call-test-web/index.js

const fs = require("fs")
const pjs = require("./pjsipauth")
const pjsipAuth = pjs.parseConfig(fs.readFileSync("/etc/asterisk/pjsip.auth.conf").toString())
const express = require("express")
const ejs = require("ejs")
const session = require("express-session")
const app = express()
app.use(express.urlencoded({ extended: true }))
const {execSync} = require("child_process")

app.use(session({
	secret: 'your-secret-key',
	resave: false,
	saveUninitialized: true,
	cookie: { secure: false } // Set to true if using HTTPS
}))

app.set('view engine', 'ejs')
app.set('views', __dirname + '/views')

app.post('/login', (req, res) => {
	const { extension, password } = req.body
	// Replace with your actual authentication logic
	const valid = pjs.validateCredentials(pjsipAuth, extension, password)
	console.log(req.body)
	console.log(valid)
	if (valid) {
		req.session.authenticated = true
		req.session.uid = extension
		res.redirect('.')
	} else {
		res.render('login', { error: 'Invalid credentials' })
	}
})

app.get('/logout', (req, res) => {
	req.session.destroy()
	// get parent of /logout
	res.redirect('.')
});

app.get('/', (req, res) => {
	if (req.session.authenticated) {
		res.render('gencall', { username: req.session.uid })
	} else {
		req.session.destroy()
		res.render('login')
	}
});

app.post("/genCall", (req, res) => {
	// exec /var/lib/asterisk/bin/callback "callee" webcallback.s.1 0 0 "base64cid"
	const { name, number } = req.body
	const { uid } = req.session
	console.log(req.body);
	console.log(session)
	// do some regex on the name and number to prevent command injection
	if (name.match(/^[a-zA-Z0-9\s]+$/) && number.match(/^\d+$/) && uid) {
		const cmd = `/var/lib/asterisk/bin/callback "${uid}" webcallback.s.1 0 0 "${Buffer.from(`"${name}" <${number}>`).toString('base64')}"`
		console.log(cmd)
		execSync(cmd)
		return res.redirect(".")
	} else {
		return res.redirect(".")
	}
})

app.listen(3002, () => {
	console.log("Server started on port 3002")
});