2026-04-14 17:41:39 +02:00

423 lines
18 KiB
JavaScript

app.use("/", express.static(path.join(rootDir, "/Web"), {
extensions: ["html"]
}))
app.use("/home", express.static(path.join(rootDir, "/Web/LandingPage")))
app.get("/", async (req, res) => {
res.redirect("/home")
})
app.get("/home", async (req, res) => {
res.sendFile(path.join(rootDir, "..", "Web", "LandingPage/index.html"))
})
app.use("/pushNewCharacter.lvorex", express.json())
app.post("/pushNewCharacter.lvorex", async (req, res) => {
if (req.socket.remoteAddress !== res.socket.remoteAddress) {
res.json({ code: 401, message: "Not authorized." })
return
}
const postBody = req.body
// Peak Players Configuration
let AllPlayers = exports["mAdmin"].GetAllPlayers()
if (AllPlayers && PeakPlayerCount < AllPlayers.length) {
PeakPlayerCount = AllPlayers.length
}
// Peak Players Configuration
const PlayerAvatar = await getPlayerDiscordProfile(postBody.discord)
DiscordProfilesCache.push({ uid: postBody.uid, avatar: PlayerAvatar })
const PlayerCache = CharactersCache.find(p => p[config.Framework.includes("qb") ? "citizenid" : "identifier"] === postBody.uid)
if (PlayerCache) {
PlayerCache.playerAvatar = PlayerAvatar
}
let result = await query(`SELECT * FROM \`madmin_characters\` WHERE \`identifier\` = '${postBody.identifier}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared." })
if (result.length > 0) {
result = await query(`UPDATE \`madmin_characters\` SET \`discord\` = '${postBody.discord}', \`steam\` = '${postBody.steam}', \`license\` = '${postBody.license}', \`discord_avatar\` = '${PlayerAvatar}' WHERE \`identifier\` = '${postBody.identifier}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared." })
res.json({ code: 200, message: "Character already in. Updated." })
return
}
result = await query(`INSERT INTO \`madmin_characters\` (\`name\`, \`identifier\`, \`discord\`, \`steam\`, \`license\`, \`discord_avatar\`) VALUES ('${postBody.name}', '${postBody.identifier}', '${postBody.discord}', '${postBody.steam}', '${postBody.license}', '${PlayerAvatar}')`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared." })
res.json({ code: 200, message: "Character successfully imported." })
})
app.post("/checkLocalhost.lvorex", async (req, res) => {
const requestedIp = req.socket.remoteAddress
if (
requestedIp !== req.socket.remoteAddress
) return res.json({
code: 404,
message: "Not authorized."
})
res.json({
code: 200,
message: "Authorized."
})
})
app.get("/checkIpFromDatabase.lvorex", async (req, res) => {
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
if (result.length === 0) return res.json({ code: 404, message: "IP Address is not authorized." })
res.json({
code: 200,
message: JSON.stringify(result[0])
})
})
app.use("/controlKeyWithServer.lvorex", express.json())
app.post("/controlKeyWithServer.lvorex", async (req, res) => {
const postBody = req.body
let keyCredits = await controlKey(req, postBody.key)
let keyFound = keyCredits.keyFound
let userKey = keyCredits.userKey
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`id\` = ${userKey.userId}`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
if (result.length === 0) return res.json({ code: 404, message: "Not authorized." })
result[0].permissions = await getAllPermissions(result[0].rank)
res.json({ code: 200, message: JSON.stringify(result[0]) })
})
app.use("/controlUserVIPStatus.lvorex", express.json())
app.post("/controlUserVIPStatus.lvorex", async (req, res) => {
const postBody = req.body
const keyCredits = await controlKey(req, postBody.key)
const { keyFound } = keyCredits
if (keyFound === false) {
res.json({ code: 404, message: "Not authorized." })
return
}
let result = await query(`SELECT * FROM \`madmin_vips\` WHERE \`uid\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
if (result.length === 0) return res.json({ code: 404, message: "No have." })
res.json({ code: 200, message: "VIP Granted." })
})
app.use("/changeUserVIPStatus.lvorex", express.json())
app.post("/changeUserVIPStatus.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Players", 5)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
let result = await query(`SELECT * FROM \`madmin_vips\` WHERE \`uid\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
if (result.length === 0) {
result = await query(`INSERT INTO \`madmin_vips\` (\`uid\`) VALUES ('${postBody.uid}')`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: "VIP Granted." })
} else {
result = await query(`DELETE FROM \`madmin_vips\` WHERE \`id\` = '${result[0].id}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: "VIP Removed." })
}
})
app.get("/machineCPUMemInfo.lvorex", async (req, res) => {
let cpuUsage = await ose.cpu.usage()
let totalMem = parseInt(os.totalmem() / 1048576 / 1024)
let freeMem = parseInt(os.freemem() / 1048576 / 1024)
const memUsage = freeMem / totalMem * 100
res.json({
cpuSpeed: os.cpus()[0].speed,
cpuCount: os.cpus().length / 2,
totalMem: totalMem,
freeMem: freeMem,
memUsage: parseInt(memUsage),
cpuUsage: parseInt(cpuUsage),
})
})
app.use("/changeJob.lvorex", express.json())
app.post("/changeJob.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
postBody.job = postBody.job.replace(/\s/g, '')
if (postBody.playerId !== null) {
let qPlayer = config.Framework.includes("qb") ? FrameworkObject.Functions.GetPlayer(postBody.playerId) : FrameworkObject.GetPlayerFromId(postBody.playerId)
let changed = false
if (config.Framework.includes("qb")) {
changed = qPlayer.Functions.SetJob(String(postBody.job), Number(postBody.grade))
} else if (config.Framework.includes("esx")) {
changed = qPlayer.setJob(String(postBody.job), Number(postBody.grade))
}
qPlayer = config.Framework.includes("qb") ? FrameworkObject.Functions.GetPlayer(postBody.playerId) : FrameworkObject.GetPlayerFromId(postBody.playerId)
if (changed === false) {
res.json({ code: 404, message: "Can't change players job." })
} else {
res.json({ code: 200, message: config.Framework.includes("qb") ? qPlayer.PlayerData.job : {
label: qPlayer.job.label,
grade: {
name: qPlayer.job.grade_label
}
} })
}
} else {
if (config.Framework.includes("qb")) {
const jobCredentials = FrameworkObject.Shared.Jobs[postBody.job]
const jobGradeCredentials = jobCredentials.grades[String(postBody.grade)]
if (!jobCredentials || !jobGradeCredentials) return res.json({ code: 404, message: "Job not found." })
const JobLabel = jobCredentials.label
const JobGradeName = jobGradeCredentials.name
const isboss = jobGradeCredentials.isboss ? true : false
const payment = jobGradeCredentials.payment
const type = jobGradeCredentials.type
const newJob = {
type,
payment,
name: postBody.job,
isboss,
grade: {
level: Number(postBody.grade),
name: JobGradeName
},
onduty: true,
label: JobLabel
}
let result = await query(`UPDATE \`players\` SET \`job\` = '${JSON.stringify(newJob)}' WHERE \`citizenid\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: newJob })
} else if (config.Framework.includes("esx")) {
let result = await query(`SELECT * FROM \`jobs\` WHERE \`name\` = '${postBody.job}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
if (result.length === 0) return res.json({ code: 404, message: "Job not found." })
result = result [0]
const { label: JobLabel } = result
result = await query(`SELECT * FROM \`job_grades\` WHERE \`job_name\` = '${postBody.job}' AND \`grade\` = ${Number(postBody.grade)}`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
if (result.length === 0) return res.json({ code: 404, message: "Job not found." })
result = result [0]
const { label: GradeLabel } = result
result = await query(`UPDATE \`users\` SET \`job\` = '${postBody.job}', \`job_grade\` = '${postBody.grade}' WHERE \`identifier\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: {
label: JobLabel,
grade: {
name: GradeLabel
}
} })
}
}
})
app.use("/changeGang.lvorex", express.json())
app.post("/changeGang.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
postBody.gang = postBody.gang.replace(/\s/g, '')
if (!config.Framework.includes("qb")) return res.json({ code: 404, message: "Gangs not allowed in ESX Framework." })
if (postBody.playerId === null) {
const gangCredentials = FrameworkObject.Shared.Gangs[postBody.gang]
if (!gangCredentials) return res.json({ code: 404, message: "Faction not found." })
const gangGradeCredentials = FrameworkObject.Shared.Gangs[postBody.gang].grades[String(postBody.grade)]
if (!gangGradeCredentials) return res.json({ code: 404, message: "Faction not found." })
const [
isboss,
gradeName,
label
] = [
gangGradeCredentials.isboss ? true : false,
gangGradeCredentials.name,
gangCredentials.label
]
const newGang = {
isboss,
name: postBody.gang,
grade: {
level: Number(postBody.grade),
name: gradeName
},
label
}
let result = await query(`UPDATE \`players\` SET \`gang\` = '${JSON.stringify(newGang)}' WHERE \`citizenid\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: newGang })
} else {
let qPlayer = FrameworkObject.Functions.GetPlayer(Number(postBody.playerId))
if (qPlayer) {
let changed = qPlayer.Functions.SetGang(String(postBody.gang), Number(postBody.grade))
qPlayer = FrameworkObject.Functions.GetPlayer(Number(postBody.playerId))
res.json({ code: changed ? 200 : 404, message: changed ? qPlayer.PlayerData.gang : "Can't change players gang." })
} else return res.json({ code: 404, message: "Can't find player." })
}
})
app.use("/toggleOnlineTimer.lvorex", express.json())
app.post("/toggleOnlineTimer.lvorex", async (req, res) => {
if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 404, message: "Not authorized." })
const postBody = req.body
const player = onlinePlayers.findIndex(w => w.uid === postBody.uid)
if (player !== -1) {
const totalOnline = Date.now() - onlinePlayers[player].onlineStart
onlinePlayers.splice(player, 1)
let result = await query(`SELECT * FROM \`madmin_characters\` WHERE \`identifier\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
if (result.length === 0) return res.json({ code: 404, message: "Character not found." })
result = result [0]
const toInsertOnline = totalOnline + Number(result.online_time)
result = await query(`UPDATE \`madmin_characters\` SET \`online_time\` = '${toInsertOnline}' WHERE \`identifier\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
} else {
onlinePlayers.push({
uid: postBody.uid,
onlineStart: Date.now()
})
}
res.json({ code: 200, message: "Timer toggled." })
})
app.use("/getSpecificLog.lvorex", express.json())
app.post("/getSpecificLog.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
let result = await query(`SELECT * FROM \`madmin_logs\` WHERE \`type\` = '${postBody.type}' AND \`player_uid\` = '${postBody.uid}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
if (result.length === 0) return res.json({ code: 404, message: "Player not found." })
res.json({ code: 200, message: result })
})
app.use("/sendConsoleCommand.lvorex", express.json())
app.post("/sendConsoleCommand.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 5)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
ExecuteCommand(postBody.command)
res.json({ code: 200, message: "Executed." })
})
app.use("/sendConsoleCommandLiveConsole.lvorex", express.json())
app.post("/sendConsoleCommandLiveConsole.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "LiveConsole", 0)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
ExecuteCommand(postBody.command)
res.json({ code: 200, message: "Executed." })
})
app.use("/sendAnnouncement.lvorex", express.json())
app.post("/sendAnnouncement.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 3)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
emit("mAdmin:makeAnnouncement", postBody.message)
res.json({ code: 200, message: "Sent." })
})
app.use("/kickAllPlayers.lvorex", express.json())
app.post("/kickAllPlayers.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 4)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
emit("mAdmin:kickAllPlayers")
res.json({ code: 200, message: "Kicked." })
})
app.use("/sqlquery.lvorex", express.json())
app.post("/sqlquery.lvorex", async (req, res) => {
const postBody = req.body
if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 404, message: "Not Authorized." })
if (SQLKeys[postBody.SQLKeyIndex].key === postBody.SQLKey) {
SQLKeys[postBody.SQLKeyIndex] = undefined
let result = await query(`${postBody.query}`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: "Query executed." })
} else return res.json({ code: 404, message: "Not authorized." })
})
app.use("/resetSqlKey.lvorex", express.json())
app.post("/resetSqlKey.lvorex", async (req, res) => {
const postBody = req.body
if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 404, message: "Not Authorized." })
SQLKeys[postBody.SQLKeyIndex] = undefined
res.json({ code: 200, message: "Resetted." })
})
app.use("/getMAdminVersion.lvorex", express.json())
app.post("/getMAdminVersion.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Dashboard", 1)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
res.json({ code: 200, message: VersionData })
})
app.use("/getBotClientId.lvorex", express.json())
app.post("/getBotClientId.lvorex", async (req, res) => {
res.json({ code: 200, message: config.clientId })
})
console.log(`^3API Hosting on ${GetConvar("mAdminPort", "40130")} Port.^7`)