Finished directory API.

2025-10-27 18:05:43 -06:00 · 2025-10-27 18:05:43 -06:00 · 36a45e9812
parent 2859349444
commit 36a45e9812
1 changed files with 59 additions and 0 deletions
--- a/index.js
+++ b/index.js
@ -796,6 +796,65 @@ app.delete('/api/v1/user/dir/deleteEntry/:number', async (req, res) => {
 	});
 });
 // User directory endpoint to mass update entries, with boolean 'replace' field to indicate if existing entries should be replaced with the new list.
 app.post('/api/v1/user/dir/massUpdate', async (req, res) => {
 	const apiKey = req.headers['authorization'] ? req.headers['authorization'].replace('Bearer ', '') : null;
 	if (!apiKey) {
 		res.status(401).json({ error: 'API Key is required!' });
 		return;
 	}
 	const routeData = await pool.query("SELECT * FROM routes WHERE apiKey = ?", [apiKey]);
 	if (!routeData || routeData.length === 0) {
 		res.status(401).json({ error: 'Unauthorized' });
 		return;
 	}
 	// Validate all entries, make sure we check that each number is within the block range for the current user
 	const route = routeData[0];
 	const entries = req.body.entries;
 	const replace = req.body.replace || false;
 	if (!Array.isArray(entries)) {
 		res.status(400).json({ error: 'Bad Request. Not array' });
 		return;
 	}
 	for (const entry of entries) {
 		const number = Number(entry.number);
 		const name = String(entry.name);
 		if (!number || !name) {
 			res.status(400).json({ error: 'Bad Request. Number Or Name' });
 			return;
 		}
 		if (number < route.block_start || number > route.block_start + route.block_length) {
 			res.status(403).json({ error: 'Forbidden' });
 			return;
 		}
 	}
 	if(replace) {
 		// Delete all existing entries for this route
 		await pool.query('DELETE FROM directory WHERE route = ?', [route.id]);
 	}
 	// Insert or update entries
 	for (const entry of entries) {
 		const number = Number(entry.number);
 		const name = String(entry.name);
 		// Remove html
 		const safeName = require("escape-html")(name);
 		// If number already exists, update, otherwise insert
 		const existingEntries = await pool.query('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route.id]);
 		const row = existingEntries[0];
 		if (row) {
 			await pool.query('UPDATE directory SET name = ? WHERE number = ? AND route = ?',
 				[safeName, number, route.id]);
 		} else {
 			await pool.query('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)',
 				[number, safeName, route.id]);
 		}
 	}
 	res.json({ message: 'Mass update completed' });
 });
 // == END USER ROUTES ==
 // == Directory routes == (unauthenticated)