X-Git-Url: https://git.auder.net/?a=blobdiff_plain;ds=sidebyside;f=server%2Froutes%2Fproblems.js;h=02088357c30a0bfc637141cffd6749f0e792f5ef;hb=ae2c49bb0bbaac3953f63be5b720e9c6835f00b6;hp=777543b109b65bb2c3896f072bdb120883975123;hpb=625022fdcf750f0aff8fcd699f7e9b89730e1d10;p=vchess.git

diff --git a/server/routes/problems.js b/server/routes/problems.js
index 777543b1..02088357 100644
--- a/server/routes/problems.js
+++ b/server/routes/problems.js
@@ -4,91 +4,63 @@ let router = require("express").Router();
 const access = require("../utils/access");
 const ProblemModel = require("../models/Problem");
 const sanitizeHtml = require('sanitize-html');
-const MaxNbProblems = 20;
 
-function sanitizeUserInput(fen, instructions, solution)
-{
-	if (!fen.match(/^[a-zA-Z0-9, /-]*$/))
-		return "Bad characters in FEN string";
-	instructions = sanitizeHtml(instructions);
-	solution = sanitizeHtml(solution);
-	if (instructions.length == 0)
-		return "Empty instructions";
-	if (solution.length == 0)
-		return "Empty solution";
-	return {
-		fen: fen,
-		instructions: instructions,
-		solution: solution
-	};
-}
-
-// Get one problem (TODO: vid unused, here for URL de-ambiguification)
-router.get("/problems/:vid([0-9]+)/:id([0-9]+)", access.ajax, (req,res) => {
-	const pid = req.params["id"];
-	ProblemModel.getOne(pid, (err,problem) => {
-		if (!!err)
-			return res.json(err);
-		return res.json({problem: problem});
-	});
-});
-
-// Fetch N previous or next problems
-router.get("/problems/:vid([0-9]+)", access.ajax, (req,res) => {
-	const vid = req.params["vid"];
-	const directionStr = (req.query.direction == "forward" ? ">" : "<");
-	const lastDt = req.query.last_dt;
-	const type = req.query.type;
-	if (!lastDt.match(/[0-9]+/))
-		return res.json({errmsg: "Bad timestamp"});
-	if (!["others","mine"].includes(type))
-		return res.json({errmsg: "Bad type"});
-	ProblemModel.fetchN(vid, req.userId, type, directionStr, lastDt, MaxNbProblems,
-		(err,problems) => {
-			if (!!err)
-				return res.json(err);
-			return res.json({problems: problems});
-		}
-	);
+router.get("/problems", (req,res) => {
+  const probId = req.query["pid"];
+  if (!!probId)
+  {
+    if (!probId.match(/^[0-9]+$/))
+      return res.json({errmsg: "Wrong problem ID"});
+    ProblemModel.getOne(req.query["pid"], (err,problem) => {
+      access.checkRequest(res, err, problem, "Problem not found", () => {
+        res.json({problem: problem});
+      });
+    });
+  }
+  else
+  {
+    ProblemModel.getAll((err,problems) => {
+      res.json(err || {problems:problems});
+    });
+  }
 });
 
-// Upload a problem (sanitize inputs)
-router.post("/problems/:vid([0-9]+)", access.logged, access.ajax, (req,res) => {
-	const vid = req.params["vid"];
-	const s = sanitizeUserInput(
-		req.body["fen"], req.body["instructions"], req.body["solution"]);
-	if (typeof s === "string")
-		return res.json({errmsg: s});
-  ProblemModel.create(req.userId, vid, s.fen, s.instructions, s.solution,
-		(err,pid) => {
-			if (!!err)
-				return res.json(err);
-			res.json({id: pid["rowid"]});
-		}
-	);
+router.post("/problems", access.logged, access.ajax, (req,res) => {
+  const error = ProblemModel.checkProblem(req.body.prob);
+  if (!!error)
+    return res.json({errmsg:error});
+  const problem =
+  {
+    vid: req.body.prob.vid,
+    fen: req.body.prob.fen,
+    uid: req.userId,
+    instruction: sanitizeHtml(req.body.prob.instruction),
+    solution: sanitizeHtml(req.body.prob.solution),
+  };
+  ProblemModel.create(problem, (err,ret) => {
+    return res.json(err || {id:ret.pid});
+  });
 });
 
-// Update a problem (also sanitize inputs)
-router.put("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => {
-	const pid = req.params["id"]; //problem ID
-	const s = sanitizeUserInput(
-		req.body["fen"], req.body["instructions"], req.body["solution"]);
-	if (typeof s === "string")
-		return res.json({errmsg: s});
-	ProblemModel.update(pid, req.userId, s.fen, s.instructions, s.solution,
-		err => {
-			if (!!err)
-				return res.json(err);
-			res.json({});
-		}
-	);
+router.put("/problems", access.logged, access.ajax, (req,res) => {
+  let obj = req.body.prob;
+  const error = ProblemModel.checkProblem(obj);
+  if (!!error)
+    return res.json({errmsg: error});
+  obj.instruction = sanitizeHtml(obj.instruction);
+  obj.solution = sanitizeHtml(obj.solution);
+  ProblemModel.update(obj, (err) => {
+    res.json(err || {});
+  });
 });
 
-// Delete a problem
-router.delete("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => {
-	const pid = req.params["id"]; //problem ID
-  ProblemModel.remove(pid, req.userId);
-	res.json({});
+router.delete("/problems", access.logged, access.ajax, (req,res) => {
+  const pid = req.query.id;
+  if (!pid.toString().match(/^[0-9]+$/))
+    res.json({errmsg: "Bad problem ID"});
+  ProblemModel.safeRemove(pid, req.userId, err => {
+    res.json(err || {});
+  });
 });
 
 module.exports = router;