From 19f49089e85cd0c185c6820c8746f0eb625e7f9d Mon Sep 17 00:00:00 2001
From: orosmatthew <orosmatthew@pm.me>
Date: Mon, 8 May 2023 14:37:34 -0400
Subject: [PATCH] [web] Restrict submission from sandbox

---
 web/src/routes/api/submission/+server.ts | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/web/src/routes/api/submission/+server.ts b/web/src/routes/api/submission/+server.ts
index f04213a..bb455e5 100644
--- a/web/src/routes/api/submission/+server.ts
+++ b/web/src/routes/api/submission/+server.ts
@@ -44,15 +44,20 @@ export const POST = (async ({ request }) => {
 	if (!data.success) {
 		throw error(400);
 	}
-	const submission = await db.submission.update({
+	const submission = await db.submission.findUnique({
 		where: { id: data.data.submissionId },
-		data: { actualOutput: data.data.output },
 		include: { problem: true }
 	});
+	if (!submission) {
+		return json({ success: false });
+	}
+	if (submission.state !== SubmissionState.Queued) {
+		return json({ success: false });
+	}
 	if (data.data.output.trimEnd() === submission.problem.realOutput.trimEnd()) {
 		await db.submission.update({
 			where: { id: data.data.submissionId },
-			data: { state: SubmissionState.Correct, gradedAt: new Date() }
+			data: { state: SubmissionState.Correct, gradedAt: new Date(), actualOutput: data.data.output }
 		});
 		return json({ success: true });
 	} else {
@@ -64,7 +69,7 @@ export const POST = (async ({ request }) => {
 		);
 		await db.submission.update({
 			where: { id: data.data.submissionId },
-			data: { state: SubmissionState.InReview, diff: diff }
+			data: { state: SubmissionState.InReview, diff: diff, actualOutput: data.data.output }
 		});
 		return json({ success: true });
 	}