misc_pterodactyl-panel/routes/api-client.php

<?php

use Illuminate\Support\Facades\Route;
use Pterodactyl\Http\Controllers\Api\Client;
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
use Pterodactyl\Http\Middleware\Api\Client\Server\ResourceBelongsToServer;
use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;

/*
|--------------------------------------------------------------------------
| Client Control API
|--------------------------------------------------------------------------
|
| Endpoint: /api/client
|
*/
Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index');
Route::get('/permissions', [Client\ClientController::class, 'permissions']);

Route::group(['prefix' => '/account'], function () {
    Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account')->withoutMiddleware(RequireTwoFactorAuthentication::class);
    Route::get('/two-factor', [Client\TwoFactorController::class, 'index'])->withoutMiddleware(RequireTwoFactorAuthentication::class);
    Route::post('/two-factor', [Client\TwoFactorController::class, 'store'])->withoutMiddleware(RequireTwoFactorAuthentication::class);
    Route::delete('/two-factor', [Client\TwoFactorController::class, 'delete'])->withoutMiddleware(RequireTwoFactorAuthentication::class);

    Route::put('/email', [Client\AccountController::class, 'updateEmail'])->name('api:client.account.update-email');
    Route::put('/password', [Client\AccountController::class, 'updatePassword'])->name('api:client.account.update-password');

    Route::get('/api-keys', [Client\ApiKeyController::class, 'index']);
    Route::post('/api-keys', [Client\ApiKeyController::class, 'store']);
    Route::delete('/api-keys/{identifier}', [Client\ApiKeyController::class, 'delete']);

    Route::prefix('/ssh-keys')->group(function () {
        Route::get('/', [Client\SSHKeyController::class, 'index']);
        Route::post('/', [Client\SSHKeyController::class, 'store']);
        Route::delete('/{identifier}', [Client\SSHKeyController::class, 'delete']);
    });
});

/*
|--------------------------------------------------------------------------
| Client Control API
|--------------------------------------------------------------------------
|
| Endpoint: /api/client/servers/{server}
|
*/
Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServerAccess::class, ResourceBelongsToServer::class]], function () {
    Route::get('/', [Client\Servers\ServerController::class, 'index'])->name('api:client:server.view');
    Route::get('/websocket', Client\Servers\WebsocketController::class)->name('api:client:server.ws');
    Route::get('/resources', Client\Servers\ResourceUtilizationController::class)->name('api:client:server.resources');

    Route::post('/command', [Client\Servers\CommandController::class, 'index']);
    Route::post('/power', [Client\Servers\PowerController::class, 'index']);

    Route::group(['prefix' => '/databases'], function () {
        Route::get('/', [Client\Servers\DatabaseController::class, 'index']);
        Route::post('/', [Client\Servers\DatabaseController::class, 'store']);
        Route::post('/{database}/rotate-password', [Client\Servers\DatabaseController::class, 'rotatePassword']);
        Route::delete('/{database}', [Client\Servers\DatabaseController::class, 'delete']);
    });

    Route::group(['prefix' => '/files'], function () {
        Route::get('/list', [Client\Servers\FileController::class, 'directory']);
        Route::get('/contents', [Client\Servers\FileController::class, 'contents']);
        Route::get('/download', [Client\Servers\FileController::class, 'download']);
        Route::put('/rename', [Client\Servers\FileController::class, 'rename']);
        Route::post('/copy', [Client\Servers\FileController::class, 'copy']);
        Route::post('/write', [Client\Servers\FileController::class, 'write']);
        Route::post('/compress', [Client\Servers\FileController::class, 'compress']);
        Route::post('/decompress', [Client\Servers\FileController::class, 'decompress']);
        Route::post('/delete', [Client\Servers\FileController::class, 'delete']);
        Route::post('/create-folder', [Client\Servers\FileController::class, 'create']);
        Route::post('/chmod', [Client\Servers\FileController::class, 'chmod']);
        Route::post('/pull', [Client\Servers\FileController::class, 'pull'])->middleware(['throttle:10,5']);
        Route::get('/upload', Client\Servers\FileUploadController::class);
    });

    Route::group(['prefix' => '/schedules'], function () {
        Route::get('/', [Client\Servers\ScheduleController::class, 'index']);
        Route::post('/', [Client\Servers\ScheduleController::class, 'store']);
        Route::get('/{schedule}', [Client\Servers\ScheduleController::class, 'view']);
        Route::post('/{schedule}', [Client\Servers\ScheduleController::class, 'update']);
        Route::post('/{schedule}/execute', [Client\Servers\ScheduleController::class, 'execute']);
        Route::delete('/{schedule}', [Client\Servers\ScheduleController::class, 'delete']);

        Route::post('/{schedule}/tasks', [Client\Servers\ScheduleTaskController::class, 'store']);
        Route::post('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'update']);
        Route::delete('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'delete']);
    });

    Route::group(['prefix' => '/network'], function () {
        Route::get('/allocations', [Client\Servers\NetworkAllocationController::class, 'index']);
        Route::post('/allocations', [Client\Servers\NetworkAllocationController::class, 'store']);
        Route::post('/allocations/{allocation}', [Client\Servers\NetworkAllocationController::class, 'update']);
        Route::post('/allocations/{allocation}/primary', [Client\Servers\NetworkAllocationController::class, 'setPrimary']);
        Route::delete('/allocations/{allocation}', [Client\Servers\NetworkAllocationController::class, 'delete']);
    });

    Route::group(['prefix' => '/users'], function () {
        Route::get('/', [Client\Servers\SubuserController::class, 'index']);
        Route::post('/', [Client\Servers\SubuserController::class, 'store']);
        Route::get('/{user}', [Client\Servers\SubuserController::class, 'view']);
        Route::post('/{user}', [Client\Servers\SubuserController::class, 'update']);
        Route::delete('/{user}', [Client\Servers\SubuserController::class, 'delete']);
    });

    Route::group(['prefix' => '/backups'], function () {
        Route::get('/', [Client\Servers\BackupController::class, 'index']);
        Route::post('/', [Client\Servers\BackupController::class, 'store']);
        Route::get('/{backup}', [Client\Servers\BackupController::class, 'view']);
        Route::get('/{backup}/download', [Client\Servers\BackupController::class, 'download']);
        Route::post('/{backup}/lock', [Client\Servers\BackupController::class, 'toggleLock']);
        Route::post('/{backup}/restore', [Client\Servers\BackupController::class, 'restore']);
        Route::delete('/{backup}', [Client\Servers\BackupController::class, 'delete']);
    });

    Route::group(['prefix' => '/startup'], function () {
        Route::get('/', [Client\Servers\StartupController::class, 'index']);
        Route::put('/variable', [Client\Servers\StartupController::class, 'update']);
    });

    Route::group(['prefix' => '/settings'], function () {
        Route::post('/rename', [Client\Servers\SettingsController::class, 'rename']);
        Route::post('/reinstall', [Client\Servers\SettingsController::class, 'reinstall']);
        Route::put('/docker-image', [Client\Servers\SettingsController::class, 'dockerImage']);
    });
});
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`<?php`

Add handler to fetch all of the system permissions and load them into the state 2019-11-04 01:37:06 +00:00			`use Illuminate\Support\Facades\Route;`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`use Pterodactyl\Http\Controllers\Api\Client;`
Block API access when 2FA is required on account; closes #2791 2020-12-06 21:56:14 +00:00			`use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;`
[security] fix resources not properly returning an error when they don't match the server in the URL Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request. Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel. 2021-01-20 05:19:17 +00:00			`use Pterodactyl\Http\Middleware\Api\Client\Server\ResourceBelongsToServer;`
More logic for deleting databases 2018-08-25 22:07:42 +00:00			`use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Client Control API`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Endpoint: /api/client`
			`\|`
			`*/`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index');`
			`Route::get('/permissions', [Client\ClientController::class, 'permissions']);`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00
Base attempt at using vuex to handle logins 2018-06-06 06:00:01 +00:00			`Route::group(['prefix' => '/account'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account')->withoutMiddleware(RequireTwoFactorAuthentication::class);`
			`Route::get('/two-factor', [Client\TwoFactorController::class, 'index'])->withoutMiddleware(RequireTwoFactorAuthentication::class);`
			`Route::post('/two-factor', [Client\TwoFactorController::class, 'store'])->withoutMiddleware(RequireTwoFactorAuthentication::class);`
			`Route::delete('/two-factor', [Client\TwoFactorController::class, 'delete'])->withoutMiddleware(RequireTwoFactorAuthentication::class);`
Get the base email update working through the API. Still going to need to determine the best course of action to update the token on the client side. 2018-06-12 05:56:57 +00:00
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::put('/email', [Client\AccountController::class, 'updateEmail'])->name('api:client.account.update-email');`
			`Route::put('/password', [Client\AccountController::class, 'updatePassword'])->name('api:client.account.update-password');`
Add base support for creating a new API key for an account 2020-03-23 01:15:38 +00:00
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/api-keys', [Client\ApiKeyController::class, 'index']);`
			`Route::post('/api-keys', [Client\ApiKeyController::class, 'store']);`
			`Route::delete('/api-keys/{identifier}', [Client\ApiKeyController::class, 'delete']);`
Add support for storing SSH keys on user accounts 2022-05-14 21:31:53 +00:00
			`Route::prefix('/ssh-keys')->group(function () {`
			`Route::get('/', [Client\SSHKeyController::class, 'index']);`
			`Route::post('/', [Client\SSHKeyController::class, 'store']);`
			`Route::delete('/{identifier}', [Client\SSHKeyController::class, 'delete']);`
			`});`
Base attempt at using vuex to handle logins 2018-06-06 06:00:01 +00:00			`});`

Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Client Control API`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Endpoint: /api/client/servers/{server}`
			`\|`
			`*/`
[security] fix resources not properly returning an error when they don't match the server in the URL Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request. Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel. 2021-01-20 05:19:17 +00:00			`Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServerAccess::class, ResourceBelongsToServer::class]], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\Servers\ServerController::class, 'index'])->name('api:client:server.view');`
			`Route::get('/websocket', Client\Servers\WebsocketController::class)->name('api:client:server.ws');`
			`Route::get('/resources', Client\Servers\ResourceUtilizationController::class)->name('api:client:server.resources');`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::post('/command', [Client\Servers\CommandController::class, 'index']);`
			`Route::post('/power', [Client\Servers\PowerController::class, 'index']);`
Add basic database listing for server 2018-08-22 04:47:01 +00:00
			`Route::group(['prefix' => '/databases'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\Servers\DatabaseController::class, 'index']);`
			`Route::post('/', [Client\Servers\DatabaseController::class, 'store']);`
			`Route::post('/{database}/rotate-password', [Client\Servers\DatabaseController::class, 'rotatePassword']);`
			`Route::delete('/{database}', [Client\Servers\DatabaseController::class, 'delete']);`
Add basic database listing for server 2018-08-22 04:47:01 +00:00			`});`
Initial attempt trying to get file downloading to work 2019-03-17 00:10:04 +00:00
			`Route::group(['prefix' => '/files'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/list', [Client\Servers\FileController::class, 'directory']);`
			`Route::get('/contents', [Client\Servers\FileController::class, 'contents']);`
			`Route::get('/download', [Client\Servers\FileController::class, 'download']);`
			`Route::put('/rename', [Client\Servers\FileController::class, 'rename']);`
			`Route::post('/copy', [Client\Servers\FileController::class, 'copy']);`
			`Route::post('/write', [Client\Servers\FileController::class, 'write']);`
			`Route::post('/compress', [Client\Servers\FileController::class, 'compress']);`
			`Route::post('/decompress', [Client\Servers\FileController::class, 'decompress']);`
			`Route::post('/delete', [Client\Servers\FileController::class, 'delete']);`
			`Route::post('/create-folder', [Client\Servers\FileController::class, 'create']);`
			`Route::post('/chmod', [Client\Servers\FileController::class, 'chmod']);`
			`Route::post('/pull', [Client\Servers\FileController::class, 'pull'])->middleware(['throttle:10,5']);`
			`Route::get('/upload', Client\Servers\FileUploadController::class);`
Initial attempt trying to get file downloading to work 2019-03-17 00:10:04 +00:00			`});`
Add base code to support retrieving allocations as a client 2019-03-24 00:47:20 +00:00
Add basic listing of server schedules 2020-02-08 23:23:08 +00:00			`Route::group(['prefix' => '/schedules'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\Servers\ScheduleController::class, 'index']);`
			`Route::post('/', [Client\Servers\ScheduleController::class, 'store']);`
			`Route::get('/{schedule}', [Client\Servers\ScheduleController::class, 'view']);`
			`Route::post('/{schedule}', [Client\Servers\ScheduleController::class, 'update']);`
			`Route::post('/{schedule}/execute', [Client\Servers\ScheduleController::class, 'execute']);`
			`Route::delete('/{schedule}', [Client\Servers\ScheduleController::class, 'delete']);`

			`Route::post('/{schedule}/tasks', [Client\Servers\ScheduleTaskController::class, 'store']);`
			`Route::post('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'update']);`
			`Route::delete('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'delete']);`
Add basic listing of server schedules 2020-02-08 23:23:08 +00:00			`});`

[security] fix resources not properly returning an error when they don't match the server in the URL Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request. Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel. 2021-01-20 05:19:17 +00:00			`Route::group(['prefix' => '/network'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/allocations', [Client\Servers\NetworkAllocationController::class, 'index']);`
			`Route::post('/allocations', [Client\Servers\NetworkAllocationController::class, 'store']);`
			`Route::post('/allocations/{allocation}', [Client\Servers\NetworkAllocationController::class, 'update']);`
			`Route::post('/allocations/{allocation}/primary', [Client\Servers\NetworkAllocationController::class, 'setPrimary']);`
			`Route::delete('/allocations/{allocation}', [Client\Servers\NetworkAllocationController::class, 'delete']);`
Add base code to support retrieving allocations as a client 2019-03-24 00:47:20 +00:00			`});`
Add basic subuser listing for servers 2019-11-03 20:20:11 +00:00
[security] fix resources not properly returning an error when they don't match the server in the URL Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request. Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel. 2021-01-20 05:19:17 +00:00			`Route::group(['prefix' => '/users'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\Servers\SubuserController::class, 'index']);`
			`Route::post('/', [Client\Servers\SubuserController::class, 'store']);`
			`Route::get('/{user}', [Client\Servers\SubuserController::class, 'view']);`
			`Route::post('/{user}', [Client\Servers\SubuserController::class, 'update']);`
			`Route::delete('/{user}', [Client\Servers\SubuserController::class, 'delete']);`
Add basic subuser listing for servers 2019-11-03 20:20:11 +00:00			`});`
Add ability for user to change server's name 2019-12-10 06:03:10 +00:00
Very basic implemention of frontend logic required to display backups and create a new one 2020-04-04 17:59:25 +00:00			`Route::group(['prefix' => '/backups'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\Servers\BackupController::class, 'index']);`
			`Route::post('/', [Client\Servers\BackupController::class, 'store']);`
			`Route::get('/{backup}', [Client\Servers\BackupController::class, 'view']);`
			`Route::get('/{backup}/download', [Client\Servers\BackupController::class, 'download']);`
			`Route::post('/{backup}/lock', [Client\Servers\BackupController::class, 'toggleLock']);`
			`Route::post('/{backup}/restore', [Client\Servers\BackupController::class, 'restore']);`
			`Route::delete('/{backup}', [Client\Servers\BackupController::class, 'delete']);`
Very basic implemention of frontend logic required to display backups and create a new one 2020-04-04 17:59:25 +00:00			`});`

Support modifying startup variables for servers 2020-08-23 01:13:59 +00:00			`Route::group(['prefix' => '/startup'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::get('/', [Client\Servers\StartupController::class, 'index']);`
			`Route::put('/variable', [Client\Servers\StartupController::class, 'update']);`
Support modifying startup variables for servers 2020-08-23 01:13:59 +00:00			`});`

Add ability for user to change server's name 2019-12-10 06:03:10 +00:00			`Route::group(['prefix' => '/settings'], function () {`
Switch to more recent Laravel route definition methods 2022-05-14 19:51:05 +00:00			`Route::post('/rename', [Client\Servers\SettingsController::class, 'rename']);`
			`Route::post('/reinstall', [Client\Servers\SettingsController::class, 'reinstall']);`
			`Route::put('/docker-image', [Client\Servers\SettingsController::class, 'dockerImage']);`
Add ability for user to change server's name 2019-12-10 06:03:10 +00:00			`});`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`});`