var express = require('express'); var router = express.Router(); var genders = require('../database/scores/genders'); var games = require('../database/scores/games'); var seasons = require('../database/scores/seasons'); var sports = require('../database/scores/sports'); var divisions = require('../database/scores/divisions'); var genders = require('../database/scores/genders'); var teams = require('../database/scores/teams'); var accounts = require('../database/accounts/accounts'); function userLoggedIn(req, res, next) { if (req.user) { next(); } else { res.redirect('/auth/login'); } } function adminLoggedIn(req, res, next) { if (req.user && req.user[2]) { next(); } else { req.flash('error', 'An admin account is required to access this page.'); res.redirect('/auth/login'); } } router.get('/' ,userLoggedIn, function(req, res, next) { if(req.user[2]) res.render('manage', { title: 'Score Management', userLoggedIn: !!req.user }); else res.render('manage/manage-nonadmin', { title: "My Games", userLoggedIn: !!req.user }); }); router.get('/game', userLoggedIn, function(req, res, next) { let title = req.query.game ? 'Edit Game' : 'Submit Score' res.render('manage/addgame', { title, userLoggedIn: !!req.user }); }); router.post('/game', userLoggedIn, function(req, res, next) { const seasonID = req.body['year']; const sportID = req.body['sport']; const gender = (req.body['gender'] == "female") ? genders.FEMALE : genders.MALE; const divisionID = req.body['division']; const date = req.body['date']; const team1ID = req.body['team1']; const team1Score = req.body['team1-score']; const team2ID = req.body['team2']; const team2Score = req.body['team2-score']; const userID = req.user[0]; const id = req.body['game']; const remove = req.body['remove']; const loggedInUserID = req.user[0]; const loggedInUserIsAdmin = req.user[2]; games.getFromID(id) .then(game => { if(!loggedInUserIsAdmin && loggedInUserID != game.submitterID) { res.status(403).send("ACCESS DENIED"); } else if(remove) games.remove(id) .then(res.redirect("/manage")); else if(id) games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score) .then(res.redirect('/manage')); else games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID) .then(res.redirect("/")); }); }); router.get('/season', adminLoggedIn, function(req, res, next) { res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear(), userLoggedIn: !!req.user }); }); router.post('/season', adminLoggedIn, function(req, res, next) { const year = req.body['year']; const seasonID = req.body['season']; const remove = req.body['remove']; if(remove) seasons.remove(seasonID).then(res.redirect('/manage')); else seasons.add(year).then(res.redirect("/manage")); }); router.get('/sport', adminLoggedIn, function(req, res, next) { res.render('manage/addsport', { title: 'Add Sport', userLoggedIn: !!req.user }); }); router.post('/sport', adminLoggedIn, function(req, res, next) { const name = req.body['name']; const id = req.body['sport']; const remove = req.body['remove']; if(remove) sports.remove(id).then(res.redirect('/manage')); else if(id) sports.rename(id, name).then(res.redirect('/manage')); else sports.add(name).then(res.redirect('/manage')); }); router.get('/division', adminLoggedIn, function(req, res, next) { let title = req.query.division ? 'Edit Division' : 'Add Division' res.render('manage/adddivision', { title, userLoggedIn: !!req.user }); }); router.post('/division', adminLoggedIn, function(req, res, next) { const name = req.body['name']; const sport = req.body['sport']; const genderName = req.body['gender']; const id = req.body['division']; const remove = req.body['remove']; if(remove) divisions.remove(id).then(res.redirect('/manage')); else if(id) divisions.rename(id, name).then(res.redirect('/manage')); else { if(genderName == "both") { divisions.add(name, genders.FEMALE, sport) .then(divisions.add(name, genders.MALE, sport) .then(res.redirect("/manage"))); } else { const gender = (genderName == "female") ? genders.FEMALE : genders.MALE; divisions.add(name, gender, sport) .then(res.redirect("/manage")); } } }); router.get('/team', adminLoggedIn, function(req, res, next) { let title = req.query.team ? 'Edit Team' : 'Add Team' res.render('manage/addteam', { title, userLoggedIn: !!req.user }); }); router.post('/team', adminLoggedIn, function(req, res, next) { const name = req.body['name']; const sport = req.body['sport']; const id = req.body['team']; const remove = req.body['remove']; if(remove) teams.remove(id).then(res.redirect('/manage')); else if(id) teams.rename(id, name).then(res.redirect('/manage')); else teams.add(name, sport).then(res.redirect("/manage")); }); router.get('/account', userLoggedIn, (req, res, next) => { const userIsAdmin = req.user[2]; const accountID = req.user[0]; if(userIsAdmin) { let title = req.query.account ? 'Manage User' : 'Create User' res.render('accounts/createuser', { title, userLoggedIn: !!req.user, message: req.flash('error') }); } else { let title = 'Manage Account'; res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user, message: req.flash('error') }); } }); router.post('/account', userLoggedIn, async function(req, res, next) { const email = req.body.email; const password = req.body.password; const accountID = req.body.account; const remove = req.body.remove; const loggedInAccountIsAdmin = req.user[2]; const loggedInAccountID = req.user[0]; if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) { res.status(403).send("ACCESS DENIED"); } else { try { const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false; if(remove) await accounts.remove(accountID); else if(accountID) await accounts.edit(accountID, email, password, isAdmin); else await accounts.create(req.body.email, req.body.password, !!req.body.admin); res.redirect('/manage'); } catch (err) { console.error("ERROR: " + err.message); req.flash("error", "An error has occurred."); res.redirect('/manage/account'); } } }); module.exports = router;