From 062dd83d290b970380b9d0372f51724a587c8c0c Mon Sep 17 00:00:00 2001 From: Thibault Duplessis Date: Sat, 16 Jun 2012 19:56:36 +0200 Subject: [PATCH] implement game theft prevention --- app/controllers/Round.scala | 18 ++++++++++-------- app/controllers/Setup.scala | 12 +++++++----- app/controllers/TheftPrevention.scala | 18 ++++++++++++++++++ app/http/Context.scala | 2 ++ todo | 3 +-- 5 files changed, 38 insertions(+), 15 deletions(-) create mode 100644 app/controllers/TheftPrevention.scala diff --git a/app/controllers/Round.scala b/app/controllers/Round.scala index 296e7fe6b7..51e9c2c883 100644 --- a/app/controllers/Round.scala +++ b/app/controllers/Round.scala @@ -13,7 +13,7 @@ import play.api.libs.iteratee._ import play.api.templates.Html import scalaz.effects._ -object Round extends LilaController { +object Round extends LilaController with TheftPrevention { def gameRepo = env.game.gameRepo def socket = env.round.socket @@ -47,12 +47,14 @@ object Round extends LilaController { engine ← pov.opponent.userId.fold( u ⇒ userRepo isEngine u, io(false)) - } yield Ok(html.round.player( - pov, - version(pov.gameId), - engine, - roomHtml map { Html(_) }, - bookmarkers)), + } yield PreventTheft(pov) { + Ok(html.round.player( + pov, + version(pov.gameId), + engine, + roomHtml map { Html(_) }, + bookmarkers)) + }, io(Redirect(routes.Setup.await(fullId))) ) } @@ -135,7 +137,7 @@ object Round extends LilaController { }) } - type IOValidEvents = IO[Valid[List[Event]]] + private type IOValidEvents = IO[Valid[List[Event]]] private def performAndRedirect(fullId: String, op: String ⇒ IOValidEvents) = Action { diff --git a/app/controllers/Setup.scala b/app/controllers/Setup.scala index 8771bfccd2..863365aa98 100644 --- a/app/controllers/Setup.scala +++ b/app/controllers/Setup.scala @@ -10,7 +10,7 @@ import play.api.data.Form import scalaz.effects._ -object Setup extends LilaController { +object Setup extends LilaController with TheftPrevention { def forms = env.setup.formFactory def processor = env.setup.processor @@ -55,10 +55,12 @@ object Setup extends LilaController { IOptionResult(gameRepo pov fullId) { pov ⇒ pov.game.started.fold( Redirect(routes.Round.player(pov.fullId)), - Ok(html.setup.await( - pov, - version(pov.gameId), - friendConfigMemo get pov.game.id)) + PreventTheft(pov) { + Ok(html.setup.await( + pov, + version(pov.gameId), + friendConfigMemo get pov.game.id)) + } ) } } diff --git a/app/controllers/TheftPrevention.scala b/app/controllers/TheftPrevention.scala new file mode 100644 index 0000000000..d1a7ca2065 --- /dev/null +++ b/app/controllers/TheftPrevention.scala @@ -0,0 +1,18 @@ +package controllers + +import lila._ +import views._ +import http.Context +import game.{ DbGame, Pov } + +import play.api.mvc._ +import play.api.mvc.Results.Redirect + +trait TheftPrevention { + + def PreventTheft(pov: Pov)(ok: ⇒ Result)(implicit ctx: Context): Result = + isTheft(pov).fold(Redirect(routes.Round.watcher(pov.gameId, pov.color.name)), ok) + + private def isTheft(pov: Pov)(implicit ctx: Context) = + pov.player.userId != ctx.userId +} diff --git a/app/http/Context.scala b/app/http/Context.scala index 5b571d1008..141f2f7560 100644 --- a/app/http/Context.scala +++ b/app/http/Context.scala @@ -16,6 +16,8 @@ sealed abstract class Context(val req: RequestHeader, val me: Option[User]) { me.fold(Granter(permission), false) def is(user: User) = me == Some(user) + + def userId = me map (_.id) } final class BodyContext(val body: Request[_], m: Option[User]) diff --git a/todo b/todo index 3e09e3f111..e0fc497e0d 100644 --- a/todo +++ b/todo @@ -22,8 +22,7 @@ more infos under realtime games cheater slash timeline best game(s) to watch copy spectator chat to rematch -prevent people giving their friend game await link -advanced board color selector / board colorpicker +advanced board color selector / board colorpicker (http://fr.lichess.org/inbox/mjhlougd) new translations: -rematchOfferCanceled=Rematch offer canceled