Withdraw

1. app.post("/withdraw/:appid", ensureAuthenticated, function(req, res){
2.  
3. var token = req.get("Authorization")
4. , decoded = jwt.verify(token, secret)
5. , steamId = decoded.steamid
6. , appid = req.params.appid;
7.  
8. var withdrawableItems = [];
9. var itemsQuery = [];
10.  
11.  
12. console.log(info("Incoming withdraw from "+steamId+", with "+req.body.items.length+" items."));
13.  
14.  
15. Mongo.query("users", {"steamId": steamId}, function(UserResult){
16. if(UserResult != null && typeof UserResult[0].verified != "undefined" && UserResult[0].verified == true){
17.  
18.  
19. for (var i = req.body.items.length - 1; i >= 0; i--) {
20. itemsQuery.push({"_id": Mongo.fixId(req.body.items[i]._id)});
21. if(req.body.items[i].appid != appid){
22. console.log(error("User "+steamId+" tried to withdraw items. But body.items obj contained mixed appids"));
23. res.json({"successfull": false, "error": "Mixed withdraw items. Only select items from one game."});
24. res.end();
25. return false;
26. }
27. }
28.  
29. Mongo.query("withdraws", {"userId": steamId}, function(withdrawResult){
30. var canWithdraw = false;
31.  
32. if(withdrawResult.length > 0){
33.  
34. var timestamp = new Date(withdrawResult[0]._created);
35. var timestamp = new Date(timestamp.getTime() + 15*60000);
36. var timestampObj = countTime(timestamp);
37.  
38.  
39. if(timestampObj.minutes < 0){
40. canWithdraw = true;
41. }
42. }else{
43. canWithdraw = true;
44. }
45.  
46.  
47.  
48. if(canWithdraw == true){
49. Mongo.query("inventory", {$and : [{"steamId": steamId, "appid": parseInt(appid)}, { "$or" : itemsQuery }]}, function(result){
50.  
51. withdrawableItems = result;
52.  
53. var offer = manager.createOffer(UserResult[0].settings.tradeUrl);
54. var id = makeid();
55.  
56. offer.addMyItems(withdrawableItems);
57. offer.setMessage('Confirm this hash: '+id);
58.  
59. // Send offer
60. offer.send(function(err, status) {
61. if(err) {
62. console.log(error("Tried do send a trade-offer to "+UserResult[0].settings.tradeUrl+ ", SteamAPI did not allow."));
63.  
64. res.json({"successfull": false, "error": err});
65. res.end();
66. return;
67. }
68.  
69. //if(status == 'pending') {
70. // h1z1._bots[index].community.acceptConfirmationForObject(_get_identity_secret(h1z1._config['bots'][index].accountName), offer.id);
71. //}
72.  
73. for (var i = withdrawableItems.length - 1; i >= 0; i--) {
74. Mongo.delete("inventory", {"_id": Mongo.fixId(withdrawableItems[i]._id)}, function(result){});
75. }
76.  
77. Mongo.insert("withdraws", {
78. "offerId":offer.id,
79. "userId": offer.partner.getSteamID64(),
80. "items": withdrawableItems,
81. "status": offer.state
82. }, function(result){
83.  
84. });
85.  
86. res.json({"successfull": true, "offerId": offer.id, "hash": id});
87. res.end();
88.  
89. });
90.  
91.  
92. });
93. }else{
94.  
95. }
96.  
97. }, {"_created": -1});
98.  
99.  
100. }else{
101. console.log(error("Incoming deposit from "+steamId+", with "+req.body.items.length+" items could not go through. The user does not exists in the DB."));
102.  
103. res.json({"successfull": false, "error": "Could not fetch user"});
104. res.end();
105. }
106. });
107. });