Merge branch 'dane/sanctum' into v2
This commit is contained in:
commit
874e7afce3
253 changed files with 1480 additions and 3543 deletions
5
.gitignore
vendored
5
.gitignore
vendored
|
@ -46,7 +46,7 @@ yarn-error.log
|
|||
|
||||
# PHP
|
||||
/vendor
|
||||
.php_cs.cache
|
||||
.php-cs-fixer.cache
|
||||
.phpunit.result.cache
|
||||
_ide_helper.php
|
||||
_ide_helper_models.php
|
||||
|
@ -80,3 +80,6 @@ _ide_helper_models.php
|
|||
!.env.example
|
||||
.env*
|
||||
*.log
|
||||
_ide_helper_models.php
|
||||
_ide_helper.php
|
||||
.phpstorm.meta.php
|
||||
|
|
|
@ -21,7 +21,7 @@ return (new Config())
|
|||
'no_unreachable_default_argument_value' => true,
|
||||
'no_useless_return' => true,
|
||||
'ordered_imports' => [
|
||||
'sortAlgorithm' => 'length',
|
||||
'sort_algorithm' => 'length',
|
||||
],
|
||||
'phpdoc_align' => [
|
||||
'align' => 'left',
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Contracts\Http;
|
||||
|
||||
interface ClientPermissionsRequest
|
||||
{
|
||||
/**
|
||||
* Returns the permissions string indicating which permission should be used to
|
||||
* validate that the authenticated user has permission to perform this action aganist
|
||||
* the given resource (server).
|
||||
*/
|
||||
public function permission(): string;
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Contracts\Repository;
|
||||
|
||||
use Pterodactyl\Models\User;
|
||||
use Illuminate\Support\Collection;
|
||||
|
||||
interface ApiKeyRepositoryInterface extends RepositoryInterface
|
||||
{
|
||||
/**
|
||||
* Get all of the account API keys that exist for a specific user.
|
||||
*/
|
||||
public function getAccountKeys(User $user): Collection;
|
||||
|
||||
/**
|
||||
* Get all of the application API keys that exist for a specific user.
|
||||
*/
|
||||
public function getApplicationKeys(User $user): Collection;
|
||||
|
||||
/**
|
||||
* Delete an account API key from the panel for a specific user.
|
||||
*/
|
||||
public function deleteAccountKey(User $user, string $identifier): int;
|
||||
|
||||
/**
|
||||
* Delete an application API key from the panel for a specific user.
|
||||
*/
|
||||
public function deleteApplicationKey(User $user, string $identifier): int;
|
||||
}
|
|
@ -7,6 +7,7 @@ use Throwable;
|
|||
use PDOException;
|
||||
use Illuminate\Support\Arr;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Http\Response;
|
||||
use Swift_TransportException;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Support\Collection;
|
||||
|
@ -59,6 +60,16 @@ class Handler extends ExceptionHandler
|
|||
'password_confirmation',
|
||||
];
|
||||
|
||||
/**
|
||||
* Maps specific internal exceptions to a valid HTTP status code.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
protected static $statusCodeMap = [
|
||||
AuthenticationException::class => Response::HTTP_UNAUTHORIZED,
|
||||
ValidationException::class => Response::HTTP_UNPROCESSABLE_ENTITY,
|
||||
];
|
||||
|
||||
/**
|
||||
* Registers the exception handling callbacks for the application. This
|
||||
* will capture specific exception types that we do not want to include
|
||||
|
@ -191,7 +202,7 @@ class Handler extends ExceptionHandler
|
|||
'code' => class_basename($exception),
|
||||
'status' => method_exists($exception, 'getStatusCode')
|
||||
? strval($exception->getStatusCode())
|
||||
: ($exception instanceof ValidationException ? '422' : '500'),
|
||||
: strval(self::$statusCodeMap[get_class($exception)] ?? 500),
|
||||
'detail' => $exception instanceof HttpExceptionInterface
|
||||
? $exception->getMessage()
|
||||
: 'An unexpected error was encountered while processing this request, please try again.',
|
||||
|
@ -212,6 +223,7 @@ class Handler extends ExceptionHandler
|
|||
'file' => str_replace(Application::getInstance()->basePath(), '', $exception->getFile()),
|
||||
],
|
||||
'meta' => [
|
||||
'class' => get_class($exception),
|
||||
'trace' => explode("\n", $exception->getTraceAsString()),
|
||||
],
|
||||
]);
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Exceptions\Transformer;
|
||||
|
||||
use Pterodactyl\Exceptions\PterodactylException;
|
||||
|
||||
class InvalidTransformerLevelException extends PterodactylException
|
||||
{
|
||||
}
|
23
app/Extensions/Laravel/Sanctum/NewAccessToken.php
Normal file
23
app/Extensions/Laravel/Sanctum/NewAccessToken.php
Normal file
|
@ -0,0 +1,23 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Extensions\Laravel\Sanctum;
|
||||
|
||||
use Pterodactyl\Models\PersonalAccessToken;
|
||||
use Laravel\Sanctum\NewAccessToken as SanctumAccessToken;
|
||||
|
||||
/**
|
||||
* @property \Pterodactyl\Models\PersonalAccessToken $accessToken
|
||||
*/
|
||||
class NewAccessToken extends SanctumAccessToken
|
||||
{
|
||||
/**
|
||||
* NewAccessToken constructor.
|
||||
*
|
||||
* @noinspection PhpMissingParentConstructorInspection
|
||||
*/
|
||||
public function __construct(PersonalAccessToken $accessToken, string $plainTextToken)
|
||||
{
|
||||
$this->accessToken = $accessToken;
|
||||
$this->plainTextToken = $plainTextToken;
|
||||
}
|
||||
}
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Extensions\Spatie\Fractalistic;
|
||||
|
||||
use League\Fractal\TransformerAbstract;
|
||||
use Spatie\Fractal\Fractal as SpatieFractal;
|
||||
use Pterodactyl\Transformers\Api\Transformer;
|
||||
use Illuminate\Contracts\Pagination\LengthAwarePaginator;
|
||||
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
|
||||
use Pterodactyl\Extensions\League\Fractal\Serializers\PterodactylSerializer;
|
||||
|
@ -33,12 +33,9 @@ class Fractal extends SpatieFractal
|
|||
|
||||
// If the resource name is not set attempt to pull it off the transformer
|
||||
// itself and set it automatically.
|
||||
if (
|
||||
is_null($this->resourceName)
|
||||
&& $this->transformer instanceof TransformerAbstract
|
||||
&& method_exists($this->transformer, 'getResourceName')
|
||||
) {
|
||||
$this->resourceName = $this->transformer->getResourceName();
|
||||
$class = is_string($this->transformer) ? new $this->transformer() : $this->transformer;
|
||||
if (is_null($this->resourceName) && $class instanceof Transformer) {
|
||||
$this->resourceName = $class->getResourceName();
|
||||
}
|
||||
|
||||
return parent::createData();
|
||||
|
|
|
@ -9,8 +9,6 @@ class BaseController extends Controller
|
|||
{
|
||||
/**
|
||||
* Return the admin index view.
|
||||
*
|
||||
* @return \Illuminate\View\View
|
||||
*/
|
||||
public function index(): View
|
||||
{
|
||||
|
|
|
@ -3,17 +3,16 @@
|
|||
namespace Pterodactyl\Http\Controllers\Api\Application;
|
||||
|
||||
use Illuminate\Http\Request;
|
||||
use Webmozart\Assert\Assert;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Support\Collection;
|
||||
use Illuminate\Container\Container;
|
||||
use Pterodactyl\Http\Controllers\Controller;
|
||||
use Pterodactyl\Extensions\Spatie\Fractalistic\Fractal;
|
||||
use Pterodactyl\Transformers\Api\Application\BaseTransformer;
|
||||
|
||||
abstract class ApplicationApiController extends Controller
|
||||
{
|
||||
protected Request $request;
|
||||
|
||||
protected Fractal $fractal;
|
||||
|
||||
/**
|
||||
|
@ -45,25 +44,6 @@ abstract class ApplicationApiController extends Controller
|
|||
$this->request = $request;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return an instance of an application transformer.
|
||||
*
|
||||
* @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
|
||||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function getTransformer(string $abstract)
|
||||
{
|
||||
/** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
|
||||
$transformer = Container::getInstance()->make($abstract);
|
||||
$transformer->setRootAdmin($this->request->user()->root_admin);
|
||||
$transformer->setKey($this->request->attributes->get('api_key'));
|
||||
|
||||
Assert::isInstanceOf($transformer, BaseTransformer::class);
|
||||
|
||||
return $transformer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a HTTP/201 response for the API.
|
||||
*/
|
||||
|
|
|
@ -51,7 +51,7 @@ class DatabaseController extends ApplicationApiController
|
|||
->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($databases)
|
||||
->transformWith($this->getTransformer(DatabaseHostTransformer::class))
|
||||
->transformWith(DatabaseHostTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -63,7 +63,7 @@ class DatabaseController extends ApplicationApiController
|
|||
public function view(GetDatabaseRequest $request, DatabaseHost $databaseHost): array
|
||||
{
|
||||
return $this->fractal->item($databaseHost)
|
||||
->transformWith($this->getTransformer(DatabaseHostTransformer::class))
|
||||
->transformWith(DatabaseHostTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -77,7 +77,7 @@ class DatabaseController extends ApplicationApiController
|
|||
$databaseHost = $this->creationService->handle($request->validated());
|
||||
|
||||
return $this->fractal->item($databaseHost)
|
||||
->transformWith($this->getTransformer(DatabaseHostTransformer::class))
|
||||
->transformWith(DatabaseHostTransformer::class)
|
||||
->respond(JsonResponse::HTTP_CREATED);
|
||||
}
|
||||
|
||||
|
@ -91,7 +91,7 @@ class DatabaseController extends ApplicationApiController
|
|||
$databaseHost = $this->updateService->handle($databaseHost->id, $request->validated());
|
||||
|
||||
return $this->fractal->item($databaseHost)
|
||||
->transformWith($this->getTransformer(DatabaseHostTransformer::class))
|
||||
->transformWith(DatabaseHostTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ class EggController extends ApplicationApiController
|
|||
}
|
||||
|
||||
return $this->fractal->collection($eggs)
|
||||
->transformWith($this->getTransformer(EggTransformer::class))
|
||||
->transformWith(EggTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -64,7 +64,7 @@ class EggController extends ApplicationApiController
|
|||
public function view(GetEggRequest $request, Egg $egg): array
|
||||
{
|
||||
return $this->fractal->item($egg)
|
||||
->transformWith($this->getTransformer(EggTransformer::class))
|
||||
->transformWith(EggTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -78,7 +78,7 @@ class EggController extends ApplicationApiController
|
|||
$egg = Egg::query()->create($request->validated());
|
||||
|
||||
return $this->fractal->item($egg)
|
||||
->transformWith($this->getTransformer(EggTransformer::class))
|
||||
->transformWith(EggTransformer::class)
|
||||
->respond(JsonResponse::HTTP_CREATED);
|
||||
}
|
||||
|
||||
|
@ -92,7 +92,7 @@ class EggController extends ApplicationApiController
|
|||
$egg->update($request->validated());
|
||||
|
||||
return $this->fractal->item($egg)
|
||||
->transformWith($this->getTransformer(EggTransformer::class))
|
||||
->transformWith(EggTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -57,7 +57,7 @@ class LocationController extends ApplicationApiController
|
|||
->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($locations)
|
||||
->transformWith($this->getTransformer(LocationTransformer::class))
|
||||
->transformWith(LocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -69,7 +69,7 @@ class LocationController extends ApplicationApiController
|
|||
public function view(GetLocationRequest $request, Location $location): array
|
||||
{
|
||||
return $this->fractal->item($location)
|
||||
->transformWith($this->getTransformer(LocationTransformer::class))
|
||||
->transformWith(LocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -85,7 +85,7 @@ class LocationController extends ApplicationApiController
|
|||
$location = $this->creationService->handle($request->validated());
|
||||
|
||||
return $this->fractal->item($location)
|
||||
->transformWith($this->getTransformer(LocationTransformer::class))
|
||||
->transformWith(LocationTransformer::class)
|
||||
->addMeta([
|
||||
'resource' => route('api.application.locations.view', [
|
||||
'location' => $location->id,
|
||||
|
@ -106,7 +106,7 @@ class LocationController extends ApplicationApiController
|
|||
$location = $this->updateService->handle($location, $request->validated());
|
||||
|
||||
return $this->fractal->item($location)
|
||||
->transformWith($this->getTransformer(LocationTransformer::class))
|
||||
->transformWith(LocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Controllers\Api\Application\Mounts;
|
||||
|
||||
use Pterodactyl\Models\Mount;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Mount;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Spatie\QueryBuilder\QueryBuilder;
|
||||
use Pterodactyl\Transformers\Api\Application\MountTransformer;
|
||||
|
@ -45,7 +45,7 @@ class MountController extends ApplicationApiController
|
|||
->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($mounts)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -57,7 +57,7 @@ class MountController extends ApplicationApiController
|
|||
public function view(GetMountRequest $request, Mount $mount): array
|
||||
{
|
||||
return $this->fractal->item($mount)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -71,7 +71,7 @@ class MountController extends ApplicationApiController
|
|||
$mount = Mount::query()->create($request->validated());
|
||||
|
||||
return $this->fractal->item($mount)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->respond(JsonResponse::HTTP_CREATED);
|
||||
}
|
||||
|
||||
|
@ -85,7 +85,7 @@ class MountController extends ApplicationApiController
|
|||
$mount->update($request->validated());
|
||||
|
||||
return $this->fractal->item($mount)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -116,7 +116,7 @@ class MountController extends ApplicationApiController
|
|||
}
|
||||
|
||||
return $this->fractal->item($mount)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -135,7 +135,7 @@ class MountController extends ApplicationApiController
|
|||
}
|
||||
|
||||
return $this->fractal->item($mount)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -154,7 +154,7 @@ class MountController extends ApplicationApiController
|
|||
}
|
||||
|
||||
return $this->fractal->item($mount)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -173,7 +173,7 @@ class MountController extends ApplicationApiController
|
|||
}
|
||||
|
||||
return $this->fractal->item($mount)
|
||||
->transformWith($this->getTransformer(MountTransformer::class))
|
||||
->transformWith(MountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ class NestController extends ApplicationApiController
|
|||
}
|
||||
|
||||
return $this->fractal->collection($nests)
|
||||
->transformWith($this->getTransformer(NestTransformer::class))
|
||||
->transformWith(NestTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -75,7 +75,7 @@ class NestController extends ApplicationApiController
|
|||
public function view(GetNestRequest $request, Nest $nest): array
|
||||
{
|
||||
return $this->fractal->item($nest)
|
||||
->transformWith($this->getTransformer(NestTransformer::class))
|
||||
->transformWith(NestTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -90,7 +90,7 @@ class NestController extends ApplicationApiController
|
|||
$nest = $this->nestCreationService->handle($request->validated());
|
||||
|
||||
return $this->fractal->item($nest)
|
||||
->transformWith($this->getTransformer(NestTransformer::class))
|
||||
->transformWith(NestTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -106,7 +106,7 @@ class NestController extends ApplicationApiController
|
|||
$this->nestUpdateService->handle($nest->id, $request->validated());
|
||||
|
||||
return $this->fractal->item($nest)
|
||||
->transformWith($this->getTransformer(NestTransformer::class))
|
||||
->transformWith(NestTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ class AllocationController extends ApplicationApiController
|
|||
$allocations = $node->allocations()->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($allocations)
|
||||
->transformWith($this->getTransformer(AllocationTransformer::class))
|
||||
->transformWith(AllocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ class NodeController extends ApplicationApiController
|
|||
->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($nodes)
|
||||
->transformWith($this->getTransformer(NodeTransformer::class))
|
||||
->transformWith(NodeTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -73,7 +73,7 @@ class NodeController extends ApplicationApiController
|
|||
public function view(GetNodeRequest $request, Node $node): array
|
||||
{
|
||||
return $this->fractal->item($node)
|
||||
->transformWith($this->getTransformer(NodeTransformer::class))
|
||||
->transformWith(NodeTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -89,7 +89,7 @@ class NodeController extends ApplicationApiController
|
|||
$node = $this->creationService->handle($request->validated());
|
||||
|
||||
return $this->fractal->item($node)
|
||||
->transformWith($this->getTransformer(NodeTransformer::class))
|
||||
->transformWith(NodeTransformer::class)
|
||||
->addMeta([
|
||||
'resource' => route('api.application.nodes.view', [
|
||||
'node' => $node->id,
|
||||
|
@ -112,7 +112,7 @@ class NodeController extends ApplicationApiController
|
|||
);
|
||||
|
||||
return $this->fractal->item($node)
|
||||
->transformWith($this->getTransformer(NodeTransformer::class))
|
||||
->transformWith(NodeTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ class NodeDeploymentController extends ApplicationApiController
|
|||
->handle($request->query('per_page'), $request->query('page'));
|
||||
|
||||
return $this->fractal->collection($nodes)
|
||||
->transformWith($this->getTransformer(NodeTransformer::class))
|
||||
->transformWith(NodeTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,8 +6,8 @@ use Illuminate\Http\Response;
|
|||
use Illuminate\Http\JsonResponse;
|
||||
use Pterodactyl\Models\AdminRole;
|
||||
use Spatie\QueryBuilder\QueryBuilder;
|
||||
use Pterodactyl\Transformers\Api\Application\AdminRoleTransformer;
|
||||
use Pterodactyl\Exceptions\Http\QueryValueOutOfRangeHttpException;
|
||||
use Pterodactyl\Transformers\Api\Application\AdminRoleTransformer;
|
||||
use Pterodactyl\Http\Requests\Api\Application\Roles\GetRoleRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Application\Roles\GetRolesRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Application\Roles\StoreRoleRequest;
|
||||
|
@ -43,7 +43,7 @@ class RoleController extends ApplicationApiController
|
|||
->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($roles)
|
||||
->transformWith($this->getTransformer(AdminRoleTransformer::class))
|
||||
->transformWith(AdminRoleTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ class RoleController extends ApplicationApiController
|
|||
public function view(GetRoleRequest $request, AdminRole $role): array
|
||||
{
|
||||
return $this->fractal->item($role)
|
||||
->transformWith($this->getTransformer(AdminRoleTransformer::class))
|
||||
->transformWith(AdminRoleTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -72,7 +72,7 @@ class RoleController extends ApplicationApiController
|
|||
$role = AdminRole::query()->create($data);
|
||||
|
||||
return $this->fractal->item($role)
|
||||
->transformWith($this->getTransformer(AdminRoleTransformer::class))
|
||||
->transformWith(AdminRoleTransformer::class)
|
||||
->respond(JsonResponse::HTTP_CREATED);
|
||||
}
|
||||
|
||||
|
@ -86,7 +86,7 @@ class RoleController extends ApplicationApiController
|
|||
$role->update($request->validated());
|
||||
|
||||
return $this->fractal->item($role)
|
||||
->transformWith($this->getTransformer(AdminRoleTransformer::class))
|
||||
->transformWith(AdminRoleTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ class DatabaseController extends ApplicationApiController
|
|||
public function index(GetServerDatabasesRequest $request, Server $server): array
|
||||
{
|
||||
return $this->fractal->collection($server->databases)
|
||||
->transformWith($this->getTransformer(ServerDatabaseTransformer::class))
|
||||
->transformWith(ServerDatabaseTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -58,7 +58,7 @@ class DatabaseController extends ApplicationApiController
|
|||
public function view(GetServerDatabaseRequest $request, Server $server, Database $database): array
|
||||
{
|
||||
return $this->fractal->item($database)
|
||||
->transformWith($this->getTransformer(ServerDatabaseTransformer::class))
|
||||
->transformWith(ServerDatabaseTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -86,7 +86,7 @@ class DatabaseController extends ApplicationApiController
|
|||
]));
|
||||
|
||||
return $this->fractal->item($database)
|
||||
->transformWith($this->getTransformer(ServerDatabaseTransformer::class))
|
||||
->transformWith(ServerDatabaseTransformer::class)
|
||||
->addMeta([
|
||||
'resource' => route('api.application.servers.databases.view', [
|
||||
'server' => $server->id,
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Controllers\Api\Application\Servers;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
|
||||
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
||||
use Pterodactyl\Http\Requests\Api\Application\Servers\GetExternalServerRequest;
|
||||
|
@ -13,10 +14,12 @@ class ExternalServerController extends ApplicationApiController
|
|||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function index(GetExternalServerRequest $request): array
|
||||
public function index(GetExternalServerRequest $request, string $external_id): array
|
||||
{
|
||||
return $this->fractal->item($request->getServerModel())
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
$server = Server::query()->where('external_id', $external_id)->firstOrFail();
|
||||
|
||||
return $this->fractal->item($server)
|
||||
->transformWith(ServerTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -52,7 +52,7 @@ class ServerController extends ApplicationApiController
|
|||
->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($servers)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->transformWith(ServerTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -71,7 +71,7 @@ class ServerController extends ApplicationApiController
|
|||
$server = $this->creationService->handle($request->validated(), $request->getDeploymentObject());
|
||||
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->transformWith(ServerTransformer::class)
|
||||
->respond(Response::HTTP_CREATED);
|
||||
}
|
||||
|
||||
|
@ -83,7 +83,7 @@ class ServerController extends ApplicationApiController
|
|||
public function view(GetServerRequest $request, Server $server): array
|
||||
{
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->transformWith(ServerTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ class ServerDetailsController extends ApplicationApiController
|
|||
);
|
||||
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->transformWith(ServerTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ class ServerDetailsController extends ApplicationApiController
|
|||
$server = $this->buildModificationService->handle($server, $request->validated());
|
||||
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->transformWith(ServerTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@ class StartupController extends ApplicationApiController
|
|||
->handle($server, $request->validated());
|
||||
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->transformWith(ServerTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Controllers\Api\Application\Users;
|
||||
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Transformers\Api\Application\UserTransformer;
|
||||
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
||||
use Pterodactyl\Http\Requests\Api\Application\Users\GetExternalUserRequest;
|
||||
|
@ -13,10 +14,12 @@ class ExternalUserController extends ApplicationApiController
|
|||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function index(GetExternalUserRequest $request): array
|
||||
public function index(GetExternalUserRequest $request, string $external_id): array
|
||||
{
|
||||
return $this->fractal->item($request->getUserModel())
|
||||
->transformWith($this->getTransformer(UserTransformer::class))
|
||||
$user = User::query()->where('external_id', $external_id)->firstOrFail();
|
||||
|
||||
return $this->fractal->item($user)
|
||||
->transformWith(UserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ class UserController extends ApplicationApiController
|
|||
->paginate($perPage);
|
||||
|
||||
return $this->fractal->collection($users)
|
||||
->transformWith($this->getTransformer(UserTransformer::class))
|
||||
->transformWith(UserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -76,7 +76,7 @@ class UserController extends ApplicationApiController
|
|||
public function view(GetUserRequest $request, User $user): array
|
||||
{
|
||||
return $this->fractal->item($user)
|
||||
->transformWith($this->getTransformer(UserTransformer::class))
|
||||
->transformWith(UserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -98,7 +98,7 @@ class UserController extends ApplicationApiController
|
|||
$user = $this->updateService->handle($user, $request->validated());
|
||||
|
||||
return $this->fractal->item($user)
|
||||
->transformWith($this->getTransformer(UserTransformer::class))
|
||||
->transformWith(UserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -114,7 +114,7 @@ class UserController extends ApplicationApiController
|
|||
$user = $this->creationService->handle($request->validated());
|
||||
|
||||
return $this->fractal->item($user)
|
||||
->transformWith($this->getTransformer(UserTransformer::class))
|
||||
->transformWith(UserTransformer::class)
|
||||
->addMeta([
|
||||
'resource' => route('api.application.users.view', [
|
||||
'user' => $user->id,
|
||||
|
|
|
@ -34,7 +34,7 @@ class AccountController extends ClientApiController
|
|||
public function index(Request $request): array
|
||||
{
|
||||
return $this->fractal->item($request->user())
|
||||
->transformWith($this->getTransformer(AccountTransformer::class))
|
||||
->transformWith(AccountTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -3,46 +3,22 @@
|
|||
namespace Pterodactyl\Http\Controllers\Api\Client;
|
||||
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
use Illuminate\Contracts\Encryption\Encrypter;
|
||||
use Pterodactyl\Services\Api\KeyCreationService;
|
||||
use Pterodactyl\Repositories\Eloquent\ApiKeyRepository;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Transformers\Api\Client\ApiKeyTransformer;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\AccountApiRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest;
|
||||
use Pterodactyl\Transformers\Api\Client\PersonalAccessTokenTransformer;
|
||||
|
||||
class ApiKeyController extends ClientApiController
|
||||
{
|
||||
private Encrypter $encrypter;
|
||||
private ApiKeyRepository $repository;
|
||||
private KeyCreationService $keyCreationService;
|
||||
|
||||
/**
|
||||
* ApiKeyController constructor.
|
||||
*/
|
||||
public function __construct(
|
||||
Encrypter $encrypter,
|
||||
ApiKeyRepository $repository,
|
||||
KeyCreationService $keyCreationService
|
||||
) {
|
||||
parent::__construct();
|
||||
|
||||
$this->encrypter = $encrypter;
|
||||
$this->repository = $repository;
|
||||
$this->keyCreationService = $keyCreationService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns all of the API keys that exist for the given client.
|
||||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function index(ClientApiRequest $request): array
|
||||
public function index(AccountApiRequest $request): array
|
||||
{
|
||||
return $this->fractal->collection($request->user()->apiKeys)
|
||||
->transformWith($this->getTransformer(ApiKeyTransformer::class))
|
||||
return $this->fractal->collection($request->user()->tokens)
|
||||
->transformWith(PersonalAccessTokenTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -50,25 +26,22 @@ class ApiKeyController extends ClientApiController
|
|||
* Store a new API key for a user's account.
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function store(StoreApiKeyRequest $request): array
|
||||
{
|
||||
if ($request->user()->apiKeys->count() >= 5) {
|
||||
if ($request->user()->tokens->count() >= 10) {
|
||||
throw new DisplayException('You have reached the account limit for number of API keys.');
|
||||
}
|
||||
|
||||
$key = $this->keyCreationService->setKeyType(ApiKey::TYPE_ACCOUNT)->handle([
|
||||
'user_id' => $request->user()->id,
|
||||
'memo' => $request->input('description'),
|
||||
'allowed_ips' => $request->input('allowed_ips') ?? [],
|
||||
]);
|
||||
// TODO: this should accept an array of different scopes to apply as permissions
|
||||
// for the token. Right now it allows any account level permission.
|
||||
$token = $request->user()->createToken($request->input('description'));
|
||||
|
||||
return $this->fractal->item($key)
|
||||
->transformWith($this->getTransformer(ApiKeyTransformer::class))
|
||||
return $this->fractal->item($token->accessToken)
|
||||
->transformWith(PersonalAccessTokenTransformer::class)
|
||||
->addMeta([
|
||||
'secret_token' => $this->encrypter->decrypt($key->token),
|
||||
'secret_token' => $token->plainTextToken,
|
||||
])
|
||||
->toArray();
|
||||
}
|
||||
|
@ -76,17 +49,9 @@ class ApiKeyController extends ClientApiController
|
|||
/**
|
||||
* Deletes a given API key.
|
||||
*/
|
||||
public function delete(ClientApiRequest $request, string $identifier): Response
|
||||
public function delete(AccountApiRequest $request, string $id): Response
|
||||
{
|
||||
$response = $this->repository->deleteWhere([
|
||||
'key_type' => ApiKey::TYPE_ACCOUNT,
|
||||
'user_id' => $request->user()->id,
|
||||
'identifier' => $identifier,
|
||||
]);
|
||||
|
||||
if (!$response) {
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
$request->user()->tokens()->where('token_id', $id)->delete();
|
||||
|
||||
return $this->returnNoContent();
|
||||
}
|
||||
|
|
|
@ -2,10 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Http\Controllers\Api\Client;
|
||||
|
||||
use Webmozart\Assert\Assert;
|
||||
use Illuminate\Container\Container;
|
||||
use Pterodactyl\Transformers\Daemon\BaseDaemonTransformer;
|
||||
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
|
||||
use Pterodactyl\Transformers\Api\Transformer;
|
||||
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
||||
|
||||
abstract class ClientApiController extends ApplicationApiController
|
||||
|
@ -15,7 +12,7 @@ abstract class ClientApiController extends ApplicationApiController
|
|||
*
|
||||
* @return string[]
|
||||
*/
|
||||
protected function getIncludesForTransformer(BaseClientTransformer $transformer, array $merge = []): array
|
||||
protected function getIncludesForTransformer(Transformer $transformer, array $merge = []): array
|
||||
{
|
||||
$filtered = array_filter($this->parseIncludes(), function ($datum) use ($transformer) {
|
||||
return in_array($datum, $transformer->getAvailableIncludes());
|
||||
|
@ -41,28 +38,4 @@ abstract class ClientApiController extends ApplicationApiController
|
|||
return trim($item);
|
||||
}, explode(',', $includes));
|
||||
}
|
||||
|
||||
/**
|
||||
* Return an instance of an application transformer.
|
||||
*
|
||||
* @return \Pterodactyl\Transformers\Api\Client\BaseClientTransformer
|
||||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function getTransformer(string $abstract)
|
||||
{
|
||||
/** @var \Pterodactyl\Transformers\Api\Client\BaseClientTransformer $transformer */
|
||||
$transformer = Container::getInstance()->make($abstract);
|
||||
Assert::isInstanceOfAny($transformer, [
|
||||
BaseClientTransformer::class,
|
||||
BaseDaemonTransformer::class,
|
||||
]);
|
||||
|
||||
if ($transformer instanceof BaseClientTransformer) {
|
||||
$transformer->setKey($this->request->attributes->get('api_key'));
|
||||
$transformer->setUser($this->request->user());
|
||||
}
|
||||
|
||||
return $transformer;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -34,11 +34,10 @@ class ClientController extends ClientApiController
|
|||
public function index(GetServersRequest $request): array
|
||||
{
|
||||
$user = $request->user();
|
||||
$transformer = $this->getTransformer(ServerTransformer::class);
|
||||
|
||||
// Start the query builder and ensure we eager load any requested relationships from the request.
|
||||
$builder = QueryBuilder::for(
|
||||
Server::query()->with($this->getIncludesForTransformer($transformer, ['node']))
|
||||
Server::query()->with($this->getIncludesForTransformer(new ServerTransformer(), ['node']))
|
||||
)->allowedFilters([
|
||||
'uuid',
|
||||
'name',
|
||||
|
@ -69,7 +68,7 @@ class ClientController extends ClientApiController
|
|||
|
||||
$servers = $builder->paginate(min($request->query('per_page', 50), 100))->appends($request->query());
|
||||
|
||||
return $this->fractal->transformWith($transformer)->collection($servers)->toArray();
|
||||
return $this->fractal->transformWith(new ServerTransformer())->collection($servers)->toArray();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -20,13 +20,12 @@ class SSHKeyController extends ClientApiController
|
|||
public function index(Request $request): \Pterodactyl\Extensions\Spatie\Fractalistic\Fractal
|
||||
{
|
||||
return $this->fractal->collection(UserSSHKey::query()->where('user_id', '=', $request->user()->id)->get())
|
||||
->transformWith($this->getTransformer(UserSSHKeyTransformer::class));
|
||||
->transformWith(UserSSHKeyTransformer::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* ?
|
||||
*
|
||||
* @return JsonResponse
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
*/
|
||||
|
@ -42,7 +41,7 @@ class SSHKeyController extends ClientApiController
|
|||
$key = UserSSHKey::query()->create($data);
|
||||
|
||||
return $this->fractal->item($key)
|
||||
->transformWith($this->getTransformer(UserSSHKeyTransformer::class))
|
||||
->transformWith(UserSSHKeyTransformer::class)
|
||||
->respond(JsonResponse::HTTP_CREATED);
|
||||
}
|
||||
|
||||
|
|
|
@ -12,8 +12,8 @@ use Pterodactyl\Models\Permission;
|
|||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Pterodactyl\Services\Backups\DeleteBackupService;
|
||||
use Pterodactyl\Services\Backups\DownloadLinkService;
|
||||
use Pterodactyl\Services\Backups\InitiateBackupService;
|
||||
use Pterodactyl\Repositories\Eloquent\BackupRepository;
|
||||
use Pterodactyl\Services\Backups\InitiateBackupService;
|
||||
use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
|
||||
use Pterodactyl\Transformers\Api\Client\BackupTransformer;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
|
@ -63,7 +63,7 @@ class BackupController extends ClientApiController
|
|||
$limit = min($request->query('per_page') ?? 20, 50);
|
||||
|
||||
return $this->fractal->collection($server->backups()->paginate($limit))
|
||||
->transformWith($this->getTransformer(BackupTransformer::class))
|
||||
->transformWith(BackupTransformer::class)
|
||||
->addMeta([
|
||||
'backup_count' => $this->repository->getNonFailedBackups($server)->count(),
|
||||
])
|
||||
|
@ -100,7 +100,7 @@ class BackupController extends ClientApiController
|
|||
});
|
||||
|
||||
return $this->fractal->item($backup)
|
||||
->transformWith($this->getTransformer(BackupTransformer::class))
|
||||
->transformWith(BackupTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -126,7 +126,7 @@ class BackupController extends ClientApiController
|
|||
$backup->refresh();
|
||||
|
||||
return $this->fractal->item($backup)
|
||||
->transformWith($this->getTransformer(BackupTransformer::class))
|
||||
->transformWith(BackupTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -142,7 +142,7 @@ class BackupController extends ClientApiController
|
|||
}
|
||||
|
||||
return $this->fractal->item($backup)
|
||||
->transformWith($this->getTransformer(BackupTransformer::class))
|
||||
->transformWith(BackupTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ class DatabaseController extends ClientApiController
|
|||
public function index(GetDatabasesRequest $request, Server $server): array
|
||||
{
|
||||
return $this->fractal->collection($server->databases)
|
||||
->transformWith($this->getTransformer(DatabaseTransformer::class))
|
||||
->transformWith(DatabaseTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -65,7 +65,7 @@ class DatabaseController extends ClientApiController
|
|||
|
||||
return $this->fractal->item($database)
|
||||
->parseIncludes(['password'])
|
||||
->transformWith($this->getTransformer(DatabaseTransformer::class))
|
||||
->transformWith(DatabaseTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -82,7 +82,7 @@ class DatabaseController extends ClientApiController
|
|||
|
||||
return $this->fractal->item($database)
|
||||
->parseIncludes(['password'])
|
||||
->transformWith($this->getTransformer(DatabaseTransformer::class))
|
||||
->transformWith(DatabaseTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -57,7 +57,7 @@ class FileController extends ClientApiController
|
|||
->getDirectory($request->get('directory') ?? '/');
|
||||
|
||||
return $this->fractal->collection($contents)
|
||||
->transformWith($this->getTransformer(FileObjectTransformer::class))
|
||||
->transformWith(FileObjectTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -202,7 +202,7 @@ class FileController extends ClientApiController
|
|||
});
|
||||
|
||||
return $this->fractal->item($file)
|
||||
->transformWith($this->getTransformer(FileObjectTransformer::class))
|
||||
->transformWith(FileObjectTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ class NetworkAllocationController extends ClientApiController
|
|||
public function index(GetNetworkRequest $request, Server $server): array
|
||||
{
|
||||
return $this->fractal->collection($server->allocations)
|
||||
->transformWith($this->getTransformer(AllocationTransformer::class))
|
||||
->transformWith(AllocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -65,7 +65,7 @@ class NetworkAllocationController extends ClientApiController
|
|||
]);
|
||||
|
||||
return $this->fractal->item($allocation)
|
||||
->transformWith($this->getTransformer(AllocationTransformer::class))
|
||||
->transformWith(AllocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -81,7 +81,7 @@ class NetworkAllocationController extends ClientApiController
|
|||
$this->serverRepository->update($server->id, ['allocation_id' => $allocation->id]);
|
||||
|
||||
return $this->fractal->item($allocation)
|
||||
->transformWith($this->getTransformer(AllocationTransformer::class))
|
||||
->transformWith(AllocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -100,7 +100,7 @@ class NetworkAllocationController extends ClientApiController
|
|||
$allocation = $this->assignableAllocationService->handle($server);
|
||||
|
||||
return $this->fractal->item($allocation)
|
||||
->transformWith($this->getTransformer(AllocationTransformer::class))
|
||||
->transformWith(AllocationTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ class ResourceUtilizationController extends ClientApiController
|
|||
});
|
||||
|
||||
return $this->fractal->item($stats)
|
||||
->transformWith($this->getTransformer(StatsTransformer::class))
|
||||
->transformWith(StatsTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,7 +14,6 @@ use Pterodactyl\Repositories\Eloquent\ScheduleRepository;
|
|||
use Pterodactyl\Services\Schedules\ProcessScheduleService;
|
||||
use Pterodactyl\Transformers\Api\Client\ScheduleTransformer;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\ViewScheduleRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\StoreScheduleRequest;
|
||||
|
@ -49,7 +48,7 @@ class ScheduleController extends ClientApiController
|
|||
$schedules->loadMissing('tasks');
|
||||
|
||||
return $this->fractal->collection($schedules)
|
||||
->transformWith($this->getTransformer(ScheduleTransformer::class))
|
||||
->transformWith(ScheduleTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -77,7 +76,7 @@ class ScheduleController extends ClientApiController
|
|||
]);
|
||||
|
||||
return $this->fractal->item($model)
|
||||
->transformWith($this->getTransformer(ScheduleTransformer::class))
|
||||
->transformWith(ScheduleTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -88,14 +87,10 @@ class ScheduleController extends ClientApiController
|
|||
*/
|
||||
public function view(ViewScheduleRequest $request, Server $server, Schedule $schedule): array
|
||||
{
|
||||
if ($schedule->server_id !== $server->id) {
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
$schedule->loadMissing('tasks');
|
||||
|
||||
return $this->fractal->item($schedule)
|
||||
->transformWith($this->getTransformer(ScheduleTransformer::class))
|
||||
->transformWith(ScheduleTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -134,7 +129,7 @@ class ScheduleController extends ClientApiController
|
|||
$this->repository->update($schedule->id, $data);
|
||||
|
||||
return $this->fractal->item($schedule->refresh())
|
||||
->transformWith($this->getTransformer(ScheduleTransformer::class))
|
||||
->transformWith(ScheduleTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
|
|
@ -6,15 +6,15 @@ use Pterodactyl\Models\Task;
|
|||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Schedule;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Repositories\Eloquent\TaskRepository;
|
||||
use Pterodactyl\Exceptions\Http\HttpForbiddenException;
|
||||
use Pterodactyl\Transformers\Api\Client\TaskTransformer;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
use Pterodactyl\Exceptions\Service\ServiceLimitExceededException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\StoreTaskRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\DeleteScheduleRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\UpdateScheduleRequest;
|
||||
|
||||
class ScheduleTaskController extends ClientApiController
|
||||
{
|
||||
|
@ -63,7 +63,7 @@ class ScheduleTaskController extends ClientApiController
|
|||
]);
|
||||
|
||||
return $this->fractal->item($task)
|
||||
->transformWith($this->getTransformer(TaskTransformer::class))
|
||||
->transformWith(TaskTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -93,7 +93,7 @@ class ScheduleTaskController extends ClientApiController
|
|||
]);
|
||||
|
||||
return $this->fractal->item($task->refresh())
|
||||
->transformWith($this->getTransformer(TaskTransformer::class))
|
||||
->transformWith(TaskTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -101,18 +101,14 @@ class ScheduleTaskController extends ClientApiController
|
|||
* Delete a given task for a schedule. If there are subsequent tasks stored in the database
|
||||
* for this schedule their sequence IDs are decremented properly.
|
||||
*
|
||||
* This uses the UpdateScheduleRequest intentionally -- there is no permission specific
|
||||
* to deleting a given task on a schedule, so we'll assume if you have permission to edit
|
||||
* a schedule that you can then remove a task from said schedule.
|
||||
*
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function delete(ClientApiRequest $request, Server $server, Schedule $schedule, Task $task): Response
|
||||
public function delete(DeleteScheduleRequest $request, Server $server, Schedule $schedule, Task $task): Response
|
||||
{
|
||||
if ($task->schedule_id !== $schedule->id || $schedule->server_id !== $server->id) {
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
if (!$request->user()->can(Permission::ACTION_SCHEDULE_UPDATE, $server)) {
|
||||
throw new HttpForbiddenException('You do not have permission to perform this action.');
|
||||
}
|
||||
|
||||
$schedule->tasks()->where('sequence_id', '>', $task->sequence_id)->update([
|
||||
'sequence_id' => $schedule->tasks()->getConnection()->raw('(sequence_id - 1)'),
|
||||
]);
|
||||
|
|
|
@ -34,7 +34,7 @@ class ServerController extends ClientApiController
|
|||
public function index(GetServerRequest $request, Server $server): array
|
||||
{
|
||||
return $this->fractal->item($server)
|
||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||
->transformWith(ServerTransformer::class)
|
||||
->addMeta([
|
||||
'is_server_owner' => $request->user()->id === $server->owner_id,
|
||||
'user_permissions' => $this->permissionsService->handle($server, $request->user()),
|
||||
|
|
|
@ -42,7 +42,7 @@ class StartupController extends ClientApiController
|
|||
return $this->fractal->collection(
|
||||
$server->variables()->where('user_viewable', true)->get()
|
||||
)
|
||||
->transformWith($this->getTransformer(EggVariableTransformer::class))
|
||||
->transformWith(EggVariableTransformer::class)
|
||||
->addMeta([
|
||||
'startup_command' => $startup,
|
||||
'docker_images' => $server->egg->docker_images,
|
||||
|
@ -86,7 +86,7 @@ class StartupController extends ClientApiController
|
|||
$startup = $this->startupCommandService->handle($server, false);
|
||||
|
||||
return $this->fractal->item($variable)
|
||||
->transformWith($this->getTransformer(EggVariableTransformer::class))
|
||||
->transformWith(EggVariableTransformer::class)
|
||||
->addMeta([
|
||||
'startup_command' => $startup,
|
||||
'raw_startup_command' => $server->startup,
|
||||
|
|
|
@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
|||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Subuser;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Pterodactyl\Repositories\Eloquent\SubuserRepository;
|
||||
|
@ -47,7 +48,7 @@ class SubuserController extends ClientApiController
|
|||
public function index(GetSubuserRequest $request, Server $server): array
|
||||
{
|
||||
return $this->fractal->collection($server->subusers)
|
||||
->transformWith($this->getTransformer(SubuserTransformer::class))
|
||||
->transformWith(SubuserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -56,12 +57,10 @@ class SubuserController extends ClientApiController
|
|||
*
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function view(GetSubuserRequest $request): array
|
||||
public function view(GetSubuserRequest $request, Server $server, Subuser $subuser): array
|
||||
{
|
||||
$subuser = $request->attributes->get('subuser');
|
||||
|
||||
return $this->fractal->item($subuser)
|
||||
->transformWith($this->getTransformer(SubuserTransformer::class))
|
||||
->transformWith(SubuserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -82,7 +81,7 @@ class SubuserController extends ClientApiController
|
|||
);
|
||||
|
||||
return $this->fractal->item($response)
|
||||
->transformWith($this->getTransformer(SubuserTransformer::class))
|
||||
->transformWith(SubuserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -93,11 +92,8 @@ class SubuserController extends ClientApiController
|
|||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||
*/
|
||||
public function update(UpdateSubuserRequest $request, Server $server): array
|
||||
public function update(UpdateSubuserRequest $request, Server $server, Subuser $subuser): array
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Subuser $subuser */
|
||||
$subuser = $request->attributes->get('subuser');
|
||||
|
||||
$permissions = $this->getDefaultPermissions($request);
|
||||
$current = $subuser->permissions;
|
||||
|
||||
|
@ -121,18 +117,15 @@ class SubuserController extends ClientApiController
|
|||
}
|
||||
|
||||
return $this->fractal->item($subuser->refresh())
|
||||
->transformWith($this->getTransformer(SubuserTransformer::class))
|
||||
->transformWith(SubuserTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes a subusers from a server's assignment.
|
||||
*/
|
||||
public function delete(DeleteSubuserRequest $request, Server $server): Response
|
||||
public function delete(DeleteSubuserRequest $request, Server $server, Subuser $subuser): Response
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Subuser $subuser */
|
||||
$subuser = $request->attributes->get('subuser');
|
||||
|
||||
$this->repository->delete($subuser->id);
|
||||
|
||||
try {
|
||||
|
|
|
@ -5,11 +5,10 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
|||
use Carbon\CarbonImmutable;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Services\Nodes\NodeJWTService;
|
||||
use Pterodactyl\Exceptions\Http\HttpForbiddenException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
||||
use Pterodactyl\Http\Requests\Api\Client\WebsocketTokenRequest;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
|
||||
class WebsocketController extends ClientApiController
|
||||
|
@ -36,14 +35,9 @@ class WebsocketController extends ClientApiController
|
|||
* allows us to continually renew this token and avoid users maintaining sessions wrongly,
|
||||
* as well as ensure that user's only perform actions they're allowed to.
|
||||
*/
|
||||
public function __invoke(ClientApiRequest $request, Server $server): JsonResponse
|
||||
public function __invoke(WebsocketTokenRequest $request, Server $server): JsonResponse
|
||||
{
|
||||
$user = $request->user();
|
||||
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
|
||||
throw new HttpForbiddenException('You do not have permission to connect to this server\'s websocket.');
|
||||
}
|
||||
|
||||
$permissions = $this->permissionsService->handle($server, $user);
|
||||
$permissions = $this->permissionsService->handle($server, $request->user());
|
||||
|
||||
$node = $server->node;
|
||||
if (!is_null($server->transfer)) {
|
||||
|
@ -65,7 +59,7 @@ class WebsocketController extends ClientApiController
|
|||
'server_uuid' => $server->uuid,
|
||||
'permissions' => $permissions,
|
||||
])
|
||||
->handle($node, $user->id . $server->uuid);
|
||||
->handle($node, $request->user()->id . $server->uuid);
|
||||
|
||||
$socket = str_replace(['https://', 'http://'], ['wss://', 'ws://'], $node->getConnectionAddress());
|
||||
|
||||
|
|
|
@ -55,8 +55,6 @@ class TwoFactorController extends ClientApiController
|
|||
/**
|
||||
* Updates a user's account to have two-factor enabled.
|
||||
*
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*
|
||||
* @throws \Throwable
|
||||
* @throws \Illuminate\Validation\ValidationException
|
||||
* @throws \PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException
|
||||
|
|
|
@ -5,8 +5,8 @@ namespace Pterodactyl\Http\Controllers\Api\Client;
|
|||
use Exception;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use LaravelWebauthn\Facades\Webauthn;
|
||||
use Pterodactyl\Models\WebauthnKey;
|
||||
use LaravelWebauthn\Facades\Webauthn;
|
||||
use Webauthn\PublicKeyCredentialCreationOptions;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Pterodactyl\Transformers\Api\Client\WebauthnKeyTransformer;
|
||||
|
@ -24,7 +24,7 @@ class WebauthnController extends ClientApiController
|
|||
public function index(Request $request): array
|
||||
{
|
||||
return $this->fractal->collection(WebauthnKey::query()->where('user_id', '=', $request->user()->id)->get())
|
||||
->transformWith($this->getTransformer(WebauthnKeyTransformer::class))
|
||||
->transformWith(WebauthnKeyTransformer::class)
|
||||
->toArray();
|
||||
}
|
||||
|
||||
|
@ -88,7 +88,7 @@ class WebauthnController extends ClientApiController
|
|||
);
|
||||
|
||||
return $this->fractal->item($webauthnKey)
|
||||
->transformWith($this->getTransformer(WebauthnKeyTransformer::class))
|
||||
->transformWith(WebauthnKeyTransformer::class)
|
||||
->toArray();
|
||||
} catch (Exception $e) {
|
||||
return new JsonResponse([
|
||||
|
|
|
@ -17,7 +17,6 @@ class LoginCheckpointController extends AbstractLoginController
|
|||
private Encrypter $encrypter;
|
||||
private Google2FA $google2FA;
|
||||
|
||||
|
||||
/**
|
||||
* LoginCheckpointController constructor.
|
||||
*/
|
||||
|
@ -51,6 +50,7 @@ class LoginCheckpointController extends AbstractLoginController
|
|||
{
|
||||
if ($this->hasTooManyLoginAttempts($request)) {
|
||||
$this->sendLockoutResponse($request);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -66,6 +66,7 @@ class LoginCheckpointController extends AbstractLoginController
|
|||
null,
|
||||
'The authentication token provided has expired, please refresh the page and try again.'
|
||||
);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -69,6 +69,7 @@ class LoginController extends AbstractLoginController
|
|||
if ($this->hasTooManyLoginAttempts($request)) {
|
||||
$this->fireLockoutEvent($request);
|
||||
$this->sendLockoutResponse($request);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -77,6 +78,7 @@ class LoginController extends AbstractLoginController
|
|||
$user = $this->repository->findFirstWhere([[$useColumn, '=', $username]]);
|
||||
} catch (RecordNotFoundException $exception) {
|
||||
$this->sendFailedLoginResponse($request);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -86,12 +88,13 @@ class LoginController extends AbstractLoginController
|
|||
// can proceed to the next step in the login process.
|
||||
if (!password_verify($request->input('password'), $user->password)) {
|
||||
$this->sendFailedLoginResponse($request, $user);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$webauthnKeys = $user->webauthnKeys()->get();
|
||||
|
||||
if (sizeof($webauthnKeys) > 0) {
|
||||
if (count($webauthnKeys) > 0) {
|
||||
$token = Str::random(64);
|
||||
$this->cache->put($token, $user->id, CarbonImmutable::now()->addMinutes(5));
|
||||
|
||||
|
@ -99,7 +102,7 @@ class LoginController extends AbstractLoginController
|
|||
$request->session()->put(self::SESSION_PUBLICKEY_REQUEST, $publicKey);
|
||||
$request->session()->save();
|
||||
|
||||
$methods = [ self::METHOD_WEBAUTHN ];
|
||||
$methods = [self::METHOD_WEBAUTHN];
|
||||
if ($user->use_totp) {
|
||||
$methods[] = self::METHOD_TOTP;
|
||||
}
|
||||
|
@ -112,19 +115,17 @@ class LoginController extends AbstractLoginController
|
|||
'public_key' => $publicKey,
|
||||
],
|
||||
]);
|
||||
} else if ($user->use_totp) {
|
||||
} elseif ($user->use_totp) {
|
||||
$token = Str::random(64);
|
||||
$this->cache->put($token, $user->id, CarbonImmutable::now()->addMinutes(5));
|
||||
|
||||
return new JsonResponse([
|
||||
'complete' => false,
|
||||
'methods' => [ self::METHOD_TOTP ],
|
||||
'methods' => [self::METHOD_TOTP],
|
||||
'confirmation_token' => $token,
|
||||
]);
|
||||
}
|
||||
|
||||
$this->auth->guard()->login($user, true);
|
||||
|
||||
return $this->sendLoginResponse($user, $request);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
namespace Pterodactyl\Http\Controllers\Auth;
|
||||
|
||||
use Exception;
|
||||
use Pterodactyl\Models\User;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\User;
|
||||
use Illuminate\Auth\AuthManager;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use LaravelWebauthn\Facades\Webauthn;
|
||||
|
@ -36,6 +36,7 @@ class WebauthnController extends AbstractLoginController
|
|||
{
|
||||
if ($this->hasTooManyLoginAttempts($request)) {
|
||||
$this->sendLockoutResponse($request);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -51,6 +52,7 @@ class WebauthnController extends AbstractLoginController
|
|||
null,
|
||||
'The authentication token provided has expired, please refresh the page and try again.'
|
||||
);
|
||||
|
||||
return;
|
||||
}
|
||||
$this->auth->guard()->onceUsingId($user->id);
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http;
|
||||
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Illuminate\Auth\Middleware\Authorize;
|
||||
use Illuminate\Auth\Middleware\Authenticate;
|
||||
use Pterodactyl\Http\Middleware\TrimStrings;
|
||||
|
@ -16,24 +15,23 @@ use Pterodactyl\Http\Middleware\AdminAuthenticate;
|
|||
use Illuminate\Routing\Middleware\ThrottleRequests;
|
||||
use Pterodactyl\Http\Middleware\LanguageMiddleware;
|
||||
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
||||
use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
|
||||
use Illuminate\Routing\Middleware\SubstituteBindings;
|
||||
use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
|
||||
use Illuminate\Session\Middleware\AuthenticateSession;
|
||||
use Illuminate\View\Middleware\ShareErrorsFromSession;
|
||||
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
|
||||
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
|
||||
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
||||
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
|
||||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
||||
use Pterodactyl\Http\Middleware\Api\PreventUnboundModels;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
|
||||
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
||||
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
|
||||
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
||||
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
||||
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
||||
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
|
||||
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
|
||||
use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;
|
||||
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
|
||||
use Pterodactyl\Http\Middleware\Api\Application\SubstituteApplicationApiBindings;
|
||||
|
||||
class Kernel extends HttpKernel
|
||||
{
|
||||
|
@ -43,12 +41,11 @@ class Kernel extends HttpKernel
|
|||
* @var array
|
||||
*/
|
||||
protected $middleware = [
|
||||
CheckForMaintenanceMode::class,
|
||||
EncryptCookies::class,
|
||||
TrustProxies::class,
|
||||
PreventRequestsDuringMaintenance::class,
|
||||
ValidatePostSize::class,
|
||||
TrimStrings::class,
|
||||
ConvertEmptyStringsToNull::class,
|
||||
TrustProxies::class,
|
||||
];
|
||||
|
||||
/**
|
||||
|
@ -58,6 +55,7 @@ class Kernel extends HttpKernel
|
|||
*/
|
||||
protected $middlewareGroups = [
|
||||
'web' => [
|
||||
EncryptCookies::class,
|
||||
AddQueuedCookiesToResponse::class,
|
||||
StartSession::class,
|
||||
AuthenticateSession::class,
|
||||
|
@ -69,20 +67,19 @@ class Kernel extends HttpKernel
|
|||
],
|
||||
'api' => [
|
||||
IsValidJson::class,
|
||||
ApiSubstituteBindings::class,
|
||||
SetSessionDriver::class,
|
||||
'api..key:' . ApiKey::TYPE_APPLICATION,
|
||||
EnsureFrontendRequestsAreStateful::class,
|
||||
'auth:sanctum',
|
||||
SubstituteApplicationApiBindings::class,
|
||||
PreventUnboundModels::class,
|
||||
AuthenticateApplicationUser::class,
|
||||
AuthenticateIPAccess::class,
|
||||
RequireTwoFactorAuthentication::class,
|
||||
],
|
||||
'client-api' => [
|
||||
StartSession::class,
|
||||
SetSessionDriver::class,
|
||||
AuthenticateSession::class,
|
||||
IsValidJson::class,
|
||||
EnsureFrontendRequestsAreStateful::class,
|
||||
'auth:sanctum',
|
||||
SubstituteClientApiBindings::class,
|
||||
'api..key:' . ApiKey::TYPE_ACCOUNT,
|
||||
AuthenticateIPAccess::class,
|
||||
PreventUnboundModels::class,
|
||||
// This is perhaps a little backwards with the Client API, but logically you'd be unable
|
||||
// to create/get an API key without first enabling 2FA on the account, so I suppose in the
|
||||
// end it makes sense.
|
||||
|
@ -112,8 +109,5 @@ class Kernel extends HttpKernel
|
|||
'bindings' => SubstituteBindings::class,
|
||||
'recaptcha' => VerifyReCaptcha::class,
|
||||
'node.maintenance' => MaintenanceMiddleware::class,
|
||||
|
||||
// API Specific Middleware
|
||||
'api..key' => AuthenticateKey::class,
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api;
|
||||
|
||||
use Closure;
|
||||
use Pterodactyl\Models\Egg;
|
||||
use Pterodactyl\Models\Nest;
|
||||
use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Database;
|
||||
use Pterodactyl\Models\Location;
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Illuminate\Routing\Middleware\SubstituteBindings;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
|
||||
class ApiSubstituteBindings extends SubstituteBindings
|
||||
{
|
||||
/**
|
||||
* Mappings to automatically assign route parameters to a model.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
protected static $mappings = [
|
||||
'allocation' => Allocation::class,
|
||||
'database' => Database::class,
|
||||
'egg' => Egg::class,
|
||||
'location' => Location::class,
|
||||
'nest' => Nest::class,
|
||||
'node' => Node::class,
|
||||
'server' => Server::class,
|
||||
'user' => User::class,
|
||||
];
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Routing\Router
|
||||
*/
|
||||
protected $router;
|
||||
|
||||
/**
|
||||
* Perform substitution of route parameters without triggering
|
||||
* a 404 error if a model is not found.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$route = $request->route();
|
||||
|
||||
foreach (self::$mappings as $key => $model) {
|
||||
if (!is_null($this->router->getBindingCallback($key))) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$this->router->model($key, $model, function () use ($request) {
|
||||
$request->attributes->set('is_missing_model', true);
|
||||
});
|
||||
}
|
||||
|
||||
$this->router->substituteBindings($route);
|
||||
|
||||
// Attempt to resolve bindings for this route. If one of the models
|
||||
// cannot be resolved do not immediately return a 404 error. Set a request
|
||||
// attribute that can be checked in the base API request class to only
|
||||
// trigger a 404 after validating that the API key making the request is valid
|
||||
// and even has permission to access the requested resource.
|
||||
try {
|
||||
$this->router->substituteImplicitBindings($route);
|
||||
} catch (ModelNotFoundException $exception) {
|
||||
$request->attributes->set('is_missing_model', true);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the registered mappings.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function getMappings()
|
||||
{
|
||||
return self::$mappings;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Application;
|
||||
|
||||
use Closure;
|
||||
use Pterodactyl\Models\Egg;
|
||||
use Pterodactyl\Models\Nest;
|
||||
use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Database;
|
||||
use Pterodactyl\Models\Location;
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Illuminate\Contracts\Routing\Registrar;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
|
||||
class SubstituteApplicationApiBindings
|
||||
{
|
||||
protected Registrar $router;
|
||||
|
||||
/**
|
||||
* Mappings to automatically assign route parameters to a model.
|
||||
*/
|
||||
protected static array $mappings = [
|
||||
'allocation' => Allocation::class,
|
||||
'database' => Database::class,
|
||||
'egg' => Egg::class,
|
||||
'location' => Location::class,
|
||||
'nest' => Nest::class,
|
||||
'node' => Node::class,
|
||||
'server' => Server::class,
|
||||
'user' => User::class,
|
||||
];
|
||||
|
||||
public function __construct(Registrar $router)
|
||||
{
|
||||
$this->router = $router;
|
||||
}
|
||||
|
||||
/**
|
||||
* Perform substitution of route parameters without triggering
|
||||
* a 404 error if a model is not found.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
foreach (self::$mappings as $key => $class) {
|
||||
$this->router->bind($key, $class);
|
||||
}
|
||||
|
||||
try {
|
||||
$this->router->substituteImplicitBindings($route = $request->route());
|
||||
} catch (ModelNotFoundException $exception) {
|
||||
if (isset($route) && $route->getMissing()) {
|
||||
$route->getMissing()($request);
|
||||
}
|
||||
|
||||
throw $exception;
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api;
|
||||
|
||||
use Closure;
|
||||
use IPTools\IP;
|
||||
use IPTools\Range;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
class AuthenticateIPAccess
|
||||
{
|
||||
/**
|
||||
* Determine if a request IP has permission to access the API.
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Exception
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$model = $request->attributes->get('api_key');
|
||||
|
||||
if (is_null($model->allowed_ips) || empty($model->allowed_ips)) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
$find = new IP($request->ip());
|
||||
foreach ($model->allowed_ips as $ip) {
|
||||
if (Range::parse($ip)->contains($find)) {
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
throw new AccessDeniedHttpException('This IP address (' . $request->ip() . ') does not have permission to access the API using these credentials.');
|
||||
}
|
||||
}
|
|
@ -1,95 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api;
|
||||
|
||||
use Closure;
|
||||
use Carbon\CarbonImmutable;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Illuminate\Auth\AuthManager;
|
||||
use Illuminate\Contracts\Encryption\Encrypter;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
class AuthenticateKey
|
||||
{
|
||||
private AuthManager $auth;
|
||||
private Encrypter $encrypter;
|
||||
private ApiKeyRepositoryInterface $repository;
|
||||
|
||||
/**
|
||||
* AuthenticateKey constructor.
|
||||
*/
|
||||
public function __construct(ApiKeyRepositoryInterface $repository, AuthManager $auth, Encrypter $encrypter)
|
||||
{
|
||||
$this->auth = $auth;
|
||||
$this->encrypter = $encrypter;
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle an API request by verifying that the provided API key
|
||||
* is in a valid format and exists in the database.
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next, int $keyType)
|
||||
{
|
||||
if (is_null($request->bearerToken()) && is_null($request->user())) {
|
||||
throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
|
||||
}
|
||||
|
||||
$raw = $request->bearerToken();
|
||||
|
||||
// This is a request coming through using cookies, we have an authenticated user not using
|
||||
// an API key. Make some fake API key models and continue on through the process.
|
||||
if (empty($raw) && $request->user() instanceof User) {
|
||||
$model = (new ApiKey())->forceFill([
|
||||
'user_id' => $request->user()->id,
|
||||
'key_type' => ApiKey::TYPE_ACCOUNT,
|
||||
]);
|
||||
} else {
|
||||
$model = $this->authenticateApiKey($raw, $keyType);
|
||||
$this->auth->guard()->loginUsingId($model->user_id);
|
||||
}
|
||||
|
||||
$request->attributes->set('api_key', $model);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate an API key.
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
protected function authenticateApiKey(string $key, int $keyType): ApiKey
|
||||
{
|
||||
$identifier = substr($key, 0, ApiKey::IDENTIFIER_LENGTH);
|
||||
$token = substr($key, ApiKey::IDENTIFIER_LENGTH);
|
||||
|
||||
try {
|
||||
$model = $this->repository->findFirstWhere([
|
||||
['identifier', '=', $identifier],
|
||||
['key_type', '=', $keyType],
|
||||
]);
|
||||
} catch (RecordNotFoundException $exception) {
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
|
||||
if (!hash_equals($this->encrypter->decrypt($model->token), $token)) {
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
|
||||
$this->repository->withoutFreshModel()->update($model->id, ['last_used_at' => CarbonImmutable::now()]);
|
||||
|
||||
return $model;
|
||||
}
|
||||
}
|
|
@ -3,60 +3,102 @@
|
|||
namespace Pterodactyl\Http\Middleware\Api\Client;
|
||||
|
||||
use Closure;
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Models\Backup;
|
||||
use Pterodactyl\Models\Database;
|
||||
use Illuminate\Support\Str;
|
||||
use Pterodactyl\Models\Task;
|
||||
use Illuminate\Routing\Route;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Container\Container;
|
||||
use Illuminate\Database\Query\JoinClause;
|
||||
use Illuminate\Contracts\Routing\Registrar;
|
||||
use Pterodactyl\Contracts\Extensions\HashidsInterface;
|
||||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
|
||||
class SubstituteClientApiBindings extends ApiSubstituteBindings
|
||||
class SubstituteClientApiBindings
|
||||
{
|
||||
protected Registrar $router;
|
||||
|
||||
public function __construct(Registrar $router)
|
||||
{
|
||||
$this->router = $router;
|
||||
}
|
||||
|
||||
/**
|
||||
* Perform substitution of route parameters without triggering
|
||||
* a 404 error if a model is not found.
|
||||
* Perform substitution of route parameters for the Client API.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Illuminate\Http\Request
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
// Override default behavior of the model binding to use a specific table
|
||||
// column rather than the default 'id'.
|
||||
$this->router->bind('server', function ($value) use ($request) {
|
||||
try {
|
||||
$column = 'uuidShort';
|
||||
if (preg_match('/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i', $value)) {
|
||||
$column = 'uuid';
|
||||
}
|
||||
|
||||
return Container::getInstance()->make(ServerRepositoryInterface::class)->findFirstWhere([
|
||||
[$column, '=', $value],
|
||||
]);
|
||||
} catch (RecordNotFoundException $ex) {
|
||||
$request->attributes->set('is_missing_model', true);
|
||||
|
||||
return null;
|
||||
}
|
||||
$this->router->bind('server', function ($value) {
|
||||
return Server::query()->where(Str::length($value) === 8 ? 'uuidShort' : 'uuid', $value)->firstOrFail();
|
||||
});
|
||||
|
||||
$this->router->bind('database', function ($value) {
|
||||
$this->router->bind('allocation', function ($value, $route) {
|
||||
return $this->server($route)->allocations()->findOrFail($value);
|
||||
});
|
||||
|
||||
$this->router->bind('schedule', function ($value, $route) {
|
||||
return $this->server($route)->schedule()->findOrFail($value);
|
||||
});
|
||||
|
||||
$this->router->bind('task', function ($value, $route) {
|
||||
return Task::query()
|
||||
->select('tasks.*')
|
||||
->join('schedules', function (JoinClause $join) use ($route) {
|
||||
$join->on('schedules.id', 'tasks.schedule_id')
|
||||
->where('schedules.server_id', $route->parameter('server')->id);
|
||||
})
|
||||
->where('schedules.id', $route->parameter('schedule')->id)
|
||||
->findOrFail($value);
|
||||
});
|
||||
|
||||
$this->router->bind('database', function ($value, $route) {
|
||||
$id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
|
||||
|
||||
return Database::query()->where('id', $id)->firstOrFail();
|
||||
return $this->server($route)->databases()->findOrFail($id);
|
||||
});
|
||||
|
||||
$this->router->bind('backup', function ($value) {
|
||||
return Backup::query()->where('uuid', $value)->firstOrFail();
|
||||
$this->router->bind('backup', function ($value, $route) {
|
||||
return $this->server($route)->backups()->where('uuid', $value)->firstOrFail();
|
||||
});
|
||||
|
||||
$this->router->bind('user', function ($value) {
|
||||
return User::query()->where('uuid', $value)->firstOrFail();
|
||||
$this->router->bind('subuser', function ($value, $route) {
|
||||
return $this->server($route)->subusers()
|
||||
->select('subusers.*')
|
||||
->join('users', 'subusers.user_id', '=', 'users.id')
|
||||
->where('users.uuid', $value)
|
||||
->firstOrFail();
|
||||
});
|
||||
|
||||
return parent::handle($request, $next);
|
||||
try {
|
||||
/* @var \Illuminate\Routing\Route $route */
|
||||
$this->router->substituteBindings($route = $request->route());
|
||||
} catch (ModelNotFoundException $exception) {
|
||||
if (isset($route) && $route->getMissing()) {
|
||||
$route->getMissing()($request);
|
||||
}
|
||||
|
||||
throw $exception;
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Plucks the server model off the route. If no server model is present a
|
||||
* ModelNotFound exception will be thrown.
|
||||
*
|
||||
* @throws \Illuminate\Database\Eloquent\ModelNotFoundException
|
||||
*/
|
||||
private function server(Route $route): Server
|
||||
{
|
||||
$server = $route->parameter('server');
|
||||
if (!$server instanceof Server) {
|
||||
throw (new ModelNotFoundException())->setModel(Server::class, [$route->parameter('server')]);
|
||||
}
|
||||
|
||||
return $server;
|
||||
}
|
||||
}
|
||||
|
|
45
app/Http/Middleware/Api/PreventUnboundModels.php
Normal file
45
app/Http/Middleware/Api/PreventUnboundModels.php
Normal file
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api;
|
||||
|
||||
use Closure;
|
||||
use Exception;
|
||||
use Illuminate\Support\Reflector;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Contracts\Routing\UrlRoutable;
|
||||
|
||||
class PreventUnboundModels
|
||||
{
|
||||
/**
|
||||
* Prevents a request from making it to a controller action if there is a model
|
||||
* injection on the controller that has not been explicitly bound by the request.
|
||||
* This prevents empty models from being valid in scenarios where a new model is
|
||||
* added but not properly defined in the substitution middleware.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$route = $request->route();
|
||||
$parameters = $route->parameters() ?? [];
|
||||
|
||||
/** @var \ReflectionParameter[] $signatures */
|
||||
$signatures = $route->signatureParameters(UrlRoutable::class);
|
||||
foreach ($signatures as $signature) {
|
||||
$class = Reflector::getParameterClassName($signature);
|
||||
if (is_null($class) || !is_subclass_of($class, Model::class)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!$parameters[$signature->getName()] instanceof Model) {
|
||||
throw new Exception(sprintf('No parameter binding has been defined for model [%s] using route parameter key "%s".', $class, $signature->getName()));
|
||||
}
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Contracts\Config\Repository as ConfigRepository;
|
||||
|
||||
class SetSessionDriver
|
||||
{
|
||||
/**
|
||||
* @var \Illuminate\Contracts\Config\Repository
|
||||
*/
|
||||
private $config;
|
||||
|
||||
/**
|
||||
* SetSessionDriver constructor.
|
||||
*/
|
||||
public function __construct(ConfigRepository $config)
|
||||
{
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the session for API calls to only last for the one request.
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$this->config->set('session.driver', 'array');
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
|
@ -14,6 +14,6 @@ class VerifyCsrfToken extends BaseVerifier
|
|||
protected $except = [
|
||||
'remote/*',
|
||||
'daemon/*',
|
||||
'api/*',
|
||||
// 'api/*',
|
||||
];
|
||||
}
|
||||
|
|
83
app/Http/Requests/Api/ApiRequest.php
Normal file
83
app/Http/Requests/Api/ApiRequest.php
Normal file
|
@ -0,0 +1,83 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Api;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
/**
|
||||
* @method \Pterodactyl\Models\User user($guard = null)
|
||||
*/
|
||||
abstract class ApiRequest extends FormRequest
|
||||
{
|
||||
/**
|
||||
* Tracks if the request has been validated internally or not to avoid
|
||||
* making duplicate validation calls.
|
||||
*/
|
||||
private bool $hasValidated = false;
|
||||
|
||||
/**
|
||||
* Determine if the current user is authorized to perform the requested
|
||||
* action against the API.
|
||||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default set of rules to apply to API requests.
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [];
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate that the resource exists and can be accessed prior to booting
|
||||
* the validator and attempting to use the data.
|
||||
*
|
||||
* @throws \Illuminate\Auth\Access\AuthorizationException
|
||||
*/
|
||||
protected function prepareForValidation()
|
||||
{
|
||||
if (!$this->passesAuthorization()) {
|
||||
$this->failedAuthorization();
|
||||
}
|
||||
|
||||
$this->hasValidated = true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine if the request passes the authorization check as well
|
||||
* as the exists check.
|
||||
*
|
||||
* @return bool
|
||||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
|
||||
*/
|
||||
protected function passesAuthorization()
|
||||
{
|
||||
// If we have already validated we do not need to call this function
|
||||
// again. This is needed to work around Laravel's normal auth validation
|
||||
// that occurs after validating the request params since we are doing auth
|
||||
// validation in the prepareForValidation() function.
|
||||
if ($this->hasValidated) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!parent::passesAuthorization()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Only let the user know that a resource does not exist if they are
|
||||
// authenticated to access the endpoint. This avoids exposing that
|
||||
// an item exists (or does not exist) to the user until they can prove
|
||||
// that they have permission to know about it.
|
||||
if ($this->attributes->get('is_missing_model', false)) {
|
||||
throw new NotFoundHttpException(trans('exceptions.api.resource_not_found'));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
|
@ -2,31 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
|
||||
|
||||
use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteAllocationRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_ALLOCATIONS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
/**
|
||||
* Determine if the requested allocation exists and belongs to the node that
|
||||
* is being passed in the URL.
|
||||
*/
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$node = $this->route()->parameter('node');
|
||||
$allocation = $this->route()->parameter('allocation');
|
||||
|
||||
if ($node instanceof Node && $node->exists) {
|
||||
if ($allocation instanceof Allocation && $allocation->exists && $allocation->node_id === $node->id) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,23 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
|
||||
|
||||
use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetAllocationsRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_ALLOCATIONS;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
|
||||
/**
|
||||
* Determine if the node that we are requesting the allocations
|
||||
* for exists on the Panel.
|
||||
*/
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$node = $this->route()->parameter('node');
|
||||
|
||||
return $node instanceof Node && $node->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,14 +2,10 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreAllocationRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_ALLOCATIONS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
|
|
|
@ -2,147 +2,16 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application;
|
||||
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Pterodactyl\Exceptions\PterodactylException;
|
||||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Symfony\Component\Routing\Exception\InvalidParameterException;
|
||||
use Pterodactyl\Http\Requests\Api\ApiRequest;
|
||||
|
||||
abstract class ApplicationApiRequest extends FormRequest
|
||||
abstract class ApplicationApiRequest extends ApiRequest
|
||||
{
|
||||
/**
|
||||
* Tracks if the request has been validated internally or not to avoid
|
||||
* making duplicate validation calls.
|
||||
*/
|
||||
private bool $hasValidated = false;
|
||||
|
||||
/**
|
||||
* The resource that should be checked when performing the authorization
|
||||
* function for this request.
|
||||
*
|
||||
* @var string|null
|
||||
*/
|
||||
protected string $resource;
|
||||
|
||||
/**
|
||||
* The permission level that a given API key should have for accessing
|
||||
* the defined $resource during the request cycle.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
protected int $permission = AdminAcl::NONE;
|
||||
|
||||
/**
|
||||
* Determine if the current user is authorized to perform
|
||||
* the requested action against the API.
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\PterodactylException
|
||||
* This will eventually be replaced with per-request permissions checking
|
||||
* on the API key and for the user.
|
||||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
if (is_null($this->resource)) {
|
||||
throw new PterodactylException('An ACL resource must be defined on API requests.');
|
||||
}
|
||||
|
||||
if ($this->key()->key_type === ApiKey::TYPE_ACCOUNT) {
|
||||
return $this->user()->root_admin;
|
||||
}
|
||||
|
||||
return AdminAcl::check($this->key(), $this->resource, $this->permission);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the requested resource exists on the server.
|
||||
*/
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default set of rules to apply to API requests.
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [];
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the API key being used for the request.
|
||||
*/
|
||||
public function key(): ApiKey
|
||||
{
|
||||
return $this->attributes->get('api_key');
|
||||
}
|
||||
|
||||
/**
|
||||
* Grab a model from the route parameters. If no model is found in the
|
||||
* binding mappings an exception will be thrown.
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @deprecated
|
||||
*
|
||||
* @throws \Symfony\Component\Routing\Exception\InvalidParameterException
|
||||
*/
|
||||
public function getModel(string $model)
|
||||
{
|
||||
$parameterKey = array_get(array_flip(ApiSubstituteBindings::getMappings()), $model);
|
||||
|
||||
if (is_null($parameterKey)) {
|
||||
throw new InvalidParameterException();
|
||||
}
|
||||
|
||||
return $this->route()->parameter($parameterKey);
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate that the resource exists and can be accessed prior to booting
|
||||
* the validator and attempting to use the data.
|
||||
*
|
||||
* @throws \Illuminate\Auth\Access\AuthorizationException
|
||||
*/
|
||||
protected function prepareForValidation()
|
||||
{
|
||||
if (!$this->passesAuthorization()) {
|
||||
$this->failedAuthorization();
|
||||
}
|
||||
|
||||
$this->hasValidated = true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine if the request passes the authorization check as well
|
||||
* as the exists check.
|
||||
*
|
||||
* @return bool
|
||||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
|
||||
*/
|
||||
protected function passesAuthorization()
|
||||
{
|
||||
// If we have already validated we do not need to call this function
|
||||
// again. This is needed to work around Laravel's normal auth validation
|
||||
// that occurs after validating the request params since we are doing auth
|
||||
// validation in the prepareForValidation() function.
|
||||
if ($this->hasValidated) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!parent::passesAuthorization()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Only let the user know that a resource does not exist if they are
|
||||
// authenticated to access the endpoint. This avoids exposing that
|
||||
// an item exists (or does not exist) to the user until they can prove
|
||||
// that they have permission to know about it.
|
||||
if ($this->attributes->get('is_missing_model', false) || !$this->resourceExists()) {
|
||||
throw new NotFoundHttpException(trans('exceptions.api.resource_not_found'));
|
||||
}
|
||||
|
||||
return true;
|
||||
return $this->user()->root_admin;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,19 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Databases;
|
||||
|
||||
use Pterodactyl\Models\DatabaseHost;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteDatabaseRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_DATABASE_HOSTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$databaseHost = $this->route()->parameter('databaseHost');
|
||||
|
||||
return $databaseHost instanceof DatabaseHost && $databaseHost->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,14 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Databases;
|
||||
|
||||
use Pterodactyl\Models\DatabaseHost;
|
||||
|
||||
class GetDatabaseRequest extends GetDatabasesRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$databaseHost = $this->route()->parameter('databaseHost');
|
||||
|
||||
return $databaseHost instanceof DatabaseHost && $databaseHost->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Databases;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl as Acl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetDatabasesRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = Acl::RESOURCE_DATABASE_HOSTS;
|
||||
protected int $permission = Acl::READ;
|
||||
}
|
||||
|
|
|
@ -3,14 +3,10 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application\Databases;
|
||||
|
||||
use Pterodactyl\Models\DatabaseHost;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreDatabaseRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_DATABASE_HOSTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(array $rules = null): array
|
||||
{
|
||||
return $rules ?? DatabaseHost::getRules();
|
||||
|
|
|
@ -3,14 +3,10 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application\Eggs;
|
||||
|
||||
use Pterodactyl\Models\Egg;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteEggRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_EGGS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$egg = $this->route()->parameter('egg');
|
||||
|
|
|
@ -2,14 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Eggs;
|
||||
|
||||
use Pterodactyl\Models\Egg;
|
||||
|
||||
class GetEggRequest extends GetEggsRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$egg = $this->route()->parameter('egg');
|
||||
|
||||
return $egg instanceof Egg && $egg->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Eggs;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetEggsRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_EGGS;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
}
|
||||
|
|
|
@ -3,14 +3,10 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application\Eggs;
|
||||
|
||||
use Pterodactyl\Models\Egg;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreEggRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_EGGS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(array $rules = null): array
|
||||
{
|
||||
return $rules ?? Egg::getRules();
|
||||
|
|
|
@ -2,19 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
||||
|
||||
use Pterodactyl\Models\Location;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteLocationRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_LOCATIONS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$location = $this->route()->parameter('location');
|
||||
|
||||
return $location instanceof Location && $location->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,14 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
||||
|
||||
use Pterodactyl\Models\Location;
|
||||
|
||||
class GetLocationRequest extends GetLocationsRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$location = $this->route()->parameter('location');
|
||||
|
||||
return $location instanceof Location && $location->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetLocationsRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_LOCATIONS;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
}
|
||||
|
|
|
@ -3,14 +3,10 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
||||
|
||||
use Pterodactyl\Models\Location;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreLocationRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_LOCATIONS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return collect(Location::getRules())->only([
|
||||
|
|
|
@ -6,13 +6,6 @@ use Pterodactyl\Models\Location;
|
|||
|
||||
class UpdateLocationRequest extends StoreLocationRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$location = $this->route()->parameter('location');
|
||||
|
||||
return $location instanceof Location && $location->exists;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
$locationId = $this->route()->parameter('location')->id;
|
||||
|
|
|
@ -2,19 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Mounts;
|
||||
|
||||
use Pterodactyl\Models\Mount;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteMountRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_MOUNTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$mount = $this->route()->parameter('mount');
|
||||
|
||||
return $mount instanceof Mount && $mount->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,14 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Mounts;
|
||||
|
||||
use Pterodactyl\Models\Mount;
|
||||
|
||||
class GetMountRequest extends GetMountsRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$mount = $this->route()->parameter('mount');
|
||||
|
||||
return $mount instanceof Mount && $mount->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Mounts;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl as Acl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetMountsRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = Acl::RESOURCE_MOUNTS;
|
||||
protected int $permission = Acl::READ;
|
||||
}
|
||||
|
|
|
@ -2,14 +2,10 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Mounts;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class MountEggsRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_MOUNTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(array $rules = null): array
|
||||
{
|
||||
return $rules ?? ['eggs' => 'required|exists:eggs,id'];
|
||||
|
|
|
@ -2,14 +2,10 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Mounts;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class MountNodesRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_MOUNTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(array $rules = null): array
|
||||
{
|
||||
return $rules ?? ['nodes' => 'required|exists:nodes,id'];
|
||||
|
|
|
@ -3,14 +3,10 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application\Mounts;
|
||||
|
||||
use Pterodactyl\Models\Mount;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreMountRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_MOUNTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(array $rules = null): array
|
||||
{
|
||||
return $rules ?? Mount::getRules();
|
||||
|
|
|
@ -2,19 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Nests;
|
||||
|
||||
use Pterodactyl\Models\Nest;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteNestRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_NESTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$nest = $this->route()->parameter('nest');
|
||||
|
||||
return $nest instanceof Nest && $nest->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,14 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Nests;
|
||||
|
||||
use Pterodactyl\Models\Nest;
|
||||
|
||||
class GetNestRequest extends GetNestsRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$nest = $this->route()->parameter('nest');
|
||||
|
||||
return $nest instanceof Nest && $nest->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Nests;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetNestsRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_NESTS;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
}
|
||||
|
|
|
@ -2,17 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Nests;
|
||||
|
||||
use Pterodactyl\Models\Nest;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreNestRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_NESTS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(array $rules = null): array
|
||||
{
|
||||
return $rules ?? Nest::getRules();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,19 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
||||
|
||||
use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteNodeRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_NODES;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$node = $this->route()->parameter('node');
|
||||
|
||||
return $node instanceof Node && $node->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,14 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
||||
|
||||
use Pterodactyl\Models\Node;
|
||||
|
||||
class GetNodeRequest extends GetNodesRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$node = $this->route()->parameter('node');
|
||||
|
||||
return $node instanceof Node && $node->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetNodesRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_NODES;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
}
|
||||
|
|
|
@ -3,14 +3,10 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
||||
|
||||
use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreNodeRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_NODES;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
/**
|
||||
* Validation rules to apply to this request.
|
||||
*/
|
||||
|
|
|
@ -2,19 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Roles;
|
||||
|
||||
use Pterodactyl\Models\AdminRole;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class DeleteRoleRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_ROLES;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$role = $this->route()->parameter('role');
|
||||
|
||||
return $role instanceof AdminRole && $role->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,14 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Roles;
|
||||
|
||||
use Pterodactyl\Models\AdminRole;
|
||||
|
||||
class GetRoleRequest extends GetRolesRequest
|
||||
{
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$role = $this->route()->parameter('role');
|
||||
|
||||
return $role instanceof AdminRole && $role->exists;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Roles;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl as Acl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetRolesRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = Acl::RESOURCE_ROLES;
|
||||
protected int $permission = Acl::READ;
|
||||
}
|
||||
|
|
|
@ -3,14 +3,10 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application\Roles;
|
||||
|
||||
use Pterodactyl\Models\AdminRole;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreRoleRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_ROLES;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(array $rules = null): array
|
||||
{
|
||||
return $rules ?? AdminRole::getRules();
|
||||
|
|
|
@ -2,19 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Servers\Databases;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetServerDatabaseRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$server = $this->route()->parameter('server');
|
||||
$database = $this->route()->parameter('database');
|
||||
|
||||
return $database->server_id === $server->id;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Servers\Databases;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetServerDatabasesRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
}
|
||||
|
|
|
@ -2,9 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Servers\Databases;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
|
||||
class ServerDatabaseWriteRequest extends GetServerDatabasesRequest
|
||||
{
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
}
|
||||
|
|
|
@ -6,15 +6,11 @@ use Webmozart\Assert\Assert;
|
|||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Validation\Rule;
|
||||
use Illuminate\Database\Query\Builder;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Services\Databases\DatabaseManagementService;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreServerDatabaseRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
$server = $this->route()->parameter('server');
|
||||
|
|
|
@ -2,35 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Servers;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetExternalServerRequest extends ApplicationApiRequest
|
||||
{
|
||||
private Server $serverModel;
|
||||
protected string $resource = AdminAcl::RESOURCE_SERVERS;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
|
||||
public function resourceExists(): bool
|
||||
{
|
||||
$repository = $this->container->make(ServerRepositoryInterface::class);
|
||||
|
||||
try {
|
||||
$this->serverModel = $repository->findFirstWhere([
|
||||
['external_id', '=', $this->route()->parameter('external_id')],
|
||||
]);
|
||||
} catch (RecordNotFoundException $exception) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function getServerModel(): Server
|
||||
{
|
||||
return $this->serverModel;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Servers;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class GetServerRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_SERVERS;
|
||||
protected int $permission = AdminAcl::READ;
|
||||
}
|
||||
|
|
|
@ -2,11 +2,8 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Application\Servers;
|
||||
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class ServerWriteRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_SERVERS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
}
|
||||
|
|
|
@ -4,16 +4,12 @@ namespace Pterodactyl\Http\Requests\Api\Application\Servers;
|
|||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Validation\Rule;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Illuminate\Contracts\Validation\Validator;
|
||||
use Pterodactyl\Models\Objects\DeploymentObject;
|
||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||
|
||||
class StoreServerRequest extends ApplicationApiRequest
|
||||
{
|
||||
protected string $resource = AdminAcl::RESOURCE_SERVERS;
|
||||
protected int $permission = AdminAcl::WRITE;
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
$rules = Server::getRules();
|
||||
|
@ -93,7 +89,9 @@ class StoreServerRequest extends ApplicationApiRequest
|
|||
public function withValidator(Validator $validator)
|
||||
{
|
||||
$validator->sometimes('allocation.default', [
|
||||
'required', 'integer', 'bail',
|
||||
'required',
|
||||
'integer',
|
||||
'bail',
|
||||
Rule::exists('allocations', 'id')->where(function ($query) {
|
||||
$query->whereNull('server_id');
|
||||
}),
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue