Fix

Author: 1ceit

server/db/flights.js

@@ -9,7 +9,7 @@ import flightsPool from './connections/flightsConnection.js';
 import crypto from 'crypto';
 
 function sanitizeFlightForClient(flight) {
-    const { user_id, ip_address, ...sanitizedFlight } = flight;
+    const { user_id, ip_address, acars_token, ...sanitizedFlight } = flight;
     return {
         ...sanitizedFlight,
         cruisingFL: flight.cruisingfl,
@@ -29,6 +29,20 @@ export async function getFlightsBySession(sessionId) {
     return flights;
 }
 
+export async function validateAcarsAccess(sessionId, flightId, acarsToken) {
+    const tableName = `flights_${sessionId}`;
+    const result = await flightsPool.query(
+        `SELECT acars_token FROM ${tableName} WHERE id = $1`,
+        [flightId]
+    );
+
+    if (result.rows.length === 0) {
+        return false;
+    }
+
+    return result.rows[0].acars_token === acarsToken;
+}
+
 export async function getFlightsBySessionWithTime(sessionId, hoursBack = 2) {
     try {
         const tableName = `flights_${sessionId}`;
@@ -173,7 +187,11 @@ export async function addFlight(sessionId, flightData) {
     const result = await flightsPool.query(query, values);
 
     const flight = result.rows[0];
-    return sanitizeFlightForClient(flight);
+    return {
+        ...flight,
+        cruisingFL: flight.cruisingfl,
+        clearedFL: flight.clearedfl,
+    };
 }
 
 export async function updateFlight(sessionId, flightId, updates) {

server/routes/flights.js

@@ -1,19 +1,21 @@
 import express from 'express';
 import requireAuth from '../middleware/isAuthenticated.js';
-import { getFlightsBySession, addFlight, updateFlight, deleteFlight } from '../db/flights.js';
+import { getFlightsBySession, addFlight, updateFlight, deleteFlight, validateAcarsAccess } from '../db/flights.js';
 import { broadcastFlightEvent } from '../websockets/flightsWebsocket.js';
 import { recordNewFlight } from '../db/statistics.js';
 import { getClientIp } from '../tools/getIpAddress.js';
+import flightsPool from '../db/connections/flightsConnection.js';
 
 const router = express.Router();
 
+const activeAcarsTerminals = new Map();
+
 // GET: /api/flights/:sessionId - get all flights for a session
 router.get('/:sessionId', requireAuth, async (req, res) => {
     try {
         const flights = await getFlightsBySession(req.params.sessionId);
         res.json(flights);
     } catch (error) {
-        console.error('Error fetching flights:', error);
         res.status(500).json({ error: 'Failed to fetch flights' });
     }
 });
@@ -31,11 +33,10 @@ router.post('/:sessionId', async (req, res) => {
 
         await recordNewFlight();
 
-        broadcastFlightEvent(req.params.sessionId, 'flightAdded', flight);
-
+        const { acars_token, user_id, ip_address, ...sanitizedFlight } = flight;
+        broadcastFlightEvent(req.params.sessionId, 'flightAdded', sanitizedFlight);
         res.status(201).json(flight);
     } catch (error) {
-        console.error('Error adding flight:', error);
         res.status(500).json({ error: 'Failed to add flight' });
     }
 });
@@ -75,4 +76,89 @@ router.delete('/:sessionId/:flightId', requireAuth, async (req, res) => {
     }
 });
 
+// GET: /api/flights/:sessionId/:flightId/validate-acars - validate ACARS access token
+router.get('/:sessionId/:flightId/validate-acars', async (req, res) => {
+    try {
+        const { sessionId, flightId } = req.params;
+        const acarsToken = req.query.accessId;
+
+        if (!acarsToken) {
+            return res.status(400).json({ valid: false, error: 'Missing access token' });
+        }
+
+        const isValid = await validateAcarsAccess(sessionId, flightId, acarsToken);
+        res.json({ valid: isValid });
+    } catch (error) {
+        res.status(500).json({ valid: false, error: 'Validation failed' });
+    }
+});
+
+// POST: /api/flights/acars/active - mark ACARS terminal as active
+router.post('/acars/active', async (req, res) => {
+    try {
+        const { sessionId, flightId, acarsToken } = req.body;
+
+        if (!sessionId || !flightId || !acarsToken) {
+            return res.status(400).json({ error: 'Missing required fields' });
+        }
+
+        const isValid = await validateAcarsAccess(sessionId, flightId, acarsToken);
+        if (!isValid) {
+            return res.status(403).json({ error: 'Invalid ACARS token' });
+        }
+
+        const key = `${sessionId}:${flightId}`;
+        activeAcarsTerminals.set(key, {
+            sessionId,
+            flightId,
+            connectedAt: new Date().toISOString()
+        });
+
+        res.json({ success: true });
+    } catch (error) {
+        res.status(500).json({ error: 'Failed to mark ACARS as active' });
+    }
+});
+
+// DELETE: /api/flights/acars/active/:sessionId/:flightId - mark ACARS terminal as inactive
+router.delete('/acars/active/:sessionId/:flightId', async (req, res) => {
+    try {
+        const { sessionId, flightId } = req.params;
+        const key = `${sessionId}:${flightId}`;
+
+        activeAcarsTerminals.delete(key);
+
+        res.json({ success: true });
+    } catch (error) {
+        res.status(500).json({ error: 'Failed to mark ACARS as inactive' });
+    }
+});
+
+// GET: /api/flights/acars/active - get all active ACARS terminals
+router.get('/acars/active', async (req, res) => {
+    try {
+        const activeFlights = [];
+
+        for (const [key, { sessionId, flightId }] of activeAcarsTerminals.entries()) {
+            try {
+                const tableName = `flights_${sessionId}`;
+                const result = await flightsPool.query(
+                    `SELECT id, callsign, departure, arrival, aircraft, session_id FROM ${tableName} WHERE id = $1`,
+                    [flightId]
+                );
+
+                if (result.rows.length > 0) {
+                    activeFlights.push(result.rows[0]);
+                }
+            } catch (error) {
+                activeAcarsTerminals.delete(key);
+            }
+        }
+
+        res.json(activeFlights);
+    } catch (error) {
+        res.status(500).json({ error: 'Failed to fetch active ACARS terminals' });
+    }
+});
+
 export default router;

server/websockets/flightsWebsocket.js

@@ -4,6 +4,7 @@ import { validateSessionAccess } from '../middleware/sessionAccess.js';
 import { updateSession, getAllSessions, getSessionById } from '../db/sessions.js';
 import { getArrivalsIO } from './arrivalsWebsocket.js';
 import { handleFlightStatusChange } from '../services/logbookStatusHandler.js';
+import flightsPool from '../db/connections/flightsConnection.js';
 
 let io;
 const updateTimers = new Map();
@@ -21,16 +22,11 @@ export function setupFlightsWebsocket(httpServer) {
         const sessionId = socket.handshake.query.sessionId;
         const accessId = socket.handshake.query.accessId;
 
-        // Basic session check
         if (!sessionId) {
             socket.disconnect(true);
             return;
         }
 
-        // Determine role:
-        // - If an accessId is provided and validates -> controller (full privileges)
-        // - If no accessId provided -> pilot (limited privileges: can listen & addFlight)
-        // This avoids giving pilots controller access while still allowing them to receive events.
         let role = 'pilot';
         if (accessId) {
             const valid = await validateSessionAccess(sessionId, accessId);
@@ -45,20 +41,13 @@ export function setupFlightsWebsocket(httpServer) {
         socket.join(sessionId);
 
         socket.on('updateFlight', async ({ flightId, updates }) => {
-            // restrict updates from pilots (controllers only)
             if (socket.data.role !== 'controller') {
                 socket.emit('flightError', { action: 'update', flightId, error: 'Not authorized' });
                 return;
             }
             try {
-                // Log all updates to see what's being received
-                if (updates.status || updates.callsign) {
-                    console.log(`[FlightWS] Received update for ${updates.callsign || flightId}:`, JSON.stringify(updates));
-                }
-
-                // Handle local hide/unhide - don't process these on server
                 if (updates.hasOwnProperty('hidden')) {
-                    return; // Ignore hidden field updates
+                    return;
                 }
 
                 if (updates.callsign && updates.callsign.length > 16) {
@@ -83,10 +72,7 @@ export function setupFlightsWebsocket(httpServer) {
 
                     await broadcastToArrivalSessions(updatedFlight);
 
-                    // Handle logbook status changes
                     if (updates.status && updatedFlight.callsign) {
-                        console.log(`[FlightWS] Detected status change: ${updatedFlight.callsign} -> ${updates.status}`);
-                        // Get session's airport to determine origin vs destination
                         const session = await getSessionById(sessionId);
                         const controllerAirport = session?.airport_icao || null;
                         await handleFlightStatusChange(updatedFlight.callsign, updates.status, controllerAirport);
@@ -104,12 +90,10 @@ export function setupFlightsWebsocket(httpServer) {
                         await updateFlight(sessionId, flightId, updates);
                         updateTimers.delete(timerKey);
                     } catch (error) {
-                        console.error('Error saving flight update to DB:', error);
                     }
                 }, 1000));
 
             } catch (error) {
-                console.error('Error updating flight via websocket:', error);
                 socket.emit('flightError', { action: 'update', flightId, error: 'Failed to update flight' });
             }
         });
@@ -124,17 +108,18 @@ export function setupFlightsWebsocket(httpServer) {
 
                 const flight = await addFlight(sessionId, enhancedFlightData);
 
-                io.to(sessionId).emit('flightAdded', flight);
+                socket.emit('flightAdded', flight);
 
-                await broadcastToArrivalSessions(flight);
+                const { acars_token, user_id, ip_address, ...sanitizedFlight } = flight;
+                socket.to(sessionId).emit('flightAdded', sanitizedFlight);
+
+                await broadcastToArrivalSessions(sanitizedFlight);
             } catch (error) {
-                console.error('Error adding flight via websocket:', error);
                 socket.emit('flightError', { action: 'add', error: 'Failed to add flight' });
             }
         });
 
         socket.on('deleteFlight', async (flightId) => {
-            // controllers only
             if (socket.data.role !== 'controller') {
                 socket.emit('flightError', { action: 'delete', flightId, error: 'Not authorized' });
                 return;
@@ -143,13 +128,11 @@ export function setupFlightsWebsocket(httpServer) {
                 await deleteFlight(sessionId, flightId);
                 io.to(sessionId).emit('flightDeleted', { flightId });
             } catch (error) {
-                console.error('Error deleting flight via websocket:', error);
                 socket.emit('flightError', { action: 'delete', flightId, error: 'Failed to delete flight' });
             }
         });
 
         socket.on('updateSession', async (updates) => {
-            // controllers only
             if (socket.data.role !== 'controller') {
                 socket.emit('sessionError', { error: 'Not authorized' });
                 return;
@@ -164,14 +147,11 @@ export function setupFlightsWebsocket(httpServer) {
                     socket.emit('sessionError', { error: 'Session not found or update failed' });
                 }
             } catch (error) {
-                console.error('Error updating session via websocket:', error);
                 socket.emit('sessionError', { error: 'Failed to update session' });
             }
         });
 
-        // NEW: controller issues a PDC for a flight -> persist & broadcast
         socket.on('issuePDC', async ({ flightId, pdcText, targetPilotUserId }) => {
-            // controllers only
             if (socket.data.role !== 'controller') {
                 socket.emit('flightError', { action: 'issuePDC', flightId, error: 'Not authorized' });
                 return;
@@ -181,8 +161,6 @@ export function setupFlightsWebsocket(httpServer) {
                     socket.emit('flightError', { action: 'issuePDC', error: 'Missing flightId' });
                     return;
                 }
-
-                // Use pdc_remarks (frontend checks this). Avoid writing unknown columns.
                 const updates = {
                     pdc_remarks: pdcText
                 };
@@ -197,15 +175,12 @@ export function setupFlightsWebsocket(httpServer) {
                     socket.emit('flightError', { action: 'issuePDC', flightId, error: 'Flight not found' });
                 }
             } catch (error) {
-                console.error('Error issuing PDC via websocket:', error);
                 socket.emit('flightError', { action: 'issuePDC', flightId, error: 'Failed to issue PDC' });
             }
         });
 
-        // client requests that controllers issue a PDC for a flight
         socket.on('requestPDC', ({ flightId, callsign, note }) => {
             try {
-                // broadcast to everyone in session (controllers should respond by flashing their flightstrip)
                 io.to(sessionId).emit('pdcRequest', {
                     flightId,
                     callsign: callsign ?? null,
@@ -214,24 +189,41 @@ export function setupFlightsWebsocket(httpServer) {
                     ts: new Date().toISOString()
                 });
             } catch (err) {
-                console.error('Error handling requestPDC:', err);
                 socket.emit('flightError', { action: 'requestPDC', flightId, error: 'Failed to request PDC' });
             }
         });
 
-        socket.on('contactMe', ({ flightId, message }) => {
+        socket.on('contactMe', async ({ flightId, message }) => {
             if (socket.data.role !== 'controller') {
                 socket.emit('flightError', { action: 'contactMe', flightId, error: 'Not authorized' });
                 return;
             }
             try {
-                io.to(sessionId).emit('contactMe', {
+                const allSessions = await getAllSessions();
+                let targetSessionId = sessionId;
+
+                for (const session of allSessions) {
+                    try {
+                        const tableName = `flights_${session.session_id}`;
+                        const result = await flightsPool.query(
+                            `SELECT session_id FROM ${tableName} WHERE id = $1`,
+                            [flightId]
+                        );
+                        if (result.rows.length > 0) {
+                            targetSessionId = session.session_id;
+                            break;
+                        }
+                    } catch (err) {
+                        continue;
+                    }
+                }
+
+                io.to(targetSessionId).emit('contactMe', {
                     flightId,
                     message: message || 'CONTACT CONTROLLER ON FREQUENCY',
                     ts: new Date().toISOString()
                 });
             } catch (err) {
-                console.error('Error handling contactMe:', err);
                 socket.emit('flightError', { action: 'contactMe', flightId, error: 'Failed to send contact message' });
             }
         });
@@ -257,7 +249,6 @@ async function broadcastToArrivalSessions(flight) {
             }
         }
     } catch (error) {
-        console.error('Error broadcasting to arrival sessions:', error);
     }
 }
 
@@ -269,4 +260,4 @@ export function broadcastFlightEvent(sessionId, event, data) {
     if (io) {
         io.to(sessionId).emit(event, data);
     }
-}
+}

src/components/ACARSPanel.tsx

@@ -1,5 +1,3 @@
-// ...existing code...
-import React from 'react';
 import Button from './common/Button';
 
 interface ACARSPanelProps {