From ee3ad51468998093a1f837db253fa66df5311952 Mon Sep 17 00:00:00 2001
From: ChrisChrome <chris@chrischro.me>
Date: Fri, 3 Oct 2025 00:12:29 -0600
Subject: [PATCH] My dumb ass didnt have proper auth for calls. grr

---
 index.js | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/index.js b/index.js
index 8c1c2f0..84bd766 100644
--- a/index.js
+++ b/index.js
@@ -876,14 +876,7 @@ app.get('/api/v1/route/:apiKey/:ani/:number', (req, res) => {
 	const ani = Number(req.params.ani);
 	pool.getConnection().then(conn => {
 		//conn.query("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani]).then((rows) => {
-		conn.query("SELECT * FROM routes WHERE apiKey = ?", [apiKey]).then((rows) => { // We'll try this Nick, if it doesn't work we'll go back to the original
-			const row = rows[0];
-			// If no row or error, return 401
-			if (!row) {
-				res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`)
-				return;
-			}
-			conn.query('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number]).then((rows) => {
+		conn.query('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ? AND apiKey = ?;', [number, number, apiKey]).then((rows) => {
 				const row = rows[0];
 				if (row) {
 					// Check if the ANI is within the block range
@@ -907,8 +900,7 @@ app.get('/api/v1/route/:apiKey/:ani/:number', (req, res) => {
 			}).catch(err => {
 				console.error('Error getting route:', err);
 				res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`)
-			});
-		}).catch(err => {
+			}).catch(err => {
 			console.error(err);
 			res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`)
 		}).finally(() => {