Implement URL XSS attack

software/backend/routes/api.routes.ts

@@ -1,5 +1,5 @@
 import { Request, Response, NextFunction, Router } from 'express'
-import { deleteAllTables, prepopulateDatabase } from '../scripts/databaseHelper'
+import { deleteAllTables, deleteExerciseProgressTables, prepopulateDatabase, prepopulateExerciseDatabase } from '../scripts/databaseHelper'
 
 export const api = Router()
 
@@ -15,5 +15,13 @@ api.get("/resetdatabase", async (req: Request, res: Response, next: NextFunction
   await prepopulateDatabase()
 
   // Step 3: Send status back
+  res.status(200).send()
+})
+
+api.get("/resetExerciseProgress", async (req: Request, res: Response, next: NextFunction) => {
+  deleteExerciseProgressTables()
+  
+  await prepopulateExerciseDatabase()
+  
   res.status(200).send()
 })

software/backend/routes/events.routes.ts

@@ -43,6 +43,7 @@ events.get("/", async (req: Request, res: Response) => {
     include: [
       {
         model: Concert,
+        required: true,
         include: [
           {
             model: Location,

software/backend/routes/exercise.routes.ts

@@ -20,4 +20,23 @@ exercises.get("/", (req: Request, res: Response) => {
   ).then(result => {
     res.status(200).json(result)
   })
+})
+
+exercises.post("/:groupNr/:exerciseNr/:state", (req: Request, res: Response) => {
+  console.log(req.params.groupNr)
+  ExerciseGroup.findOne({
+    where: { groupNr: req.params.groupNr }
+  })
+    .then(group => {
+      Exercise.findOne({
+        where: {
+          exerciseNr: req.params.exerciseNr,
+          exerciseGroupId: group.id
+        }
+      })
+        .then(exercise => {
+          exercise.update({ solved: req.params.state == "1"})
+          res.status(200).send()
+        })
+    })
 })