Include the "user_uuid" claim on JWTs for easier Wings user tracking
This commit is contained in:
DaneEveritt
parent
74c3b00828
commit
dc90d8b505
5 changed files with 32 additions and 12 deletions
|
|
@ -93,6 +93,7 @@ class FileController extends ClientApiController
|
|||
{
|
||||
$token = $this->jwtService
|
||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||
->setUser($request->user())
|
||||
->setClaims([
|
||||
'file_path' => rawurldecode($request->get('file')),
|
||||
'server_uuid' => $server->uuid,
|
||||
|
|
|
|||
|
|
@ -55,9 +55,8 @@ class FileUploadController extends ClientApiController
|
|||
{
|
||||
$token = $this->jwtService
|
||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||
->setClaims([
|
||||
'server_uuid' => $server->uuid,
|
||||
])
|
||||
->setUser($user)
|
||||
->setClaims(['server_uuid' => $server->uuid])
|
||||
->handle($server->node, $user->id . $server->uuid);
|
||||
|
||||
return sprintf(
|
||||
|
|
|
|||
|
|
@ -69,8 +69,8 @@ class WebsocketController extends ClientApiController
|
|||
|
||||
$token = $this->jwtService
|
||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
|
||||
->setUser($request->user())
|
||||
->setClaims([
|
||||
'user_id' => $request->user()->id,
|
||||
'server_uuid' => $server->uuid,
|
||||
'permissions' => $permissions,
|
||||
])
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ class DownloadLinkService
|
|||
|
||||
$token = $this->jwtService
|
||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||
->setUser($user)
|
||||
->setClaims([
|
||||
'backup_uuid' => $backup->uuid,
|
||||
'server_uuid' => $backup->server->uuid,
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ use DateTimeImmutable;
|
|||
use Carbon\CarbonImmutable;
|
||||
use Illuminate\Support\Str;
|
||||
use Pterodactyl\Models\Node;
|
||||
use Pterodactyl\Models\User;
|
||||
use Lcobucci\JWT\Configuration;
|
||||
use Lcobucci\JWT\Signer\Hmac\Sha256;
|
||||
use Lcobucci\JWT\Signer\Key\InMemory;
|
||||
|
|
@ -13,20 +14,16 @@ use Pterodactyl\Extensions\Lcobucci\JWT\Encoding\TimestampDates;
|
|||
|
||||
class NodeJWTService
|
||||
{
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
private $claims = [];
|
||||
private array $claims = [];
|
||||
|
||||
private ?User $user = null;
|
||||
|
||||
/**
|
||||
* @var \DateTimeImmutable|null
|
||||
*/
|
||||
private $expiresAt;
|
||||
|
||||
/**
|
||||
* @var string|null
|
||||
*/
|
||||
private $subject;
|
||||
private ?string $subject = null;
|
||||
|
||||
/**
|
||||
* Set the claims to include in this JWT.
|
||||
|
|
@ -40,6 +37,17 @@ class NodeJWTService
|
|||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Attaches a user to the JWT being created and will automatically inject the
|
||||
* "user_uuid" key into the final claims array with the user's UUID.
|
||||
*/
|
||||
public function setUser(User $user): self
|
||||
{
|
||||
$this->user = $user;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return $this
|
||||
*/
|
||||
|
|
@ -92,6 +100,17 @@ class NodeJWTService
|
|||
$builder = $builder->withClaim($key, $value);
|
||||
}
|
||||
|
||||
if (!is_null($this->user)) {
|
||||
$builder = $builder
|
||||
->withClaim('user_uuid', $this->user->uuid)
|
||||
// The "user_id" claim is deprecated and should not be referenced — it remains
|
||||
// here solely to ensure older versions of Wings are unaffected when the Panel
|
||||
// is updated.
|
||||
//
|
||||
// This claim will be removed in Panel@1.11 or later.
|
||||
->withClaim('user_id', $this->user->id);
|
||||
}
|
||||
|
||||
return $builder
|
||||
->withClaim('unique_id', Str::random(16))
|
||||
->getToken($config->signer(), $config->signingKey());
|
||||
|
|
|
|||
Loading…
Reference in a new issue