module.exports = function(req, res, next) {
var params = {
question_id: req.params.question_id,
course_instance_id: res.locals.course_instance.id,
};
sqldb.queryZeroOrOneRow(sql.select_and_auth, params, function(err, result) {
if (ERR(err, next)) return;
if (result.rowCount == 0) return next(error.make(403, 'Access denied'));
_.assign(res.locals, result.rows[0]);
next();
});
};
router.get('/:file_id/:display_filename', function(req, res, next) {
let params = {
assessment_instance_id: res.locals.assessment_instance.id,
file_id: req.params.file_id,
display_filename: req.params.display_filename,
};
sqldb.queryZeroOrOneRow(sql.select_file, params, function(err, result) {
if (ERR(err, next)) return;
if (result.rows.length < 1) {
return next(new Error('No such file: ' + req.params.display_filename));
}
res.sendFile(result.rows[0].storage_filename, {root: config.filesRoot});
});
});
module.exports.sync = (courseInfo, course_id, callback) => {
const params = {
course_id: course_id,
short_name: courseInfo.name,
title: courseInfo.title,
display_timezone: courseInfo.timezone || null,
grading_queue: courseInfo.name.toLowerCase().replace(' ', ''),
options: courseInfo.options,
};
sqldb.queryZeroOrOneRow(sql.update_course, params, (err, result) => {
if (ERR(err, callback)) return;
if (result.rowCount !== 1) return callback(error.makeWithData('Unable to find course', {course_id, courseInfo}));
courseInfo.courseId = course_id;
courseInfo.timezone = result.rows[0].display_timezone;
callback(null);
});
}
module.exports = (req, res, next) => {
let token;
if (req.query.private_token !== undefined) {
// Token was provided in a query param
token = req.query.private_token;
} else if (req.header('Private-Token') !== undefined) {
// Token was provided in a header
token = req.header('Private-Token');
} else {
// No authentication token present
res.status(401).send({
message: 'An authentication token must be provided',
});
return;
}
const params = {
token_hash: crypto.createHash('sha256').update(token, 'utf8').digest('hex'),
};
sqldb.queryZeroOrOneRow(sql.select_user_from_token_hash, params, (err, result) => {
if (ERR(err, next)) return;
if (result.rows.length === 0) {
// Invalid token received
res.status(401).send({
message: 'The provided authentication token was invalid',
});
} else {
// Nice, we got a user
res.locals.authn_user = result.rows[0].user;
res.locals.is_administrator = result.rows[0].is_administrator;
// Let's note that this token was used, but don't wait for this
// to continue handling the request
next();
const lastUsedParams = {
token_id: result.rows[0].token_id,
};
sqldb.query(sql.update_token_last_used, lastUsedParams, (err) => {
if (ERR(err, (e) => logger.error(e)));
});
}
});
};
fs.stat(fullPath, function(err, _stat) {
if (err) {
// couldn't find the file
if (question.template_directory) {
// have a template, try it
var params = {
course_id: question.course_id,
directory: question.template_directory,
};
sqldb.queryZeroOrOneRow(sql.select_question, params, function(err, result) {
if (ERR(err, callback)) return;
if (result.rowCount == 0) {
return callback(error.make(500, 'Could not find template question "'
+ question.template_directory
+ '" from question "'
+ question.directory + '"', {sql: sql.select_question, params: params}));
}
var templateQuestion = result.rows[0];
return module.exports.questionFilePath(filename, templateQuestion.directory, coursePath, templateQuestion, function(err, fullPath, effectiveFilename, rootPath) {
if (ERR(err, callback)) return;
callback(null, fullPath, effectiveFilename, rootPath);
}, nTemplates + 1);
});
} else {
// no template, try default files
var filenameToSuffix = {
'client.js': 'Client.js',
'server.js': 'Server.js',
};
if (filenameToSuffix[filename] === undefined) {
// no default for this file type, so try clientFilesCourse
let rootPathCourse = path.join(coursePath, 'clientFilesCourse');
let fullPathCourse = path.join(rootPathCourse, filename);
fs.stat(fullPathCourse, function(err, _stat) {
if (err) {
// file also wasn't in clientFilesCourse, give up
return callback(new Error('file not found at: ' + fullPath + ' or: ' + fullPathCourse));
} else {
// found the file in clientFilesCourse
return callback(null, fullPathCourse, filename, rootPathCourse);
}
});
} else {
var defaultFilename = question.type + filenameToSuffix[filename];
var fullDefaultFilePath = path.join(config.questionDefaultsDir, defaultFilename);
fs.stat(fullDefaultFilePath, function(err, _stat) {
if (err) {
// no default file, give up
return callback(error.makeWithData('file not found', {fullPath, fullDefaultFilePath}));
} else {
// found a default file
return callback(null, fullDefaultFilePath, defaultFilename, config.questionDefaultsDir);
}
});
}
}
} else {
// found the file
return callback(null, fullPath, filename, rootPath);
}
});