Commit | Line | Data |
---|---|---|
8d7e2786 BA |
1 | // AJAX methods to get, create, update or delete a problem |
2 | ||
298c42e6 | 3 | let router = require("express").Router(); |
8d7e2786 BA |
4 | const access = require("../utils/access"); |
5 | const ProblemModel = require("../models/Problem"); | |
298c42e6 BA |
6 | const sanitizeHtml = require('sanitize-html'); |
7 | const MaxNbProblems = 20; | |
8 | ||
582df349 BA |
9 | function sanitizeUserInput(fen, instructions, solution) |
10 | { | |
11 | if (!fen.match(/^[a-zA-Z0-9, /-]*$/)) | |
12 | return "Bad characters in FEN string"; | |
13 | instructions = sanitizeHtml(instructions); | |
14 | solution = sanitizeHtml(solution); | |
15 | if (instructions.length == 0) | |
16 | return "Empty instructions"; | |
17 | if (solution.length == 0) | |
18 | return "Empty solution"; | |
19 | return { | |
20 | fen: fen, | |
21 | instructions: instructions, | |
22 | solution: solution | |
23 | }; | |
24 | } | |
25 | ||
26 | // Get one problem (TODO: vid unused, here for URL de-ambiguification) | |
27 | router.get("/problems/:vid([0-9]+)/:id([0-9]+)", access.ajax, (req,res) => { | |
28 | const pid = req.params["id"]; | |
29 | ProblemModel.getOne(pid, (err,problem) => { | |
936dc463 BA |
30 | if (!!err) |
31 | return res.json(err); | |
32 | return res.json({problem: problem}); | |
33 | }); | |
34 | }); | |
35 | ||
8d7e2786 | 36 | // Fetch N previous or next problems |
582df349 BA |
37 | router.get("/problems/:vid([0-9]+)", access.ajax, (req,res) => { |
38 | const vid = req.params["vid"]; | |
298c42e6 BA |
39 | const directionStr = (req.query.direction == "forward" ? ">" : "<"); |
40 | const lastDt = req.query.last_dt; | |
936dc463 | 41 | const type = req.query.type; |
298c42e6 BA |
42 | if (!lastDt.match(/[0-9]+/)) |
43 | return res.json({errmsg: "Bad timestamp"}); | |
936dc463 BA |
44 | if (!["others","mine"].includes(type)) |
45 | return res.json({errmsg: "Bad type"}); | |
582df349 | 46 | ProblemModel.fetchN(vid, req.userId, type, directionStr, lastDt, MaxNbProblems, |
936dc463 BA |
47 | (err,problems) => { |
48 | if (!!err) | |
49 | return res.json(err); | |
50 | return res.json({problems: problems}); | |
51 | } | |
52 | ); | |
298c42e6 BA |
53 | }); |
54 | ||
8d7e2786 | 55 | // Upload a problem (sanitize inputs) |
582df349 BA |
56 | router.post("/problems/:vid([0-9]+)", access.logged, access.ajax, (req,res) => { |
57 | const vid = req.params["vid"]; | |
8d7e2786 BA |
58 | const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]); |
59 | if (typeof s === "string") | |
60 | return res.json({errmsg: s}); | |
582df349 | 61 | ProblemModel.create(vid, s.fen, s.instructions, s.solution); |
8d7e2786 | 62 | res.json({}); |
298c42e6 BA |
63 | }); |
64 | ||
8d7e2786 BA |
65 | // Update a problem (also sanitize inputs) |
66 | router.put("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => { | |
67 | const pid = req.params["id"]; //problem ID | |
68 | const s = sanitizeUserInput(req.body["fen"], req.body["instructions"], req.body["solution"]); | |
69 | if (typeof s === "string") | |
70 | return res.json({errmsg: s}); | |
c018b304 | 71 | ProblemModel.update(pid, req.userId, fen, instructions, solution); |
8d7e2786 BA |
72 | res.json({}); |
73 | }); | |
74 | ||
75 | // Delete a problem | |
76 | router.delete("/problems/:id([0-9]+)", access.logged, access.ajax, (req,res) => { | |
77 | const pid = req.params["id"]; //problem ID | |
c018b304 | 78 | ProblemModel.delete(pid, req.userId); |
8d7e2786 BA |
79 | res.json({}); |
80 | }); | |
298c42e6 BA |
81 | |
82 | module.exports = router; |