[vchess.git] / server / routes / problems.js

let router = require("express").Router();
const access = require("../utils/access");
const params = require("../config/parameters");
const ProblemModel = require("../models/Problem");
const sanitizeHtml_pkg = require('sanitize-html');

const allowedTags = [
  'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b',
  'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table',
  'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
];
function sanitizeHtml(text) {
  return sanitizeHtml_pkg(text, { allowedTags: allowedTags });
}

router.post("/problems", access.logged, access.ajax, (req,res) => {
  if (ProblemModel.checkProblem(req.body.prob)) {
    const problem = {
      vid: req.body.prob.vid,
      fen: req.body.prob.fen,
      uid: req.userId,
      instruction: sanitizeHtml(req.body.prob.instruction),
      solution: sanitizeHtml(req.body.prob.solution),
    };
    ProblemModel.create(problem, (err, ret) => {
      res.json(err || ret);
    });
  }
  else
    res.json({});
});

router.get("/problems", access.ajax, (req,res) => {
  const probId = req.query["id"];
  const cursor = req.query["cursor"];
  if (!!probId && !!probId.match(/^[0-9]+$/)) {
    ProblemModel.getOne(probId, (err, problem) => {
      res.json(err || {problem: problem});
    });
  } else if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
    const onlyMine = (req.query["mode"] == "mine");
    const uid = parseInt(req.query["uid"]);
    ProblemModel.getNext(uid, onlyMine, cursor, (err, problems) => {
      res.json(err || { problems: problems });
    });
  }
});

router.put("/problems", access.logged, access.ajax, (req,res) => {
  let obj = req.body.prob;
  if (ProblemModel.checkProblem(obj)) {
    obj.instruction = sanitizeHtml(obj.instruction);
    obj.solution = sanitizeHtml(obj.solution);
    ProblemModel.safeUpdate(obj, req.userId, params.devs);
  }
  res.json({});
});

router.delete("/problems", access.logged, access.ajax, (req,res) => {
  const pid = req.query.id;
  if (pid.toString().match(/^[0-9]+$/))
    ProblemModel.safeRemove(pid, req.userId, params.devs);
  res.json({});
});

module.exports = router;
Commit	Line	Data
	1	let router = require("express").Router();
	2	const access = require("../utils/access");
	3	const params = require("../config/parameters");
	4	const ProblemModel = require("../models/Problem");
	5	const sanitizeHtml_pkg = require('sanitize-html');
	6
	7	const allowedTags = [
	8	'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b',
	9	'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table',
	10	'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
	11	];
	12	function sanitizeHtml(text) {
	13	return sanitizeHtml_pkg(text, { allowedTags: allowedTags });
	14	}
	15
	16	router.post("/problems", access.logged, access.ajax, (req,res) => {
	17	if (ProblemModel.checkProblem(req.body.prob)) {
	18	const problem = {
	19	vid: req.body.prob.vid,
	20	fen: req.body.prob.fen,
	21	uid: req.userId,
	22	instruction: sanitizeHtml(req.body.prob.instruction),
	23	solution: sanitizeHtml(req.body.prob.solution),
	24	};
	25	ProblemModel.create(problem, (err, ret) => {
	26	res.json(err \|\| ret);
	27	});
	28	}
	29	else
	30	res.json({});
	31	});
	32
	33	router.get("/problems", access.ajax, (req,res) => {
	34	const probId = req.query["id"];
	35	const cursor = req.query["cursor"];
	36	if (!!probId && !!probId.match(/^[0-9]+$/)) {
	37	ProblemModel.getOne(probId, (err, problem) => {
	38	res.json(err \|\| {problem: problem});
	39	});
	40	} else if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
	41	const onlyMine = (req.query["mode"] == "mine");
	42	const uid = parseInt(req.query["uid"]);
	43	ProblemModel.getNext(uid, onlyMine, cursor, (err, problems) => {
	44	res.json(err \|\| { problems: problems });
	45	});
	46	}
	47	});
	48
	49	router.put("/problems", access.logged, access.ajax, (req,res) => {
	50	let obj = req.body.prob;
	51	if (ProblemModel.checkProblem(obj)) {
	52	obj.instruction = sanitizeHtml(obj.instruction);
	53	obj.solution = sanitizeHtml(obj.solution);
	54	ProblemModel.safeUpdate(obj, req.userId, params.devs);
	55	}
	56	res.json({});
	57	});
	58
	59	router.delete("/problems", access.logged, access.ajax, (req,res) => {
	60	const pid = req.query.id;
	61	if (pid.toString().match(/^[0-9]+$/))
	62	ProblemModel.safeRemove(pid, req.userId, params.devs);
	63	res.json({});
	64	});
	65
	66	module.exports = router;