Commit | Line | Data |
---|---|---|
e99c53fb BA |
1 | let router = require("express").Router(); |
2 | const access = require("../utils/access"); | |
3 | const UserModel = require("../models/user"); | |
4 | const AssessmentModel = require("../models/assessment"); | |
e99c53fb BA |
5 | const CourseModel = require("../models/course"); |
6 | const params = require("../config/parameters"); | |
7 | const validator = require("../public/javascripts/utils/validation"); | |
8 | const ObjectId = require("bson-objectid"); | |
9 | const sanitizeHtml = require('sanitize-html'); | |
6bf4a38e | 10 | const sanitizeOpts = { |
71d1ca9c BA |
11 | allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]), |
12 | allowedAttributes: { | |
8a2b3260 | 13 | img: [ 'src','style' ], |
71d1ca9c BA |
14 | code: [ 'class' ], |
15 | table: [ 'class' ], | |
8a2b3260 | 16 | div: [ 'style' ], |
71d1ca9c | 17 | }, |
6bf4a38e | 18 | }; |
e99c53fb | 19 | |
73609d3b BA |
20 | router.post("/assessments", access.ajax, access.logged, (req,res) => { |
21 | const name = req.body["name"]; | |
22 | const cid = req.body["cid"]; | |
e99c53fb BA |
23 | let error = validator({cid:cid, name:name}, "Assessment"); |
24 | if (error.length > 0) | |
25 | return res.json({errmsg:error}); | |
26 | AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => { | |
27 | access.checkRequest(res, err, assessment, "Assessment addition failed", () => { | |
28 | res.json(assessment); | |
29 | }); | |
30 | }); | |
31 | }); | |
32 | ||
73609d3b | 33 | router.put("/assessments", access.ajax, access.logged, (req,res) => { |
e99c53fb BA |
34 | const assessment = JSON.parse(req.body["assessment"]); |
35 | let error = validator(assessment, "Assessment"); | |
36 | if (error.length > 0) | |
37 | return res.json({errmsg:error}); | |
e99c53fb | 38 | assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts); |
e99c53fb BA |
39 | assessment.questions.forEach( q => { |
40 | q.wording = sanitizeHtml(q.wording, sanitizeOpts); | |
41 | //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!) | |
42 | for (let i=0; i<q.options.length; i++) //if QCM | |
43 | q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts); | |
44 | }); | |
45 | AssessmentModel.update(req.user._id, assessment, (err,ret) => { | |
46 | access.checkRequest(res, err, ret, "Assessment update failed", () => { | |
47 | res.json({}); | |
48 | }); | |
49 | }); | |
50 | }); | |
51 | ||
52 | // Generate and set student password, return it | |
73609d3b BA |
53 | router.put("/assessments/start", access.ajax, (req,res) => { |
54 | let number = req.body["number"]; | |
55 | let aid = req.body["aid"]; | |
f03a2ad9 BA |
56 | let password = req.cookies["password"]; //potentially from cookies, resuming |
57 | let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment"); | |
e99c53fb BA |
58 | if (error.length > 0) |
59 | return res.json({errmsg:error}); | |
f03a2ad9 | 60 | AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => { |
e99c53fb | 61 | access.checkRequest(res,err,ret,"Failed session initialization", () => { |
f03a2ad9 BA |
62 | if (!password) |
63 | { | |
64 | // Set password | |
65 | res.cookie("password", ret.password, { | |
66 | httpOnly: true, | |
67 | maxAge: params.cookieExpire, | |
68 | }); | |
69 | } | |
43828378 | 70 | res.json(ret); //contains password (or paper if resuming) |
e99c53fb BA |
71 | }); |
72 | }); | |
73 | }); | |
74 | ||
73609d3b | 75 | router.get("/assessments/monitor", access.ajax, (req,res) => { |
71d1ca9c BA |
76 | const password = req.query["password"]; |
77 | const examName = req.query["aname"]; | |
78 | const courseCode = req.query["ccode"]; | |
79 | const initials = req.query["initials"]; | |
80 | // TODO: sanity checks | |
81 | CourseModel.getByRefs(initials, courseCode, (err,course) => { | |
82 | access.checkRequest(res,err,course,"Course not found", () => { | |
83 | if (password != course.password) | |
84 | return res.json({errmsg: "Wrong password"}); | |
85 | AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => { | |
86 | access.checkRequest(res,err2,assessment,"Assessment not found", () => { | |
87 | res.json({ | |
88 | students: course.students, | |
89 | assessment: assessment, | |
90 | secret: params.secret, | |
91 | }); | |
92 | }); | |
93 | }); | |
94 | }); | |
95 | }); | |
96 | }); | |
97 | ||
73609d3b BA |
98 | router.put("/assessments/answer", access.ajax, (req,res) => { |
99 | let aid = req.body["aid"]; | |
100 | let number = req.body["number"]; | |
101 | let password = req.body["password"]; | |
102 | let input = JSON.parse(req.body["answer"]); | |
e99c53fb BA |
103 | let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment"); |
104 | if (error.length > 0) | |
105 | return res.json({errmsg:error}); | |
f03a2ad9 | 106 | AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => { |
e99c53fb BA |
107 | access.checkRequest(res,err,ret,"Cannot send answer", () => { |
108 | res.json({}); | |
109 | }); | |
110 | }); | |
111 | }); | |
112 | ||
73609d3b BA |
113 | router.put("/assessments/end", access.ajax, (req,res) => { |
114 | let aid = req.body["aid"]; | |
115 | let number = req.body["number"]; | |
116 | let password = req.body["password"]; | |
e99c53fb BA |
117 | let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment"); |
118 | if (error.length > 0) | |
119 | return res.json({errmsg:error}); | |
db5571d6 | 120 | // Destroy pwd, set endTime |
43828378 | 121 | AssessmentModel.endAssessment(ObjectId(aid), number, password, (err,ret) => { |
db5571d6 | 122 | access.checkRequest(res,err,ret,"Cannot end assessment", () => { |
e99c53fb | 123 | res.clearCookie('password'); |
db5571d6 | 124 | res.json({}); |
e99c53fb BA |
125 | }); |
126 | }); | |
127 | }); | |
128 | ||
129 | module.exports = router; |