commit c04e9b629d8d9293bdb0ab8d565318d512d75dff
parent d365f5313c4de6dd56f76ccac5f8bd68775e7f7e
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Sat, 17 Jun 2023 11:56:06 -0700
Avoid double submission due to network lag
Diffstat:
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/pkg/web/handlers/chess.go b/pkg/web/handlers/chess.go
@@ -429,6 +429,7 @@ button {
htmlTmpl := cssReset + interceptors.ChessCSS + `
<form method="post">
<input type="hidden" name="csrf" value="{{ .CSRF }}" />
+ <input type="hidden" name="move_idx" value="{{ .MoveIdx }}" />
<table class="newBoard">
{{ range $row := .Rows }}
<tr>
@@ -460,10 +461,11 @@ button {
</form>`
data := map[string]any{
- "Rows": []int{0, 1, 2, 3, 4, 5, 6, 7},
- "Cols": []int{0, 1, 2, 3, 4, 5, 6, 7},
- "Key": key,
- "CSRF": csrf,
+ "Rows": []int{0, 1, 2, 3, 4, 5, 6, 7},
+ "Cols": []int{0, 1, 2, 3, 4, 5, 6, 7},
+ "Key": key,
+ "CSRF": csrf,
+ "MoveIdx": len(g.Game.Moves()),
}
fns := template.FuncMap{
diff --git a/pkg/web/handlers/interceptors/chess.go b/pkg/web/handlers/interceptors/chess.go
@@ -647,6 +647,11 @@ func (b *Chess) SendMove(gameKey string, userID database.UserID, g *ChessGame, c
return errors.New("not your turn")
}
+ moveIdx, _ := strconv.Atoi(c.Request().PostFormValue("move_idx"))
+ if moveIdx < len(g.Game.Moves())-1 {
+ return errors.New("double submission")
+ }
+
piecesCache := g.piecesCache
currentPlayer := player1
