-// Upload a problem (AJAX)
-router.post("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
- if (!req.xhr)
- return res.json({errmsg: "Unauthorized access"});
- const vname = req.params["variant"];
- const timestamp = Date.now();
- // Sanitize them
- const fen = req.body["fen"];
- if (!fen.match(/^[a-zA-Z0-9, /-]*$/))
- return res.json({errmsg: "Bad characters in FEN string"});
- const instructions = sanitizeHtml(req.body["instructions"]).trim();
- const solution = sanitizeHtml(req.body["solution"]).trim();
- if (instructions.length == 0)
- return res.json({errmsg: "Empty instructions"});
- if (solution.length == 0)
- return res.json({errmsg: "Empty solution"});
- db.serialize(function() {
- let stmt = db.prepare("INSERT INTO Problems " +
- "(added,variant,fen,instructions,solution) VALUES (?,?,?,?,?)");
- stmt.run(timestamp, vname, fen, instructions, solution);
- stmt.finalize();
- });
- res.json({});
+// Upload a problem (sanitize inputs)
+router.post("/problems/:vid([0-9]+)", access.logged, access.ajax, (req,res) => {
+ const vid = req.params["vid"];
+ const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]);
+ if (typeof s === "string")
+ return res.json({errmsg: s});
+ ProblemModel.create(vid, s.fen, s.instructions, s.solution);
+ res.json({});
+});
+
+// Update a problem (also sanitize inputs)
+router.put("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => {
+ const pid = req.params["id"]; //problem ID
+ const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]);
+ if (typeof s === "string")
+ return res.json({errmsg: s});
+ ProblemModel.update(pid, req.userId, fen, instructions, solution);
+ res.json({});