From e5c62e913ff4dbace6304e0ac3c4961184086c2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?PontualTech=20/=20Karl=C3=A3o?= Date: Wed, 29 Apr 2026 08:07:59 -0300 Subject: [PATCH] feat(api): admin endpoint /_all lista todos diag logs (BOAT_TOKEN only) --- server/src/index.js | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/server/src/index.js b/server/src/index.js index c148002..ee8e56b 100644 --- a/server/src/index.js +++ b/server/src/index.js @@ -143,6 +143,20 @@ app.post('/api/bms/diag-log', requireAuth, (req, res) => { } }); +// ADMIN: lista TODOS os logs (BOAT_TOKEN apenas) +app.get('/api/bms/diag-log/_all', requireAuth, (req, res) => { + if (!req.user.viaBoatToken) return res.status(403).json({ error: 'admin only' }); + const dir = path.join(db.dataDir, 'diag-logs'); + try { + if (!fs.existsSync(dir)) return res.json({ files: [] }); + const files = fs.readdirSync(dir).map(f => { + const stat = fs.statSync(path.join(dir, f)); + return { name: f, size: stat.size, mtime: stat.mtime }; + }).sort((a, b) => b.mtime - a.mtime); + res.json({ files }); + } catch (e) { res.status(500).json({ error: e.message }) } +}); + // Lista logs disponíveis (debug) app.get('/api/bms/diag-log', requireAuth, (req, res) => { const dir = path.join(db.dataDir, 'diag-logs'); @@ -164,7 +178,10 @@ app.get('/api/bms/diag-log', requireAuth, (req, res) => { // Lê conteúdo de um log específico app.get('/api/bms/diag-log/:file', requireAuth, (req, res) => { const file = req.params.file.replace(/[^a-zA-Z0-9._-]/g, ''); - if (!file.startsWith(`${req.user.id}-`)) return res.status(403).json({ error: 'forbidden' }); + // Admin (BOAT_TOKEN) lê qualquer; user normal só os próprios + if (!req.user.viaBoatToken && !file.startsWith(`${req.user.id}-`)) { + return res.status(403).json({ error: 'forbidden' }); + } const fullPath = path.join(db.dataDir, 'diag-logs', file); try { if (!fs.existsSync(fullPath)) return res.status(404).json({ error: 'not found' });