+/* Redirect any requests to a game ID at the top-level.
+ *
+ * Specifically, after obtaining the game ID (from the path) we simply
+ * lookup the game engine for the corresponding game and then redirect
+ * to the engine- and game-specific path.
+ */
+app.get('/[a-zA-Z0-9]{4}', (request, response) => {
+ const game_id = request.path.replace(/\//g, "");
+ const canon_id = lmno_canonize(game_id);
+
+ /* Redirect user to page with the canonical ID in it. */
+ if (game_id !== canon_id) {
+ response.redirect(301, `/${canon_id}/`);
+ return;
+ }
+
+ const game = lmno.games[game_id];
+ if (game === undefined) {
+ response.sendStatus(404);
+ return;
+ }
+ response.redirect(301, `/${game.meta.identifier}/${game.id}/`);
+});
+
+/* LMNO middleware to lookup the game. */
+app.use('/:engine([^/]+)/:game_id([a-zA-Z0-9]{4})', (request, response, next) => {
+ const engine = request.params.engine;
+ const game_id = request.params.game_id;
+ const canon_id = lmno_canonize(game_id);
+
+ /* Redirect user to page with the canonical ID in it, also ensuring
+ * that the game ID is _always_ followed by a slash. */
+ const has_slash = new RegExp(`^/${engine}/${game_id}/`);
+ if (game_id !== canon_id ||
+ ! has_slash.test(request.originalUrl))
+ {
+ const old_path = new RegExp(`/${engine}/${game_id}/?`);
+ const new_path = `/${engine}/${canon_id}/`;
+ const new_url = request.originalUrl.replace(old_path, new_path);
+ response.redirect(301, new_url);
+ return;
+ }
+
+ /* See if there is any game with this ID. */
+ const game = lmno.games[game_id];
+ if (game === undefined) {
+ response.sendStatus(404);
+ return;
+ }
+
+ /* Stash the game onto the request to be used by the game-specific code. */
+ request.game = game;
+ next();
+});
+
+function auth_admin(request, response, next) {
+ /* If there is no user associated with this session, redirect to the login
+ * page (and set a "next" query parameter so we can come back here).
+ */
+ if (! request.session.user) {
+ response.redirect(302, "/login?next=" + request.path);
+ return;
+ }
+
+ /* If the user is logged in but not authorized to view the page then
+ * we return that error. */
+ if (request.session.user.role !== "admin") {
+ response.status(401).send("Unauthorized");
+ return;
+ }
+ next();
+}
+
+app.get('/logout', (request, response) => {
+ request.session.user = undefined;
+ request.session.destroy();
+
+ response.send("You are now logged out.");
+});
+
+app.get('/login', (request, response) => {
+ if (request.session.user) {
+ response.send("Welcome, " + request.session.user + ".");
+ return;
+ }
+
+ response.render('login.html');
+});
+
+app.post('/login', async (request, response) => {
+ const username = request.body.username;
+ const password = request.body.password;
+ const user = lmno_config.users[username];
+ if (! user) {
+ response.sendStatus(404);
+ return;
+ }
+ const match = await bcrypt.compare(password, user.password_hash_bcrypt);
+ if (! match) {
+ response.sendStatus(404);
+ return;
+ }
+ request.session.user = { username: user.username, role: user.role };
+ response.sendStatus(200);
+ return;
+});
+
+/* API to set uer profile information */
+app.put('/profile', (request, response) => {
+ const nickname = request.body.nickname;
+ if (nickname) {
+ request.session.nickname = nickname;
+ request.session.save();
+ }
+ response.send();
+});
+
+/* An admin page (only available to admin users, of course) */
+app.get('/admin/', auth_admin, (request, response) => {
+ let active = [];
+ let idle = [];
+
+ for (let id in lmno.games) {
+ if (lmno.games[id].players.length)
+ active.push(lmno.games[id]);
+ else
+ idle.push(lmno.games[id]);
+ }
+ response.render('admin.html', { test: "foobar", games: { active: active, idle: idle}});
+});
+
+
+/* Mount sub apps. only _after_ we have done all the middleware we need. */
+for (let key in engines) {
+ const engine = engines[key];
+ const router = engine.router;
+
+ /* Add routes that are common to all games. */
+ router.get('/', (request, response) => {
+ const game = request.game;
+
+ if (! request.session.nickname)
+ response.render('choose-nickname.html', { game_name: game.meta.name });
+ else
+ response.render(`${game.meta.identifier}-game.html`);
+ });
+
+ router.put('/player', (request, response) => {
+ const game = request.game;
+
+ game.handle_player(request, response);
+ });
+
+ router.get('/events', (request, response) => {
+ const game = request.game;
+
+ game.handle_events(request, response);
+ });
+
+ /* Further, add some routes conditionally depending on whether the
+ * engine provides specific, necessary methods for the routes. */
+
+ /* Note: We have to use hasOwnProperty here since the base Game
+ * class has a geeric add_move function, and we don't want that to
+ * have any influence on our decision. Only if the child has
+ * overridden that do we want to create a "/move" route. */
+ if (engine.prototype.hasOwnProperty("add_move")) {
+ router.post('/move', (request, response) => {
+ const game = request.game;
+ const move = request.body.move;
+ const player = game.players_by_session[request.session.id];
+
+ /* Reject move if there is no player for this session. */
+ if (! player) {
+ response.json({legal: false, message: "No valid player from session"});
+ return;
+ }
+
+ const result = game.add_move(player, move);
+
+ /* Take care of any generic post-move work. */
+ game.post_move(player, result);
+
+ /* Feed move response back to the client. */
+ response.json(result);
+
+ /* And only if legal, inform all clients. */
+ if (! result.legal)
+ return;
+
+ game.broadcast_move(move);
+ });
+ }
+
+ /* And mount the whole router at the path for the game. */
+ app.use(`/${engine.meta.identifier}/[a-zA-Z0-9]{4}/`, router);
+}
+