AstroCom/AstroCom-API
4
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
AstroCom-API/index.js

734 lines
22 KiB
JavaScript
Raw Blame History

/*
______ __ ______
/ \ / | / \
/$$$$$$ | _______ _$$ |_ ______ ______ /$$$$$$ | ______ _____ ____
$$ |__$$ | / |/ $$ | / \ / \ $$ | $$/ / \ / \/ \
$$ $$ |/$$$$$$$/ $$$$$$/ /$$$$$$ |/$$$$$$ |$$ | /$$$$$$ |$$$$$$ $$$$ |
$$$$$$$$ |$$ \ $$ | __ $$ | $$/ $$ | $$ |$$ | __ $$ | $$ |$$ | $$ | $$ |
$$ | $$ | $$$$$$ | $$ |/ |$$ | $$ \__$$ |$$ \__/ |$$ \__$$ |$$ | $$ | $$ |
$$ | $$ |/ $$/ $$ $$/ $$ | $$ $$/ $$ $$/ $$ $$/ $$ | $$ | $$ |
$$/ $$/ $$$$$$$/ $$$$/ $$/ $$$$$$/ $$$$$$/ $$$$$$/ $$/ $$/ $$/
Made with <3 by Chris Chrome and the rest of the AstroCom team
*/
require("dotenv").config();
const express = require('express');
const expressSession = require('express-session');
const ejs = require("ejs")
const sqlite3 = require('sqlite3').verbose();
const bcrypt = require("bcrypt")
const crypto = require("crypto")
const app = express();
const port = process.env.SERVER_PORT || 3000;
const db = new sqlite3.Database('astrocom.db', (err) => {
if (err) {
console.error('Error connecting to database:', err);
} else {
console.log('Connected to SQLite database');
}
});
// Run migrations
require("./migrations")(db)
// Check if user 1 exists, if not, create it
const saltRounds = 10;
db.get("SELECT * FROM users WHERE id = 1", [], (err, row) => {
if (err) {
console.error('Error checking for admin user:', err);
return;
}
if (!row || process.env.RESET_ADMIN == "true") {
// delete all users (The big scary one lol)
db.run("DELETE FROM users", [], (err) => {
if (err) {
console.error('Error deleting users:', err);
return;
}
});
// Generate 32 char random string
const passwd = crypto.randomBytes(32).toString('hex');
bcrypt.hash(passwd, saltRounds, (err, hash) => {
if (err) {
console.error('Error creating hash:', err);
return;
}
db.run("INSERT INTO users (id, username, passwordHash) VALUES (1, 'admin', ?)",
[hash],
(err) => {
if (err) {
console.error('Error creating admin user:', err);
} else {
console.log(`Created admin user with password: ${passwd}`);
}
});
});
}
});
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(expressSession({
store: expressSession.MemoryStore(),
secret: process.env.SESSION_SECRET || 'default_secret',
resave: false,
saveUninitialized: false,
cookie: {
secure: process.env.NODE_ENV === 'production',
maxAge: 24 * 60 * 60 * 1000 // 24 hours
}
}));
app.set('view engine', 'ejs');
app.set('views', __dirname + '/views');
// Static files
app.use(express.static('public'));
const addAnalytic = (tag) => {
db.get("SELECT * FROM analytics WHERE tag = ?", [tag], (err, row) => {
if (err) {
console.error('Error checking analytics:', err);
}
if (!row) {
db.run("INSERT INTO analytics (tag, count) VALUES (?, 1)", [tag], (err) => {
if (err) console.error('Error creating analytics:', err);
});
} else {
db.run("UPDATE analytics SET count = count + 1 WHERE tag = ?", [tag], (err) => {
if (err) console.error('Error updating analytics:', err);
});
}
});
}
const dailyAnalytic = (tag) => { // This is a bit more complex, but it's just a daily count
// check if the tag, and tag_date exists. If the date is not today reset count to 0 and date to today
// If the date is today, increment count
const date = new Date();
const today = `${date.getFullYear()}-${date.getMonth()}-${date.getDate()}`;
db.get("SELECT * FROM dailyAnalytics WHERE tag = ? AND tag_date = ?", [tag, today], (err, row) => {
if (err) {
console.error('Error checking daily analytics:', err);
}
if (!row) {
db.run("INSERT INTO dailyAnalytics (tag, tag_date, count) VALUES (?, ?, 1)", [tag, today], (err) => {
if (err) console.error('Error creating daily analytics:', err);
});
} else {
db.run("UPDATE dailyAnalytics SET count = count + 1 WHERE tag = ? AND tag_date = ?", [tag, today], (err) => {
if (err) console.error('Error updating daily analytics:', err);
});
}
});
}
app.use((req, res, next) => {
if (req.path.startsWith("/api/v1")) {
addAnalytic("apiCalls");
};
next();
})
// Admin routes
// admin/logout
app.get('/admin/logout', (req, res) => {
req.session.destroy();
res.redirect('/admin/login');
});
app.get('/admin/login', (req, res) => {
res.render('admin/login');
});
app.get('/admin', (req, res) => {
if (!req.session.adminAuthenticated) {
res.redirect('/admin/login');
return;
}
res.render('admin/index', { user: req.session.user });
});
app.get('/admin/create', (req, res) => {
if (!req.session.adminAuthenticated) {
res.redirect('/admin/login');
return;
}
res.render('admin/create', { user: req.session.user });
});
app.get('/admin/route/:id', (req, res) => {
if (!req.session.adminAuthenticated) {
res.redirect('/admin/login');
return;
}
db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send('Internal server error');
return;
}
if (!row) {
res.status(404).send('Not Found');
return;
}
res.render('admin/edit', { user: req.session.user, data: row });
});
});
app.post('/admin/login', (req, res) => {
const username = req.body.username;
const password = req.body.password;
db.get("SELECT * FROM users WHERE username = ?", [String(username)], (err, row) => {
if (err) {
console.error('Error getting user:', err);
res.status(500).send('Internal server error');
return;
}
if (!row) {
res.status(401).send('Unauthorized (Not Found)');
return;
}
bcrypt.compare(password, row.passwordHash, (err, result) => {
if (err) {
console.error('Error comparing password:', err);
res.status(500).send('Internal server error');
return;
}
if (result) {
req.session.adminAuthenticated = true;
req.session.user = row.username;
res.redirect('/admin');
} else {
res.status(401).send('Unauthorized');
}
});
});
})
app.get('/api/v1/admin/routes', (req, res) => { // Get all routes
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.all('SELECT * FROM routes', (err, rows) => {
if (err) {
console.error('Error getting routes:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json(rows);
});
});
app.get('/api/v1/admin/route/:id', (req, res) => { // Get route
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (!row) {
res.status(404).json({ error: 'Not Found' });
return;
}
res.json(row);
});
});
app.post('/api/v1/admin/route', (req, res) => { // Create a new route
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
const server = req.body.server;
const port = req.body.port;
const auth = req.body.auth || "from-astrocom";
const secret = req.body.secret || crypto.randomBytes(15).toString('hex');
const block_start = req.body.block_start;
const block_length = req.body.block_length || 9999;
const apiKey = crypto.randomBytes(32).toString('hex');
// Validate all inputs exist
if (!server || !port || !block_start) {
res.status(400).json({ error: 'Bad Request' });
return;
}
// Check if route already exists (OR conditions on server, and block range)
db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [block_start, block_start], (err, row) => {
if (err) {
console.error('Error checking for existing route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (row) {
res.status(409).json({ error: 'Conflict' });
return;
} else {
db.run('INSERT INTO routes (server, port, auth, secret, block_start, block_length, apiKey) VALUES (?, ?, ?, ?, ?, ?, ?)',
[server, port, auth, secret, block_start, block_length, apiKey],
(err) => {
if (err) {
console.error('Error creating route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(201).json({ message: 'Created' });
});
}
});
});
app.put('/api/v1/admin/route/:id', (req, res) => { // Update a route
// Check if authenticated
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
// Check if route exists
db.get('SELECT * FROM routes WHERE id = ?', [req.params.id], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (!row) {
res.status(404).json({ error: 'Not Found' });
return;
}
// Update route
const server = req.body.server || row.server;
const port = req.body.port || row.port;
const auth = req.body.auth || row.auth;
const secret = req.body.secret || row.secret;
const block_start = req.body.block_start || row.block_start;
const block_length = req.body.block_length || row.block_length;
db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE id = ?',
[server, port, auth, secret, block_start, block_length, req.params.id],
(err) => {
if (err) {
console.error('Error updating route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Updated' });
});
});
});
app.delete('/api/v1/admin/route/:id', (req, res) => { // Delete a route
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.run('DELETE FROM routes WHERE id = ?', [req.params.id], (err) => {
if (err) {
console.error('Error deleting route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Deleted' });
});
});
app.delete('/api/v1/admin/directory/:number', (req, res) => { // Delete a directory entry
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
const number = Number(req.params.number);
if (!number) {
res.status(400).json({ error: 'Bad Request' });
return;
}
db.run('DELETE FROM directory WHERE number = ?', [number], (err) => {
if (err) {
console.error('Error deleting directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(200).json({ message: 'Deleted' });
});
});
app.get("/api/v1/admin/callLogs", (req, res) => {
if (!req.session.adminAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
// if ?page is set, return 100 results from that page, if no page assume page 1
const page = Number(req.query.page) || 1;
const offset = (page - 1) * 100;
// Get full count of call logs to calculate total pages
db.get("SELECT COUNT(*) as count FROM callLogs", [], (err, row) => {
if (err) {
console.error('Error getting call log count:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
const totalPages = Math.ceil(row.count / 100);
db.all("SELECT * FROM callLogs ORDER BY timestamp DESC LIMIT 100 OFFSET ?", [offset], (err, rows) => {
if (err) {
console.error('Error getting call logs:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ totalPages, page, data: rows });
});
});
});
// == END ADMIN ROUTES ==
// == User routes == // allows someone to log in with their API key and add entries to the Directory (as long as the number is within their block range)
app.get('/user', (req, res) => {
if (!req.session.userAuthenticated) {
res.redirect('/user/login');
return;
}
res.render('user/index', { user: req.session.user });
});
app.get('/user/login', (req, res) => {
res.render('user/login');
});
app.post('/user/login', (req, res) => {
const apiKey = req.body.apiKey;
db.get("SELECT * FROM routes WHERE apiKey = ?", [apiKey], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send('Internal server error');
return;
}
if (!row) {
res.status(401).send('Unauthorized');
return;
}
req.session.userAuthenticated = true;
req.session.userData = row;
res.redirect('/user');
});
});
app.get('/user/logout', (req, res) => {
req.session.destroy();
res.redirect('/user/login');
});
app.get('/api/v1/user/route', (req, res) => { // Get route
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
res.json(req.session.userData);
});
app.put('/api/v1/user/route', (req, res) => { // Update route
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
if (!req.session.userData.apiKey) {
req.session.destroy(); // Something weird happened, destroy session
res.status(401).json({ error: 'Unauthorized' });
return;
}
// Does not allow for ID to be specified, always update current users route
const server = req.body.server || req.session.userData.server;
const port = req.body.port || req.session.userData.port;
const auth = req.body.auth || req.session.userData.auth;
const secret = req.body.secret || req.session.userData.secret;
// We don't allow block changes, admins only.
const block_start = req.session.userData.block_start;
const block_length = req.session.userData.block_length;
const apiKey = req.session.userData.apiKey;
db.run('UPDATE routes SET server = ?, port = ?, auth = ?, secret = ?, block_start = ?, block_length = ? WHERE apiKey = ?',
[server, port, auth, secret, block_start, block_length, apiKey],
(err) => {
if (err) {
console.error('Error updating route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Updated' });
});
});
app.get('/api/v1/user/directory', (req, res) => { // Get directory entries created by user
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
db.all('SELECT * FROM directory WHERE route = ?', [req.session.userData.id], (err, rows) => {
if (err) {
console.error('Error getting routes:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json(rows);
});
});
app.post('/api/v1/user/directory', (req, res) => { // Create a new directory entry
// Check if authenticated
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
// Check that the number is within the block range for the current user
var number = Number(req.body.number);
var name = String(req.body.name);
if (!number || !name) {
res.status(400).json({ error: 'Bad Request' });
return;
}
if (number < req.session.userData.block_start || number > req.session.userData.block_start + req.session.userData.block_length) {
res.status(403).json({ error: 'Forbidden' });
return;
}
// Remove html
name = require("escape-html")(name);
const route = req.session.userData.id;
// If number already exists, update, otherwise insert
db.get('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route], (err, row) => {
if (err) {
console.error('Error checking for existing directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (row) {
db.run('UPDATE directory SET name = ? WHERE number = ? AND route = ?',
[name, number, route],
(err) => {
if (err) {
console.error('Error updating directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json({ message: 'Updated' });
});
} else {
db.run('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)',
[number, name, route],
(err) => {
if (err) {
console.error('Error creating directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(201).json({ message: 'Created' });
});
}
});
});
app.delete('/api/v1/user/directory/:number', (req, res) => { // Delete a directory entry
if (!req.session.userAuthenticated) {
res.status(401).json({ error: 'Unauthorized' });
return;
}
const number = Number(req.params.number);
if (!number) {
res.status(400).json({ error: 'Bad Request' });
return;
}
db.run('DELETE FROM directory WHERE number = ? AND route = ?', [number, req.session.userData.id], (err) => {
if (err) {
console.error('Error deleting directory entry:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.status(200).json({ message: 'Deleted' });
});
});
// == END USER ROUTES ==
// == Directory routes == (unauthenticated)
app.get("/api/v1/directory", (req, res) => {
db.all("SELECT * FROM directory", (err, rows) => {
if (err) {
console.error('Error getting directory:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
res.json(rows);
});
});
// Other public endpoints that need special handling
discordInviteCache = { time: 0, url: "" };
app.get("/discord", (req, res) => {
// fetch from process.env.WIDGET_URL, get json body, redirect to body.instant_invite. Cache url for 5 minutes
if (Date.now() - discordInviteCache.time < 300000) {
res.redirect(discordInviteCache.url);
return;
}
fetch(process.env.WIDGET_URL)
.then(response => response.json())
.then(data => {
discordInviteCache.time = Date.now();
discordInviteCache.url = data.instant_invite;
res.redirect(data.instant_invite);
})
.catch(error => {
console.error('Error fetching discord invite:', error);
res.status(500).send('Internal server error');
});
});
app.get("/analytics", (req, res) => {
db.all("SELECT * FROM analytics", (err, total) => {
if (err) {
console.error('Error getting analytics:', err);
res.status(500).send('Internal server error');
return;
}
db.all("SELECT * FROM dailyAnalytics", (err, daily) => {
if (err) {
console.error('Error getting daily analytics:', err);
res.status(500).send('Internal server error');
return;
}
// Find the latest date and add "current:true" to it
var latest = { tag_date: "1970-01-01", count: 0 };
daily.forEach((entry) => {
if (entry.tag_date > latest.tag_date) {
latest = entry;
}
});
latest.current = true;
res.json({ total, daily });
});
});
});
app.get("/api/v1/checkAvailability/:number", (req, res) => {
// Check if the number is 7 digits
const number = Number(req.params.number);
if (number < 2000000 || number > 9999999) {
res.status(400).json({ error: `Number is outside valid range` });
return;
}
db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).json({ error: 'Internal server error' });
return;
}
if (row) {
res.json({ available: false, block: row.block_start });
} else {
res.json({ available: true });
}
});
});
app.get("/api/healthcheck", (req, res) => {
// Check ability to connect to database with select * from routes
db.get('SELECT * FROM routes', [], (err, row) => {
if (err) {
console.error('Error checking health:', err);
res.status(500).send('Internal server error');
return;
}
res.status(200).send('OK');
});
});
// logCall function (caller, callee)
const logCall = (caller, callee) => {
db.run('INSERT INTO callLogs (caller, callee, timestamp) VALUES (?, ?, ?)',
[caller, callee, Math.floor(Date.now())],
(err) => {
if (err) console.error('Error logging call:', err);
});
}
// Query to get a route
app.get('/api/v1/route/:apiKey/:ani/:number', (req, res) => {
const apiKey = req.params.apiKey;
const number = Number(req.params.number);
const ani = Number(req.params.ani);
db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => {
// If no row or error, return 401
if (err || !row) {
console.error(err);
res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`)
return;
}
db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`)
} else if (row) {
// Check if the ANI is within the block range
// If it is, return `local`
console.log(`New Call: ${ani} -> ${number}`);
logCall(ani, number);
// incriment estCallsMade analytics
addAnalytic("estCallsMade");
dailyAnalytic("dailyCallsMade");
if (ani >= row.block_start && ani <= row.block_start + row.block_length) {
res.status(200).send('local');
} else {
res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`);
}
} else {
res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`);
}
});
});
});
app.get('/api/v1', (req, res) => { // Backwards compatibility with TandmX cause why not, it's easy
const apiKey = req.query.auth;
const number = Number(req.query.number);
const ani = Number(req.query.ani);
db.get("SELECT * FROM routes WHERE apiKey = ? AND block_start <= ? AND block_start + block_length >= ?", [apiKey, ani, ani], (err, row) => {
// If no row or error, return 401
if (err || !row) {
console.error(err);
res.status(401).send(`${process.env.MSG_ROUTE_ADDRESS}/401`)
return;
}
db.get('SELECT * FROM routes WHERE block_start <= ? AND block_start + block_length >= ?', [number, number], (err, row) => {
if (err) {
console.error('Error getting route:', err);
res.status(500).send(`${process.env.MSG_ROUTE_ADDRESS}/500`)
} else if (row) {
// Check if the ANI is within the block range
// If it is, return `local`
console.log(`New Call: ${ani} -> ${number}`);
logCall(ani, number);
addAnalytic("estCallsMade");
dailyAnalytic("dailyCallsMade");
if (ani >= row.block_start && ani <= row.block_start + row.block_length) {
res.status(200).send('local');
} else {
res.status(200).send(`IAX2/${row.auth}:${row.secret}@${row.server}:${row.port}/${number}`);
}
} else {
res.status(404).send(`${process.env.MSG_ROUTE_ADDRESS}/404`);
}
});
});
});
// Start server
app.listen(port, () => {
console.log(`Listening on port ${port}`);
});
Reference in a new issue View git blame Copy permalink