[vchess.git] / server / routes / problems.js

let router = require("express").Router();
const access = require("../utils/access");
const params = require("../config/parameters");
const ProblemModel = require("../models/Problem");
const sanitizeHtml_pkg = require('sanitize-html');

const allowedTags = [
  'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b',
  'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table',
  'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
];
function sanitizeHtml(text) {
  return sanitizeHtml_pkg(text, { allowedTags: allowedTags });
}

router.post("/problems", access.logged, access.ajax, (req,res) => {
  if (ProblemModel.checkProblem(req.body.prob)) {
    const problem = {
      vid: req.body.prob.vid,
      fen: req.body.prob.fen,
      uid: req.userId,
      instruction: sanitizeHtml(req.body.prob.instruction),
      solution: sanitizeHtml(req.body.prob.solution),
    };
    ProblemModel.create(problem, (err, ret) => {
      res.json(err || ret);
    });
  }
  else
    res.json({});
});

router.get("/problems", access.ajax, (req,res) => {
  const probId = req.query["id"];
  const cursor = req.query["cursor"];
  if (!!probId && !!probId.match(/^[0-9]+$/)) {
    ProblemModel.getOne(probId, (err, problem) => {
      res.json(err || {problem: problem});
    });
  } else if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
    const onlyMine = (req.query["mode"] == "mine");
    const uid = parseInt(req.query["uid"]);
    ProblemModel.getNext(uid, onlyMine, cursor, (err, problems) => {
      res.json(err || { problems: problems });
    });
  }
});

router.put("/problems", access.logged, access.ajax, (req,res) => {
  let obj = req.body.prob;
  if (ProblemModel.checkProblem(obj)) {
    obj.instruction = sanitizeHtml(obj.instruction);
    obj.solution = sanitizeHtml(obj.solution);
    ProblemModel.safeUpdate(obj, req.userId, params.devs);
  }
  res.json({});
});

router.delete("/problems", access.logged, access.ajax, (req,res) => {
  const pid = req.query.id;
  if (pid.toString().match(/^[0-9]+$/))
    ProblemModel.safeRemove(pid, req.userId, params.devs);
  res.json({});
});

module.exports = router;
Commit	Line	Data
89021f18 BA	1	let router = require("express").Router();
89021f18 BA	2	const access = require("../utils/access");
a9e79351	3	const params = require("../config/parameters");
89021f18	4	const ProblemModel = require("../models/Problem");
ad65975c BA	5	const sanitizeHtml_pkg = require('sanitize-html');
	6
	7	const allowedTags = [
	8	'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b',
	9	'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table',
	10	'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
	11	];
	12	function sanitizeHtml(text) {
	13	return sanitizeHtml_pkg(text, { allowedTags: allowedTags });
	14	}
89021f18	15
866842c3	16	router.post("/problems", access.logged, access.ajax, (req,res) => {
0234201f BA	17	if (ProblemModel.checkProblem(req.body.prob)) {
0234201f BA	18	const problem = {
866842c3 BA	19	vid: req.body.prob.vid,
	20	fen: req.body.prob.fen,
	21	uid: req.userId,
	22	instruction: sanitizeHtml(req.body.prob.instruction),
	23	solution: sanitizeHtml(req.body.prob.solution),
	24	};
0234201f BA	25	ProblemModel.create(problem, (err, ret) => {
0234201f BA	26	res.json(err \|\| ret);
866842c3 BA	27	});
	28	}
	29	else
	30	res.json({});
	31	});
	32
e57c4de4	33	router.get("/problems", access.ajax, (req,res) => {
84fc0f02	34	const probId = req.query["id"];
68e19a44 BA	35	const cursor = req.query["cursor"];
68e19a44 BA	36	if (!!probId && !!probId.match(/^[0-9]+$/)) {
84fc0f02	37	ProblemModel.getOne(probId, (err, problem) => {
866842c3	38	res.json(err \|\| {problem: problem});
89021f18	39	});
68e19a44	40	} else if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
84fc0f02 BA	41	const onlyMine = (req.query["mode"] == "mine");
	42	const uid = parseInt(req.query["uid"]);
	43	ProblemModel.getNext(uid, onlyMine, cursor, (err, problems) => {
0234201f	44	res.json(err \|\| { problems: problems });
89021f18 BA	45	});
	46	}
	47	});
	48
89021f18	49	router.put("/problems", access.logged, access.ajax, (req,res) => {
604b951e	50	let obj = req.body.prob;
0234201f	51	if (ProblemModel.checkProblem(obj)) {
866842c3 BA	52	obj.instruction = sanitizeHtml(obj.instruction);
866842c3 BA	53	obj.solution = sanitizeHtml(obj.solution);
a9e79351	54	ProblemModel.safeUpdate(obj, req.userId, params.devs);
866842c3 BA	55	}
866842c3 BA	56	res.json({});
89021f18 BA	57	});
	58
	59	router.delete("/problems", access.logged, access.ajax, (req,res) => {
	60	const pid = req.query.id;
866842c3	61	if (pid.toString().match(/^[0-9]+$/))
a9e79351	62	ProblemModel.safeRemove(pid, req.userId, params.devs);
866842c3	63	res.json({});
89021f18 BA	64	});
	65
	66	module.exports = router;