diff options
| author | LarsVomMars | 2020-10-10 13:17:45 +0200 |
|---|---|---|
| committer | LarsVomMars | 2020-10-10 13:17:58 +0200 |
| commit | 3b16ab7ebee3d432a66d7966a2e8a6c2541f3912 (patch) | |
| tree | 60ae113087491e7e6fbf094fa3a3d780407b29c5 /profile/index.js | |
| parent | fdb9bba6c88a4fd8981c30bf8ea06aa0709db45e (diff) | |
It's working
Kinda
Diffstat (limited to 'profile/index.js')
| -rw-r--r-- | profile/index.js | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/profile/index.js b/profile/index.js index 2f1cb50..f5e8373 100644 --- a/profile/index.js +++ b/profile/index.js @@ -2,10 +2,15 @@ const express = require("express"); const db = require("../db"); const app = express.Router(); -app.use("/", express.static(__dirname + "/public")); +app.use("/", express.static(__dirname + "/public/")); + +app.get("/user/:uid", async (req, res) => {}); // Basic API -app.get("/api/user", async (req, res) => {}); +app.get("/api/user", async (req, res) => { + const user = (await db.query("SELECT name, surname FROM users WHERE id = ?", [req.session.uid]))[0]; + res.json(user); +}); app.get("/api/questions", async (req, res) => { const questions = await db.query("SELECT id, question FROM profile_questions"); @@ -21,10 +26,38 @@ app.get("/api/questions", async (req, res) => { }); app.post("/api/add", async (req, res) => { - await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)"); + try { + for (let qid in req.body) { + if (!req.body.hasOwnProperty(qid)) continue; + await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [ + qid, + req.session.uid, + req.body[qid].replace(/</g, "<").replace(/>/g, ">"), + ]); + } + res.send("ok"); + } catch (e) { + console.error(e); + res.send("error"); + } }); -app.put("/api/update", async (req, res) => {}); +app.put("/api/update", async (req, res) => { + try { + for (let qid in req.body) { + if (!req.body.hasOwnProperty(qid)) continue; + await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [ + req.body[qid].replace(/</g, "<").replace(/>/g, ">"), + qid, + req.session.uid, + ]); + } + res.send("ok"); + } catch (e) { + console.error(e); + res.send("error"); + } +}); // Comments API app.get("/api/comments/:uid", async (req, res) => {}); |