AstroCom/AstroCom-API
4
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
AstroCom-API/index.js
Christopher Cookman 80be7f6723 Fix that lol
2024-12-15 11:17:59 -07:00

582 lines
17 KiB
JavaScript
Raw Blame History

require("dotenv").config();
const express = require('express');
const expressSession = require('express-session');
const FileStore = require('session-file-store')(expressSession);
const ejs = require("ejs")
const sqlite3 = require('sqlite3').verbose();
const bcrypt = require("bcrypt")
const crypto = require("crypto")
const app = express();
const port = process.env.SERVER_PORT || 3000;
const db = new sqlite3.Database('astrocom.db', (err) => {
if (err) {
console.error('Error connecting to database:', err);
} else {
console.log('Connected to SQLite database');
}
});
// Run migrations
require("./migrations")(db)
// Check if user 1 exists, if not, create it
const saltRounds = 10;
db.get("SELECT * FROM users WHERE id = 1", [], (err, row) => {
if (err) {
console.error('Error checking for admin user:', err);
return;
}
if (!row || process.env.RESET_ADMIN == "true") {
// Destroy all sessions
sessionStore.clear((err) => {
if (err) {
console.error('Error clearing sessions:', err);
return;
}
});
// delete all users (The big scary one lol)
db.run("DELETE FROM users", [], (err) => {
if (err) {
console.error('Error deleting users:', err);
return;
}
});
// Generate 32 char random string
const passwd = crypto.randomBytes(32).toString('hex');
bcrypt.hash(passwd, saltRounds, (err, hash) => {
if (err) {
console.error('Error creating hash:', err);
return;
}
db.run("INSERT INTO users (id, username, passwordHash) VALUES (1, 'admin', ?)",
[hash],
(err) => {
if (err) {
console.error('Error creating admin user:', err);
} else {
console.log(`Created admin user with password: ${passwd}`);
}
});
});
}
});
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
const fileStoreOptions = {};
const sessionStore = new FileStore(fileStoreOptions);
app.use(expressSession({
store: sessionStore,
secret: process.env.SESSION_SECRET || 'default_secret',
resave: false,
saveUninitialized: false,
cookie: {
secure: process.env.NODE_ENV === 'production',
maxAge: 24 * 60 * 60 * 1000 // 24 hours
}
}));
app.set('view engine', 'ejs');
app.set('views', __dirname + '/views');
// Static files
app.use(express.static('public'));
// Admin routes
// admin/logout
app.get('/admin/logout', (req, res) => {
req.session.destroy();
res.redirect('/admin/login');
});
app.get('/admin/login', (req, res) => {
res.render('admin/login');
});
app.get('/admin', (req, res) => {
if (!req.session.adminAuthenticated) {
res.redirect('/admin/login');
return;
}
res.render('admin/index', { user: req.session.user });
});
app.get('/admin/create', (req, res) => {
if (!req.session.adminAuthenticated) {
res.redirect('/admin/login');
return;
}
res.render('admin/create', { user: req.session.user });
});
app.get('/admin/route/:id', (req, res) => {
if (!req.session.adminAuthenticated) {
res.redirect('/admin/login');
return;
}
db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send('Internal server error');
return;
}
if (!row) {
res.status(404).send('Not Found');
return;
}
res.render('admin/edit', { user: req.session.user, data: row });
});
});
app.post('/admin/login', (req, res) => {
const username = req.body.username;
const password = req.body.password;
db.get("SELECT * FROM users WHERE username = ?", [String(username)], (err, row) => {
if (err) {
console.error('Error getting user:', err);
res.status(500).send('Internal server error');
return;
}
if (!row) {
res.status(401).send('Unauthorized (Not Found)');
return;
}
bcrypt.compare(password, row.passwordHash, (err, result) => {
if (err) {
console.error('Error comparing password:', err);
res.status(500).send('Internal server error');
return;
}
if (result) {
req.session.adminAuthenticated = true;
req.session.user = row.username;
res.redirect('/admin');
} else {
res.status(401).send('Unauthorized');
}
});
});
})
app.get('/api/v1/admin/routes', (req, res) => { // Get all routes
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.all('SELECT * FROM routes', (err, rows) => {
if (err) {
console.error('Error getting routes:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json(rows);
});
});
app.get('/api/v1/admin/route/:id', (req, res) => { // Get route
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (!row) {
res.status(404).json({ error: 'Not Found' });
return;
}
res.json(row);
});
});
app.post('/api/v1/admin/route', (req, res) => { // Create a new route
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
const server = req.body.server;
const port = req.body.port;
const auth = req.body.auth || "from-astrocom";
const secret = req.body.secret || crypto.randomBytes(15).toString('hex');
const block_start = req.body.block_start;
const block_length = req.body.block_length || 9999;
const apiKey = crypto.randomBytes(32).toString('hex');
// Validate all inputs exist
if (!server || !port || !block_start) {
res.status(400).json({ error: 'Bad Request' });
return;
}
// Check if route already exists (OR conditions on server, and block range)
db.get('SELECT * FROM routes WHERE server = ? OR block_start <= ? AND block_start + block_length >= ?', [server, block_start, block_start], (err, row) => {
if (err) {
console.error('Error checking for existing route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (row) {
res.status(409).json({ error: 'Conflict' });
return;
} else {
db.run('INSERT INTO routes (server, port, auth, secret, block_start, block_length, apiKey) VALUES (?, ?, ?, ?, ?, ?, ?)',
[server, port, auth, secret, block_start, block_length, apiKey],
(err) => {
if (err) {
console.error('Error creating route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(201).json({ message: 'Created' });
});
}
});
});
app.put('/api/v1/admin/route/:id', (req, res) => { // Update a route
// Check if authenticated
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
// Check if route exists
db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (!row) {
res.status(404).json({ error: 'Not Found' });
return;
}
// Update route
const server = req.body.server || row.server;
const port = req.body.port || row.port;
const auth = req.body.auth || row.auth;
const secret = req.body.secret || row.secret;
const block_start = req.body.block_start || row.block_start;
const block_length = req.body.block_length || row.block_length;
db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE id = ?',
[server, port, auth, secret, block_start, block_length, req.params.id],
(err) => {
if (err) {
console.error('Error updating route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Updated' });
});
});
});
app.delete('/api/v1/admin/route/:id', (req, res) => { // Delete a route
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.run('DELETE FROM routes WHERE id = ?', [req.params.id], (err) => {
if (err) {
console.error('Error deleting route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Deleted' });
});
});
app.delete('/api/v1/admin/directory/:number', (req, res) => { // Delete a directory entry
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
const number = Number(req.params.number);
if (!number) {
res.status(400).json({ error: 'Bad Request' });
return;
}
db.run('DELETE FROM directory WHERE number = ?', [number], (err) => {
if (err) {
console.error('Error deleting directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(200).json({ message: 'Deleted' });
});
});
// == END ADMIN ROUTES ==
// == User routes == // allows someone to log in with their API key and add entries to the Directory (as long as the number is within their block range)
app.get('/user', (req, res) => {
if (!req.session.userAuthenticated) {
res.redirect('/user/login');
return;
}
res.render('user/index', { user: req.session.user });
});
app.get('/user/login', (req, res) => {
res.render('user/login');
});
app.post('/user/login', (req, res) => {
const apiKey = req.body.apiKey;
db.get("SELECT * FROM routes WHERE apiKey = ?", [apiKey], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send('Internal server error');
return;
}
if (!row) {
res.status(401).send('Unauthorized');
return;
}
req.session.userAuthenticated = true;
req.session.userData = row;
res.redirect('/user');
});
});
app.get('/user/logout', (req, res) => {
req.session.destroy();
res.redirect('/user/login');
});
app.get('/api/v1/user/route', (req, res) => { // Get route
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
res.json(req.session.userData);
});
app.put('/api/v1/user/route', (req, res) => { // Update route
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
if (!req.session.userData.apiKey) {
req.session.destroy(); // Something weird happened, destroy session
res.status(401).json({ error: 'Unauthorized' });
return;
}
// Does not allow for ID to be specified, always update current users route
const server = req.body.server || req.session.userData.server;
const port = req.body.port || req.session.userData.port;
const auth = req.body.auth || req.session.userData.auth;
const secret = req.body.secret || req.session.userData.secret;
// We don't allow block changes, admins only.
const block_start = req.session.userData.block_start;
const block_length = req.session.userData.block_length;
const apiKey = req.session.userData.apiKey;
db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE apiKey = ?',
[server, port, auth, secret, block_start, block_length, apiKey],
(err) => {
if (err) {
console.error('Error updating route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Updated' });
});
});
app.get('/api/v1/user/directory', (req, res) => { // Get directory entries created by user
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.all('SELECT * FROM directory WHERE route = ?', [req.session.userData.id], (err, rows) => {
if (err) {
console.error('Error getting routes:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json(rows);
});
});
app.post('/api/v1/user/directory', (req, res) => { // Create a new directory entry
// Check if authenticated
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
// Check that the number is within the block range for the current user
var number = Number(req.body.number);
var name = String(req.body.name);
if (!number || !name) {
res.status(400).json({ error: 'Bad Request' });
return;
}
if (number < req.session.userData.block_start || number > req.session.userData.block_start + req.session.userData.block_length) {
res.status(403).json({ error: 'Forbidden' });
return;
}
// Remove html
name = require("escape-html")(name);
const route = req.session.userData.id;
// If number already exists, update, otherwise insert
db.get('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route], (err, row) => {
if (err) {
console.error('Error checking for existing directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (row) {
db.run('UPDATE directory SET name = ? WHERE number = ? AND route = ?',
[name, number, route],
(err) => {
if (err) {
console.error('Error updating directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Updated' });
});
} else {
db.run('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)',
[number, name, route],
(err) => {
if (err) {
console.error('Error creating directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(201).json({ message: 'Created' });
});
}
});
});
app.delete('/api/v1/user/directory/:number', (req, res) => { // Delete a directory entry
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
const number = Number(req.params.number);
if (!number) {
res.status(400).json({ error: 'Bad Request' });
return;
}
db.run('DELETE FROM directory WHERE number = ? AND route = ?', [number, req.session.userData.id], (err) => {
if (err) {
console.error('Error deleting directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(200).json({ message: 'Deleted' });
});
});
// == END USER ROUTES ==
// == Directory routes == (unauthenticated)
app.get("/api/v1/directory", (req, res) => {
db.all("SELECT * FROM directory", (err, rows) => {
if (err) {
console.error('Error getting directory:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json(rows);
});
});
// Other public endpoints that need special handling
discordInviteCache = {time: 0, url: ""};
app.get("/discord", (req, res) => {
// fetch from process.env.WIDGET_URL, get json body, redirect to body.instant_invite. Cache url for 5 minutes
if (Date.now() - discordInviteCache.time < 300000) {
res.redirect(discordInviteCache.url);
return;
}
fetch(process.env.WIDGET_URL)
.then(response => response.json())
.then(data => {
discordInviteCache.time = Date.now();
discordInviteCache.url = data.instant_invite;
res.redirect(data.instant_invite);
})
.catch(error => {
console.error('Error fetching discord invite:', error);
res.status(500).send('Internal server error');
});
});
// Query to get a route
app.get('/api/v1/route/:apiKey/:ani/:number', (req, res) => {
const apiKey = req.params.apiKey;
const number = Number(req.params.number);
const ani = Number(req.params.ani);
db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => {
// If no row or error, return 401
if (err || !row) {
console.error(err);
res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`)
return;
}
db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`)
} else if (row) {
// Check if the ANI is within the block range
// If it is, return `local`
console.log(`New Call: ${ani} -> ${number}`);
if (ani >= row.block_start && ani <= row.block_start + row.block_length) {
res.status(200).send('local');
} else {
res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`);
}
} else {
res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`);
}
});
});
});
app.get('/api/v1', (req, res) => { // Backwards compatibility with TandmX cause why not, it's easy
const apiKey = req.query.auth;
const number = Number(req.query.number);
const ani = Number(req.query.ani);
db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => {
// If no row or error, return 401
if (err || !row) {
console.error(err);
res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`)
return;
}
db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`)
} else if (row) {
// Check if the ANI is within the block range
// If it is, return `local`
console.log(`New Call: ${ani} -> ${number}`);
if (ani >= row.block_start && ani <= row.block_start + row.block_length) {
res.status(200).send('local');
} else {
res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`);
}
} else {
res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`);
}
});
});
});
// Start server
app.listen(port, () => {
console.log(`Listening on port ${port}`);
});
Reference in a new issue View git blame Copy permalink