top | item 28477797

Show HN: Amtrak.js – A JavaScript library to interact with Amtrak's tracking API

25 points| piemadd | 4 years ago |npmjs.com

6 comments

koolba|4 years ago

Nice project! There's a number of government and quasi-government agencies that I wish had end user accessible APIS.

AES encrypted responses from Amtrak's API all encrypted with the same constant hard coded IV:

https://github.com/pieromqwerty/amtrak/blob/master/src/amtra...

https://github.com/pieromqwerty/amtrak/blob/e0bc815f7ff73484...

What a waste of time and tax payer money. Might as well just make the API public and add some CORS headers. Or require an API key and have the website dynamically generate them internally with a short expiration.

The encryption dance being performed here is all theater and the acting sucks.

piemadd|4 years ago

Some people have theorized it wasn't Amtrak who wanted the bs encryption (also probably why the keys haven't changed in 3 years and they've made no effort to prevent people from grabbing this data) but actually some sort of National Security jargon.

reustle|4 years ago

This is fabulous. I tried to do this a few years ago while I was building https://Amtrak.io and failed to sort out their obfuscation.

piemadd|4 years ago

I actually came across an old hackernews thread where you mentioned you built the site, I guess you have a library to do it for you now lol

galaxyLogic|4 years ago

Interesting. But couldn't this data be loaded just with REST too?

piemadd|4 years ago

Nope. Go to https://maps.amtrak.com/services/MapDataService/trains/getTr... and let me know how readable the data is lol, though I have also made an API based off of this library (and integrated it into the library) which you can read on the docs: https://api.amtrak.piemadd.com/docs