require("dotenv").config(); const express = require('express'); const expressSession = require('express-session'); const FileStore = require('session-file-store')(expressSession); const ejs = require("ejs") const sqlite3 = require('sqlite3').verbose(); const bcrypt = require("bcrypt") const crypto = require("crypto") const app = express(); const port = process.env.SERVER_PORT || 3000; const db = new sqlite3.Database('astrocom.db', (err) => { if (err) { console.error('Error connecting to database:', err); } else { console.log('Connected to SQLite database'); } }); // Run migrations require("./migrations")(db) // Check if user 1 exists, if not, create it const saltRounds = 10; db.get("SELECT * FROM users WHERE id = 1", [], (err, row) => { if (err) { console.error('Error checking for admin user:', err); return; } if (!row || process.env.RESET_ADMIN == "true") { // Destroy all sessions sessionStore.clear((err) => { if (err) { console.error('Error clearing sessions:', err); return; } }); // delete all users (The big scary one lol) db.run("DELETE FROM users", [], (err) => { if (err) { console.error('Error deleting users:', err); return; } }); // Generate 32 char random string const passwd = crypto.randomBytes(32).toString('hex'); bcrypt.hash(passwd, saltRounds, (err, hash) => { if (err) { console.error('Error creating hash:', err); return; } db.run("INSERT INTO users (id, username, passwordHash) VALUES (1, 'admin', ?)", [hash], (err) => { if (err) { console.error('Error creating admin user:', err); } else { console.log(`Created admin user with password: ${passwd}`); } }); }); } }); app.use(express.json()); app.use(express.urlencoded({ extended: true })); const fileStoreOptions = {}; const sessionStore = new FileStore(fileStoreOptions); app.use(expressSession({ store: sessionStore, secret: process.env.SESSION_SECRET || 'default_secret', resave: false, saveUninitialized: false, cookie: { secure: process.env.NODE_ENV === 'production', maxAge: 24 * 60 * 60 * 1000 // 24 hours } })); app.set('view engine', 'ejs'); app.set('views', __dirname + '/views'); // Static files app.use(express.static('public')); // Admin routes // admin/logout app.get('/admin/logout', (req, res) => { req.session.destroy(); res.redirect('/admin/login'); }); app.get('/admin/login', (req, res) => { res.render('admin/login'); }); app.get('/admin', (req, res) => { if (!req.session.adminAuthenticated) { res.redirect('/admin/login'); return; } res.render('admin/index', { user: req.session.user }); }); app.get('/admin/create', (req, res) => { if (!req.session.adminAuthenticated) { res.redirect('/admin/login'); return; } res.render('admin/create', { user: req.session.user }); }); app.get('/admin/route/:id', (req, res) => { if (!req.session.adminAuthenticated) { res.redirect('/admin/login'); return; } db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send('Internal server error'); return; } if (!row) { res.status(404).send('Not Found'); return; } res.render('admin/edit', { user: req.session.user, data: row }); }); }); app.post('/admin/login', (req, res) => { const username = req.body.username; const password = req.body.password; db.get("SELECT * FROM users WHERE username = ?", [String(username)], (err, row) => { if (err) { console.error('Error getting user:', err); res.status(500).send('Internal server error'); return; } if (!row) { res.status(401).send('Unauthorized (Not Found)'); return; } bcrypt.compare(password, row.passwordHash, (err, result) => { if (err) { console.error('Error comparing password:', err); res.status(500).send('Internal server error'); return; } if (result) { req.session.adminAuthenticated = true; req.session.user = row.username; res.redirect('/admin'); } else { res.status(401).send('Unauthorized'); } }); }); }) app.get('/api/v1/admin/routes', (req, res) => { // Get all routes if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.all('SELECT * FROM routes', (err, rows) => { if (err) { console.error('Error getting routes:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json(rows); }); }); app.get('/api/v1/admin/route/:id', (req, res) => { // Get route if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (!row) { res.status(404).json({ error: 'Not Found' }); return; } res.json(row); }); }); app.post('/api/v1/admin/route', (req, res) => { // Create a new route if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } const server = req.body.server; const port = req.body.port; const auth = req.body.auth || "from-astrocom"; const secret = req.body.secret || crypto.randomBytes(15).toString('hex'); const block_start = req.body.block_start; const block_length = req.body.block_length || 9999; const apiKey = crypto.randomBytes(32).toString('hex'); // Validate all inputs exist if (!server || !port || !block_start) { res.status(400).json({ error: 'Bad Request' }); return; } // Check if route already exists (OR conditions on server, and block range) db.get('SELECT * FROM routes WHERE server = ? OR block_start <= ? AND block_start + block_length >= ?', [server, block_start, block_start], (err, row) => { if (err) { console.error('Error checking for existing route:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (row) { res.status(409).json({ error: 'Conflict' }); return; } else { db.run('INSERT INTO routes (server, port, auth, secret, block_start, block_length, apiKey) VALUES (?, ?, ?, ?, ?, ?, ?)', [server, port, auth, secret, block_start, block_length, apiKey], (err) => { if (err) { console.error('Error creating route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(201).json({ message: 'Created' }); }); } }); }); app.put('/api/v1/admin/route/:id', (req, res) => { // Update a route // Check if authenticated if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } // Check if route exists db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (!row) { res.status(404).json({ error: 'Not Found' }); return; } // Update route const server = req.body.server || row.server; const port = req.body.port || row.port; const auth = req.body.auth || row.auth; const secret = req.body.secret || row.secret; const block_start = req.body.block_start || row.block_start; const block_length = req.body.block_length || row.block_length; db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE id = ?', [server, port, auth, secret, block_start, block_length, req.params.id], (err) => { if (err) { console.error('Error updating route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Updated' }); }); }); }); app.delete('/api/v1/admin/route/:id', (req, res) => { // Delete a route if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.run('DELETE FROM routes WHERE id = ?', [req.params.id], (err) => { if (err) { console.error('Error deleting route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Deleted' }); }); }); app.delete('/api/v1/admin/directory/:number', (req, res) => { // Delete a directory entry if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } const number = Number(req.params.number); if (!number) { res.status(400).json({ error: 'Bad Request' }); return; } db.run('DELETE FROM directory WHERE number = ?', [number], (err) => { if (err) { console.error('Error deleting directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(200).json({ message: 'Deleted' }); }); }); // == END ADMIN ROUTES == // == User routes == // allows someone to log in with their API key and add entries to the Directory (as long as the number is within their block range) app.get('/user', (req, res) => { if (!req.session.userAuthenticated) { res.redirect('/user/login'); return; } res.render('user/index', { user: req.session.user }); }); app.get('/user/login', (req, res) => { res.render('user/login'); }); app.post('/user/login', (req, res) => { const apiKey = req.body.apiKey; db.get("SELECT * FROM routes WHERE apiKey = ?", [apiKey], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send('Internal server error'); return; } if (!row) { res.status(401).send('Unauthorized'); return; } req.session.userAuthenticated = true; req.session.userData = row; res.redirect('/user'); }); }); app.get('/user/logout', (req, res) => { req.session.destroy(); res.redirect('/user/login'); }); app.get('/api/v1/user/route', (req, res) => { // Get route if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } res.json(req.session.userData); }); app.put('/api/v1/user/route', (req, res) => { // Update route if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } if (!req.session.userData.apiKey) { req.session.destroy(); // Something weird happened, destroy session res.status(401).json({ error: 'Unauthorized' }); return; } // Does not allow for ID to be specified, always update current users route const server = req.body.server || req.session.userData.server; const port = req.body.port || req.session.userData.port; const auth = req.body.auth || req.session.userData.auth; const secret = req.body.secret || req.session.userData.secret; // We don't allow block changes, admins only. const block_start = req.session.userData.block_start; const block_length = req.session.userData.block_length; const apiKey = req.session.userData.apiKey; db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE apiKey = ?', [server, port, auth, secret, block_start, block_length, apiKey], (err) => { if (err) { console.error('Error updating route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Updated' }); }); }); app.get('/api/v1/user/directory', (req, res) => { // Get directory entries created by user if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.all('SELECT * FROM directory WHERE route = ?', [req.session.userData.id], (err, rows) => { if (err) { console.error('Error getting routes:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json(rows); }); }); app.post('/api/v1/user/directory', (req, res) => { // Create a new directory entry // Check if authenticated if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } // Check that the number is within the block range for the current user var number = Number(req.body.number); var name = String(req.body.name); if (!number || !name) { res.status(400).json({ error: 'Bad Request' }); return; } if (number < req.session.userData.block_start || number > req.session.userData.block_start + req.session.userData.block_length) { res.status(403).json({ error: 'Forbidden' }); return; } // Remove html name = require("escape-html")(name); const route = req.session.userData.id; // If number already exists, update, otherwise insert db.get('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route], (err, row) => { if (err) { console.error('Error checking for existing directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (row) { db.run('UPDATE directory SET name = ? WHERE number = ? AND route = ?', [name, number, route], (err) => { if (err) { console.error('Error updating directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Updated' }); }); } else { db.run('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)', [number, name, route], (err) => { if (err) { console.error('Error creating directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(201).json({ message: 'Created' }); }); } }); }); app.delete('/api/v1/user/directory/:number', (req, res) => { // Delete a directory entry if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } const number = Number(req.params.number); if (!number) { res.status(400).json({ error: 'Bad Request' }); return; } db.run('DELETE FROM directory WHERE number = ? AND route = ?', [number, req.session.userData.id], (err) => { if (err) { console.error('Error deleting directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(200).json({ message: 'Deleted' }); }); }); // == END USER ROUTES == // == Directory routes == (unauthenticated) app.get("/api/v1/directory", (req, res) => { db.all("SELECT * FROM directory", (err, rows) => { if (err) { console.error('Error getting directory:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json(rows); }); }); // Other public endpoints that need special handling discordInviteCache = {time: 0, url: ""}; app.get("/discord", (req, res) => { // fetch from process.env.WIDGET_URL, get json body, redirect to body.instant_invite. Cache url for 5 minutes if (Date.now() - discordInviteCache.time < 300000) { res.redirect(discordInviteCache.url); return; } fetch(process.env.WIDGET_URL) .then(response => response.json()) .then(data => { discordInviteCache.time = Date.now(); discordInviteCache.url = data.instant_invite; res.redirect(data.instant_invite); }) .catch(error => { console.error('Error fetching discord invite:', error); res.status(500).send('Internal server error'); }); }); // Query to get a route app.get('/api/v1/route/:apiKey/:ani/:number', (req, res) => { const apiKey = req.params.apiKey; const number = Number(req.params.number); const ani = Number(req.params.ani); db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => { // If no row or error, return 401 if (err || !row) { console.error(err); res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`) return; } db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`) } else if (row) { // Check if the ANI is within the block range // If it is, return `local` console.log(`New Call: ${ani} -> ${number}`); if (ani >= row.block_start && ani <= row.block_start + row.block_length) { res.status(200).send('local'); } else { res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`); } } else { res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`); } }); }); }); app.get('/api/v1', (req, res) => { // Backwards compatibility with TandmX cause why not, it's easy const apiKey = req.query.auth; const number = Number(req.query.number); const ani = Number(req.query.ani); db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => { // If no row or error, return 401 if (err || !row) { console.error(err); res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`) return; } db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`) } else if (row) { // Check if the ANI is within the block range // If it is, return `local` console.log(`New Call: ${ani} -> ${number}`); if (ani >= row.block_start && ani <= row.block_start + row.block_length) { res.status(200).send('local'); } else { res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`); } } else { res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`); } }); }); }); // Start server app.listen(port, () => { console.log(`Listening on port ${port}`); });