server/routes/problems.js

   1 let router = require("express").Router();
   2 const access = require("../utils/access");
   3 const params = require("../config/parameters");
   4 const ProblemModel = require("../models/Problem");
   5 const sanitizeHtml_pkg = require('sanitize-html');
   6
   7 const allowedTags = [
   8   'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b',
   9   'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table',
  10   'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
  11 ];
  12 function sanitizeHtml(text) {
  13   return sanitizeHtml_pkg(text, { allowedTags: allowedTags });
  14 }
  15
  16 router.post("/problems", access.logged, access.ajax, (req,res) => {
  17   if (ProblemModel.checkProblem(req.body.prob)) {
  18     const problem = {
  19       vid: req.body.prob.vid,
  20       fen: req.body.prob.fen,
  21       uid: req.userId,
  22       instruction: sanitizeHtml(req.body.prob.instruction),
  23       solution: sanitizeHtml(req.body.prob.solution),
  24     };
  25     ProblemModel.create(problem, (err, ret) => {
  26       res.json(err || ret);
  27     });
  28   }
  29   else
  30     res.json({});
  31 });
  32
  33 router.get("/problems", access.ajax, (req,res) => {
  34   const probId = req.query["id"];
  35   const cursor = req.query["cursor"];
  36   if (!!probId && !!probId.match(/^[0-9]+$/)) {
  37     ProblemModel.getOne(probId, (err, problem) => {
  38       res.json(err || {problem: problem});
  39     });
  40   } else if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
  41     const onlyMine = (req.query["mode"] == "mine");
  42     const uid = parseInt(req.query["uid"]);
  43     ProblemModel.getNext(uid, onlyMine, cursor, (err, problems) => {
  44       res.json(err || { problems: problems });
  45     });
  46   }
  47 });
  48
  49 router.put("/problems", access.logged, access.ajax, (req,res) => {
  50   let obj = req.body.prob;
  51   if (ProblemModel.checkProblem(obj)) {
  52     obj.instruction = sanitizeHtml(obj.instruction);
  53     obj.solution = sanitizeHtml(obj.solution);
  54     ProblemModel.safeUpdate(obj, req.userId, params.devs);
  55   }
  56   res.json({});
  57 });
  58
  59 router.delete("/problems", access.logged, access.ajax, (req,res) => {
  60   const pid = req.query.id;
  61   if (pid.toString().match(/^[0-9]+$/))
  62     ProblemModel.safeRemove(pid, req.userId, params.devs);
  63   res.json({});
  64 });
  65
  66 module.exports = router;