[qomet.git] / routes / evaluations.js

let router = require("express").Router();
const access = require("../utils/access");
const UserModel = require("../models/user");
const EvaluationModel = require("../models/evaluation");
const CourseModel = require("../models/course");
const params = require("../config/parameters");
const validator = require("../public/javascripts/utils/validation");
const ObjectId = require("bson-objectid");
const sanitizeHtml = require('sanitize-html');
const sanitizeOpts = {
	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
	allowedAttributes: {
		img: [ 'src','style' ],
		code: [ 'class' ],
		table: [ 'class' ],
		div: [ 'style' ],
	},
};

router.post("/evaluations", access.ajax, access.logged, (req,res) => {
	const name = req.body["name"];
	const cid = req.body["cid"];
	let error = validator({cid:cid, name:name}, "Evaluation");
	if (error.length > 0)
		return res.json({errmsg:error});
	EvaluationModel.add(req.user._id, ObjectId(cid), name, (err,evaluation) => {
		access.checkRequest(res, err, evaluation, "Evaluation addition failed", () => {
			res.json(evaluation);
		});
	});
});

router.put("/evaluations", access.ajax, access.logged, (req,res) => {
	const evaluation = JSON.parse(req.body["evaluation"]);
	let error = validator(evaluation, "Evaluation");
	if (error.length > 0)
		return res.json({errmsg:error});
	evaluation.introduction = sanitizeHtml(evaluation.introduction, sanitizeOpts);
	evaluation.questions.forEach( q => {
		q.wording = sanitizeHtml(q.wording, sanitizeOpts);
		//q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
		for (let i=0; i<q.options.length; i++) //if QCM
			q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
	});
	EvaluationModel.update(req.user._id, evaluation, (err,ret) => {
		access.checkRequest(res, err, ret, "Evaluation update failed", () => {
			res.json({});
		});
	});
});

// Generate and set student password, return it
router.put("/evaluations/start", access.ajax, (req,res) => {
	let number = req.body["number"];
	let eid = req.body["eid"];
	let password = req.cookies["password"]; //potentially from cookies, resuming
	let error = validator({ _id:eid, papers:[{number:number,password:password || "samplePwd"}] }, "Evaluation");
	if (error.length > 0)
		return res.json({errmsg:error});
	EvaluationModel.startSession(ObjectId(eid), number, password, (err,ret) => {
		access.checkRequest(res,err,ret,"Failed session initialization", () => {
			if (!password)
			{
				// Set password
				res.cookie("password", ret.password, {
					httpOnly: true,
					maxAge: params.cookieExpire,
				});
			}
			res.json(ret); //contains password (or paper if resuming)
		});
	});
});

router.get("/evaluations/monitor", access.ajax, (req,res) => {
	const password = req.query["password"];
	const examName = req.query["aname"];
	const courseCode = req.query["ccode"];
	const initials = req.query["initials"];
	// TODO: sanity checks
	CourseModel.getByRefs(initials, courseCode, (err,course) => {
		access.checkRequest(res,err,course,"Course not found", () => {
			if (password != course.password)
				return res.json({errmsg: "Wrong password"});
			EvaluationModel.getByRefs(initials, courseCode, examName, (err2,evaluation) => {
				access.checkRequest(res,err2,evaluation,"Evaluation not found", () => {
					res.json({
						students: course.students,
						evaluation: evaluation,
						secret: params.secret,
					});
				});
			});
		});
	});
});

router.put("/evaluations/answer", access.ajax, (req,res) => {
	let eid = req.body["eid"];
	let number = req.body["number"];
	let password = req.body["password"];
	let input = JSON.parse(req.body["answer"]);
	let error = validator({ _id:eid, papers:[{number:number,password:password,inputs:[input]}] }, "Evaluation");
	if (error.length > 0)
		return res.json({errmsg:error});
	EvaluationModel.newAnswer(ObjectId(eid), number, password, input, (err,ret) => {
		access.checkRequest(res,err,ret,"Cannot send answer", () => {
			res.json({});
		});
	});
});

router.put("/evaluations/end", access.ajax, (req,res) => {
	let eid = req.body["eid"];
	let number = req.body["number"];
	let password = req.body["password"];
	let error = validator({ _id:eid, papers:[{number:number,password:password}] }, "Evaluation");
	if (error.length > 0)
		return res.json({errmsg:error});
	// Destroy pwd, set endTime
	EvaluationModel.endEvaluation(ObjectId(eid), number, password, (err,ret) => {
		access.checkRequest(res,err,ret,"Cannot end evaluation", () => {
			res.clearCookie('password');
			res.json({});
		});
	});
});

module.exports = router;
Commit	Line	Data
e99c53fb BA	1	let router = require("express").Router();
	2	const access = require("../utils/access");
	3	const UserModel = require("../models/user");
a3080c33	4	const EvaluationModel = require("../models/evaluation");
e99c53fb BA	5	const CourseModel = require("../models/course");
	6	const params = require("../config/parameters");
	7	const validator = require("../public/javascripts/utils/validation");
	8	const ObjectId = require("bson-objectid");
	9	const sanitizeHtml = require('sanitize-html');
6bf4a38e	10	const sanitizeOpts = {
71d1ca9c BA	11	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img', 'u' ]),
71d1ca9c BA	12	allowedAttributes: {
8a2b3260	13	img: [ 'src','style' ],
71d1ca9c BA	14	code: [ 'class' ],
71d1ca9c BA	15	table: [ 'class' ],
8a2b3260	16	div: [ 'style' ],
71d1ca9c	17	},
6bf4a38e	18	};
e99c53fb	19
a3080c33	20	router.post("/evaluations", access.ajax, access.logged, (req,res) => {
73609d3b BA	21	const name = req.body["name"];
73609d3b BA	22	const cid = req.body["cid"];
a3080c33	23	let error = validator({cid:cid, name:name}, "Evaluation");
e99c53fb BA	24	if (error.length > 0)
e99c53fb BA	25	return res.json({errmsg:error});
a3080c33 BA	26	EvaluationModel.add(req.user._id, ObjectId(cid), name, (err,evaluation) => {
	27	access.checkRequest(res, err, evaluation, "Evaluation addition failed", () => {
	28	res.json(evaluation);
e99c53fb BA	29	});
	30	});
	31	});
	32
a3080c33 BA	33	router.put("/evaluations", access.ajax, access.logged, (req,res) => {
	34	const evaluation = JSON.parse(req.body["evaluation"]);
	35	let error = validator(evaluation, "Evaluation");
e99c53fb BA	36	if (error.length > 0)
e99c53fb BA	37	return res.json({errmsg:error});
a3080c33 BA	38	evaluation.introduction = sanitizeHtml(evaluation.introduction, sanitizeOpts);
a3080c33 BA	39	evaluation.questions.forEach( q => {
e99c53fb BA	40	q.wording = sanitizeHtml(q.wording, sanitizeOpts);
	41	//q.answer = sanitizeHtml(q.answer); //if text (TODO: it's an array in this case?!)
	42	for (let i=0; i<q.options.length; i++) //if QCM
	43	q.options[i] = sanitizeHtml(q.options[i], sanitizeOpts);
	44	});
a3080c33 BA	45	EvaluationModel.update(req.user._id, evaluation, (err,ret) => {
a3080c33 BA	46	access.checkRequest(res, err, ret, "Evaluation update failed", () => {
e99c53fb BA	47	res.json({});
	48	});
	49	});
	50	});
	51
	52	// Generate and set student password, return it
a3080c33	53	router.put("/evaluations/start", access.ajax, (req,res) => {
73609d3b	54	let number = req.body["number"];
a3080c33	55	let eid = req.body["eid"];
f03a2ad9	56	let password = req.cookies["password"]; //potentially from cookies, resuming
a3080c33	57	let error = validator({ _id:eid, papers:[{number:number,password:password \|\| "samplePwd"}] }, "Evaluation");
e99c53fb BA	58	if (error.length > 0)
e99c53fb BA	59	return res.json({errmsg:error});
a3080c33	60	EvaluationModel.startSession(ObjectId(eid), number, password, (err,ret) => {
e99c53fb	61	access.checkRequest(res,err,ret,"Failed session initialization", () => {
f03a2ad9 BA	62	if (!password)
	63	{
	64	// Set password
	65	res.cookie("password", ret.password, {
	66	httpOnly: true,
	67	maxAge: params.cookieExpire,
	68	});
	69	}
43828378	70	res.json(ret); //contains password (or paper if resuming)
e99c53fb BA	71	});
	72	});
	73	});
	74
a3080c33	75	router.get("/evaluations/monitor", access.ajax, (req,res) => {
71d1ca9c BA	76	const password = req.query["password"];
	77	const examName = req.query["aname"];
	78	const courseCode = req.query["ccode"];
	79	const initials = req.query["initials"];
	80	// TODO: sanity checks
	81	CourseModel.getByRefs(initials, courseCode, (err,course) => {
	82	access.checkRequest(res,err,course,"Course not found", () => {
	83	if (password != course.password)
	84	return res.json({errmsg: "Wrong password"});
a3080c33 BA	85	EvaluationModel.getByRefs(initials, courseCode, examName, (err2,evaluation) => {
a3080c33 BA	86	access.checkRequest(res,err2,evaluation,"Evaluation not found", () => {
71d1ca9c BA	87	res.json({
71d1ca9c BA	88	students: course.students,
a3080c33	89	evaluation: evaluation,
71d1ca9c BA	90	secret: params.secret,
	91	});
	92	});
	93	});
	94	});
	95	});
	96	});
	97
a3080c33 BA	98	router.put("/evaluations/answer", access.ajax, (req,res) => {
a3080c33 BA	99	let eid = req.body["eid"];
73609d3b BA	100	let number = req.body["number"];
	101	let password = req.body["password"];
	102	let input = JSON.parse(req.body["answer"]);
a3080c33	103	let error = validator({ _id:eid, papers:[{number:number,password:password,inputs:[input]}] }, "Evaluation");
e99c53fb BA	104	if (error.length > 0)
e99c53fb BA	105	return res.json({errmsg:error});
a3080c33	106	EvaluationModel.newAnswer(ObjectId(eid), number, password, input, (err,ret) => {
e99c53fb BA	107	access.checkRequest(res,err,ret,"Cannot send answer", () => {
	108	res.json({});
	109	});
	110	});
	111	});
	112
a3080c33 BA	113	router.put("/evaluations/end", access.ajax, (req,res) => {
a3080c33 BA	114	let eid = req.body["eid"];
73609d3b BA	115	let number = req.body["number"];
73609d3b BA	116	let password = req.body["password"];
a3080c33	117	let error = validator({ _id:eid, papers:[{number:number,password:password}] }, "Evaluation");
e99c53fb BA	118	if (error.length > 0)
e99c53fb BA	119	return res.json({errmsg:error});
db5571d6	120	// Destroy pwd, set endTime
a3080c33 BA	121	EvaluationModel.endEvaluation(ObjectId(eid), number, password, (err,ret) => {
a3080c33 BA	122	access.checkRequest(res,err,ret,"Cannot end evaluation", () => {
e99c53fb	123	res.clearCookie('password');
db5571d6	124	res.json({});
e99c53fb BA	125	});
	126	});
	127	});
	128
	129	module.exports = router;