module.exports = function(req, res, next) { var params = { question_id: req.params.question_id, course_instance_id: res.locals.course_instance.id, }; sqldb.queryZeroOrOneRow(sql.select_and_auth, params, function(err, result) { if (ERR(err, next)) return; if (result.rowCount == 0) return next(error.make(403, 'Access denied')); _.assign(res.locals, result.rows[0]); next(); }); };
router.get('/:file_id/:display_filename', function(req, res, next) { let params = { assessment_instance_id: res.locals.assessment_instance.id, file_id: req.params.file_id, display_filename: req.params.display_filename, }; sqldb.queryZeroOrOneRow(sql.select_file, params, function(err, result) { if (ERR(err, next)) return; if (result.rows.length < 1) { return next(new Error('No such file: ' + req.params.display_filename)); } res.sendFile(result.rows[0].storage_filename, {root: config.filesRoot}); }); });
module.exports.sync = (courseInfo, course_id, callback) => { const params = { course_id: course_id, short_name: courseInfo.name, title: courseInfo.title, display_timezone: courseInfo.timezone || null, grading_queue: courseInfo.name.toLowerCase().replace(' ', ''), options: courseInfo.options, }; sqldb.queryZeroOrOneRow(sql.update_course, params, (err, result) => { if (ERR(err, callback)) return; if (result.rowCount !== 1) return callback(error.makeWithData('Unable to find course', {course_id, courseInfo})); courseInfo.courseId = course_id; courseInfo.timezone = result.rows[0].display_timezone; callback(null); }); }
module.exports = (req, res, next) => { let token; if (req.query.private_token !== undefined) { // Token was provided in a query param token = req.query.private_token; } else if (req.header('Private-Token') !== undefined) { // Token was provided in a header token = req.header('Private-Token'); } else { // No authentication token present res.status(401).send({ message: 'An authentication token must be provided', }); return; } const params = { token_hash: crypto.createHash('sha256').update(token, 'utf8').digest('hex'), }; sqldb.queryZeroOrOneRow(sql.select_user_from_token_hash, params, (err, result) => { if (ERR(err, next)) return; if (result.rows.length === 0) { // Invalid token received res.status(401).send({ message: 'The provided authentication token was invalid', }); } else { // Nice, we got a user res.locals.authn_user = result.rows[0].user; res.locals.is_administrator = result.rows[0].is_administrator; // Let's note that this token was used, but don't wait for this // to continue handling the request next(); const lastUsedParams = { token_id: result.rows[0].token_id, }; sqldb.query(sql.update_token_last_used, lastUsedParams, (err) => { if (ERR(err, (e) => logger.error(e))); }); } }); };
fs.stat(fullPath, function(err, _stat) { if (err) { // couldn't find the file if (question.template_directory) { // have a template, try it var params = { course_id: question.course_id, directory: question.template_directory, }; sqldb.queryZeroOrOneRow(sql.select_question, params, function(err, result) { if (ERR(err, callback)) return; if (result.rowCount == 0) { return callback(error.make(500, 'Could not find template question "' + question.template_directory + '" from question "' + question.directory + '"', {sql: sql.select_question, params: params})); } var templateQuestion = result.rows[0]; return module.exports.questionFilePath(filename, templateQuestion.directory, coursePath, templateQuestion, function(err, fullPath, effectiveFilename, rootPath) { if (ERR(err, callback)) return; callback(null, fullPath, effectiveFilename, rootPath); }, nTemplates + 1); }); } else { // no template, try default files var filenameToSuffix = { 'client.js': 'Client.js', 'server.js': 'Server.js', }; if (filenameToSuffix[filename] === undefined) { // no default for this file type, so try clientFilesCourse let rootPathCourse = path.join(coursePath, 'clientFilesCourse'); let fullPathCourse = path.join(rootPathCourse, filename); fs.stat(fullPathCourse, function(err, _stat) { if (err) { // file also wasn't in clientFilesCourse, give up return callback(new Error('file not found at: ' + fullPath + ' or: ' + fullPathCourse)); } else { // found the file in clientFilesCourse return callback(null, fullPathCourse, filename, rootPathCourse); } }); } else { var defaultFilename = question.type + filenameToSuffix[filename]; var fullDefaultFilePath = path.join(config.questionDefaultsDir, defaultFilename); fs.stat(fullDefaultFilePath, function(err, _stat) { if (err) { // no default file, give up return callback(error.makeWithData('file not found', {fullPath, fullDefaultFilePath})); } else { // found a default file return callback(null, fullDefaultFilePath, defaultFilename, config.questionDefaultsDir); } }); } } } else { // found the file return callback(null, fullPath, filename, rootPath); } });