/* ______ __ ______ / \ / | / \ /$$$$$$ | _______ _$$ |_ ______ ______ /$$$$$$ | ______ _____ ____ $$ |__$$ | / |/ $$ | / \ / \ $$ | $$/ / \ / \/ \ $$ $$ |/$$$$$$$/ $$$$$$/ /$$$$$$ |/$$$$$$ |$$ | /$$$$$$ |$$$$$$ $$$$ | $$$$$$$$ |$$ \ $$ | __ $$ | $$/ $$ | $$ |$$ | __ $$ | $$ |$$ | $$ | $$ | $$ | $$ | $$$$$$ | $$ |/ |$$ | $$ \__$$ |$$ \__/ |$$ \__$$ |$$ | $$ | $$ | $$ | $$ |/ $$/ $$ $$/ $$ | $$ $$/ $$ $$/ $$ $$/ $$ | $$ | $$ | $$/ $$/ $$$$$$$/ $$$$/ $$/ $$$$$$/ $$$$$$/ $$$$$$/ $$/ $$/ $$/ Made with <3 by Chris Chrome and the rest of the AstroCom team */ require("dotenv").config(); const express = require('express'); const expressSession = require('express-session'); const ejs = require("ejs") const sqlite3 = require('sqlite3').verbose(); const bcrypt = require("bcrypt") const crypto = require("crypto") const app = express(); const port = process.env.SERVER_PORT || 3000; const db = new sqlite3.Database('astrocom.db', (err) => { if (err) { console.error('Error connecting to database:', err); } else { console.log('Connected to SQLite database'); } }); // Run migrations require("./migrations")(db) // Check if user 1 exists, if not, create it const saltRounds = 10; db.get("SELECT * FROM users WHERE id = 1", [], (err, row) => { if (err) { console.error('Error checking for admin user:', err); return; } if (!row || process.env.RESET_ADMIN == "true") { // delete all users (The big scary one lol) db.run("DELETE FROM users", [], (err) => { if (err) { console.error('Error deleting users:', err); return; } }); // Generate 32 char random string const passwd = crypto.randomBytes(32).toString('hex'); bcrypt.hash(passwd, saltRounds, (err, hash) => { if (err) { console.error('Error creating hash:', err); return; } db.run("INSERT INTO users (id, username, passwordHash) VALUES (1, 'admin', ?)", [hash], (err) => { if (err) { console.error('Error creating admin user:', err); } else { console.log(`Created admin user with password: ${passwd}`); } }); }); } }); app.use(express.json()); app.use(express.urlencoded({ extended: true })); app.use(expressSession({ store: expressSession.MemoryStore(), secret: process.env.SESSION_SECRET || 'default_secret', resave: false, saveUninitialized: false, cookie: { secure: process.env.NODE_ENV === 'production', maxAge: 24 * 60 * 60 * 1000 // 24 hours } })); app.set('view engine', 'ejs'); app.set('views', __dirname + '/views'); // Static files app.use(express.static('public')); const addAnalytic = (tag) => { db.get("SELECT * FROM analytics WHERE tag = ?", [tag], (err, row) => { if (err) { console.error('Error checking analytics:', err); } if (!row) { db.run("INSERT INTO analytics (tag, count) VALUES (?, 1)", [tag], (err) => { if (err) console.error('Error creating analytics:', err); }); } else { db.run("UPDATE analytics SET count = count + 1 WHERE tag = ?", [tag], (err) => { if (err) console.error('Error updating analytics:', err); }); } }); } const dailyAnalytic = (tag) => { // This is a bit more complex, but it's just a daily count // check if the tag, and tag_date exists. If the date is not today reset count to 0 and date to today // If the date is today, increment count const date = new Date(); const today = `${date.getFullYear()}-${date.getMonth()}-${date.getDate()}`; db.get("SELECT * FROM dailyAnalytics WHERE tag = ? AND tag_date = ?", [tag, today], (err, row) => { if (err) { console.error('Error checking daily analytics:', err); } if (!row) { db.run("INSERT INTO dailyAnalytics (tag, tag_date, count) VALUES (?, ?, 1)", [tag, today], (err) => { if (err) console.error('Error creating daily analytics:', err); }); } else { db.run("UPDATE dailyAnalytics SET count = count + 1 WHERE tag = ? AND tag_date = ?", [tag, today], (err) => { if (err) console.error('Error updating daily analytics:', err); }); } }); } app.use((req, res, next) => { if (req.path.startsWith("/api/v1")) { addAnalytic("apiCalls"); }; next(); }) // Admin routes // admin/logout app.get('/admin/logout', (req, res) => { req.session.destroy(); res.redirect('/admin/login'); }); app.get('/admin/login', (req, res) => { res.render('admin/login'); }); app.get('/admin', (req, res) => { if (!req.session.adminAuthenticated) { res.redirect('/admin/login'); return; } res.render('admin/index', { user: req.session.user }); }); app.get('/admin/create', (req, res) => { if (!req.session.adminAuthenticated) { res.redirect('/admin/login'); return; } res.render('admin/create', { user: req.session.user }); }); app.get('/admin/route/:id', (req, res) => { if (!req.session.adminAuthenticated) { res.redirect('/admin/login'); return; } db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send('Internal server error'); return; } if (!row) { res.status(404).send('Not Found'); return; } res.render('admin/edit', { user: req.session.user, data: row }); }); }); app.post('/admin/login', (req, res) => { const username = req.body.username; const password = req.body.password; db.get("SELECT * FROM users WHERE username = ?", [String(username)], (err, row) => { if (err) { console.error('Error getting user:', err); res.status(500).send('Internal server error'); return; } if (!row) { res.status(401).send('Unauthorized (Not Found)'); return; } bcrypt.compare(password, row.passwordHash, (err, result) => { if (err) { console.error('Error comparing password:', err); res.status(500).send('Internal server error'); return; } if (result) { req.session.adminAuthenticated = true; req.session.user = row.username; res.redirect('/admin'); } else { res.status(401).send('Unauthorized'); } }); }); }) app.get('/api/v1/admin/routes', (req, res) => { // Get all routes if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.all('SELECT * FROM routes', (err, rows) => { if (err) { console.error('Error getting routes:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json(rows); }); }); app.get('/api/v1/admin/route/:id', (req, res) => { // Get route if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (!row) { res.status(404).json({ error: 'Not Found' }); return; } res.json(row); }); }); app.post('/api/v1/admin/route', (req, res) => { // Create a new route if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } const server = req.body.server; const port = req.body.port; const auth = req.body.auth || "from-astrocom"; const secret = req.body.secret || crypto.randomBytes(15).toString('hex'); const block_start = req.body.block_start; const block_length = req.body.block_length || 9999; const apiKey = crypto.randomBytes(32).toString('hex'); // Validate all inputs exist if (!server || !port || !block_start) { res.status(400).json({ error: 'Bad Request' }); return; } // Check if route already exists (OR conditions on server, and block range) db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [block_start, block_start], (err, row) => { if (err) { console.error('Error checking for existing route:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (row) { res.status(409).json({ error: 'Conflict' }); return; } else { db.run('INSERT INTO routes (server, port, auth, secret, block_start, block_length, apiKey) VALUES (?, ?, ?, ?, ?, ?, ?)', [server, port, auth, secret, block_start, block_length, apiKey], (err) => { if (err) { console.error('Error creating route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(201).json({ message: 'Created' }); }); } }); }); app.put('/api/v1/admin/route/:id', (req, res) => { // Update a route // Check if authenticated if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } // Check if route exists db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (!row) { res.status(404).json({ error: 'Not Found' }); return; } // Update route const server = req.body.server || row.server; const port = req.body.port || row.port; const auth = req.body.auth || row.auth; const secret = req.body.secret || row.secret; const block_start = req.body.block_start || row.block_start; const block_length = req.body.block_length || row.block_length; db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE id = ?', [server, port, auth, secret, block_start, block_length, req.params.id], (err) => { if (err) { console.error('Error updating route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Updated' }); }); }); }); app.delete('/api/v1/admin/route/:id', (req, res) => { // Delete a route if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.run('DELETE FROM routes WHERE id = ?', [req.params.id], (err) => { if (err) { console.error('Error deleting route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Deleted' }); }); }); app.delete('/api/v1/admin/directory/:number', (req, res) => { // Delete a directory entry if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } const number = Number(req.params.number); if (!number) { res.status(400).json({ error: 'Bad Request' }); return; } db.run('DELETE FROM directory WHERE number = ?', [number], (err) => { if (err) { console.error('Error deleting directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(200).json({ message: 'Deleted' }); }); }); app.get("/api/v1/admin/callLogs", (req, res) => { if (!req.session.adminAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } // if ?page is set, return 100 results from that page, if no page assume page 1 const page = Number(req.query.page) || 1; const offset = (page - 1) * 100; // Get full count of call logs to calculate total pages db.get("SELECT COUNT(*) as count FROM callLogs", [], (err, row) => { if (err) { console.error('Error getting call log count:', err); res.status(500).json({ error: 'Internal server error' }); return; } const totalPages = Math.ceil(row.count / 100); db.all("SELECT * FROM callLogs ORDER BY timestamp DESC LIMIT 100 OFFSET ?", [offset], (err, rows) => { if (err) { console.error('Error getting call logs:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ totalPages, page, data: rows }); }); }); }); // == END ADMIN ROUTES == // == User routes == // allows someone to log in with their API key and add entries to the Directory (as long as the number is within their block range) app.get('/user', (req, res) => { if (!req.session.userAuthenticated) { res.redirect('/user/login'); return; } res.render('user/index', { user: req.session.user }); }); app.get('/user/login', (req, res) => { res.render('user/login'); }); app.post('/user/login', (req, res) => { const apiKey = req.body.apiKey; db.get("SELECT * FROM routes WHERE apiKey = ?", [apiKey], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send('Internal server error'); return; } if (!row) { res.status(401).send('Unauthorized'); return; } req.session.userAuthenticated = true; req.session.userData = row; res.redirect('/user'); }); }); app.get('/user/logout', (req, res) => { req.session.destroy(); res.redirect('/user/login'); }); app.get('/api/v1/user/route', (req, res) => { // Get route if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } res.json(req.session.userData); }); app.put('/api/v1/user/route', (req, res) => { // Update route if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } if (!req.session.userData.apiKey) { req.session.destroy(); // Something weird happened, destroy session res.status(401).json({ error: 'Unauthorized' }); return; } // Does not allow for ID to be specified, always update current users route const server = req.body.server || req.session.userData.server; const port = req.body.port || req.session.userData.port; const auth = req.body.auth || req.session.userData.auth; const secret = req.body.secret || req.session.userData.secret; // We don't allow block changes, admins only. const block_start = req.session.userData.block_start; const block_length = req.session.userData.block_length; const apiKey = req.session.userData.apiKey; db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE apiKey = ?', [server, port, auth, secret, block_start, block_length, apiKey], (err) => { if (err) { console.error('Error updating route:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Updated' }); }); }); app.get('/api/v1/user/directory', (req, res) => { // Get directory entries created by user if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } db.all('SELECT * FROM directory WHERE route = ?', [req.session.userData.id], (err, rows) => { if (err) { console.error('Error getting routes:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json(rows); }); }); app.post('/api/v1/user/directory', (req, res) => { // Create a new directory entry // Check if authenticated if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } // Check that the number is within the block range for the current user var number = Number(req.body.number); var name = String(req.body.name); if (!number || !name) { res.status(400).json({ error: 'Bad Request' }); return; } if (number < req.session.userData.block_start || number > req.session.userData.block_start + req.session.userData.block_length) { res.status(403).json({ error: 'Forbidden' }); return; } // Remove html name = require("escape-html")(name); const route = req.session.userData.id; // If number already exists, update, otherwise insert db.get('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route], (err, row) => { if (err) { console.error('Error checking for existing directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (row) { db.run('UPDATE directory SET name = ? WHERE number = ? AND route = ?', [name, number, route], (err) => { if (err) { console.error('Error updating directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json({ message: 'Updated' }); }); } else { db.run('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)', [number, name, route], (err) => { if (err) { console.error('Error creating directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(201).json({ message: 'Created' }); }); } }); }); app.delete('/api/v1/user/directory/:number', (req, res) => { // Delete a directory entry if (!req.session.userAuthenticated) { res.status(401).json({ error: 'Unauthorized' }); return; } const number = Number(req.params.number); if (!number) { res.status(400).json({ error: 'Bad Request' }); return; } db.run('DELETE FROM directory WHERE number = ? AND route = ?', [number, req.session.userData.id], (err) => { if (err) { console.error('Error deleting directory entry:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.status(200).json({ message: 'Deleted' }); }); }); // == END USER ROUTES == // == Directory routes == (unauthenticated) app.get("/api/v1/directory", (req, res) => { db.all("SELECT * FROM directory", (err, rows) => { if (err) { console.error('Error getting directory:', err); res.status(500).json({ error: 'Internal server error' }); return; } res.json(rows); }); }); // Other public endpoints that need special handling discordInviteCache = { time: 0, url: "" }; app.get("/discord", (req, res) => { // fetch from process.env.WIDGET_URL, get json body, redirect to body.instant_invite. Cache url for 5 minutes if (Date.now() - discordInviteCache.time < 300000) { res.redirect(discordInviteCache.url); return; } fetch(process.env.WIDGET_URL) .then(response => response.json()) .then(data => { discordInviteCache.time = Date.now(); discordInviteCache.url = data.instant_invite; res.redirect(data.instant_invite); }) .catch(error => { console.error('Error fetching discord invite:', error); res.status(500).send('Internal server error'); }); }); app.get("/analytics", (req, res) => { db.all("SELECT * FROM analytics", (err, total) => { if (err) { console.error('Error getting analytics:', err); res.status(500).send('Internal server error'); return; } db.all("SELECT * FROM dailyAnalytics", (err, daily) => { if (err) { console.error('Error getting daily analytics:', err); res.status(500).send('Internal server error'); return; } // Find the latest date and add "current:true" to it var latest = { tag_date: "1970-01-01", count: 0 }; daily.forEach((entry) => { if (entry.tag_date > latest.tag_date) { latest = entry; } }); latest.current = true; res.json({ total, daily }); }); }); }); app.get("/api/v1/checkAvailability/:number", (req, res) => { // Check if the number is 7 digits const number = Number(req.params.number); if (number < 2000000 || number > 9999999) { res.status(400).json({ error: `Number is outside valid range` }); return; } db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).json({ error: 'Internal server error' }); return; } if (row) { res.json({ available: false, block: row.block_start }); } else { res.json({ available: true }); } }); }); app.get("/api/healthcheck", (req, res) => { // Check ability to connect to database with select * from routes db.get('SELECT * FROM routes', [], (err, row) => { if (err) { console.error('Error checking health:', err); res.status(500).send('Internal server error'); return; } res.status(200).send('OK'); }); }); // logCall function (caller, callee) const logCall = (caller, callee) => { db.run('INSERT INTO callLogs (caller, callee, timestamp) VALUES (?, ?, ?)', [caller, callee, Math.floor(Date.now())], (err) => { if (err) console.error('Error logging call:', err); }); } // Query to get a route app.get('/api/v1/route/:apiKey/:ani/:number', (req, res) => { const apiKey = req.params.apiKey; const number = Number(req.params.number); const ani = Number(req.params.ani); db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => { // If no row or error, return 401 if (err || !row) { console.error(err); res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`) return; } db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`) } else if (row) { // Check if the ANI is within the block range // If it is, return `local` console.log(`New Call: ${ani} -> ${number}`); logCall(ani, number); // incriment estCallsMade analytics addAnalytic("estCallsMade"); dailyAnalytic("dailyCallsMade"); if (ani >= row.block_start && ani <= row.block_start + row.block_length) { res.status(200).send('local'); } else { res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`); } } else { res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`); } }); }); }); app.get('/api/v1', (req, res) => { // Backwards compatibility with TandmX cause why not, it's easy const apiKey = req.query.auth; const number = Number(req.query.number); const ani = Number(req.query.ani); db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => { // If no row or error, return 401 if (err || !row) { console.error(err); res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`) return; } db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => { if (err) { console.error('Error getting route:', err); res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`) } else if (row) { // Check if the ANI is within the block range // If it is, return `local` console.log(`New Call: ${ani} -> ${number}`); logCall(ani, number); addAnalytic("estCallsMade"); dailyAnalytic("dailyCallsMade"); if (ani >= row.block_start && ani <= row.block_start + row.block_length) { res.status(200).send('local'); } else { res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`); } } else { res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`); } }); }); }); // Start server app.listen(port, () => { console.log(`Listening on port ${port}`); });