1 let express
= require('express');
2 let router
= express
.Router();
3 const createError
= require('http-errors');
4 const sqlite3
= require('sqlite3');//.verbose();
5 const db
= new sqlite3
.Database('db/vchess.sqlite');
6 const sanitizeHtml
= require('sanitize-html');
9 router
.get('/', function(req
, res
, next
) {
10 db
.serialize(function() {
11 db
.all("SELECT * FROM Variants", (err
,variants
) => {
16 variantArray: variants
, //JSON.stringify(variants)
23 router
.get("/:vname([a-zA-Z0-9]+)", (req
,res
,next
) => {
24 const vname
= req
.params
["vname"];
25 db
.serialize(function() {
26 db
.all("SELECT * FROM Variants WHERE name='" + vname
+ "'", (err
,variant
) => {
29 if (!variant
|| variant
.length
==0)
30 return next(createError(404));
31 db
.all("SELECT * FROM Problems WHERE variant='" + vname
+ "'",
35 res
.render('variant', {
36 title: vname
+ ' Variant',
38 problemArray: problems
,
46 // Load a rules page (AJAX)
47 router
.get("/rules/:variant([a-zA-Z0-9]+)", (req
,res
) => {
49 return res
.json({errmsg: "Unauthorized access"});
50 res
.render("rules/" + req
.params
["variant"]);
53 // Fetch 10 previous or next problems (AJAX)
54 router
.get("/problems/:variant([a-zA-Z0-9]+)", (req
,res
) => {
56 return res
.json({errmsg: "Unauthorized access"});
57 // TODO: next or previous: in params + timedate (of current oldest or newest)
60 // Upload a problem (AJAX)
61 router
.post("/problems/:variant([a-zA-Z0-9]+)", (req
,res
) => {
63 return res
.json({errmsg: "Unauthorized access"});
64 const vname
= req
.params
["variant"];
66 // TODO: get parameters and sanitize them
67 sanitizeHtml(req
.body
["fen"]); // [/a-z0-9 ]*
68 sanitizeHtml(req
.body
["instructions"]);
69 db
.serialize(function() {
70 let stmt
= db
.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)");
71 stmt
.run(timestamp
, vname
, fen
, instructions
, solution
);
78 module
.exports
= router
;