cosmetics
[qomet.git] / routes / assessments.js
1 let router = require("express").Router();
2 const access = require("../utils/access");
3 const UserModel = require("../models/user");
4 const AssessmentModel = require("../models/assessment");
5 const AssessmentEntity = require("../entities/assessment");
6 const CourseModel = require("../models/course");
7 const params = require("../config/parameters");
8 const validator = require("../public/javascripts/utils/validation");
9 const ObjectId = require("bson-objectid");
10 const sanitizeHtml = require('sanitize-html');
11 const sanitizeOpts = {
12 allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
13 allowedAttributes: {
14 img: [ 'src' ],
15 code: [ 'class' ],
16 table: [ 'class' ],
17 },
18 };
19
20 router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
21 const name = req.query["name"];
22 const cid = req.query["cid"];
23 let error = validator({cid:cid, name:name}, "Assessment");
24 if (error.length > 0)
25 return res.json({errmsg:error});
26 AssessmentModel.add(req.user._id, ObjectId(cid), name, (err,assessment) => {
27 access.checkRequest(res, err, assessment, "Assessment addition failed", () => {
28 res.json(assessment);
29 });
30 });
31 });
32
33 router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
34 const assessment = JSON.parse(req.body["assessment"]);
35 let error = validator(assessment, "Assessment");
36 if (error.length > 0)
37 return res.json({errmsg:error});
38 assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
39 assessment.conclusion = sanitizeHtml(assessment.conclusion, sanitizeOpts);
40 assessment.questions.forEach( q => {
41 q.wording = sanitizeHtml(q.wording, sanitizeOpts);
42 //q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
43 for (let i=0; i<q.options.length; i++) //if QCM
44 q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
45 });
46 AssessmentModel.update(req.user._id, assessment, (err,ret) => {
47 access.checkRequest(res, err, ret, "Assessment update failed", () => {
48 res.json({});
49 });
50 });
51 });
52
53 // Generate and set student password, return it
54 router.get("/start/assessment", access.ajax, (req,res) => {
55 let number = req.query["number"];
56 let aid = req.query["aid"];
57 let password = req.cookies["password"]; //potentially from cookies, resuming
58 let error = validator({ _id:aid, papers:[{number:number,password:password || "samplePwd"}] }, "Assessment");
59 if (error.length > 0)
60 return res.json({errmsg:error});
61 AssessmentModel.startSession(ObjectId(aid), number, password, (err,ret) => {
62 access.checkRequest(res,err,ret,"Failed session initialization", () => {
63 if (!password)
64 {
65 // Set password
66 res.cookie("password", ret.password, {
67 httpOnly: true,
68 maxAge: params.cookieExpire,
69 });
70 }
71 res.json(ret); //contains questions+password(or paper if resuming)
72 });
73 });
74 });
75
76 router.get("/start/monitoring", access.ajax, (req,res) => {
77 const password = req.query["password"];
78 const examName = req.query["aname"];
79 const courseCode = req.query["ccode"];
80 const initials = req.query["initials"];
81 // TODO: sanity checks
82 CourseModel.getByRefs(initials, courseCode, (err,course) => {
83 access.checkRequest(res,err,course,"Course not found", () => {
84 if (password != course.password)
85 return res.json({errmsg: "Wrong password"});
86 AssessmentModel.getByRefs(initials, courseCode, examName, (err2,assessment) => {
87 access.checkRequest(res,err2,assessment,"Assessment not found", () => {
88 res.json({
89 students: course.students,
90 assessment: assessment,
91 secret: params.secret,
92 });
93 });
94 });
95 });
96 });
97 });
98
99 router.get("/send/answer", access.ajax, (req,res) => {
100 let aid = req.query["aid"];
101 let number = req.query["number"];
102 let password = req.query["password"];
103 let input = JSON.parse(req.query["answer"]);
104 let error = validator({ _id:aid, papers:[{number:number,password:password,inputs:[input]}] }, "Assessment");
105 if (error.length > 0)
106 return res.json({errmsg:error});
107 AssessmentModel.newAnswer(ObjectId(aid), number, password, input, (err,ret) => {
108 access.checkRequest(res,err,ret,"Cannot send answer", () => {
109 res.json({});
110 });
111 });
112 });
113
114 router.get("/end/assessment", access.ajax, (req,res) => {
115 let aid = req.query["aid"];
116 let number = req.query["number"];
117 let password = req.query["password"];
118 let error = validator({ _id:aid, papers:[{number:number,password:password}] }, "Assessment");
119 if (error.length > 0)
120 return res.json({errmsg:error});
121 // Destroy pwd, set endTime, return conclusion
122 AssessmentModel.endSession(ObjectId(aid), number, password, (err,conclusion) => {
123 access.checkRequest(res,err,conclusion,"Cannot end assessment", () => {
124 res.clearCookie('password');
125 res.json(conclusion);
126 });
127 });
128 });
129
130 module.exports = router;