From 335461608d7e6bb058d77eabeab9b9222465f971 Mon Sep 17 00:00:00 2001
From: ChrisChrome <chris@chrischro.me>
Date: Sat, 14 Dec 2024 18:54:35 -0700
Subject: [PATCH] Testing?

---
 index.js | 153 ++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 111 insertions(+), 42 deletions(-)

diff --git a/index.js b/index.js
index 78feec9..b5a2cb1 100644
--- a/index.js
+++ b/index.js
@@ -5,7 +5,7 @@ const FileStore = require('session-file-store')(expressSession);
 const ejs = require("ejs")
 const sqlite3 = require('sqlite3').verbose();
 const bcrypt = require("bcrypt")
-
+const crypto = require("crypto")
 const app = express();
 const port = process.env.SERVER_PORT || 3000;
 
@@ -69,21 +69,6 @@ app.set('view engine', 'ejs');
 app.set('views', __dirname + '/views');
 
 // Admin routes
-app.get('/admin', (req, res) => {
-	if (!req.session.authenticated) {
-		res.redirect('/admin/login');
-		return;
-	}
-	db.all('SELECT * FROM routes', (err, rows) => {
-		if (err) {
-			console.error('Error getting routes:', err);
-			res.status(500).send('Internal server error');
-			return;
-		}
-		console.log(rows)
-		res.render('admin', { routes: rows });
-	});
-});
 
 // admin/logout
 app.get('/admin/logout', (req, res) => {
@@ -124,38 +109,120 @@ app.post('/admin/login', (req, res) => {
 	});
 })
 
-// post /api/v1/admin (We take in a JSON array of actions to perform. If Authorization header isn't set, rely on session)
-app.post('/api/v1/admin', (req, res) => {
+app.get('/api/v1/admin/routes', (req, res) => { // Get all routes
 	if (!req.session.authenticated) {
-		res.status(401).send('Unauthorized');
+		res.status(401).json({ error: 'Unauthorized' });
 		return;
 	}
-	const actions = req.body;
-	actions.forEach((action) => {
-		if (action.action === 'add') {
-			db.run('INSERT INTO routes (server, port, auth, secret, block_start, block_length, apiKey) VALUES (?, ?, ?, ?, ?, ?, ?)', 
-				[action.server, action.port, action.auth, action.secret, action.block_start, action.block_length, action.apiKey], 
-				(err) => {
-					if (err) {
-						console.error('Error adding route:', err);
-					}
-				});
-		} else if (action.action === 'delete') {
-			db.run('DELETE FROM routes WHERE id = ?', [action.id], (err) => {
-				if (err) {
-					console.error('Error deleting route:', err);
-				}
-			});
-		} else if (action.action === 'update') {
-			db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ?, apiKey = ? WHERE id = ?', [action.server, action.port, action.auth, action.secret, action.block_start, action.block_length, action.apiKey, action.id], (err) => {
+	db.all('SELECT * FROM routes', (err, rows) => {
+		if (err) {
+			console.error('Error getting routes:', err);
+			res.status(500).json({ error: 'Internal server error' });
+			return;
+		}
+		console.log(rows)
+		res.json(rows);
+	});
+});
+
+app.get('/api/v1/admin/route/:id', (req, res) => { // Get route
+	if (!req.session.authenticated) {
+		res.status(401).json({ error: 'Unauthorized' });
+		return;
+	}
+	db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
+		if (err) {
+			console.error('Error getting route:', err);
+			res.status(500).json({ error: 'Internal server error' });
+			return;
+		}
+		if (!row) {
+			res.status(404).json({ error: 'Not Found' });
+			return;
+		}
+		res.json(row);
+	});
+});
+
+app.post('/api/v1/admin/route', (req, res) => { // Create a new route
+	if (!req.session.authenticated) {
+		res.status(401).json({ error: 'Unauthorized' });
+		return;
+	}
+	const server = req.body.server;
+	const port = req.body.port;
+	const auth = req.body.auth || "astrocom";
+	const secret = req.body.secret || crypto.randomBytes(15).toString('hex');
+	const block_start = req.body.block_start;
+	const block_length = req.body.block_length || 9999;
+	const apiKey = crypto.randomBytes(32).toString('hex');
+	// Validate all inputs exist
+	if (!server || !port || !block_start) {
+		res.status(400).json({ error: 'Bad Request' });
+		return;
+	}
+	db.run('INSERT INTO routes (server, port, auth, secret, block_start, block_length, apiKey) VALUES (?, ?, ?, ?, ?, ?, ?)', 
+		[server, port, auth, secret, block_start, block_length, apiKey], 
+		(err) => {
+			if (err) {
+				console.error('Error creating route:', err);
+				res.status(500).json({ error: 'Internal server error' });
+				return;
+			}
+			res.status(201).json({ message: 'Created' });
+		});
+});
+
+app.put('/api/v1/admin/route/:id', (req, res) => { // Update a route
+	// Check if authenticated
+	if (!req.session.authenticated) {
+		res.status(401).json({ error: 'Unauthorized' });
+		return;
+	}
+	// Check if route exists
+	db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
+		if (err) {
+			console.error('Error getting route:', err);
+			res.status(500).json({ error: 'Internal server error' });
+			return;
+		}
+		if (!row) {
+			res.status(404).json({ error: 'Not Found' });
+			return;
+		}
+		// Update route
+		const server = req.body.server || row.server;
+		const port = req.body.port || row.port;
+		const auth = req.body.auth || row.auth;
+		const secret = req.body.secret || row.secret;
+		const block_start = req.body.block_start || row.block_start;
+		const block_length = req.body.block_length || row.block_length;
+		db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE id = ?', 
+			[server, port, auth, secret, block_start, block_length, req.params.id], 
+			(err) => {
 				if (err) {
 					console.error('Error updating route:', err);
+					res.status(500).json({ error: 'Internal server error' });
+					return;
 				}
-			}
-		);
-		}
+				res.json({ message: 'Updated' });
+			});
+	});
+});
+
+app.delete('/api/v1/admin/route/:id', (req, res) => { // Delete a route
+	if (!req.session.authenticated) {
+		res.status(401).json({ error: 'Unauthorized' });
+		return;
+	}
+	db.run('DELETE FROM routes WHERE id = ?', [req.params.id], (err) => {
+		if (err) {
+			console.error('Error deleting route:', err);
+			res.status(500).json({ error: 'Internal server error' });
+			return;
+		}
+		res.json({ message: 'Deleted' });
 	});
-	res.status(200).send('OK');
 });
 
 // Query to get a route
@@ -184,7 +251,9 @@ app.get('/api/v1/route/:apiKey/:ani/:number', (req, res) => {
 					res.status(200).send('local');
 				} else {
 					console.log("sent remote")
-					res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`);
+					// md5 hash the secret
+					hashed = crypto.createHash('md5').update(row.secret).digest('hex');
+					res.status(200).send(`IAX2/${row.auth}:${hashed}@${row.server}:${row.port}/${number}`);
 				}
 			} else {
 				console.log("boowomp")