aboutsummaryrefslogtreecommitdiff
path: root/profile/index.js
diff options
context:
space:
mode:
authorLarsVomMars2020-10-10 13:17:45 +0200
committerLarsVomMars2020-10-10 13:17:58 +0200
commit3b16ab7ebee3d432a66d7966a2e8a6c2541f3912 (patch)
tree60ae113087491e7e6fbf094fa3a3d780407b29c5 /profile/index.js
parentfdb9bba6c88a4fd8981c30bf8ea06aa0709db45e (diff)
It's working
Kinda
Diffstat (limited to 'profile/index.js')
-rw-r--r--profile/index.js41
1 files changed, 37 insertions, 4 deletions
diff --git a/profile/index.js b/profile/index.js
index 2f1cb50..f5e8373 100644
--- a/profile/index.js
+++ b/profile/index.js
@@ -2,10 +2,15 @@ const express = require("express");
const db = require("../db");
const app = express.Router();
-app.use("/", express.static(__dirname + "/public"));
+app.use("/", express.static(__dirname + "/public/"));
+
+app.get("/user/:uid", async (req, res) => {});
// Basic API
-app.get("/api/user", async (req, res) => {});
+app.get("/api/user", async (req, res) => {
+ const user = (await db.query("SELECT name, surname FROM users WHERE id = ?", [req.session.uid]))[0];
+ res.json(user);
+});
app.get("/api/questions", async (req, res) => {
const questions = await db.query("SELECT id, question FROM profile_questions");
@@ -21,10 +26,38 @@ app.get("/api/questions", async (req, res) => {
});
app.post("/api/add", async (req, res) => {
- await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)");
+ try {
+ for (let qid in req.body) {
+ if (!req.body.hasOwnProperty(qid)) continue;
+ await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [
+ qid,
+ req.session.uid,
+ req.body[qid].replace(/</g, "&lt;").replace(/>/g, "&gt;"),
+ ]);
+ }
+ res.send("ok");
+ } catch (e) {
+ console.error(e);
+ res.send("error");
+ }
});
-app.put("/api/update", async (req, res) => {});
+app.put("/api/update", async (req, res) => {
+ try {
+ for (let qid in req.body) {
+ if (!req.body.hasOwnProperty(qid)) continue;
+ await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [
+ req.body[qid].replace(/</g, "&lt;").replace(/>/g, "&gt;"),
+ qid,
+ req.session.uid,
+ ]);
+ }
+ res.send("ok");
+ } catch (e) {
+ console.error(e);
+ res.send("error");
+ }
+});
// Comments API
app.get("/api/comments/:uid", async (req, res) => {});