Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feature/vuejs' into feature/move-to-webpack

Browse source
This commit is contained in:
Jakob Schrettenbrunner 2018-06-06 22:41:15 +02:00
commit cbdf4d4e1a
16 changed files with 270 additions and 232 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/Http/Controllers/Api/Client/AccountController.php Normal file
View file

@ -0,0 +1,16 @@
<?php
namespace Pterodactyl\Http\Controllers\Api\Client;
use Illuminate\Http\Request;
use Pterodactyl\Transformers\Api\Client\AccountTransformer;
class AccountController extends ClientApiController
{
public function index(Request $request): array
{
return $this->fractal->item($request->user())
->transformWith($this->getTransformer(AccountTransformer::class))
->toArray();
}
}

22
app/Http/Controllers/Auth/AbstractLoginController.php
View file

@ -2,7 +2,6 @@
namespace Pterodactyl\Http\Controllers\Auth; namespace Pterodactyl\Http\Controllers\Auth;
use Cake\Chronos\Chronos;
use Lcobucci\JWT\Builder; use Lcobucci\JWT\Builder;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Models\User; use Pterodactyl\Models\User;
@ -16,6 +15,7 @@ use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Encryption\Encrypter; use Illuminate\Contracts\Encryption\Encrypter;
use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Pterodactyl\Traits\Helpers\ProvidesJWTServices; use Pterodactyl\Traits\Helpers\ProvidesJWTServices;
use Pterodactyl\Transformers\Api\Client\AccountTransformer;
use Illuminate\Contracts\Cache\Repository as CacheRepository; use Illuminate\Contracts\Cache\Repository as CacheRepository;
use Pterodactyl\Contracts\Repository\UserRepositoryInterface; use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
@ -137,24 +137,18 @@ abstract class AbstractLoginController extends Controller
$request->session()->regenerate(); $request->session()->regenerate();
$this->clearLoginAttempts($request); $this->clearLoginAttempts($request);
$token = $this->builder->setIssuer(config('app.url'))
->setAudience(config('app.url'))
->setId(str_random(12), true)
->setIssuedAt(Chronos::now()->getTimestamp())
->setNotBefore(Chronos::now()->getTimestamp())
->setExpiration(Chronos::now()->addSeconds(config('session.lifetime'))->getTimestamp())
->set('user', $user->only([
'id', 'uuid', 'username', 'email', 'name_first', 'name_last', 'language', 'root_admin',
]))
->sign($this->getJWTSigner(), $this->getJWTSigningKey())
->getToken();
$this->auth->guard()->login($user, true); $this->auth->guard()->login($user, true);
debug($request->cookies->all());
return response()->json([ return response()->json([
'complete' => true, 'complete' => true,
'intended' => $this->redirectPath(), 'intended' => $this->redirectPath(),
'token' => $token->__toString(), 'cookie' => [
'name' => config('session.cookie'),
'value' => $this->encrypter->encrypt($request->cookie(config('session.cookie'))),
],
'user' => (new AccountTransformer())->transform($user),
]); ]);
} }

8
app/Http/Kernel.php
View file

@ -2,7 +2,6 @@
namespace Pterodactyl\Http; namespace Pterodactyl\Http;
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
use Pterodactyl\Models\ApiKey; use Pterodactyl\Models\ApiKey;
use Illuminate\Auth\Middleware\Authorize; use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Auth\Middleware\Authenticate; use Illuminate\Auth\Middleware\Authenticate;
@ -21,6 +20,7 @@ use Illuminate\Routing\Middleware\SubstituteBindings;
use Pterodactyl\Http\Middleware\AccessingValidServer; use Pterodactyl\Http\Middleware\AccessingValidServer;
use Pterodactyl\Http\Middleware\Api\SetSessionDriver; use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
use Illuminate\View\Middleware\ShareErrorsFromSession; use Illuminate\View\Middleware\ShareErrorsFromSession;
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated; use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth; use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess; use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
@ -71,7 +71,7 @@ class Kernel extends HttpKernel
RequireTwoFactorAuthentication::class, RequireTwoFactorAuthentication::class,
], ],
'api' => [ 'api' => [
'throttle:120,1', 'throttle:240,1',
ApiSubstituteBindings::class, ApiSubstituteBindings::class,
SetSessionDriver::class, SetSessionDriver::class,
'api..key:' . ApiKey::TYPE_APPLICATION, 'api..key:' . ApiKey::TYPE_APPLICATION,
@ -79,7 +79,9 @@ class Kernel extends HttpKernel
AuthenticateIPAccess::class, AuthenticateIPAccess::class,
], ],
'client-api' => [ 'client-api' => [
'throttle:60,1', 'throttle:240,1',
EncryptCookies::class,
StartSession::class,
SubstituteClientApiBindings::class, SubstituteClientApiBindings::class,
SetSessionDriver::class, SetSessionDriver::class,
'api..key:' . ApiKey::TYPE_ACCOUNT, 'api..key:' . ApiKey::TYPE_ACCOUNT,

22
app/Http/Middleware/Api/AuthenticateKey.php
View file

@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Middleware\Api;
use Closure; use Closure;
use Lcobucci\JWT\Parser; use Lcobucci\JWT\Parser;
use Cake\Chronos\Chronos; use Cake\Chronos\Chronos;
use Illuminate\Support\Str;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Models\ApiKey; use Pterodactyl\Models\ApiKey;
use Illuminate\Auth\AuthManager; use Illuminate\Auth\AuthManager;
@ -63,19 +64,24 @@ class AuthenticateKey
public function handle(Request $request, Closure $next, int $keyType) public function handle(Request $request, Closure $next, int $keyType)
{ {
if (is_null($request->bearerToken())) { if (is_null($request->bearerToken())) {
if (! Str::startsWith($request->route()->getName(), ['api.client']) && ! $request->user()) {
throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']); throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
} }
$raw = $request->bearerToken();
// This is an internal JWT, treat it differently to get the correct user before passing it along.
if (strlen($raw) > ApiKey::IDENTIFIER_LENGTH + ApiKey::KEY_LENGTH) {
$model = $this->authenticateJWT($raw);
} else {
$model = $this->authenticateApiKey($raw, $keyType);
} }
if (is_null($request->bearerToken())) {
$model = (new ApiKey)->forceFill([
'user_id' => $request->user()->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
}
if (! isset($model)) {
$raw = $request->bearerToken();
$model = $this->authenticateApiKey($raw, $keyType);
$this->auth->guard()->loginUsingId($model->user_id); $this->auth->guard()->loginUsingId($model->user_id);
}
$request->attributes->set('api_key', $model); $request->attributes->set('api_key', $model);
return $next($request); return $next($request);

36
app/Transformers/Api/Client/AccountTransformer.php Normal file
View file

@ -0,0 +1,36 @@
<?php
namespace Pterodactyl\Transformers\Api\Client;
use Pterodactyl\Models\User;
class AccountTransformer extends BaseClientTransformer
{
/**
* Return the resource name for the JSONAPI output.
*
* @return string
*/
public function getResourceName(): string
{
return 'user';
}
/**
* Return basic information about the currently logged in user.
*
* @param \Pterodactyl\Models\User $model
* @return array
*/
public function transform(User $model)
{
return [
'admin' => $model->root_admin,
'username' => $model->username,
'email' => $model->email,
'first_name' => $model->name_first,
'last_name' => $model->name_last,
'language' => $model->language,
];
}
}

0
resources/assets/scripts/store.js → resources/assets/scripts/_store.js
View file

9
resources/assets/scripts/app.js
View file

@ -3,21 +3,24 @@ import Vuex from 'vuex';
import vuexI18n from 'vuex-i18n'; import vuexI18n from 'vuex-i18n';
import VueRouter from 'vue-router'; import VueRouter from 'vue-router';
require('./bootstrap');
// Helpers // Helpers
import { Ziggy } from './helpers/ziggy'; import { Ziggy } from './helpers/ziggy';
import Locales from './../../../resources/lang/locales'; import Locales from './../../../resources/lang/locales';
import { flash } from './mixins/flash'; import { flash } from './mixins/flash';
import { routes } from './routes'; import { routes } from './routes';
import { storeData } from './store'; import storeData from './store/index.js';
window.events = new Vue; window.events = new Vue;
window.Ziggy = Ziggy; window.Ziggy = Ziggy;
Vue.config.productionTip = false;
Vue.use(Vuex); Vue.use(Vuex);
const store = new Vuex.Store(storeData); const store = new Vuex.Store(storeData);
const route = require('./../../../vendor/tightenco/ziggy/src/js/route').default; const route = require('./../../../vendor/tightenco/ziggy/src/js/route').default;
Vue.config.productionTip = false;
Vue.mixin({ methods: { route } }); Vue.mixin({ methods: { route } });
Vue.mixin(flash); Vue.mixin(flash);
@ -31,6 +34,4 @@ const router = new VueRouter({
mode: 'history', routes mode: 'history', routes
}); });
require('./bootstrap');
const app = new Vue({ store, router }).$mount('#pterodactyl'); const app = new Vue({ store, router }).$mount('#pterodactyl');

21
resources/assets/scripts/bootstrap.js vendored
View file

@ -1,3 +1,5 @@
import axios from './helpers/axios';
window._ = require('lodash'); window._ = require('lodash');
/** /**
@ -10,24 +12,7 @@ try {
window.$ = window.jQuery = require('jquery'); window.$ = window.jQuery = require('jquery');
} catch (e) {} } catch (e) {}
/** window.axios = axios;
* We'll load the axios HTTP library which allows us to easily issue requests
* to our Laravel back-end. This library automatically handles sending the
* CSRF token as a header based on the value of the "XSRF" token cookie.
*/
window.axios = require('axios');
window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
window.axios.defaults.headers.common['Accept'] = 'application/json';
window.axios.defaults.headers.common['Authorization'] = 'Bearer ' + localStorage.token || '';
if (typeof phpdebugbar !== 'undefined') {
window.axios.interceptors.response.use(function (response) {
phpdebugbar.ajaxHandler.handle(response.request);
return response;
});
}
/** /**
* Next we will register the CSRF Token as a common header with Axios so that * Next we will register the CSRF Token as a common header with Axios so that

35
resources/assets/scripts/components/auth/LoginForm.vue
View file

@ -77,32 +77,21 @@
this.$data.showSpinner = true; this.$data.showSpinner = true;
this.clearFlashes(); this.clearFlashes();
axios.post(this.route('auth.login'), { this.$store.dispatch('auth/login', { user: this.$props.user.email, password: this.$props.user.password })
user: this.$props.user.email, .then(response => {
password: this.$props.user.password, if (response.complete) {
}) return window.location = response.intended;
.then(function (response) {
// If there is a 302 redirect or some other odd behavior (basically, response that isnt
// in JSON format) throw an error and don't try to continue with the login.
if (!(response.data instanceof Object)) {
throw new Error('An error was encountered while processing this request.');
} }
if (response.data.complete) { this.$props.user.password = '';
localStorage.setItem('token', response.data.token); this.$data.showSpinner = false;
self.$store.dispatch('login'); this.$router.push({name: 'checkpoint', query: {token: response.login_token}});
return window.location = response.data.intended;
}
self.$props.user.password = '';
self.$data.showSpinner = false;
self.$router.push({name: 'checkpoint', query: {token: response.data.login_token}});
}) })
.catch(function (err) { .catch(err => {
self.$props.user.password = ''; this.$props.user.password = '';
self.$data.showSpinner = false; this.$data.showSpinner = false;
self.$refs.password.focus(); this.$refs.password.focus();
self.$store.dispatch('logout'); this.$store.dispatch('auth/logout');
if (!err.response) { if (!err.response) {
return console.error(err); return console.error(err);

16
resources/assets/scripts/components/dashboard/Dashboard.vue
View file

@ -18,7 +18,7 @@
</div> </div>
<transition-group class="w-full m-auto mt-4 animate fadein sm:flex flex-wrap content-start" v-else> <transition-group class="w-full m-auto mt-4 animate fadein sm:flex flex-wrap content-start" v-else>
<server-box <server-box
v-for="(server, index) in servers.models" v-for="(server, index) in servers"
v-bind:key="index" v-bind:key="index"
v-bind:server="server" v-bind:server="server"
/> />
@ -29,7 +29,7 @@
<script> <script>
import { DateTime } from 'luxon'; import { DateTime } from 'luxon';
import { ServerCollection } from '../../models/server'; import Server from '../../models/server';
import _ from 'lodash'; import _ from 'lodash';
import Flash from '../Flash'; import Flash from '../Flash';
import ServerBox from './ServerBox'; import ServerBox from './ServerBox';
@ -44,7 +44,7 @@
documentVisible: true, documentVisible: true,
loading: true, loading: true,
search: '', search: '',
servers: new ServerCollection, servers: [],
} }
}, },
@ -83,14 +83,14 @@
this.clearFlashes(); this.clearFlashes();
}) })
.then(response => { .then(response => {
this.servers = new ServerCollection; this.servers = [];
response.data.data.forEach(obj => { response.data.data.forEach(obj => {
this.getResourceUse( const s = new Server(obj.attributes);
this.servers.add(obj.attributes) this.servers.push(s);
); this.getResourceUse(s);
}); });
if (this.servers.models.length === 0) { if (this.servers.length === 0) {
this.info(this.$t('dashboard.index.no_matches')); this.info(this.$t('dashboard.index.no_matches'));
} }
}) })

19
resources/assets/scripts/helpers/axios.js Normal file
View file

@ -0,0 +1,19 @@
/**
* We'll load the axios HTTP library which allows us to easily issue requests
* to our Laravel back-end. This library automatically handles sending the
* CSRF token as a header based on the value of the "XSRF" token cookie.
*/
let axios = require('axios');
axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
axios.defaults.headers.common['Accept'] = 'application/json';
if (typeof phpdebugbar !== 'undefined') {
axios.interceptors.response.use(function (response) {
phpdebugbar.ajaxHandler.handle(response.request);
return response;
});
}
export default axios;

131
resources/assets/scripts/models/server.js
View file

@ -1,114 +1,21 @@
import { Collection, Model } from 'vue-mc'; export default class Server {
constructor({
/** identifier,
* A generic server model used throughout the code base. uuid,
*/ name,
export class Server extends Model { node,
/** description,
* Identifier the primary identifier for this model. allocation,
* limits,
* @returns {{identifier: string}} feature_limits
*/ }) {
static options() { this.identifier = identifier;
return { this.uuid = uuid;
identifier: 'identifier', this.name = name;
}; this.node = node;
} this.description = description;
this.allocation = allocation;
/** this.limits = limits;
* Return the defaults for this model. this.feature_limits = feature_limits;
*
* @returns {object}
*/
static defaults() {
return {
uuid: null,
identifier: null,
name: '',
description: '',
node: '',
limits: {
memory: 0,
swap: 0,
disk: 0,
io: 0,
cpu: 0,
},
allocation: {
ip: null,
port: null,
},
feature_limits: {
databases: 0,
allocations: 0,
},
};
}
/**
* Mutations to apply to items in this model.
*
* @returns {{name: StringConstructor, description: StringConstructor}}
*/
static mutations() {
return {
uuid: String,
identifier: String,
name: String,
description: String,
node: String,
limits: {
memory: Number,
swap: Number,
disk: Number,
io: Number,
cpu: Number,
},
allocation: {
ip: String,
port: Number,
},
feature_limits: {
databases: Number,
allocations: Number,
}
};
}
/**
* Routes to use when building models.
*
* @returns {{fetch: string}}
*/
static routes() {
return {
fetch: '/api/client/servers/{identifier}',
};
}
}
export class ServerCollection extends Collection {
static model() {
return Server;
}
static defaults() {
return {
orderBy: identifier,
};
}
static routes() {
return {
fetch: '/api/client',
};
}
get todo() {
return this.sum('done');
}
get done() {
return this.todo === 0;
} }
} }

85
resources/assets/scripts/models/user.js
View file

@ -1,48 +1,47 @@
import { Collection, Model } from 'vue-mc'; import axios from './../helpers/axios';
import JwtDecode from 'jwt-decode';
export class User extends Model { export default class User {
static defaults() { /**
return { * Get a new user model by hitting the Panel API using the authentication token
id: null, * provided. If no user can be retrieved null will be returned.
uuid: '', *
username: '', * @return {User|null}
email: '', */
name_first: '', static fromCookie() {
name_last: '', axios.get('/api/client/account')
language: 'en', .then(response => {
root_admin: false, return new User(response.data.attributes);
} })
.catch(err => {
console.error(err);
return null;
});
} }
static mutations() { /**
return { * Create a new user model.
id: Number, *
uuid: String, * @param {Boolean} admin
username: String, * @param {String} username
email: String, * @param {String} email
name_first: String, * @param {String} first_name
name_last: String, * @param {String} last_name
language: String, * @param {String} language
root_admin: Boolean, */
} constructor({
} admin,
username,
static fromJWT(token) { email,
return new User(JwtDecode(token).user || {}); first_name,
} last_name,
} language,
}) {
export class UserCollection extends Collection { this.admin = admin;
static model() { this.username = username;
return User; this.email = email;
} this.name = `${first_name} ${last_name}`;
this.first_name = first_name;
get todo() { this.last_name = last_name;
return this.sum('done'); this.language = language;
}
get done() {
return this.todo === 0;
} }
} }

6
resources/assets/scripts/store/index.js Normal file
View file

@ -0,0 +1,6 @@
import auth from './modules/auth';
export default {
strict: process.env.NODE_ENV !== 'production',
modules: { auth },
};

74
resources/assets/scripts/store/modules/auth.js Normal file
View file

@ -0,0 +1,74 @@
import User from './../../models/user';
const route = require('./../../../../../vendor/tightenco/ziggy/src/js/route').default;
export default {
namespaced: true,
state: {
user: null,
},
getters: {
/**
* Return the currently authenticated user.
*
* @param state
* @returns {User|null}
*/
currentUser: function (state) {
return state.user;
}
},
setters: {},
actions: {
login: ({commit}, {user, password}) => {
return new Promise((resolve, reject) => {
window.axios.post(route('auth.login'), {user, password})
.then(response => {
commit('logout');
// If there is a 302 redirect or some other odd behavior (basically, response that isnt
// in JSON format) throw an error and don't try to continue with the login.
if (!(response.data instanceof Object)) {
return reject(new Error('An error was encountered while processing this request.'));
}
if (response.data.complete) {
commit('login', {cookie: response.data.cookie, user: response.data.user});
return resolve({
complete: true,
intended: response.data.intended,
});
}
return resolve({
complete: false,
token: response.data.login_token,
});
})
.catch(reject);
});
},
logout: function ({commit}) {
return new Promise((resolve, reject) => {
window.axios.get(route('auth.logout'))
.then(() => {
commit('logout');
return resolve();
})
.catch(reject);
})
},
},
mutations: {
login: function (state, {cookie, user}) {
state.user = new User(user);
localStorage.setItem('token', JSON.stringify({
name: cookie.name,
value: cookie.value,
}));
},
logout: function (state) {
localStorage.removeItem('token');
state.user = null;
},
},
};

4
routes/api-client.php
View file

@ -12,6 +12,10 @@ use Pterodactyl\Http\Middleware\Api\Client\AuthenticateClientAccess;
*/ */
Route::get('/', 'ClientController@index')->name('api.client.index'); Route::get('/', 'ClientController@index')->name('api.client.index');
Route::group(['prefix' => '/account'], function () {
Route::get('/', 'AccountController@index')->name('api.client.account');
});
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Client Control API | Client Control API