implement game theft prevention

2012-06-16 19:56:36 +02:00 · 2012-06-16 19:56:36 +02:00 · 062dd83d29
parent ad7c1a8cdc
commit 062dd83d29
5 changed files with 38 additions and 15 deletions
--- a/app/controllers/Round.scala
+++ b/app/controllers/Round.scala
@ -13,7 +13,7 @@ import play.api.libs.iteratee._
 import play.api.templates.Html
 import scalaz.effects._

-object Round extends LilaController {
+object Round extends LilaController with TheftPrevention {

  def gameRepo = env.game.gameRepo
  def socket = env.round.socket
@ -47,12 +47,14 @@ object Round extends LilaController {
          engine ← pov.opponent.userId.fold(
            u ⇒ userRepo isEngine u,
            io(false))
-        } yield Ok(html.round.player(
-          pov,
-          version(pov.gameId),
-          engine,
-          roomHtml map { Html(_) },
-          bookmarkers)),
+        } yield PreventTheft(pov) {
+          Ok(html.round.player(
+            pov,
+            version(pov.gameId),
+            engine,
+            roomHtml map { Html(_) },
+            bookmarkers))
+        },
        io(Redirect(routes.Setup.await(fullId)))
      )
    }
@ -135,7 +137,7 @@ object Round extends LilaController {
    })
  }

-  type IOValidEvents = IO[Valid[List[Event]]]
+  private type IOValidEvents = IO[Valid[List[Event]]]

  private def performAndRedirect(fullId: String, op: String ⇒ IOValidEvents) =
    Action {
--- a/app/controllers/Setup.scala
+++ b/app/controllers/Setup.scala
@ -10,7 +10,7 @@ import play.api.data.Form

 import scalaz.effects._

-object Setup extends LilaController {
+object Setup extends LilaController with TheftPrevention {

  def forms = env.setup.formFactory
  def processor = env.setup.processor
@ -55,10 +55,12 @@ object Setup extends LilaController {
    IOptionResult(gameRepo pov fullId) { pov ⇒
      pov.game.started.fold(
        Redirect(routes.Round.player(pov.fullId)),
-        Ok(html.setup.await(
-          pov,
-          version(pov.gameId),
-          friendConfigMemo get pov.game.id))
+        PreventTheft(pov) {
+          Ok(html.setup.await(
+            pov,
+            version(pov.gameId),
+            friendConfigMemo get pov.game.id))
+        }
      )
    }
  }
--- a/app/controllers/TheftPrevention.scala
+++ b/app/controllers/TheftPrevention.scala
@ -0,0 +1,18 @@
+package controllers
+
+import lila._
+import views._
+import http.Context
+import game.{ DbGame, Pov }
+
+import play.api.mvc._
+import play.api.mvc.Results.Redirect
+
+trait TheftPrevention {
+
+  def PreventTheft(pov: Pov)(ok: ⇒ Result)(implicit ctx: Context): Result =
+    isTheft(pov).fold(Redirect(routes.Round.watcher(pov.gameId, pov.color.name)), ok)
+
+  private def isTheft(pov: Pov)(implicit ctx: Context) =
+    pov.player.userId != ctx.userId 
+}
--- a/app/http/Context.scala
+++ b/app/http/Context.scala
@ -16,6 +16,8 @@ sealed abstract class Context(val req: RequestHeader, val me: Option[User]) {
    me.fold(Granter(permission), false)

  def is(user: User) = me == Some(user)
+
+  def userId = me map (_.id)
 }

 final class BodyContext(val body: Request[_], m: Option[User]) 
--- a/3
+++ b/3
@ -22,8 +22,7 @@ more infos under realtime games
 cheater slash timeline
 best game(s) to watch
 copy spectator chat to rematch
-prevent people giving their friend game await link
-advanced board color selector / board colorpicker
+advanced board color selector / board colorpicker (http://fr.lichess.org/inbox/mjhlougd)

 new translations:
 -rematchOfferCanceled=Rematch offer canceled