Merge pull request #371 from Pterodactyl/feature/fractal-api

Implement new API and Route Updates
This commit is contained in:
Dane Everitt 2017-04-09 19:17:06 -04:00 committed by GitHub
commit db168e34bd
73 changed files with 3914 additions and 2671 deletions

View file

@ -20,6 +20,8 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
* Attempting to reset a password for an account that does not exist no longer returns an error, rather it displays a success message. Failed resets trigger a `Pterodactyl\Events\Auth\FailedPasswordReset` event that can be caught if needed to perform other actions. * Attempting to reset a password for an account that does not exist no longer returns an error, rather it displays a success message. Failed resets trigger a `Pterodactyl\Events\Auth\FailedPasswordReset` event that can be caught if needed to perform other actions.
* Servers are no longer queued for deletion due to the general hassle and extra logic required. * Servers are no longer queued for deletion due to the general hassle and extra logic required.
* Updated all panel components to run on Laravel v5.4 rather than 5.3 which is EOL. * Updated all panel components to run on Laravel v5.4 rather than 5.3 which is EOL.
* Routes are now handled in the `routes/` folder, and use a significantly cleaner syntax. Controller names and methods have been updated as well to be clearer as well as avoid conflicts with PHP reserved keywords.
* API has been completely overhauled to use new permissions system. **Any old API keys will immediately become invalid and fail to operate properly anymore. You will need to generate new keys.**
## v0.6.0-pre.7 (Courageous Carniadactylus) ## v0.6.0-pre.7 (Courageous Carniadactylus)
### Fixed ### Fixed

View file

@ -4,7 +4,6 @@ namespace Pterodactyl\Exceptions;
use Log; use Log;
use Exception; use Exception;
use DisplayException;
use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\AuthenticationException;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler; use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
@ -46,10 +45,20 @@ class Handler extends ExceptionHandler
*/ */
public function render($request, Exception $exception) public function render($request, Exception $exception)
{ {
if ($request->expectsJson()) { if ($request->expectsJson() || $request->isJson() || $request->is(...config('pterodactyl.json_routes'))) {
$exception = $this->prepareException($exception);
if (config('app.debug')) {
$report = [
'code' => (! $this->isHttpException($exception)) ?: $exception->getStatusCode(),
'message' => class_basename($exception) . ' in ' . $exception->getFile() . ' on line ' . $exception->getLine(),
];
}
$response = response()->json([ $response = response()->json([
'error' => ($exception instanceof DisplayException) ? $exception->getMessage() : 'An unhandled error occured while attempting to process this request.', 'error' => (config('app.debug')) ? $exception->getMessage() : 'An unhandled exception was encountered with this request.',
], ($this->isHttpException($exception)) ? $exception->getStatusCode() : 500); 'exception' => ! isset($report) ?: $report,
], ($this->isHttpException($exception)) ? $exception->getStatusCode() : 500, [], JSON_UNESCAPED_SLASHES);
parent::report($exception); parent::report($exception);
} }

View file

@ -22,27 +22,30 @@
* SOFTWARE. * SOFTWARE.
*/ */
namespace Pterodactyl\Http\Controllers\API; namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Models\Location; use Pterodactyl\Models\Location;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\Admin\LocationTransformer;
class LocationController extends BaseController class LocationController extends Controller
{ {
/** /**
* Lists all locations currently on the system. * Controller to handle returning all locations on the system.
* *
* @param Request $request * @param \Illuminate\Http\Request $request
* @return array * @return array
*/ */
public function index(Request $request) public function index(Request $request)
{ {
return Location::with('nodes')->get()->map(function ($item) { $this->authorize('location-list', $request->apiKey());
$item->nodes->transform(function ($item) {
return collect($item)->only(['id', 'name', 'fqdn', 'scheme', 'daemonListen', 'daemonSFTP']);
});
return $item; return Fractal::create()
})->toArray(); ->collection(Location::all())
->transformWith(new LocationTransformer($request))
->withResourceName('location')
->toArray();
} }
} }

View file

@ -0,0 +1,173 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Node;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\NodeRepository;
use Pterodactyl\Transformers\Admin\NodeTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class NodeController extends Controller
{
/**
* Controller to handle returning all nodes on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('node-list', $request->apiKey());
$nodes = Node::paginate(config('pterodactyl.paginate.api.nodes'));
$fractal = Fractal::create()->collection($nodes)
->transformWith(new NodeTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($nodes));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Display information about a single node on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('node-view', $request->apiKey());
$fractal = Fractal::create()->item(Node::findOrFail($id));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new NodeTransformer($request))
->withResourceName('node')
->toArray();
}
/**
* Display information about a single node on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function viewConfig(Request $request, $id)
{
$this->authorize('node-view-config', $request->apiKey());
$node = Node::findOrFail($id);
return response()->json(json_decode($node->getConfigurationAsJson()));
}
/**
* Create a new node on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('node-create', $request->apiKey());
$repo = new NodeRepository;
try {
$node = $repo->create(array_merge(
$request->only([
'public', 'disk_overallocate', 'memory_overallocate',
]),
$request->intersect([
'name', 'location_id', 'fqdn',
'scheme', 'memory', 'disk',
'daemonBase', 'daemonSFTP', 'daemonListen',
])
));
$fractal = Fractal::create()->item($node)->transformWith(new NodeTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('node')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to create this node. Please try again.',
], 500);
}
}
/**
* Delete a node from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('node-delete', $request->apiKey());
$repo = new NodeRepository;
try {
$repo->delete($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to delete this node. Please try again.',
], 500);
}
}
}

View file

@ -0,0 +1,428 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use GuzzleHttp\Exception\TransferException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\ServerRepository;
use Pterodactyl\Transformers\Admin\ServerTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class ServerController extends Controller
{
/**
* Controller to handle returning all servers on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('server-list', $request->apiKey());
$servers = Server::paginate(config('pterodactyl.paginate.api.servers'));
$fractal = Fractal::create()->collection($servers)
->transformWith(new ServerTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($servers));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Controller to handle returning information on a single server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('server-view', $request->apiKey());
$server = Server::findOrFail($id);
$fractal = Fractal::create()->item($server);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new ServerTransformer($request))
->withResourceName('server')
->toArray();
}
/**
* Create a new server on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('server-create', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->create($request->all());
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to add this server. Please try again.',
], 500);
}
}
/**
* Delete a server from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('server-delete', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->delete($id, $request->has('force_delete'));
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to add this server. Please try again.',
], 500);
}
}
/**
* Update the details for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse|array
*/
public function details(Request $request, $id)
{
$this->authorize('server-edit-details', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->updateDetails($id, $request->intersect([
'owner_id', 'name', 'description', 'reset_token',
]));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify this server. Please try again.',
], 500);
}
}
/**
* Set the new docker container for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse|array
*/
public function container(Request $request, $id)
{
$this->authorize('server-edit-container', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->updateContainer($id, $request->intersect('docker_image'));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify this server container. Please try again.',
], 500);
}
}
/**
* Toggles the install status for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function install(Request $request, $id)
{
$this->authorize('server-install', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->toggleInstall($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to toggle the install status for this server. Please try again.',
], 500);
}
}
/**
* Setup a server to have a container rebuild.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function rebuild(Request $request, $id)
{
$this->authorize('server-rebuild', $request->apiKey());
$server = Server::with('node')->findOrFail($id);
try {
$server->node->guzzleClient([
'X-Access-Server' => $server->uuid,
'X-Access-Token' => $server->node->daemonSecret,
])->request('POST', '/server/rebuild');
return response('', 204);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
}
}
/**
* Manage the suspension status for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function suspend(Request $request, $id)
{
$this->authorize('server-suspend', $request->apiKey());
$repo = new ServerRepository;
$action = $request->input('action');
if (! in_array($action, ['suspend', 'unsuspend'])) {
return response()->json([
'error' => 'The action provided was invalid. Action should be one of: suspend, unsuspend.',
], 400);
}
try {
$repo->$action($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to ' . $action . ' this server. Please try again.',
], 500);
}
}
/**
* Update the build configuration for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse|array
*/
public function build(Request $request, $id)
{
$this->authorize('server-edit-build', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->changeBuild($id, $request->intersect([
'allocation_id', 'add_allocations', 'remove_allocations',
'memory', 'swap', 'io', 'cpu',
]));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify the build settings for this server. Please try again.',
], 500);
}
}
/**
* Update the startup command as well as variables.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function startup(Request $request, $id)
{
$this->authorize('server-edit-startup', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->updateStartup($id, $request->all(), true);
return response('', 204);
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify the startup settings for this server. Please try again.',
], 500);
}
}
}

View file

@ -0,0 +1,74 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Service;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\Admin\ServiceTransformer;
class ServiceController extends Controller
{
/**
* Controller to handle returning all locations on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('service-list', $request->apiKey());
return Fractal::create()
->collection(Service::all())
->transformWith(new ServiceTransformer($request))
->withResourceName('service')
->toArray();
}
/**
* Controller to handle returning information on a single server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('service-view', $request->apiKey());
$service = Service::findOrFail($id);
$fractal = Fractal::create()->item($service);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new ServiceTransformer($request))
->withResourceName('service')
->toArray();
}
}

View file

@ -0,0 +1,184 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\UserRepository;
use Pterodactyl\Transformers\Admin\UserTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class UserController extends Controller
{
/**
* Controller to handle returning all users on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('user-list', $request->apiKey());
$users = User::paginate(config('pterodactyl.paginate.api.users'));
$fractal = Fractal::create()->collection($users)
->transformWith(new UserTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($users));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Display information about a single user on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('user-view', $request->apiKey());
$fractal = Fractal::create()->item(User::findOrFail($id));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new UserTransformer($request))
->withResourceName('user')
->toArray();
}
/**
* Create a new user on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('user-create', $request->apiKey());
$repo = new UserRepository;
try {
$user = $repo->create($request->only([
'custom_id', 'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
$fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('user')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to create this user. Please try again.',
], 500);
}
}
/**
* Update a user.
*
* @param \Illuminate\Http\Request $request
* @param int $user
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $user)
{
$this->authorize('user-edit', $request->apiKey());
$repo = new UserRepository;
try {
$user = $repo->update($user, $request->intersect([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
$fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('user')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to update this user. Please try again.',
], 500);
}
}
/**
* Delete a user from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('user-delete', $request->apiKey());
$repo = new UserRepository;
try {
$repo->delete($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to delete this user. Please try again.',
], 500);
}
}
}

View file

@ -1,172 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Log;
use Illuminate\Http\Request;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\Allocation;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\NodeRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
class NodeController extends BaseController
{
/**
* Lists all nodes currently on the system.
*
* @param Request $request
* @return array
*/
public function index(Request $request)
{
return Node::all()->toArray();
}
/**
* Create a new node.
*
* @param Request $request
* @return array
*
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\DisplayValidationException
*/
public function create(Request $request)
{
$repo = new NodeRepository;
try {
$node = $repo->create(array_merge(
$request->only([
'public', 'disk_overallocate', 'memory_overallocate',
]),
$request->intersect([
'name', 'location_id', 'fqdn',
'scheme', 'memory', 'disk',
'daemonBase', 'daemonSFTP', 'daemonListen',
])
));
return ['id' => $node->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
Log::error($ex);
throw new BadRequestHttpException('There was an error while attempting to add this node to the system. This error has been logged.');
}
}
/**
* Lists specific fields about a server or all fields pertaining to that node.
*
* @param Request $request
* @param int $id
* @param string $fields
* @return array
*/
public function view(Request $request, $id, $fields = null)
{
$node = Node::with('allocations')->findOrFail($id);
$node->allocations->transform(function ($item) {
return collect($item)->only([
'id', 'ip', 'ip_alias', 'port', 'server_id',
]);
});
if (! empty($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($node)->only($fields);
}
}
return $node->toArray();
}
/**
* Returns a configuration file for a given node.
*
* @param Request $request
* @param int $id
* @return array
*/
public function config(Request $request, $id)
{
$node = Node::findOrFail($id);
return $node->getConfigurationAsJson();
}
/**
* Returns a listing of all allocations for every node.
*
* @param Request $request
* @return array
*/
public function allocations(Request $request)
{
return Allocation::all()->toArray();
}
/**
* Returns a listing of the allocation for the specified server id.
*
* @param Request $request
* @param int $id
* @return array
*/
public function allocationsView(Request $request, $id)
{
return Allocation::where('server_id', $id)->get()->toArray();
}
/**
* Delete a node.
*
* @param Request $request
* @param int $id
* @return void
*/
public function delete(Request $request, $id)
{
$repo = new NodeRepository;
try {
$repo->delete($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $e) {
throw new ServiceUnavailableHttpException('An error occured while attempting to delete this node.');
}
}
}

View file

@ -1,231 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Log;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\ServerRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
class ServerController extends BaseController
{
/**
* Lists all servers currently on the system.
*
* @param Request $request
* @return array
*/
public function index(Request $request)
{
return Server::all()->toArray();
}
/**
* Create Server.
*
* @param Request $request
* @return array
*/
public function create(Request $request)
{
$repo = new ServerRepository;
try {
$server = $repo->create($request->all());
return ['id' => $server->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
Log::error($ex);
throw new BadRequestHttpException('There was an error while attempting to add this server to the system.');
}
}
/**
* List Specific Server.
*
* @param Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$server = Server::with('node', 'allocations', 'pack')->where('id', $id)->firstOrFail();
if (! is_null($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($server)->only($fields);
}
}
if ($request->input('daemon') === 'true') {
try {
$response = $server->node->guzzleClient([
'X-Access-Token' => $server->node->daemonSecret,
])->request('GET', '/servers');
$server->daemon = json_decode($response->getBody())->{$server->uuid};
} catch (\GuzzleHttp\Exception\TransferException $ex) {
// Couldn't hit the daemon, return what we have though.
$server->daemon = [
'error' => 'There was an error encountered while attempting to connect to the remote daemon.',
];
}
}
$server->allocations->transform(function ($item) {
return collect($item)->except(['created_at', 'updated_at']);
});
return $server->toArray();
}
/**
* Update Server configuration.
*
* @param Request $request
* @param int $id
* @return array
*/
public function config(Request $request, $id)
{
$repo = new ServerRepository;
try {
$server = $repo->updateDetails($id, $request->intersect([
'owner_id', 'name', 'reset_token',
]));
return ['id' => $id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update server on system due to an error.');
}
}
/**
* Update Server Build Configuration.
*
* @param Request $request
* @param int $id
* @return array
*/
public function build(Request $request, $id)
{
$repo = new ServerRepository;
try {
$server = $repo->changeBuild($id, $request->intersect([
'allocation_id', 'add_allocations', 'remove_allocations',
'memory', 'swap', 'io', 'cpu',
]));
return ['id' => $id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update server on system due to an error.');
}
}
/**
* Suspend Server.
*
* @param Request $request
* @param int $id
* @return void
*/
public function suspend(Request $request, $id)
{
try {
$repo = new ServerRepository;
$repo->suspend($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('An error occured while attempting to suspend this server instance.');
}
}
/**
* Unsuspend Server.
*
* @param Request $request
* @param int $id
* @return void
*/
public function unsuspend(Request $request, $id)
{
try {
$repo = new ServerRepository;
$repo->unsuspend($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('An error occured while attempting to unsuspend this server instance.');
}
}
/**
* Delete Server.
*
* @param Request $request
* @param int $id
* @param string|null $force
* @return void
*/
public function delete(Request $request, $id, $force = null)
{
$repo = new ServerRepository;
try {
$repo->delete($id, is_null($force));
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $e) {
throw new ServiceUnavailableHttpException('An error occured while attempting to delete this server.');
}
}
}

View file

@ -24,24 +24,28 @@
namespace Pterodactyl\Http\Controllers\API\User; namespace Pterodactyl\Http\Controllers\API\User;
use Fractal;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\API\BaseController; use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\User\OverviewTransformer;
class InfoController extends BaseController class CoreController extends Controller
{ {
public function me(Request $request) /**
* Controller to handle base user request for all of their servers.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{ {
return $request->user()->access('service', 'node', 'allocation', 'option')->get()->map(function ($server) { $this->authorize('user.server-list', $request->apiKey());
return [
'id' => $server->uuidShort, $servers = $request->user()->access('service', 'node', 'allocation', 'option')->get();
'uuid' => $server->uuid,
'name' => $server->name, return Fractal::collection($servers)
'node' => $server->node->name, ->transformWith(new OverviewTransformer)
'ip' => $server->allocation->alias, ->withResourceName('server')
'port' => $server->allocation->port, ->toArray();
'service' => $server->service->name,
'option' => $server->option->name,
];
})->all();
} }
} }

View file

@ -24,109 +24,75 @@
namespace Pterodactyl\Http\Controllers\API\User; namespace Pterodactyl\Http\Controllers\API\User;
use Log; use Fractal;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Http\Controllers\API\BaseController; use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\Daemon\PowerRepository;
use Pterodactyl\Transformers\User\ServerTransformer;
class ServerController extends BaseController class ServerController extends Controller
{ {
public function info(Request $request, $uuid) /**
* Controller to handle base request for individual server information.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return array
*/
public function index(Request $request, $uuid)
{ {
$server = Server::byUuid($uuid)->load('allocations'); $this->authorize('user.server-view', $request->apiKey());
try { $server = Server::byUuid($uuid);
$response = $server->guzzleClient()->request('GET', '/server'); $fractal = Fractal::create()->item($server);
$json = json_decode($response->getBody()); if ($request->input('include')) {
$daemon = [ $fractal->parseIncludes(explode(',', $request->input('include')));
'status' => $json->status,
'stats' => $json->proc,
];
} catch (\Exception $ex) {
$daemon = [
'error' => 'An error was encountered while trying to connect to the daemon to collect information. It might be offline.',
];
Log::error($ex);
} }
return [ return $fractal->transformWith(new ServerTransformer)
'uuidShort' => $server->uuidShort, ->withResourceName('server')
'uuid' => $server->uuid, ->toArray();
'name' => $server->name,
'node' => $server->node->name,
'limits' => [
'memory' => $server->memory,
'swap' => $server->swap,
'disk' => $server->disk,
'io' => $server->io,
'cpu' => $server->cpu,
'oom_disabled' => (bool) $server->oom_disabled,
],
'allocations' => $server->allocations->map(function ($item) use ($server) {
return [
'ip' => $item->alias,
'port' => $item->port,
'default' => ($item->id === $server->allocation_id),
];
}),
'sftp' => [
'username' => ($request->user()->can('view-sftp', $server)) ? $server->username : null,
],
'daemon' => [
'token' => $server->daemonSecret,
'response' => $daemon,
],
];
} }
/**
* Controller to handle request for server power toggle.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
*/
public function power(Request $request, $uuid) public function power(Request $request, $uuid)
{ {
$this->authorize('user.server-power', $request->apiKey());
$server = Server::byUuid($uuid); $server = Server::byUuid($uuid);
$request->user()->can('power-' . $request->input('action'), $server); $request->user()->can('power-' . $request->input('action'), $server);
if (empty($request->input('action'))) { $repo = new PowerRepository($server);
return $this->response()->error([ $repo->do($request->input('action'));
'error' => 'An action must be passed to this request.',
], 422);
}
$res = $server->guzzleClient()->request('PUT', '/server/power', [ return response('', 204)->header('Content-Type', 'application/json');
'exceptions' => false,
'json' => [
'action' => $request->input('action'),
],
]);
if ($res->getStatusCode() !== 204) {
return $this->response->error(json_decode($res->getBody())->error, $res->getStatusCode());
}
return $this->response->noContent();
} }
/**
* Controller to handle base request for individual server information.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
*/
public function command(Request $request, $uuid) public function command(Request $request, $uuid)
{ {
$this->authorize('user.server-command', $request->apiKey());
$server = Server::byUuid($uuid); $server = Server::byUuid($uuid);
$request->user()->can('send-command', $server); $request->user()->can('send-command', $server);
if (empty($request->input('command'))) { $repo = new CommandRepository($server);
return $this->response()->error([ $repo->send($request->input('command'));
'error' => 'A command must be passed to this request.',
], 422);
}
$res = $server->guzzleClient()->request('POST', '/server/command', [ return response('', 204)->header('Content-Type', 'application/json');
'exceptions' => false,
'json' => [
'command' => $request->input('command'),
],
]);
if ($res->getStatusCode() !== 204) {
return $this->response->error(json_decode($res->getBody())->error, $res->getStatusCode());
}
return $this->response->noContent();
} }
} }

View file

@ -1,151 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\UserRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
class UserController extends BaseController
{
/**
* Lists all users currently on the system.
*
* @param Request $request
* @return array
*/
public function index(Request $request)
{
return User::all()->toArray();
}
/**
* Lists specific fields about a user or all fields pertaining to that user.
*
* @param Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$user = User::with('servers')->where((is_numeric($id) ? 'id' : 'email'), $id)->firstOrFail();
$user->servers->transform(function ($item) {
return collect($item)->only([
'id', 'node_id', 'uuidShort',
'uuid', 'name', 'suspended',
'owner_id',
]);
});
if (! is_null($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($user)->only($fields);
}
}
return $user->toArray();
}
/**
* Create a New User.
*
* @param Request $request
* @return array
*/
public function create(Request $request)
{
$repo = new UserRepository;
try {
$user = $user->create($request->only([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
return ['id' => $user->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to create a user on the system due to an error.');
}
}
/**
* Update an Existing User.
*
* @param Request $request
* @param int $id
* @return array
*/
public function update(Request $request, $id)
{
$repo = new UserRepository;
try {
$user = $repo->update($id, $request->only([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
return ['id' => $id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update a user on the system due to an error.');
}
}
/**
* Delete a User.
*
* @param Request $request
* @param int $id
* @return void
*/
public function delete(Request $request, $id)
{
$repo = new UserRepository;
try {
$repo->delete($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to delete this user due to an error.');
}
}
}

View file

@ -60,7 +60,7 @@ class NodesController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse * @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse
*/ */
public function new(Request $request) public function create(Request $request)
{ {
$locations = Models\Location::all(); $locations = Models\Location::all();
if (! $locations->count()) { if (! $locations->count()) {
@ -78,7 +78,7 @@ class NodesController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function create(Request $request) public function store(Request $request)
{ {
try { try {
$repo = new NodeRepository; $repo = new NodeRepository;

View file

@ -44,7 +44,7 @@ class OptionController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function new(Request $request) public function create(Request $request)
{ {
$services = Service::with('options')->get(); $services = Service::with('options')->get();
Javascript::put(['services' => $services->keyBy('id')]); Javascript::put(['services' => $services->keyBy('id')]);
@ -58,7 +58,7 @@ class OptionController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Response\RedirectResponse * @return \Illuminate\Response\RedirectResponse
*/ */
public function create(Request $request) public function store(Request $request)
{ {
$repo = new OptionRepository; $repo = new OptionRepository;

View file

@ -60,7 +60,7 @@ class PackController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function new(Request $request) public function create(Request $request)
{ {
return view('admin.packs.new', [ return view('admin.packs.new', [
'services' => Service::with('options')->get(), 'services' => Service::with('options')->get(),
@ -86,7 +86,7 @@ class PackController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function create(Request $request) public function store(Request $request)
{ {
$repo = new PackRepository; $repo = new PackRepository;

View file

@ -63,7 +63,7 @@ class ServersController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function new(Request $request) public function create(Request $request)
{ {
$services = Models\Service::with('options.packs', 'options.variables')->get(); $services = Models\Service::with('options.packs', 'options.variables')->get();
Javascript::put([ Javascript::put([
@ -86,7 +86,7 @@ class ServersController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Response\RedirectResponse * @return \Illuminate\Response\RedirectResponse
*/ */
public function create(Request $request) public function store(Request $request)
{ {
try { try {
$repo = new ServerRepository; $repo = new ServerRepository;
@ -97,6 +97,9 @@ class ServersController extends Controller
return redirect()->route('admin.servers.new')->withErrors(json_decode($ex->getMessage()))->withInput(); return redirect()->route('admin.servers.new')->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) { } catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash(); Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) { } catch (\Exception $ex) {
Log::error($ex); Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to add this server. Please try again.')->flash(); Alert::danger('An unhandled exception occured while attemping to add this server. Please try again.')->flash();
@ -111,7 +114,7 @@ class ServersController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return array * @return array
*/ */
public function newServerNodes(Request $request) public function nodes(Request $request)
{ {
$nodes = Models\Node::with('allocations')->where('location_id', $request->input('location'))->get(); $nodes = Models\Node::with('allocations')->where('location_id', $request->input('location'))->get();
@ -284,8 +287,9 @@ class ServersController extends Controller
Alert::success('Successfully updated this server\'s docker image.')->flash(); Alert::success('Successfully updated this server\'s docker image.')->flash();
} catch (DisplayValidationException $ex) { } catch (DisplayValidationException $ex) {
return redirect()->route('admin.servers.view.details', $id)->withErrors(json_decode($ex->getMessage()))->withInput(); return redirect()->route('admin.servers.view.details', $id)->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) { } catch (TransferException $ex) {
Alert::danger($ex->getMessage())->flash(); Log::warning($ex);
Alert::danger('A TransferException occured while attempting to update the container image. Is the daemon online? This error has been logged.');
} catch (\Exception $ex) { } catch (\Exception $ex) {
Log::error($ex); Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to update this server\'s docker image. This error has been logged.')->flash(); Alert::danger('An unhandled exception occured while attemping to update this server\'s docker image. This error has been logged.')->flash();
@ -366,8 +370,9 @@ class ServersController extends Controller
$repo->$action($id); $repo->$action($id);
Alert::success('Server has been ' . $action . 'ed.'); Alert::success('Server has been ' . $action . 'ed.');
} catch (DisplayException $ex) { } catch (TransferException $ex) {
Alert::danger($ex->getMessage())->flash(); Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) { } catch (\Exception $ex) {
Log::error($ex); Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to ' . $action . ' this server. This error has been logged.')->flash(); Alert::danger('An unhandled exception occured while attemping to ' . $action . ' this server. This error has been logged.')->flash();
@ -398,6 +403,9 @@ class ServersController extends Controller
return redirect()->route('admin.servers.view.build', $id)->withErrors(json_decode($ex->getMessage()))->withInput(); return redirect()->route('admin.servers.view.build', $id)->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) { } catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash(); Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) { } catch (\Exception $ex) {
Log::error($ex); Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to add this server. This error has been logged.')->flash(); Alert::danger('An unhandled exception occured while attemping to add this server. This error has been logged.')->flash();

View file

@ -54,7 +54,7 @@ class ServiceController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function new(Request $request) public function create(Request $request)
{ {
return view('admin.services.new'); return view('admin.services.new');
} }
@ -91,7 +91,7 @@ class ServiceController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function create(Request $request) public function store(Request $request)
{ {
$repo = new ServiceRepository; $repo = new ServiceRepository;

View file

@ -42,7 +42,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getIndex(Request $request) public function index(Request $request)
{ {
$users = User::withCount('servers'); $users = User::withCount('servers');
@ -61,7 +61,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getNew(Request $request) public function create(Request $request)
{ {
return view('admin.users.new'); return view('admin.users.new');
} }
@ -73,7 +73,7 @@ class UserController extends Controller
* @param int $id * @param int $id
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getView(Request $request, $id) public function view(Request $request, $id)
{ {
return view('admin.users.view', [ return view('admin.users.view', [
'user' => User::with('servers.node')->findOrFail($id), 'user' => User::with('servers.node')->findOrFail($id),
@ -87,7 +87,7 @@ class UserController extends Controller
* @param int $id * @param int $id
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function deleteUser(Request $request, $id) public function delete(Request $request, $id)
{ {
try { try {
$repo = new UserRepository; $repo = new UserRepository;
@ -111,7 +111,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function postNew(Request $request) public function store(Request $request)
{ {
try { try {
$user = new UserRepository; $user = new UserRepository;
@ -136,26 +136,26 @@ class UserController extends Controller
* Update a user. * Update a user.
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param int $user * @param int $id
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function updateUser(Request $request, $user) public function update(Request $request, $id)
{ {
try { try {
$repo = new UserRepository; $repo = new UserRepository;
$repo->update($user, $request->only([ $user = $repo->update($user, $request->intersect([
'email', 'password', 'name_first', 'email', 'password', 'name_first',
'name_last', 'username', 'root_admin', 'name_last', 'username', 'root_admin',
])); ]));
Alert::success('User account was successfully updated.')->flash(); Alert::success('User account was successfully updated.')->flash();
} catch (DisplayValidationException $ex) { } catch (DisplayValidationException $ex) {
return redirect()->route('admin.users.view', $user)->withErrors(json_decode($ex->getMessage())); return redirect()->route('admin.users.view', $id)->withErrors(json_decode($ex->getMessage()));
} catch (\Exception $e) { } catch (\Exception $ex) {
Log::error($e); Log::error($ex);
Alert::danger('An error occured while attempting to update this user.')->flash(); Alert::danger('An error occured while attempting to update this user.')->flash();
} }
return redirect()->route('admin.users.view', $user); return redirect()->route('admin.users.view', $id);
} }
/** /**
@ -164,7 +164,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Pterodactyl\Models\User * @return \Pterodactyl\Models\User
*/ */
public function getJson(Request $request) public function json(Request $request)
{ {
return User::select('id', 'email', 'username', 'name_first', 'name_last') return User::select('id', 'email', 'username', 'name_first', 'name_last')
->search($request->input('q')) ->search($request->input('q'))

View file

@ -27,8 +27,9 @@ namespace Pterodactyl\Http\Controllers\Base;
use Log; use Log;
use Alert; use Alert;
use Pterodactyl\Models;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Repositories\APIRepository; use Pterodactyl\Repositories\APIRepository;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
@ -45,7 +46,7 @@ class APIController extends Controller
public function index(Request $request) public function index(Request $request)
{ {
return view('base.api.index', [ return view('base.api.index', [
'keys' => Models\APIKey::where('user_id', $request->user()->id)->get(), 'keys' => APIKey::where('user_id', $request->user()->id)->get(),
]); ]);
} }
@ -57,7 +58,12 @@ class APIController extends Controller
*/ */
public function create(Request $request) public function create(Request $request)
{ {
return view('base.api.new'); return view('base.api.new', [
'permissions' => [
'user' => collect(APIPermission::permissions())->pull('_user'),
'admin' => collect(APIPermission::permissions())->except('_user')->toArray(),
],
]);
} }
/** /**
@ -66,13 +72,13 @@ class APIController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function save(Request $request) public function store(Request $request)
{ {
try { try {
$repo = new APIRepository($request->user()); $repo = new APIRepository($request->user());
$secret = $repo->create($request->intersect([ $secret = $repo->create($request->intersect([
'memo', 'allowed_ips', 'memo', 'allowed_ips',
'adminPermissions', 'permissions', 'admin_permissions', 'permissions',
])); ]));
Alert::success('An API Key-Pair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br /><code>' . $secret . '</code>')->flash(); Alert::success('An API Key-Pair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br /><code>' . $secret . '</code>')->flash();

View file

@ -43,7 +43,7 @@ class SubuserController extends Controller
* @param string $uuid * @param string $uuid
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getIndex(Request $request, $uuid) public function index(Request $request, $uuid)
{ {
$server = Models\Server::byUuid($uuid)->load('subusers.user'); $server = Models\Server::byUuid($uuid)->load('subusers.user');
$this->authorize('list-subusers', $server); $this->authorize('list-subusers', $server);
@ -65,7 +65,7 @@ class SubuserController extends Controller
* @param int $id * @param int $id
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getView(Request $request, $uuid, $id) public function view(Request $request, $uuid, $id)
{ {
$server = Models\Server::byUuid($uuid)->load('node'); $server = Models\Server::byUuid($uuid)->load('node');
$this->authorize('view-subuser', $server); $this->authorize('view-subuser', $server);
@ -94,7 +94,7 @@ class SubuserController extends Controller
* @param int $id * @param int $id
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function postView(Request $request, $uuid, $id) public function update(Request $request, $uuid, $id)
{ {
$server = Models\Server::byUuid($uuid); $server = Models\Server::byUuid($uuid);
$this->authorize('edit-subuser', $server); $this->authorize('edit-subuser', $server);
@ -139,7 +139,7 @@ class SubuserController extends Controller
* @param string $uuid * @param string $uuid
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getNew(Request $request, $uuid) public function create(Request $request, $uuid)
{ {
$server = Models\Server::byUuid($uuid); $server = Models\Server::byUuid($uuid);
$this->authorize('create-subuser', $server); $this->authorize('create-subuser', $server);
@ -159,7 +159,7 @@ class SubuserController extends Controller
* @param string $uuid * @param string $uuid
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function postNew(Request $request, $uuid) public function store(Request $request, $uuid)
{ {
$server = Models\Server::byUuid($uuid); $server = Models\Server::byUuid($uuid);
$this->authorize('create-subuser', $server); $this->authorize('create-subuser', $server);
@ -195,7 +195,7 @@ class SubuserController extends Controller
* @param int $id * @param int $id
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
*/ */
public function deleteSubuser(Request $request, $uuid, $id) public function delete(Request $request, $uuid, $id)
{ {
$server = Models\Server::byUuid($uuid); $server = Models\Server::byUuid($uuid);
$this->authorize('delete-subuser', $server); $this->authorize('delete-subuser', $server);

View file

@ -42,7 +42,7 @@ class TaskController extends Controller
* @param string $uuid * @param string $uuid
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getIndex(Request $request, $uuid) public function index(Request $request, $uuid)
{ {
$server = Models\Server::byUuid($uuid)->load('tasks'); $server = Models\Server::byUuid($uuid)->load('tasks');
$this->authorize('list-tasks', $server); $this->authorize('list-tasks', $server);
@ -66,7 +66,7 @@ class TaskController extends Controller
* @param string $uuid * @param string $uuid
* @return \Illuminate\View\View * @return \Illuminate\View\View
*/ */
public function getNew(Request $request, $uuid) public function create(Request $request, $uuid)
{ {
$server = Models\Server::byUuid($uuid); $server = Models\Server::byUuid($uuid);
$this->authorize('create-task', $server); $this->authorize('create-task', $server);
@ -85,7 +85,7 @@ class TaskController extends Controller
* @param string $uuid * @param string $uuid
* @return \Illuminate\Http\RedirectResponse * @return \Illuminate\Http\RedirectResponse
*/ */
public function postNew(Request $request, $uuid) public function store(Request $request, $uuid)
{ {
$server = Models\Server::byUuid($uuid); $server = Models\Server::byUuid($uuid);
$this->authorize('create-task', $server); $this->authorize('create-task', $server);
@ -117,7 +117,7 @@ class TaskController extends Controller
* @param int $id * @param int $id
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse
*/ */
public function deleteTask(Request $request, $uuid, $id) public function delete(Request $request, $uuid, $id)
{ {
$server = Models\Server::byUuid($uuid)->load('tasks'); $server = Models\Server::byUuid($uuid)->load('tasks');
$this->authorize('delete-task', $server); $this->authorize('delete-task', $server);
@ -151,7 +151,7 @@ class TaskController extends Controller
* @param int $id * @param int $id
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse
*/ */
public function toggleTask(Request $request, $uuid, $id) public function toggle(Request $request, $uuid, $id)
{ {
$server = Models\Server::byUuid($uuid)->load('tasks'); $server = Models\Server::byUuid($uuid)->load('tasks');
$this->authorize('toggle-task', $server); $this->authorize('toggle-task', $server);

View file

@ -39,6 +39,7 @@ class Kernel extends HttpKernel
\Pterodactyl\Http\Middleware\LanguageMiddleware::class, \Pterodactyl\Http\Middleware\LanguageMiddleware::class,
], ],
'api' => [ 'api' => [
\Pterodactyl\Http\Middleware\HMACAuthorization::class,
'throttle:60,1', 'throttle:60,1',
'bindings', 'bindings',
], ],

View file

@ -1,133 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt;
use Config;
use IPTools\IP;
use IPTools\Range;
use Dingo\Api\Routing\Route;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Services\APILogService;
use Dingo\Api\Auth\Provider\Authorization;
use Symfony\Component\HttpKernel\Exception\HttpException; // 400
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 401
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; //500
class APISecretToken extends Authorization
{
protected $algo = 'sha256';
protected $permissionAllowed = false;
protected $url = '';
public function __construct()
{
Config::set('session.driver', 'array');
}
public function getAuthorizationMethod()
{
return 'Authorization';
}
public function authenticate(Request $request, Route $route)
{
if (! $request->bearerToken() || empty($request->bearerToken())) {
APILogService::log($request, 'The authentication header was missing or malformed.');
throw new UnauthorizedHttpException('The authentication header was missing or malformed.');
}
list($public, $hashed) = explode('.', $request->bearerToken());
$key = APIKey::where('public', $public)->first();
if (! $key) {
APILogService::log($request, 'Invalid API Key.');
throw new AccessDeniedHttpException('Invalid API Key.');
}
// Check for Resource Permissions
if (! empty($request->route()->getName())) {
if (! is_null($key->allowed_ips)) {
$inRange = false;
foreach (json_decode($key->allowed_ips) as $ip) {
if (Range::parse($ip)->contains(new IP($request->ip()))) {
$inRange = true;
break;
}
}
if (! $inRange) {
APILogService::log($request, 'This IP address <' . $request->ip() . '> does not have permission to use this API key.');
throw new AccessDeniedHttpException('This IP address <' . $request->ip() . '> does not have permission to use this API key.');
}
}
$permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName());
// Suport Wildcards
if (starts_with($request->route()->getName(), 'api.user')) {
$permission->orWhere('permission', 'api.user.*');
} elseif (starts_with($request->route()->getName(), 'api.admin')) {
$permission->orWhere('permission', 'api.admin.*');
}
if (! $permission->first()) {
APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
}
}
try {
$decrypted = Crypt::decrypt($key->secret);
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
APILogService::log($request, 'There was an error while attempting to check your secret key.');
throw new HttpException('There was an error while attempting to check your secret key.');
}
$this->url = urldecode($request->fullUrl());
if ($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) {
APILogService::log($request, 'The hashed body was not valid. Potential modification of contents in route.');
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
}
// Log the Route Access
APILogService::log($request, null, true);
return Auth::loginUsingId($key->user_id);
}
protected function _generateHMAC($body, $key)
{
$data = $this->url . $body;
return hash_hmac($this->algo, $data, $key, true);
}
}

View file

@ -28,9 +28,26 @@ use Auth;
use Closure; use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Illuminate\Auth\AuthenticationException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class CheckServer class CheckServer
{ {
/**
* The elquent model for the server.
*
* @var \Pterodactyl\Models\Server
*/
protected $server;
/**
* The request object.
*
* @var \Illuminate\Http\Request
*/
protected $request;
/** /**
* Handle an incoming request. * Handle an incoming request.
* *
@ -41,22 +58,72 @@ class CheckServer
public function handle(Request $request, Closure $next) public function handle(Request $request, Closure $next)
{ {
if (! Auth::user()) { if (! Auth::user()) {
return redirect()->guest('auth/login'); throw new AuthenticationException();
} }
$server = Server::byUuid($request->route()->server); $this->request = $request;
if (! $server) { $this->server = Server::byUuid($request->route()->server);
if (! $this->exists()) {
return response()->view('errors.404', [], 404); return response()->view('errors.404', [], 404);
} }
if ($server->suspended) { if ($this->suspended()) {
return response()->view('errors.suspended', [], 403); return response()->view('errors.suspended', [], 403);
} }
if (! $server->installed) { if (! $this->installed()) {
return response()->view('errors.installing', [], 403); return response()->view('errors.installing', [], 403);
} }
return $next($request); return $next($request);
} }
/**
* Determine if the server was found on the system.
*
* @return bool
*/
protected function exists()
{
if (! $this->server) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new NotFoundHttpException('The requested server was not found on the system.');
}
}
return (! $this->server) ? false : true;
}
/**
* Determine if the server is suspended.
*
* @return bool
*/
protected function suspended()
{
if ($this->server->suspended) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new AccessDeniedHttpException('Server is suspended.');
}
}
return $this->server->suspended;
}
/**
* Determine if the server is installed.
*
* @return bool
*/
protected function installed()
{
if ($this->server->installed !== 1) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new AccessDeniedHttpException('Server is completing install process.');
}
}
return $this->server->installed === 1;
}
} }

View file

@ -0,0 +1,229 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt;
use Config;
use Closure;
use Debugbar;
use IPTools\IP;
use IPTools\Range;
use Illuminate\Http\Request;
use Pterodactyl\Models\APIKey;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 400
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
class HMACAuthorization
{
/**
* The algorithm to use for handling HMAC encryption.
*
* @var string
*/
const HMAC_ALGORITHM = 'sha256';
/**
* Stored values from the Authorization header.
*
* @var array
*/
protected $token = [];
/**
* The eloquent model for the API key.
*
* @var \Pterodactyl\Models\APIKey
*/
protected $key;
/**
* The illuminate request object.
*
* @var \Illuminate\Http\Request
*/
private $request;
/**
* Construct class instance.
*
* @return void
*/
public function __construct()
{
Debugbar::disable();
Config::set('session.driver', 'array');
}
/**
* Handle an incoming request for the API.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$this->request = $request;
$this->checkBearer();
$this->validateRequest();
$this->validateIPAccess();
$this->validateContents();
Auth::loginUsingId($this->key()->user_id);
return $next($request);
}
/**
* Checks that the Bearer token is provided and in a valid format.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function checkBearer()
{
if (empty($this->request()->bearerToken())) {
throw new BadRequestHttpException('Request was missing required Authorization header.');
}
$token = explode('.', $this->request()->bearerToken());
if (count($token) !== 2) {
throw new BadRequestHttpException('The Authorization header passed was not in a validate public/private key format.');
}
$this->token = [
'public' => $token[0],
'hash' => $token[1],
];
}
/**
* Determine if the request contains a valid public API key
* as well as permissions for the resource.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function validateRequest()
{
$this->key = APIKey::where('public', $this->public())->first();
if (! $this->key) {
throw new AccessDeniedHttpException('Unable to identify requester. Authorization token is invalid.');
}
}
/**
* Determine if the requesting IP address is allowed to use this API key.
*
* @return bool
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function validateIPAccess()
{
if (! is_null($this->key()->allowed_ips)) {
foreach ($this->key()->allowed_ips as $ip) {
if (Range::parse($ip)->contains(new IP($this->request()->ip()))) {
return true;
}
}
throw new AccessDeniedHttpException('This IP address does not have permission to access the API using these credentials.');
}
return true;
}
/**
* Determine if the HMAC sent in the request matches the one generated
* on the panel side.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
*/
protected function validateContents()
{
if (base64_decode($this->hash()) !== $this->generateSignature()) {
throw new BadRequestHttpException('The HMAC for the request was invalid.');
}
}
/**
* Generate a HMAC from the request and known API secret key.
*
* @return string
*/
protected function generateSignature()
{
$content = urldecode($this->request()->fullUrl()) . $this->request()->getContent();
return hash_hmac(self::HMAC_ALGORITHM, $content, Crypt::decrypt($this->key()->secret), true);
}
/**
* Return the public key passed in the Authorization header.
*
* @return string
*/
protected function public()
{
return $this->token['public'];
}
/**
* Return the base64'd HMAC sent in the Authorization header.
*
* @return string
*/
protected function hash()
{
return $this->token['hash'];
}
/**
* Return the API Key model.
*
* @return \Pterodactyl\Models\APIKey
*/
protected function key()
{
return $this->key;
}
/**
* Return the Illuminate Request object.
*
* @return \Illuminate\Http\Request
*/
private function request()
{
return $this->request;
}
}

View file

@ -1,192 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class ServerRoutes
{
/**
* Server routes.
*
* @param \Illuminate\Routing\Router $router
* @return void
*/
public function map(Router $router)
{
// Returns Server Status
$router->get('/server/{server}/ajax/status', [
'middleware' => ['auth', 'csrf'],
'as' => 'server.ajax.status',
'uses' => 'Server\AjaxController@getStatus',
]);
$router->group([
'prefix' => 'server/{server}',
'middleware' => [
'auth',
'server',
'csrf',
],
], function ($server) use ($router) {
// Index View for Server
$router->get('/', [
'as' => 'server.index',
'uses' => 'Server\ServerController@getIndex',
]);
$router->get('/settings/databases', [
'as' => 'server.settings.databases',
'uses' => 'Server\ServerController@getDatabases',
]);
$router->get('/settings/sftp', [
'as' => 'server.settings.sftp',
'uses' => 'Server\ServerController@getSFTP',
]);
$router->post('/settings/sftp', [
'uses' => 'Server\ServerController@postSettingsSFTP',
]);
$router->get('/settings/startup', [
'as' => 'server.settings.startup',
'uses' => 'Server\ServerController@getStartup',
]);
$router->post('/settings/startup', [
'uses' => 'Server\ServerController@postSettingsStartup',
]);
$router->get('/settings/allocation', [
'as' => 'server.settings.allocation',
'uses' => 'Server\ServerController@getAllocation',
]);
// File Manager Routes
$router->get('/files', [
'as' => 'server.files.index',
'uses' => 'Server\ServerController@getFiles',
]);
$router->get('/files/edit/{file}', [
'as' => 'server.files.edit',
'uses' => 'Server\ServerController@getEditFile',
])->where('file', '.*');
$router->get('/files/download/{file}', [
'as' => 'server.files.download',
'uses' => 'Server\ServerController@getDownloadFile',
])->where('file', '.*');
$router->get('/files/add', [
'as' => 'server.files.add',
'uses' => 'Server\ServerController@getAddFile',
]);
$router->post('files/directory-list', [
'as' => 'server.files.directory-list',
'uses' => 'Server\AjaxController@postDirectoryList',
]);
$router->post('files/save', [
'as' => 'server.files.save',
'uses' => 'Server\AjaxController@postSaveFile',
]);
// Sub-User Routes
$router->get('users', [
'as' => 'server.subusers',
'uses' => 'Server\SubuserController@getIndex',
]);
$router->get('users/new', [
'as' => 'server.subusers.new',
'uses' => 'Server\SubuserController@getNew',
]);
$router->post('users/new', [
'uses' => 'Server\SubuserController@postNew',
]);
$router->get('users/view/{id}', [
'as' => 'server.subusers.view',
'uses' => 'Server\SubuserController@getView',
]);
$router->post('users/view/{id}', [
'uses' => 'Server\SubuserController@postView',
]);
$router->delete('users/delete/{id}', [
'as' => 'server.subusers.delete',
'uses' => 'Server\SubuserController@deleteSubuser',
]);
$router->get('tasks/', [
'as' => 'server.tasks',
'uses' => 'Server\TaskController@getIndex',
]);
$router->get('tasks/view/{id}', [
'as' => 'server.tasks.view',
'uses' => 'Server\TaskController@getView',
]);
$router->get('tasks/new', [
'as' => 'server.tasks.new',
'uses' => 'Server\TaskController@getNew',
]);
$router->post('tasks/new', [
'uses' => 'Server\TaskController@postNew',
]);
$router->delete('tasks/delete/{id}', [
'as' => 'server.tasks.delete',
'uses' => 'Server\TaskController@deleteTask',
]);
$router->post('tasks/toggle/{id}', [
'as' => 'server.tasks.toggle',
'uses' => 'Server\TaskController@toggleTask',
]);
// Assorted AJAX Routes
$router->group(['prefix' => 'ajax'], function ($server) use ($router) {
// Sets the Default Connection for the Server
$router->post('set-primary', [
'uses' => 'Server\AjaxController@postSetPrimary',
]);
$router->post('settings/reset-database-password', [
'as' => 'server.ajax.reset-database-password',
'uses' => 'Server\AjaxController@postResetDatabasePassword',
]);
});
});
}
}

View file

@ -28,6 +28,13 @@ use Illuminate\Database\Eloquent\Model;
class APIKey extends Model class APIKey extends Model
{ {
/**
* Public key defined length used in verification methods.
*
* @var int
*/
const PUBLIC_KEY_LEN = 16;
/** /**
* The table associated with the model. * The table associated with the model.
* *
@ -42,6 +49,15 @@ class APIKey extends Model
*/ */
protected $hidden = ['secret']; protected $hidden = ['secret'];
/**
* Cast values to correct type.
*
* @var array
*/
protected $casts = [
'allowed_ips' => 'json',
];
/** /**
* Fields that are not mass assignable. * Fields that are not mass assignable.
* *

View file

@ -57,4 +57,75 @@ class APIPermission extends Model
* @var bool * @var bool
*/ */
public $timestamps = false; public $timestamps = false;
/**
* List of permissions available for the API.
*
* @var array
*/
protected static $permissions = [
// Items within this block are available to non-adminitrative users.
'_user' => [
'server' => [
'list',
'view',
'power',
'command',
],
],
// All other pemissions below are administrative actions.
'server' => [
'list',
'create',
'view',
'edit-details',
'edit-container',
'edit-build',
'edit-startup',
'suspend',
'install',
'rebuild',
'delete',
],
'location' => [
'list',
],
'node' => [
'list',
'view',
'view-config',
'create',
'delete',
],
'user' => [
'list',
'view',
'create',
'edit',
'delete',
],
'service' => [
'list',
'view',
],
'option' => [
'list',
'view',
],
'pack' => [
'list',
'view',
],
];
/**
* Return permissions for API.
*
* @return array
*/
public static function permissions()
{
return self::$permissions;
}
} }

View file

@ -27,6 +27,7 @@ namespace Pterodactyl\Models;
use Auth; use Auth;
use Cache; use Cache;
use Carbon; use Carbon;
use Schema;
use Javascript; use Javascript;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
use Illuminate\Notifications\Notifiable; use Illuminate\Notifications\Notifiable;
@ -203,6 +204,16 @@ class Server extends Model
return Javascript::put($response); return Javascript::put($response);
} }
/**
* Return the columns available for this table.
*
* @return array
*/
public function getTableColumns()
{
return Schema::getColumnListing($this->getTable());
}
/** /**
* Gets the user who owns the server. * Gets the user who owns the server.
* *
@ -313,4 +324,14 @@ class Server extends Model
{ {
return $this->hasMany(Database::class); return $this->hasMany(Database::class);
} }
/**
* Gets the location of the server.
*
* @return \Illuminate\Database\Eloquent\Relations\BelongsTo
*/
public function location()
{
return $this->node->location();
}
} }

View file

@ -0,0 +1,73 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Policies;
use Cache;
use Carbon;
use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey as Key;
use Pterodactyl\Models\APIPermission as Permission;
class APIKeyPolicy
{
/**
* Checks if the API key has permission to perform an action.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\APIKey $key
* @param string $permission
* @return bool
*/
protected function checkPermission(User $user, Key $key, $permission)
{
// Non-administrative users cannot use administrative routes.
if (! starts_with('user.') && ! $user->isRootAdmin()) {
return false;
}
// We don't tag this cache key with the user uuid because the key is already unique,
// and multiple users are not defiend for a single key.
$permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) {
return $key->permissions()->get()->transform(function ($item) {
return $item->permission;
})->values();
});
return $permissions->search($permission, true) !== false;
}
/**
* Determine if a user has permission to perform this action against the system.
*
* @param \Pterodactyl\Models\User $user
* @param string $permission
* @param \Pterodactyl\Models\APIKey $key
* @return bool
*/
public function before(User $user, $permission, Key $key)
{
return $this->checkPermission($user, $key, $permission);
}
}

View file

@ -39,13 +39,9 @@ class ServerPolicy
* @param string $permission * @param string $permission
* @return bool * @return bool
*/ */
private function checkPermission(User $user, Server $server, $permission) protected function checkPermission(User $user, Server $server, $permission)
{ {
if ($this->isOwner($user, $server)) { $permissions = Cache::remember('ServerPolicy.' . $user->uuid . $server->uuid, Carbon::now()->addSeconds(5), function () use ($user, $server) {
return true;
}
$permissions = Cache::remember('ServerPolicy.' . $user->uuid . $server->uuid, Carbon::now()->addSeconds(10), function () use ($user, $server) {
return $user->permissions()->server($server)->get()->transform(function ($item) { return $user->permissions()->server($server)->get()->transform(function ($item) {
return $item->permission; return $item->permission;
})->values(); })->values();
@ -54,486 +50,20 @@ class ServerPolicy
return $permissions->search($permission, true) !== false; return $permissions->search($permission, true) !== false;
} }
/**
* Determine if current user is the owner of a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
protected function isOwner(User $user, Server $server)
{
return $server->owner_id === $user->id;
}
/** /**
* Runs before any of the functions are called. Used to determine if user is root admin, if so, ignore permissions. * Runs before any of the functions are called. Used to determine if user is root admin, if so, ignore permissions.
* *
* @param \Pterodactyl\Models\User $user * @param \Pterodactyl\Models\User $user
* @param string $ability * @param string $ability
* @param \Pterodactyl\Models\Server $server
* @return bool * @return bool
*/ */
public function before(User $user, $ability) public function before(User $user, $ability, Server $server)
{ {
if ($user->root_admin === 1) { if ($user->isRootAdmin() || $server->owner_id === $user->id) {
return true; return true;
} }
}
/** return $this->checkPermission($user, $server, $ability);
* Check if user has permission to control power for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function power(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power');
}
/**
* Check if user has permission to start a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerStart(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-start');
}
/**
* Check if user has permission to stop a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerStop(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-stop');
}
/**
* Check if user has permission to restart a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerRestart(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-restart');
}
/**
* Check if user has permission to kill a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function powerKill(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'power-kill');
}
/**
* Check if user has permission to run a command on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function sendCommand(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'send-command');
}
/**
* Check if user has permission to list files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function listFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'list-files');
}
/**
* Check if user has permission to edit files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function editFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'edit-files');
}
/**
* Check if user has permission to save files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function saveFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'save-files');
}
/**
* Check if user has permission to move and rename files and folders on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function moveFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'move-files');
}
/**
* Check if user has permission to copy folders and files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function copyFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'copy-files');
}
/**
* Check if user has permission to compress files and folders on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function compressFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'compress-files');
}
/**
* Check if user has permission to decompress files on a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function decompressFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'decompress-files');
}
/**
* Check if user has permission to add files to a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function createFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'create-files');
}
/**
* Check if user has permission to upload files to a server.
* This permission relies on the user having the 'create-files' permission as well due to page authorization.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function uploadFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'upload-files');
}
/**
* Check if user has permission to download files from a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function downloadFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'download-files');
}
/**
* Check if user has permission to delete files from a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function deleteFiles(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'delete-files');
}
/**
* Check if user has permission to view subusers for the server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function listSubusers(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'list-subusers');
}
/**
* Check if user has permission to view specific subuser permissions.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-subuser');
}
/**
* Check if user has permission to edit a subuser.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function editSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'edit-subuser');
}
/**
* Check if user has permission to delete a subuser.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function deleteSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'delete-subuser');
}
/**
* Check if user has permission to edit a subuser.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function createSubuser(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'create-subuser');
}
/**
* Check if user has permission to set the default connection for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function setConnection(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'set-connection');
}
/**
* Check if user has permission to view the startup command used for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewStartup(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-startup');
}
/**
* Check if user has permission to edit the startup command used for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function editStartup(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'edit-startup');
}
/**
* Check if user has permission to view the SFTP information for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewSftp(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-sftp');
}
/**
* Check if user has permission to reset the SFTP password for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function resetSftp(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'reset-sftp');
}
/**
* Check if user has permission to view the SFTP password for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewSftpPassword(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-sftp-password');
}
/**
* Check if user has permission to view databases for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewDatabases(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-databases');
}
/**
* Check if user has permission to reset database passwords.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function resetDbPassword(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'reset-db-password');
}
/**
* Check if user has permission to view all tasks for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function listTasks(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'list-tasks');
}
/**
* Check if user has permission to view a specific task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-task');
}
/**
* Check if user has permission to view a toggle a task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function toggleTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'toggle-task');
}
/**
* Check if user has permission to queue a task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function queueTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'queue-task');
}
/**
* Check if user has permission to delete a specific task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function deleteTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'delete-task');
}
/**
* Check if user has permission to create a task for a server.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function createTask(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'create-task');
}
/**
* Check if user has permission to view server allocations.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function viewAllocation(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'view-allocation');
}
/**
* Check if user has permission to set the default allocation.
*
* @param \Pterodactyl\Models\User $user
* @param \Pterodactyl\Models\Server $server
* @return bool
*/
public function setAllocation(User $user, Server $server)
{
return $this->checkPermission($user, $server, 'set-allocation');
} }
} }

View file

@ -13,6 +13,7 @@ class AuthServiceProvider extends ServiceProvider
*/ */
protected $policies = [ protected $policies = [
'Pterodactyl\Models\Server' => 'Pterodactyl\Policies\ServerPolicy', 'Pterodactyl\Models\Server' => 'Pterodactyl\Policies\ServerPolicy',
'Pterodactyl\Models\APIKey' => 'Pterodactyl\Policies\APIKeyPolicy',
]; ];
/** /**

View file

@ -25,6 +25,10 @@
namespace Pterodactyl\Providers; namespace Pterodactyl\Providers;
use File; use File;
use Cache;
use Carbon;
use Request;
use Pterodactyl\Models\APIKey;
use Illuminate\Support\ServiceProvider; use Illuminate\Support\ServiceProvider;
class MacroServiceProvider extends ServiceProvider class MacroServiceProvider extends ServiceProvider
@ -48,5 +52,35 @@ class MacroServiceProvider extends ServiceProvider
return round($size, ($i < 2) ? 0 : $precision) . ' ' . $units[$i]; return round($size, ($i < 2) ? 0 : $precision) . ' ' . $units[$i];
}); });
Request::macro('apiKey', function () {
if (! Request::bearerToken()) {
return false;
}
$parts = explode('.', Request::bearerToken());
if (count($parts) === 2 && strlen($parts[0]) === APIKey::PUBLIC_KEY_LEN) {
// Because the key itself isn't changing frequently, we simply cache this for
// 15 minutes to speed up the API and keep requests flowing.
return Cache::tags([
'ApiKeyMacro',
'ApiKeyMacro:Key:' . $parts[0],
])->remember('ApiKeyMacro.' . $parts[0], Carbon::now()->addMinutes(15), function () use ($parts) {
return APIKey::where('public', $parts[0])->first();
});
}
return false;
});
Request::macro('apiKeyHasPermission', function ($permission) {
$key = Request::apiKey();
if (! $key) {
return false;
}
return Request::user()->can($permission, $key);
});
} }
} }

View file

@ -33,6 +33,14 @@ class RouteServiceProvider extends ServiceProvider
*/ */
public function map() public function map()
{ {
Route::middleware(['api'])->prefix('/api/user')
->namespace($this->namespace . '\API\User')
->group(base_path('routes/api.php'));
Route::middleware(['api'])->prefix('/api/admin')
->namespace($this->namespace . '\API\Admin')
->group(base_path('routes/api-admin.php'));
Route::middleware(['web', 'auth', 'csrf']) Route::middleware(['web', 'auth', 'csrf'])
->namespace($this->namespace . '\Base') ->namespace($this->namespace . '\Base')
->group(base_path('routes/base.php')); ->group(base_path('routes/base.php'));

View file

@ -29,65 +29,14 @@ use Auth;
use Crypt; use Crypt;
use Validator; use Validator;
use IPTools\Network; use IPTools\Network;
use Pterodactyl\Models; use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey as Key;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Models\APIPermission as Permission;
use Pterodactyl\Exceptions\DisplayValidationException; use Pterodactyl\Exceptions\DisplayValidationException;
class APIRepository class APIRepository
{ {
/**
* Valid API permissions.
*
* @var array
*/
protected $permissions = [
'admin' => [
'*',
// User Management Routes
'users.list',
'users.create',
'users.view',
'users.update',
'users.delete',
// Server Manaement Routes
'servers.list',
'servers.create',
'servers.view',
'servers.config',
'servers.build',
'servers.suspend',
'servers.unsuspend',
'servers.delete',
// Node Management Routes
'nodes.list',
'nodes.view',
'nodes.create',
'nodes.allocations',
'nodes.delete',
// Service Routes
'services.list',
'services.view',
// Location Routes
'locations.list',
],
'user' => [
'*',
// Informational
'me',
// Server Control
'server',
'server.power',
],
];
/** /**
* Holder for listing of allowed IPs when creating a new key. * Holder for listing of allowed IPs when creating a new key.
* *
@ -108,11 +57,11 @@ class APIRepository
* @param null|\Pterodactyl\Models\User $user * @param null|\Pterodactyl\Models\User $user
* @return void * @return void
*/ */
public function __construct(Models\User $user = null) public function __construct(User $user = null)
{ {
$this->user = is_null($user) ? Auth::user() : $user; $this->user = is_null($user) ? Auth::user() : $user;
if (is_null($this->user)) { if (is_null($this->user)) {
throw new \Exception('Cannot access API Repository without passing a user to constructor.'); throw new \Exception('Unable to initialize user for API repository instance.');
} }
} }
@ -129,8 +78,9 @@ class APIRepository
{ {
$validator = Validator::make($data, [ $validator = Validator::make($data, [
'memo' => 'string|max:500', 'memo' => 'string|max:500',
'allowed_ips' => 'sometimes|string',
'permissions' => 'sometimes|required|array', 'permissions' => 'sometimes|required|array',
'adminPermissions' => 'sometimes|required|array', 'admin_permissions' => 'sometimes|required|array',
]); ]);
$validator->after(function ($validator) use ($data) { $validator->after(function ($validator) use ($data) {
@ -156,8 +106,7 @@ class APIRepository
DB::beginTransaction(); DB::beginTransaction();
try { try {
$secretKey = str_random(16) . '.' . str_random(7) . '.' . str_random(7); $secretKey = str_random(16) . '.' . str_random(7) . '.' . str_random(7);
$key = new Models\APIKey; $key = Key::create([
$key->fill([
'user_id' => $this->user->id, 'user_id' => $this->user->id,
'public' => str_random(16), 'public' => str_random(16),
'secret' => Crypt::encrypt($secretKey), 'secret' => Crypt::encrypt($secretKey),
@ -165,44 +114,61 @@ class APIRepository
'memo' => $data['memo'], 'memo' => $data['memo'],
'expires_at' => null, 'expires_at' => null,
]); ]);
$key->save();
$totalPermissions = 0; $totalPermissions = 0;
$pNodes = Permission::permissions();
if (isset($data['permissions'])) { if (isset($data['permissions'])) {
foreach ($data['permissions'] as $permNode) { foreach ($data['permissions'] as $permission) {
if (! strpos($permNode, ':')) { $parts = explode('-', $permission);
if (count($parts) !== 2) {
continue; continue;
} }
list($toss, $permission) = explode(':', $permNode); list($block, $search) = $parts;
if (in_array($permission, $this->permissions['user'])) {
$totalPermissions++; if (! array_key_exists($block, $pNodes['_user'])) {
$model = new Models\APIPermission; continue;
$model->fill([
'key_id' => $key->id,
'permission' => 'api.user.' . $permission,
]);
$model->save();
} }
if (! in_array($search, $pNodes['_user'][$block])) {
continue;
}
$totalPermissions++;
Permission::create([
'key_id' => $key->id,
'permission' => 'user.' . $permission,
]);
} }
} }
if ($this->user->isRootAdmin() && isset($data['adminPermissions'])) { if ($this->user->isRootAdmin() && isset($data['admin_permissions'])) {
foreach ($data['adminPermissions'] as $permNode) { unset($pNodes['_user']);
if (! strpos($permNode, ':')) {
foreach ($data['admin_permissions'] as $permNode) {
$parts = explode('-', $permission);
if (count($parts) !== 2) {
continue; continue;
} }
list($toss, $permission) = explode(':', $permNode); list($block, $search) = $parts;
if (in_array($permission, $this->permissions['admin'])) {
$totalPermissions++; if (! array_key_exists($block, $pNodes)) {
$model = new Models\APIPermission; continue;
$model->fill([
'key_id' => $key->id,
'permission' => 'api.admin.' . $permission,
]);
$model->save();
} }
if (! in_array($search, $pNodes[$block])) {
continue;
}
$totalPermissions++;
Permission::create([
'key_id' => $key->id,
'permission' => $permission,
]);
} }
} }
@ -229,20 +195,13 @@ class APIRepository
*/ */
public function revoke($key) public function revoke($key)
{ {
DB::beginTransaction(); DB::transaction(function () use ($key) {
$model = Key::with('permissions')->where('public', $key)->where('user_id', $this->user->id)->firstOrFail();
try {
$model = Models\APIKey::with('permissions')->where('public', $key)->where('user_id', $this->user->id)->firstOrFail();
foreach ($model->permissions as &$permission) { foreach ($model->permissions as &$permission) {
$permission->delete(); $permission->delete();
} }
$model->delete(); $model->delete();
});
DB::commit();
} catch (\Exception $ex) {
DB::rollBack();
throw $ex;
}
} }
} }

View file

@ -25,6 +25,7 @@
namespace Pterodactyl\Repositories\Daemon; namespace Pterodactyl\Repositories\Daemon;
use Pterodactyl\Models; use Pterodactyl\Models;
use GuzzleHttp\Exception\ConnectException;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
class CommandRepository class CommandRepository
@ -60,20 +61,20 @@ class CommandRepository
{ {
// We don't use the user's specific daemon secret here since we // We don't use the user's specific daemon secret here since we
// are assuming that a call to this function has been validated. // are assuming that a call to this function has been validated.
// Additionally not all calls to this will be from a logged in user.
// (e.g. task queue or API)
try { try {
$response = $this->server->node->guzzleClient([ $response = $this->server->guzzleClient()->request('PUT', '/server/command', [
'X-Access-Token' => $this->server->daemonSecret, 'http_errors' => false,
'X-Access-Server' => $this->server->uuid, 'json' => [
])->request('POST', '/server/command', ['json' => ['command' => $command]]); 'command' => $command,
],
]);
if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) { if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) {
throw new DisplayException('Command sending responded with a non-200 error code.'); throw new DisplayException('Command sending responded with a non-200 error code (HTTP/' . $response->getStatusCode() . ').');
} }
return $response->getBody(); return $response->getBody();
} catch (\Exception $ex) { } catch (ConnectException $ex) {
throw $ex; throw $ex;
} }
} }

View file

@ -25,6 +25,7 @@
namespace Pterodactyl\Repositories\Daemon; namespace Pterodactyl\Repositories\Daemon;
use Pterodactyl\Models; use Pterodactyl\Models;
use GuzzleHttp\Exception\ConnectException;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
class PowerRepository class PowerRepository
@ -60,20 +61,20 @@ class PowerRepository
{ {
// We don't use the user's specific daemon secret here since we // We don't use the user's specific daemon secret here since we
// are assuming that a call to this function has been validated. // are assuming that a call to this function has been validated.
// Additionally not all calls to this will be from a logged in user.
// (e.g. task queue or API)
try { try {
$response = $this->server->node->guzzleClient([ $response = $this->server->guzzleClient()->request('PUT', '/server/power', [
'X-Access-Token' => $this->server->daemonSecret, 'http_errors' => false,
'X-Access-Server' => $this->server->uuid, 'json' => [
])->request('PUT', '/server/power', ['json' => ['action' => $action]]); 'action' => $action,
],
]);
if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) { if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) {
throw new DisplayException('Power status responded with a non-200 error code.'); throw new DisplayException('Power toggle endpoint responded with a non-200 error code (HTTP/' . $response->getStatusCode() . ').');
} }
return $response->getBody(); return $response->getBody();
} catch (\Exception $ex) { } catch (ConnectException $ex) {
throw $ex; throw $ex;
} }
} }

View file

@ -337,9 +337,6 @@ class ServerRepository
DB::commit(); DB::commit();
return $server; return $server;
} catch (TransferException $ex) {
DB::rollBack();
throw new DisplayException('There was an error while attempting to connect to the daemon to add this server.', $ex);
} catch (\Exception $ex) { } catch (\Exception $ex) {
DB::rollBack(); DB::rollBack();
throw $ex; throw $ex;
@ -351,7 +348,7 @@ class ServerRepository
* *
* @param int $id * @param int $id
* @param array $data * @param array $data
* @return bool * @return \Pterodactyl\Models\Server
* *
* @throws \Pterodactyl\Exceptions\DisplayException * @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\DisplayValidationException * @throws \Pterodactyl\Exceptions\DisplayValidationException
@ -409,7 +406,9 @@ class ServerRepository
]); ]);
if ($res->getStatusCode() === 204) { if ($res->getStatusCode() === 204) {
return DB::commit(); DB::commit();
return $server;
} else { } else {
throw new DisplayException('Daemon returned a a non HTTP/204 error code. HTTP/' + $res->getStatusCode()); throw new DisplayException('Daemon returned a a non HTTP/204 error code. HTTP/' + $res->getStatusCode());
} }
@ -424,9 +423,8 @@ class ServerRepository
* *
* @param int $id * @param int $id
* @param array $data * @param array $data
* @return bool * @return \Pterodactyl\Models\Server
* *
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\DisplayValidationException * @throws \Pterodactyl\Exceptions\DisplayValidationException
*/ */
public function updateContainer($id, array $data) public function updateContainer($id, array $data)
@ -461,10 +459,7 @@ class ServerRepository
DB::commit(); DB::commit();
return true; return $server;
} catch (TransferException $ex) {
DB::rollBack();
throw new DisplayException('A TransferException occured while attempting to update the container image. Is the daemon online? This error has been logged.', $ex);
} catch (\Exception $ex) { } catch (\Exception $ex) {
DB::rollBack(); DB::rollBack();
throw $ex; throw $ex;
@ -609,9 +604,6 @@ class ServerRepository
DB::commit(); DB::commit();
return $server; return $server;
} catch (TransferException $ex) {
DB::rollBack();
throw new DisplayException('A TransferException occured while attempting to update the server configuration, check that the daemon is online. This error has been logged.', $ex);
} catch (\Exception $ex) { } catch (\Exception $ex) {
DB::rollBack(); DB::rollBack();
throw $ex; throw $ex;
@ -799,8 +791,6 @@ class ServerRepository
* @param int $id * @param int $id
* @param bool $deleted * @param bool $deleted
* @return void * @return void
*
* @throws \Pterodactyl\Exceptions\DisplayException
*/ */
public function suspend($id, $deleted = false) public function suspend($id, $deleted = false)
{ {
@ -824,9 +814,6 @@ class ServerRepository
])->request('POST', '/server/suspend'); ])->request('POST', '/server/suspend');
return DB::commit(); return DB::commit();
} catch (TransferException $ex) {
DB::rollBack();
throw new DisplayException('An error occured while attempting to contact the remote daemon to suspend this server.', $ex);
} catch (\Exception $ex) { } catch (\Exception $ex) {
DB::rollBack(); DB::rollBack();
throw $ex; throw $ex;
@ -838,8 +825,6 @@ class ServerRepository
* *
* @param int $id * @param int $id
* @return void * @return void
*
* @throws \Pterodactyl\Exceptions\DisplayException
*/ */
public function unsuspend($id) public function unsuspend($id)
{ {
@ -848,7 +833,6 @@ class ServerRepository
DB::beginTransaction(); DB::beginTransaction();
try { try {
// Already unsuspended, no need to make more requests. // Already unsuspended, no need to make more requests.
if ($server->suspended === 0) { if ($server->suspended === 0) {
return true; return true;
@ -863,9 +847,6 @@ class ServerRepository
])->request('POST', '/server/unsuspend'); ])->request('POST', '/server/unsuspend');
return DB::commit(); return DB::commit();
} catch (TransferException $ex) {
DB::rollBack();
throw new DisplayException('An error occured while attempting to contact the remote daemon to un-suspend this server.', $ex);
} catch (\Exception $ex) { } catch (\Exception $ex) {
DB::rollBack(); DB::rollBack();
throw $ex; throw $ex;
@ -879,7 +860,6 @@ class ServerRepository
* @param string $password * @param string $password
* @return void * @return void
* *
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\DisplayValidationException * @throws \Pterodactyl\Exceptions\DisplayValidationException
*/ */
public function updateSFTPPassword($id, $password) public function updateSFTPPassword($id, $password)
@ -910,9 +890,6 @@ class ServerRepository
DB::commit(); DB::commit();
return true; return true;
} catch (TransferException $ex) {
DB::rollBack();
throw new DisplayException('There was an error while attmping to contact the remote service to change the password.', $ex);
} catch (\Exception $ex) { } catch (\Exception $ex) {
DB::rollBack(); DB::rollBack();
throw $ex; throw $ex;

View file

@ -114,7 +114,7 @@ class UserRepository
* *
* @param int $id * @param int $id
* @param array $data * @param array $data
* @return bool * @return \Pterodactyl\Models\User
* *
* @throws \Pterodactyl\Exceptions\DisplayValidationException * @throws \Pterodactyl\Exceptions\DisplayValidationException
*/ */
@ -147,9 +147,9 @@ class UserRepository
unset($data['password']); unset($data['password']);
} }
$user->fill($data); $user->fill($data)->save();
return $user->save(); return $user;
} }
/** /**

View file

@ -0,0 +1,98 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\Allocation;
use League\Fractal\TransformerAbstract;
class AllocationTransformer extends TransformerAbstract
{
/**
* The filter to be applied to this transformer.
*
* @var bool|string
*/
protected $filter;
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @param bool $filter
* @return void
*/
public function __construct($request = false, $filter = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
$this->filter = $filter;
}
/**
* Return a generic transformed allocation array.
*
* @return array
*/
public function transform(Allocation $allocation)
{
return $this->transformWithFilter($allocation);
}
/**
* Determine which transformer filter to apply.
*
* @return array
*/
protected function transformWithFilter(Allocation $allocation)
{
if ($this->filter === 'server') {
return $this->transformForServer($allocation);
}
return $allocation->toArray();
}
/**
* Transform the allocation to only return information not duplicated
* in the server response (discard node_id and server_id).
*
* @return array
*/
protected function transformForServer(Allocation $allocation)
{
return collect($allocation)->only('id', 'ip', 'ip_alias', 'port')->toArray();
}
}

View file

@ -0,0 +1,102 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\Location;
use League\Fractal\TransformerAbstract;
class LocationTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'nodes',
'servers',
];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed pack array.
*
* @return array
*/
public function transform(Location $location)
{
return $location->toArray();
}
/**
* Return the nodes associated with this location.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeServers(Location $location)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
return;
}
return $this->collection($location->servers, new ServerTransformer($this->request), 'server');
}
/**
* Return the nodes associated with this location.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeNodes(Location $location)
{
if ($this->request && ! $this->request->apiKeyHasPermission('node-list')) {
return;
}
return $this->collection($location->nodes, new NodeTransformer($this->request), 'node');
}
}

View file

@ -0,0 +1,117 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\Node;
use League\Fractal\TransformerAbstract;
class NodeTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'allocations',
'location',
'servers',
];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed pack array.
*
* @return array
*/
public function transform(Node $node)
{
return $node->toArray();
}
/**
* Return the nodes associated with this location.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeAllocations(Node $node)
{
if ($this->request && ! $this->request->apiKeyHasPermission('node-view')) {
return;
}
return $this->collection($node->allocations, new AllocationTransformer($this->request), 'allocation');
}
/**
* Return the nodes associated with this location.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeLocation(Node $node)
{
if ($this->request && ! $this->request->apiKeyHasPermission('location-list')) {
return;
}
return $this->item($node->location, new LocationTransformer($this->request), 'location');
}
/**
* Return the nodes associated with this location.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeServers(Node $node)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
return;
}
return $this->collection($node->servers, new ServerTransformer($this->request), 'server');
}
}

View file

@ -0,0 +1,132 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\ServiceOption;
use League\Fractal\TransformerAbstract;
class OptionTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'service',
'packs',
'servers',
'variables',
];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed service option array.
*
* @return array
*/
public function transform(ServiceOption $option)
{
return $option->toArray();
}
/**
* Return the parent service for this service option.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeService(ServiceOption $option)
{
if ($this->request && ! $this->request->apiKeyHasPermission('service-view')) {
return;
}
return $this->item($option->service, new ServiceTransformer($this->request), 'service');
}
/**
* Return the packs associated with this service option.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includePacks(ServiceOption $option)
{
if ($this->request && ! $this->request->apiKeyHasPermission('pack-list')) {
return;
}
return $this->collection($option->packs, new PackTransformer($this->request), 'pack');
}
/**
* Return the servers associated with this service option.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeServers(ServiceOption $option)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
return;
}
return $this->collection($option->servers, new ServerTransformer($this->request), 'server');
}
/**
* Return the variables for this service option.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeVariables(ServiceOption $option)
{
if ($this->request && ! $this->request->apiKeyHasPermission('option-view')) {
return;
}
return $this->collection($option->variables, new ServiceVariableTransformer($this->request), 'variable');
}
}

View file

@ -0,0 +1,106 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\Pack;
use League\Fractal\TransformerAbstract;
class PackTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'option',
'servers',
];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed pack array.
*
* @return array
*/
public function transform($pack)
{
if (! $pack instanceof Pack) {
return ['id' => null];
}
return $pack->toArray();
}
/**
* Return the packs associated with this service.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeOption(Pack $pack)
{
if ($this->request && ! $this->request->apiKeyHasPermission('option-view')) {
return;
}
return $this->item($pack->option, new OptionTransformer($this->request), 'option');
}
/**
* Return the packs associated with this service.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeServers(Pack $pack)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
return;
}
return $this->collection($pack->servers, new ServerTransformer($this->request), 'server');
}
}

View file

@ -0,0 +1,207 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use League\Fractal\TransformerAbstract;
class ServerTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'allocations',
'user',
'subusers',
'pack',
'service',
'option',
'variables',
'location',
'node',
];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed server array.
*
* @return array
*/
public function transform(Server $server)
{
return collect($server->toArray())->only($server->getTableColumns())->toArray();
}
/**
* Return a generic array of allocations for this server.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeAllocations(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-view')) {
return;
}
return $this->collection($server->allocations, new AllocationTransformer($this->request, 'server'), 'allocation');
}
/**
* Return a generic array of data about subusers for this server.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeSubusers(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-view')) {
return;
}
return $this->collection($server->subusers, new SubuserTransformer($this->request), 'subuser');
}
/**
* Return a generic array of data about subusers for this server.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeUser(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('user-view')) {
return;
}
return $this->item($server->user, new UserTransformer($this->request), 'user');
}
/**
* Return a generic array with pack information for this server.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includePack(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('pack-view')) {
return;
}
return $this->item($server->pack, new PackTransformer($this->request), 'pack');
}
/**
* Return a generic array with service information for this server.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeService(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('service-view')) {
return;
}
return $this->item($server->service, new ServiceTransformer($this->request), 'service');
}
/**
* Return a generic array with service option information for this server.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeOption(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('option-view')) {
return;
}
return $this->item($server->option, new OptionTransformer($this->request), 'option');
}
/**
* Return a generic array of data about subusers for this server.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeVariables(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-view')) {
return;
}
return $this->collection($server->variables, new ServerVariableTransformer($this->request), 'server_variable');
}
/**
* Return a generic array with pack information for this server.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeLocation(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('location-list')) {
return;
}
return $this->item($server->location, new LocationTransformer($this->request), 'location');
}
/**
* Return a generic array with pack information for this server.
*
* @return \Leauge\Fractal\Resource\Item|void
*/
public function includeNode(Server $server)
{
if ($this->request && ! $this->request->apiKeyHasPermission('node-view')) {
return;
}
return $this->item($server->node, new NodeTransformer($this->request), 'node');
}
}

View file

@ -0,0 +1,85 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\ServerVariable;
use League\Fractal\TransformerAbstract;
class ServerVariableTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = ['parent'];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed server variable array.
*
* @return array
*/
public function transform(ServerVariable $variable)
{
return $variable->toArray();
}
/**
* Return the parent service variable data.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeParent(ServerVariable $variable)
{
if ($this->request && ! $this->request->apiKeyHasPermission('option-view')) {
return;
}
return $this->item($variable->variable, new ServiceVariableTransformer($this->request), 'variable');
}
}

View file

@ -0,0 +1,117 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\Service;
use League\Fractal\TransformerAbstract;
class ServiceTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'options',
'servers',
'packs',
];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed service array.
*
* @return array
*/
public function transform(Service $service)
{
return $service->toArray();
}
/**
* Return the the service options.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeOptions(Service $service)
{
if ($this->request && ! $this->request->apiKeyHasPermission('option-list')) {
return;
}
return $this->collection($service->options, new OptionTransformer($this->request), 'option');
}
/**
* Return the servers associated with this service.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeServers(Service $service)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
return;
}
return $this->collection($service->servers, new ServerTransformer($this->request), 'server');
}
/**
* Return the packs associated with this service.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includePacks(Service $service)
{
if ($this->request && ! $this->request->apiKeyHasPermission('pack-list')) {
return;
}
return $this->collection($service->packs, new PackTransformer($this->request), 'pack');
}
}

View file

@ -0,0 +1,85 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use League\Fractal\TransformerAbstract;
use Pterodactyl\Models\ServiceVariable;
class ServiceVariableTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = ['variables'];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed server variable array.
*
* @return array
*/
public function transform(ServiceVariable $variable)
{
return $variable->toArray();
}
/**
* Return the server variables associated with this variable.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeVariables(ServiceVariable $variable)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-view')) {
return;
}
return $this->collection($variable->serverVariable, new ServerVariableTransformer($this->request), 'server_variable');
}
}

View file

@ -0,0 +1,77 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Permission;
use League\Fractal\TransformerAbstract;
class SubuserTransformer extends TransformerAbstract
{
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed subuser array.
*
* @return array
*/
public function transform(Subuser $subuser)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-view')) {
return;
}
return [
'id' => $subuser->id,
'username' => $subuser->user->username,
'email' => $subuser->user->email,
'2fa' => (bool) $subuser->user->use_totp,
'permissions' => $subuser->permissions->pluck('permission'),
'created_at' => $subuser->created_at,
'updated_at' => $subuser->updated_at,
];
}
}

View file

@ -0,0 +1,102 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\Admin;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use League\Fractal\TransformerAbstract;
class UserTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'access',
'servers',
];
/**
* The Illuminate Request object if provided.
*
* @var \Illuminate\Http\Request|bool
*/
protected $request;
/**
* Setup request object for transformer.
*
* @param \Illuminate\Http\Request|bool $request
* @return void
*/
public function __construct($request = false)
{
if (! $request instanceof Request && $request !== false) {
throw new DisplayException('Request passed to constructor must be of type Request or false.');
}
$this->request = $request;
}
/**
* Return a generic transformed subuser array.
*
* @return array
*/
public function transform(User $user)
{
return $user->toArray();
}
/**
* Return the servers associated with this user.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeServers(User $user)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
return;
}
return $this->collection($user->servers, new ServerTransformer($this->request), 'server');
}
/**
* Return the servers that this user can access.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeAccess(User $user)
{
if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
return;
}
return $this->collection($user->access()->get(), new ServerTransformer($this->request), 'server');
}
}

View file

@ -0,0 +1,64 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\User;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Allocation;
use League\Fractal\TransformerAbstract;
class AllocationTransformer extends TransformerAbstract
{
/**
* Server eloquent model.
*
* @return \Pterodactyl\Models\Server
*/
protected $server;
/**
* Setup allocation transformer with access to server data.
*
* @return void
*/
public function __construct(Server $server)
{
$this->server = $server;
}
/**
* Return a generic transformed allocation array.
*
* @return array
*/
public function transform(Allocation $allocation)
{
return [
'id' => $allocation->id,
'ip' => $allocation->alias,
'port' => $allocation->port,
'default' => ($allocation->id === $this->server->allocation_id),
];
}
}

View file

@ -0,0 +1,50 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\User;
use Pterodactyl\Models\Server;
use League\Fractal\TransformerAbstract;
class OverviewTransformer extends TransformerAbstract
{
/**
* Return a generic transformed server array.
*
* @return array
*/
public function transform(Server $server)
{
return [
'id' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $server->node->name,
'ip' => $server->allocation->alias,
'port' => $server->allocation->port,
'service' => $server->service->name,
'option' => $server->option->name,
];
}
}

View file

@ -0,0 +1,100 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\User;
use Pterodactyl\Models\Server;
use League\Fractal\TransformerAbstract;
class ServerTransformer extends TransformerAbstract
{
/**
* List of resources that can be included.
*
* @var array
*/
protected $availableIncludes = [
'allocations',
'subusers',
'stats',
];
/**
* Return a generic transformed server array.
*
* @return array
*/
public function transform(Server $server)
{
return [
'id' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'description' => $server->description,
'node' => $server->node->name,
'limits' => [
'memory' => $server->memory,
'swap' => $server->swap,
'disk' => $server->disk,
'io' => $server->io,
'cpu' => $server->cpu,
'oom_disabled' => (bool) $server->oom_disabled,
],
];
}
/**
* Return a generic array of allocations for this server.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeAllocations(Server $server)
{
$allocations = $server->allocations;
return $this->collection($allocations, new AllocationTransformer($server), 'allocation');
}
/**
* Return a generic array of subusers for this server.
*
* @return \Leauge\Fractal\Resource\Collection
*/
public function includeSubusers(Server $server)
{
$server->load('subusers.permissions', 'subusers.user');
return $this->collection($server->subusers, new SubuserTransformer, 'subuser');
}
/**
* Return a generic array of allocations for this server.
*
* @return \Leauge\Fractal\Resource\Item
*/
public function includeStats(Server $server)
{
return $this->item($server->guzzleClient(), new StatsTransformer, 'stat');
}
}

View file

@ -0,0 +1,63 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Transformers\User;
use GuzzleHttp\Client;
use League\Fractal\TransformerAbstract;
use GuzzleHttp\Exception\ConnectException;
class StatsTransformer extends TransformerAbstract
{
/**
* Return a generic transformed subuser array.
*
* @return array
*/
public function transform(Client $client)
{
try {
$res = $client->request('GET', '/server', ['http_errors' => false]);
if ($res->getStatusCode() !== 200) {
return [
'error' => 'Error: HttpResponseException. Recieved non-200 HTTP status code from daemon: ' . $res->statusCode(),
];
}
$json = json_decode($res->getBody());
return [
'id' => 1,
'status' => $json->status,
'resources' => $json->proc,
];
} catch (ConnectException $ex) {
return [
'error' => 'Error: ConnectException. Unable to contact the daemon to request server status.',
'exception' => (config('app.debug')) ? $ex->getMessage() : null,
];
}
}
}

View file

@ -22,22 +22,27 @@
* SOFTWARE. * SOFTWARE.
*/ */
namespace Pterodactyl\Http\Controllers\API; namespace Pterodactyl\Transformers\User;
use Illuminate\Http\Request; use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Service; use Pterodactyl\Models\Permission;
use League\Fractal\TransformerAbstract;
class ServiceController extends BaseController class SubuserTransformer extends TransformerAbstract
{ {
public function index(Request $request) /**
* Return a generic transformed subuser array.
*
* @return array
*/
public function transform(Subuser $subuser)
{ {
return Service::all()->toArray(); return [
} 'id' => $subuser->id,
'username' => $subuser->user->username,
public function view(Request $request, $id) 'email' => $subuser->user->email,
{ '2fa' => (bool) $subuser->user->use_totp,
$service = Service::with('options.variables', 'options.packs')->findOrFail($id); 'permissions' => $subuser->permissions->pluck('permission'),
];
return $service->toArray();
} }
} }

View file

@ -12,26 +12,26 @@
], ],
"require": { "require": {
"php": ">=7.0.0", "php": ">=7.0.0",
"laravel/framework": "5.4.16", "aws/aws-sdk-php": "3.25.1",
"laravel/tinker": "1.0.0",
"barryvdh/laravel-debugbar": "2.3.2", "barryvdh/laravel-debugbar": "2.3.2",
"doctrine/dbal": "2.5.12", "doctrine/dbal": "2.5.12",
"edvinaskrucas/settings": "2.0.0",
"fideloper/proxy": "3.3.0",
"guzzlehttp/guzzle": "6.2.3", "guzzlehttp/guzzle": "6.2.3",
"igaster/laravel-theme": "1.14.0",
"laracasts/utilities": "2.1.0",
"laravel/framework": "5.4.16",
"laravel/tinker": "1.0.0",
"lord/laroute": "2.4.4",
"mtdowling/cron-expression": "1.2.0",
"nesbot/carbon": "1.22.1",
"nicolaslopezj/searchable": "1.9.5",
"pragmarx/google2fa": "1.0.1", "pragmarx/google2fa": "1.0.1",
"webpatser/laravel-uuid": "2.0.1", "predis/predis": "1.1.1",
"prologue/alerts": "0.4.1", "prologue/alerts": "0.4.1",
"s1lentium/iptools": "1.1.0", "s1lentium/iptools": "1.1.0",
"edvinaskrucas/settings": "2.0.0", "spatie/laravel-fractal": "3.5.0",
"igaster/laravel-theme": "1.14.0", "webpatser/laravel-uuid": "2.0.1"
"nesbot/carbon": "1.22.1",
"mtdowling/cron-expression": "1.2.0",
"dingo/api": "1.0.0-beta8",
"aws/aws-sdk-php": "3.25.1",
"predis/predis": "1.1.1",
"fideloper/proxy": "3.3.0",
"laracasts/utilities": "2.1.0",
"lord/laroute": "2.4.4",
"nicolaslopezj/searchable": "1.9.5"
}, },
"require-dev": { "require-dev": {
"fzaninotto/faker": "~1.4", "fzaninotto/faker": "~1.4",

639
composer.lock generated
View file

@ -4,8 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"hash": "5f54adee49654a63977f6c5593e5e1a8", "hash": "ae03837be570fb8ebf2a916a50614193",
"content-hash": "081359d468db67f98d08ff1f304ea712", "content-hash": "d4eb663cbd7d79c85e06d626b64cdbcd",
"packages": [ "packages": [
{ {
"name": "aws/aws-sdk-php", "name": "aws/aws-sdk-php",
@ -195,136 +195,6 @@
], ],
"time": "2016-05-05 11:49:03" "time": "2016-05-05 11:49:03"
}, },
{
"name": "dingo/api",
"version": "v1.0.0-beta8",
"source": {
"type": "git",
"url": "https://github.com/dingo/api.git",
"reference": "46cffad61942caa094dd876155e503b6819c5095"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dingo/api/zipball/46cffad61942caa094dd876155e503b6819c5095",
"reference": "46cffad61942caa094dd876155e503b6819c5095",
"shasum": ""
},
"require": {
"dingo/blueprint": "0.2.*",
"illuminate/routing": "^5.1",
"illuminate/support": "^5.1",
"league/fractal": ">=0.12.0",
"php": "^5.5.9 || ^7.0"
},
"require-dev": {
"illuminate/auth": "^5.1",
"illuminate/cache": "^5.1",
"illuminate/console": "^5.1",
"illuminate/database": "^5.1",
"illuminate/events": "^5.1",
"illuminate/filesystem": "^5.1",
"illuminate/log": "^5.1",
"illuminate/pagination": "^5.1",
"laravel/lumen-framework": "5.1.* || 5.2.*",
"lucadegasperi/oauth2-server-laravel": "5.0.*",
"mockery/mockery": "~0.9",
"phpunit/phpunit": "^4.8 || ^5.0",
"squizlabs/php_codesniffer": "~2.0",
"tymon/jwt-auth": "1.0.*"
},
"suggest": {
"lucadegasperi/oauth2-server-laravel": "Protect your API with OAuth 2.0.",
"tymon/jwt-auth": "Protect your API with JSON Web Tokens."
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0-dev"
}
},
"autoload": {
"psr-4": {
"Dingo\\Api\\": "src/"
},
"files": [
"src/helpers.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Jason Lewis",
"email": "jason.lewis1991@gmail.com"
}
],
"description": "A RESTful API package for the Laravel and Lumen frameworks.",
"keywords": [
"api",
"dingo",
"laravel",
"restful"
],
"time": "2017-02-10 00:56:04"
},
{
"name": "dingo/blueprint",
"version": "0.2.2",
"source": {
"type": "git",
"url": "https://github.com/dingo/blueprint.git",
"reference": "690bdf0f76b4428fd52835b9d778fb4551333867"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dingo/blueprint/zipball/690bdf0f76b4428fd52835b9d778fb4551333867",
"reference": "690bdf0f76b4428fd52835b9d778fb4551333867",
"shasum": ""
},
"require": {
"doctrine/annotations": "~1.2",
"illuminate/filesystem": "5.1.* || 5.2.* || 5.3.* || 5.4.*",
"illuminate/support": "5.1.* || 5.2.* || 5.3.* || 5.4.*",
"php": ">=5.5.9",
"phpdocumentor/reflection-docblock": "3.1.*"
},
"require-dev": {
"phpunit/phpunit": "~4.0",
"squizlabs/php_codesniffer": "~2.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "0.2-dev"
}
},
"autoload": {
"psr-4": {
"Dingo\\Blueprint\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Jason Lewis",
"email": "jason.lewis1991@gmail.com"
}
],
"description": "API Blueprint documentation generator.",
"keywords": [
"api",
"blueprint",
"dingo",
"docs",
"laravel"
],
"time": "2017-02-11 17:28:57"
},
{ {
"name": "dnoegel/php-xdg-base-dir", "name": "dnoegel/php-xdg-base-dir",
"version": "0.1", "version": "0.1",
@ -2157,152 +2027,6 @@
], ],
"time": "2017-03-13 16:27:32" "time": "2017-03-13 16:27:32"
}, },
{
"name": "phpdocumentor/reflection-common",
"version": "1.0",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionCommon.git",
"reference": "144c307535e82c8fdcaacbcfc1d6d8eeb896687c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/144c307535e82c8fdcaacbcfc1d6d8eeb896687c",
"reference": "144c307535e82c8fdcaacbcfc1d6d8eeb896687c",
"shasum": ""
},
"require": {
"php": ">=5.5"
},
"require-dev": {
"phpunit/phpunit": "^4.6"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
},
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": [
"src"
]
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jaap van Otterdijk",
"email": "opensource@ijaap.nl"
}
],
"description": "Common reflection classes used by phpdocumentor to reflect the code structure",
"homepage": "http://www.phpdoc.org",
"keywords": [
"FQSEN",
"phpDocumentor",
"phpdoc",
"reflection",
"static analysis"
],
"time": "2015-12-27 11:43:31"
},
{
"name": "phpdocumentor/reflection-docblock",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
"reference": "8331b5efe816ae05461b7ca1e721c01b46bafb3e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/8331b5efe816ae05461b7ca1e721c01b46bafb3e",
"reference": "8331b5efe816ae05461b7ca1e721c01b46bafb3e",
"shasum": ""
},
"require": {
"php": ">=5.5",
"phpdocumentor/reflection-common": "^1.0@dev",
"phpdocumentor/type-resolver": "^0.2.0",
"webmozart/assert": "^1.0"
},
"require-dev": {
"mockery/mockery": "^0.9.4",
"phpunit/phpunit": "^4.4"
},
"type": "library",
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": [
"src/"
]
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mike van Riel",
"email": "me@mikevanriel.com"
}
],
"description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
"time": "2016-09-30 07:12:33"
},
{
"name": "phpdocumentor/type-resolver",
"version": "0.2.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/TypeResolver.git",
"reference": "e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb",
"reference": "e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb",
"shasum": ""
},
"require": {
"php": ">=5.5",
"phpdocumentor/reflection-common": "^1.0"
},
"require-dev": {
"mockery/mockery": "^0.9.4",
"phpunit/phpunit": "^5.2||^4.8.24"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
},
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": [
"src/"
]
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mike van Riel",
"email": "me@mikevanriel.com"
}
],
"time": "2016-11-25 06:54:22"
},
{ {
"name": "pragmarx/google2fa", "name": "pragmarx/google2fa",
"version": "v1.0.1", "version": "v1.0.1",
@ -2766,6 +2490,115 @@
], ],
"time": "2016-08-21 15:57:09" "time": "2016-08-21 15:57:09"
}, },
{
"name": "spatie/fractalistic",
"version": "1.0.2",
"source": {
"type": "git",
"url": "https://github.com/spatie/fractalistic.git",
"reference": "59a2e7dfbd49e58b7de7d5621c1e7365786809f9"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/spatie/fractalistic/zipball/59a2e7dfbd49e58b7de7d5621c1e7365786809f9",
"reference": "59a2e7dfbd49e58b7de7d5621c1e7365786809f9",
"shasum": ""
},
"require": {
"league/fractal": "^0.14.0|^0.15.0",
"php": "^5.6|^7.0"
},
"require-dev": {
"illuminate/pagination": "^5.3",
"phpunit/phpunit": "^5.7"
},
"type": "library",
"autoload": {
"psr-4": {
"Spatie\\Fractalistic\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Freek Van der Herten",
"email": "freek@spatie.be",
"homepage": "https://spatie.be",
"role": "Developer"
}
],
"description": "A developer friendly wrapper around Fractal",
"homepage": "https://github.com/spatie/fractalistic",
"keywords": [
"api",
"fractal",
"fractalistic",
"spatie",
"transform"
],
"time": "2017-01-19 20:51:03"
},
{
"name": "spatie/laravel-fractal",
"version": "3.5.0",
"source": {
"type": "git",
"url": "https://github.com/spatie/laravel-fractal.git",
"reference": "16689b0ce340bc139ba767f0bf2904e4eab2b254"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/spatie/laravel-fractal/zipball/16689b0ce340bc139ba767f0bf2904e4eab2b254",
"reference": "16689b0ce340bc139ba767f0bf2904e4eab2b254",
"shasum": ""
},
"require": {
"illuminate/contracts": "~5.1.0|~5.2.0|~5.3.0|~5.4.0",
"illuminate/support": "~5.1.0|~5.2.0|~5.3.0|~5.4.0",
"php": "^5.6|^7.0",
"spatie/fractalistic": "^1.0"
},
"require-dev": {
"orchestra/testbench": "~3.2.0|3.3.0|~3.4.0",
"phpunit/phpunit": "^5.7.5"
},
"type": "library",
"autoload": {
"psr-4": {
"Spatie\\Fractal\\": "src"
},
"files": [
"src/helpers.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Freek Van der Herten",
"email": "freek@spatie.be",
"homepage": "https://spatie.be",
"role": "Developer"
}
],
"description": "A Fractal service provider for Laravel and Lumen",
"homepage": "https://github.com/spatie/laravel-fractal",
"keywords": [
"api",
"fractal",
"laravel",
"laravel-fractal",
"lumen",
"spatie",
"transform"
],
"time": "2017-02-21 23:17:02"
},
{ {
"name": "swiftmailer/swiftmailer", "name": "swiftmailer/swiftmailer",
"version": "v5.4.6", "version": "v5.4.6",
@ -3755,56 +3588,6 @@
], ],
"time": "2016-09-01 10:05:43" "time": "2016-09-01 10:05:43"
}, },
{
"name": "webmozart/assert",
"version": "1.2.0",
"source": {
"type": "git",
"url": "https://github.com/webmozart/assert.git",
"reference": "2db61e59ff05fe5126d152bd0655c9ea113e550f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/webmozart/assert/zipball/2db61e59ff05fe5126d152bd0655c9ea113e550f",
"reference": "2db61e59ff05fe5126d152bd0655c9ea113e550f",
"shasum": ""
},
"require": {
"php": "^5.3.3 || ^7.0"
},
"require-dev": {
"phpunit/phpunit": "^4.6",
"sebastian/version": "^1.0.1"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Webmozart\\Assert\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Bernhard Schussek",
"email": "bschussek@gmail.com"
}
],
"description": "Assertions to validate method input/output with nice error messages.",
"keywords": [
"assert",
"check",
"validate"
],
"time": "2016-11-23 20:04:58"
},
{ {
"name": "webpatser/laravel-uuid", "name": "webpatser/laravel-uuid",
"version": "2.0.1", "version": "2.0.1",
@ -4223,6 +4006,152 @@
], ],
"time": "2017-01-26 22:05:40" "time": "2017-01-26 22:05:40"
}, },
{
"name": "phpdocumentor/reflection-common",
"version": "1.0",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionCommon.git",
"reference": "144c307535e82c8fdcaacbcfc1d6d8eeb896687c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/144c307535e82c8fdcaacbcfc1d6d8eeb896687c",
"reference": "144c307535e82c8fdcaacbcfc1d6d8eeb896687c",
"shasum": ""
},
"require": {
"php": ">=5.5"
},
"require-dev": {
"phpunit/phpunit": "^4.6"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
},
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": [
"src"
]
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jaap van Otterdijk",
"email": "opensource@ijaap.nl"
}
],
"description": "Common reflection classes used by phpdocumentor to reflect the code structure",
"homepage": "http://www.phpdoc.org",
"keywords": [
"FQSEN",
"phpDocumentor",
"phpdoc",
"reflection",
"static analysis"
],
"time": "2015-12-27 11:43:31"
},
{
"name": "phpdocumentor/reflection-docblock",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
"reference": "8331b5efe816ae05461b7ca1e721c01b46bafb3e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/8331b5efe816ae05461b7ca1e721c01b46bafb3e",
"reference": "8331b5efe816ae05461b7ca1e721c01b46bafb3e",
"shasum": ""
},
"require": {
"php": ">=5.5",
"phpdocumentor/reflection-common": "^1.0@dev",
"phpdocumentor/type-resolver": "^0.2.0",
"webmozart/assert": "^1.0"
},
"require-dev": {
"mockery/mockery": "^0.9.4",
"phpunit/phpunit": "^4.4"
},
"type": "library",
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": [
"src/"
]
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mike van Riel",
"email": "me@mikevanriel.com"
}
],
"description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
"time": "2016-09-30 07:12:33"
},
{
"name": "phpdocumentor/type-resolver",
"version": "0.2.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/TypeResolver.git",
"reference": "e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb",
"reference": "e224fb2ea2fba6d3ad6fdaef91cd09a172155ccb",
"shasum": ""
},
"require": {
"php": ">=5.5",
"phpdocumentor/reflection-common": "^1.0"
},
"require-dev": {
"mockery/mockery": "^0.9.4",
"phpunit/phpunit": "^5.2||^4.8.24"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
},
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": [
"src/"
]
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mike van Riel",
"email": "me@mikevanriel.com"
}
],
"time": "2016-11-25 06:54:22"
},
{ {
"name": "phpspec/prophecy", "name": "phpspec/prophecy",
"version": "v1.7.0", "version": "v1.7.0",
@ -5299,13 +5228,61 @@
"description": "Symfony Yaml Component", "description": "Symfony Yaml Component",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"time": "2017-03-07 16:47:02" "time": "2017-03-07 16:47:02"
},
{
"name": "webmozart/assert",
"version": "1.2.0",
"source": {
"type": "git",
"url": "https://github.com/webmozart/assert.git",
"reference": "2db61e59ff05fe5126d152bd0655c9ea113e550f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/webmozart/assert/zipball/2db61e59ff05fe5126d152bd0655c9ea113e550f",
"reference": "2db61e59ff05fe5126d152bd0655c9ea113e550f",
"shasum": ""
},
"require": {
"php": "^5.3.3 || ^7.0"
},
"require-dev": {
"phpunit/phpunit": "^4.6",
"sebastian/version": "^1.0.1"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Webmozart\\Assert\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Bernhard Schussek",
"email": "bschussek@gmail.com"
}
],
"description": "Assertions to validate method input/output with nice error messages.",
"keywords": [
"assert",
"check",
"validate"
],
"time": "2016-11-23 20:04:58"
} }
], ],
"aliases": [], "aliases": [],
"minimum-stability": "stable", "minimum-stability": "stable",
"stability-flags": { "stability-flags": [],
"dingo/api": 10
},
"prefer-stable": false, "prefer-stable": false,
"prefer-lowest": false, "prefer-lowest": false,
"platform": { "platform": {

View file

@ -1,220 +0,0 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Standards Tree
|--------------------------------------------------------------------------
|
| Versioning an API with Dingo revolves around content negotiation and
| custom MIME types. A custom type will belong to one of three
| standards trees, the Vendor tree (vnd), the Personal tree
| (prs), and the Unregistered tree (x).
|
| By default the Unregistered tree (x) is used, however, should you wish
| to you can register your type with the IANA. For more details:
| https://tools.ietf.org/html/rfc6838
|
*/
'standardsTree' => env('API_STANDARDS_TREE', 'x'),
/*
|--------------------------------------------------------------------------
| API Subtype
|--------------------------------------------------------------------------
|
| Your subtype will follow the standards tree you use when used in the
| "Accept" header to negotiate the content type and version.
|
| For example: Accept: application/x.SUBTYPE.v1+json
|
*/
'subtype' => env('API_SUBTYPE', ''),
/*
|--------------------------------------------------------------------------
| Default API Version
|--------------------------------------------------------------------------
|
| This is the default version when strict mode is disabled and your API
| is accessed via a web browser. It's also used as the default version
| when generating your APIs documentation.
|
*/
'version' => env('API_VERSION', 'v1'),
/*
|--------------------------------------------------------------------------
| Default API Prefix
|--------------------------------------------------------------------------
|
| A default prefix to use for your API routes so you don't have to
| specify it for each group.
|
*/
'prefix' => env('API_PREFIX', 'api'),
/*
|--------------------------------------------------------------------------
| Default API Domain
|--------------------------------------------------------------------------
|
| A default domain to use for your API routes so you don't have to
| specify it for each group.
|
*/
'domain' => env('API_DOMAIN', null),
/*
|--------------------------------------------------------------------------
| Name
|--------------------------------------------------------------------------
|
| When documenting your API using the API Blueprint syntax you can
| configure a default name to avoid having to manually specify
| one when using the command.
|
*/
'name' => env('API_NAME', null),
/*
|--------------------------------------------------------------------------
| Conditional Requests
|--------------------------------------------------------------------------
|
| Globally enable conditional requests so that an ETag header is added to
| any successful response. Subsequent requests will perform a check and
| will return a 304 Not Modified. This can also be enabled or disabled
| on certain groups or routes.
|
*/
'conditionalRequest' => env('API_CONDITIONAL_REQUEST', true),
/*
|--------------------------------------------------------------------------
| Strict Mode
|--------------------------------------------------------------------------
|
| Enabling strict mode will require clients to send a valid Accept header
| with every request. This also voids the default API version, meaning
| your API will not be browsable via a web browser.
|
*/
'strict' => env('API_STRICT', false),
/*
|--------------------------------------------------------------------------
| Debug Mode
|--------------------------------------------------------------------------
|
| Enabling debug mode will result in error responses caused by thrown
| exceptions to have a "debug" key that will be populated with
| more detailed information on the exception.
|
*/
'debug' => env('API_DEBUG', false),
/*
|--------------------------------------------------------------------------
| Generic Error Format
|--------------------------------------------------------------------------
|
| When some HTTP exceptions are not caught and dealt with the API will
| generate a generic error response in the format provided. Any
| keys that aren't replaced with corresponding values will be
| removed from the final response.
|
*/
'errorFormat' => [
'message' => ':message',
'errors' => ':errors',
'code' => ':code',
'status_code' => ':status_code',
'debug' => ':debug',
],
/*
|--------------------------------------------------------------------------
| API Middleware
|--------------------------------------------------------------------------
|
| Middleware that will be applied globally to all API requests.
|
*/
'middleware' => [
],
/*
|--------------------------------------------------------------------------
| Authentication Providers
|--------------------------------------------------------------------------
|
| The authentication providers that should be used when attempting to
| authenticate an incoming API request.
|
*/
'auth' => [
'custom' => 'Pterodactyl\Http\Middleware\APISecretToken',
],
/*
|--------------------------------------------------------------------------
| Throttling / Rate Limiting
|--------------------------------------------------------------------------
|
| Consumers of your API can be limited to the amount of requests they can
| make. You can create your own throttles or simply change the default
| throttles.
|
*/
'throttling' => [
],
/*
|--------------------------------------------------------------------------
| Response Transformer
|--------------------------------------------------------------------------
|
| Responses can be transformed so that they are easier to format. By
| default a Fractal transformer will be used to transform any
| responses prior to formatting. You can easily replace
| this with your own transformer.
|
*/
'transformer' => env('API_TRANSFORMER', Dingo\Api\Transformer\Adapter\Fractal::class),
/*
|--------------------------------------------------------------------------
| Response Formats
|--------------------------------------------------------------------------
|
| Responses can be returned in multiple formats by registering different
| response formatters. You can also customize an existing response
| formatter.
|
*/
'defaultFormat' => env('API_DEFAULT_FORMAT', 'json'),
'formats' => [
'json' => Dingo\Api\Http\Response\Format\Json::class,
],
];

View file

@ -127,8 +127,6 @@ return [
'providers' => [ 'providers' => [
Dingo\Api\Provider\LaravelServiceProvider::class,
/* /*
* Laravel Framework Service Providers... * Laravel Framework Service Providers...
*/ */
@ -180,6 +178,7 @@ return [
Fideloper\Proxy\TrustedProxyServiceProvider::class, Fideloper\Proxy\TrustedProxyServiceProvider::class,
Laracasts\Utilities\JavaScript\JavaScriptServiceProvider::class, Laracasts\Utilities\JavaScript\JavaScriptServiceProvider::class,
Lord\Laroute\LarouteServiceProvider::class, Lord\Laroute\LarouteServiceProvider::class,
Spatie\Fractal\FractalServiceProvider::class,
], ],
@ -210,11 +209,10 @@ return [
'Crypt' => Illuminate\Support\Facades\Crypt::class, 'Crypt' => Illuminate\Support\Facades\Crypt::class,
'DB' => Illuminate\Support\Facades\DB::class, 'DB' => Illuminate\Support\Facades\DB::class,
'Debugbar' => Barryvdh\Debugbar\Facade::class, 'Debugbar' => Barryvdh\Debugbar\Facade::class,
'Dingo' => Dingo\Api\Facade\API::class,
'DingoRoute'=> Dingo\Api\Facade\Route::class,
'Eloquent' => Illuminate\Database\Eloquent\Model::class, 'Eloquent' => Illuminate\Database\Eloquent\Model::class,
'Event' => Illuminate\Support\Facades\Event::class, 'Event' => Illuminate\Support\Facades\Event::class,
'File' => Illuminate\Support\Facades\File::class, 'File' => Illuminate\Support\Facades\File::class,
'Fractal' => Spatie\Fractal\FractalFacade::class,
'Gate' => Illuminate\Support\Facades\Gate::class, 'Gate' => Illuminate\Support\Facades\Gate::class,
'Google2FA' => PragmaRX\Google2FA\Vendor\Laravel\Facade::class, 'Google2FA' => PragmaRX\Google2FA\Vendor\Laravel\Facade::class,
'Hash' => Illuminate\Support\Facades\Hash::class, 'Hash' => Illuminate\Support\Facades\Hash::class,

View file

@ -28,7 +28,7 @@ return [
*/ */
'storage' => [ 'storage' => [
'enabled' => true, 'enabled' => true,
'driver' => 'file', // redis, file, pdo 'driver' => env('DEBUGBAR_DRIVER', 'file'), // redis, file, pdo
'path' => storage_path() . '/debugbar', // For file driver 'path' => storage_path() . '/debugbar', // For file driver
'connection' => null, // Leave null for default connection (Redis/PDO) 'connection' => null, // Leave null for default connection (Redis/PDO)
], ],
@ -125,7 +125,7 @@ return [
'enabled' => false, 'enabled' => false,
'types' => ['SELECT', 'INSERT', 'UPDATE', 'DELETE'], // array('SELECT', 'INSERT', 'UPDATE', 'DELETE'); for MySQL 5.6.3+ 'types' => ['SELECT', 'INSERT', 'UPDATE', 'DELETE'], // array('SELECT', 'INSERT', 'UPDATE', 'DELETE'); for MySQL 5.6.3+
], ],
'hints' => true, // Show hints for common mistakes 'hints' => false, // Show hints for common mistakes
], ],
'mail' => [ 'mail' => [
'full_log' => false, 'full_log' => false,

View file

@ -0,0 +1,18 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Serializer
|--------------------------------------------------------------------------
|
| The default serializer to be used when performing a transformation. It
| may be left empty to use Fractal's default one. This can either be a
| string or a League\Fractal\Serializer\SerializerAbstract subclass.
|
*/
'default_serializer' => League\Fractal\Serializer\JsonApiSerializer::class,
];

View file

@ -26,8 +26,24 @@ return [
*/ */
'paginate' => [ 'paginate' => [
'frontend' => [ 'frontend' => [
'servers' => 15, 'servers' => env('APP_PAGINATE_FRONT_SERVERS', 15),
], ],
'api' => [
'nodes' => env('APP_PAGINATE_API_NODES', 25),
'servers' => env('APP_PAGINATE_API_SERVERS', 25),
'users' => env('APP_PAGINATE_API_USERS', 25),
],
],
/*
|--------------------------------------------------------------------------
| API Options
|--------------------------------------------------------------------------
|
| Configuration options for the API.
*/
'api' => [
'include_on_list' => env('API_INCLUDE_ON_LIST', false),
], ],
/* /*
@ -103,4 +119,18 @@ return [
'lang' => [ 'lang' => [
'in_context' => env('PHRASE_IN_CONTEXT', false), 'in_context' => env('PHRASE_IN_CONTEXT', false),
], ],
/*
|--------------------------------------------------------------------------
| JSON Response Routes
|--------------------------------------------------------------------------
|
| You should not edit this block. These routes are ajax based routes that
| expect content to be returned in JSON format.
*/
'json_routes' => [
'api/*',
'daemon/*',
'remote/*',
],
]; ];

View file

@ -0,0 +1,32 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class DropDeletedAtColumnFromServers extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('servers', function (Blueprint $table) {
$table->dropColumn('deleted_at');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('servers', function (Blueprint $table) {
$table->timestamp('deleted_at')->nullable();
});
}
}

View file

@ -46,122 +46,162 @@ return [
'title' => 'Allowed IPs', 'title' => 'Allowed IPs',
'description' => 'Enter a line delimitated list of IPs that are allowed to access the API using this key. CIDR notation is allowed. Leave blank to allow any IP.', 'description' => 'Enter a line delimitated list of IPs that are allowed to access the API using this key. CIDR notation is allowed. Leave blank to allow any IP.',
], ],
'base' => [ ],
'title' => 'Base Information', 'permissions' => [
'information' => [ 'user' => [
'title' => 'Base Information', 'server_header' => 'User Server Permissions',
'description' => 'Returns a listing of all servers that this account has access to.',
],
],
'user_management' => [
'title' => 'User Management',
'list' => [
'title' => 'List Users',
'description' => 'Allows listing of all users currently on the system.',
],
'create' => [
'title' => 'Create User',
'description' => 'Allows creating a new user on the system.',
],
'view' => [
'title' => 'List Single User',
'description' => 'Allows viewing details about a specific user including active services.',
],
'update' => [
'title' => 'Update User',
'description' => 'Allows modifying user details (email, password, TOTP information).',
],
'delete' => [
'title' => 'Delete User',
'description' => 'Allows deleting a user.',
],
],
'node_management' => [
'title' => 'Node Management',
'list' => [
'title' => 'List Nodes',
'description' => 'Allows listing of all nodes currently on the system.',
],
'create' => [
'title' => 'Create Node',
'description' => 'Allows creating a new node on the system.',
],
'view' => [
'title' => 'List Single Node',
'description' => 'Allows viewing details about a specific node including active services.',
],
'allocations' => [
'title' => 'List Allocations',
'description' => 'Allows viewing all allocations on the panel for all nodes.',
],
'delete' => [
'title' => 'Delete Node',
'description' => 'Allows deleting a node.',
],
],
'server_management' => [
'title' => 'Server Management',
'server' => [ 'server' => [
'title' => 'Server Info', 'list' => [
'description' => 'Allows access to viewing information about a single server including current stats and allocations.', 'title' => 'List Servers',
], 'desc' => 'Allows listing of all servers a user owns or has access to as a subuser.',
'power' => [ ],
'title' => 'Server Power', 'view' => [
'description' => 'Allows access to control server power status.', 'title' => 'View Server',
], 'desc'=> 'Allows viewing of specific server user can access.',
'command' => [ ],
'title' => 'Send Command', 'power' => [
'description' => 'Allows a user to send a command to a specified server.', 'title' => 'Toggle Power',
], 'desc'=> 'Allow toggling of power status for a server.',
'view' => [ ],
'title' => 'Show Single Server', 'command' => [
'description' => 'Allows viewing details about a specific server including the daemon_token as well as current process information.', 'title' => 'Send Command',
], 'desc'=> 'Allow sending of a command to a running server.',
'list' => [ ],
'title' => 'List Servers',
'description' => 'Allows listing of all servers currently on the system.',
],
'create' => [
'title' => 'Create Server',
'description' => 'Allows creating a new server on the system.',
],
'config' => [
'title' => 'Update Configuration',
'description' => 'Allows modifying server config (name, owner, and access token).',
],
'build' => [
'title' => 'Update Build',
'description' => 'Allows modifying a server\'s build parameters such as memory, CPU, and disk space along with assigned and default IPs.',
],
'suspend' => [
'title' => 'Suspend Server',
'description' => 'Allows suspending a server instance.',
],
'unsuspend' => [
'title' => 'Unsuspend Server',
'description' => 'Allows unsuspending a server instance.',
],
'delete' => [
'title' => 'Delete Server',
'description' => 'Allows deleting a server.',
], ],
], ],
'service_management' => [ 'admin' => [
'title' => 'Service Management', 'server_header' => 'Server Control',
'list' => [ 'server' => [
'title' => 'List Services', 'list' => [
'description' => 'Allows listing of all services configured on the system.', 'title' => 'List Servers',
'desc' => 'Allows listing of all servers currently on the system.',
],
'view' => [
'title' => 'View Server',
'desc' => 'Allows view of single server including service and details.',
],
'delete' => [
'title' => 'Delete Server',
'desc' => 'Allows deletion of a server from the system.',
],
'create' => [
'title' => 'Create Server',
'desc' => 'Allows creation of a new server on the system.',
],
'edit-details' => [
'title' => 'Edit Server Details',
'desc' => 'Allows editing of server details such as name, owner, description, and secret key.',
],
'edit-container' => [
'title' => 'Edit Server Container',
'desc' => 'Allows for modification of the docker container the server runs in.',
],
'suspend' => [
'title' => 'Suspend Server',
'desc' => 'Allows for the suspension and unsuspension of a given server.',
],
'install' => [
'title' => 'Toggle Install Status',
'desc' => '',
],
'rebuild' => [
'title' => 'Rebuild Server',
'desc' => '',
],
'edit-build' => [
'title' => 'Edit Server Build',
'desc' => 'Allows editing of server build setting such as CPU and memory allocations.',
],
'edit-startup' => [
'title' => 'Edit Server Startup',
'desc' => 'Allows modification of server startup commands and parameters.',
],
], ],
'view' => [ 'location_header' => 'Location Control',
'title' => 'List Single Service', 'location' => [
'description' => 'Allows listing details about each service on the system including service options and variables.', 'list' => [
'title' => 'List Locations',
'desc' => 'Allows listing all locations and thier associated nodes.',
],
], ],
], 'node_header' => 'Node Control',
'location_management' => [ 'node' => [
'title' => 'Location Management', 'list' => [
'list' => [ 'title' => 'List Nodes',
'title' => 'List Locations', 'desc' => 'Allows listing of all nodes currently on the system.',
'description' => 'Allows listing all locations and thier associated nodes.', ],
'view' => [
'title' => 'View Node',
'desc' => 'llows viewing details about a specific node including active services.',
],
'view-config' => [
'title' => 'View Node Configuration',
'desc' => 'Danger. This allows the viewing of the node configuration file used by the daemon, and exposes secret daemon tokens.',
],
'create' => [
'title' => 'Create Node',
'desc' => 'Allows creating a new node on the system.',
],
'delete' => [
'title' => 'Delete Node',
'desc' => 'Allows deletion of a node from the system.',
],
],
'user_header' => 'User Control',
'user' => [
'list' => [
'title' => 'List Users',
'desc' => 'Allows listing of all users currently on the system.',
],
'view' => [
'title' => 'View User',
'desc' => 'Allows viewing details about a specific user including active services.',
],
'create' => [
'title' => 'Create User',
'desc' => 'Allows creating a new user on the system.',
],
'edit' => [
'title' => 'Update User',
'desc' => 'Allows modification of user details.',
],
'delete' => [
'title' => 'Delete User',
'desc' => 'Allows deleting a user.',
],
],
'service_header' => 'Service Control',
'service' => [
'list' => [
'title' => 'List Services',
'desc' => 'Allows listing of all services configured on the system.',
],
'view' => [
'title' => 'View Service',
'desc' => 'Allows listing details about each service on the system including service options and variables.',
],
],
'option_header' => 'Option Control',
'option' => [
'list' => [
'title' => 'List Options',
'desc' => '',
],
'view' => [
'title' => 'View Option',
'desc' => '',
],
],
'pack_header' => 'Pack Control',
'pack' => [
'list' => [
'title' => 'List Packs',
'desc' => '',
],
'view' => [
'title' => 'View Pack',
'desc' => '',
],
], ],
], ],
], ],

View file

@ -47,8 +47,8 @@
@endsection @endsection
@section('content') @section('content')
<div class="row"> <form action="{{ route('account.api.new') }}" method="POST">
<form action="{{ route('account.api.new') }}" method="POST" id="permsForm"> <div class="row">
<div class="col-xs-12"> <div class="col-xs-12">
<div class="box"> <div class="box">
<div class="box-header with-border"> <div class="box-header with-border">
@ -75,292 +75,70 @@
</div> </div>
</div> </div>
<div class="col-xs-6"> <div class="col-xs-6">
{!! csrf_field() !!}
<button class="btn btn-success pull-right">@lang('strings.create') &rarr;</button> <button class="btn btn-success pull-right">@lang('strings.create') &rarr;</button>
</div> </div>
</div> </div>
<div class="text-right">
</div>
</div> </div>
</div> </div>
</div> </div>
<div class="col-xs-12 col-lg-6"> </div>
<div class="box"> <div class="row">
<div class="box-header with-border"> @foreach($permissions['user'] as $block => $perms)
<div class="box-title">@lang('base.api.new.base.title')</div> <div class="col-sm-12">
</div> <div class="box box-primary">
<div class="box-body"> <div class="box-header with-border">
<div class="form-group"> <h3 class="box-title">@lang('base.api.permissions.user.' . $block . '_header')</h3>
<div class="checkbox checkbox-primary no-margin-bottom"> </div>
<input id="user:*" name="permissions[]" type="checkbox" value="user:*"> <div class="box-body">
<label for="user:*" class="strong"> @foreach($perms as $permission)
<span class="label label-default">GET</span> @lang('base.api.new.base.information.title') <div class="form-group">
</label> <div class="checkbox checkbox-primary no-margin-bottom">
</div> <input id="{{ 'user.' . $block . '-' . $permission }}" name="permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
<p class="text-muted small">@lang('base.api.new.base.information.description')</p> <label for="{{ 'user.' . $block . '-' . $permission }}" class="strong">
@lang('base.api.permissions.user.' . $block . '.' . $permission . '.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.permissions.user.' . $block . '.' . $permission . '.desc')</p>
</div>
@endforeach
</div> </div>
</div> </div>
</div> </div>
@if(Auth::user()->isRootAdmin()) @if ($loop->iteration % 2 === 0)
<div class="box"> <div class="clearfix visible-lg-block visible-md-block visible-sm-block"></div>
<div class="box-header with-border">
<div class="box-title">@lang('base.api.new.user_management.title')</div>
</div>
<div class="box-body">
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:users.list" name="adminPermissions[]" type="checkbox" value="admin:users.list">
<label for="admin:users.list" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.user_management.list.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.user_management.list.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:users.create" name="adminPermissions[]" type="checkbox" value="admin:users.create">
<label for="admin:users.create" class="strong">
<span class="label label-default">POST</span> @lang('base.api.new.user_management.create.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.user_management.create.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:users.view" name="adminPermissions[]" type="checkbox" value="admin:users.view">
<label for="admin:users.view" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.user_management.view.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.user_management.view.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:users.update" name="adminPermissions[]" type="checkbox" value="admin:users.update">
<label for="admin:users.update" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.user_management.update.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.user_management.update.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-danger no-margin-bottom">
<input id="admin:users.delete" name="adminPermissions[]" type="checkbox" value="admin:users.delete">
<label for="admin:users.delete" class="strong">
<span class="label label-danger">DELETE</span> @lang('base.api.new.user_management.delete.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.user_management.delete.description')</p>
</div>
</div>
</div>
<div class="box">
<div class="box-header with-border">
<div class="box-title">@lang('base.api.new.node_management.title')</div>
</div>
<div class="box-body">
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:nodes.list" name="adminPermissions[]" type="checkbox" value="admin:nodes.list">
<label for="admin:nodes.list" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.node_management.list.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.node_management.list.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:nodes.create" name="adminPermissions[]" type="checkbox" value="admin:nodes.create">
<label for="admin:nodes.create" class="strong">
<span class="label label-default">POST</span> @lang('base.api.new.node_management.create.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.node_management.create.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:nodes.view" name="adminPermissions[]" type="checkbox" value="admin:nodes.view">
<label for="admin:nodes.view" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.node_management.view.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.node_management.view.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:nodes.allocations" name="adminPermissions[]" type="checkbox" value="admin:nodes.allocations">
<label for="admin:nodes.allocations" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.node_management.allocations.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.node_management.allocations.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-danger no-margin-bottom">
<input id="admin:nodes.delete" name="adminPermissions[]" type="checkbox" value="admin:nodes.delete">
<label for="admin:nodes.delete" class="strong">
<span class="label label-danger">DELETE</span> @lang('base.api.new.node_management.delete.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.node_management.delete.description')</p>
</div>
</div>
</div>
<div class="box">
<div class="box-header with-border">
<div class="box-title">@lang('base.api.new.location_management.title')</div>
</div>
<div class="box-body">
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:locations.list" name="adminPermissions[]" type="checkbox" value="admin:locations.list">
<label for="admin:locations.list" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.location_management.list.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.location_management.list.description')</p>
</div>
</div>
</div>
@endif @endif
</div> @endforeach
<div class="col-xs-12 col-lg-6"> </div>
<div class="box"> <div class="row">
<div class="box-header with-border"> @foreach($permissions['admin'] as $block => $perms)
<div class="box-title">@lang('base.api.new.server_management.title')</div> <div class="col-lg-4 col-sm-6">
</div> <div class="box box-danger">
<div class="box-body">
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="user:server" name="permissions[]" type="checkbox" value="user:server">
<label for="user:server" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.server_management.server.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.server.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="user:server.power" name="permissions[]" type="checkbox" value="user:server.power">
<label for="user:server.power" class="strong">
<span class="label label-default">POST</span> @lang('base.api.new.server_management.power.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.power.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="user:server.command" name="permissions[]" type="checkbox" value="user:server.command">
<label for="user:server.command" class="strong">
<span class="label label-default">POST</span> @lang('base.api.new.server_management.command.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.command.description')</p>
</div>
@if(Auth::user()->isRootAdmin())
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:servers.view" name="adminPermissions[]" type="checkbox" value="admin:servers.view">
<label for="admin:servers.view" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.server_management.view.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.view.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:servers.list" name="adminPermissions[]" type="checkbox" value="admin:servers.list">
<label for="admin:servers.list" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.server_management.list.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.list.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:servers.create" name="adminPermissions[]" type="checkbox" value="admin:servers.create">
<label for="admin:servers.create" class="strong">
<span class="label label-default">POST</span> @lang('base.api.new.server_management.create.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.create.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:servers.config" name="adminPermissions[]" type="checkbox" value="admin:servers.config">
<label for="admin:servers.config" class="strong">
<span class="label label-default">PATCH</span> @lang('base.api.new.server_management.config.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.config.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:servers.build" name="adminPermissions[]" type="checkbox" value="admin:servers.build">
<label for="admin:servers.build" class="strong">
<span class="label label-default">PATCH</span> @lang('base.api.new.server_management.build.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.build.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-warning no-margin-bottom">
<input id="admin:servers.suspend" name="adminPermissions[]" type="checkbox" value="admin:servers.suspend">
<label for="admin:servers.suspend" class="strong">
<span class="label label-default">POST</span> @lang('base.api.new.server_management.suspend.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.suspend.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-warning no-margin-bottom">
<input id="admin:servers.unsuspend" name="adminPermissions[]" type="checkbox" value="admin:servers.unsuspend">
<label for="admin:servers.unsuspend" class="strong">
<span class="label label-default">POST</span> @lang('base.api.new.server_management.unsuspend.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.unsuspend.description')</p>
</div>
<div class="form-group">
<div class="checkbox checkbox-danger no-margin-bottom">
<input id="admin:servers.delete" name="adminPermissions[]" type="checkbox" value="admin:servers.delete">
<label for="admin:servers.delete" class="strong">
<span class="label label-danger">DELETE</span> @lang('base.api.new.server_management.delete.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.server_management.delete.description')</p>
</div>
@endif
</div>
</div>
@if(Auth::user()->isRootAdmin())
<div class="box">
<div class="box-header with-border"> <div class="box-header with-border">
<div class="box-title">@lang('base.api.new.service_management.title')</div> <h3 class="box-title">@lang('base.api.permissions.admin.' . $block . '_header')</h3>
</div> </div>
<div class="box-body"> <div class="box-body">
<div class="form-group"> @foreach($perms as $permission)
<div class="checkbox checkbox-primary no-margin-bottom"> <div class="form-group">
<input id="admin:services.list" name="adminPermissions[]" type="checkbox" value="admin:services.list"> <div class="checkbox {{ $permission === 'delete' ? 'checkbox-danger' : 'checkbox-primary' }} no-margin-bottom">
<label for="admin:services.list" class="strong"> <input id="{{ $block . '-' . $permission }}" name="admin_permissions[]" type="checkbox" value="{{ $block . '-' . $permission }}"/>
<span class="label label-default">GET</span> @lang('base.api.new.service_management.list.title') <label for="{{ $block . '-' . $permission }}" class="strong">
</label> @lang('base.api.permissions.admin.' . $block . '.' . $permission . '.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.permissions.admin.' . $block . '.' . $permission . '.desc')</p>
</div> </div>
<p class="text-muted small">@lang('base.api.new.service_management.list.description')</p> @endforeach
</div>
<div class="form-group">
<div class="checkbox checkbox-primary no-margin-bottom">
<input id="admin:services.view" name="adminPermissions[]" type="checkbox" value="admin:services.view">
<label for="admin:services.view" class="strong">
<span class="label label-default">GET</span> @lang('base.api.new.service_management.view.title')
</label>
</div>
<p class="text-muted small">@lang('base.api.new.service_management.view.description')</p>
</div>
</div> </div>
</div> </div>
</div>
@if ($loop->iteration % 3 === 0)
<div class="clearfix visible-lg-block"></div>
@endif @endif
</div> @if ($loop->iteration % 2 === 0)
{!! csrf_field() !!} <div class="clearfix visible-md-block visible-sm-block"></div>
</form> @endif
</div> @endforeach
</div>
</form>
@endsection @endsection

View file

@ -21,7 +21,6 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
Route::get('/', 'BaseController@getIndex')->name('admin.index'); Route::get('/', 'BaseController@getIndex')->name('admin.index');
/* /*
@ -79,15 +78,15 @@ Route::group(['prefix' => 'settings'], function () {
| |
*/ */
Route::group(['prefix' => 'users'], function () { Route::group(['prefix' => 'users'], function () {
Route::get('/', 'UserController@getIndex')->name('admin.users'); Route::get('/', 'UserController@index')->name('admin.users');
Route::get('/accounts.json', 'UserController@getJson')->name('admin.users.json'); Route::get('/accounts.json', 'UserController@json')->name('admin.users.json');
Route::get('/new', 'UserController@getNew')->name('admin.users.new'); Route::get('/new', 'UserController@create')->name('admin.users.new');
Route::get('/view/{id}', 'UserController@getView')->name('admin.users.view'); Route::get('/view/{id}', 'UserController@view')->name('admin.users.view');
Route::post('/new', 'UserController@postNew'); Route::post('/new', 'UserController@store');
Route::post('/view/{id}', 'UserController@updateUser'); Route::post('/view/{id}', 'UserController@update');
Route::delete('/view/{id}', 'UserController@deleteUser'); Route::delete('/view/{id}', 'UserController@delete');
}); });
/* /*
@ -100,8 +99,8 @@ Route::group(['prefix' => 'users'], function () {
*/ */
Route::group(['prefix' => 'servers'], function () { Route::group(['prefix' => 'servers'], function () {
Route::get('/', 'ServersController@index')->name('admin.servers'); Route::get('/', 'ServersController@index')->name('admin.servers');
Route::get('/new', 'ServersController@new')->name('admin.servers.new'); Route::get('/new', 'ServersController@create')->name('admin.servers.new');
Route::get('/new/nodes', 'ServersController@newServerNodes')->name('admin.servers.new.nodes'); Route::get('/new/nodes', 'ServersController@nodes')->name('admin.servers.new.nodes');
Route::get('/view/{id}', 'ServersController@viewIndex')->name('admin.servers.view'); Route::get('/view/{id}', 'ServersController@viewIndex')->name('admin.servers.view');
Route::get('/view/{id}/details', 'ServersController@viewDetails')->name('admin.servers.view.details'); Route::get('/view/{id}/details', 'ServersController@viewDetails')->name('admin.servers.view.details');
Route::get('/view/{id}/build', 'ServersController@viewBuild')->name('admin.servers.view.build'); Route::get('/view/{id}/build', 'ServersController@viewBuild')->name('admin.servers.view.build');
@ -110,7 +109,7 @@ Route::group(['prefix' => 'servers'], function () {
Route::get('/view/{id}/manage', 'ServersController@viewManage')->name('admin.servers.view.manage'); Route::get('/view/{id}/manage', 'ServersController@viewManage')->name('admin.servers.view.manage');
Route::get('/view/{id}/delete', 'ServersController@viewDelete')->name('admin.servers.view.delete'); Route::get('/view/{id}/delete', 'ServersController@viewDelete')->name('admin.servers.view.delete');
Route::post('/new', 'ServersController@create'); Route::post('/new', 'ServersController@store');
Route::post('/view/{id}/details', 'ServersController@setDetails'); Route::post('/view/{id}/details', 'ServersController@setDetails');
Route::post('/view/{id}/details/container', 'ServersController@setContainer')->name('admin.servers.view.details.container'); Route::post('/view/{id}/details/container', 'ServersController@setContainer')->name('admin.servers.view.details.container');
Route::post('/view/{id}/build', 'ServersController@updateBuild'); Route::post('/view/{id}/build', 'ServersController@updateBuild');
@ -136,7 +135,7 @@ Route::group(['prefix' => 'servers'], function () {
*/ */
Route::group(['prefix' => 'nodes'], function () { Route::group(['prefix' => 'nodes'], function () {
Route::get('/', 'NodesController@index')->name('admin.nodes'); Route::get('/', 'NodesController@index')->name('admin.nodes');
Route::get('/new', 'NodesController@new')->name('admin.nodes.new'); Route::get('/new', 'NodesController@create')->name('admin.nodes.new');
Route::get('/view/{id}', 'NodesController@viewIndex')->name('admin.nodes.view'); Route::get('/view/{id}', 'NodesController@viewIndex')->name('admin.nodes.view');
Route::get('/view/{id}/settings', 'NodesController@viewSettings')->name('admin.nodes.view.settings'); Route::get('/view/{id}/settings', 'NodesController@viewSettings')->name('admin.nodes.view.settings');
Route::get('/view/{id}/configuration', 'NodesController@viewConfiguration')->name('admin.nodes.view.configuration'); Route::get('/view/{id}/configuration', 'NodesController@viewConfiguration')->name('admin.nodes.view.configuration');
@ -144,7 +143,7 @@ Route::group(['prefix' => 'nodes'], function () {
Route::get('/view/{id}/servers', 'NodesController@viewServers')->name('admin.nodes.view.servers'); Route::get('/view/{id}/servers', 'NodesController@viewServers')->name('admin.nodes.view.servers');
Route::get('/view/{id}/settings/token', 'NodesController@setToken')->name('admin.nodes.view.configuration.token'); Route::get('/view/{id}/settings/token', 'NodesController@setToken')->name('admin.nodes.view.configuration.token');
Route::post('/new', 'NodesController@create'); Route::post('/new', 'NodesController@store');
Route::post('/view/{id}/settings', 'NodesController@updateSettings'); Route::post('/view/{id}/settings', 'NodesController@updateSettings');
Route::post('/view/{id}/allocation', 'NodesController@createAllocation'); Route::post('/view/{id}/allocation', 'NodesController@createAllocation');
Route::post('/view/{id}/allocation/remove', 'NodesController@allocationRemoveBlock')->name('admin.nodes.view.allocation.removeBlock'); Route::post('/view/{id}/allocation/remove', 'NodesController@allocationRemoveBlock')->name('admin.nodes.view.allocation.removeBlock');
@ -164,16 +163,16 @@ Route::group(['prefix' => 'nodes'], function () {
*/ */
Route::group(['prefix' => 'services'], function () { Route::group(['prefix' => 'services'], function () {
Route::get('/', 'ServiceController@index')->name('admin.services'); Route::get('/', 'ServiceController@index')->name('admin.services');
Route::get('/new', 'ServiceController@new')->name('admin.services.new'); Route::get('/new', 'ServiceController@create')->name('admin.services.new');
Route::get('/view/{id}', 'ServiceController@view')->name('admin.services.view'); Route::get('/view/{id}', 'ServiceController@view')->name('admin.services.view');
Route::get('/view/{id}/functions', 'ServiceController@viewFunctions')->name('admin.services.view.functions'); Route::get('/view/{id}/functions', 'ServiceController@viewFunctions')->name('admin.services.view.functions');
Route::get('/option/new', 'OptionController@new')->name('admin.services.option.new'); Route::get('/option/new', 'OptionController@create')->name('admin.services.option.new');
Route::get('/option/{id}', 'OptionController@viewConfiguration')->name('admin.services.option.view'); Route::get('/option/{id}', 'OptionController@viewConfiguration')->name('admin.services.option.view');
Route::get('/option/{id}/variables', 'OptionController@viewVariables')->name('admin.services.option.variables'); Route::get('/option/{id}/variables', 'OptionController@viewVariables')->name('admin.services.option.variables');
Route::post('/new', 'ServiceController@create'); Route::post('/new', 'ServiceController@store');
Route::post('/view/{id}', 'ServiceController@edit'); Route::post('/view/{id}', 'ServiceController@edit');
Route::post('/option/new', 'OptionController@new'); Route::post('/option/new', 'OptionController@store');
Route::post('/option/{id}', 'OptionController@editConfiguration'); Route::post('/option/{id}', 'OptionController@editConfiguration');
Route::post('/option/{id}/variables', 'OptionController@createVariable'); Route::post('/option/{id}/variables', 'OptionController@createVariable');
Route::post('/option/{id}/variables/{variable}', 'OptionController@editVariable')->name('admin.services.option.variables.edit'); Route::post('/option/{id}/variables/{variable}', 'OptionController@editVariable')->name('admin.services.option.variables.edit');
@ -191,11 +190,11 @@ Route::group(['prefix' => 'services'], function () {
*/ */
Route::group(['prefix' => 'packs'], function () { Route::group(['prefix' => 'packs'], function () {
Route::get('/', 'PackController@index')->name('admin.packs'); Route::get('/', 'PackController@index')->name('admin.packs');
Route::get('/new', 'PackController@new')->name('admin.packs.new'); Route::get('/new', 'PackController@create')->name('admin.packs.new');
Route::get('/new/template', 'PackController@newTemplate')->name('admin.packs.new.template'); Route::get('/new/template', 'PackController@newTemplate')->name('admin.packs.new.template');
Route::get('/view/{id}', 'PackController@view')->name('admin.packs.view'); Route::get('/view/{id}', 'PackController@view')->name('admin.packs.view');
Route::post('/new', 'PackController@create'); Route::post('/new', 'PackController@store');
Route::post('/view/{id}', 'PackController@update'); Route::post('/view/{id}', 'PackController@update');
Route::post('/view/{id}/export/{files?}', 'PackController@export')->name('admin.packs.view.export'); Route::post('/view/{id}/export/{files?}', 'PackController@export')->name('admin.packs.view.export');
}); });

112
routes/api-admin.php Normal file
View file

@ -0,0 +1,112 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
Route::get('/', 'CoreController@index');
/*
|--------------------------------------------------------------------------
| Server Controller Routes
|--------------------------------------------------------------------------
|
| Endpoint: /api/admin/servers
|
*/
Route::group(['prefix' => '/servers'], function () {
Route::get('/', 'ServerController@index');
Route::get('/{id}', 'ServerController@view');
Route::post('/', 'ServerController@store');
Route::put('/{id}/details', 'ServerController@details');
Route::put('/{id}/container', 'ServerController@container');
Route::put('/{id}/build', 'ServerController@build');
Route::put('/{id}/startup', 'ServerController@startup');
Route::patch('/{id}/install', 'ServerController@install');
Route::patch('/{id}/rebuild', 'ServerController@rebuild');
Route::patch('/{id}/suspend', 'ServerController@suspend');
Route::delete('/{id}', 'ServerController@delete');
});
/*
|--------------------------------------------------------------------------
| Location Controller Routes
|--------------------------------------------------------------------------
|
| Endpoint: /api/admin/locations
|
*/
Route::group(['prefix' => '/locations'], function () {
Route::get('/', 'LocationController@index');
});
/*
|--------------------------------------------------------------------------
| Node Controller Routes
|--------------------------------------------------------------------------
|
| Endpoint: /api/admin/nodes
|
*/
Route::group(['prefix' => '/nodes'], function () {
Route::get('/', 'NodeController@index');
Route::get('/{id}', 'NodeController@view');
Route::get('/{id}/config', 'NodeController@viewConfig');
Route::post('/', 'NodeController@store');
Route::delete('/{id}', 'NodeController@delete');
});
/*
|--------------------------------------------------------------------------
| User Controller Routes
|--------------------------------------------------------------------------
|
| Endpoint: /api/admin/users
|
*/
Route::group(['prefix' => '/users'], function () {
Route::get('/', 'UserController@index');
Route::get('/{id}', 'UserController@view');
Route::post('/', 'UserController@store');
Route::put('/{id}', 'UserController@update');
Route::delete('/{id}', 'UserController@delete');
});
/*
|--------------------------------------------------------------------------
| Service Controller Routes
|--------------------------------------------------------------------------
|
| Endpoint: /api/admin/services
|
*/
Route::group(['prefix' => '/services'], function () {
Route::get('/', 'ServiceController@index');
Route::get('/{id}', 'ServiceController@view');
});

View file

@ -21,13 +21,22 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
Route::get('/', 'CoreController@index')->name('api.user');
namespace Pterodactyl\Http\Controllers\API; /*
|--------------------------------------------------------------------------
| Server Controller Routes
|--------------------------------------------------------------------------
|
| Endpoint: /api/user/server/{server}
|
*/
Route::group([
'prefix' => '/server/{server}',
'middleware' => 'server',
], function () {
Route::get('/', 'ServerController@index')->name('api.user.server');
use Dingo\Api\Routing\Helpers; Route::post('/power', 'ServerController@power')->name('api.user.server.power');
use Illuminate\Routing\Controller; Route::post('/command', 'ServerController@command')->name('api.user.server.command');
});
class BaseController extends Controller
{
use Helpers;
}

View file

@ -21,7 +21,6 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
Route::get('/logout', 'LoginController@logout')->name('auth.logout')->middleware('auth'); Route::get('/logout', 'LoginController@logout')->name('auth.logout')->middleware('auth');
Route::get('/login', 'LoginController@showLoginForm')->name('auth.login'); Route::get('/login', 'LoginController@showLoginForm')->name('auth.login');
Route::get('/login/totp', 'LoginController@totp')->name('auth.totp'); Route::get('/login/totp', 'LoginController@totp')->name('auth.totp');

View file

@ -21,7 +21,6 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
Route::get('/', 'IndexController@getIndex')->name('index'); Route::get('/', 'IndexController@getIndex')->name('index');
Route::get('/index', function () { Route::get('/index', function () {
redirect()->route('index'); redirect()->route('index');
@ -51,9 +50,9 @@ Route::group(['prefix' => 'account'], function () {
*/ */
Route::group(['prefix' => 'account/api'], function () { Route::group(['prefix' => 'account/api'], function () {
Route::get('/', 'APIController@index')->name('account.api'); Route::get('/', 'APIController@index')->name('account.api');
Route::get('/new', 'APIController@new')->name('account.api.new'); Route::get('/new', 'APIController@create')->name('account.api.new');
Route::post('/new', 'APIController@save'); Route::post('/new', 'APIController@store');
Route::delete('/revoke/{key}', 'APIController@revoke')->name('account.api.revoke'); Route::delete('/revoke/{key}', 'APIController@revoke')->name('account.api.revoke');
}); });

View file

@ -21,7 +21,6 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
Route::get('/services', 'ServiceController@list')->name('daemon.services'); Route::get('/services', 'ServiceController@list')->name('daemon.services');
Route::get('/services/pull/{service}/{file}', 'ServiceController@pull')->name('daemon.pull'); Route::get('/services/pull/{service}/{file}', 'ServiceController@pull')->name('daemon.pull');
Route::get('/packs/pull/{uuid}', 'PackController@pull')->name('daemon.pack.pull'); Route::get('/packs/pull/{uuid}', 'PackController@pull')->name('daemon.pack.pull');

View file

@ -21,7 +21,6 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
Route::get('/configuration/{token}', 'RemoteController@getConfiguration')->name('remote.configuration'); Route::get('/configuration/{token}', 'RemoteController@getConfiguration')->name('remote.configuration');
Route::post('/download', 'RemoteController@postDownload')->name('remote.download'); Route::post('/download', 'RemoteController@postDownload')->name('remote.download');

View file

@ -21,7 +21,6 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
Route::get('/', 'ServerController@getIndex')->name('server.index'); Route::get('/', 'ServerController@getIndex')->name('server.index');
/* /*
@ -71,14 +70,14 @@ Route::group(['prefix' => 'files'], function () {
| |
*/ */
Route::group(['prefix' => 'users'], function () { Route::group(['prefix' => 'users'], function () {
Route::get('/', 'SubuserController@getIndex')->name('server.subusers'); Route::get('/', 'SubuserController@index')->name('server.subusers');
Route::get('/new', 'SubuserController@getNew')->name('server.subusers.new'); Route::get('/new', 'SubuserController@create')->name('server.subusers.new');
Route::get('/view/{id}', 'SubuserController@getView')->name('server.subusers.view'); Route::get('/view/{id}', 'SubuserController@view')->name('server.subusers.view');
Route::post('/new', 'SubuserController@postNew'); Route::post('/new', 'SubuserController@store');
Route::post('/view/{id}', 'SubuserController@postView'); Route::post('/view/{id}', 'SubuserController@update');
Route::delete('/delete/{id}', 'SubuserController@deleteSubuser')->name('server.subusers.delete'); Route::delete('/delete/{id}', 'SubuserController@delete')->name('server.subusers.delete');
}); });
/* /*
@ -90,15 +89,13 @@ Route::group(['prefix' => 'users'], function () {
| |
*/ */
Route::group(['prefix' => 'tasks'], function () { Route::group(['prefix' => 'tasks'], function () {
Route::get('/', 'TaskController@getIndex')->name('server.tasks'); Route::get('/', 'TaskController@index')->name('server.tasks');
Route::get('/new', 'TaskController@getNew')->name('server.tasks.new'); Route::get('/new', 'TaskController@create')->name('server.tasks.new');
Route::get('/view/{id}', 'TaskController@getView')->name('server.tasks.view');
Route::post('/new', 'TaskController@postNew'); Route::post('/new', 'TaskController@store');
Route::post('/view/{id}', 'SubuserController@postView'); Route::post('/toggle/{id}', 'TaskController@toggle')->name('server.tasks.toggle');
Route::post('/toggle/{id}', 'TaskController@toggleTask')->name('server.tasks.toggle');
Route::delete('/delete/{id}', 'TaskController@deleteTask')->name('server.tasks.delete'); Route::delete('/delete/{id}', 'TaskController@delete')->name('server.tasks.delete');
}); });
/* /*