routes/assessments.js

   1 let router = require("express").Router();
   2 const access = require("../utils/access");
   3 const UserModel = require("../models/user");
   4 const AssessmentModel = require("../models/assessment");
   5 const AssessmentEntity = require("../entities/assessment");
   6 const CourseModel = require("../models/course");
   7 const params = require("../config/parameters");
   8 const validator = require("../public/javascripts/utils/validation");
   9 const ObjectId = require("bson-objectid");
  10 const sanitizeHtml = require('sanitize-html');
  11 const sanitizeOpts = {
  12     allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
  13     allowedAttributes: {
  14         img: [ 'src','style' ],
  15         code: [ 'class' ],
  16         table: [ 'class' ],
  17         div: [ 'style' ],
  18     },
  19 };
  20
  21 router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
  22     const name = req.query["name"];
  23     const cid = req.query["cid"];
  24     let error = validator({cid:cid, name:name}, "Assessment");
  25     if (error.length > 0)
  26         return res.json({errmsg:error});
  27     AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
  28         access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
  29             res.json(assessment);
  30         });
  31     });
  32 });
  33
  34 router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
  35     const assessment = JSON.parse(req.body["assessment"]);
  36     let error = validator(assessment, "Assessment");
  37     if (error.length > 0)
  38         return res.json({errmsg:error});
  39     assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
  40     assessment.conclusion = sanitizeHtml(assessment.conclusion, sanitizeOpts);
  41     assessment.questions.forEach( q => {
  42         q.wording = sanitizeHtml(q.wording, sanitizeOpts);
  43         //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
  44         for (let i=0; i<q.options.length; i++) //if QCM
  45             q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
  46     });
  47     AssessmentModel.update(req.user._id, assessment, (err,ret) => {
  48         access.checkRequest(res, err, ret, "Assessment update failed", () => {
  49             res.json({});
  50         });
  51     });
  52 });
  53
  54 // Generate and set student password, return it
  55 router.get("/start/assessment", access.ajax, (req,res) => {
  56     let number = req.query["number"];
  57     let aid = req.query["aid"];
  58     let password = req.cookies["password"]; //potentially from cookies, resuming
  59     let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
  60     if (error.length > 0)
  61         return res.json({errmsg:error});
  62     AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
  63         access.checkRequest(res,err,ret,"Failed session initialization", () => {
  64             if (!password)
  65             {
  66                 // Set password
  67                 res.cookie("password", ret.password, {
  68                     httpOnly: true,
  69                     maxAge: params.cookieExpire,
  70                 });
  71             }
  72             res.json(ret); //contains questions+password(or paper if resuming)
  73         });
  74     });
  75 });
  76
  77 router.get("/start/monitoring", access.ajax, (req,res) => {
  78     const password = req.query["password"];
  79     const examName = req.query["aname"];
  80     const courseCode = req.query["ccode"];
  81     const initials = req.query["initials"];
  82     // TODO: sanity checks
  83     CourseModel.getByRefs(initials, courseCode, (err,course) => {
  84         access.checkRequest(res,err,course,"Course not found", () => {
  85             if (password != course.password)
  86                 return res.json({errmsg: "Wrong password"});
  87             AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
  88                 access.checkRequest(res,err2,assessment,"Assessment not found", () => {
  89                     res.json({
  90                         students: course.students,
  91                         assessment: assessment,
  92                         secret: params.secret,
  93                     });
  94                 });
  95             });
  96         });
  97     });
  98 });
  99
 100 router.get("/send/answer", access.ajax, (req,res) => {
 101     let aid = req.query["aid"];
 102     let number = req.query["number"];
 103     let password = req.query["password"];
 104     let input = JSON.parse(req.query["answer"]);
 105     let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
 106     if (error.length > 0)
 107         return res.json({errmsg:error});
 108     AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
 109         access.checkRequest(res,err,ret,"Cannot send answer", () => {
 110             res.json({});
 111         });
 112     });
 113 });
 114
 115 router.get("/end/assessment", access.ajax, (req,res) => {
 116     let aid = req.query["aid"];
 117     let number = req.query["number"];
 118     let password = req.query["password"];
 119     let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
 120     if (error.length > 0)
 121         return res.json({errmsg:error});
 122     // Destroy pwd, set endTime, return conclusion
 123     AssessmentModel.endSession(ObjectId(aid), number, password, (err,conclusion) => {
 124         access.checkRequest(res,err,conclusion,"Cannot end assessment", () => {
 125             res.clearCookie('password');
 126             res.json(conclusion);
 127         });
 128     });
 129 });
 130
 131 module.exports = router;