
||||
if (err) throw err;
|
||||
|
||||
res.status(200).json(results);
|
||||
log('Combat log sent', req.body.username, req.body.start, req.body.length);
|
||||
log('Combat log sent', results[0].username, req.body.id, req.body.token, req.body.start, req.body.length);
|
||||
});
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
|
||||
+63
-2
@@ -11,9 +11,70 @@ let { log } = require('../common/utilities.js');
|
||||
let { isSpying } = require('./utilities.js');
|
||||
|
||||
const spyRequest = (connection) => (req, res) => {
|
||||
//TODO
|
||||
res.status(400).write(log('Not yet implemented', 'spyRequest'));
|
||||
//verify the attacker's credentials (only the attacker can launch an attack)
|
||||
let query = 'SELECT COUNT(*) AS total FROM sessions WHERE accountId = ? AND accountId IN (SELECT id FROM accounts WHERE username = ?) AND token = ?;';
|
||||
connection.query(query, [req.body.id, req.body.attacker, req.body.token], (err, results) => {
|
||||
if (err) throw err;
|
||||
|
||||
if (results[0].total !== 1) {
|
||||
res.status(400).write(log('Invalid spying credentials', req.body.id, req.body.attacker, req.body.defender, req.body.token));
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
//verify that the defender's profile exists
|
||||
let query = 'SELECT accountId FROM profiles WHERE accountId IN (SELECT id FROM accounts WHERE username = ?);';
|
||||
connection.query(query, [req.body.defender], (err, results) => {
|
||||
if (err) throw err;
|
||||
|
||||
if (results.length !== 1) {
|
||||
res.status(400).write(log('Invalid defender spying credentials', req.body.id, req.body.attacker, req.body.defender, req.body.token));
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
let defenderId = results[0].accountId;
|
||||
|
||||
//verify that the attacker has enough spies
|
||||
let query = 'SELECT spies FROM profiles WHERE accountId = ?;';
|
||||
connection.query(query, [req.body.id], (err, results) => {
|
||||
if (err) throw err;
|
||||
|
||||
if (results[0].spies <= 0) {
|
||||
res.status(400).write(log('Not enough spies', req.body.attacker, req.body.defender, results[0].spies));
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
let attackingUnits = results[0].spies;
|
||||
|
||||
//verify that the attacker is not already spying on someone
|
||||
isSpying(connection, req.body.attacker, (err, spying) => {
|
||||
if (err) throw err;
|
||||
|
||||
if (spying) {
|
||||
res.status(400).write(log('You are already spying on someone', req.body.id, req.body.attacker, req.body.token));
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
//create the pending spy record
|
||||
let query = 'INSERT INTO pendingSpying (eventTime, attackerId, defenderId, attackingUnits) VALUES (DATE_ADD(CURRENT_TIMESTAMP(), INTERVAL 10 * ? MINUTE), ?, ?, ?);';
|
||||
connection.query(query, [attackingUnits, req.body.id, defenderId, attackingUnits], (err) => {
|
||||
if (err) throw err;
|
||||
|
||||
res.status(200).json({
|
||||
status: 'spying',
|
||||
attacker: req.body.attacker,
|
||||
defender: req.body.defender,
|
||||
msg: log('Spying', req.body.attacker, req.body.defender) //TODO: am I using this msg parameter anywhere?
|
||||
});
|
||||
res.end();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
const spyStatusRequest = (connection) => (req, res) => {
|
||||
|
||||
@@ -14,7 +14,7 @@ class PagedCombatLog extends React.Component {
|
||||
};
|
||||
|
||||
if (props.getFetch) {
|
||||
props.getFetch(() => this.sendRequest('/combatlogrequest', {username: props.username, start: props.start, length: props.length}));
|
||||
props.getFetch(() => this.sendRequest('/combatlogrequest', {start: props.start, length: props.length}));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user