[vchess.git] / routes / all.js

let express = require('express');
let router = express.Router();
const createError = require('http-errors');
const sqlite3 = require('sqlite3');//.verbose();
const db = new sqlite3.Database('db/vchess.sqlite');
const sanitizeHtml = require('sanitize-html');

// Home
router.get('/', function(req, res, next) {
	db.serialize(function() {
		db.all("SELECT * FROM Variants", (err,variants) => {
			if (!!err)
				return next(err);
			res.render('index', {
				title: 'club',
				variantArray: variants, //JSON.stringify(variants)
			});
		});
	});
});

// Variant
router.get("/:vname([a-zA-Z0-9]+)", (req,res,next) => {
	const vname = req.params["vname"];
	db.serialize(function() {
		db.all("SELECT * FROM Variants WHERE name='" + vname + "'", (err,variant) => {
			if (!!err)
				return next(err);
			if (!variant || variant.length==0)
				return next(createError(404));
			// TODO (later...) get only n=100(?) most recent problems
			db.all("SELECT * FROM Problems WHERE variant='" + vname + "'",
				(err2,problems) => {
					if (!!err2)
						return next(err2);
					res.render('variant', {
						title: vname + ' Variant',
						variant: vname,
						problemArray: problems,
					});
				}
			);
		});
	});
});

// Load a rules page (AJAX)
router.get("/rules/:variant([a-zA-Z0-9]+)", (req,res) => {
	if (!req.xhr)
		return res.json({errmsg: "Unauthorized access"});
	res.render("rules/" + req.params["variant"]);
});

// Fetch 10 previous or next problems (AJAX)
router.get("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	if (!req.xhr)
		return res.json({errmsg: "Unauthorized access"});
	// TODO: next or previous: in params + timedate (of current oldest or newest)
	db.serialize(function() {
		//TODO
	});
});

// Upload a problem (AJAX)
router.post("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	if (!req.xhr)
		return res.json({errmsg: "Unauthorized access"});
	const vname = req.params["variant"];
	const timestamp = Date.now();
	// Sanitize them
	const fen = req.body["fen"];
	if (!fen.match(/^[a-zA-Z0-9 /]*$/))
		return res.json({errmsg: "Bad characters in FEN string"});
	const instructions = sanitizeHtml(req.body["instructions"]);
	const solution = sanitizeHtml(req.body["solution"]);
	db.serialize(function() {
		let stmt = db.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)");
		stmt.run(timestamp, vname, fen, instructions, solution);
		stmt.finalize();
	});
  res.json({});
});

module.exports = router;
Commit	Line	Data
	1	let express = require('express');
	2	let router = express.Router();
	3	const createError = require('http-errors');
	4	const sqlite3 = require('sqlite3');//.verbose();
	5	const db = new sqlite3.Database('db/vchess.sqlite');
	6	const sanitizeHtml = require('sanitize-html');
	7
	8	// Home
	9	router.get('/', function(req, res, next) {
	10	db.serialize(function() {
	11	db.all("SELECT * FROM Variants", (err,variants) => {
	12	if (!!err)
	13	return next(err);
	14	res.render('index', {
	15	title: 'club',
	16	variantArray: variants, //JSON.stringify(variants)
	17	});
	18	});
	19	});
	20	});
	21
	22	// Variant
	23	router.get("/:vname([a-zA-Z0-9]+)", (req,res,next) => {
	24	const vname = req.params["vname"];
	25	db.serialize(function() {
	26	db.all("SELECT * FROM Variants WHERE name='" + vname + "'", (err,variant) => {
	27	if (!!err)
	28	return next(err);
	29	if (!variant \|\| variant.length==0)
	30	return next(createError(404));
	31	// TODO (later...) get only n=100(?) most recent problems
	32	db.all("SELECT * FROM Problems WHERE variant='" + vname + "'",
	33	(err2,problems) => {
	34	if (!!err2)
	35	return next(err2);
	36	res.render('variant', {
	37	title: vname + ' Variant',
	38	variant: vname,
	39	problemArray: problems,
	40	});
	41	}
	42	);
	43	});
	44	});
	45	});
	46
	47	// Load a rules page (AJAX)
	48	router.get("/rules/:variant([a-zA-Z0-9]+)", (req,res) => {
	49	if (!req.xhr)
	50	return res.json({errmsg: "Unauthorized access"});
	51	res.render("rules/" + req.params["variant"]);
	52	});
	53
	54	// Fetch 10 previous or next problems (AJAX)
	55	router.get("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	56	if (!req.xhr)
	57	return res.json({errmsg: "Unauthorized access"});
	58	// TODO: next or previous: in params + timedate (of current oldest or newest)
	59	db.serialize(function() {
	60	//TODO
	61	});
	62	});
	63
	64	// Upload a problem (AJAX)
	65	router.post("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	66	if (!req.xhr)
	67	return res.json({errmsg: "Unauthorized access"});
	68	const vname = req.params["variant"];
	69	const timestamp = Date.now();
	70	// Sanitize them
	71	const fen = req.body["fen"];
	72	if (!fen.match(/^[a-zA-Z0-9 /]*$/))
	73	return res.json({errmsg: "Bad characters in FEN string"});
	74	const instructions = sanitizeHtml(req.body["instructions"]);
	75	const solution = sanitizeHtml(req.body["solution"]);
	76	db.serialize(function() {
	77	let stmt = db.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)");
	78	stmt.run(timestamp, vname, fen, instructions, solution);
	79	stmt.finalize();
	80	});
	81	res.json({});
	82	});
	83
	84	module.exports = router;