Nice project! There's a number of government and quasi-government agencies that I wish had end user accessible APIS.<p>AES encrypted responses from Amtrak's API all encrypted with the same constant hard coded IV:<p><a href="https://github.com/pieromqwerty/amtrak/blob/master/src/amtrak/amtrak.ts#L7-L11" rel="nofollow">https://github.com/pieromqwerty/amtrak/blob/master/src/amtra...</a><p><a href="https://github.com/pieromqwerty/amtrak/blob/e0bc815f7ff73484615ac68eb7b4eee63b3fbc30/src/amtrak/amtrak.ts#L93-L100" rel="nofollow">https://github.com/pieromqwerty/amtrak/blob/e0bc815f7ff73484...</a><p>What a waste of time and tax payer money. Might as well just make the API public and add some CORS headers. Or require an API key and have the website dynamically generate them internally with a short expiration.<p>The encryption dance being performed here is all theater and the acting sucks.
This is fabulous. I tried to do this a few years ago while I was building <a href="https://Amtrak.io" rel="nofollow">https://Amtrak.io</a> and failed to sort out their obfuscation.