routes/assessments.js

   1 let router = require("express").Router();
   2 const access = require("../utils/access");
   3 const UserModel = require("../models/user");
   4 const AssessmentModel = require("../models/assessment");
   5 const CourseModel = require("../models/course");
   6 const params = require("../config/parameters");
   7 const validator = require("../public/javascripts/utils/validation");
   8 const ObjectId = require("bson-objectid");
   9 const sanitizeHtml = require('sanitize-html');
  10 const sanitizeOpts = {
  11     allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
  12     allowedAttributes: {
  13         img: [ 'src','style' ],
  14         code: [ 'class' ],
  15         table: [ 'class' ],
  16         div: [ 'style' ],
  17     },
  18 };
  19
  20 router.post("/assessments", access.ajax, access.logged, (req,res) => {
  21     const name = req.body["name"];
  22     const cid = req.body["cid"];
  23     let error = validator({cid:cid, name:name}, "Assessment");
  24     if (error.length > 0)
  25         return res.json({errmsg:error});
  26     AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
  27         access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
  28             res.json(assessment);
  29         });
  30     });
  31 });
  32
  33 router.put("/assessments", access.ajax, access.logged, (req,res) => {
  34     const assessment = JSON.parse(req.body["assessment"]);
  35     let error = validator(assessment, "Assessment");
  36     if (error.length > 0)
  37         return res.json({errmsg:error});
  38     assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
  39     assessment.questions.forEach( q => {
  40         q.wording = sanitizeHtml(q.wording, sanitizeOpts);
  41         //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
  42         for (let i=0; i<q.options.length; i++) //if QCM
  43             q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
  44     });
  45     AssessmentModel.update(req.user._id, assessment, (err,ret) => {
  46         access.checkRequest(res, err, ret, "Assessment update failed", () => {
  47             res.json({});
  48         });
  49     });
  50 });
  51
  52 // Generate and set student password, return it
  53 router.put("/assessments/start", access.ajax, (req,res) => {
  54     let number = req.body["number"];
  55     let aid = req.body["aid"];
  56     let password = req.cookies["password"]; //potentially from cookies, resuming
  57     let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
  58     if (error.length > 0)
  59         return res.json({errmsg:error});
  60     AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
  61         access.checkRequest(res,err,ret,"Failed session initialization", () => {
  62             if (!password)
  63             {
  64                 // Set password
  65                 res.cookie("password", ret.password, {
  66                     httpOnly: true,
  67                     maxAge: params.cookieExpire,
  68                 });
  69             }
  70             res.json(ret); //contains password (or paper if resuming)
  71         });
  72     });
  73 });
  74
  75 router.get("/assessments/monitor", access.ajax, (req,res) => {
  76     const password = req.query["password"];
  77     const examName = req.query["aname"];
  78     const courseCode = req.query["ccode"];
  79     const initials = req.query["initials"];
  80     // TODO: sanity checks
  81     CourseModel.getByRefs(initials, courseCode, (err,course) => {
  82         access.checkRequest(res,err,course,"Course not found", () => {
  83             if (password != course.password)
  84                 return res.json({errmsg: "Wrong password"});
  85             AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
  86                 access.checkRequest(res,err2,assessment,"Assessment not found", () => {
  87                     res.json({
  88                         students: course.students,
  89                         assessment: assessment,
  90                         secret: params.secret,
  91                     });
  92                 });
  93             });
  94         });
  95     });
  96 });
  97
  98 router.put("/assessments/answer", access.ajax, (req,res) => {
  99     let aid = req.body["aid"];
 100     let number = req.body["number"];
 101     let password = req.body["password"];
 102     let input = JSON.parse(req.body["answer"]);
 103     let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
 104     if (error.length > 0)
 105         return res.json({errmsg:error});
 106     AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
 107         access.checkRequest(res,err,ret,"Cannot send answer", () => {
 108             res.json({});
 109         });
 110     });
 111 });
 112
 113 router.put("/assessments/end", access.ajax, (req,res) => {
 114     let aid = req.body["aid"];
 115     let number = req.body["number"];
 116     let password = req.body["password"];
 117     let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
 118     if (error.length > 0)
 119         return res.json({errmsg:error});
 120     // Destroy pwd, set endTime
 121     AssessmentModel.endAssessment(ObjectId(aid), number, password, (err,ret) => {
 122         access.checkRequest(res,err,ret,"Cannot end assessment", () => {
 123             res.clearCookie('password');
 124             res.json({});
 125         });
 126     });
 127 });
 128
 129 module.exports = router;