phc
/
problemi
6
3
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dev
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48d1b3b4ed'
${ noResults }
problemi/server/routes.js

171 lines
4.3 KiB
JavaScript
Raw Blame History

import crypto from 'crypto'
import bodyParser from 'body-parser'
import cookieParser from 'cookie-parser'
import express from 'express'
import { createStatusRouter, PingRouter } from './middlewares.js'
import {
createDatabase,
createProblem,
createSolution,
getProblem,
getProblems,
getSolutions,
getUser,
getUsers,
} from './db/database.js'
import { initialDatabaseValue } from './db/example-data.js'
export async function createApiRouter() {
const sessions = {
store: {},
createSession(username) {
const sid = crypto.randomBytes(10).toString('hex')
this.store[sid] = username
return sid
},
getUserForSession(sid) {
return this.store[sid] ?? null
},
}
const db = createDatabase('./db.local.json', initialDatabaseValue)
async function getRequestUser(req) {
const userId = sessions.getUserForSession(req.cookies.sid)
if (!userId) {
return null
}
const user = await getUser(db, userId)
return user
}
const r = express.Router()
r.use(bodyParser.json())
r.use(cookieParser())
r.use('/api/status', createStatusRouter())
r.use('/api/ping', new PingRouter())
r.get('/api/current-user', async (req, res) => {
res.json(await getRequestUser(req))
})
r.post('/api/login', async (req, res) => {
const { username } = req.body
const user = await getUser(db, username)
if (!user) {
res.sendStatus(403)
return
}
res.cookie('sid', sessions.createSession(username), { maxAge: 1000 * 60 * 60 * 24 * 7 })
res.json({ status: 'ok' })
})
r.post('/api/logout', (req, res) => {
res.cookie('sid', '', { expires: new Date() })
res.json({ status: 'ok' })
})
r.get('/api/users', async (req, res) => {
const requestUser = await getRequestUser(req)
if (requestUser.role !== 'admin' && requestUser.role !== 'moderator') {
res.sendStatus(401)
return
}
const users = await getUsers(db)
res.json(users)
})
r.get('/api/problems', async (req, res) => {
res.json(await getProblems(db))
})
r.get('/api/problem/:id', async (req, res) => {
res.json(await getProblem(db, req.params.id))
})
r.post('/api/problem', async (req, res) => {
const user = await getRequestUser(req)
if (!user) {
res.sendStatus(401)
return
}
if (user.role !== 'admin' && user.role !== 'moderator') {
res.sendStatus(401)
return
}
const id = await createProblem(db, {
content: req.body.content,
createBy: user.username,
})
res.json(id)
})
r.get('/api/solutions', async (req, res) => {
let queryUserId = req.query.user
let queryProblemId = req.query.problem
const requestUser = await getRequestUser(req)
if (!requestUser) {
res.sendStatus(401)
return
}
// if current user is not an administrator then force the user query to current user
if (requestUser.role !== 'admin' && requestUser.role !== 'moderator') {
queryUserId = requestUser.username
}
res.json(await getSolutions(db, { userId: queryUserId, problemId: queryProblemId }))
})
r.post('/api/solution', async (req, res) => {
const user = await getRequestUser(req)
if (!user) {
res.sendStatus(401)
return
}
await createSolution(db, {
userId: user.username,
problemId: req.body.problemId,
content: req.body.content,
})
res.send({ status: 'ok' })
})
r.get('/api/user/:id', async (req, res) => {
const requestUser = await getRequestUser(req)
if (!requestUser) {
res.sendStatus(401)
return
}
if (requestUser.role !== 'admin' && requestUser.role !== 'moderator') {
res.sendStatus(401)
return
}
const requestedUser = await getUser(db, req.params.id)
if (!requestedUser) {
res.sendStatus(404)
return
}
res.json(requestedUser)
})
return r
}
Reference in New Issue View Git Blame Copy Permalink