[vchess.git] / routes / problems.js

// AJAX methods to get, create, update or delete a problem

let router = require("express").Router();
const access = require("../utils/access");
const ProblemModel = require("../models/Problem");
const sanitizeHtml = require('sanitize-html');
const MaxNbProblems = 20;

// Get one problem
router.get("/problems/:vname([a-zA-Z0-9]+)/:pnum([0-9]+)", access.ajax, (req,res) => {
	const vname = req.params["vname"];
	const pnum = req.params["pnum"];
	ProblemModel.getOne(vname, pnum, (err,problem) => {
		if (!!err)
			return res.json(err);
		return res.json({problem: problem});
	});
});

// Fetch N previous or next problems
router.get("/problems/:vname([a-zA-Z0-9]+)", access.ajax, (req,res) => {
	const vname = req.params["vname"];
	const directionStr = (req.query.direction == "forward" ? ">" : "<");
	const lastDt = req.query.last_dt;
	const type = req.query.type;
	if (!lastDt.match(/[0-9]+/))
		return res.json({errmsg: "Bad timestamp"});
	if (!["others","mine"].includes(type))
		return res.json({errmsg: "Bad type"});
	ProblemModel.fetchN(vname, req.userId, type, directionStr, lastDt, MaxNbProblems,
		(err,problems) => {
			if (!!err)
				return res.json(err);
			return res.json({problems: problems});
		}
	);
});

function sanitizeUserInput(fen, instructions, solution)
{
	if (!fen.match(/^[a-zA-Z0-9, /-]*$/))
		return "Bad characters in FEN string";
	instructions = sanitizeHtml(instructions);
	solution = sanitizeHtml(solution);
	if (instructions.length == 0)
		return "Empty instructions";
	if (solution.length == 0)
		return "Empty solution";
	return {
		fen: fen,
		instructions: instructions,
		solution: solution
	};
}

// Upload a problem (sanitize inputs)
router.post("/problems/:vname([a-zA-Z0-9]+)", access.logged, access.ajax, (req,res) => {
	const vname = req.params["vname"];
	const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]);
	if (typeof s === "string")
		return res.json({errmsg: s});
  ProblemModel.create(vname, s.fen, s.instructions, s.solution);
	res.json({});
});

// Update a problem (also sanitize inputs)
router.put("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => {
	const pid = req.params["id"]; //problem ID
	const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]);
	if (typeof s === "string")
		return res.json({errmsg: s});
	ProblemModel.update(pid, req.userId, fen, instructions, solution);
	res.json({});
});

// Delete a problem
router.delete("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => {
	const pid = req.params["id"]; //problem ID
  ProblemModel.delete(pid, req.userId);
	res.json({});
});

module.exports = router;
Commit	Line	Data
8d7e2786 BA	1	// AJAX methods to get, create, update or delete a problem
8d7e2786 BA	2
298c42e6	3	let router = require("express").Router();
8d7e2786 BA	4	const access = require("../utils/access");
8d7e2786 BA	5	const ProblemModel = require("../models/Problem");
298c42e6 BA	6	const sanitizeHtml = require('sanitize-html');
	7	const MaxNbProblems = 20;
	8
936dc463 BA	9	// Get one problem
	10	router.get("/problems/:vname([a-zA-Z0-9]+)/:pnum([0-9]+)", access.ajax, (req,res) => {
	11	const vname = req.params["vname"];
	12	const pnum = req.params["pnum"];
	13	ProblemModel.getOne(vname, pnum, (err,problem) => {
	14	if (!!err)
	15	return res.json(err);
	16	return res.json({problem: problem});
	17	});
	18	});
	19
8d7e2786 BA	20	// Fetch N previous or next problems
	21	router.get("/problems/:vname([a-zA-Z0-9]+)", access.ajax, (req,res) => {
	22	const vname = req.params["vname"];
298c42e6 BA	23	const directionStr = (req.query.direction == "forward" ? ">" : "<");
298c42e6 BA	24	const lastDt = req.query.last_dt;
936dc463	25	const type = req.query.type;
298c42e6 BA	26	if (!lastDt.match(/[0-9]+/))
298c42e6 BA	27	return res.json({errmsg: "Bad timestamp"});
936dc463 BA	28	if (!["others","mine"].includes(type))
	29	return res.json({errmsg: "Bad type"});
	30	ProblemModel.fetchN(vname, req.userId, type, directionStr, lastDt, MaxNbProblems,
	31	(err,problems) => {
	32	if (!!err)
	33	return res.json(err);
	34	return res.json({problems: problems});
	35	}
	36	);
298c42e6 BA	37	});
298c42e6 BA	38
8d7e2786 BA	39	function sanitizeUserInput(fen, instructions, solution)
8d7e2786 BA	40	{
298c42e6	41	if (!fen.match(/^[a-zA-Z0-9, /-]*$/))
8d7e2786 BA	42	return "Bad characters in FEN string";
	43	instructions = sanitizeHtml(instructions);
	44	solution = sanitizeHtml(solution);
298c42e6	45	if (instructions.length == 0)
8d7e2786	46	return "Empty instructions";
298c42e6	47	if (solution.length == 0)
8d7e2786 BA	48	return "Empty solution";
	49	return {
	50	fen: fen,
	51	instructions: instructions,
	52	solution: solution
	53	};
	54	}
	55
	56	// Upload a problem (sanitize inputs)
	57	router.post("/problems/:vname([a-zA-Z0-9]+)", access.logged, access.ajax, (req,res) => {
	58	const vname = req.params["vname"];
	59	const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]);
	60	if (typeof s === "string")
	61	return res.json({errmsg: s});
	62	ProblemModel.create(vname, s.fen, s.instructions, s.solution);
	63	res.json({});
298c42e6 BA	64	});
298c42e6 BA	65
8d7e2786 BA	66	// Update a problem (also sanitize inputs)
	67	router.put("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => {
	68	const pid = req.params["id"]; //problem ID
	69	const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]);
	70	if (typeof s === "string")
	71	return res.json({errmsg: s});
c018b304	72	ProblemModel.update(pid, req.userId, fen, instructions, solution);
8d7e2786 BA	73	res.json({});
	74	});
	75
	76	// Delete a problem
	77	router.delete("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => {
	78	const pid = req.params["id"]; //problem ID
c018b304	79	ProblemModel.delete(pid, req.userId);
8d7e2786 BA	80	res.json({});
8d7e2786 BA	81	});
298c42e6 BA	82
298c42e6 BA	83	module.exports = router;