routes/assessments.js

   1 let router = require("express").Router();
   2 const access = require("../utils/access");
   3 const UserModel = require("../models/user");
   4 const AssessmentModel = require("../models/assessment");
   5 const AssessmentEntity = require("../entities/assessment");
   6 const CourseModel = require("../models/course");
   7 const params = require("../config/parameters");
   8 const validator = require("../public/javascripts/utils/validation");
   9 const ObjectId = require("bson-objectid");
  10 const sanitizeHtml = require('sanitize-html');
  11 const sanitizeOpts = {
  12     allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
  13     allowedAttributes: {
  14         img: [ 'src','style' ],
  15         code: [ 'class' ],
  16         table: [ 'class' ],
  17         div: [ 'style' ],
  18     },
  19 };
  20
  21 router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
  22     const name = req.query["name"];
  23     const cid = req.query["cid"];
  24     let error = validator({cid:cid, name:name}, "Assessment");
  25     if (error.length > 0)
  26         return res.json({errmsg:error});
  27     AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
  28         access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
  29             res.json(assessment);
  30         });
  31     });
  32 });
  33
  34 router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
  35     const assessment = JSON.parse(req.body["assessment"]);
  36     let error = validator(assessment, "Assessment");
  37     if (error.length > 0)
  38         return res.json({errmsg:error});
  39     assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
  40     assessment.questions.forEach( q => {
  41         q.wording = sanitizeHtml(q.wording, sanitizeOpts);
  42         //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
  43         for (let i=0; i<q.options.length; i++) //if QCM
  44             q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
  45     });
  46     AssessmentModel.update(req.user._id, assessment, (err,ret) => {
  47         access.checkRequest(res, err, ret, "Assessment update failed", () => {
  48             res.json({});
  49         });
  50     });
  51 });
  52
  53 // Generate and set student password, return it
  54 router.get("/start/assessment", access.ajax, (req,res) => {
  55     let number = req.query["number"];
  56     let aid = req.query["aid"];
  57     let password = req.cookies["password"]; //potentially from cookies, resuming
  58     let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
  59     if (error.length > 0)
  60         return res.json({errmsg:error});
  61     AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
  62         access.checkRequest(res,err,ret,"Failed session initialization", () => {
  63             if (!password)
  64             {
  65                 // Set password
  66                 res.cookie("password", ret.password, {
  67                     httpOnly: true,
  68                     maxAge: params.cookieExpire,
  69                 });
  70             }
  71             res.json(ret); //contains questions+password(or paper if resuming)
  72         });
  73     });
  74 });
  75
  76 router.get("/start/monitoring", access.ajax, (req,res) => {
  77     const password = req.query["password"];
  78     const examName = req.query["aname"];
  79     const courseCode = req.query["ccode"];
  80     const initials = req.query["initials"];
  81     // TODO: sanity checks
  82     CourseModel.getByRefs(initials, courseCode, (err,course) => {
  83         access.checkRequest(res,err,course,"Course not found", () => {
  84             if (password != course.password)
  85                 return res.json({errmsg: "Wrong password"});
  86             AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
  87                 access.checkRequest(res,err2,assessment,"Assessment not found", () => {
  88                     res.json({
  89                         students: course.students,
  90                         assessment: assessment,
  91                         secret: params.secret,
  92                     });
  93                 });
  94             });
  95         });
  96     });
  97 });
  98
  99 router.get("/send/answer", access.ajax, (req,res) => {
 100     let aid = req.query["aid"];
 101     let number = req.query["number"];
 102     let password = req.query["password"];
 103     let input = JSON.parse(req.query["answer"]);
 104     let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
 105     if (error.length > 0)
 106         return res.json({errmsg:error});
 107     AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
 108         access.checkRequest(res,err,ret,"Cannot send answer", () => {
 109             res.json({});
 110         });
 111     });
 112 });
 113
 114 router.get("/end/assessment", access.ajax, (req,res) => {
 115     let aid = req.query["aid"];
 116     let number = req.query["number"];
 117     let password = req.query["password"];
 118     let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
 119     if (error.length > 0)
 120         return res.json({errmsg:error});
 121     // Destroy pwd, set endTime
 122     AssessmentEntity.endAssessment(ObjectId(aid), number, password, (err,ret) => {
 123         access.checkRequest(res,err,ret,"Cannot end assessment", () => {
 124             res.clearCookie('password');
 125             res.json({});
 126         });
 127     });
 128 });
 129
 130 module.exports = router;