Add API Management to admin CP

This commit is contained in:
Dane Everitt 2016-01-16 19:56:48 -05:00
parent ade16e64c8
commit 3e595ca856
9 changed files with 395 additions and 4 deletions

View file

@ -4,9 +4,14 @@ namespace Pterodactyl\Http\Controllers\Admin;
use Alert; use Alert;
use Log; use Log;
use Pterodactyl\Models;
use Pterodactyl\Models;
use Pterodactyl\Repositories\APIRepository;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Exceptions\DisplayValidationException;
use Pterodactyl\Exceptions\DisplayException;
use Illuminate\Http\Request; use Illuminate\Http\Request;
class APIController extends Controller class APIController extends Controller
@ -29,4 +34,40 @@ class APIController extends Controller
]); ]);
} }
public function getNew(Request $request)
{
return view('admin.api.new');
}
public function postNew(Request $request)
{
try {
$api = new APIRepository;
$secret = $api->new($request->except(['_token']));
Alert::info('An API Keypair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br />Secret: <code>' . $secret . '</code>')->flash();
return redirect()->route('admin.api');
} catch (DisplayValidationException $ex) {
return redirect()->route('admin.api.new')->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attempting to add this API key.')->flash();
}
return redirect()->route('admin.api.new')->withInput();
}
public function deleteRevokeKey(Request $request, $key)
{
try {
$api = new APIRepository;
$api->revoke($key);
return response('', 204);
} catch (\Exception $ex) {
return response()->json([
'error' => 'An error occured while attempting to remove this key.'
], 503);
}
}
} }

View file

@ -235,9 +235,12 @@ class AdminRoutes {
'as' => 'admin.api.new', 'as' => 'admin.api.new',
'uses' => 'Admin\APIController@getNew' 'uses' => 'Admin\APIController@getNew'
]); ]);
$router->post('/new', [
'uses' => 'Admin\APIController@postNew'
]);
$router->delete('/revoke/{key?}', [ $router->delete('/revoke/{key?}', [
'as' => 'admin.api.revoke', 'as' => 'admin.api.revoke',
'uses' => 'Admin\APIController@deleteKey' 'uses' => 'Admin\APIController@deleteRevokeKey'
]); ]);
}); });

View file

@ -21,5 +21,11 @@ class APIPermission extends Model
*/ */
protected $guarded = ['id']; protected $guarded = ['id'];
/**
* Disable timestamps for this table.
*
* @var boolean
*/
public $timestamps = false;
} }

View file

@ -0,0 +1,151 @@
<?php
namespace Pterodactyl\Repositories;
use DB;
use Validator;
use IPTools\Network;
use Pterodactyl\Models;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Exceptions\DisplayValidationException;
class APIRepository
{
/**
* Valid API permissions.
* @var array
*/
protected $permissions = [
'*',
// User Management Routes
'api.users',
'api.users.view',
'api.users.post',
'api.users.delete',
'api.users.patch',
// Server Manaement Routes
'api.servers',
'api.servers.view',
'api.servers.post',
'api.servers.suspend',
'api.servers.unsuspend',
'api.servers.delete',
// Node Management Routes
'api.nodes',
'api.nodes.view',
'api.nodes.post',
'api.nodes.view_allocations',
'api.nodes.delete',
// Assorted Routes
'api.services',
'api.services.view',
'api.locations',
];
/**
* Holder for listing of allowed IPs when creating a new key.
* @var array
*/
protected $allowed = [];
/**
* Constructor
*/
public function __construct()
{
//
}
/**
* Create a New API Keypair on the system.
*
* @param array $data An array with a permissions and allowed_ips key.
*
* @throws Pterodactyl\Exceptions\DisplayException if there was an error that can be safely displayed to end-users.
* @throws Pterodactyl\Exceptions\DisplayValidationException if there was a validation error.
*
* @return string Returns the generated secret token.
*/
public function new(array $data)
{
$validator = Validator::make($data, [
'permissions' => 'required|array'
]);
$validator->after(function($validator) use ($data) {
if (array_key_exists('allowed_ips', $data) && !empty($data['allowed_ips'])) {
foreach(explode("\n", $data['allowed_ips']) as $ip) {
$ip = trim($ip);
try {
Network::parse($ip);
array_push($this->allowed, $ip);
} catch (\Exception $ex) {
$validator->errors()->add('allowed_ips', 'Could not parse IP <' . $ip . '> because it is in an invalid format.');
}
}
}
});
// Run validator, throw catchable and displayable exception if it fails.
// Exception includes a JSON result of failed validation rules.
if ($validator->fails()) {
throw new DisplayValidationException($validator->errors());
}
DB::beginTransaction();
$key = new Models\APIKey;
$key->fill([
'public' => str_random(16),
'secret' => str_random(16) . '.' . str_random(15),
'allowed_ips' => empty($this->allowed) ? null : json_encode($this->allowed)
]);
$key->save();
foreach($data['permissions'] as $permission) {
if (in_array($permission, $this->permissions)) {
$model = new Models\APIPermission;
$model->fill([
'key_id' => $key->id,
'permission' => $permission
]);
$model->save();
}
}
try {
DB::commit();
return $key->secret;
} catch (\Exception $ex) {
throw $ex;
}
}
/**
* Revokes an API key and associated permissions.
*
* @param string $key The public key.
*
* @throws Illuminate\Database\Eloquent\ModelNotFoundException
*
* @return void
*/
public function revoke(string $key)
{
DB::beginTransaction();
$model = Models\APIKey::where('public', $key)->firstOrFail();
$permissions = Models\APIPermission::where('key_id', $model->id)->delete();
$model->delete();
DB::commit();
}
}

View file

@ -112,6 +112,10 @@ li.btn.btn-default.pill:active,li.btn.btn-default.pill:focus,li.btn.btn-default.
margin: 0 !important; margin: 0 !important;
} }
.fuelux .checkbox.highlight.checked label, .fuelux .checkbox.highlight label {
width: 100%;
}
.btn-allocate-delete { .btn-allocate-delete {
height:34px; height:34px;
width:34px; width:34px;

View file

@ -61,8 +61,10 @@ $(document).ready(function () {
text: 'Once this API key is revoked any applications currently using it will stop working.', text: 'Once this API key is revoked any applications currently using it will stop working.',
showCancelButton: true, showCancelButton: true,
allowOutsideClick: true, allowOutsideClick: true,
closeOnConfirm: false,
confirmButtonText: 'Revoke', confirmButtonText: 'Revoke',
confirmButtonColor: '#d9534f', confirmButtonColor: '#d9534f',
showLoaderOnConfirm: true
}, function () { }, function () {
$.ajax({ $.ajax({
method: 'DELETE', method: 'DELETE',
@ -73,6 +75,8 @@ $(document).ready(function () {
}).done(function (data) { }).done(function (data) {
swal({ swal({
type: 'success', type: 'success',
title: '',
text: 'API Key has been revoked.'
}); });
self.parent().parent().slideUp(); self.parent().parent().slideUp();
}).fail(function (jqXHR) { }).fail(function (jqXHR) {

View file

@ -0,0 +1,182 @@
@extends('layouts.admin')
@section('title')
API Management
@endsection
@section('content')
<div class="col-md-12">
<ul class="breadcrumb">
<li><a href="/admin">Admin Control</a></li>
<li><a href="/admin/api">API Management</a></li>
<li class="active">New</li>
</ul>
<h3>Add New API Key</h3><hr />
<form action="{{ route('admin.api.new') }}" method="POST">
<div class="row">
<div class="col-md-12 fuelux">
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="*"> <strong>*</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows performing any action aganist the API.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>User Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users"> <strong>GET /users</strong>
<p class="text-muted"><small>Allows listing of all users currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.post"> <strong>POST /users</strong>
<p class="text-muted"><small>Allows creating a new user on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.view"> <strong>GET /users/{id}</strong>
<p class="text-muted"><small>Allows viewing details about a specific user including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.patch"> <strong>PATCH /users/{id}</strong>
<p class="text-muted"><small>Allows modifying user details (email, password, TOTP information).</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.delete"> <strong>DELETE /users/{id}</strong>
<p class="text-muted"><small>Allows deleting a user.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Server Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers"> <strong>GET /servers</strong>
<p class="text-muted"><small>Allows listing of all servers currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.post"> <strong>POST /servers</strong>
<p class="text-muted"><small>Allows creating a new server on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.view"> <strong>GET /servers/{id}</strong>
<p class="text-muted"><small>Allows viewing details about a specific server.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.suspend"> <strong>POST /servers/{id}/suspend</strong>
<p class="text-muted"><small>Allows suspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.unsuspend"> <strong>POST /servers/{id}/unsuspend</strong>
<p class="text-muted"><small>Allows unsuspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.delete"> <strong>DELETE /servers/{id}</strong>
<p class="text-muted"><small>Allows deleting a server.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>Node Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes"> <strong>GET /nodes</strong>
<p class="text-muted"><small>Allows listing of all nodes currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.post"> <strong>POST /nodes</strong>
<p class="text-muted"><small>Allows creating a new node on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.view"> <strong>GET /nodes/{id}</strong>
<p class="text-muted"><small>Allows viewing details about a specific node including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.view_allocations"> <strong>GET /nodes/{id}/allocations</strong>
<p class="text-muted"><small>Allows viewing details about a specific node including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.delete"> <strong>DELETE /nodes/{id}</strong>
<p class="text-muted"><small>Allows deleting a node.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Service Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.services"> <strong>GET /services</strong>
<p class="text-muted"><small>Allows listing of all services configured on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.services.view"> <strong>GET /services/{id}</strong>
<p class="text-muted"><small>Allows listing details about each service on the system including service options and variables.</small><p>
</label>
</div>
<h4>Location Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.locations"> <strong>GET /locations</strong>
<p class="text-muted"><small>Allows listing all locations and thier associated nodes.</small><p>
</label>
</div>
</div>
</div>
<div class="well">
<div class="row">
<div class="form-group col-md-12">
<label for="allowed_ips" class="control-label">Allowed IPs</label>
<div>
<textarea name="allowed_ips" class="form-control" rows="5">{{ old('allowed_ips') }}</textarea>
<p class="text-muted"><small>Enter a line delimitated list of IPs that are allowed to access the API using this key. CIDR notation is allowed. Leave blank to allow any IP.</small></p>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
{!! csrf_field() !!}
<input type="submit" class="btn btn-sm btn-primary" value="Create New Key" />
</div>
</div>
</div>
</form>
</div>
<script>
$(document).ready(function () {
$('#sidebar_links').find("a[href='/admin/api']").addClass('active');
$('[data-initialize="checkbox"]').checkbox();
});
</script>
@endsection

View file

@ -106,7 +106,7 @@
@foreach ($messages as $message) @foreach ($messages as $message)
<div class="alert alert-{{ $type }} alert-dismissable" role="alert"> <div class="alert alert-{{ $type }} alert-dismissable" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button> <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
{{ $message }} {!! $message !!}
</div> </div>
@endforeach @endforeach
@endforeach @endforeach

View file

@ -219,7 +219,7 @@
@foreach ($messages as $message) @foreach ($messages as $message)
<div class="alert alert-{{ $type }} alert-dismissable" role="alert"> <div class="alert alert-{{ $type }} alert-dismissable" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button> <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
{{ $message }} {!! $message !!}
</div> </div>
@endforeach @endforeach
@endforeach @endforeach