Commit | Line | Data |
---|---|---|
da06a6eb BA |
1 | let express = require('express'); |
2 | let router = express.Router(); | |
3 | const createError = require('http-errors'); | |
4 | const sqlite3 = require('sqlite3');//.verbose(); | |
5 | const db = new sqlite3.Database('db/vchess.sqlite'); | |
6 | const sanitizeHtml = require('sanitize-html'); | |
1d184b4c BA |
7 | |
8 | // Home | |
9 | router.get('/', function(req, res, next) { | |
da06a6eb BA |
10 | db.serialize(function() { |
11 | db.all("SELECT * FROM Variants", (err,variants) => { | |
12 | if (!!err) | |
13 | return next(err); | |
14 | res.render('index', { | |
15 | title: 'club', | |
16 | variantArray: variants, //JSON.stringify(variants) | |
17 | }); | |
18 | }); | |
1d184b4c BA |
19 | }); |
20 | }); | |
21 | ||
22 | // Variant | |
15c1295a | 23 | router.get("/:vname([a-zA-Z0-9]+)", (req,res,next) => { |
1d184b4c | 24 | const vname = req.params["vname"]; |
da06a6eb BA |
25 | db.serialize(function() { |
26 | db.all("SELECT * FROM Variants WHERE name='" + vname + "'", (err,variant) => { | |
27 | if (!!err) | |
28 | return next(err); | |
29 | if (!variant || variant.length==0) | |
30 | return next(createError(404)); | |
31 | db.all("SELECT * FROM Problems WHERE variant='" + vname + "'", | |
32 | (err2,problems) => { | |
33 | if (!!err2) | |
34 | return next(err2); | |
35 | res.render('variant', { | |
36 | title: vname + ' Variant', | |
37 | variant: vname, | |
38 | problemArray: problems, | |
39 | }); | |
40 | } | |
41 | ); | |
42 | }); | |
1d184b4c BA |
43 | }); |
44 | }); | |
45 | ||
46 | // Load a rules page (AJAX) | |
47 | router.get("/rules/:variant([a-zA-Z0-9]+)", (req,res) => { | |
da06a6eb BA |
48 | if (!req.xhr) |
49 | return res.json({errmsg: "Unauthorized access"}); | |
50 | res.render("rules/" + req.params["variant"]); | |
51 | }); | |
52 | ||
53 | // Fetch 10 previous or next problems (AJAX) | |
54 | router.get("/problems/:variant([a-zA-Z0-9]+)", (req,res) => { | |
55 | if (!req.xhr) | |
56 | return res.json({errmsg: "Unauthorized access"}); | |
57 | // TODO: next or previous: in params + timedate (of current oldest or newest) | |
1d184b4c BA |
58 | }); |
59 | ||
da06a6eb BA |
60 | // Upload a problem (AJAX) |
61 | router.post("/problems/:variant([a-zA-Z0-9]+)", (req,res) => { | |
62 | if (!req.xhr) | |
63 | return res.json({errmsg: "Unauthorized access"}); | |
64 | const vname = req.params["variant"]; | |
65 | ||
66 | // TODO: get parameters and sanitize them | |
67 | sanitizeHtml(req.body["fen"]); // [/a-z0-9 ]* | |
68 | sanitizeHtml(req.body["instructions"]); | |
69 | db.serialize(function() { | |
70 | let stmt = db.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)"); | |
71 | stmt.run(timestamp, vname, fen, instructions, solution); | |
72 | stmt.finalize(); | |
73 | }); | |
74 | res.json({}); | |
75 | }); | |
76 | ||
77 | ||
1d184b4c | 78 | module.exports = router; |