Finished directory API.

Fix packages
2025-10-27 18:05:43 -06:00 · 2025-10-27 08:40:10 -06:00
3 changed files with 235 additions and 1261 deletions
--- a/index.js
+++ b/index.js
@ -796,6 +796,65 @@ app.delete('/api/v1/user/dir/deleteEntry/:number', async (req, res) => {
 	});
 });
 // User directory endpoint to mass update entries, with boolean 'replace' field to indicate if existing entries should be replaced with the new list.
 app.post('/api/v1/user/dir/massUpdate', async (req, res) => {
 	const apiKey = req.headers['authorization'] ? req.headers['authorization'].replace('Bearer ', '') : null;
 	if (!apiKey) {
 		res.status(401).json({ error: 'API Key is required!' });
 		return;
 	}
 	const routeData = await pool.query("SELECT * FROM routes WHERE apiKey = ?", [apiKey]);
 	if (!routeData || routeData.length === 0) {
 		res.status(401).json({ error: 'Unauthorized' });
 		return;
 	}
 	// Validate all entries, make sure we check that each number is within the block range for the current user
 	const route = routeData[0];
 	const entries = req.body.entries;
 	const replace = req.body.replace || false;
 	if (!Array.isArray(entries)) {
 		res.status(400).json({ error: 'Bad Request. Not array' });
 		return;
 	}
 	for (const entry of entries) {
 		const number = Number(entry.number);
 		const name = String(entry.name);
 		if (!number || !name) {
 			res.status(400).json({ error: 'Bad Request. Number Or Name' });
 			return;
 		}
 		if (number < route.block_start || number > route.block_start + route.block_length) {
 			res.status(403).json({ error: 'Forbidden' });
 			return;
 		}
 	}
 	if(replace) {
 		// Delete all existing entries for this route
 		await pool.query('DELETE FROM directory WHERE route = ?', [route.id]);
 	}
 	// Insert or update entries
 	for (const entry of entries) {
 		const number = Number(entry.number);
 		const name = String(entry.name);
 		// Remove html
 		const safeName = require("escape-html")(name);
 		// If number already exists, update, otherwise insert
 		const existingEntries = await pool.query('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route.id]);
 		const row = existingEntries[0];
 		if (row) {
 			await pool.query('UPDATE directory SET name = ? WHERE number = ? AND route = ?',
 				[safeName, number, route.id]);
 		} else {
 			await pool.query('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)',
 				[number, safeName, route.id]);
 		}
 	}
 	res.json({ message: 'Mass update completed' });
 });
 // == END USER ROUTES ==
 // == Directory routes == (unauthenticated)
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -11,14 +11,12 @@
  "description": "",
  "dependencies": {
    "bcrypt": "^5.1.1",
    "connect-sqlite": "^0.0.1",
    "dotenv": "^16.6.1",
    "ejs": "^3.1.10",
    "escape-html": "^1.0.3",
    "express": "^4.21.2",
    "express-session": "^1.18.1",
    "mariadb": "^3.4.0",
-    "session-file-store": "^1.5.0",
+    "session-file-store": "^1.5.0"
    "sqlite3": "^5.1.7"
  }
 }
Author	SHA1	Message	Date
Christopher Cookman	36a45e9812	Finished directory API.	2025-10-27 18:05:43 -06:00
Christopher Cookman	2859349444	Fix packages	2025-10-27 08:40:10 -06:00