Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for base API logging of all requests

Browse source 
ref #31
This commit is contained in:
Dane Everitt 2016-10-07 16:06:09 -04:00
parent 0fe0f750c4
commit af68dbed8f
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 172 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/Http/Middleware/APISecretToken.php
View file

@ -29,6 +29,7 @@ use IPTools\Range;
use Pterodactyl\Models\APIKey; use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission; use Pterodactyl\Models\APIPermission;
use Pterodactyl\Services\APILogService;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Dingo\Api\Routing\Route; use Dingo\Api\Routing\Route;
@ -61,6 +62,7 @@ class APISecretToken extends Authorization
public function authenticate(Request $request, Route $route) public function authenticate(Request $request, Route $route)
{ {
if (!$request->bearerToken() || empty($request->bearerToken())) { if (!$request->bearerToken() || empty($request->bearerToken())) {
APILogService::log($request);
throw new UnauthorizedHttpException('The authentication header was missing or malformed'); throw new UnauthorizedHttpException('The authentication header was missing or malformed');
} }
@ -68,6 +70,7 @@ class APISecretToken extends Authorization
$key = APIKey::where('public', $public)->first(); $key = APIKey::where('public', $public)->first();
if (!$key) { if (!$key) {
APILogService::log($request);
throw new AccessDeniedHttpException('Invalid API Key.'); throw new AccessDeniedHttpException('Invalid API Key.');
} }
@ -82,6 +85,7 @@ class APISecretToken extends Authorization
} }
} }
if (!$inRange) { if (!$inRange) {
APILogService::log($request);
throw new AccessDeniedHttpException('This IP address <' . $request->ip() . '> does not have permission to use this API key.'); throw new AccessDeniedHttpException('This IP address <' . $request->ip() . '> does not have permission to use this API key.');
} }
} }
@ -94,6 +98,7 @@ class APISecretToken extends Authorization
} }
if (!$this->permissionAllowed) { if (!$this->permissionAllowed) {
APILogService::log($request);
throw new AccessDeniedHttpException('You do not have permission to access this resource.'); throw new AccessDeniedHttpException('You do not have permission to access this resource.');
} }
} }
@ -101,14 +106,18 @@ class APISecretToken extends Authorization
try { try {
$decrypted = Crypt::decrypt($key->secret); $decrypted = Crypt::decrypt($key->secret);
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) { } catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
APILogService::log($request);
throw new HttpException('There was an error while attempting to check your secret key.'); throw new HttpException('There was an error while attempting to check your secret key.');
} }
$this->url = urldecode($request->fullUrl()); $this->url = urldecode($request->fullUrl());
if($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) { if($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) {
APILogService::log($request);
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.'); throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
} }
// Log the Route Access
APILogService::log($request, true);
return true; return true;
} }

61
app/Models/APILog.php Normal file
View file

@ -0,0 +1,61 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Models;
use Illuminate\Database\Eloquent\Model;
class APILog extends Model
{
/**
* The table associated with the model.
*
* @var string
*/
protected $table = 'api_logs';
/**
* The attributes excluded from the model's JSON form.
*
* @var array
*/
protected $hidden = [];
/**
* Fields that are not mass assignable.
*
* @var array
*/
protected $guarded = ['id', 'created_at', 'updated_at'];
/**
* Cast values to correct type.
*
* @var array
*/
protected $casts = [
'authorized' => 'boolean'
];
}

63
app/Services/APILogService.php Normal file
View file

@ -0,0 +1,63 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Services;
use Log;
use Illuminate\Http\Request;
use Pterodactyl\Models\APILog;
class APILogService
{
public function __constructor()
{
//
}
public static function log(Request $request, $authorized = false)
{
if ($request->bearerToken() && !empty($request->bearerToken())) {
list($public, $hashed) = explode('.', $request->bearerToken());
} else {
$public = null;
}
try {
$log = APILog::create([
'authorized' => $authorized,
'key' => $public,
'method' => $request->method(),
'route' => $request->fullUrl(),
'content' => (empty($request->getContent())) ? null : $request->getContent(),
'user_agent' => $request->header('User-Agent'),
'request_ip' => $request->ip()
]);
$log->save();
} catch (\Exception $ex) {
// Simply log it and move on.
Log::error($ex);
}
}
}

39
database/migrations/2016_10_07_152117_build_api_log_table.php Normal file
View file

@ -0,0 +1,39 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class BuildApiLogTable extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('api_logs', function (Blueprint $table) {
$table->increments('id');
$table->boolean('authorized');
$table->char('key', 16)->nullable();
$table->char('method', 6);
$table->text('route');
$table->text('content')->nullable();
$table->text('user_agent');
$table->ipAddress('request_ip');
$table->timestampsTz();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::drop('api_logs');
}
}