ejnnr / web-chess Goto Github PK

ChessGame.php is quite badly written and should be rewritten in large parts.
I would suggest creating more different classes like ChessMove and unifying the naming of squares.

This is needed to store games efficiently. See https://github.com/jupiter24/web-chess/wiki/BCF

Current Status:

• encode moves (with comments/NAGs)
• encode nodes recursively
• decode moves
• decode move body recursively
• decode annotations
• handle invalid input
• add documentation

There are a few things that don't work in Firefox right now:

1. Polymer and Angular don't get along very well. However this is easy to fix, just load webcomponents.js instead of the lite version.
2. Some Angular bindings don't seem to get updated automatically (i.e. the board doesn't resize properly and the scoresheet as well). I don't know how to fix this yet.
3. merge.js (used by chessground) causes a "too much recursion" error. The reason seems to be that whenever the chessground config (including legal moves, so after every move) is updated, the complete config is merged with itself and then with the new on (see https://github.com/yeikos/js.merge/blob/master/merge.js#L121). Especially the piece list takes a while. Fix: change merge.js (start at index 1 instead of 0 if clone option is false).

So the main problem seems to be number 2 at the moment.

The login functionality should be made more secure, e.g. it should prevent brute force attacks.
It could look roughly as on http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

There are currently a lot of cases where 500 is returned when there would be a better alternative:

• When an invalid game is shown (should be stopped by returning 422 on creation)
• When a non-authenticated user tries to access /api/user (should be 401)
• When trying to access a non-existent resource id (should be 404)

Also 403 should be turned to 401 if the client isn't authenticated.

As you can see on VersionEye,
lots of packages used right now have new version available.

For info on upgrading laravel, see http://laravel.com/docs/5.1/upgrade

Note: phpunit 5 requires PHP 5.6, so make sure you aren't using any older version of php.

This update could also wait a little longer, since security isn't really an issue yet, but laravel 5.1 introduces new authorization features which might be used.

This should also fix the failing build on travis-ci.org

If you change any settings in configuration files on your local machine, like database passwords, you hav to be very careful not to push them to github. That should be changed. I would suggest the following:

1. Rename the current include/config.php to config/config.sample.php (the new config directory isn't a necessity but it's a somewhat better structure)
2. Make config/config.php a symbolic link to config/config.sample.php
3. Change all includes of include/config.php to config/config.php (obviously)
4. Put config/config.php in .gitignore

If you want to change any settings on your local machine, you can now just copy config/config.sample.php to config/config.php and edit this file. Your changes will not be pushed. The symbolic link has the advantage that everything will work right out of the box.

That's the best solution that comes to my mind, but i wanted to ask for your opinion first.

Creating a Tag with an owner_id that doens't exist in the User table should be prevented by Store- and UpadteTagRequest.

When a piece is dragged below the bottom boundary of the chess board, it grows wider as the piece is moved further down.

This is no huge issue as it gets it old size as soon as the piece is dropped or moved back inside but it's a little bit annyoing.

This only seems to happen in Chromium, in Firefox it works as it should.

Users should be able to share games with other users via a link. An alternative would be to use public and add optional password protection, but that seems less convenient.

I don't think this will be in v0.1 though.

If a game/tag is shared with a user (or publicly), the owner's complete model is accessible too using include=owner. Right now this is only the email address but in the future there might be more sensitive information.

Too fix such problems permanently, I propose to authorize every include request using policies.

For a rough overview of features in v0.1 see https://github.com/jupiter24/web-chess/milestones

Obviously there are a lot of things that need to be done before v0.1 is finished. This issue is a collection of everything server-connected.

• complete models
  • Game: add BCF support
• add routes
  • /tags
  • /users
  • /games
  • /user (Requires authentication implemented)
  • /games/{id}/tags
• allow uri parameters
  • include (must be included in Fractal and eager-loaded in Repository)
  • select (Problem: Fractal Transformer expects all fields to be set)
  • search
  • searchFields
  • orderBy
  • direction
  • tag (only for games)
• add missing controllers
  • GameTagController
• User Management
  • create authentication middleware
  • create policies
  • automatically determine owner_id
  • advanced authorization (sharing, different access_levels, ...)
  • don't allow users to tag their games with foreign tags
  • expose sharing functionality via REST API
• create requests for input validation
  • use standard input validation (required, email, ...)
  • create custom validator extensions for jcf,...
• avoid 500 error codes (see #25)
• imrove transformer output (see #26)
• add Pagination
• Chess API:
  • add PGN support (or use frontend js?)
  • change BCF to one char per byte
• add automated tests for REST AP

It would be nice, if there were different themes for the interface to choose from.
we would need to split main.css into one file with general stuff like widths and heights and one with colors, background-images and so on.
I'd suggest to put the themes into a directory called /themes with one subdirectory for each theme. In there would be a css file and a directory for all images needed.
We should probably do this rather quickly, bcause the longer we wait, the more effort will be needed to do this.
The actual implemetation of choosing a theme could be done later, we could just use the standard theme automatically for now.

Since f3b6f7e made the 'salt' column obsolete, we should also remove this column from webchess.sql.

There are several problems with the output that gets sent to the client:

1. IDs should be links to resources
2. owner_ids should be links to resources
3. in summary representations owner_ids should probably be usernames

In include/user_management.php there should be a function called createUser or something like that which creates a new user. It should accept the arguments $username, $password (in clear text) and as an optional argument $email.
The salt should be generated randomly inside the function.
The password field inside the database should be set with "hash('sha512', $password . $salt)" (where $password is the password in clear text).

If index.php is shown in the browser, there's a small white bar at the top, seemingly because 'body' doesn't start right at the top, while html does.
Browser: Firefox 35.0.1
OS: Arch Linux
Screen Resolution: 1366 x 768

Does anyone have an idea what could be causing this problem? Or could someone test this with other browsers/Operating systems?

1. The shadow dropped by #openDatabaseDialog should be dropped by all .dialog elements instead.
2. Dialogs come to the foreground once they're focused (for example right now #openDatabaseDialog is always behind the others). I think there's a jquery-ui option for this (when using draggable)
3. There's no Savebutton.pgn yet.
4. Inside the dialogs there are obviously some design problems

First of all congratulations on your project. I am running Ubuntu 16.04, I cloned the project and completed the steps in the readme file, but I have no idea about how to launch it.
I am familiar with nwjs, node, electron but this one uses none of them.
Would you please tell me how to run it?
Regards.
Kenn

In include/user_management.php there are a lot of PDO statements without try-catch-blocks. They should all have proper exception handling.
For this pupose I'd suggest adding a logging mechanism (i.e. a log file).
Also we should add a webChessException class to catch all exceptions thrown by WebChess.

Tags have the advantage of being way more felxible than Databases because one Game can have multiple Tags.

To change the backend accordingly, the following things need to be done:

• Rename FormRequests
• Delete Database Model and Migrations
• Create Tag Model and Migrations
• Change One-to-Many Relatioship between Game and Database/Tag to Many-to-Many
  • create migration for pivot table
• Change relations in User Model
• Change routes.php

There needs to be a format ChessGame.php saves the current game in. See ejnnr/chessboard#4 for ideas.

The documentation for the REST API on the wiki needs to be updated when the API is done.

(This is about the new UI, to be found in branch feature/angular)

When opening a new tab, I'm unable to move any pieces in this tab until the browser window is resized (going into full screen mode or opening the developer tools also works).
After that everything works fine.
Tested in Chromium (since the new UI doens't work in Firefox anyway).

There are quite a few things to do to complete the function parseAlgebraicMove in include/ChessGame.php.

• the castling routine is incomplete; it needs to check whether castling is a valid move.
• the function needs better exception handling, e.g. exceptions should be thrown if the move in question is not legal or there is more than one move
• of course the function needs to return something instead of showing test output
• annotation symbols need to be parsed too

EDIT: No. 1-3 are done, only the annotation symbols aren't parsed yet

f04010e also added checking whether there's more than one possible move and throwing an exception if so.

Todo list:

• remove ?> from end of files
• add more comments to Position.php (mainly isLegalMove(), attacks(), isAttacked())
• add more tests for Position.php (especially dealing with invalid input of some sort)
• refactor Position.php a bit:
  • use boolean for turn to get rid of ($this->turn == 'w')
  • remove unnecessary check if all kings are on the board in loadFEN()
  • constants for hard-coded squares like g1/e1/... to avoid difficult to understand integer values and things like string2square('e1')
  • constants BLACK_PIECES and WHITE_PIECES (arrays)
• fix bugs (and add tests):
  • Position.php: line 1313: $matches['disambiguationFile'] is treated like an integer
  • Position.php: line 1317: $matches['disambiguationRank'] is treated like a string
  • Position.php: loadFEN(): position is overwritten even if for example there are too many promoted pieces
  • Position.php: loadFEN(): move numbers are treated as strings
  • Position.php: doMove(): en passant is set to 0 instead of ''
• Make starting position default for new Position()
• class Game:
  • doMove($move)
  • get position and move count dynamically
  • actual support for variations
  • headers
  • getJCF()
  • loadJCF($jcf)
• add support for textual comments
• add more tests to almost all classes (using coverage report)