[qomet.git] / routes / assessments.js

let router = require("express").Router();
const access = require("../utils/access");
const UserModel = require("../models/user");
const AssessmentModel = require("../models/assessment");
const AssessmentEntity = require("../entities/assessment");
const CourseModel = require("../models/course");
const params = require("../config/parameters");
const validator = require("../public/javascripts/utils/validation");
const ObjectId = require("bson-objectid");
const sanitizeHtml = require('sanitize-html');
const sanitizeOpts = {
	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
	allowedAttributes: {
		img: [ 'src','style' ],
		code: [ 'class' ],
		table: [ 'class' ],
		div: [ 'style' ],
	},
};

router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
	const name = req.query["name"];
	const cid = req.query["cid"];
	let error = validator({cid:cid, name:name}, "Assessment");
	if (error.length > 0)
		return res.json({errmsg:error});
	AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
		access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
			res.json(assessment);
		});
	});
});

router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
	const assessment = JSON.parse(req.body["assessment"]);
	let error = validator(assessment, "Assessment");
	if (error.length > 0)
		return res.json({errmsg:error});
	assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
	assessment.questions.forEach( q => {
		q.wording = sanitizeHtml(q.wording, sanitizeOpts);
		//q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
		for (let i=0; i<q.options.length; i++) //if QCM
			q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
	});
	AssessmentModel.update(req.user._id, assessment, (err,ret) => {
		access.checkRequest(res, err, ret, "Assessment update failed", () => {
			res.json({});
		});
	});
});

// Generate and set student password, return it
router.get("/start/assessment", access.ajax, (req,res) => {
	let number = req.query["number"];
	let aid = req.query["aid"];
	let password = req.cookies["password"]; //potentially from cookies, resuming
	let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
	if (error.length > 0)
		return res.json({errmsg:error});
	AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
		access.checkRequest(res,err,ret,"Failed session initialization", () => {
			if (!password)
			{
				// Set password
				res.cookie("password", ret.password, {
					httpOnly: true,
					maxAge: params.cookieExpire,
				});
			}
			res.json(ret); //contains questions+password(or paper if resuming)
		});
	});
});

router.get("/start/monitoring", access.ajax, (req,res) => {
	const password = req.query["password"];
	const examName = req.query["aname"];
	const courseCode = req.query["ccode"];
	const initials = req.query["initials"];
	// TODO: sanity checks
	CourseModel.getByRefs(initials, courseCode, (err,course) => {
		access.checkRequest(res,err,course,"Course not found", () => {
			if (password != course.password)
				return res.json({errmsg: "Wrong password"});
			AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
				access.checkRequest(res,err2,assessment,"Assessment not found", () => {
					res.json({
						students: course.students,
						assessment: assessment,
						secret: params.secret,
					});
				});
			});
		});
	});
});

router.get("/send/answer", access.ajax, (req,res) => {
	let aid = req.query["aid"];
	let number = req.query["number"];
	let password = req.query["password"];
	let input = JSON.parse(req.query["answer"]);
	let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
	if (error.length > 0)
		return res.json({errmsg:error});
	AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
		access.checkRequest(res,err,ret,"Cannot send answer", () => {
			res.json({});
		});
	});
});

router.get("/end/assessment", access.ajax, (req,res) => {
	let aid = req.query["aid"];
	let number = req.query["number"];
	let password = req.query["password"];
	let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
	if (error.length > 0)
		return res.json({errmsg:error});
	// Destroy pwd, set endTime
	AssessmentEntity.endAssessment(ObjectId(aid), number, password, (err,ret) => {
		access.checkRequest(res,err,ret,"Cannot end assessment", () => {
			res.clearCookie('password');
			res.json({});
		});
	});
});

module.exports = router;
Commit	Line	Data
e99c53fb BA	1	let router = require("express").Router();
	2	const access = require("../utils/access");
	3	const UserModel = require("../models/user");
	4	const AssessmentModel = require("../models/assessment");
	5	const AssessmentEntity = require("../entities/assessment");
	6	const CourseModel = require("../models/course");
	7	const params = require("../config/parameters");
	8	const validator = require("../public/javascripts/utils/validation");
	9	const ObjectId = require("bson-objectid");
	10	const sanitizeHtml = require('sanitize-html');
6bf4a38e	11	const sanitizeOpts = {
71d1ca9c BA	12	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
71d1ca9c BA	13	allowedAttributes: {
8a2b3260	14	img: [ 'src','style' ],
71d1ca9c BA	15	code: [ 'class' ],
71d1ca9c BA	16	table: [ 'class' ],
8a2b3260	17	div: [ 'style' ],
71d1ca9c	18	},
6bf4a38e	19	};
e99c53fb BA	20
	21	router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
	22	const name = req.query["name"];
	23	const cid = req.query["cid"];
	24	let error = validator({cid:cid, name:name}, "Assessment");
	25	if (error.length > 0)
	26	return res.json({errmsg:error});
	27	AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
	28	access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
	29	res.json(assessment);
	30	});
	31	});
	32	});
	33
	34	router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
	35	const assessment = JSON.parse(req.body["assessment"]);
	36	let error = validator(assessment, "Assessment");
	37	if (error.length > 0)
	38	return res.json({errmsg:error});
e99c53fb	39	assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
e99c53fb BA	40	assessment.questions.forEach( q => {
	41	q.wording = sanitizeHtml(q.wording, sanitizeOpts);
	42	//q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
	43	for (let i=0; i<q.options.length; i++) //if QCM
	44	q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
	45	});
	46	AssessmentModel.update(req.user._id, assessment, (err,ret) => {
	47	access.checkRequest(res, err, ret, "Assessment update failed", () => {
	48	res.json({});
	49	});
	50	});
	51	});
	52
	53	// Generate and set student password, return it
	54	router.get("/start/assessment", access.ajax, (req,res) => {
	55	let number = req.query["number"];
	56	let aid = req.query["aid"];
f03a2ad9 BA	57	let password = req.cookies["password"]; //potentially from cookies, resuming
f03a2ad9 BA	58	let error = validator({ _id:aid, papers:[{number:number,password:password \|\| "samplePwd"}] }, "Assessment");
e99c53fb BA	59	if (error.length > 0)
e99c53fb BA	60	return res.json({errmsg:error});
f03a2ad9	61	AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
e99c53fb	62	access.checkRequest(res,err,ret,"Failed session initialization", () => {
f03a2ad9 BA	63	if (!password)
	64	{
	65	// Set password
	66	res.cookie("password", ret.password, {
	67	httpOnly: true,
	68	maxAge: params.cookieExpire,
	69	});
	70	}
	71	res.json(ret); //contains questions+password(or paper if resuming)
e99c53fb BA	72	});
	73	});
	74	});
	75
71d1ca9c BA	76	router.get("/start/monitoring", access.ajax, (req,res) => {
	77	const password = req.query["password"];
	78	const examName = req.query["aname"];
	79	const courseCode = req.query["ccode"];
	80	const initials = req.query["initials"];
	81	// TODO: sanity checks
	82	CourseModel.getByRefs(initials, courseCode, (err,course) => {
	83	access.checkRequest(res,err,course,"Course not found", () => {
	84	if (password != course.password)
	85	return res.json({errmsg: "Wrong password"});
	86	AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
	87	access.checkRequest(res,err2,assessment,"Assessment not found", () => {
	88	res.json({
	89	students: course.students,
	90	assessment: assessment,
	91	secret: params.secret,
	92	});
	93	});
	94	});
	95	});
	96	});
	97	});
	98
e99c53fb BA	99	router.get("/send/answer", access.ajax, (req,res) => {
	100	let aid = req.query["aid"];
	101	let number = req.query["number"];
	102	let password = req.query["password"];
	103	let input = JSON.parse(req.query["answer"]);
	104	let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
	105	if (error.length > 0)
	106	return res.json({errmsg:error});
f03a2ad9	107	AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
e99c53fb BA	108	access.checkRequest(res,err,ret,"Cannot send answer", () => {
	109	res.json({});
	110	});
	111	});
	112	});
	113
	114	router.get("/end/assessment", access.ajax, (req,res) => {
	115	let aid = req.query["aid"];
	116	let number = req.query["number"];
	117	let password = req.query["password"];
	118	let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
	119	if (error.length > 0)
	120	return res.json({errmsg:error});
db5571d6	121	// Destroy pwd, set endTime
7a7dc732	122	AssessmentEntity.endAssessment(ObjectId(aid), number, password, (err,ret) => {
db5571d6	123	access.checkRequest(res,err,ret,"Cannot end assessment", () => {
e99c53fb	124	res.clearCookie('password');
db5571d6	125	res.json({});
e99c53fb BA	126	});
	127	});
	128	});
	129
	130	module.exports = router;