routes/all.js

   1 let express = require('express');
   2 let router = express.Router();
   3 const createError = require('http-errors');
   4 const sqlite3 = require('sqlite3');//.verbose();
   5 const db = new sqlite3.Database('db/vchess.sqlite');
   6 const sanitizeHtml = require('sanitize-html');
   7
   8 // Home
   9 router.get('/', function(req, res, next) {
  10     db.serialize(function() {
  11         db.all("SELECT * FROM Variants", (err,variants) => {
  12             if (!!err)
  13                 return next(err);
  14             res.render('index', {
  15                 title: 'club',
  16                 variantArray: variants, //JSON.stringify(variants)
  17             });
  18         });
  19     });
  20 });
  21
  22 // Variant
  23 router.get("/:vname([a-zA-Z0-9]+)", (req,res,next) => {
  24     const vname = req.params["vname"];
  25     db.serialize(function() {
  26         db.all("SELECT * FROM Variants WHERE name='" + vname + "'", (err,variant) => {
  27             if (!!err)
  28                 return next(err);
  29             if (!variant || variant.length==0)
  30                 return next(createError(404));
  31             db.all("SELECT * FROM Problems WHERE variant='" + vname + "'",
  32                 (err2,problems) => {
  33                     if (!!err2)
  34                         return next(err2);
  35                     res.render('variant', {
  36                         title: vname + ' Variant',
  37                         variant: vname,
  38                         problemArray: problems,
  39                     });
  40                 }
  41             );
  42         });
  43     });
  44 });
  45
  46 // Load a rules page (AJAX)
  47 router.get("/rules/:variant([a-zA-Z0-9]+)", (req,res) => {
  48     if (!req.xhr)
  49         return res.json({errmsg: "Unauthorized access"});
  50     res.render("rules/" + req.params["variant"]);
  51 });
  52
  53 // Fetch 10 previous or next problems (AJAX)
  54 router.get("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
  55     if (!req.xhr)
  56         return res.json({errmsg: "Unauthorized access"});
  57     // TODO: next or previous: in params + timedate (of current oldest or newest)
  58 });
  59
  60 // Upload a problem (AJAX)
  61 router.post("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
  62     if (!req.xhr)
  63         return res.json({errmsg: "Unauthorized access"});
  64     const vname = req.params["variant"];
  65
  66     // TODO: get parameters and sanitize them
  67     sanitizeHtml(req.body["fen"]); // [/a-z0-9 ]*
  68     sanitizeHtml(req.body["instructions"]);
  69     db.serialize(function() {
  70         let stmt = db.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)");
  71         stmt.run(timestamp, vname, fen, instructions, solution);
  72         stmt.finalize();
  73     });
  74   res.json({});
  75 });
  76
  77
  78 module.exports = router;