1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
const express = require("express");
const db = require("../db");
const fileupload = require("express-fileupload");
const app = express.Router();
app.use(fileupload({}));
app.use("/", express.static(__dirname + "/public/"));
app.get("/user/:uid", async (req, res) => {});
// Basic API
app.get("/api/user", async (req, res) => {
const user = (await db.query("SELECT name, surname FROM users WHERE id = ?", [req.session.uid]))[0];
res.json(user);
});
app.get("/api/questions", async (req, res) => {
const questions = await db.query(
"SELECT q.id, q.question, t.type FROM profile_questions q INNER JOIN profile_input_types t ON t.id = q.question_type",
);
const answers = await db.query("SELECT answer, question_id FROM profile_answers WHERE user_id = ?", [
req.session.uid,
]);
for (const answer of answers) {
const qid = questions.findIndex((question) => question.id === answer.question_id);
if (qid !== undefined) questions[qid].answer = answer.answer;
}
res.json(questions);
});
app.post("/api/add", async (req, res) => {
try {
for (let qid in req.body) {
if (!req.body.hasOwnProperty(qid) || req.body[qid] === "dbg-image") continue;
let answer = req.body[qid].replace(/</g, "<").replace(/>/g, ">");
await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [
qid,
req.session.uid,
answer,
]);
}
for (let fid in req.files) {
if (!req.files.hasOwnProperty(fid)) return;
let image, imageType, imageName;
image = req.files[fid];
imageType = image.name.split(".").reverse()[0];
imageName = `${req.session.uid}_${new Date().getTime()}.${imageType}`;
image.mv(__dirname + "/public/uploads/" + imageName);
await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [
qid,
req.session.uid,
imageName,
]);
}
res.send("ok");
} catch (e) {
console.error(e);
res.send("error");
}
});
app.put("/api/update", async (req, res) => {
try {
for (let qid in req.body) {
if (!req.body.hasOwnProperty(qid) || req.body[qid] === "dbg-image") continue;
let answer = req.body[qid].replace(/</g, "<").replace(/>/g, ">");
await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [
answer,
qid,
req.session.uid,
]);
}
for (let fid in req.files) {
if (!req.files.hasOwnProperty(fid)) return;
let image, imageType, imageName;
image = req.files[fid];
imageType = image.name.split(".").reverse()[0];
imageName = `${req.session.uid}_${new Date().getTime()}.${imageType}`;
image.mv(__dirname + "/public/uploads/" + imageName);
await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", [
imageName,
fid,
req.session.uid,
]);
}
res.send("ok");
} catch (e) {
console.error(e);
res.send("error");
}
});
// Comments API
app.get("/api/comments/:uid", async (req, res) => {});
app.post("/api/comment", async (req, res) => {});
app.put("/api/comment", async (req, res) => {});
app.delete("/api/comment", async (req, res) => {});
module.exports = app;
|
