refacto: Replaced useless DB queries by websocket calls + patching WS auth-token leak

2026-04-01 18:47:37 +02:00
parent e28a2d6e9c
commit f161ccb0f0
33 changed files with 6246 additions and 43 deletions
--- a/server/routes/game.js
+++ b/server/routes/game.js
@@ -42,6 +42,7 @@ import {
 } from "../db/usersDb.js";
 import { computeCell, rowToCellPayload } from "../helpers/cell.js";
 import { computeTeamMilitaryPower } from "../helpers/economy.js";
+import { broadcast, broadcastToTeam } from "../ws/hub.js";

 const router = express.Router();

@@ -95,7 +96,7 @@ router.get("/config", async (req, res) => {
      databaseWipeoutIntervalSeconds: rot,
      debugModeForTeams: cfg.debugModeForTeams,
      configReloadIntervalSeconds: cfg.configReloadIntervalSeconds,
-      worldSeed: ws.worldSeed,
+      worldSeed,
      seedPeriodEndsAtUtc: ws.seedPeriodEndsAtUtc,
      seedPeriodStartsAtUtc: ws.seedPeriodStartsAtUtc,
      actionsRemaining,
@@ -193,6 +194,11 @@ router.post("/cell/reveal", authMiddleware, async (req, res) => {
    const existing = await getExistingCell(seed, x, y);
    if (!existing) return res.status(500).json({ error: "insert_race" });

+    broadcastToTeam(team, "cell-updated", {
+      worldSeed,
+      cell: rowToCellPayload(existing),
+    });
+
    return res.json(rowToCellPayload(existing));
  } catch (e) {
    console.error(e);
@@ -258,10 +264,32 @@ router.post("/cell/capture", authMiddleware, async (req, res) => {

    const updatedCell = await getExistingCell(worldSeed, x, y);
    const updatedTeamRow = await getTeamActionsRow(team);
+    const updatedCellPayload = rowToCellPayload(updatedCell);
+
+    // Team that made the capture always gets the update.
+    broadcastToTeam(team, "cell-updated", {
+      worldSeed,
+      cell: updatedCellPayload,
+    });
+
+    // Opponent receives the update only if that team had visibility on this cell.
+    const opposingTeam = team === "blue" ? "red" : "blue";
+    const opposingVisible = await checkTeamVisibility(worldSeed, opposingTeam, x, y);
+    if (opposingVisible) {
+      broadcastToTeam(opposingTeam, "cell-updated", {
+        worldSeed,
+        cell: updatedCellPayload,
+      });
+    }
+
+    broadcastToTeam(team, "team-quota-updated", {
+      team,
+      actionsRemaining: updatedTeamRow?.actions_remaining ?? null,
+    });

    res.json({
      success: true,
-      cell: rowToCellPayload(updatedCell),
+      cell: updatedCellPayload,
      teamActionsRemaining: updatedTeamRow?.actions_remaining ?? null,
    });
  } catch (e) {
@@ -476,10 +504,30 @@ router.post("/military/attack", authMiddleware, async (req, res) => {

    const deductions  = await getMilitaryDeductions(worldSeed);
    const updatedCell = await getExistingCell(worldSeed, x, y);
+    const updatedCellPayload = rowToCellPayload(updatedCell);
+
+    broadcast("military-deductions-updated", {
+      worldSeed,
+      deductions,
+    });
+
+    broadcastToTeam(attackingTeam, "cell-updated", {
+      worldSeed,
+      cell: updatedCellPayload,
+    });
+
+    const opposingTeam = attackingTeam === "blue" ? "red" : "blue";
+    const opposingVisible = await checkTeamVisibility(worldSeed, opposingTeam, x, y);
+    if (opposingVisible) {
+      broadcastToTeam(opposingTeam, "cell-updated", {
+        worldSeed,
+        cell: updatedCellPayload,
+      });
+    }

    res.json({
      success: true,
-      cell: rowToCellPayload(updatedCell),
+      cell: updatedCellPayload,
      deductions,
    });
  } catch (e) {