Software: Apache. PHP/8.1.30 

uname -a: Linux server1.tuhinhossain.com 5.15.0-163-generic #173-Ubuntu SMP Tue Oct 14 17:51:00 UTC
2025 x86_64 

uid=1002(picotech) gid=1003(picotech) groups=1003(picotech),0(root)  

Safe-mode: OFF (not secure)

/home/picotech/domains/note.picotech.app/public_html/src/routes/   drwxr-xr-x
Free 25.88 GB of 117.98 GB (21.93%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Self remove    Logout    

Viewing file:     apiProxy.js (2.9 KB)      -rw-r--r--

const express = require('express');
const { ApiKey } = require('../models');
const { catchAsync } = require('../middleware/errorHandler');

const router = express.Router();

// Middleware to check authentication
const requireAuth = (req, res, next) => {
  if (!req.user) {
    return res.status(401).json({
      success: false,
      message: 'Authentication required'
    });
  }
  next();
};

// OpenAI API proxy
router.post('/openai/*', requireAuth, catchAsync(async (req, res) => {
  try {
    const apiKey = await ApiKey.getDecryptedKey('openai', 'api_key');
    const openaiUrl = `https://api.openai.com/v1/${req.params[0]}`;

    const response = await fetch(openaiUrl, {
      method: req.method,
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json',
      },
      body: req.method !== 'GET' ? JSON.stringify(req.body) : undefined
    });

    const data = await response.json();
    res.status(response.status).json(data);
  } catch (error) {
    console.error('OpenAI API proxy error:', error);
    res.status(500).json({
      success: false,
      message: 'External API request failed'
    });
  }
}));

// Anthropic API proxy
router.post('/anthropic/*', requireAuth, catchAsync(async (req, res) => {
  try {
    const apiKey = await ApiKey.getDecryptedKey('anthropic', 'api_key');
    const anthropicUrl = `https://api.anthropic.com/v1/${req.params[0]}`;

    const response = await fetch(anthropicUrl, {
      method: req.method,
      headers: {
        'x-api-key': apiKey,
        'Content-Type': 'application/json',
        'anthropic-version': '2023-06-01'
      },
      body: req.method !== 'GET' ? JSON.stringify(req.body) : undefined
    });

    const data = await response.json();
    res.status(response.status).json(data);
  } catch (error) {
    console.error('Anthropic API proxy error:', error);
    res.status(500).json({
      success: false,
      message: 'External API request failed'
    });
  }
}));

// Google OAuth client ID endpoint (safe to expose)
router.get('/google/client-id', requireAuth, catchAsync(async (req, res) => {
  try {
    const clientId = await ApiKey.getDecryptedKey('google_oauth', 'client_id');
    res.json({
      success: true,
      clientId
    });
  } catch (error) {
    console.error('Google OAuth client ID error:', error);
    res.status(500).json({
      success: false,
      message: 'Failed to retrieve client ID'
    });
  }
}));

// Microsoft OAuth client ID endpoint (safe to expose)
router.get('/microsoft/client-id', requireAuth, catchAsync(async (req, res) => {
  try {
    const clientId = await ApiKey.getDecryptedKey('microsoft_oauth', 'client_id');
    res.json({
      success: true,
      clientId
    });
  } catch (error) {
    console.error('Microsoft OAuth client ID error:', error);
    res.status(500).json({
      success: false,
      message: 'Failed to retrieve client ID'
    });
  }
}));

module.exports = router;