projects / vchess.git / blame
| Commit | Line | Data |
|---|---|---|
| 8d7e2786 BA |
1 | // AJAX methods to get, create, update or delete a problem |
| 2 | ||
| 298c42e6 | 3 | let router = require("express").Router(); |
| 8d7e2786 BA |
4 | const access = require("../utils/access"); |
| 5 | const ProblemModel = require("../models/Problem"); | |
| 298c42e6 BA |
6 | const sanitizeHtml = require('sanitize-html'); |
| 7 | const MaxNbProblems = 20; | |
| 8 | ||
| 582df349 BA |
9 | function sanitizeUserInput(fen, instructions, solution) |
| 10 | { | |
| 11 | if (!fen.match(/^[a-zA-Z0-9, /-]*$/)) | |
| 12 | return "Bad characters in FEN string"; | |
| 13 | instructions = sanitizeHtml(instructions); | |
| 14 | solution = sanitizeHtml(solution); | |
| 15 | if (instructions.length == 0) | |
| 16 | return "Empty instructions"; | |
| 17 | if (solution.length == 0) | |
| 18 | return "Empty solution"; | |
| 19 | return { | |
| 20 | fen: fen, | |
| 21 | instructions: instructions, | |
| 22 | solution: solution | |
| 23 | }; | |
| 24 | } | |
| 25 | ||
| 26 | // Get one problem (TODO: vid unused, here for URL de-ambiguification) | |
| 27 | router.get("/problems/:vid([0-9]+)/:id([0-9]+)", access.ajax, (req,res) => { | |
| 28 | const pid = req.params["id"]; | |
| 29 | ProblemModel.getOne(pid, (err,problem) => { | |
| 936dc463 BA |
30 | if (!!err) |
| 31 | return res.json(err); | |
| 32 | return res.json({problem: problem}); | |
| 33 | }); | |
| 34 | }); | |
| 35 | ||
| 8d7e2786 | 36 | // Fetch N previous or next problems |
| 582df349 BA |
37 | router.get("/problems/:vid([0-9]+)", access.ajax, (req,res) => { |
| 38 | const vid = req.params["vid"]; | |
| 298c42e6 BA |
39 | const directionStr = (req.query.direction == "forward" ? ">" : "<"); |
| 40 | const lastDt = req.query.last_dt; | |
| 936dc463 | 41 | const type = req.query.type; |
| 298c42e6 BA |
42 | if (!lastDt.match(/[0-9]+/)) |
| 43 | return res.json({errmsg: "Bad timestamp"}); | |
| 936dc463 BA |
44 | if (!["others","mine"].includes(type)) |
| 45 | return res.json({errmsg: "Bad type"}); | |
| 582df349 | 46 | ProblemModel.fetchN(vid, req.userId, type, directionStr, lastDt, MaxNbProblems, |
| 936dc463 BA |
47 | (err,problems) => { |
| 48 | if (!!err) | |
| 49 | return res.json(err); | |
| 50 | return res.json({problems: problems}); | |
| 51 | } | |
| 52 | ); | |
| 298c42e6 BA |
53 | }); |
| 54 | ||
| 8d7e2786 | 55 | // Upload a problem (sanitize inputs) |
| 582df349 BA |
56 | router.post("/problems/:vid([0-9]+)", access.logged, access.ajax, (req,res) => { |
| 57 | const vid = req.params["vid"]; | |
| badeb466 BA |
58 | const s = sanitizeUserInput( |
| 59 | req.body["fen"], req.body["instructions"], req.body["solution"]); | |
| 8d7e2786 BA |
60 | if (typeof s === "string") |
| 61 | return res.json({errmsg: s}); | |
| badeb466 BA |
62 | ProblemModel.create(req.userId, vid, s.fen, s.instructions, s.solution, |
| 63 | (err,pid) => { | |
| 64 | if (!!err) | |
| 65 | return res.json(err); | |
| 66 | res.json({id: pid["rowid"]}); | |
| 67 | } | |
| 68 | ); | |
| 298c42e6 BA |
69 | }); |
| 70 | ||
| 8d7e2786 BA |
71 | // Update a problem (also sanitize inputs) |
| 72 | router.put("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => { | |
| 73 | const pid = req.params["id"]; //problem ID | |
| badeb466 BA |
74 | const s = sanitizeUserInput( |
| 75 | req.body["fen"], req.body["instructions"], req.body["solution"]); | |
| 8d7e2786 BA |
76 | if (typeof s === "string") |
| 77 | return res.json({errmsg: s}); | |
| badeb466 BA |
78 | ProblemModel.update(pid, req.userId, s.fen, s.instructions, s.solution, |
| 79 | err => { | |
| 80 | if (!!err) | |
| 81 | return res.json(err); | |
| 82 | res.json({}); | |
| 83 | } | |
| 84 | ); | |
| 8d7e2786 BA |
85 | }); |
| 86 | ||
| 87 | // Delete a problem | |
| 88 | router.delete("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => { | |
| 89 | const pid = req.params["id"]; //problem ID | |
| badeb466 | 90 | ProblemModel.remove(pid, req.userId); |
| 8d7e2786 BA |
91 | res.json({}); |
| 92 | }); | |
| 298c42e6 BA |
93 | |
| 94 | module.exports = router; |