Include the "user_uuid" claim on JWTs for easier Wings user tracking
This commit is contained in:
parent
74c3b00828
commit
dc90d8b505
5 changed files with 32 additions and 12 deletions
|
@ -93,6 +93,7 @@ class FileController extends ClientApiController
|
||||||
{
|
{
|
||||||
$token = $this->jwtService
|
$token = $this->jwtService
|
||||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||||
|
->setUser($request->user())
|
||||||
->setClaims([
|
->setClaims([
|
||||||
'file_path' => rawurldecode($request->get('file')),
|
'file_path' => rawurldecode($request->get('file')),
|
||||||
'server_uuid' => $server->uuid,
|
'server_uuid' => $server->uuid,
|
||||||
|
|
|
@ -55,9 +55,8 @@ class FileUploadController extends ClientApiController
|
||||||
{
|
{
|
||||||
$token = $this->jwtService
|
$token = $this->jwtService
|
||||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||||
->setClaims([
|
->setUser($user)
|
||||||
'server_uuid' => $server->uuid,
|
->setClaims(['server_uuid' => $server->uuid])
|
||||||
])
|
|
||||||
->handle($server->node, $user->id . $server->uuid);
|
->handle($server->node, $user->id . $server->uuid);
|
||||||
|
|
||||||
return sprintf(
|
return sprintf(
|
||||||
|
|
|
@ -69,8 +69,8 @@ class WebsocketController extends ClientApiController
|
||||||
|
|
||||||
$token = $this->jwtService
|
$token = $this->jwtService
|
||||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
|
->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
|
||||||
|
->setUser($request->user())
|
||||||
->setClaims([
|
->setClaims([
|
||||||
'user_id' => $request->user()->id,
|
|
||||||
'server_uuid' => $server->uuid,
|
'server_uuid' => $server->uuid,
|
||||||
'permissions' => $permissions,
|
'permissions' => $permissions,
|
||||||
])
|
])
|
||||||
|
|
|
@ -41,6 +41,7 @@ class DownloadLinkService
|
||||||
|
|
||||||
$token = $this->jwtService
|
$token = $this->jwtService
|
||||||
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
|
||||||
|
->setUser($user)
|
||||||
->setClaims([
|
->setClaims([
|
||||||
'backup_uuid' => $backup->uuid,
|
'backup_uuid' => $backup->uuid,
|
||||||
'server_uuid' => $backup->server->uuid,
|
'server_uuid' => $backup->server->uuid,
|
||||||
|
|
|
@ -6,6 +6,7 @@ use DateTimeImmutable;
|
||||||
use Carbon\CarbonImmutable;
|
use Carbon\CarbonImmutable;
|
||||||
use Illuminate\Support\Str;
|
use Illuminate\Support\Str;
|
||||||
use Pterodactyl\Models\Node;
|
use Pterodactyl\Models\Node;
|
||||||
|
use Pterodactyl\Models\User;
|
||||||
use Lcobucci\JWT\Configuration;
|
use Lcobucci\JWT\Configuration;
|
||||||
use Lcobucci\JWT\Signer\Hmac\Sha256;
|
use Lcobucci\JWT\Signer\Hmac\Sha256;
|
||||||
use Lcobucci\JWT\Signer\Key\InMemory;
|
use Lcobucci\JWT\Signer\Key\InMemory;
|
||||||
|
@ -13,20 +14,16 @@ use Pterodactyl\Extensions\Lcobucci\JWT\Encoding\TimestampDates;
|
||||||
|
|
||||||
class NodeJWTService
|
class NodeJWTService
|
||||||
{
|
{
|
||||||
/**
|
private array $claims = [];
|
||||||
* @var array
|
|
||||||
*/
|
private ?User $user = null;
|
||||||
private $claims = [];
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \DateTimeImmutable|null
|
* @var \DateTimeImmutable|null
|
||||||
*/
|
*/
|
||||||
private $expiresAt;
|
private $expiresAt;
|
||||||
|
|
||||||
/**
|
private ?string $subject = null;
|
||||||
* @var string|null
|
|
||||||
*/
|
|
||||||
private $subject;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the claims to include in this JWT.
|
* Set the claims to include in this JWT.
|
||||||
|
@ -40,6 +37,17 @@ class NodeJWTService
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Attaches a user to the JWT being created and will automatically inject the
|
||||||
|
* "user_uuid" key into the final claims array with the user's UUID.
|
||||||
|
*/
|
||||||
|
public function setUser(User $user): self
|
||||||
|
{
|
||||||
|
$this->user = $user;
|
||||||
|
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return $this
|
* @return $this
|
||||||
*/
|
*/
|
||||||
|
@ -92,6 +100,17 @@ class NodeJWTService
|
||||||
$builder = $builder->withClaim($key, $value);
|
$builder = $builder->withClaim($key, $value);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!is_null($this->user)) {
|
||||||
|
$builder = $builder
|
||||||
|
->withClaim('user_uuid', $this->user->uuid)
|
||||||
|
// The "user_id" claim is deprecated and should not be referenced — it remains
|
||||||
|
// here solely to ensure older versions of Wings are unaffected when the Panel
|
||||||
|
// is updated.
|
||||||
|
//
|
||||||
|
// This claim will be removed in Panel@1.11 or later.
|
||||||
|
->withClaim('user_id', $this->user->id);
|
||||||
|
}
|
||||||
|
|
||||||
return $builder
|
return $builder
|
||||||
->withClaim('unique_id', Str::random(16))
|
->withClaim('unique_id', Str::random(16))
|
||||||
->getToken($config->signer(), $config->signingKey());
|
->getToken($config->signer(), $config->signingKey());
|
||||||
|
|
Loading…
Reference in a new issue