From 98b3355158b8b97abbb56cfdcc549a0e8c759b0f Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Tue, 12 Jan 2016 01:05:44 -0500
Subject: [PATCH 01/14] very basic initial push of API

---
 .env.example                                |   5 +
 app/Exceptions/Handler.php                  |   2 +-
 app/Http/Controllers/API/AuthController.php |  64 ++++++
 app/Http/Controllers/API/BaseController.php |  11 ++
 app/Http/Controllers/API/UserController.php |  86 ++------
 app/Http/Kernel.php                         |   3 +-
 app/Http/Middleware/APIAuthenticate.php     |  46 -----
 app/Http/Routes/APIRoutes.php               |  47 +++++
 app/Transformers/UserTransformer.php        |  21 ++
 composer.json                               |   4 +-
 config/api.php                              | 209 ++++++++++++++++++++
 config/app.php                              |   7 +
 config/jwt.php                              | 168 ++++++++++++++++
 13 files changed, 555 insertions(+), 118 deletions(-)
 create mode 100644 app/Http/Controllers/API/AuthController.php
 create mode 100644 app/Http/Controllers/API/BaseController.php
 delete mode 100644 app/Http/Middleware/APIAuthenticate.php
 create mode 100644 app/Http/Routes/APIRoutes.php
 create mode 100644 app/Transformers/UserTransformer.php
 create mode 100644 config/api.php
 create mode 100644 config/jwt.php

diff --git a/.env.example b/.env.example
index 5278a54f9..e282046f9 100644
--- a/.env.example
+++ b/.env.example
@@ -1,6 +1,7 @@
 APP_ENV=local
 APP_DEBUG=true
 APP_KEY=SomeRandomString
+JWT_SECRET=ChangeMe
 
 DB_HOST=localhost
 DB_PORT=3306
@@ -22,3 +23,7 @@ MAIL_PORT=2525
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
+
+API_PREFIX=api
+API_VERSION=v1
+API_DEBUG=false
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 1ef91c60c..d3a4599a7 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -55,7 +55,7 @@ class Handler extends ExceptionHandler
             $e = new NotFoundHttpException($e->getMessage(), $e);
         }
 
-        if ($request->isXmlHttpRequest() || $request->ajax() || $request->is('api/*') || $request->is('remote/*')) {
+        if ($request->isXmlHttpRequest() || $request->ajax() || $request->is('remote/*')) {
 
             $exception = 'An exception occured while attempting to perform this action, please try again.';
 
diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
new file mode 100644
index 000000000..6f95aa6c8
--- /dev/null
+++ b/app/Http/Controllers/API/AuthController.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use JWTAuth;
+use Tymon\JWTAuth\Exceptions\JWTException;
+
+use Illuminate\Http\Request;
+use \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+use \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+
+use Pterodactyl\Transformers\UserTransformer;
+use Pterodactyl\Models;
+
+/**
+ * @Resource("Auth", uri="/auth")
+ */
+class AuthController extends BaseController
+{
+
+    /**
+     * Authenticate
+     *
+     * Authenticate with the API to recieved a JSON Web Token
+     *
+     * @Post("/login")
+     * @Versions({"v1"})
+     * @Request({"email": "e@mail.com", "password": "soopersecret"})
+     * @Response(200, body={"token": "<jwt-token>"})
+     */
+    public function postLogin(Request $request) {
+        $credentials = $request->only('email', 'password');
+
+        try {
+            $token = JWTAuth::attempt($credentials, [
+                'permissions' => [
+                    'view_users' => true,
+                    'edit_users' => true,
+                    'delete_users' => false,
+                ]
+            ]);
+            if (!$token) {
+                throw new UnauthorizedHttpException('');
+            }
+        } catch (JWTException $ex) {
+            throw new ServiceUnavailableHttpException('');
+        }
+
+        return compact('token');
+    }
+
+    /**
+     * Check if Authenticated
+     *
+     * @Post("/validate")
+     * @Versions({"v1"})
+     * @Request(headers={"Authorization": "Bearer <jwt-token>"})
+     * @Response(204);
+     */
+    public function postValidate(Request $request) {
+        return $this->response->noContent();
+    }
+
+}
diff --git a/app/Http/Controllers/API/BaseController.php b/app/Http/Controllers/API/BaseController.php
new file mode 100644
index 000000000..b0ade2a64
--- /dev/null
+++ b/app/Http/Controllers/API/BaseController.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use Dingo\Api\Routing\Helpers;
+use Illuminate\Routing\Controller;
+
+class BaseController extends Controller
+{
+    use Helpers;
+}
diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 958dce88d..146575552 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -2,82 +2,32 @@
 
 namespace Pterodactyl\Http\Controllers\API;
 
-use Gate;
-use Log;
-use Debugbar;
-use Pterodactyl\Models\API;
-use Pterodactyl\Models\User;
-
-use Pterodactyl\Http\Controllers\Controller;
 use Illuminate\Http\Request;
 
-class UserController extends Controller
+use Pterodactyl\Transformers\UserTransformer;
+use Pterodactyl\Models;
+
+/**
+ * @Resource("Users", uri="/users")
+ */
+class UserController extends BaseController
 {
 
     /**
-     * Constructor
-     */
-    public function __construct()
-    {
-        //
-    }
-
-    public function getAllUsers(Request $request)
-    {
-
-        // Policies don't work if the user isn't logged in for whatever reason in Laravel...
-        if(!API::checkPermission($request->header('X-Authorization'), 'get-users')) {
-            return API::noPermissionError();
-        }
-
-        return response()->json([
-            'users' => User::all()
-        ]);
-    }
-
-    /**
-     * Returns JSON response about a user given their ID.
-     * If fields are provided only those fields are returned.
+     * List All Users
      *
-     * Does not return protected fields (i.e. password & totp_secret)
+     * Lists all users currently on the system.
      *
-     * @param  Request $request
-     * @param  int     $id
-     * @param  string  $fields
-     * @return Response
+     * @Get("/{?page}")
+     * @Versions({"v1"})
+     * @Parameters({
+     * 		@Parameter("page", type="integer", description="The page of results to view.", default=1)
+     * })
+     * @Response(200)
      */
-    public function getUser(Request $request, $id, $fields = null)
-    {
-
-        // Policies don't work if the user isn't logged in for whatever reason in Laravel...
-        if(!API::checkPermission($request->header('X-Authorization'), 'get-users')) {
-            return API::noPermissionError();
-        }
-
-        if (is_null($fields)) {
-            return response()->json(User::find($id));
-        }
-
-        $query = User::where('id', $id);
-        $explode = explode(',', $fields);
-
-        foreach($explode as &$exploded) {
-            if(!empty($exploded)) {
-                $query->addSelect($exploded);
-            }
-        }
-
-        try {
-            return response()->json($query->get());
-        } catch (\Exception $e) {
-            if ($e instanceof \Illuminate\Database\QueryException) {
-                return response()->json([
-                    'error' => 'One of the fields provided in your argument list is invalid.'
-                ], 500);
-            }
-            throw $e;
-        }
-
+    public function getUsers(Request $request) {
+        $users = Models\User::paginate(15);
+        return $this->response->paginator($users, new UserTransformer);
     }
 
 }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 5ae0c37ad..513fa4d9d 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -17,7 +17,6 @@ class Kernel extends HttpKernel
         \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
         \Illuminate\Session\Middleware\StartSession::class,
         \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \Pterodactyl\Http\Middleware\VerifyCsrfToken::class,
     ];
 
     /**
@@ -30,7 +29,7 @@ class Kernel extends HttpKernel
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'guest' => \Pterodactyl\Http\Middleware\RedirectIfAuthenticated::class,
         'server' => \Pterodactyl\Http\Middleware\CheckServer::class,
-        'api' => \Pterodactyl\Http\Middleware\APIAuthenticate::class,
         'admin' => \Pterodactyl\Http\Middleware\AdminAuthenticate::class,
+        'csrf' => \Pterodactyl\Http\Middleware\VerifyCsrfToken::class,
     ];
 }
diff --git a/app/Http/Middleware/APIAuthenticate.php b/app/Http/Middleware/APIAuthenticate.php
deleted file mode 100644
index 8b59f7e27..000000000
--- a/app/Http/Middleware/APIAuthenticate.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Middleware;
-
-use Closure;
-use Debugbar;
-
-use Pterodactyl\Models\API;
-
-class APIAuthenticate
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  \Closure  $next
-     * @return mixed
-     */
-    public function handle($request, Closure $next)
-    {
-
-        if(!$request->header('X-Authorization')) {
-            return response()->json([
-                'error' => 'Authorization header was missing with this request. Please pass the \'X-Authorization\' header with your request.'
-            ], 403);
-        }
-
-        $api = API::where('key', $request->header('X-Authorization'))->first();
-        if (!$api) {
-            return response()->json([
-                'error' => 'Invalid API key was provided in the request.'
-            ], 403);
-        }
-
-        if (!is_null($api->allowed_ips)) {
-            if (!in_array($request->ip(), json_decode($api->allowed_ips, true))) {
-                return response()->json([
-                    'error' => 'This IP (' . $request->ip() . ') is not permitted to access the API with that token.'
-                ], 403);
-            }
-        }
-
-        return $next($request);
-
-    }
-}
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
new file mode 100644
index 000000000..355a1a3b7
--- /dev/null
+++ b/app/Http/Routes/APIRoutes.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace Pterodactyl\Http\Routes;
+
+use Pterodactyl\Models;
+use Illuminate\Routing\Router;
+
+class APIRoutes
+{
+
+    public function map(Router $router) {
+
+        app('Dingo\Api\Auth\Auth')->extend('jwt', function ($app) {
+            return new \Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
+        });
+
+        $api = app('Dingo\Api\Routing\Router');
+
+        $api->version('v1', function ($api) {
+            $api->post('auth/login', [
+                'as' => 'api.auth.login',
+                'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postLogin'
+            ]);
+
+            $api->post('auth/validate', [
+                'middleware' => 'api.auth',
+                'as' => 'api.auth.validate',
+                'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postValidate'
+            ]);
+        });
+
+        $api->version('v1', ['middleware' => 'api.auth'], function ($api) {
+
+            $api->get('users', [
+                'as' => 'api.auth.validate',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
+            ]);
+
+            $api->get('users/{id}', function($id) {
+                return Models\User::findOrFail($id);
+            });
+
+
+        });
+    }
+
+}
diff --git a/app/Transformers/UserTransformer.php b/app/Transformers/UserTransformer.php
new file mode 100644
index 000000000..22e4dffe6
--- /dev/null
+++ b/app/Transformers/UserTransformer.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Pterodactyl\Transformers;
+
+use Pterodactyl\Models\User;
+use League\Fractal\TransformerAbstract;
+
+class UserTransformer extends TransformerAbstract
+{
+
+    /**
+     * Turn this item object into a generic array
+     *
+     * @return array
+     */
+    public function transform(User $user)
+    {
+        return $user;
+    }
+
+}
diff --git a/composer.json b/composer.json
index 8dd5c5983..d56ce983f 100644
--- a/composer.json
+++ b/composer.json
@@ -8,12 +8,14 @@
         "php": ">=5.5.9",
         "laravel/framework": "5.2.*",
         "barryvdh/laravel-debugbar": "^2.0",
+        "dingo/api": "1.0.*@dev",
         "doctrine/dbal": "^2.5",
         "guzzlehttp/guzzle": "^6.1",
         "pragmarx/google2fa": "^0.7.1",
         "webpatser/laravel-uuid": "^2.0",
         "prologue/alerts": "^0.4.0",
-        "s1lentium/iptools": "^1.0"
+        "s1lentium/iptools": "^1.0",
+        "tymon/jwt-auth": "^0.5.6"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.4",
diff --git a/config/api.php b/config/api.php
new file mode 100644
index 000000000..872723046
--- /dev/null
+++ b/config/api.php
@@ -0,0 +1,209 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Standards Tree
+    |--------------------------------------------------------------------------
+    |
+    | Versioning an API with Dingo revolves around content negotiation and
+    | custom MIME types. A custom type will belong to one of three
+    | standards trees, the Vendor tree (vnd), the Personal tree
+    | (prs), and the Unregistered tree (x).
+    |
+    | By default the Unregistered tree (x) is used, however, should you wish
+    | to you can register your type with the IANA. For more details:
+    | https://tools.ietf.org/html/rfc6838
+    |
+    */
+
+    'standardsTree' => env('API_STANDARDS_TREE', 'x'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | API Subtype
+    |--------------------------------------------------------------------------
+    |
+    | Your subtype will follow the standards tree you use when used in the
+    | "Accept" header to negotiate the content type and version.
+    |
+    | For example: Accept: application/x.SUBTYPE.v1+json
+    |
+    */
+
+    'subtype' => env('API_SUBTYPE', 'pterodactyl'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Default API Version
+    |--------------------------------------------------------------------------
+    |
+    | This is the default version when strict mode is disabled and your API
+    | is accessed via a web browser. It's also used as the default version
+    | when generating your APIs documentation.
+    |
+    */
+
+    'version' => env('API_VERSION', 'v1'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Default API Prefix
+    |--------------------------------------------------------------------------
+    |
+    | A default prefix to use for your API routes so you don't have to
+    | specify it for each group.
+    |
+    */
+
+    'prefix' => env('API_PREFIX', null),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Default API Domain
+    |--------------------------------------------------------------------------
+    |
+    | A default domain to use for your API routes so you don't have to
+    | specify it for each group.
+    |
+    */
+
+    'domain' => env('API_DOMAIN', null),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Name
+    |--------------------------------------------------------------------------
+    |
+    | When documenting your API using the API Blueprint syntax you can
+    | configure a default name to avoid having to manually specify
+    | one when using the command.
+    |
+    */
+
+    'name' => env('API_NAME', 'Pterodactyl Panel API'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Conditional Requests
+    |--------------------------------------------------------------------------
+    |
+    | Globally enable conditional requests so that an ETag header is added to
+    | any successful response. Subsequent requests will perform a check and
+    | will return a 304 Not Modified. This can also be enabled or disabled
+    | on certain groups or routes.
+    |
+    */
+
+    'conditionalRequest' => env('API_CONDITIONAL_REQUEST', true),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Strict Mode
+    |--------------------------------------------------------------------------
+    |
+    | Enabling strict mode will require clients to send a valid Accept header
+    | with every request. This also voids the default API version, meaning
+    | your API will not be browsable via a web browser.
+    |
+    */
+
+    'strict' => env('API_STRICT', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Debug Mode
+    |--------------------------------------------------------------------------
+    |
+    | Enabling debug mode will result in error responses caused by thrown
+    | exceptions to have a "debug" key that will be populated with
+    | more detailed information on the exception.
+    |
+    */
+
+    'debug' => env('API_DEBUG', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Generic Error Format
+    |--------------------------------------------------------------------------
+    |
+    | When some HTTP exceptions are not caught and dealt with the API will
+    | generate a generic error response in the format provided. Any
+    | keys that aren't replaced with corresponding values will be
+    | removed from the final response.
+    |
+    */
+
+    'errorFormat' => [
+        'message' => ':message',
+        'errors' => ':errors',
+        'code' => ':code',
+        'status_code' => ':status_code',
+        'debug' => ':debug',
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Authentication Providers
+    |--------------------------------------------------------------------------
+    |
+    | The authentication providers that should be used when attempting to
+    | authenticate an incoming API request.
+    |
+    */
+
+    'auth' => [
+        'jwt' => 'Dingo\Api\Auth\Provider\JWT'
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Throttling / Rate Limiting
+    |--------------------------------------------------------------------------
+    |
+    | Consumers of your API can be limited to the amount of requests they can
+    | make. You can create your own throttles or simply change the default
+    | throttles.
+    |
+    */
+
+    'throttling' => [
+
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Response Transformer
+    |--------------------------------------------------------------------------
+    |
+    | Responses can be transformed so that they are easier to format. By
+    | default a Fractal transformer will be used to transform any
+    | responses prior to formatting. You can easily replace
+    | this with your own transformer.
+    |
+    */
+
+    'transformer' => env('API_TRANSFORMER', Dingo\Api\Transformer\Adapter\Fractal::class),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Response Formats
+    |--------------------------------------------------------------------------
+    |
+    | Responses can be returned in multiple formats by registering different
+    | response formatters. You can also customize an existing response
+    | formatter.
+    |
+    */
+
+    'defaultFormat' => env('API_DEFAULT_FORMAT', 'json'),
+
+    'formats' => [
+
+        'json' => Dingo\Api\Http\Response\Format\Json::class,
+
+    ],
+
+];
diff --git a/config/app.php b/config/app.php
index 5fb65fa0b..aa29a7be3 100644
--- a/config/app.php
+++ b/config/app.php
@@ -112,6 +112,9 @@ return [
 
     'providers' => [
 
+        Dingo\Api\Provider\LaravelServiceProvider::class,
+        Tymon\JWTAuth\Providers\JWTAuthServiceProvider::class,
+
         /*
          * Laravel Framework Service Providers...
          */
@@ -179,6 +182,8 @@ return [
         'Crypt'     => Illuminate\Support\Facades\Crypt::class,
         'DB'        => Illuminate\Support\Facades\DB::class,
         'Debugbar'  => Barryvdh\Debugbar\Facade::class,
+        'DingoAPI'  => Dingo\Api\Facade\API::class,
+        'DingoRoute' => Dingo\Api\Facade\Route::class,
         'Eloquent'  => Illuminate\Database\Eloquent\Model::class,
         'Event'     => Illuminate\Support\Facades\Event::class,
         'File'      => Illuminate\Support\Facades\File::class,
@@ -187,6 +192,8 @@ return [
         'Hash'      => Illuminate\Support\Facades\Hash::class,
         'Input'     => Illuminate\Support\Facades\Input::class,
         'Inspiring' => Illuminate\Foundation\Inspiring::class,
+        'JWTAuth'   => Tymon\JWTAuth\Facades\JWTAuth::class,
+        'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class,
         'Lang'      => Illuminate\Support\Facades\Lang::class,
         'Log'       => Illuminate\Support\Facades\Log::class,
         'Mail'      => Illuminate\Support\Facades\Mail::class,
diff --git a/config/jwt.php b/config/jwt.php
new file mode 100644
index 000000000..7c1101320
--- /dev/null
+++ b/config/jwt.php
@@ -0,0 +1,168 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | JWT Authentication Secret
+    |--------------------------------------------------------------------------
+    |
+    | Don't forget to set this, as it will be used to sign your tokens.
+    | A helper command is provided for this: `php artisan jwt:generate`
+    |
+    */
+
+    'secret' => env('JWT_SECRET', 'changeme'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | JWT time to live
+    |--------------------------------------------------------------------------
+    |
+    | Specify the length of time (in minutes) that the token will be valid for.
+    | Defaults to 1 hour
+    |
+    */
+
+    'ttl' => 60,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Refresh time to live
+    |--------------------------------------------------------------------------
+    |
+    | Specify the length of time (in minutes) that the token can be refreshed
+    | within. I.E. The user can refresh their token within a 2 week window of
+    | the original token being created until they must re-authenticate.
+    | Defaults to 2 weeks
+    |
+    */
+
+    'refresh_ttl' => 20160,
+
+    /*
+    |--------------------------------------------------------------------------
+    | JWT hashing algorithm
+    |--------------------------------------------------------------------------
+    |
+    | Specify the hashing algorithm that will be used to sign the token.
+    |
+    | See here: https://github.com/namshi/jose/tree/2.2.0/src/Namshi/JOSE/Signer
+    | for possible values
+    |
+    */
+
+    'algo' => 'HS256',
+
+    /*
+    |--------------------------------------------------------------------------
+    | User Model namespace
+    |--------------------------------------------------------------------------
+    |
+    | Specify the full namespace to your User model.
+    | e.g. 'Acme\Entities\User'
+    |
+    */
+
+    'user' => 'Pterodactyl\Models\User',
+
+    /*
+    |--------------------------------------------------------------------------
+    | User identifier
+    |--------------------------------------------------------------------------
+    |
+    | Specify a unique property of the user that will be added as the 'sub'
+    | claim of the token payload.
+    |
+    */
+
+    'identifier' => 'id',
+
+    /*
+    |--------------------------------------------------------------------------
+    | Required Claims
+    |--------------------------------------------------------------------------
+    |
+    | Specify the required claims that must exist in any token.
+    | A TokenInvalidException will be thrown if any of these claims are not
+    | present in the payload.
+    |
+    */
+
+    'required_claims' => ['iss', 'iat', 'exp', 'nbf', 'sub', 'jti'],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Blacklist Enabled
+    |--------------------------------------------------------------------------
+    |
+    | In order to invalidate tokens, you must have the the blacklist enabled.
+    | If you do not want or need this functionality, then set this to false.
+    |
+    */
+
+    'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Providers
+    |--------------------------------------------------------------------------
+    |
+    | Specify the various providers used throughout the package.
+    |
+    */
+
+    'providers' => [
+
+        /*
+        |--------------------------------------------------------------------------
+        | User Provider
+        |--------------------------------------------------------------------------
+        |
+        | Specify the provider that is used to find the user based
+        | on the subject claim
+        |
+        */
+
+        'user' => 'Tymon\JWTAuth\Providers\User\EloquentUserAdapter',
+
+        /*
+        |--------------------------------------------------------------------------
+        | JWT Provider
+        |--------------------------------------------------------------------------
+        |
+        | Specify the provider that is used to create and decode the tokens.
+        |
+        */
+
+        'jwt' => 'Tymon\JWTAuth\Providers\JWT\NamshiAdapter',
+
+        /*
+        |--------------------------------------------------------------------------
+        | Authentication Provider
+        |--------------------------------------------------------------------------
+        |
+        | Specify the provider that is used to authenticate users.
+        |
+        */
+
+        'auth' => function ($app) {
+            return new Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter($app['auth']);
+        },
+
+        /*
+        |--------------------------------------------------------------------------
+        | Storage Provider
+        |--------------------------------------------------------------------------
+        |
+        | Specify the provider that is used to store tokens in the blacklist
+        |
+        */
+
+        'storage' => function ($app) {
+            return new Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter($app['cache']);
+        }
+
+    ]
+
+];

From 2def94c958330ad267e1a1a8485c3c27fb34ddce Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Tue, 12 Jan 2016 21:50:43 -0500
Subject: [PATCH 02/14] Update routes to use CSRF protection

---
 app/Http/Routes/AdminRoutes.php  | 15 ++++++++++-----
 app/Http/Routes/AuthRoutes.php   |  3 ++-
 app/Http/Routes/BaseRoutes.php   |  6 ++++--
 app/Http/Routes/RestRoutes.php   | 31 -------------------------------
 app/Http/Routes/ServerRoutes.php |  3 ++-
 5 files changed, 18 insertions(+), 40 deletions(-)
 delete mode 100644 app/Http/Routes/RestRoutes.php

diff --git a/app/Http/Routes/AdminRoutes.php b/app/Http/Routes/AdminRoutes.php
index 568cae4b0..2e22b5285 100644
--- a/app/Http/Routes/AdminRoutes.php
+++ b/app/Http/Routes/AdminRoutes.php
@@ -13,7 +13,8 @@ class AdminRoutes {
             'as' => 'admin.index',
             'middleware' => [
                 'auth',
-                'admin'
+                'admin',
+                'csrf'
             ],
             'uses' => 'Admin\BaseController@getIndex'
         ]);
@@ -22,7 +23,8 @@ class AdminRoutes {
             'prefix' => 'admin/accounts',
             'middleware' => [
                 'auth',
-                'admin'
+                'admin',
+                'csrf'
             ]
         ], function () use ($router) {
 
@@ -66,7 +68,8 @@ class AdminRoutes {
             'prefix' => 'admin/servers',
             'middleware' => [
                 'auth',
-                'admin'
+                'admin',
+                'csrf'
             ]
         ], function () use ($router) {
 
@@ -148,7 +151,8 @@ class AdminRoutes {
             'prefix' => 'admin/nodes',
             'middleware' => [
                 'auth',
-                'admin'
+                'admin',
+                'csrf'
             ]
         ], function () use ($router) {
 
@@ -204,7 +208,8 @@ class AdminRoutes {
             'prefix' => 'admin/locations',
             'middleware' => [
                 'auth',
-                'admin'
+                'admin',
+                'csrf'
             ]
         ], function () use ($router) {
             $router->get('/', [
diff --git a/app/Http/Routes/AuthRoutes.php b/app/Http/Routes/AuthRoutes.php
index fa6e9771c..944011cfc 100644
--- a/app/Http/Routes/AuthRoutes.php
+++ b/app/Http/Routes/AuthRoutes.php
@@ -12,7 +12,8 @@ class AuthRoutes {
         $router->group([
             'prefix' => 'auth',
             'middleware' => [
-                'guest'
+                'guest',
+                'csrf'
             ]
         ], function () use ($router) {
 
diff --git a/app/Http/Routes/BaseRoutes.php b/app/Http/Routes/BaseRoutes.php
index 7081db9d4..16a3795df 100644
--- a/app/Http/Routes/BaseRoutes.php
+++ b/app/Http/Routes/BaseRoutes.php
@@ -31,7 +31,8 @@ class BaseRoutes {
         $router->group([
             'profix' => 'account',
             'middleware' => [
-                'auth'
+                'auth',
+                'csrf'
             ]
         ], function () use ($router) {
             $router->get('account', [
@@ -50,7 +51,8 @@ class BaseRoutes {
         $router->group([
             'prefix' => 'account/totp',
             'middleware' => [
-                'auth'
+                'auth',
+                'csrf'
             ]
         ], function () use ($router) {
             $router->get('/', [
diff --git a/app/Http/Routes/RestRoutes.php b/app/Http/Routes/RestRoutes.php
deleted file mode 100644
index 0e98cc981..000000000
--- a/app/Http/Routes/RestRoutes.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Routes;
-
-use Illuminate\Routing\Router;
-
-class RestRoutes {
-
-    public function map(Router $router) {
-        $router->group([
-            'prefix' => 'api/v1',
-            'middleware' => [
-                'api'
-            ]
-        ], function () use ($router) {
-            // Users endpoint for API
-            $router->group(['prefix' => 'users'], function () use ($router) {
-                // Returns all users
-                $router->get('/', [
-                    'uses' => 'API\UserController@getAllUsers'
-                ]);
-
-                // Return listing of user [with only specified fields]
-                $router->get('/{id}/{fields?}', [
-                    'uses' => 'API\UserController@getUser'
-                ])->where('id', '[0-9]+');
-            });
-        });
-    }
-
-}
diff --git a/app/Http/Routes/ServerRoutes.php b/app/Http/Routes/ServerRoutes.php
index 333bdacd6..a00ec390b 100644
--- a/app/Http/Routes/ServerRoutes.php
+++ b/app/Http/Routes/ServerRoutes.php
@@ -11,7 +11,8 @@ class ServerRoutes {
             'prefix' => 'server/{server}',
             'middleware' => [
                 'auth',
-                'server'
+                'server',
+                'csrf'
             ]
         ], function ($server) use ($router) {
             // Index View for Server

From 72acf063538f3b383107f8c224f8c81970057529 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Tue, 12 Jan 2016 22:59:24 -0500
Subject: [PATCH 03/14] Improve API auth to rate limit requests and verify they
 are root_admin

---
 app/Http/Controllers/API/AuthController.php | 80 ++++++++++++++++++---
 1 file changed, 70 insertions(+), 10 deletions(-)

diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
index 6f95aa6c8..638a0afda 100644
--- a/app/Http/Controllers/API/AuthController.php
+++ b/app/Http/Controllers/API/AuthController.php
@@ -3,11 +3,19 @@
 namespace Pterodactyl\Http\Controllers\API;
 
 use JWTAuth;
+use Hash;
+use Validator;
+
 use Tymon\JWTAuth\Exceptions\JWTException;
 
+use Dingo\Api\Exception\StoreResourceFailedException;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
+
 use Illuminate\Http\Request;
-use \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
-use \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+use Illuminate\Foundation\Auth\ThrottlesLogins;
+use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
 
 use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Models;
@@ -18,6 +26,32 @@ use Pterodactyl\Models;
 class AuthController extends BaseController
 {
 
+    use AuthenticatesAndRegistersUsers, ThrottlesLogins;
+
+    /**
+     * Lockout time for failed login requests.
+     *
+     * @var integer
+     */
+    protected $lockoutTime = 120;
+
+    /**
+     * After how many attempts should logins be throttled and locked.
+     *
+     * @var integer
+     */
+    protected $maxLoginAttempts = 3;
+
+    /**
+     * Create a new authentication controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
     /**
      * Authenticate
      *
@@ -29,16 +63,42 @@ class AuthController extends BaseController
      * @Response(200, body={"token": "<jwt-token>"})
      */
     public function postLogin(Request $request) {
-        $credentials = $request->only('email', 'password');
+
+        $validator = Validator::make($request->only(['email', 'password']), [
+            'email' => 'required|email',
+            'password' => 'required|min:8'
+        ]);
+
+        if ($validator->fails()) {
+            throw new StoreResourceFailedException('Required authentication fields were invalid.', $validator->errors());
+        }
+
+        $throttled = $this->isUsingThrottlesLoginsTrait();
+        if ($throttled && $this->hasTooManyLoginAttempts($request)) {
+            throw new TooManyRequestsHttpException('You have been login throttled for 120 seconds.');
+        }
+
+        // Is the email & password valid?
+        $user = Models\User::where('email', $request->input('email'))->first();
+        if (!$user || !Hash::check($request->input('password'), $user->password)) {
+            if ($throttled) {
+                $this->incrementLoginAttempts($request);
+            }
+            throw new UnauthorizedHttpException('A user by those credentials was not found.');
+        }
+
+        // @TODO: validate TOTP if enabled on account?
+        // Perhaps this could be implemented in such a way that they login to their
+        // account and generate a one time password that can be used? Would be a pain in
+        // the butt for multiple API requests though. Maybe just included a 'totp' field
+        // that can include the token for that timestamp. Would allow for programtic
+        // generation of the code and API requests.
+        if ($user->root_admin !== 1) {
+            throw new UnauthorizedHttpException('This account does not have permission to interface this API.');
+        }
 
         try {
-            $token = JWTAuth::attempt($credentials, [
-                'permissions' => [
-                    'view_users' => true,
-                    'edit_users' => true,
-                    'delete_users' => false,
-                ]
-            ]);
+            $token = JWTAuth::fromUser($user);
             if (!$token) {
                 throw new UnauthorizedHttpException('');
             }

From 3114c1f73ee1b15270cf1be849654cc2f741bc1b Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Tue, 12 Jan 2016 22:59:34 -0500
Subject: [PATCH 04/14] Add user specific listing route

---
 app/Http/Controllers/API/UserController.php | 31 ++++++++++++++++++++-
 app/Http/Routes/APIRoutes.php               |  9 +++---
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 146575552..f4f3cf250 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -25,9 +25,38 @@ class UserController extends BaseController
      * })
      * @Response(200)
      */
-    public function getUsers(Request $request) {
+    public function getUsers(Request $request)
+    {
         $users = Models\User::paginate(15);
         return $this->response->paginator($users, new UserTransformer);
     }
 
+    /**
+     * List Specific User
+     *
+     * Lists specific fields about a user or all fields pertaining to that user.
+     *
+     * @Get("/{id}/{fields}")
+     * @Versions({"v1"})
+     * @Parameters({
+     * 		@Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
+     * 		@Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
+     * })
+     * @Response(200)
+     */
+    public function getUserByID(Request $request, $id, $fields = null)
+    {
+        $query = Models\User::where('id', $id);
+
+        if (!is_null($fields)) {
+            foreach(explode(',', $fields) as $field) {
+                if (!empty($field)) {
+                    $query->addSelect($field);
+                }
+            }
+        }
+
+        return $query->first();
+    }
+
 }
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
index 355a1a3b7..3525e6cd1 100644
--- a/app/Http/Routes/APIRoutes.php
+++ b/app/Http/Routes/APIRoutes.php
@@ -32,13 +32,14 @@ class APIRoutes
         $api->version('v1', ['middleware' => 'api.auth'], function ($api) {
 
             $api->get('users', [
-                'as' => 'api.auth.validate',
+                'as' => 'api.users',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
             ]);
 
-            $api->get('users/{id}', function($id) {
-                return Models\User::findOrFail($id);
-            });
+            $api->get('users/{id}/{fields?}', [
+                'as' => 'api.users.view',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUserByID'
+            ]);
 
 
         });

From 695728295a779f4b3b985dee4e60b82b62e851aa Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Tue, 12 Jan 2016 23:43:33 -0500
Subject: [PATCH 05/14] Add support for creating a user using the API

---
 app/Http/Controllers/API/AuthController.php   |  2 +-
 app/Http/Controllers/API/UserController.php   | 87 ++++++++++++++++++-
 .../Controllers/Admin/AccountsController.php  | 17 +---
 app/Http/Routes/APIRoutes.php                 |  6 +-
 app/Repositories/UserRepository.php           | 30 ++++++-
 5 files changed, 122 insertions(+), 20 deletions(-)

diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
index 638a0afda..613f872f5 100644
--- a/app/Http/Controllers/API/AuthController.php
+++ b/app/Http/Controllers/API/AuthController.php
@@ -115,7 +115,7 @@ class AuthController extends BaseController
      * @Post("/validate")
      * @Versions({"v1"})
      * @Request(headers={"Authorization": "Bearer <jwt-token>"})
-     * @Response(204);
+     * @Response(204)
      */
     public function postValidate(Request $request) {
         return $this->response->noContent();
diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index f4f3cf250..e3cc7d9d7 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -4,8 +4,11 @@ namespace Pterodactyl\Http\Controllers\API;
 
 use Illuminate\Http\Request;
 
+use Dingo\Api\Exception\StoreResourceFailedException;
+
 use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Models;
+use Pterodactyl\Repositories\UserRepository;
 
 /**
  * @Resource("Users", uri="/users")
@@ -21,7 +24,7 @@ class UserController extends BaseController
      * @Get("/{?page}")
      * @Versions({"v1"})
      * @Parameters({
-     * 		@Parameter("page", type="integer", description="The page of results to view.", default=1)
+     *		@Parameter("page", type="integer", description="The page of results to view.", default=1)
      * })
      * @Response(200)
      */
@@ -39,8 +42,8 @@ class UserController extends BaseController
      * @Get("/{id}/{fields}")
      * @Versions({"v1"})
      * @Parameters({
-     * 		@Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
-     * 		@Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
+     *		@Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
+     *  	@Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
      * })
      * @Response(200)
      */
@@ -59,4 +62,82 @@ class UserController extends BaseController
         return $query->first();
     }
 
+    /**
+     * Create a New User
+     *
+     * @Post("/")
+     * @Versions({"v1"})
+     * @Transaction({
+     * 		@Request({
+     *   		"email": "foo@example.com",
+     *     		"password": "foopassword",
+     *       	"admin": false
+     *       }, headers={"Authorization": "Bearer <jwt-token>"}),
+     *       @Response(200, body={"id": 1}),
+     *       @Response(422, body{
+     *       	"message": "A validation error occured.",
+     *        	"errors": {
+     *         		"email": ["The email field is required."],
+     *           	"password": ["The password field is required."],
+     *            	"admin": ["The admin field is required."]
+     *          },
+     *          "status_code": 422
+     *       })
+     * })
+     */
+    public function postUsers(Request $request)
+    {
+        try {
+            $user = new UserRepository;
+            $create = $user->create($request->input('email'), $request->input('password'), $request->input('admin'));
+            return [ 'id' => $create ];
+        } catch (\Pterodactyl\Exceptions\DisplayValidationException $ex) {
+            throw new StoreResourceFailedException('A validation error occured.', json_decode($ex->getMessage(), true));
+        } catch (\Exception $ex) {
+            throw new StoreResourceFailedException('Unable to create a user on the system due to an error.');
+        }
+    }
+
+    /**
+     * Update an Existing User
+     *
+     * The data sent in the request will be used to update the existing user on the system.
+     *
+     * @Patch("/{id}")
+     * @Versions({"v1"})
+     * @Transaction({
+     * 		@Request({
+     *   		"email": "new@email.com"
+     *     	}, headers={"Authorization": "Bearer <jwt-token>"}),
+     *      @Response(200, body={"email": "new@email.com"}),
+     *      @Response(422)
+     * })
+     * @Parameters({
+     *         @Parameter("id", type="integer", required=true, description="The ID of the user to modify.")
+     * })
+     */
+    public function patchUser(Request $request, $id)
+    {
+        //
+    }
+
+    /**
+     * Delete a User
+     *
+     * @Delete("/{id}")
+     * @Versions({"v1"})
+     * @Transaction({
+     * 		@Request(headers={"Authorization": "Bearer <jwt-token>"}),
+     *   	@Response(204),
+     *    	@Response(422)
+     * })
+     * @Parameters({
+     * 		@Parameter("id", type="integer", required=true, description="The ID of the user to delete.")
+     * })
+     */
+    public function deleteUser(Request $request, $id)
+    {
+        //
+    }
+
 }
diff --git a/app/Http/Controllers/Admin/AccountsController.php b/app/Http/Controllers/Admin/AccountsController.php
index 813162a78..77a82d9f3 100644
--- a/app/Http/Controllers/Admin/AccountsController.php
+++ b/app/Http/Controllers/Admin/AccountsController.php
@@ -62,27 +62,18 @@ class AccountsController extends Controller
 
     public function postNew(Request $request)
     {
-        $this->validate($request, [
-            'email' => 'required|email|unique:users,email',
-            'password' => 'required|confirmed|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})'
-        ]);
-
         try {
             $user = new UserRepository;
             $userid = $user->create($request->input('username'), $request->input('email'), $request->input('password'));
-
-            if (!$userid) {
-                throw new \Exception('Unable to create user, response was not an integer.');
-            }
-
             Alert::success('Account has been successfully created.')->flash();
             return redirect()->route('admin.accounts.view', ['id' => $userid]);
-        } catch (\Exception $e) {
-            Log::error($e);
+        } catch (\Pterodactyl\Exceptions\DisplayValidationException $ex) {
+            return redirect()->route('admin.nodes.view', $id)->withErrors(json_decode($e->getMessage()))->withInput();
+        } catch (\Exception $ex) {
+            Log::error($ex);
             Alert::danger('An error occured while attempting to add a new user. ' . $e->getMessage())->flash();
             return redirect()->route('admin.accounts.new');
         }
-
     }
 
     public function postUpdate(Request $request)
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
index 3525e6cd1..58157d8a9 100644
--- a/app/Http/Routes/APIRoutes.php
+++ b/app/Http/Routes/APIRoutes.php
@@ -36,12 +36,16 @@ class APIRoutes
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
             ]);
 
+            $api->post('users', [
+                'as' => 'api.users.post',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@postUsers'
+            ]);
+
             $api->get('users/{id}/{fields?}', [
                 'as' => 'api.users.view',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUserByID'
             ]);
 
-
         });
     }
 
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index adffbf305..aa633d392 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -2,11 +2,14 @@
 
 namespace Pterodactyl\Repositories;
 
+use Validator;
 use Hash;
 
 use Pterodactyl\Models\User;
 use Pterodactyl\Services\UuidService;
 
+use Pterodactyl\Exceptions\DisplayValidationException;
+
 class UserRepository
 {
 
@@ -22,16 +25,39 @@ class UserRepository
      * @param  string $password An unhashed version of the user's password.
      * @return bool|integer
      */
-    public function create($email, $password)
+    public function create($email, $password, $admin = false)
     {
+
+        $validator = Validator::make([
+            'email' => $email,
+            'password' => $password,
+            'admin' => $admin
+        ], [
+            'email' => 'required|email|unique:users,email',
+            'password' => 'required|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
+            'admin' => 'required|boolean'
+        ]);
+
+        // Run validator, throw catchable and displayable exception if it fails.
+        // Exception includes a JSON result of failed validation rules.
+        if ($validator->fails()) {
+            throw new DisplayValidationException($validator->errors());
+        }
+
         $user = new User;
         $uuid = new UuidService;
 
         $user->uuid = $uuid->generate('users', 'uuid');
         $user->email = $email;
         $user->password = Hash::make($password);
+        $user->root_admin = ($admin) ? 1 : 0;
 
-        return ($user->save()) ? $user->id : false;
+        try {
+            $user->save();
+            return $user->id;
+        } catch (\Exception $ex) {
+            throw $e;
+        }
     }
 
     /**

From 4604500349d00cf39c74313c17d0cb4308745dfe Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Tue, 12 Jan 2016 23:49:56 -0500
Subject: [PATCH 06/14] Replace tabs with Spaces

I *really* wish Atom would stop doing this to me.
---
 app/Http/Controllers/API/UserController.php   |  38 +++---
 app/Models/User.php                           |   8 +-
 app/Repositories/UserRepository.php           |   2 +
 resources/lang/de/auth.php                    |   2 +-
 resources/lang/de/validation.php              |   2 +-
 .../views/admin/accounts/index.blade.php      |  36 +++---
 resources/views/admin/accounts/new.blade.php  |  96 ++++++++--------
 resources/views/admin/index.blade.php         |   6 +-
 .../views/admin/locations/index.blade.php     |  38 +++---
 resources/views/admin/nodes/index.blade.php   |  38 +++---
 resources/views/admin/nodes/new.blade.php     |   8 +-
 resources/views/admin/servers/index.blade.php |  38 +++---
 resources/views/auth/reset.blade.php          |   6 +-
 resources/views/base/account.blade.php        | 108 +++++++++---------
 resources/views/emails/new_password.blade.php |  22 ++--
 resources/views/emails/password.blade.php     |  22 ++--
 resources/views/errors/installing.blade.php   |   8 +-
 17 files changed, 240 insertions(+), 238 deletions(-)

diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index e3cc7d9d7..006d73ed0 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -24,7 +24,7 @@ class UserController extends BaseController
      * @Get("/{?page}")
      * @Versions({"v1"})
      * @Parameters({
-     *		@Parameter("page", type="integer", description="The page of results to view.", default=1)
+     *      @Parameter("page", type="integer", description="The page of results to view.", default=1)
      * })
      * @Response(200)
      */
@@ -42,8 +42,8 @@ class UserController extends BaseController
      * @Get("/{id}/{fields}")
      * @Versions({"v1"})
      * @Parameters({
-     *		@Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
-     *  	@Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
+     *      @Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
+     *      @Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
      * })
      * @Response(200)
      */
@@ -68,18 +68,18 @@ class UserController extends BaseController
      * @Post("/")
      * @Versions({"v1"})
      * @Transaction({
-     * 		@Request({
-     *   		"email": "foo@example.com",
-     *     		"password": "foopassword",
-     *       	"admin": false
+     *      @Request({
+     *          "email": "foo@example.com",
+     *          "password": "foopassword",
+     *          "admin": false
      *       }, headers={"Authorization": "Bearer <jwt-token>"}),
      *       @Response(200, body={"id": 1}),
      *       @Response(422, body{
-     *       	"message": "A validation error occured.",
-     *        	"errors": {
-     *         		"email": ["The email field is required."],
-     *           	"password": ["The password field is required."],
-     *            	"admin": ["The admin field is required."]
+     *          "message": "A validation error occured.",
+     *          "errors": {
+     *              "email": ["The email field is required."],
+     *              "password": ["The password field is required."],
+     *              "admin": ["The admin field is required."]
      *          },
      *          "status_code": 422
      *       })
@@ -106,9 +106,9 @@ class UserController extends BaseController
      * @Patch("/{id}")
      * @Versions({"v1"})
      * @Transaction({
-     * 		@Request({
-     *   		"email": "new@email.com"
-     *     	}, headers={"Authorization": "Bearer <jwt-token>"}),
+     *      @Request({
+     *          "email": "new@email.com"
+     *      }, headers={"Authorization": "Bearer <jwt-token>"}),
      *      @Response(200, body={"email": "new@email.com"}),
      *      @Response(422)
      * })
@@ -127,12 +127,12 @@ class UserController extends BaseController
      * @Delete("/{id}")
      * @Versions({"v1"})
      * @Transaction({
-     * 		@Request(headers={"Authorization": "Bearer <jwt-token>"}),
-     *   	@Response(204),
-     *    	@Response(422)
+     *      @Request(headers={"Authorization": "Bearer <jwt-token>"}),
+     *      @Response(204),
+     *      @Response(422)
      * })
      * @Parameters({
-     * 		@Parameter("id", type="integer", required=true, description="The ID of the user to delete.")
+     *      @Parameter("id", type="integer", required=true, description="The ID of the user to delete.")
      * })
      */
     public function deleteUser(Request $request, $id)
diff --git a/app/Models/User.php b/app/Models/User.php
index df2aa8afe..742f194bc 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -70,10 +70,10 @@ class User extends Model implements AuthenticatableContract,
 
     /**
      * Set a user password to a new value assuming it meets the following requirements:
-     * 		- 8 or more characters in length
-     * 		- at least one uppercase character
-     * 		- at least one lowercase character
-     * 		- at least one number
+     *      - 8 or more characters in length
+     *      - at least one uppercase character
+     *      - at least one lowercase character
+     *      - at least one number
      *
      * @param string $password The raw password to set the account password to.
      * @param string $regex The regex to use when validating the password. Defaults to '((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})'.
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index aa633d392..62f690871 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -84,6 +84,8 @@ class UserRepository
      */
     public function delete($id)
     {
+        // @TODO cannot delete user with associated servers!
+        // clean up subusers!
         return User::destroy($id);
     }
 
diff --git a/resources/lang/de/auth.php b/resources/lang/de/auth.php
index 3e7428f63..6c30d699d 100644
--- a/resources/lang/de/auth.php
+++ b/resources/lang/de/auth.php
@@ -18,7 +18,7 @@ return [
     'sendlink' => 'Senden Sie Passwort-Reset Link.', /* Send password reset link */
     'emailsent' => 'E-Mail gesendet.', /* Email Sent */
     'remeberme' => 'Login merken.', /* Remember my Login*/
-	'totp_failed' => 'Die TOTP Token vorgesehen war ist ungültig.' /* The TOTP token was provided is not valid. */
+    'totp_failed' => 'Die TOTP Token vorgesehen war ist ungültig.' /* The TOTP token was provided is not valid. */
 ];
 
 /*
diff --git a/resources/lang/de/validation.php b/resources/lang/de/validation.php
index 346d3448b..e029d182c 100644
--- a/resources/lang/de/validation.php
+++ b/resources/lang/de/validation.php
@@ -69,7 +69,7 @@ return [
         'array'   => 'The :attribute must contain :size items.',
     ],
     'string'               => 'The :attribute must be a string.',
-	'totp'                 => 'The totp token is invalid. Did it expire?',
+    'totp'                 => 'The totp token is invalid. Did it expire?',
     'timezone'             => 'The :attribute must be a valid zone.',
     'unique'               => 'The :attribute has already been taken.',
     'url'                  => 'The :attribute format is invalid.',
diff --git a/resources/views/admin/accounts/index.blade.php b/resources/views/admin/accounts/index.blade.php
index 57ba64c19..98ae0dfb2 100644
--- a/resources/views/admin/accounts/index.blade.php
+++ b/resources/views/admin/accounts/index.blade.php
@@ -7,35 +7,35 @@
 @section('content')
 <div class="col-md-12">
     <ul class="breadcrumb">
-		<li><a href="/admin">Admin Control</a></li>
-		<li class="active">Accounts</li>
-	</ul>
+        <li><a href="/admin">Admin Control</a></li>
+        <li class="active">Accounts</li>
+    </ul>
     <h3>All Registered Users</h3><hr />
-	<table class="table table-striped table-bordered table-hover">
-		<thead>
-			<tr>
- 				<th>Email</th>
+    <table class="table table-striped table-bordered table-hover">
+        <thead>
+            <tr>
+                <th>Email</th>
                 <th>Account Created</th>
                 <th>Account Updated</th>
-			</tr>
-		</thead>
-		<tbody>
-			@foreach ($users as $user)
-				<tr>
-					<td><a href="/admin/accounts/view/{{ $user->id }}"><code>{{ $user->email }}</code></a> @if($user->root_admin === 1)<span class="badge">Administrator</span>@endif</td>
+            </tr>
+        </thead>
+        <tbody>
+            @foreach ($users as $user)
+                <tr>
+                    <td><a href="/admin/accounts/view/{{ $user->id }}"><code>{{ $user->email }}</code></a> @if($user->root_admin === 1)<span class="badge">Administrator</span>@endif</td>
                     <td>{{ $user->created_at }}</td>
                     <td>{{ $user->updated_at }}</td>
-				</tr>
-			@endforeach
-		</tbody>
-	</table>
+                </tr>
+            @endforeach
+        </tbody>
+    </table>
     <div class="row">
         <div class="col-md-12 text-center">{!! $users->render() !!}</div>
     </div>
 </div>
 <script>
 $(document).ready(function () {
-	$('#sidebar_links').find("a[href='/admin/accounts']").addClass('active');
+    $('#sidebar_links').find("a[href='/admin/accounts']").addClass('active');
 });
 </script>
 @endsection
diff --git a/resources/views/admin/accounts/new.blade.php b/resources/views/admin/accounts/new.blade.php
index 398daa03a..0eefdbadf 100644
--- a/resources/views/admin/accounts/new.blade.php
+++ b/resources/views/admin/accounts/new.blade.php
@@ -10,65 +10,65 @@
         <li><a href="/admin">Admin Controls</a></li>
         <li><a href="/admin/accounts">Accounts</a></li>
         <li class="active">Add New Account</li>
-	</ul>
+    </ul>
     <h3>Create New Account</h3><hr />
     <form action="new" method="post">
-		<fieldset>
-			<div class="form-group">
-				<label for="email" class="control-label">Email</label>
-				<div>
-					<input type="text" autocomplete="off" name="email" class="form-control" />
-				</div>
-			</div>
-			<div class="row">
-				<div class="col-md-12">
-					<div id="gen_pass" class=" alert alert-success" style="display:none;margin-bottom: 10px;"></div>
-				</div>
-				<div class="form-group col-md-6">
-					<label for="pass" class="control-label">Password</label>
-					<div>
-						<input type="password" name="password" class="form-control" />
-					</div>
-				</div>
-				<div class="form-group col-md-6">
-					<label for="pass_2" class="control-label">Password Again</label>
-					<div>
-						<input type="password" name="password_confirmation" class="form-control" />
-					</div>
-				</div>
-			</div>
-			<div class="form-group">
-				<div>
+        <fieldset>
+            <div class="form-group">
+                <label for="email" class="control-label">Email</label>
+                <div>
+                    <input type="text" autocomplete="off" name="email" class="form-control" />
+                </div>
+            </div>
+            <div class="row">
+                <div class="col-md-12">
+                    <div id="gen_pass" class=" alert alert-success" style="display:none;margin-bottom: 10px;"></div>
+                </div>
+                <div class="form-group col-md-6">
+                    <label for="pass" class="control-label">Password</label>
+                    <div>
+                        <input type="password" name="password" class="form-control" />
+                    </div>
+                </div>
+                <div class="form-group col-md-6">
+                    <label for="pass_2" class="control-label">Password Again</label>
+                    <div>
+                        <input type="password" name="password_confirmation" class="form-control" />
+                    </div>
+                </div>
+            </div>
+            <div class="form-group">
+                <div>
                     {!! csrf_field() !!}
-					<button class="btn btn-primary btn-sm" type="submit">Create Account</button>
-					<button class="btn btn-default btn-sm" id="gen_pass_bttn" type="button">Generate Password</button>
-				</div>
-			</div>
-		</fieldset>
-	</form>
+                    <button class="btn btn-primary btn-sm" type="submit">Create Account</button>
+                    <button class="btn btn-default btn-sm" id="gen_pass_bttn" type="button">Generate Password</button>
+                </div>
+            </div>
+        </fieldset>
+    </form>
 </div>
 <script>
 $(document).ready(function(){
-	$("#sidebar_links").find("a[href='/admin/account/new']").addClass('active');
-	$("#gen_pass_bttn").click(function(e){
-		e.preventDefault();
-		$.ajax({
-			type: "GET",
-			url: "/password-gen/12",
+    $("#sidebar_links").find("a[href='/admin/account/new']").addClass('active');
+    $("#gen_pass_bttn").click(function(e){
+        e.preventDefault();
+        $.ajax({
+            type: "GET",
+            url: "/password-gen/12",
             headers: {
                 'X-CSRF-TOKEN': '{{ csrf_token() }}'
            },
-			success: function(data) {
-				$("#gen_pass").html('<strong>Generated Password:</strong> ' + data).slideDown();
-				$('input[name="password"], input[name="password_confirmation"]').val(data);
-				return false;
-			}
-		});
-		return false;
-	});
+            success: function(data) {
+                $("#gen_pass").html('<strong>Generated Password:</strong> ' + data).slideDown();
+                $('input[name="password"], input[name="password_confirmation"]').val(data);
+                return false;
+            }
+        });
+        return false;
+    });
 });
 $(document).ready(function () {
-	$('#sidebar_links').find("a[href='/admin/accounts/new']").addClass('active');
+    $('#sidebar_links').find("a[href='/admin/accounts/new']").addClass('active');
 });
 </script>
 @endsection
diff --git a/resources/views/admin/index.blade.php b/resources/views/admin/index.blade.php
index 4f6dac515..f950c6a1d 100644
--- a/resources/views/admin/index.blade.php
+++ b/resources/views/admin/index.blade.php
@@ -7,14 +7,14 @@
 @section('content')
 <div class="col-md-12">
     <ul class="breadcrumb">
-		<li class="active">Admin Control</li>
-	</ul>
+        <li class="active">Admin Control</li>
+    </ul>
     <h3 class="nopad">Pterodactyl Admin Control Panel</h3><hr />
     <p>Welcome to the most advanced, lightweight, and user-friendly open source game server control panel.</p>
 </div>
 <script>
 $(document).ready(function () {
-	$('#sidebar_links').find("a[href='/admin']").addClass('active');
+    $('#sidebar_links').find("a[href='/admin']").addClass('active');
 });
 </script>
 @endsection
diff --git a/resources/views/admin/locations/index.blade.php b/resources/views/admin/locations/index.blade.php
index be73c9503..c84dd238e 100644
--- a/resources/views/admin/locations/index.blade.php
+++ b/resources/views/admin/locations/index.blade.php
@@ -7,37 +7,37 @@
 @section('content')
 <div class="col-md-12">
     <ul class="breadcrumb">
-		<li><a href="/admin">Admin Control</a></li>
-		<li class="active">Locations</li>
-	</ul>
+        <li><a href="/admin">Admin Control</a></li>
+        <li class="active">Locations</li>
+    </ul>
     <h3>All Locations</h3><hr />
-	<table class="table table-bordered table-hover table-striped">
-		<thead>
-			<tr>
-				<th>Location</th>
+    <table class="table table-bordered table-hover table-striped">
+        <thead>
+            <tr>
+                <th>Location</th>
                 <th>Description</th>
-				<th class="text-center">Nodes</th>
+                <th class="text-center">Nodes</th>
                 <th class="text-center">Servers</th>
-			</tr>
-		</thead>
-		<tbody>
-			@foreach ($locations as $location)
-				<tr>
-					<td><a href="#/edit/{{ $location->id }}" data-action="edit" data-location="{{ $location->id }}"><code>{{ $location->short }}</code></td>
+            </tr>
+        </thead>
+        <tbody>
+            @foreach ($locations as $location)
+                <tr>
+                    <td><a href="#/edit/{{ $location->id }}" data-action="edit" data-location="{{ $location->id }}"><code>{{ $location->short }}</code></td>
                     <td>{{ $location->long }}</td>
                     <td class="text-center">{{ $location->a_nodeCount }}</td>
                     <td class="text-center">{{ $location->a_serverCount }}</td>
-				</tr>
-			@endforeach
-		</tbody>
-	</table>
+                </tr>
+            @endforeach
+        </tbody>
+    </table>
     <div class="row">
         <div class="col-md-12 text-center">{!! $locations->render() !!}</div>
     </div>
 </div>
 <script>
 $(document).ready(function () {
-	$('#sidebar_links').find("a[href='/admin/locations']").addClass('active');
+    $('#sidebar_links').find("a[href='/admin/locations']").addClass('active');
 });
 </script>
 @endsection
diff --git a/resources/views/admin/nodes/index.blade.php b/resources/views/admin/nodes/index.blade.php
index d8286f8b1..a6dee7ced 100644
--- a/resources/views/admin/nodes/index.blade.php
+++ b/resources/views/admin/nodes/index.blade.php
@@ -7,27 +7,27 @@
 @section('content')
 <div class="col-md-12">
     <ul class="breadcrumb">
-		<li><a href="/admin">Admin Control</a></li>
-		<li class="active">Nodes</li>
-	</ul>
+        <li><a href="/admin">Admin Control</a></li>
+        <li class="active">Nodes</li>
+    </ul>
     <h3>All Nodes</h3><hr />
-	<table class="table table-bordered table-hover">
-		<thead>
-			<tr>
-				<th>Name</th>
+    <table class="table table-bordered table-hover">
+        <thead>
+            <tr>
+                <th>Name</th>
                 <th class="visible-lg">Location</th>
-				<th>FQDN</th>
+                <th>FQDN</th>
                 <th class="hidden-xs">Memory</th>
                 <th class="hidden-xs">Disk</th>
                 <th class="text-center hidden-xs">Servers</th>
                 <th class="text-center">HTTPS</th>
                 <th class="text-center">Public</th>
-			</tr>
-		</thead>
-		<tbody>
-			@foreach ($nodes as $node)
-				<tr>
-					<td><a href="/admin/nodes/view/{{ $node->id }}">{{ $node->name }}</td>
+            </tr>
+        </thead>
+        <tbody>
+            @foreach ($nodes as $node)
+                <tr>
+                    <td><a href="/admin/nodes/view/{{ $node->id }}">{{ $node->name }}</td>
                     <td class="visible-lg">{{ $node->a_locationName }}</td>
                     <td><code>{{ $node->fqdn }}</code></td>
                     <td class="hidden-xs">{{ $node->memory }} MB</td>
@@ -35,17 +35,17 @@
                     <td class="text-center hidden-xs">{{ $node->a_serverCount }}</td>
                     <td class="text-center" style="color:{{ ($node->scheme === 'https') ? '#50af51' : '#d9534f' }}"><i class="fa fa-{{ ($node->scheme === 'https') ? 'lock' : 'unlock' }}"></i></td>
                     <td class="text-center"><i class="fa fa-{{ ($node->public === 1) ? 'check' : 'times' }}"></i></td>
-				</tr>
-			@endforeach
-		</tbody>
-	</table>
+                </tr>
+            @endforeach
+        </tbody>
+    </table>
     <div class="row">
         <div class="col-md-12 text-center">{!! $nodes->render() !!}</div>
     </div>
 </div>
 <script>
 $(document).ready(function () {
-	$('#sidebar_links').find("a[href='/admin/nodes']").addClass('active');
+    $('#sidebar_links').find("a[href='/admin/nodes']").addClass('active');
 });
 </script>
 @endsection
diff --git a/resources/views/admin/nodes/new.blade.php b/resources/views/admin/nodes/new.blade.php
index d63ee4075..53269dbb8 100644
--- a/resources/views/admin/nodes/new.blade.php
+++ b/resources/views/admin/nodes/new.blade.php
@@ -7,10 +7,10 @@
 @section('content')
 <div class="col-md-12">
     <ul class="breadcrumb">
-		<li><a href="/admin">Admin Control</a></li>
+        <li><a href="/admin">Admin Control</a></li>
         <li><a href="/admin/nodes">Nodes</a></li>
-		<li class="active">Create New Node</li>
-	</ul>
+        <li class="active">Create New Node</li>
+    </ul>
     <h3>Create New Node</h3><hr />
     <form action="/admin/nodes/new" method="POST">
         <div class="well">
@@ -158,7 +158,7 @@
 </div>
 <script>
 $(document).ready(function () {
-	$('#sidebar_links').find("a[href='/admin/nodes/new']").addClass('active');
+    $('#sidebar_links').find("a[href='/admin/nodes/new']").addClass('active');
     $('[data-toggle="popover"]').popover({
         placement: 'auto'
     });
diff --git a/resources/views/admin/servers/index.blade.php b/resources/views/admin/servers/index.blade.php
index ee3ae6a55..8d7567f43 100644
--- a/resources/views/admin/servers/index.blade.php
+++ b/resources/views/admin/servers/index.blade.php
@@ -7,39 +7,39 @@
 @section('content')
 <div class="col-md-12">
     <ul class="breadcrumb">
-		<li><a href="/admin">Admin Control</a></li>
-		<li class="active">Servers</li>
-	</ul>
+        <li><a href="/admin">Admin Control</a></li>
+        <li class="active">Servers</li>
+    </ul>
     <h3>All Servers</h3><hr />
-	<table class="table table-bordered table-hover">
-		<thead>
-			<tr>
-				<th>Server Name</th>
+    <table class="table table-bordered table-hover">
+        <thead>
+            <tr>
+                <th>Server Name</th>
                 <th>Owner</th>
-				<th class="hidden-xs">Node</th>
+                <th class="hidden-xs">Node</th>
                 <th>Default Connection</th>
                 <th class="hidden-xs">SFTP Username</th>
-			</tr>
-		</thead>
-		<tbody>
-			@foreach ($servers as $server)
-				<tr class="dynUpdate @if($server->active !== 1)active @endif" id="{{ $server->uuidShort }}">
-					<td><a href="/admin/servers/view/{{ $server->id }}">{{ $server->name }}</td>
+            </tr>
+        </thead>
+        <tbody>
+            @foreach ($servers as $server)
+                <tr class="dynUpdate @if($server->active !== 1)active @endif" id="{{ $server->uuidShort }}">
+                    <td><a href="/admin/servers/view/{{ $server->id }}">{{ $server->name }}</td>
                     <td><a href="/admin/accounts/view/{{ $server->owner }}">{{ $server->a_ownerEmail }}</a></td>
                     <td class="hidden-xs"><a href="/admin/nodes/view/{{ $server->node }}">{{ $server->a_nodeName }}</a></td>
                     <td><code>{{ $server->ip }}:{{ $server->port }}</code></td>
                     <td class="hidden-xs"><code>{{ $server->username }}</code></td>
-				</tr>
-			@endforeach
-		</tbody>
-	</table>
+                </tr>
+            @endforeach
+        </tbody>
+    </table>
     <div class="row">
         <div class="col-md-12 text-center">{!! $servers->render() !!}</div>
     </div>
 </div>
 <script>
 $(document).ready(function () {
-	$('#sidebar_links').find("a[href='/admin/servers']").addClass('active');
+    $('#sidebar_links').find("a[href='/admin/servers']").addClass('active');
 });
 </script>
 @endsection
diff --git a/resources/views/auth/reset.blade.php b/resources/views/auth/reset.blade.php
index 4b0eb2f45..3cbd78db2 100644
--- a/resources/views/auth/reset.blade.php
+++ b/resources/views/auth/reset.blade.php
@@ -14,20 +14,20 @@
     <form action="/auth/password/verify" method="POST">
         <legend>{{ trans('auth.resetpassword') }}</legend>
         <fieldset>
-			<input type="hidden" name="token" value="{{ $token }}">
+            <input type="hidden" name="token" value="{{ $token }}">
             <div class="form-group">
                 <label for="email" class="control-label">{{ trans('strings.email') }}</label>
                 <div>
                     <input type="text" class="form-control" name="email" id="email" value="{{ old('email') }}" placeholder="{{ trans('strings.email') }}" />
                 </div>
             </div>
-			<div class="form-group">
+            <div class="form-group">
                 <label for="password" class="control-label">{{ trans('strings.password') }}</label>
                 <div>
                     <input type="password" class="form-control" name="password" id="password" placeholder="{{ trans('strings.password') }}" />
                 </div>
             </div>
-			<div class="form-group">
+            <div class="form-group">
                 <label for="password_confirmation" class="control-label">{{ trans('auth.confirmpassword') }}</label>
                 <div>
                     <input type="password" class="form-control" id="password_confirmation" name="password_confirmation" />
diff --git a/resources/views/base/account.blade.php b/resources/views/base/account.blade.php
index 516e93cff..7378398aa 100644
--- a/resources/views/base/account.blade.php
+++ b/resources/views/base/account.blade.php
@@ -7,61 +7,61 @@
 
 @section('content')
 <div class="col-md-12">
-	<div class="row">
-		<div class="col-md-6">
-			<h3 class="nopad">{{ trans('base.account.update_pass') }}</h3><hr />
-				<form action="/account/password" method="post">
-					<div class="form-group">
-						<label for="current_password" class="control-label">{{ trans('strings.current_password') }}</label>
-						<div>
-							<input type="password" class="form-control" name="current_password" />
-						</div>
-					</div>
-					<div class="form-group">
-						<label for="new_password" class="control-label">{{ trans('base.account.new_password') }}</label>
-						<div>
-							<input type="password" class="form-control" name="new_password" />
+    <div class="row">
+        <div class="col-md-6">
+            <h3 class="nopad">{{ trans('base.account.update_pass') }}</h3><hr />
+                <form action="/account/password" method="post">
+                    <div class="form-group">
+                        <label for="current_password" class="control-label">{{ trans('strings.current_password') }}</label>
+                        <div>
+                            <input type="password" class="form-control" name="current_password" />
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="new_password" class="control-label">{{ trans('base.account.new_password') }}</label>
+                        <div>
+                            <input type="password" class="form-control" name="new_password" />
                             <p class="text-muted"><small>{{ trans('base.password_req') }}</small></p>
-						</div>
-					</div>
-					<div class="form-group">
-						<label for="new_password_again" class="control-label">{{ trans('base.account.new_password') }} {{ trans('strings.again') }}</label>
-						<div>
-							<input type="password" class="form-control" name="new_password_confirmation" />
-						</div>
-					</div>
-					<div class="form-group">
-						<div>
-							{!! csrf_field() !!}
-							<input type="submit" class="btn btn-primary btn-sm" value="{{ trans('base.account.update_pass') }}" />
-						</div>
-					</div>
-				</form>
-		</div>
-		<div class="col-md-6">
-			<h3 class="nopad">{{ trans('base.account.update_email') }}</h3><hr />
-				<form action="/account/email" method="post">
-					<div class="form-group">
-						<label for="new_email" class="control-label">{{ trans('base.account.new_email') }}</label>
-						<div>
-							<input type="text" class="form-control" name="new_email" />
-						</div>
-					</div>
-					<div class="form-group">
-						<label for="password" class="control-label">{{ trans('strings.current_password') }}</label>
-						<div>
-							<input type="password" class="form-control" name="password" />
-						</div>
-					</div>
-					<div class="form-group">
-						<div>
-							{!! csrf_field() !!}
-							<input type="submit" class="btn btn-primary btn-sm" value="{{ trans('base.account.update_email') }}" />
-						</div>
-					</div>
-				</form>
-		</div>
-	</div>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="new_password_again" class="control-label">{{ trans('base.account.new_password') }} {{ trans('strings.again') }}</label>
+                        <div>
+                            <input type="password" class="form-control" name="new_password_confirmation" />
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div>
+                            {!! csrf_field() !!}
+                            <input type="submit" class="btn btn-primary btn-sm" value="{{ trans('base.account.update_pass') }}" />
+                        </div>
+                    </div>
+                </form>
+        </div>
+        <div class="col-md-6">
+            <h3 class="nopad">{{ trans('base.account.update_email') }}</h3><hr />
+                <form action="/account/email" method="post">
+                    <div class="form-group">
+                        <label for="new_email" class="control-label">{{ trans('base.account.new_email') }}</label>
+                        <div>
+                            <input type="text" class="form-control" name="new_email" />
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="password" class="control-label">{{ trans('strings.current_password') }}</label>
+                        <div>
+                            <input type="password" class="form-control" name="password" />
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div>
+                            {!! csrf_field() !!}
+                            <input type="submit" class="btn btn-primary btn-sm" value="{{ trans('base.account.update_email') }}" />
+                        </div>
+                    </div>
+                </form>
+        </div>
+    </div>
 </div>
 <script>
 $(document).ready(function () {
diff --git a/resources/views/emails/new_password.blade.php b/resources/views/emails/new_password.blade.php
index 4a154c0a5..8638f5518 100644
--- a/resources/views/emails/new_password.blade.php
+++ b/resources/views/emails/new_password.blade.php
@@ -1,14 +1,14 @@
 
 <html>
-	<head>
-		<title>Pterodactyl - Admin Reset Password</title>
-	</head>
-	<body>
-		<center><h1>Pterodactyl - Admin Reset Password</h1></center>
-		<p>Hello there! You are receiving this email because an admin has reset the password on your Pterodactyl account.</p>
-		<p><strong>Login:</strong> <a href="{{ config('app.url') }}/auth/login">{{ config('app.url') }}/auth/login</a><br>
-			<strong>Email:</strong> {{ $user->email }}<br>
-			<strong>Password:</strong> {{ $password }}</p>
-		<p>Thanks,<br>Pterodactyl</p>
-	</body>
+    <head>
+        <title>Pterodactyl - Admin Reset Password</title>
+    </head>
+    <body>
+        <center><h1>Pterodactyl - Admin Reset Password</h1></center>
+        <p>Hello there! You are receiving this email because an admin has reset the password on your Pterodactyl account.</p>
+        <p><strong>Login:</strong> <a href="{{ config('app.url') }}/auth/login">{{ config('app.url') }}/auth/login</a><br>
+            <strong>Email:</strong> {{ $user->email }}<br>
+            <strong>Password:</strong> {{ $password }}</p>
+        <p>Thanks,<br>Pterodactyl</p>
+    </body>
 </html>
\ No newline at end of file
diff --git a/resources/views/emails/password.blade.php b/resources/views/emails/password.blade.php
index f6769f190..d82308025 100644
--- a/resources/views/emails/password.blade.php
+++ b/resources/views/emails/password.blade.php
@@ -1,14 +1,14 @@
 
 <html>
-	<head>
-		<title>Pterodactyl Lost Password Recovery</title>
-	</head>
-	<body>
-		<center><h1>Pterodactyl Lost Password Recovery</h1></center>
-		<p>Hello there! You are receiving this email because you requested a new password for your Pterodactyl account.</p>
-		<p>Please click the link below to confirm that you wish to change your password. If you did not make this request, or do not wish to continue simply ignore this email and nothing will happen. <strong>This link will expire in 1 hour.</strong></p>
-		<p><a href="{{ url('auth/password/verify/'.$token) }}">{{ url('auth/password/verify/'.$token) }}</a></p>
-		<p>Please do not hesitate to contact us if you belive something is wrong.
-		<p>Thanks!<br />Pterodactyl</p>
-	</body>
+    <head>
+        <title>Pterodactyl Lost Password Recovery</title>
+    </head>
+    <body>
+        <center><h1>Pterodactyl Lost Password Recovery</h1></center>
+        <p>Hello there! You are receiving this email because you requested a new password for your Pterodactyl account.</p>
+        <p>Please click the link below to confirm that you wish to change your password. If you did not make this request, or do not wish to continue simply ignore this email and nothing will happen. <strong>This link will expire in 1 hour.</strong></p>
+        <p><a href="{{ url('auth/password/verify/'.$token) }}">{{ url('auth/password/verify/'.$token) }}</a></p>
+        <p>Please do not hesitate to contact us if you belive something is wrong.
+        <p>Thanks!<br />Pterodactyl</p>
+    </body>
 </html>
\ No newline at end of file
diff --git a/resources/views/errors/installing.blade.php b/resources/views/errors/installing.blade.php
index 747561855..a2b6b935d 100644
--- a/resources/views/errors/installing.blade.php
+++ b/resources/views/errors/installing.blade.php
@@ -10,10 +10,10 @@
         </div>
         <div class="panel-body">
             <p style="margin-bottom:0;">The requested server is still completing the install process. Please check back in a few minutes, you should recieve an email as soon as this process is completed.</p>
-			<br /><br />
-			<div class="progress progress-striped active">
-				<div class="progress-bar progress-bar-danger" style="width: 75%"></div>
-			</div>
+            <br /><br />
+            <div class="progress progress-striped active">
+                <div class="progress-bar progress-bar-danger" style="width: 75%"></div>
+            </div>
         </div>
     </div>
     <p style="text-align:center;"><a href="{{ URL::previous() }}">Take me back</a> or <a href="/">go home</a>.</p>

From 8c9e79721031fa915d8076844a21e487b039e0c7 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Thu, 14 Jan 2016 23:13:26 -0500
Subject: [PATCH 07/14] Finish user portion of API

---
 app/Http/Controllers/API/AuthController.php |  6 +--
 app/Http/Controllers/API/UserController.php | 60 ++++++++++++++-------
 app/Http/Routes/APIRoutes.php               | 14 +++--
 app/Models/User.php                         |  2 +-
 app/Repositories/UserRepository.php         | 51 +++++++++++++-----
 5 files changed, 94 insertions(+), 39 deletions(-)

diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
index 613f872f5..2a4284a10 100644
--- a/app/Http/Controllers/API/AuthController.php
+++ b/app/Http/Controllers/API/AuthController.php
@@ -21,7 +21,7 @@ use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Models;
 
 /**
- * @Resource("Auth", uri="/auth")
+ * @Resource("Auth")
  */
 class AuthController extends BaseController
 {
@@ -57,7 +57,7 @@ class AuthController extends BaseController
      *
      * Authenticate with the API to recieved a JSON Web Token
      *
-     * @Post("/login")
+     * @Post("/auth/login")
      * @Versions({"v1"})
      * @Request({"email": "e@mail.com", "password": "soopersecret"})
      * @Response(200, body={"token": "<jwt-token>"})
@@ -112,7 +112,7 @@ class AuthController extends BaseController
     /**
      * Check if Authenticated
      *
-     * @Post("/validate")
+     * @Post("/auth/validate")
      * @Versions({"v1"})
      * @Request(headers={"Authorization": "Bearer <jwt-token>"})
      * @Response(204)
diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 006d73ed0..0ab62f2c8 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -6,12 +6,14 @@ use Illuminate\Http\Request;
 
 use Dingo\Api\Exception\StoreResourceFailedException;
 
-use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Models;
+use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Repositories\UserRepository;
+use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Exceptions\DisplayException;
 
 /**
- * @Resource("Users", uri="/users")
+ * @Resource("Users")
  */
 class UserController extends BaseController
 {
@@ -21,7 +23,7 @@ class UserController extends BaseController
      *
      * Lists all users currently on the system.
      *
-     * @Get("/{?page}")
+     * @Get("/users/{?page}")
      * @Versions({"v1"})
      * @Parameters({
      *      @Parameter("page", type="integer", description="The page of results to view.", default=1)
@@ -39,7 +41,7 @@ class UserController extends BaseController
      *
      * Lists specific fields about a user or all fields pertaining to that user.
      *
-     * @Get("/{id}/{fields}")
+     * @Get("/users/{id}/{fields}")
      * @Versions({"v1"})
      * @Parameters({
      *      @Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
@@ -47,7 +49,7 @@ class UserController extends BaseController
      * })
      * @Response(200)
      */
-    public function getUserByID(Request $request, $id, $fields = null)
+    public function getUser(Request $request, $id, $fields = null)
     {
         $query = Models\User::where('id', $id);
 
@@ -65,7 +67,7 @@ class UserController extends BaseController
     /**
      * Create a New User
      *
-     * @Post("/")
+     * @Post("/users")
      * @Versions({"v1"})
      * @Transaction({
      *      @Request({
@@ -73,26 +75,30 @@ class UserController extends BaseController
      *          "password": "foopassword",
      *          "admin": false
      *       }, headers={"Authorization": "Bearer <jwt-token>"}),
-     *       @Response(200, body={"id": 1}),
-     *       @Response(422, body{
+     *       @Response(201),
+     *       @Response(422, body={
      *          "message": "A validation error occured.",
      *          "errors": {
-     *              "email": ["The email field is required."],
-     *              "password": ["The password field is required."],
-     *              "admin": ["The admin field is required."]
+     *              "email": {"The email field is required."},
+     *              "password": {"The password field is required."},
+     *              "admin": {"The admin field is required."}
      *          },
      *          "status_code": 422
      *       })
      * })
      */
-    public function postUsers(Request $request)
+    public function postUser(Request $request)
     {
         try {
             $user = new UserRepository;
             $create = $user->create($request->input('email'), $request->input('password'), $request->input('admin'));
-            return [ 'id' => $create ];
-        } catch (\Pterodactyl\Exceptions\DisplayValidationException $ex) {
+            return $this->response->created(route('api.users.view', [
+                'id' => $create
+            ]));
+        } catch (DisplayValidationException $ex) {
             throw new StoreResourceFailedException('A validation error occured.', json_decode($ex->getMessage(), true));
+        } catch (DisplayException $ex) {
+            throw new StoreResourceFailedException($ex->getMessage());
         } catch (\Exception $ex) {
             throw new StoreResourceFailedException('Unable to create a user on the system due to an error.');
         }
@@ -103,7 +109,7 @@ class UserController extends BaseController
      *
      * The data sent in the request will be used to update the existing user on the system.
      *
-     * @Patch("/{id}")
+     * @Patch("/users/{id}")
      * @Versions({"v1"})
      * @Transaction({
      *      @Request({
@@ -118,13 +124,23 @@ class UserController extends BaseController
      */
     public function patchUser(Request $request, $id)
     {
-        //
+        try {
+            $user = new UserRepository;
+            $user->update($id, $request->all());
+            return Models\User::findOrFail($id);
+        } catch (DisplayValidationException $ex) {
+            throw new StoreResourceFailedException('A validation error occured.', json_decode($ex->getMessage(), true));
+        } catch (DisplayException $ex) {
+            throw new StoreResourceFailedException($ex->getMessage());
+        } catch (\Exception $ex) {
+            throw new StoreResourceFailedException('Unable to create a user on the system due to an error.');
+        }
     }
 
     /**
      * Delete a User
      *
-     * @Delete("/{id}")
+     * @Delete("/users/{id}")
      * @Versions({"v1"})
      * @Transaction({
      *      @Request(headers={"Authorization": "Bearer <jwt-token>"}),
@@ -137,7 +153,15 @@ class UserController extends BaseController
      */
     public function deleteUser(Request $request, $id)
     {
-        //
+        try {
+            $user = new UserRepository;
+            $user->delete($id);
+            return $this->response->noContent();
+        } catch (DisplayException $ex) {
+            throw new StoreResourceFailedException($ex->getMessage());
+        } catch (\Exception $ex) {
+            throw new StoreResourceFailedException('Unable to delete this user due to an error.');
+        }
     }
 
 }
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
index 58157d8a9..79b7db006 100644
--- a/app/Http/Routes/APIRoutes.php
+++ b/app/Http/Routes/APIRoutes.php
@@ -30,7 +30,6 @@ class APIRoutes
         });
 
         $api->version('v1', ['middleware' => 'api.auth'], function ($api) {
-
             $api->get('users', [
                 'as' => 'api.users',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
@@ -38,14 +37,23 @@ class APIRoutes
 
             $api->post('users', [
                 'as' => 'api.users.post',
-                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@postUsers'
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@postUser'
             ]);
 
             $api->get('users/{id}/{fields?}', [
                 'as' => 'api.users.view',
-                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUserByID'
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUser'
             ]);
 
+            $api->patch('users/{id}/', [
+                'as' => 'api.users.patch',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@patchUser'
+            ]);
+
+            $api->delete('users/{id}/', [
+                'as' => 'api.users.delete',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@deleteUser'
+            ]);
         });
     }
 
diff --git a/app/Models/User.php b/app/Models/User.php
index 742f194bc..2ce0c6746 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -34,7 +34,7 @@ class User extends Model implements AuthenticatableContract,
      *
      * @var array
      */
-    protected $fillable = ['name', 'email', 'password'];
+    protected $fillable = ['name', 'email', 'password', 'use_totp', 'totp_secret', 'language'];
 
     /**
      * The attributes excluded from the model's JSON form.
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index 62f690871..92f431d97 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -2,13 +2,15 @@
 
 namespace Pterodactyl\Repositories;
 
-use Validator;
+use DB;
 use Hash;
+use Validator;
 
-use Pterodactyl\Models\User;
+use Pterodactyl\Models;
 use Pterodactyl\Services\UuidService;
 
 use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Exceptions\DisplayException;
 
 class UserRepository
 {
@@ -27,15 +29,14 @@ class UserRepository
      */
     public function create($email, $password, $admin = false)
     {
-
         $validator = Validator::make([
             'email' => $email,
             'password' => $password,
-            'admin' => $admin
+            'root_admin' => $admin
         ], [
             'email' => 'required|email|unique:users,email',
             'password' => 'required|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
-            'admin' => 'required|boolean'
+            'root_admin' => 'required|boolean'
         ]);
 
         // Run validator, throw catchable and displayable exception if it fails.
@@ -44,7 +45,7 @@ class UserRepository
             throw new DisplayValidationException($validator->errors());
         }
 
-        $user = new User;
+        $user = new Models\User;
         $uuid = new UuidService;
 
         $user->uuid = $uuid->generate('users', 'uuid');
@@ -64,16 +65,25 @@ class UserRepository
      * Updates a user on the panel.
      *
      * @param  integer $id
-     * @param  array $user An array of columns and their associated values to update for the user.
+     * @param  array $data An array of columns and their associated values to update for the user.
      * @return boolean
      */
-    public function update($id, array $user)
+    public function update($id, array $data)
     {
-        if(array_key_exists('password', $user)) {
-            $user['password'] = Hash::make($user['password']);
+        $validator = Validator::make($data, [
+            'email' => 'email|unique:users,email,' . $id,
+            'password' => 'regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
+            'root_admin' => 'boolean',
+            'language' => 'string|min:1|max:5',
+            'use_totp' => 'boolean',
+            'totp_secret' => 'size:16'
+        ]);
+
+        if(array_key_exists('password', $data)) {
+            $user['password'] = Hash::make($data['password']);
         }
 
-        return User::find($id)->update($user);
+        return Models\User::find($id)->update($data);
     }
 
     /**
@@ -84,9 +94,22 @@ class UserRepository
      */
     public function delete($id)
     {
-        // @TODO cannot delete user with associated servers!
-        // clean up subusers!
-        return User::destroy($id);
+        if(Models\Server::where('owner', $id)->count() > 0) {
+            throw new DisplayException('Cannot delete a user with active servers attached to thier account.');
+        }
+
+        DB::beginTransaction();
+
+        Models\Permission::where('user_id', $id)->delete();
+        Models\Subuser::where('user_id', $id)->delete();
+        Models\User::destroy($id);
+
+        try {
+            DB::commit();
+            return true;
+        } catch (\Exception $ex) {
+            throw $ex;
+        }
     }
 
 }

From e2d5145e3d5e47438023ebc14a5b1674dff14073 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Thu, 14 Jan 2016 23:48:58 -0500
Subject: [PATCH 08/14] Set user language properly

---
 app/Repositories/UserRepository.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index 92f431d97..cc0e771b7 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -51,6 +51,7 @@ class UserRepository
         $user->uuid = $uuid->generate('users', 'uuid');
         $user->email = $email;
         $user->password = Hash::make($password);
+        $user->language = 'en';
         $user->root_admin = ($admin) ? 1 : 0;
 
         try {

From 69c2e89fe0b6810181245ffc4e807557937b01b6 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Fri, 15 Jan 2016 00:08:50 -0500
Subject: [PATCH 09/14] Fix some missing exceptions and validation handling for
 users

---
 app/Http/Controllers/API/UserController.php | 15 ++++++++++++++-
 app/Repositories/UserRepository.php         |  8 +++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 0ab62f2c8..edae69474 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -9,8 +9,11 @@ use Dingo\Api\Exception\StoreResourceFailedException;
 use Pterodactyl\Models;
 use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Repositories\UserRepository;
+
 use Pterodactyl\Exceptions\DisplayValidationException;
 use Pterodactyl\Exceptions\DisplayException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
  * @Resource("Users")
@@ -61,7 +64,17 @@ class UserController extends BaseController
             }
         }
 
-        return $query->first();
+        try {
+            if (!$query->first()) {
+                throw new NotFoundHttpException('No user by that ID was found.');
+            }
+            return $query->first();
+        } catch (NotFoundHttpException $ex) {
+            throw $ex;
+        } catch (\Exception $ex) {
+            throw new BadRequestHttpException('There was an issue with the fields passed in the request.');
+        }
+
     }
 
     /**
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index cc0e771b7..7f5b8ade1 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -80,11 +80,17 @@ class UserRepository
             'totp_secret' => 'size:16'
         ]);
 
+        // Run validator, throw catchable and displayable exception if it fails.
+        // Exception includes a JSON result of failed validation rules.
+        if ($validator->fails()) {
+            throw new DisplayValidationException($validator->errors());
+        }
+
         if(array_key_exists('password', $data)) {
             $user['password'] = Hash::make($data['password']);
         }
 
-        return Models\User::find($id)->update($data);
+        return Models\User::findOrFail($id)->update($data);
     }
 
     /**

From 0ccaa16ea426933a9bc25de44d6654ca975c8eb7 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Fri, 15 Jan 2016 00:20:58 -0500
Subject: [PATCH 10/14] Fix exceptions thrown to mimic proper HTTP status codes

---
 app/Http/Controllers/API/UserController.php | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index edae69474..5a4a68537 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -4,7 +4,7 @@ namespace Pterodactyl\Http\Controllers\API;
 
 use Illuminate\Http\Request;
 
-use Dingo\Api\Exception\StoreResourceFailedException;
+use Dingo\Api\Exception\ResourceException;
 
 use Pterodactyl\Models;
 use Pterodactyl\Transformers\UserTransformer;
@@ -14,6 +14,7 @@ use Pterodactyl\Exceptions\DisplayValidationException;
 use Pterodactyl\Exceptions\DisplayException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
 
 /**
  * @Resource("Users")
@@ -109,11 +110,11 @@ class UserController extends BaseController
                 'id' => $create
             ]));
         } catch (DisplayValidationException $ex) {
-            throw new StoreResourceFailedException('A validation error occured.', json_decode($ex->getMessage(), true));
+            throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
         } catch (DisplayException $ex) {
-            throw new StoreResourceFailedException($ex->getMessage());
+            throw new ResourceException($ex->getMessage());
         } catch (\Exception $ex) {
-            throw new StoreResourceFailedException('Unable to create a user on the system due to an error.');
+            throw new ServiceUnavailableHttpException('Unable to create a user on the system due to an error.');
         }
     }
 
@@ -142,11 +143,11 @@ class UserController extends BaseController
             $user->update($id, $request->all());
             return Models\User::findOrFail($id);
         } catch (DisplayValidationException $ex) {
-            throw new StoreResourceFailedException('A validation error occured.', json_decode($ex->getMessage(), true));
+            throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
         } catch (DisplayException $ex) {
-            throw new StoreResourceFailedException($ex->getMessage());
+            throw new ResourceException($ex->getMessage());
         } catch (\Exception $ex) {
-            throw new StoreResourceFailedException('Unable to create a user on the system due to an error.');
+            throw new ServiceUnavailableHttpException('Unable to update a user on the system due to an error.');
         }
     }
 
@@ -171,9 +172,9 @@ class UserController extends BaseController
             $user->delete($id);
             return $this->response->noContent();
         } catch (DisplayException $ex) {
-            throw new StoreResourceFailedException($ex->getMessage());
+            throw new ResourceException($ex->getMessage());
         } catch (\Exception $ex) {
-            throw new StoreResourceFailedException('Unable to delete this user due to an error.');
+            throw new ServiceUnavailableHttpException('Unable to delete this user due to an error.');
         }
     }
 

From 63f377a0385eb3d70c50124fe296e9ba950155fd Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Fri, 15 Jan 2016 17:54:29 -0500
Subject: [PATCH 11/14] Add more API routes

Servers: list all, list single
Nodes: list all, list single, list single allocations, add node
Locations: list all
---
 .../Controllers/API/LocationController.php    |  33 ++++
 app/Http/Controllers/API/NodeController.php   | 154 ++++++++++++++++++
 app/Http/Controllers/API/ServerController.php |  84 ++++++++++
 app/Http/Controllers/API/UserController.php   |   6 +-
 app/Http/Routes/APIRoutes.php                 |  55 ++++++-
 app/Transformers/NodeTransformer.php          |  21 +++
 app/Transformers/ServerTransformer.php        |  21 +++
 7 files changed, 368 insertions(+), 6 deletions(-)
 create mode 100644 app/Http/Controllers/API/LocationController.php
 create mode 100644 app/Http/Controllers/API/NodeController.php
 create mode 100644 app/Http/Controllers/API/ServerController.php
 create mode 100644 app/Transformers/NodeTransformer.php
 create mode 100644 app/Transformers/ServerTransformer.php

diff --git a/app/Http/Controllers/API/LocationController.php b/app/Http/Controllers/API/LocationController.php
new file mode 100644
index 000000000..0fdfea47a
--- /dev/null
+++ b/app/Http/Controllers/API/LocationController.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use Illuminate\Http\Request;
+use Pterodactyl\Models\Location;
+
+/**
+ * @Resource("Servers")
+ */
+class LocationController extends BaseController
+{
+
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * List All Locations
+     *
+     * Lists all locations currently on the system.
+     *
+     * @Get("/locations")
+     * @Versions({"v1"})
+     * @Response(200)
+     */
+    public function getLocations(Request $request)
+    {
+        return Location::all();
+    }
+
+}
diff --git a/app/Http/Controllers/API/NodeController.php b/app/Http/Controllers/API/NodeController.php
new file mode 100644
index 000000000..30b78580d
--- /dev/null
+++ b/app/Http/Controllers/API/NodeController.php
@@ -0,0 +1,154 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use Illuminate\Http\Request;
+
+use Pterodactyl\Models;
+use Pterodactyl\Transformers\NodeTransformer;
+use Pterodactyl\Repositories\NodeRepository;
+
+use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Exceptions\DisplayException;
+use Dingo\Api\Exception\ResourceException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+
+/**
+ * @Resource("Servers")
+ */
+class NodeController extends BaseController
+{
+
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * List All Nodes
+     *
+     * Lists all nodes currently on the system.
+     *
+     * @Get("/nodes/{?page}")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("page", type="integer", description="The page of results to view.", default=1)
+     * })
+     * @Response(200)
+     */
+    public function getNodes(Request $request)
+    {
+        $nodes = Models\Node::paginate(15);
+        return $this->response->paginator($nodes, new NodeTransformer);
+    }
+
+    /**
+     * Create a New Node
+     *
+     * @Post("/nodes")
+     * @Versions({"v1"})
+     * @Transaction({
+     *      @Request({
+     *      	'name' => 'My API Node',
+     *      	'location' => 1,
+     *      	'public' => 1,
+     *      	'fqdn' => 'daemon.wuzzle.woo',
+     *      	'scheme' => 'https',
+     *      	'memory' => 10240,
+     *      	'memory_overallocate' => 100,
+     *      	'disk' => 204800,
+     *      	'disk_overallocate' => -1,
+     *      	'daemonBase' => '/srv/daemon-data',
+     *      	'daemonSFTP' => 2022,
+     *      	'daemonListen' => 8080
+     *      }, headers={"Authorization": "Bearer <jwt-token>"}),
+     *       @Response(201),
+     *       @Response(422, body={
+     *          "message": "A validation error occured.",
+     *          "errors": {},
+     *          "status_code": 422
+     *       }),
+     *       @Response(503, body={
+     *       	"message": "There was an error while attempting to add this node to the system.",
+     *       	"status_code": 503
+     *       })
+     * })
+     */
+    public function postNode(Request $request)
+    {
+        try {
+            $node = new NodeRepository;
+            $new = $node->create($request->all());
+            return $this->response->created(route('api.nodes.view', [
+                'id' => $new
+            ]));
+        } catch (DisplayValidationException $ex) {
+            throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
+        } catch (DisplayException $ex) {
+            throw new ResourceException($ex->getMessage());
+        } catch (\Exception $e) {
+            throw new BadRequestHttpException('There was an error while attempting to add this node to the system.');
+        }
+    }
+
+    /**
+     * List Specific Node
+     *
+     * Lists specific fields about a server or all fields pertaining to that node.
+     *
+     * @Get("/nodes/{id}/{?fields}")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("id", type="integer", required=true, description="The ID of the node to get information on."),
+     *      @Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
+     * })
+     * @Response(200)
+     */
+    public function getNode(Request $request, $id, $fields = null)
+    {
+        $query = Models\Node::where('id', $id);
+
+        if (!is_null($request->input('fields'))) {
+            foreach(explode(',', $request->input('fields')) as $field) {
+                if (!empty($field)) {
+                    $query->addSelect($field);
+                }
+            }
+        }
+
+        try {
+            if (!$query->first()) {
+                throw new NotFoundHttpException('No node by that ID was found.');
+            }
+            return $query->first();
+        } catch (NotFoundHttpException $ex) {
+            throw $ex;
+        } catch (\Exception $ex) {
+            throw new BadRequestHttpException('There was an issue with the fields passed in the request.');
+        }
+    }
+
+    /**
+     * List Node Allocations
+     *
+     * Returns a listing of all node allocations.
+     *
+     * @Get("/nodes/{id}/allocations")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("id", type="integer", required=true, description="The ID of the node to get allocations for."),
+     * })
+     * @Response(200)
+     */
+    public function getNodeAllocations(Request $request, $id)
+    {
+        $allocations = Models\Allocation::select('ip', 'port', 'assigned_to')->where('node', $id)->orderBy('ip', 'asc')->orderBy('port', 'asc')->get();
+        if ($allocations->count() < 1) {
+            throw new NotFoundHttpException('No allocations where found for the requested node.');
+        }
+        return $allocations;
+    }
+
+}
diff --git a/app/Http/Controllers/API/ServerController.php b/app/Http/Controllers/API/ServerController.php
new file mode 100644
index 000000000..4417bb67c
--- /dev/null
+++ b/app/Http/Controllers/API/ServerController.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use Illuminate\Http\Request;
+
+use Pterodactyl\Models;
+use Pterodactyl\Transformers\ServerTransformer;
+use Pterodactyl\Repositories\ServerRepository;
+
+use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Exceptions\DisplayException;
+use Dingo\Api\Exception\ResourceException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+
+/**
+ * @Resource("Servers")
+ */
+class ServerController extends BaseController
+{
+
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * List All Servers
+     *
+     * Lists all servers currently on the system.
+     *
+     * @Get("/servers/{?page}")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("page", type="integer", description="The page of results to view.", default=1)
+     * })
+     * @Response(200)
+     */
+    public function getServers(Request $request)
+    {
+        $servers = Models\Server::paginate(15);
+        return $this->response->paginator($servers, new ServerTransformer);
+    }
+
+    /**
+     * List Specific Server
+     *
+     * Lists specific fields about a server or all fields pertaining to that server.
+     *
+     * @Get("/servers/{id}/{fields}")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("id", type="integer", required=true, description="The ID of the server to get information on."),
+     *      @Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
+     * })
+     * @Response(200)
+     */
+    public function getServer(Request $request, $id)
+    {
+        $query = Models\Server::where('id', $id);
+
+        if (!is_null($request->input('fields'))) {
+            foreach(explode(',', $request->input('fields')) as $field) {
+                if (!empty($field)) {
+                    $query->addSelect($field);
+                }
+            }
+        }
+
+        try {
+            if (!$query->first()) {
+                throw new NotFoundHttpException('No server by that ID was found.');
+            }
+            return $query->first();
+        } catch (NotFoundHttpException $ex) {
+            throw $ex;
+        } catch (\Exception $ex) {
+            throw new BadRequestHttpException('There was an issue with the fields passed in the request.');
+        }
+    }
+
+}
diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 5a4a68537..12c9e8167 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -53,12 +53,12 @@ class UserController extends BaseController
      * })
      * @Response(200)
      */
-    public function getUser(Request $request, $id, $fields = null)
+    public function getUser(Request $request, $id)
     {
         $query = Models\User::where('id', $id);
 
-        if (!is_null($fields)) {
-            foreach(explode(',', $fields) as $field) {
+        if (!is_null($request->input('fields'))) {
+            foreach(explode(',', $request->input('fields')) as $field) {
                 if (!empty($field)) {
                     $query->addSelect($field);
                 }
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
index 79b7db006..3c1233ff2 100644
--- a/app/Http/Routes/APIRoutes.php
+++ b/app/Http/Routes/APIRoutes.php
@@ -30,6 +30,10 @@ class APIRoutes
         });
 
         $api->version('v1', ['middleware' => 'api.auth'], function ($api) {
+
+            /**
+             * User Routes
+             */
             $api->get('users', [
                 'as' => 'api.users',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
@@ -40,20 +44,65 @@ class APIRoutes
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@postUser'
             ]);
 
-            $api->get('users/{id}/{fields?}', [
+            $api->get('users/{id}', [
                 'as' => 'api.users.view',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUser'
             ]);
 
-            $api->patch('users/{id}/', [
+            $api->patch('users/{id}', [
                 'as' => 'api.users.patch',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@patchUser'
             ]);
 
-            $api->delete('users/{id}/', [
+            $api->delete('users/{id}', [
                 'as' => 'api.users.delete',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@deleteUser'
             ]);
+
+            /**
+             * Server Routes
+             */
+            $api->get('servers', [
+                'as' => 'api.servers',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@getServers'
+            ]);
+
+            $api->get('servers/{id}', [
+                'as' => 'api.servers.view',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@getServer'
+            ]);
+
+            /**
+             * Node Routes
+             */
+            $api->get('nodes', [
+                'as' => 'api.nodes',
+                'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@getNodes'
+            ]);
+
+            $api->post('nodes', [
+                'as' => 'api.nodes.post',
+                'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@postNode'
+            ]);
+
+            $api->get('nodes/{id}', [
+                'as' => 'api.nodes.view',
+                'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@getNode'
+            ]);
+
+            $api->get('nodes/{id}/allocations', [
+                'as' => 'api.nodes.view',
+                'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@getNodeAllocations'
+            ]);
+
+            /**
+             * Location Routes
+             */
+            $api->get('locations', [
+                'as' => 'api.locations',
+                'uses' => 'Pterodactyl\Http\Controllers\API\LocationController@getLocations'
+            ]);
+
         });
     }
 
diff --git a/app/Transformers/NodeTransformer.php b/app/Transformers/NodeTransformer.php
new file mode 100644
index 000000000..45a7efbc3
--- /dev/null
+++ b/app/Transformers/NodeTransformer.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Pterodactyl\Transformers;
+
+use Pterodactyl\Models\Node;
+use League\Fractal\TransformerAbstract;
+
+class NodeTransformer extends TransformerAbstract
+{
+
+    /**
+     * Turn this item object into a generic array
+     *
+     * @return array
+     */
+    public function transform(Node $node)
+    {
+        return $node;
+    }
+
+}
diff --git a/app/Transformers/ServerTransformer.php b/app/Transformers/ServerTransformer.php
new file mode 100644
index 000000000..38e788f30
--- /dev/null
+++ b/app/Transformers/ServerTransformer.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Pterodactyl\Transformers;
+
+use Pterodactyl\Models\Server;
+use League\Fractal\TransformerAbstract;
+
+class ServerTransformer extends TransformerAbstract
+{
+
+    /**
+     * Turn this item object into a generic array
+     *
+     * @return array
+     */
+    public function transform(Server $server)
+    {
+        return $server;
+    }
+
+}

From 77e3744b404d6d1a3bf542afb5d934f509fab6a9 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Fri, 15 Jan 2016 19:26:50 -0500
Subject: [PATCH 12/14] Change authentication method for API.

---
 app/Http/Controllers/API/AuthController.php   | 124 ------------------
 app/Http/Middleware/APISecretToken.php        |  80 +++++++++++
 app/Http/Routes/APIRoutes.php                 |  18 ---
 app/Models/API.php                            |  63 ---------
 app/Models/APIKey.php                         |  17 +++
 app/Models/APIPermission.php                  |  13 --
 config/api.php                                |   2 +-
 ...016_01_15_231502_create_table_api_keys.php |  33 +++++
 ...15_233110_create_table_api_permissions.php |  31 +++++
 9 files changed, 162 insertions(+), 219 deletions(-)
 delete mode 100644 app/Http/Controllers/API/AuthController.php
 create mode 100644 app/Http/Middleware/APISecretToken.php
 delete mode 100644 app/Models/API.php
 create mode 100644 app/Models/APIKey.php
 create mode 100644 database/migrations/2016_01_15_231502_create_table_api_keys.php
 create mode 100644 database/migrations/2016_01_15_233110_create_table_api_permissions.php

diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
deleted file mode 100644
index 2a4284a10..000000000
--- a/app/Http/Controllers/API/AuthController.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Controllers\API;
-
-use JWTAuth;
-use Hash;
-use Validator;
-
-use Tymon\JWTAuth\Exceptions\JWTException;
-
-use Dingo\Api\Exception\StoreResourceFailedException;
-use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
-use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
-use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
-
-use Illuminate\Http\Request;
-use Illuminate\Foundation\Auth\ThrottlesLogins;
-use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
-
-use Pterodactyl\Transformers\UserTransformer;
-use Pterodactyl\Models;
-
-/**
- * @Resource("Auth")
- */
-class AuthController extends BaseController
-{
-
-    use AuthenticatesAndRegistersUsers, ThrottlesLogins;
-
-    /**
-     * Lockout time for failed login requests.
-     *
-     * @var integer
-     */
-    protected $lockoutTime = 120;
-
-    /**
-     * After how many attempts should logins be throttled and locked.
-     *
-     * @var integer
-     */
-    protected $maxLoginAttempts = 3;
-
-    /**
-     * Create a new authentication controller instance.
-     *
-     * @return void
-     */
-    public function __construct()
-    {
-        //
-    }
-
-    /**
-     * Authenticate
-     *
-     * Authenticate with the API to recieved a JSON Web Token
-     *
-     * @Post("/auth/login")
-     * @Versions({"v1"})
-     * @Request({"email": "e@mail.com", "password": "soopersecret"})
-     * @Response(200, body={"token": "<jwt-token>"})
-     */
-    public function postLogin(Request $request) {
-
-        $validator = Validator::make($request->only(['email', 'password']), [
-            'email' => 'required|email',
-            'password' => 'required|min:8'
-        ]);
-
-        if ($validator->fails()) {
-            throw new StoreResourceFailedException('Required authentication fields were invalid.', $validator->errors());
-        }
-
-        $throttled = $this->isUsingThrottlesLoginsTrait();
-        if ($throttled && $this->hasTooManyLoginAttempts($request)) {
-            throw new TooManyRequestsHttpException('You have been login throttled for 120 seconds.');
-        }
-
-        // Is the email & password valid?
-        $user = Models\User::where('email', $request->input('email'))->first();
-        if (!$user || !Hash::check($request->input('password'), $user->password)) {
-            if ($throttled) {
-                $this->incrementLoginAttempts($request);
-            }
-            throw new UnauthorizedHttpException('A user by those credentials was not found.');
-        }
-
-        // @TODO: validate TOTP if enabled on account?
-        // Perhaps this could be implemented in such a way that they login to their
-        // account and generate a one time password that can be used? Would be a pain in
-        // the butt for multiple API requests though. Maybe just included a 'totp' field
-        // that can include the token for that timestamp. Would allow for programtic
-        // generation of the code and API requests.
-        if ($user->root_admin !== 1) {
-            throw new UnauthorizedHttpException('This account does not have permission to interface this API.');
-        }
-
-        try {
-            $token = JWTAuth::fromUser($user);
-            if (!$token) {
-                throw new UnauthorizedHttpException('');
-            }
-        } catch (JWTException $ex) {
-            throw new ServiceUnavailableHttpException('');
-        }
-
-        return compact('token');
-    }
-
-    /**
-     * Check if Authenticated
-     *
-     * @Post("/auth/validate")
-     * @Versions({"v1"})
-     * @Request(headers={"Authorization": "Bearer <jwt-token>"})
-     * @Response(204)
-     */
-    public function postValidate(Request $request) {
-        return $this->response->noContent();
-    }
-
-}
diff --git a/app/Http/Middleware/APISecretToken.php b/app/Http/Middleware/APISecretToken.php
new file mode 100644
index 000000000..7678a1e89
--- /dev/null
+++ b/app/Http/Middleware/APISecretToken.php
@@ -0,0 +1,80 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware;
+
+use Pterodactyl\Models\APIKey;
+use Pterodactyl\Models\APIPermission;
+
+use Illuminate\Http\Request;
+use Dingo\Api\Routing\Route;
+use Dingo\Api\Auth\Provider\Authorization;
+
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 400
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; // 401
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
+
+class APISecretToken extends Authorization
+{
+
+    protected $algo = 'sha256';
+
+    protected $permissionAllowed = false;
+
+    public function __construct()
+    {
+        //
+    }
+
+    public function getAuthorizationMethod()
+    {
+        return 'Authorization';
+    }
+
+    public function authenticate(Request $request, Route $route)
+    {
+        if (!$request->bearerToken() || empty($request->bearerToken())) {
+            throw new UnauthorizedHttpException('The authentication header was missing or malformed');
+        }
+
+        list($public, $hashed) = explode('.', $request->bearerToken());
+
+        $key = APIKey::where('public', $public)->first();
+        if (!$key) {
+            throw new AccessDeniedHttpException('Invalid API Key.');
+        }
+
+        // Check for Resource Permissions
+        if (!empty($request->route()->getName())) {
+            if(!is_null($key->allowed_ips)) {
+                if (!in_array($request->ip(), json_decode($key->allowed_ips))) {
+                    throw new AccessDeniedHttpException('This IP address does not have permission to use this API key.');
+                }
+            }
+
+            foreach(APIPermission::where('key_id', $key->id)->get() as &$row) {
+                if ($row->permission === '*' || $row->permission === $request->route()->getName()) {
+                    $this->permissionAllowed = true;
+                    continue;
+                }
+            }
+
+            if (!$this->permissionAllowed) {
+                throw new AccessDeniedHttpException('You do not have permission to access this resource.');
+            }
+        }
+
+        if($this->_generateHMAC($request->fullUrl(), $request->getContent(), $key->secret) !== base64_decode($hashed)) {
+            throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
+        }
+
+        return true;
+
+    }
+
+    protected function _generateHMAC($url, $body, $key)
+    {
+        $data = urldecode($url) . '.' . $body;
+        return hash_hmac($this->algo, $data, $key, true);
+    }
+
+}
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
index 3c1233ff2..a0e715cb5 100644
--- a/app/Http/Routes/APIRoutes.php
+++ b/app/Http/Routes/APIRoutes.php
@@ -10,25 +10,7 @@ class APIRoutes
 
     public function map(Router $router) {
 
-        app('Dingo\Api\Auth\Auth')->extend('jwt', function ($app) {
-            return new \Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
-        });
-
         $api = app('Dingo\Api\Routing\Router');
-
-        $api->version('v1', function ($api) {
-            $api->post('auth/login', [
-                'as' => 'api.auth.login',
-                'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postLogin'
-            ]);
-
-            $api->post('auth/validate', [
-                'middleware' => 'api.auth',
-                'as' => 'api.auth.validate',
-                'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postValidate'
-            ]);
-        });
-
         $api->version('v1', ['middleware' => 'api.auth'], function ($api) {
 
             /**
diff --git a/app/Models/API.php b/app/Models/API.php
deleted file mode 100644
index b33985252..000000000
--- a/app/Models/API.php
+++ /dev/null
@@ -1,63 +0,0 @@
-<?php
-
-namespace Pterodactyl\Models;
-
-use Log;
-use Pterodactyl\Exceptions\DisplayException;
-use Pterodactyl\Models\APIPermission;
-use Illuminate\Database\Eloquent\Model;
-
-class API extends Model
-{
-
-    /**
-     * The table associated with the model.
-     *
-     * @var string
-     */
-    protected $table = 'api';
-
-    /**
-     * The attributes excluded from the model's JSON form.
-     *
-     * @var array
-     */
-    protected $hidden = ['daemonSecret'];
-
-    public function permissions()
-    {
-        return $this->hasMany(APIPermission::class);
-    }
-
-    public static function findKey($key)
-    {
-        return self::where('key', $key)->first();
-    }
-
-    /**
-     * Determine if an API key has permission to perform an action.
-     *
-     * @param  string $key
-     * @param  string $permission
-     * @return boolean
-     */
-    public static function checkPermission($key, $permission)
-    {
-        $api = self::findKey($key);
-
-        if (!$api) {
-            throw new DisplayException('The requested API key (' . $key . ') was not found in the system.');
-        }
-
-        return APIPermission::check($api->id, $permission);
-
-    }
-
-    public static function noPermissionError($error = 'You do not have permission to perform this action with this API key.')
-    {
-        return response()->json([
-            'error' => 'You do not have permission to perform this action with this API key.'
-        ], 403);
-    }
-
-}
diff --git a/app/Models/APIKey.php b/app/Models/APIKey.php
new file mode 100644
index 000000000..dc7912f26
--- /dev/null
+++ b/app/Models/APIKey.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace Pterodactyl\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class APIKey extends Model
+{
+
+    /**
+     * The table associated with the model.
+     *
+     * @var string
+     */
+    protected $table = 'api_keys';
+
+}
diff --git a/app/Models/APIPermission.php b/app/Models/APIPermission.php
index 29f0cfdb1..037729716 100644
--- a/app/Models/APIPermission.php
+++ b/app/Models/APIPermission.php
@@ -2,7 +2,6 @@
 
 namespace Pterodactyl\Models;
 
-use Debugbar;
 use Illuminate\Database\Eloquent\Model;
 
 class APIPermission extends Model
@@ -15,16 +14,4 @@ class APIPermission extends Model
      */
     protected $table = 'api_permissions';
 
-    /**
-     * Checks if an API key has a specific permission.
-     *
-     * @param  int $id
-     * @param  string $permission
-     * @return boolean
-     */
-    public static function check($id, $permission)
-    {
-        return self::where('key_id', $id)->where('permission', $permission)->exists();
-    }
-
 }
diff --git a/config/api.php b/config/api.php
index 872723046..234a8bca7 100644
--- a/config/api.php
+++ b/config/api.php
@@ -155,7 +155,7 @@ return [
     */
 
     'auth' => [
-        'jwt' => 'Dingo\Api\Auth\Provider\JWT'
+        'custom' => 'Pterodactyl\Http\Middleware\APISecretToken'
     ],
 
     /*
diff --git a/database/migrations/2016_01_15_231502_create_table_api_keys.php b/database/migrations/2016_01_15_231502_create_table_api_keys.php
new file mode 100644
index 000000000..9b1fb4bb7
--- /dev/null
+++ b/database/migrations/2016_01_15_231502_create_table_api_keys.php
@@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class CreateTableApiKeys extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('api_keys', function (Blueprint $table) {
+            $table->increments('id');
+            $table->char('public', 16);
+            $table->char('secret', 32);
+            $table->json('allowed_ips')->nullable();
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::drop('api_keys');
+    }
+}
diff --git a/database/migrations/2016_01_15_233110_create_table_api_permissions.php b/database/migrations/2016_01_15_233110_create_table_api_permissions.php
new file mode 100644
index 000000000..9056003b9
--- /dev/null
+++ b/database/migrations/2016_01_15_233110_create_table_api_permissions.php
@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class CreateTableApiPermissions extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('api_permissions', function (Blueprint $table) {
+            $table->increments('id');
+            $table->integer('key_id')->unsigned();
+            $table->string('permission');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::drop('api_permissions');
+    }
+}

From ac65d5fa21c106bbf9f88449ace2c9119b1dbc56 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sat, 16 Jan 2016 00:25:21 -0500
Subject: [PATCH 13/14] Finish base API.

Making PR, any additional API functions or modifications can be done
within the repository now.
---
 .../Controllers/API/LocationController.php    | 12 ++-
 app/Http/Controllers/API/NodeController.php   | 25 ++++-
 app/Http/Controllers/API/ServerController.php | 99 ++++++++++++++++++-
 .../Controllers/API/ServiceController.php     | 47 +++++++++
 app/Http/Controllers/API/UserController.php   |  2 +-
 app/Http/Routes/APIRoutes.php                 | 40 +++++++-
 app/Repositories/NodeRepository.php           |  6 ++
 app/Repositories/ServerRepository.php         | 24 +++++
 8 files changed, 249 insertions(+), 6 deletions(-)
 create mode 100644 app/Http/Controllers/API/ServiceController.php

diff --git a/app/Http/Controllers/API/LocationController.php b/app/Http/Controllers/API/LocationController.php
index 0fdfea47a..1671337b8 100644
--- a/app/Http/Controllers/API/LocationController.php
+++ b/app/Http/Controllers/API/LocationController.php
@@ -2,6 +2,7 @@
 
 namespace Pterodactyl\Http\Controllers\API;
 
+use DB;
 use Illuminate\Http\Request;
 use Pterodactyl\Models\Location;
 
@@ -27,7 +28,16 @@ class LocationController extends BaseController
      */
     public function getLocations(Request $request)
     {
-        return Location::all();
+        $locations = Location::select('locations.*', DB::raw('GROUP_CONCAT(nodes.id) as nodes'))
+            ->join('nodes', 'locations.id', '=', 'nodes.location')
+            ->groupBy('locations.id')
+            ->get();
+
+        foreach($locations as &$location) {
+            $location->nodes = explode(',', $location->nodes);
+        }
+
+        return $locations;
     }
 
 }
diff --git a/app/Http/Controllers/API/NodeController.php b/app/Http/Controllers/API/NodeController.php
index 30b78580d..71580e4e4 100644
--- a/app/Http/Controllers/API/NodeController.php
+++ b/app/Http/Controllers/API/NodeController.php
@@ -40,7 +40,7 @@ class NodeController extends BaseController
      */
     public function getNodes(Request $request)
     {
-        $nodes = Models\Node::paginate(15);
+        $nodes = Models\Node::paginate(50);
         return $this->response->paginator($nodes, new NodeTransformer);
     }
 
@@ -151,4 +151,27 @@ class NodeController extends BaseController
         return $allocations;
     }
 
+    /**
+     * Delete Node
+     *
+     * @Delete("/nodes/{id}")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("id", type="integer", required=true, description="The ID of the node."),
+     * })
+     * @Response(204)
+     */
+    public function deleteNode(Request $request, $id)
+    {
+        try {
+            $node = new NodeRepository;
+            $node->delete($id);
+            return $this->response->noContent();
+        } catch (DisplayException $ex) {
+            throw new ResourceException($ex->getMessage());
+        } catch(\Exception $e) {
+            throw new ServiceUnavailableHttpException('An error occured while attempting to delete this node.');
+        }
+    }
+
 }
diff --git a/app/Http/Controllers/API/ServerController.php b/app/Http/Controllers/API/ServerController.php
index 4417bb67c..ab2f1b3b5 100644
--- a/app/Http/Controllers/API/ServerController.php
+++ b/app/Http/Controllers/API/ServerController.php
@@ -40,16 +40,43 @@ class ServerController extends BaseController
      */
     public function getServers(Request $request)
     {
-        $servers = Models\Server::paginate(15);
+        $servers = Models\Server::paginate(50);
         return $this->response->paginator($servers, new ServerTransformer);
     }
 
+    /**
+    * Create Server
+    *
+    * @Post("/servers")
+    * @Versions({"v1"})
+    * @Parameters({
+    *      @Parameter("page", type="integer", description="The page of results to view.", default=1)
+    * })
+    * @Response(201)
+     */
+    public function postServer(Request $request)
+    {
+        try {
+            $server = new ServerRepository;
+            $new = $server->create($request->all());
+            return $this->response->created(route('api.servers.view', [
+                'id' => $new
+            ]));
+        } catch (DisplayValidationException $ex) {
+            throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
+        } catch (DisplayException $ex) {
+            throw new ResourceException($ex->getMessage());
+        } catch (\Exception $e) {
+            throw new BadRequestHttpException('There was an error while attempting to add this server to the system.');
+        }
+    }
+
     /**
      * List Specific Server
      *
      * Lists specific fields about a server or all fields pertaining to that server.
      *
-     * @Get("/servers/{id}/{fields}")
+     * @Get("/servers/{id}{?fields}")
      * @Versions({"v1"})
      * @Parameters({
      *      @Parameter("id", type="integer", required=true, description="The ID of the server to get information on."),
@@ -81,4 +108,72 @@ class ServerController extends BaseController
         }
     }
 
+    /**
+     * Suspend Server
+     *
+     * @Post("/servers/{id}/suspend")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("id", type="integer", required=true, description="The ID of the server."),
+     * })
+     * @Response(204)
+     */
+    public function postServerSuspend(Request $request, $id)
+    {
+        try {
+            $server = new ServerRepository;
+            $server->suspend($id);
+        } catch (DisplayException $ex) {
+            throw new ResourceException($ex->getMessage());
+        } catch (\Exception $ex) {
+            throw new ServiceUnavailableHttpException('An error occured while attempting to suspend this server instance.');
+        }
+    }
+
+    /**
+     * Unsuspend Server
+     *
+     * @Post("/servers/{id}/unsuspend")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("id", type="integer", required=true, description="The ID of the server."),
+     * })
+     * @Response(204)
+     */
+    public function postServerUnsuspend(Request $request, $id)
+    {
+        try {
+            $server = new ServerRepository;
+            $server->unsuspend($id);
+        } catch (DisplayException $ex) {
+            throw new ResourceException($ex->getMessage());
+        } catch (\Exception $ex) {
+            throw new ServiceUnavailableHttpException('An error occured while attempting to unsuspend this server instance.');
+        }
+    }
+
+    /**
+     * Delete Server
+     *
+     * @Delete("/servers/{id}/{force}")
+     * @Versions({"v1"})
+     * @Parameters({
+     *      @Parameter("id", type="integer", required=true, description="The ID of the server."),
+     *      @Parameter("force", type="string", required=false, description="Use 'force' if the server should be removed regardless of daemon response."),
+     * })
+     * @Response(204)
+     */
+    public function deleteServer(Request $request, $id, $force = null)
+    {
+        try {
+            $server = new ServerRepository;
+            $server->deleteServer($id, $force);
+            return $this->response->noContent();
+        } catch (DisplayException $ex) {
+            throw new ResourceException($ex->getMessage());
+        } catch(\Exception $e) {
+            throw new ServiceUnavailableHttpException('An error occured while attempting to delete this server.');
+        }
+    }
+
 }
diff --git a/app/Http/Controllers/API/ServiceController.php b/app/Http/Controllers/API/ServiceController.php
new file mode 100644
index 000000000..cd0ac1202
--- /dev/null
+++ b/app/Http/Controllers/API/ServiceController.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use Illuminate\Http\Request;
+
+use Pterodactyl\Models;
+use Pterodactyl\Transformers\ServiceTransformer;
+
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+/**
+ * @Resource("Services")
+ */
+class ServiceController extends BaseController
+{
+
+    public function __construct()
+    {
+        //
+    }
+
+    public function getServices(Request $request)
+    {
+        return Models\Service::all();
+    }
+
+    public function getService(Request $request, $id)
+    {
+        $service = Models\Service::find($id);
+        if (!$service) {
+            throw new NotFoundHttpException('No service by that ID was found.');
+        }
+
+        $options = Models\ServiceOptions::select('id', 'name', 'description', 'tag', 'docker_image')->where('parent_service', $service->id)->get();
+        foreach($options as &$opt) {
+            $opt->variables = Models\ServiceVariables::where('option_id', $opt->id)->get();
+        }
+
+        return [
+            'service' => $service,
+            'options' => $options
+        ];
+
+    }
+
+}
diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 12c9e8167..db63b44d3 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -36,7 +36,7 @@ class UserController extends BaseController
      */
     public function getUsers(Request $request)
     {
-        $users = Models\User::paginate(15);
+        $users = Models\User::paginate(50);
         return $this->response->paginator($users, new UserTransformer);
     }
 
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
index a0e715cb5..7178fc4d8 100644
--- a/app/Http/Routes/APIRoutes.php
+++ b/app/Http/Routes/APIRoutes.php
@@ -49,11 +49,31 @@ class APIRoutes
                 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@getServers'
             ]);
 
+            $api->post('servers', [
+                'as' => 'api.servers.post',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@postServer'
+            ]);
+
             $api->get('servers/{id}', [
                 'as' => 'api.servers.view',
                 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@getServer'
             ]);
 
+            $api->post('servers/{id}/suspend', [
+                'as' => 'api.servers.suspend',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@postServerSuspend'
+            ]);
+
+            $api->post('servers/{id}/unsuspend', [
+                'as' => 'api.servers.unsuspend',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@postServerUnsuspend'
+            ]);
+
+            $api->delete('servers/{id}/{force?}', [
+                'as' => 'api.servers.delete',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@deleteServer'
+            ]);
+
             /**
              * Node Routes
              */
@@ -73,10 +93,15 @@ class APIRoutes
             ]);
 
             $api->get('nodes/{id}/allocations', [
-                'as' => 'api.nodes.view',
+                'as' => 'api.nodes.view_allocations',
                 'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@getNodeAllocations'
             ]);
 
+            $api->delete('nodes/{id}', [
+                'as' => 'api.nodes.view',
+                'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@deleteNode'
+            ]);
+
             /**
              * Location Routes
              */
@@ -85,6 +110,19 @@ class APIRoutes
                 'uses' => 'Pterodactyl\Http\Controllers\API\LocationController@getLocations'
             ]);
 
+            /**
+             * Service Routes
+             */
+            $api->get('services', [
+                'as' => 'api.services',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@getServices'
+            ]);
+
+            $api->get('services/{id}', [
+                'as' => 'api.services.view',
+                'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@getService'
+            ]);
+
         });
     }
 
diff --git a/app/Repositories/NodeRepository.php b/app/Repositories/NodeRepository.php
index 5611cc260..368a3dae0 100644
--- a/app/Repositories/NodeRepository.php
+++ b/app/Repositories/NodeRepository.php
@@ -183,4 +183,10 @@ class NodeRepository {
         }
     }
 
+    public function delete($id)
+    {
+        // @TODO: add logic;
+        return true;
+    }
+
 }
diff --git a/app/Repositories/ServerRepository.php b/app/Repositories/ServerRepository.php
index 4b8f292db..6587fe5cb 100644
--- a/app/Repositories/ServerRepository.php
+++ b/app/Repositories/ServerRepository.php
@@ -685,4 +685,28 @@ class ServerRepository
         return $server->save();
     }
 
+    /**
+     * Suspends a server instance making it unable to be booted or used by a user.
+     * @param  integer $id
+     * @return boolean
+     */
+    public function suspend($id)
+    {
+        // @TODO: Implement logic; not doing it now since that is outside of the
+        // scope of this API brance.
+        return true;
+    }
+
+    /**
+     * Unsuspends a server instance.
+     * @param  integer $id
+     * @return boolean
+     */
+    public function unsuspend($id)
+    {
+        // @TODO: Implement logic; not doing it now since that is outside of the
+        // scope of this API brance.
+        return true;
+    }
+
 }

From 0389f1417dec02236cfb719570507383a2f96d62 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sat, 16 Jan 2016 00:31:10 -0500
Subject: [PATCH 14/14] Fully remove JWT

---
 .env.example   |   1 -
 composer.json  |   3 +-
 config/app.php |   3 -
 config/jwt.php | 168 -------------------------------------------------
 4 files changed, 1 insertion(+), 174 deletions(-)
 delete mode 100644 config/jwt.php

diff --git a/.env.example b/.env.example
index e282046f9..6665c4b1a 100644
--- a/.env.example
+++ b/.env.example
@@ -1,7 +1,6 @@
 APP_ENV=local
 APP_DEBUG=true
 APP_KEY=SomeRandomString
-JWT_SECRET=ChangeMe
 
 DB_HOST=localhost
 DB_PORT=3306
diff --git a/composer.json b/composer.json
index d56ce983f..ab9e728ff 100644
--- a/composer.json
+++ b/composer.json
@@ -14,8 +14,7 @@
         "pragmarx/google2fa": "^0.7.1",
         "webpatser/laravel-uuid": "^2.0",
         "prologue/alerts": "^0.4.0",
-        "s1lentium/iptools": "^1.0",
-        "tymon/jwt-auth": "^0.5.6"
+        "s1lentium/iptools": "^1.0"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.4",
diff --git a/config/app.php b/config/app.php
index aa29a7be3..c054c592d 100644
--- a/config/app.php
+++ b/config/app.php
@@ -113,7 +113,6 @@ return [
     'providers' => [
 
         Dingo\Api\Provider\LaravelServiceProvider::class,
-        Tymon\JWTAuth\Providers\JWTAuthServiceProvider::class,
 
         /*
          * Laravel Framework Service Providers...
@@ -192,8 +191,6 @@ return [
         'Hash'      => Illuminate\Support\Facades\Hash::class,
         'Input'     => Illuminate\Support\Facades\Input::class,
         'Inspiring' => Illuminate\Foundation\Inspiring::class,
-        'JWTAuth'   => Tymon\JWTAuth\Facades\JWTAuth::class,
-        'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class,
         'Lang'      => Illuminate\Support\Facades\Lang::class,
         'Log'       => Illuminate\Support\Facades\Log::class,
         'Mail'      => Illuminate\Support\Facades\Mail::class,
diff --git a/config/jwt.php b/config/jwt.php
deleted file mode 100644
index 7c1101320..000000000
--- a/config/jwt.php
+++ /dev/null
@@ -1,168 +0,0 @@
-<?php
-
-return [
-
-    /*
-    |--------------------------------------------------------------------------
-    | JWT Authentication Secret
-    |--------------------------------------------------------------------------
-    |
-    | Don't forget to set this, as it will be used to sign your tokens.
-    | A helper command is provided for this: `php artisan jwt:generate`
-    |
-    */
-
-    'secret' => env('JWT_SECRET', 'changeme'),
-
-    /*
-    |--------------------------------------------------------------------------
-    | JWT time to live
-    |--------------------------------------------------------------------------
-    |
-    | Specify the length of time (in minutes) that the token will be valid for.
-    | Defaults to 1 hour
-    |
-    */
-
-    'ttl' => 60,
-
-    /*
-    |--------------------------------------------------------------------------
-    | Refresh time to live
-    |--------------------------------------------------------------------------
-    |
-    | Specify the length of time (in minutes) that the token can be refreshed
-    | within. I.E. The user can refresh their token within a 2 week window of
-    | the original token being created until they must re-authenticate.
-    | Defaults to 2 weeks
-    |
-    */
-
-    'refresh_ttl' => 20160,
-
-    /*
-    |--------------------------------------------------------------------------
-    | JWT hashing algorithm
-    |--------------------------------------------------------------------------
-    |
-    | Specify the hashing algorithm that will be used to sign the token.
-    |
-    | See here: https://github.com/namshi/jose/tree/2.2.0/src/Namshi/JOSE/Signer
-    | for possible values
-    |
-    */
-
-    'algo' => 'HS256',
-
-    /*
-    |--------------------------------------------------------------------------
-    | User Model namespace
-    |--------------------------------------------------------------------------
-    |
-    | Specify the full namespace to your User model.
-    | e.g. 'Acme\Entities\User'
-    |
-    */
-
-    'user' => 'Pterodactyl\Models\User',
-
-    /*
-    |--------------------------------------------------------------------------
-    | User identifier
-    |--------------------------------------------------------------------------
-    |
-    | Specify a unique property of the user that will be added as the 'sub'
-    | claim of the token payload.
-    |
-    */
-
-    'identifier' => 'id',
-
-    /*
-    |--------------------------------------------------------------------------
-    | Required Claims
-    |--------------------------------------------------------------------------
-    |
-    | Specify the required claims that must exist in any token.
-    | A TokenInvalidException will be thrown if any of these claims are not
-    | present in the payload.
-    |
-    */
-
-    'required_claims' => ['iss', 'iat', 'exp', 'nbf', 'sub', 'jti'],
-
-    /*
-    |--------------------------------------------------------------------------
-    | Blacklist Enabled
-    |--------------------------------------------------------------------------
-    |
-    | In order to invalidate tokens, you must have the the blacklist enabled.
-    | If you do not want or need this functionality, then set this to false.
-    |
-    */
-
-    'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
-
-    /*
-    |--------------------------------------------------------------------------
-    | Providers
-    |--------------------------------------------------------------------------
-    |
-    | Specify the various providers used throughout the package.
-    |
-    */
-
-    'providers' => [
-
-        /*
-        |--------------------------------------------------------------------------
-        | User Provider
-        |--------------------------------------------------------------------------
-        |
-        | Specify the provider that is used to find the user based
-        | on the subject claim
-        |
-        */
-
-        'user' => 'Tymon\JWTAuth\Providers\User\EloquentUserAdapter',
-
-        /*
-        |--------------------------------------------------------------------------
-        | JWT Provider
-        |--------------------------------------------------------------------------
-        |
-        | Specify the provider that is used to create and decode the tokens.
-        |
-        */
-
-        'jwt' => 'Tymon\JWTAuth\Providers\JWT\NamshiAdapter',
-
-        /*
-        |--------------------------------------------------------------------------
-        | Authentication Provider
-        |--------------------------------------------------------------------------
-        |
-        | Specify the provider that is used to authenticate users.
-        |
-        */
-
-        'auth' => function ($app) {
-            return new Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter($app['auth']);
-        },
-
-        /*
-        |--------------------------------------------------------------------------
-        | Storage Provider
-        |--------------------------------------------------------------------------
-        |
-        | Specify the provider that is used to store tokens in the blacklist
-        |
-        */
-
-        'storage' => function ($app) {
-            return new Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter($app['cache']);
-        }
-
-    ]
-
-];