misc_pterodactyl-panel/app/Http/Requests/Api/Application/ApplicationApiRequest.php

<?php

namespace Pterodactyl\Http\Requests\Api\Application;

use Webmozart\Assert\Assert;
use Laravel\Sanctum\TransientToken;
use Illuminate\Validation\Validator;
use Illuminate\Database\Eloquent\Model;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Illuminate\Foundation\Http\FormRequest;
use Pterodactyl\Exceptions\PterodactylException;

abstract class ApplicationApiRequest extends FormRequest
{
    /**
     * The resource that should be checked when performing the authorization
     * function for this request.
     *
     * @var string|null
     */
    protected $resource;

    /**
     * The permission level that a given API key should have for accessing
     * the defined $resource during the request cycle.
     *
     * @var int
     */
    protected $permission = AdminAcl::NONE;

    /**
     * Determine if the current user is authorized to perform
     * the requested action against the API.
     *
     * @throws \Pterodactyl\Exceptions\PterodactylException
     */
    public function authorize(): bool
    {
        if (is_null($this->resource)) {
            throw new PterodactylException('An ACL resource must be defined on API requests.');
        }

        $token = $this->user()->currentAccessToken();
        if ($token instanceof TransientToken) {
            return true;
        }

        return AdminAcl::check($token, $this->resource, $this->permission);
    }

    /**
     * Default set of rules to apply to API requests.
     */
    public function rules(): array
    {
        return [];
    }

    /**
     * Helper method allowing a developer to easily hook into this logic without having
     * to remember what the method name is called or where to use it. By default this is
     * a no-op.
     */
    public function withValidator(Validator $validator): void
    {
        // do nothing
    }

    /**
     * Returns the named route parameter and asserts that it is a real model that
     * exists in the database.
     *
     * @template T of \Illuminate\Database\Eloquent\Model
     *
     * @param class-string<T> $expect
     *
     * @return T
     * @noinspection PhpUndefinedClassInspection
     * @noinspection PhpDocSignatureInspection
     */
    public function parameter(string $key, string $expect)
    {
        $value = $this->route()->parameter($key);

        Assert::isInstanceOf($value, $expect);
        Assert::isInstanceOf($value, Model::class);
        Assert::true($value->exists);

        /* @var T $value */
        return $value;
    }
}
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`<?php`

Reorganize API files 2018-01-20 01:58:57 +00:00			`namespace Pterodactyl\Http\Requests\Api\Application;`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`use Webmozart\Assert\Assert;`
Update transformers and controllers to no longer pull an API key attribute 2022-05-22 19:37:39 +00:00			`use Laravel\Sanctum\TransientToken;`
Add support for storing SSH keys on user accounts 2022-05-14 21:31:53 +00:00			`use Illuminate\Validation\Validator;`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`use Illuminate\Database\Eloquent\Model;`
Reorganize API files 2018-01-20 01:58:57 +00:00			`use Pterodactyl\Services\Acl\Api\AdminAcl;`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`use Illuminate\Foundation\Http\FormRequest;`
			`use Pterodactyl\Exceptions\PterodactylException;`

Make server listing and single server view API endpoints work 2018-01-20 03:47:06 +00:00			`abstract class ApplicationApiRequest extends FormRequest`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`{`
			`/**`
			`* The resource that should be checked when performing the authorization`
			`* function for this request.`
			`*`
			`* @var string\|null`
			`*/`
			`protected $resource;`

			`/**`
			`* The permission level that a given API key should have for accessing`
			`* the defined $resource during the request cycle.`
			`*`
			`* @var int`
			`*/`
Reorganize API files 2018-01-20 01:58:57 +00:00			`protected $permission = AdminAcl::NONE;`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00
			`/**`
			`* Determine if the current user is authorized to perform`
Fix app/ spelling errors 2018-05-13 14:50:56 +00:00			`* the requested action against the API.`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`*`
			`* @throws \Pterodactyl\Exceptions\PterodactylException`
			`*/`
			`public function authorize(): bool`
			`{`
			`if (is_null($this->resource)) {`
			`throw new PterodactylException('An ACL resource must be defined on API requests.');`
			`}`

Update transformers and controllers to no longer pull an API key attribute 2022-05-22 19:37:39 +00:00			`$token = $this->user()->currentAccessToken();`
			`if ($token instanceof TransientToken) {`
			`return true;`
			`}`

			`return AdminAcl::check($token, $this->resource, $this->permission);`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`}`

			`/**`
			`* Default set of rules to apply to API requests.`
			`*/`
			`public function rules(): array`
			`{`
			`return [];`
			`}`

Add support for storing SSH keys on user accounts 2022-05-14 21:31:53 +00:00			`/**`
			`* Helper method allowing a developer to easily hook into this logic without having`
			`* to remember what the method name is called or where to use it. By default this is`
			`* a no-op.`
			`*/`
			`public function withValidator(Validator $validator): void`
			`{`
			`// do nothing`
			`}`

Validate resource existence before validating data sent 2018-03-02 02:00:14 +00:00			`/**`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`* Returns the named route parameter and asserts that it is a real model that`
			`* exists in the database.`
Validate resource existence before validating data sent 2018-03-02 02:00:14 +00:00			`*`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`* @template T of \Illuminate\Database\Eloquent\Model`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`*`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`* @param class-string<T> $expect`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`*`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`* @return T`
			`* @noinspection PhpUndefinedClassInspection`
			`* @noinspection PhpDocSignatureInspection`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`*/`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`public function parameter(string $key, string $expect)`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`{`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`$value = $this->route()->parameter($key);`
Validate resource existence before validating data sent 2018-03-02 02:00:14 +00:00
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`Assert::isInstanceOf($value, $expect);`
			`Assert::isInstanceOf($value, Model::class);`
			`Assert::true($value->exists);`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 18:10:01 +00:00			`/* @var T $value */`
			`return $value;`
First round of changes to API to support simpler permissions. 2018-01-12 04:49:46 +00:00			`}`
			`}`