[vchess.git] / routes / all.js

let express = require('express');
let router = express.Router();
const createError = require('http-errors');
const sqlite3 = require('sqlite3');//.verbose();
const db = new sqlite3.Database('db/vchess.sqlite');
const sanitizeHtml = require('sanitize-html');

// Home
router.get('/', function(req, res, next) {
	db.serialize(function() {
		db.all("SELECT * FROM Variants", (err,variants) => {
			if (!!err)
				return next(err);
			res.render('index', {
				title: 'club',
				variantArray: variants, //JSON.stringify(variants)
			});
		});
	});
});

// Variant
router.get("/:vname([a-zA-Z0-9]+)", (req,res,next) => {
	const vname = req.params["vname"];
	db.serialize(function() {
		db.all("SELECT * FROM Variants WHERE name='" + vname + "'", (err,variant) => {
			if (!!err)
				return next(err);
			if (!variant || variant.length==0)
				return next(createError(404));
			db.all("SELECT * FROM Problems WHERE variant='" + vname + "'",
				(err2,problems) => {
					if (!!err2)
						return next(err2);
					res.render('variant', {
						title: vname + ' Variant',
						variant: vname,
						problemArray: problems,
					});
				}
			);
		});
	});
});

// Load a rules page (AJAX)
router.get("/rules/:variant([a-zA-Z0-9]+)", (req,res) => {
	if (!req.xhr)
		return res.json({errmsg: "Unauthorized access"});
	res.render("rules/" + req.params["variant"]);
});

// Fetch 10 previous or next problems (AJAX)
router.get("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	if (!req.xhr)
		return res.json({errmsg: "Unauthorized access"});
	// TODO: next or previous: in params + timedate (of current oldest or newest)
});

// Upload a problem (AJAX)
router.post("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	if (!req.xhr)
		return res.json({errmsg: "Unauthorized access"});
	const vname = req.params["variant"];
	
	// TODO: get parameters and sanitize them
	sanitizeHtml(req.body["fen"]); // [/a-z0-9 ]*
	sanitizeHtml(req.body["instructions"]);
	db.serialize(function() {
		let stmt = db.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)");
		stmt.run(timestamp, vname, fen, instructions, solution);
		stmt.finalize();
	});
  res.json({});
});


module.exports = router;
Commit	Line	Data
	1	let express = require('express');
	2	let router = express.Router();
	3	const createError = require('http-errors');
	4	const sqlite3 = require('sqlite3');//.verbose();
	5	const db = new sqlite3.Database('db/vchess.sqlite');
	6	const sanitizeHtml = require('sanitize-html');
	7
	8	// Home
	9	router.get('/', function(req, res, next) {
	10	db.serialize(function() {
	11	db.all("SELECT * FROM Variants", (err,variants) => {
	12	if (!!err)
	13	return next(err);
	14	res.render('index', {
	15	title: 'club',
	16	variantArray: variants, //JSON.stringify(variants)
	17	});
	18	});
	19	});
	20	});
	21
	22	// Variant
	23	router.get("/:vname([a-zA-Z0-9]+)", (req,res,next) => {
	24	const vname = req.params["vname"];
	25	db.serialize(function() {
	26	db.all("SELECT * FROM Variants WHERE name='" + vname + "'", (err,variant) => {
	27	if (!!err)
	28	return next(err);
	29	if (!variant \|\| variant.length==0)
	30	return next(createError(404));
	31	db.all("SELECT * FROM Problems WHERE variant='" + vname + "'",
	32	(err2,problems) => {
	33	if (!!err2)
	34	return next(err2);
	35	res.render('variant', {
	36	title: vname + ' Variant',
	37	variant: vname,
	38	problemArray: problems,
	39	});
	40	}
	41	);
	42	});
	43	});
	44	});
	45
	46	// Load a rules page (AJAX)
	47	router.get("/rules/:variant([a-zA-Z0-9]+)", (req,res) => {
	48	if (!req.xhr)
	49	return res.json({errmsg: "Unauthorized access"});
	50	res.render("rules/" + req.params["variant"]);
	51	});
	52
	53	// Fetch 10 previous or next problems (AJAX)
	54	router.get("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	55	if (!req.xhr)
	56	return res.json({errmsg: "Unauthorized access"});
	57	// TODO: next or previous: in params + timedate (of current oldest or newest)
	58	});
	59
	60	// Upload a problem (AJAX)
	61	router.post("/problems/:variant([a-zA-Z0-9]+)", (req,res) => {
	62	if (!req.xhr)
	63	return res.json({errmsg: "Unauthorized access"});
	64	const vname = req.params["variant"];
	65
	66	// TODO: get parameters and sanitize them
	67	sanitizeHtml(req.body["fen"]); // [/a-z0-9 ]*
	68	sanitizeHtml(req.body["instructions"]);
	69	db.serialize(function() {
	70	let stmt = db.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)");
	71	stmt.run(timestamp, vname, fen, instructions, solution);
	72	stmt.finalize();
	73	});
	74	res.json({});
	75	});
	76
	77
	78	module.exports = router;