Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add initial basic API changes

Browse source 
New route is `/api/me`
This commit is contained in:
Dane Everitt 2016-10-14 20:22:23 -04:00
parent 126df09152
commit 745c735b32
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
17 changed files with 587 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
app/Http/Controllers/API/User/InfoController.php Normal file
View file

@ -0,0 +1,58 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\User;
use Auth;
use Dingo;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\API\BaseController;
class InfoController extends BaseController
{
public function me(Request $request)
{
$servers = Models\Server::getUserServers();
$response = [];
foreach($servers as &$server) {
$response = array_merge($response, [[
'id' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $server->nodeName,
'ip' => [
'set' => $server->ip,
'alias' => $server->ip_alias
],
'port' => $server->port,
'service' => $server->a_serviceName,
'option' => $server->a_serviceOptionName
]]);
}
return $response;
}
}

39
app/Http/Controllers/API/User/PowerController.php Normal file
View file

@ -0,0 +1,39 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\User;
use Pterodactyl\Models;
use Illuminate\Http\Request;
class PowerController extends BaseController
{
public function __constructor()
{
}
public function pass(Request $request, $uuid)
{
//$server = Models\Server::where('id', $id)->where();
}
}

60
app/Http/Controllers/Base/APIController.php Normal file
View file

@ -0,0 +1,60 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
* Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\Base;
use Alert;
use Pterodactyl\Models;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Http\Request;
class APIController extends Controller
{
public function index(Request $request)
{
$keys = Models\APIKey::where('user', $request->user()->id)->get();
foreach($keys as &$key) {
$key->permissions = Models\APIPermission::where('key_id', $key->id)->get();
}
return view('base.api.index', [
'keys' => $keys
]);
}
public function new(Request $request)
{
return view('base.api.new');
}
public function save(Request $request)
{
}
}

20
app/Http/Middleware/APISecretToken.php
View file

@ -23,12 +23,15 @@
*/
namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt;
use Config;
use IPTools\IP;
use IPTools\Range;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Models\User;
use Pterodactyl\Services\APILogService;
use Illuminate\Http\Request;
@ -51,7 +54,7 @@ class APISecretToken extends Authorization
public function __construct()
{
//
Config::set('session.driver', 'array');
}
public function getAuthorizationMethod()
@ -90,14 +93,11 @@ class APISecretToken extends Authorization
}
}
foreach(APIPermission::where('key_id', $key->id)->get() as &$row) {
if ($row->permission === '*' || $row->permission === $request->route()->getName()) {
$this->permissionAllowed = true;
continue;
}
}
if (!$this->permissionAllowed) {
$permission = APIPermission::where('key_id', $key->id)
->where('permission', $request->route()->getName())
->orWhere('permission', '*')
->first();
if (!$permission) {
APILogService::log($request, 'You do not have permission to access this resource.');
throw new AccessDeniedHttpException('You do not have permission to access this resource.');
}
@ -118,7 +118,7 @@ class APISecretToken extends Authorization
// Log the Route Access
APILogService::log($request, null, true);
return true;
return Auth::loginUsingId($key->user);
}

53
app/Http/Routes/APIRoutes.php
View file

@ -32,33 +32,40 @@ class APIRoutes
public function map(Router $router) {
$api = app('Dingo\Api\Routing\Router');
$api->version('v1', ['middleware' => 'api.auth'], function ($api) {
$api->version('v1', ['prefix' => 'api/me', 'middleware' => 'api.auth'], function ($api) {
$api->get('/', [
'as' => 'api.user',
'uses' => 'Pterodactyl\Http\Controllers\API\User\InfoController@me'
]);
});
$api->version('v1', ['prefix' => 'api', 'middleware' => 'api.auth'], function ($api) {
/**
* User Routes
*/
$api->get('users', [
'as' => 'api.users.list',
'as' => 'api.admin.users.list',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@list'
]);
$api->post('users', [
'as' => 'api.users.create',
'as' => 'api.admin.users.create',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@create'
]);
$api->get('users/{id}', [
'as' => 'api.users.view',
'as' => 'api.admin.users.view',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@view'
]);
$api->patch('users/{id}', [
'as' => 'api.users.update',
'as' => 'api.admin.users.update',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@update'
]);
$api->delete('users/{id}', [
'as' => 'api.users.delete',
'as' => 'api.admin.users.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@delete'
]);
@ -66,42 +73,42 @@ class APIRoutes
* Server Routes
*/
$api->get('servers', [
'as' => 'api.servers.list',
'as' => 'api.admin.servers.list',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@list'
]);
$api->post('servers', [
'as' => 'api.servers.create',
'as' => 'api.admin.servers.create',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@create'
]);
$api->get('servers/{id}', [
'as' => 'api.servers.view',
'as' => 'api.admin.servers.view',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@view'
]);
$api->patch('servers/{id}/config', [
'as' => 'api.servers.config',
'as' => 'api.admin.servers.config',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@config'
]);
$api->patch('servers/{id}/build', [
'as' => 'api.servers.build',
'as' => 'api.admin.servers.build',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@build'
]);
$api->post('servers/{id}/suspend', [
'as' => 'api.servers.suspend',
'as' => 'api.admin.servers.suspend',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@suspend'
]);
$api->post('servers/{id}/unsuspend', [
'as' => 'api.servers.unsuspend',
'as' => 'api.admin.servers.unsuspend',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@unsuspend'
]);
$api->delete('servers/{id}/{force?}', [
'as' => 'api.servers.delete',
'as' => 'api.admin.servers.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@delete'
]);
@ -109,32 +116,32 @@ class APIRoutes
* Node Routes
*/
$api->get('nodes', [
'as' => 'api.nodes.list',
'as' => 'api.admin.nodes.list',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@list'
]);
$api->post('nodes', [
'as' => 'api.nodes.create',
'as' => 'api.admin.nodes.create',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@create'
]);
$api->get('nodes/allocations', [
'as' => 'api.nodes.allocations',
'as' => 'api.admin.nodes.allocations',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@allocations'
]);
$api->get('nodes/{id}', [
'as' => 'api.nodes.view',
'as' => 'api.admin.nodes.view',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@view'
]);
$api->get('nodes/{id}/config', [
'as' => 'api.nodes.view',
'as' => 'api.admin.nodes.view',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@config'
]);
$api->delete('nodes/{id}', [
'as' => 'api.nodes.delete',
'as' => 'api.admin.nodes.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@delete'
]);
@ -142,7 +149,7 @@ class APIRoutes
* Location Routes
*/
$api->get('locations', [
'as' => 'api.locations.list',
'as' => 'api.admin.locations.list',
'uses' => 'Pterodactyl\Http\Controllers\API\LocationController@list'
]);
@ -150,12 +157,12 @@ class APIRoutes
* Service Routes
*/
$api->get('services', [
'as' => 'api.services.list',
'as' => 'api.admin.services.list',
'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@list'
]);
$api->get('services/{id}', [
'as' => 'api.services.view',
'as' => 'api.admin.services.view',
'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@view'
]);

21
app/Http/Routes/BaseRoutes.php
View file

@ -69,6 +69,27 @@ class BaseRoutes {
]);
});
// API Management Routes
$router->group([
'prefix' => 'account/api',
'middleware' => [
'auth',
'csrf'
]
], function () use ($router) {
$router->get('/', [
'as' => 'account.api',
'uses' => 'Base\APIController@index'
]);
$router->get('/new', [
'as' => 'account.api.new',
'uses' => 'Base\APIController@new'
]);
$router->post('/new', [
'uses' => 'Base\APIController@save'
]);
});
// TOTP Routes
$router->group([
'prefix' => 'account/security',

2
app/Http/Routes/ServerRoutes.php
View file

@ -28,6 +28,7 @@ use Illuminate\Routing\Router;
class ServerRoutes {
public function map(Router $router) {
$router->group([
'prefix' => 'server/{server}',
'middleware' => [
@ -36,6 +37,7 @@ class ServerRoutes {
'csrf'
]
], function ($server) use ($router) {
// Index View for Server
$router->get('/', [
'as' => 'server.index',

13
app/Models/Server.php
View file

@ -24,7 +24,6 @@
namespace Pterodactyl\Models;
use Auth;
use Pterodactyl\Models\Subuser;
use Illuminate\Database\Eloquent\Model;
@ -91,7 +90,11 @@ class Server extends Model
*/
public function __construct()
{
self::$user = Auth::user();
if (!is_null(Auth::user())) {
self::$user = Auth::user();
} else {
throw new \Exception('Auth::user and Dingo::user cannot both be null.');
}
}
/**
@ -133,9 +136,13 @@ class Server extends Model
'locations.short as a_locationShort',
'allocations.ip',
'allocations.ip_alias',
'allocations.port'
'allocations.port',
'services.name as a_serviceName',
'service_options.name as a_serviceOptionName'
)->join('nodes', 'servers.node', '=', 'nodes.id')
->join('locations', 'nodes.location', '=', 'locations.id')
->join('services', 'servers.service', '=', 'services.id')
->join('service_options', 'servers.option', '=', 'service_options.id')
->join('allocations', 'servers.allocation', '=', 'allocations.id');
if (self::$user->root_admin !== 1) {

6
app/Models/Subuser.php
View file

@ -70,7 +70,11 @@ class Subuser extends Model
*/
public function __construct()
{
self::$user = Auth::user();
if (!is_null(Auth::user())) {
self::$user = Auth::user();
} else {
throw new \Exception('Auth::user and Dingo::user cannot both be null.');
}
}
/**

3
app/Repositories/UserRepository.php
View file

@ -162,7 +162,8 @@ class UserRepository
throw new DisplayException('Cannot delete a user with active servers attached to thier account.');
}
if(Auth::user()->id === $id) {
// @TODO: this should probably be checked outside of this method because we won't always have Auth::user()
if(!is_null(Auth::user()) && Auth::user()->id === $id) {
throw new DisplayException('Cannot delete your own account.');
}

2
config/app.php
View file

@ -188,6 +188,8 @@ return [
'Crypt' => Illuminate\Support\Facades\Crypt::class,
'DB' => Illuminate\Support\Facades\DB::class,
'Debugbar' => Barryvdh\Debugbar\Facade::class,
'Dingo' => Dingo\Api\Facade\API::class,
'DingoRoute'=> Dingo\Api\Facade\Route::class,
'Eloquent' => Illuminate\Database\Eloquent\Model::class,
'Event' => Illuminate\Support\Facades\Event::class,
'File' => Illuminate\Support\Facades\File::class,

4
config/session.php
View file

@ -29,9 +29,9 @@ return [
|
*/
'lifetime' => 120,
'lifetime' => 30,
'expire_on_close' => false,
'expire_on_close' => true,
/*
|--------------------------------------------------------------------------

36
database/migrations/2016_10_14_164802_update_api_keys.php Normal file
View file

@ -0,0 +1,36 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class UpdateApiKeys extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('api_keys', function (Blueprint $table) {
$table->unsignedInteger('user')->after('id');
$table->text('memo')->after('allowed_ips')->nullable();
$table->timestamp('expires_at')->after('memo')->nullable();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('api_keys', function (Blueprint $table) {
$table->dropColumn('user');
$table->dropColumn('memo');
$table->dropColumn('expires_at');
});
}
}

4
public/themes/default/css/pterodactyl.css
View file

@ -263,3 +263,7 @@ li.btn.btn-default.pill:active,li.btn.btn-default.pill:focus,li.btn.btn-default.
.left-icon + td {
border-left: 0px !important;
}
.fuelux .wizard .step-content > .alert {
margin-bottom: 0 !important;
}

66
resources/views/base/api/index.blade.php Normal file
View file

@ -0,0 +1,66 @@
{{-- Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com> --}}
{{-- Permission is hereby granted, free of charge, to any person obtaining a copy --}}
{{-- of this software and associated documentation files (the "Software"), to deal --}}
{{-- in the Software without restriction, including without limitation the rights --}}
{{-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell --}}
{{-- copies of the Software, and to permit persons to whom the Software is --}}
{{-- furnished to do so, subject to the following conditions: --}}
{{-- The above copyright notice and this permission notice shall be included in all --}}
{{-- copies or substantial portions of the Software. --}}
{{-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR --}}
{{-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, --}}
{{-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE --}}
{{-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER --}}
{{-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, --}}
{{-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE --}}
{{-- SOFTWARE. --}}
@extends('layouts.master')
@section('title', 'API Access')
@section('sidebar-server')
@endsection
@section('content')
<div class="col-md-12">
<table class="table table-bordered table-hover">
<thead>
<tr>
<th>Public Key</th>
<th>Memo</th>
<th class="text-center">Created</th>
<th class="text-center">Expires</th>
<th class="text-center"></th>
</tr>
</thead>
<tbody>
@foreach ($keys as $key)
<tr class="align-middle">
<td><code>{{ $key->public }}</code></td>
<td>{{ $key->memo }}</td>
<td class="text-center">{{ (new Carbon($key->created_at))->toDayDateTimeString() }}</td>
<td class="text-center">
@if(is_null($key->expires_at))
<span class="label label-default">Never</span>
@else
{{ (new Carbon($key->expires_at))->toDayDateTimeString() }}
@endif
</td>
<td class="text-center"><a href="#delete" class="text-danger" data-action="delete" data-attr="{{ $key->public }}"><i class="fa fa-trash"></i></a></td>
</tr>
@endforeach
</tbody>
</table>
<div class="well">
<a href="{{ route('account.api.new') }}"><button class="btn btn-success btn-sm">Create New API Key</button></a>
</div>
</div>
<script>
$(document).ready(function () {
$('#sidebar_links').find('a[href="/account/api"]').addClass('active');
});
</script>
@endsection

238
resources/views/base/api/new.blade.php Normal file
View file

@ -0,0 +1,238 @@
{{-- Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com> --}}
{{-- Permission is hereby granted, free of charge, to any person obtaining a copy --}}
{{-- of this software and associated documentation files (the "Software"), to deal --}}
{{-- in the Software without restriction, including without limitation the rights --}}
{{-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell --}}
{{-- copies of the Software, and to permit persons to whom the Software is --}}
{{-- furnished to do so, subject to the following conditions: --}}
{{-- The above copyright notice and this permission notice shall be included in all --}}
{{-- copies or substantial portions of the Software. --}}
{{-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR --}}
{{-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, --}}
{{-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE --}}
{{-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER --}}
{{-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, --}}
{{-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE --}}
{{-- SOFTWARE. --}}
@extends('layouts.master')
@section('title', 'API Access')
@section('sidebar-server')
@endsection
@section('content')
<div class="col-md-12 fuelux">
<div class="wizard" data-initialize="wizard" id="apiWizard">
<div class="steps-container">
<ul class="steps">
<li data-step="1" data-name="user" class="active">
<span class="badge">1</span>Permissions
<span class="chevron"></span>
</li>
<li data-step="2" data-name="admin">
<span class="badge">2</span>Admin
<span class="chevron"></span>
</li>
<li data-step="3" data-name="ips">
<span class="badge">3</span>Security
<span class="chevron"></span>
</li>
<li data-step="4" data-name="ips">
<span class="badge">4</span>Finish
<span class="chevron"></span>
</li>
</ul>
</div>
<div class="actions">
<button type="button" class="btn btn-sm btn-default btn-prev">
<span class="fa fa-arrow-left"></span>Prev</button>
<button type="button" class="btn btn-sm btn-primary btn-next" data-last="Complete">Next
<span class="fa fa-arrow-right"></span>
</button>
</div>
<div class="step-content">
{{-- <form action="{{ route('admin.api.admin.new') }}" method="POST" id="perms_form"> --}}
<div class="step-pane active alert" data-step="1"></div>
<div class="step-pane alert" data-step="2">
<div class="row">
<div class="col-md-12 fuelux">
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="*"> <strong>*</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows performing any action aganist the api.admin.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>User Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.users.list"> <strong><span class="label label-default">GET</span> /users</strong>
<p class="text-muted"><small>Allows listing of all users currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.users.create"> <strong><span class="label label-default">POST</span> /users</strong>
<p class="text-muted"><small>Allows creating a new user on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.users.view"> <strong><span class="label label-default">GET</span> /users/{id}</strong>
<p class="text-muted"><small>Allows viewing details about a specific user including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.users.update"> <strong><span class="label label-default">PATCH</span> /users/{id}</strong>
<p class="text-muted"><small>Allows modifying user details (email, password, TOTP information).</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.users.delete"> <strong><span class="label label-danger">DELETE</span> /users/{id}</strong>
<p class="text-muted"><small>Allows deleting a user.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Server Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.list"> <strong><span class="label label-default">GET</span> /servers</strong>
<p class="text-muted"><small>Allows listing of all servers currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.create"> <strong><span class="label label-default">POST</span> /servers</strong>
<p class="text-muted"><small>Allows creating a new server on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.view"> <strong><span class="label label-default">GET</span> /servers/{id}</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows viewing details about a specific server including the <code>daemon_token</code> as current process information.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.config"> <strong><span class="label label-default">PATCH</span> /servers/{id}/config</strong>
<p class="text-muted"><small>Allows modifying server config (name, owner, and access token).</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.build"> <strong><span class="label label-default">PATCH</span> /servers/{id}/build</strong>
<p class="text-muted"><small>Allows modifying a server's build parameters such as memory, CPU, and disk space along with assigned and default IPs.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.suspend"> <strong><span class="label label-default">POST</span> /servers/{id}/suspend</strong>
<p class="text-muted"><small>Allows suspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.unsuspend"> <strong><span class="label label-default">POST</span> /servers/{id}/unsuspend</strong>
<p class="text-muted"><small>Allows unsuspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.servers.delete"> <strong><span class="label label-danger">DELETE</span> /servers/{id}</strong>
<p class="text-muted"><small>Allows deleting a server.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>Node Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.nodes.list"> <strong><span class="label label-default">GET</span> /nodes</strong>
<p class="text-muted"><small>Allows listing of all nodes currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.nodes.create"> <strong><span class="label label-default">POST</span> /nodes</strong>
<p class="text-muted"><small>Allows creating a new node on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.nodes.view"> <strong><span class="label label-default">GET</span> /nodes/{id}</strong>
<p class="text-muted"><small>Allows viewing details about a specific node including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.nodes.allocations"> <strong><span class="label label-default">GET</span> /nodes/allocations</strong>
<p class="text-muted"><small>Allows viewing all allocations on the panel for all nodes.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.nodes.delete"> <strong><span class="label label-danger">DELETE</span> /nodes/{id}</strong>
<p class="text-muted"><small>Allows deleting a node.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Service Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.services.list"> <strong><span class="label label-default">GET</span> /services</strong>
<p class="text-muted"><small>Allows listing of all services configured on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.services.view"> <strong><span class="label label-default">GET</span> /services/{id}</strong>
<p class="text-muted"><small>Allows listing details about each service on the system including service options and variables.</small><p>
</label>
</div>
<h4>Location Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="api.admin.locations.list"> <strong><span class="label label-default">GET</span> /locations</strong>
<p class="text-muted"><small>Allows listing all locations and thier associated nodes.</small><p>
</label>
</div>
</div>
</div>
</div>
<div class="step-pane alert" data-step="3">
<div class="form-group">
<label for="allowed_ips" class="control-label">Allowed IPs</label>
<div>
<textarea name="allowed_ips" class="form-control" rows="5">{{ old('allowed_ips') }}</textarea>
<p class="text-muted">Enter a line delimitated list of IPs that are allowed to access the API using this key. CIDR notation is allowed. Leave blank to allow any IP.</p>
</div>
</div>
</div>
<div class="step-pane bg-danger alert" data-step="4">
Whoa
</div>
</form>
</div>
</div>
{{-- </form> --}}
</div>
<script>
$(document).ready(function () {
$('#sidebar_links').find('a[href="/account/api"]').addClass('active');
});
</script>
@endsection

2
resources/views/layouts/master.blade.php
View file

@ -184,6 +184,7 @@
<ul class="dropdown-menu">
<li><a href="/account">{{ trans('pagination.sidebar.account_settings') }}</a></li>
<li><a href="/account/security">{{ trans('pagination.sidebar.account_security') }}</a></li>
<li><a href="/account/api">API Settings</a></li>
<li><a href="/index">{{ trans('pagination.sidebar.servers') }}</a></li>
</ul>
</li>
@ -237,6 +238,7 @@
<a href="#" class="list-group-item list-group-item-heading"><strong>{{ trans('pagination.sidebar.account_controls') }}</strong></a>
<a href="/account" class="list-group-item">{{ trans('pagination.sidebar.account_settings') }}</a>
<a href="/account/security" class="list-group-item">{{ trans('pagination.sidebar.account_security') }}</a>
<a href="/account/api" class="list-group-item">API Access</a>
<a href="/" class="list-group-item">{{ trans('pagination.sidebar.servers') }}</a>
</div>
@section('sidebar-server')