From e513505d3b9976fb1a4118787b815389df34e36c Mon Sep 17 00:00:00 2001
From: alex <alex@alexloehr.net>
Date: Mon, 02 Jun 2025 15:49:02 +0000
Subject: [PATCH] adding new routes

---
 app.js |   56 +++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/app.js b/app.js
index e0d7ec2..7b58610 100644
--- a/app.js
+++ b/app.js
@@ -1,21 +1,36 @@
 const fastify = require('fastify')({
    logger: true
 })
+const _ = require("lodash")
 const db = require("./lib/db")
+
+const settings = require("./settings")
 
 /////////////////////////////////////////////////////////////////////////
 
+// AUTH
+fastify.addHook("onRequest", async (req, res) => {
+   const token = req.query.token
+   if (token !== settings.authtoken) {
+      console.error("# AUTH ERROR #", token)
+      await promiseDelay(500) // delay response to avoid denial of service attacks
+      res.code(403)
+      return res.send({status: "error", error: "access denied"})
+   }
+   else {}
+})
+
 fastify
-   .get('/api/users', async function (req, res) {
+   .get('/users', async function (req, res) {
       const {offset, limit} = req.query
       const users = await db.getUsers(offset, limit)
       return res.send(users)
    })
-   .get("/api/users/count", async function (req, res) {
+   .get("/users/count", async function (req, res) {
       const count = await db.getUserCount()
       return res.send(count)
    })
-   .get("/api/user/login/:login", async function (req, res) {
+   .get("/user/login/:login", async function (req, res) {
       const {login} = req.params
       const user = await db.getUserByLogin(login)
       if (user.length) {
@@ -25,11 +40,31 @@
          return res.code(404).send({status: "error", msg: "not found"})
       }
    })
-   .get("/api/user/userid/:userid", async function (req, res) {
+   .get("/user/userid/:userid", async function (req, res) {
       const {userid} = req.params
       const user = await db.getUserByUserId(userid)
-      if (user.length) {
-         return res.send(user[0])
+      if (user) {
+         return res.send(user)
+      }
+      else {
+         return res.code(404).send({status: "error", msg: "not found"})
+      }
+   })
+   .get("/ref_id/:ref_id", async function (req, res) {
+      const {ref_id} = req.params
+      const data = await db.getObjIdFromRefId(ref_id)
+      if (data) {
+         return res.send(data)
+      }
+      else {
+         return res.code(404).send({status: "error", msg: "not found"})
+      }
+   })
+   .get("/obj_id/:obj_id", async function (req, res) {
+      const {obj_id} = req.params
+      let data = await db.getRefIdFromObjId(obj_id)
+      if (data) {
+         return res.send(data)
       }
       else {
          return res.code(404).send({status: "error", msg: "not found"})
@@ -39,10 +74,17 @@
 
 /////////////////////////////////////////////////////////////////////////
 
-fastify.listen({port: 4101}, function (err, address) {
+fastify.listen({port: settings.port}, function (err, address) {
+   console.log("📡 -=> Listening on", address)
    if (err) {
       fastify.log.error(err)
       process.exit(1)
    }
    // Server is now listening on ${address}
 })
+
+/////////////////////////////////////////////////////////////////////////
+
+async function promiseDelay (ms) {
+   return new Promise(resolve => setTimeout(resolve, ms))
+}

--
Gitblit v1.8.0