X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fproblems.js;h=5f4dd401d184acdb16fca9f66252bbbce84689db;hb=2bb4666e276e837add0958554a11b38f7f4d9357;hp=02088357c30a0bfc637141cffd6749f0e792f5ef;hpb=bd76b45611cbb58dcf774745a4d690277a82aacd;p=vchess.git diff --git a/server/routes/problems.js b/server/routes/problems.js index 02088357..5f4dd401 100644 --- a/server/routes/problems.js +++ b/server/routes/problems.js @@ -1,66 +1,66 @@ -// AJAX methods to get, create, update or delete a problem - let router = require("express").Router(); const access = require("../utils/access"); +const params = require("../config/parameters"); const ProblemModel = require("../models/Problem"); -const sanitizeHtml = require('sanitize-html'); +const sanitizeHtml_pkg = require('sanitize-html'); + +const allowedTags = [ + 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b', + 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table', + 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre' +]; +function sanitizeHtml(text) { + return sanitizeHtml_pkg(text, { allowedTags: allowedTags }); +} -router.get("/problems", (req,res) => { - const probId = req.query["pid"]; - if (!!probId) - { - if (!probId.match(/^[0-9]+$/)) - return res.json({errmsg: "Wrong problem ID"}); - ProblemModel.getOne(req.query["pid"], (err,problem) => { - access.checkRequest(res, err, problem, "Problem not found", () => { - res.json({problem: problem}); - }); +router.post("/problems", access.logged, access.ajax, (req,res) => { + if (ProblemModel.checkProblem(req.body.prob)) { + const problem = { + vid: req.body.prob.vid, + fen: req.body.prob.fen, + uid: req.userId, + instruction: sanitizeHtml(req.body.prob.instruction), + solution: sanitizeHtml(req.body.prob.solution), + }; + ProblemModel.create(problem, (err, ret) => { + res.json(err || ret); }); } else - { - ProblemModel.getAll((err,problems) => { - res.json(err || {problems:problems}); - }); - } + res.json({}); }); -router.post("/problems", access.logged, access.ajax, (req,res) => { - const error = ProblemModel.checkProblem(req.body.prob); - if (!!error) - return res.json({errmsg:error}); - const problem = - { - vid: req.body.prob.vid, - fen: req.body.prob.fen, - uid: req.userId, - instruction: sanitizeHtml(req.body.prob.instruction), - solution: sanitizeHtml(req.body.prob.solution), - }; - ProblemModel.create(problem, (err,ret) => { - return res.json(err || {id:ret.pid}); - }); +router.get("/problems", access.ajax, (req,res) => { + const probId = req.query["id"]; + const cursor = req.query["cursor"]; + if (!!probId && !!probId.match(/^[0-9]+$/)) { + ProblemModel.getOne(probId, (err, problem) => { + res.json(err || {problem: problem}); + }); + } else if (!!cursor && !!cursor.match(/^[0-9]+$/)) { + const onlyMine = (req.query["mode"] == "mine"); + const uid = parseInt(req.query["uid"]); + ProblemModel.getNext(uid, onlyMine, cursor, (err, problems) => { + res.json(err || { problems: problems }); + }); + } }); router.put("/problems", access.logged, access.ajax, (req,res) => { let obj = req.body.prob; - const error = ProblemModel.checkProblem(obj); - if (!!error) - return res.json({errmsg: error}); - obj.instruction = sanitizeHtml(obj.instruction); - obj.solution = sanitizeHtml(obj.solution); - ProblemModel.update(obj, (err) => { - res.json(err || {}); - }); + if (ProblemModel.checkProblem(obj)) { + obj.instruction = sanitizeHtml(obj.instruction); + obj.solution = sanitizeHtml(obj.solution); + ProblemModel.safeUpdate(obj, req.userId, params.devs); + } + res.json({}); }); router.delete("/problems", access.logged, access.ajax, (req,res) => { const pid = req.query.id; - if (!pid.toString().match(/^[0-9]+$/)) - res.json({errmsg: "Bad problem ID"}); - ProblemModel.safeRemove(pid, req.userId, err => { - res.json(err || {}); - }); + if (pid.toString().match(/^[0-9]+$/)) + ProblemModel.safeRemove(pid, req.userId, params.devs); + res.json({}); }); module.exports = router;