codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2025-04-27 14:33:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Put more security on the session submissions and improved simulation status rendering

Browse source
This commit is contained in:
Michael Schmatz 2014-02-20 09:44:44 -08:00
parent 99de854536
commit 7c5192820f
3 changed files with 40 additions and 18 deletions
app
templates/play
ladder.jade
views/play
ladder_view.coffee
server/queues
scoring.coffee

13
app/templates/play/ladder.jade
View file

@ -14,30 +14,33 @@ block content
span Play
span= team.name
table.table.table-bordered.table-condensed
table.table.table-bordered.table-condensed.table-hover
tr
th(colspan=3, style="color: #{team.primaryColor}")
span= team.name
span Leaderboard
tr
th Score
th Name
for session in team.leaderboard.topPlayers.models
- var myRow = session.get('creator') == me.id
tr(class=myRow ? "success" : "")
td.score-cell= session.get('totalScore').toFixed(2)
td= session.get('creatorName')
td= session.get('creatorName') || "Anonymous"
td
if(!myRow)
a(href="/play/level/#{level.get('slug') || level.id}/?team=#{team.otherTeam}&opponent=#{session.id}") COMPETE
a(href="/play/level/#{level.get('slug') || level.id}/?team=#{team.otherTeam}&opponent=#{session.id}") Compete!
else
a(href="/play/ladder/#{levelID}/team/#{team.id}") View details
unless me.attributes.anonymous
hr
button.btn.btn-warning.btn-lg.highlight#simulate-button(style="margin-bottom:10px;") Simulate Games!
p(style="display:inline; margin-left:10px;")
p(id="simulationStatusText", style="display:inline; margin-left:10px;")
if simulationStatus
| #{simulationStatus}
else
| By simulating games you can get your game ranked faster!
if me.isAdmin()
button.btn.btn-warning.btn-lg.highlight#simulate-all-button(style="margin-bottom:10px; float: right;") RESET AND SIMULATE GAMES
button.btn.btn-danger.btn-lg.highlight#simulate-all-button(style="margin-bottom:10px; float: right;") RESET AND SIMULATE GAMES

2
app/views/play/ladder_view.coffee
View file

@ -53,7 +53,7 @@ module.exports = class LadderView extends RootView
@simulationStatus += "..."
catch e
console.log "There was a problem with the named simulation status: #{e}"
@render()
$("#simulationStatusText").text @simulationStatus
constructor: (options, @levelID) ->

43
server/queues/scoring.coffee
View file

@ -26,23 +26,26 @@ connectToScoringQueue = ->
module.exports.createNewTask = (req, res) ->
requestSessionID = req.body.session
if isUserAnonymous req then return errors.forbidden res, "You need to be logged in to be added to the leaderboard"
return errors.badInput res, "The session ID is invalid" unless typeof requestSessionID is "string"
validatePermissions req, requestSessionID, (error, permissionsAreValid) ->
if err? then return errors.serverError res, "There was an error validating permissions"
unless permissionsAreValid then return errors.forbidden res, "You do not have the permissions to submit that game to the leaderboard"
fetchSessionToSubmit requestSessionID, (err, sessionToSubmit) ->
if err? then return errors.serverError res, "There was an error finding the given session."
return errors.badInput res, "The session ID is invalid" unless typeof requestSessionID is "string"
updateSessionToSubmit sessionToSubmit, (err, data) ->
if err? then return errors.serverError res, "There was an error updating the session"
fetchSessionToSubmit requestSessionID, (err, sessionToSubmit) ->
if err? then return errors.serverError res, "There was an error finding the given session."
fetchSessionsToRankAgainst (err, sessionsToRankAgainst) ->
if err? then return errors.serverError res, "There was an error fetching the sessions to rank against"
updateSessionToSubmit sessionToSubmit, (err, data) ->
if err? then return errors.serverError res, "There was an error updating the session"
taskPairs = generateTaskPairs(sessionsToRankAgainst, sessionToSubmit)
sendEachTaskPairToTheQueue taskPairs, (taskPairError) ->
if taskPairError? then return errors.serverError res, "There was an error sending the task pairs to the queue"
fetchSessionsToRankAgainst (err, sessionsToRankAgainst) ->
if err? then return errors.serverError res, "There was an error fetching the sessions to rank against"
sendResponseObject req, res, {"message":"All task pairs were succesfully sent to the queue"}
taskPairs = generateTaskPairs(sessionsToRankAgainst, sessionToSubmit)
sendEachTaskPairToTheQueue taskPairs, (taskPairError) ->
if taskPairError? then return errors.serverError res, "There was an error sending the task pairs to the queue"
sendResponseObject req, res, {"message":"All task pairs were succesfully sent to the queue"}
module.exports.dispatchTaskToConsumer = (req, res) ->
if isUserAnonymous(req) then return errors.forbidden res, "You need to be logged in to simulate games"
@ -95,6 +98,20 @@ module.exports.processTaskResult = (req, res) ->
console.log "Sending response object"
sendResponseObject req, res, {"message":"The scores were updated successfully!"}
validatePermissions = (req, sessionID, callback) ->
if isUserAnonymous req then return callback null, false
if isUserAdmin req then return callback null, true
getIDOfSessionCreator sessionID, (err, sessionCreatorID) ->
if err? then return callback err, sessionCreatorID
callback null, sessionCreatorID is req.user?.id
getIDOfSessionCreator = (session, callback) ->
LevelSession.findOne(_id:session).select('creator').lean().exec (err, data) ->
if err? then return callback err, data
callback err, data.creator
addMatchToSessions = (clientResponseObject, newScoreObject, callback) ->
matchObject = {}
@ -175,6 +192,8 @@ getUserIDFromRequest = (req) -> if req.user? then return req.user._id else retur
isUserAnonymous = (req) -> if req.user? then return req.user.get('anonymous') else return true
isUserAdmin = (req) -> return Boolean(req.user?.isAdmin())
parseTaskQueueMessage = (req, res, message) ->
try
if typeof message.getBody() is "object" then return message.getBody()