app.use("/", express.static(path.join(rootDir, "/Web"), { extensions: ["html"] })) app.use("/home", express.static(path.join(rootDir, "/Web/LandingPage"))) app.get("/", async (req, res) => { res.redirect("/home") }) app.get("/home", async (req, res) => { res.sendFile(path.join(rootDir, "..", "Web", "LandingPage/index.html")) }) app.use("/pushNewCharacter.lvorex", express.json()) app.post("/pushNewCharacter.lvorex", async (req, res) => { if (req.socket.remoteAddress !== res.socket.remoteAddress) { res.json({ code: 401, message: "Not authorized." }) return } const postBody = req.body // Peak Players Configuration let AllPlayers = exports["mAdmin"].GetAllPlayers() if (AllPlayers && PeakPlayerCount < AllPlayers.length) { PeakPlayerCount = AllPlayers.length } // Peak Players Configuration const PlayerAvatar = await getPlayerDiscordProfile(postBody.discord) DiscordProfilesCache.push({ uid: postBody.uid, avatar: PlayerAvatar }) const PlayerCache = CharactersCache.find(p => p[config.Framework.includes("qb") ? "citizenid" : "identifier"] === postBody.uid) if (PlayerCache) { PlayerCache.playerAvatar = PlayerAvatar } let result = await query(`SELECT * FROM \`madmin_characters\` WHERE \`identifier\` = '${postBody.identifier}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared." }) if (result.length > 0) { result = await query(`UPDATE \`madmin_characters\` SET \`discord\` = '${postBody.discord}', \`steam\` = '${postBody.steam}', \`license\` = '${postBody.license}', \`discord_avatar\` = '${PlayerAvatar}' WHERE \`identifier\` = '${postBody.identifier}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared." }) res.json({ code: 200, message: "Character already in. Updated." }) return } result = await query(`INSERT INTO \`madmin_characters\` (\`name\`, \`identifier\`, \`discord\`, \`steam\`, \`license\`, \`discord_avatar\`) VALUES ('${postBody.name}', '${postBody.identifier}', '${postBody.discord}', '${postBody.steam}', '${postBody.license}', '${PlayerAvatar}')`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared." }) res.json({ code: 200, message: "Character successfully imported." }) }) app.post("/checkLocalhost.lvorex", async (req, res) => { const requestedIp = req.socket.remoteAddress if ( requestedIp !== req.socket.remoteAddress ) return res.json({ code: 404, message: "Not authorized." }) res.json({ code: 200, message: "Authorized." }) }) app.get("/checkIpFromDatabase.lvorex", async (req, res) => { let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) if (result.length === 0) return res.json({ code: 404, message: "IP Address is not authorized." }) res.json({ code: 200, message: JSON.stringify(result[0]) }) }) app.use("/controlKeyWithServer.lvorex", express.json()) app.post("/controlKeyWithServer.lvorex", async (req, res) => { const postBody = req.body let keyCredits = await controlKey(req, postBody.key) let keyFound = keyCredits.keyFound let userKey = keyCredits.userKey if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`id\` = ${userKey.userId}`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) if (result.length === 0) return res.json({ code: 404, message: "Not authorized." }) result[0].permissions = await getAllPermissions(result[0].rank) res.json({ code: 200, message: JSON.stringify(result[0]) }) }) app.use("/controlUserVIPStatus.lvorex", express.json()) app.post("/controlUserVIPStatus.lvorex", async (req, res) => { const postBody = req.body const keyCredits = await controlKey(req, postBody.key) const { keyFound } = keyCredits if (keyFound === false) { res.json({ code: 404, message: "Not authorized." }) return } let result = await query(`SELECT * FROM \`madmin_vips\` WHERE \`uid\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) if (result.length === 0) return res.json({ code: 404, message: "No have." }) res.json({ code: 200, message: "VIP Granted." }) }) app.use("/changeUserVIPStatus.lvorex", express.json()) app.post("/changeUserVIPStatus.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Players", 5) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) let result = await query(`SELECT * FROM \`madmin_vips\` WHERE \`uid\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) if (result.length === 0) { result = await query(`INSERT INTO \`madmin_vips\` (\`uid\`) VALUES ('${postBody.uid}')`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: "VIP Granted." }) } else { result = await query(`DELETE FROM \`madmin_vips\` WHERE \`id\` = '${result[0].id}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: "VIP Removed." }) } }) app.get("/machineCPUMemInfo.lvorex", async (req, res) => { let cpuUsage = await ose.cpu.usage() let totalMem = parseInt(os.totalmem() / 1048576 / 1024) let freeMem = parseInt(os.freemem() / 1048576 / 1024) const memUsage = freeMem / totalMem * 100 res.json({ cpuSpeed: os.cpus()[0].speed, cpuCount: os.cpus().length / 2, totalMem: totalMem, freeMem: freeMem, memUsage: parseInt(memUsage), cpuUsage: parseInt(cpuUsage), }) }) app.use("/changeJob.lvorex", express.json()) app.post("/changeJob.lvorex", async (req, res) => { const postBody = req.body const { keyFound } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) postBody.job = postBody.job.replace(/\s/g, '') if (postBody.playerId !== null) { let qPlayer = config.Framework.includes("qb") ? FrameworkObject.Functions.GetPlayer(postBody.playerId) : FrameworkObject.GetPlayerFromId(postBody.playerId) let changed = false if (config.Framework.includes("qb")) { changed = qPlayer.Functions.SetJob(String(postBody.job), Number(postBody.grade)) } else if (config.Framework.includes("esx")) { changed = qPlayer.setJob(String(postBody.job), Number(postBody.grade)) } qPlayer = config.Framework.includes("qb") ? FrameworkObject.Functions.GetPlayer(postBody.playerId) : FrameworkObject.GetPlayerFromId(postBody.playerId) if (changed === false) { res.json({ code: 404, message: "Can't change players job." }) } else { res.json({ code: 200, message: config.Framework.includes("qb") ? qPlayer.PlayerData.job : { label: qPlayer.job.label, grade: { name: qPlayer.job.grade_label } } }) } } else { if (config.Framework.includes("qb")) { const jobCredentials = FrameworkObject.Shared.Jobs[postBody.job] const jobGradeCredentials = jobCredentials.grades[String(postBody.grade)] if (!jobCredentials || !jobGradeCredentials) return res.json({ code: 404, message: "Job not found." }) const JobLabel = jobCredentials.label const JobGradeName = jobGradeCredentials.name const isboss = jobGradeCredentials.isboss ? true : false const payment = jobGradeCredentials.payment const type = jobGradeCredentials.type const newJob = { type, payment, name: postBody.job, isboss, grade: { level: Number(postBody.grade), name: JobGradeName }, onduty: true, label: JobLabel } let result = await query(`UPDATE \`players\` SET \`job\` = '${JSON.stringify(newJob)}' WHERE \`citizenid\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: newJob }) } else if (config.Framework.includes("esx")) { let result = await query(`SELECT * FROM \`jobs\` WHERE \`name\` = '${postBody.job}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) if (result.length === 0) return res.json({ code: 404, message: "Job not found." }) result = result [0] const { label: JobLabel } = result result = await query(`SELECT * FROM \`job_grades\` WHERE \`job_name\` = '${postBody.job}' AND \`grade\` = ${Number(postBody.grade)}`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) if (result.length === 0) return res.json({ code: 404, message: "Job not found." }) result = result [0] const { label: GradeLabel } = result result = await query(`UPDATE \`users\` SET \`job\` = '${postBody.job}', \`job_grade\` = '${postBody.grade}' WHERE \`identifier\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: { label: JobLabel, grade: { name: GradeLabel } } }) } } }) app.use("/changeGang.lvorex", express.json()) app.post("/changeGang.lvorex", async (req, res) => { const postBody = req.body const { keyFound } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) postBody.gang = postBody.gang.replace(/\s/g, '') if (!config.Framework.includes("qb")) return res.json({ code: 404, message: "Gangs not allowed in ESX Framework." }) if (postBody.playerId === null) { const gangCredentials = FrameworkObject.Shared.Gangs[postBody.gang] if (!gangCredentials) return res.json({ code: 404, message: "Faction not found." }) const gangGradeCredentials = FrameworkObject.Shared.Gangs[postBody.gang].grades[String(postBody.grade)] if (!gangGradeCredentials) return res.json({ code: 404, message: "Faction not found." }) const [ isboss, gradeName, label ] = [ gangGradeCredentials.isboss ? true : false, gangGradeCredentials.name, gangCredentials.label ] const newGang = { isboss, name: postBody.gang, grade: { level: Number(postBody.grade), name: gradeName }, label } let result = await query(`UPDATE \`players\` SET \`gang\` = '${JSON.stringify(newGang)}' WHERE \`citizenid\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: newGang }) } else { let qPlayer = FrameworkObject.Functions.GetPlayer(Number(postBody.playerId)) if (qPlayer) { let changed = qPlayer.Functions.SetGang(String(postBody.gang), Number(postBody.grade)) qPlayer = FrameworkObject.Functions.GetPlayer(Number(postBody.playerId)) res.json({ code: changed ? 200 : 404, message: changed ? qPlayer.PlayerData.gang : "Can't change players gang." }) } else return res.json({ code: 404, message: "Can't find player." }) } }) app.use("/toggleOnlineTimer.lvorex", express.json()) app.post("/toggleOnlineTimer.lvorex", async (req, res) => { if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 404, message: "Not authorized." }) const postBody = req.body const player = onlinePlayers.findIndex(w => w.uid === postBody.uid) if (player !== -1) { const totalOnline = Date.now() - onlinePlayers[player].onlineStart onlinePlayers.splice(player, 1) let result = await query(`SELECT * FROM \`madmin_characters\` WHERE \`identifier\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) if (result.length === 0) return res.json({ code: 404, message: "Character not found." }) result = result [0] const toInsertOnline = totalOnline + Number(result.online_time) result = await query(`UPDATE \`madmin_characters\` SET \`online_time\` = '${toInsertOnline}' WHERE \`identifier\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) } else { onlinePlayers.push({ uid: postBody.uid, onlineStart: Date.now() }) } res.json({ code: 200, message: "Timer toggled." }) }) app.use("/getSpecificLog.lvorex", express.json()) app.post("/getSpecificLog.lvorex", async (req, res) => { const postBody = req.body const { keyFound } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) let result = await query(`SELECT * FROM \`madmin_logs\` WHERE \`type\` = '${postBody.type}' AND \`player_uid\` = '${postBody.uid}'`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) if (result.length === 0) return res.json({ code: 404, message: "Player not found." }) res.json({ code: 200, message: result }) }) app.use("/sendConsoleCommand.lvorex", express.json()) app.post("/sendConsoleCommand.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 5) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) ExecuteCommand(postBody.command) res.json({ code: 200, message: "Executed." }) }) app.use("/sendConsoleCommandLiveConsole.lvorex", express.json()) app.post("/sendConsoleCommandLiveConsole.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "LiveConsole", 0) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) ExecuteCommand(postBody.command) res.json({ code: 200, message: "Executed." }) }) app.use("/sendAnnouncement.lvorex", express.json()) app.post("/sendAnnouncement.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 3) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) emit("mAdmin:makeAnnouncement", postBody.message) res.json({ code: 200, message: "Sent." }) }) app.use("/kickAllPlayers.lvorex", express.json()) app.post("/kickAllPlayers.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 4) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) emit("mAdmin:kickAllPlayers") res.json({ code: 200, message: "Kicked." }) }) app.use("/sqlquery.lvorex", express.json()) app.post("/sqlquery.lvorex", async (req, res) => { const postBody = req.body if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 404, message: "Not Authorized." }) if (SQLKeys[postBody.SQLKeyIndex].key === postBody.SQLKey) { SQLKeys[postBody.SQLKeyIndex] = undefined let result = await query(`${postBody.query}`) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: "Query executed." }) } else return res.json({ code: 404, message: "Not authorized." }) }) app.use("/resetSqlKey.lvorex", express.json()) app.post("/resetSqlKey.lvorex", async (req, res) => { const postBody = req.body if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 404, message: "Not Authorized." }) SQLKeys[postBody.SQLKeyIndex] = undefined res.json({ code: 200, message: "Resetted." }) }) app.use("/getMAdminVersion.lvorex", express.json()) app.post("/getMAdminVersion.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 1) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) res.json({ code: 200, message: VersionData }) }) app.use("/getBotClientId.lvorex", express.json()) app.post("/getBotClientId.lvorex", async (req, res) => { res.json({ code: 200, message: config.clientId }) }) console.log(`^3API Hosting on ${GetConvar("mAdminPort", "40130")} Port.^7`)