refactoring, better README (breaking commit...)
[qomet.git] / routes / assessments.js
... / ...
CommitLineData
1let router = require("express").Router();
2const access = require("../utils/access");
3const UserModel = require("../models/user");
4const AssessmentModel = require("../models/assessment");
5const CourseModel = require("../models/course");
6const params = require("../config/parameters");
7const validator = require("../public/javascripts/utils/validation");
8const ObjectId = require("bson-objectid");
9const sanitizeHtml = require('sanitize-html');
10const sanitizeOpts = {
11 allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
12 allowedAttributes: {
13 img: [ 'src','style' ],
14 code: [ 'class' ],
15 table: [ 'class' ],
16 div: [ 'style' ],
17 },
18};
19
20router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
21 const name = req.query["name"];
22 const cid = req.query["cid"];
23 let error = validator({cid:cid, name:name}, "Assessment");
24 if (error.length > 0)
25 return res.json({errmsg:error});
26 AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
27 access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
28 res.json(assessment);
29 });
30 });
31});
32
33router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
34 const assessment = JSON.parse(req.body["assessment"]);
35 let error = validator(assessment, "Assessment");
36 if (error.length > 0)
37 return res.json({errmsg:error});
38 assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
39 assessment.questions.forEach( q => {
40 q.wording = sanitizeHtml(q.wording, sanitizeOpts);
41 //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
42 for (let i=0; i<q.options.length; i++) //if QCM
43 q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
44 });
45 AssessmentModel.update(req.user._id, assessment, (err,ret) => {
46 access.checkRequest(res, err, ret, "Assessment update failed", () => {
47 res.json({});
48 });
49 });
50});
51
52// Generate and set student password, return it
53router.get("/start/assessment", access.ajax, (req,res) => {
54 let number = req.query["number"];
55 let aid = req.query["aid"];
56 let password = req.cookies["password"]; //potentially from cookies, resuming
57 let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
58 if (error.length > 0)
59 return res.json({errmsg:error});
60 AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
61 access.checkRequest(res,err,ret,"Failed session initialization", () => {
62 if (!password)
63 {
64 // Set password
65 res.cookie("password", ret.password, {
66 httpOnly: true,
67 maxAge: params.cookieExpire,
68 });
69 }
70 res.json(ret); //contains password (or paper if resuming)
71 });
72 });
73});
74
75router.get("/start/monitoring", access.ajax, (req,res) => {
76 const password = req.query["password"];
77 const examName = req.query["aname"];
78 const courseCode = req.query["ccode"];
79 const initials = req.query["initials"];
80 // TODO: sanity checks
81 CourseModel.getByRefs(initials, courseCode, (err,course) => {
82 access.checkRequest(res,err,course,"Course not found", () => {
83 if (password != course.password)
84 return res.json({errmsg: "Wrong password"});
85 AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
86 access.checkRequest(res,err2,assessment,"Assessment not found", () => {
87 res.json({
88 students: course.students,
89 assessment: assessment,
90 secret: params.secret,
91 });
92 });
93 });
94 });
95 });
96});
97
98router.get("/send/answer", access.ajax, (req,res) => {
99 let aid = req.query["aid"];
100 let number = req.query["number"];
101 let password = req.query["password"];
102 let input = JSON.parse(req.query["answer"]);
103 let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
104 if (error.length > 0)
105 return res.json({errmsg:error});
106 AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
107 access.checkRequest(res,err,ret,"Cannot send answer", () => {
108 res.json({});
109 });
110 });
111});
112
113router.get("/end/assessment", access.ajax, (req,res) => {
114 let aid = req.query["aid"];
115 let number = req.query["number"];
116 let password = req.query["password"];
117 let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
118 if (error.length > 0)
119 return res.json({errmsg:error});
120 // Destroy pwd, set endTime
121 AssessmentModel.endAssessment(ObjectId(aid), number, password, (err,ret) => {
122 access.checkRequest(res,err,ret,"Cannot end assessment", () => {
123 res.clearCookie('password');
124 res.json({});
125 });
126 });
127});
128
129module.exports = router;